Skip to content

Commit 6b21ed2

Browse files
coreonecoreone
committed
Allow overriding passwords generated by extlib
Update suggestions
1 parent c1eaa90 commit 6b21ed2

File tree

4 files changed

+27
-6
lines changed

4 files changed

+27
-6
lines changed

manifests/candlepin.pp

Lines changed: 18 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -8,8 +8,10 @@
88
Stdlib::Absolutepath $ca_cert = $certs::candlepin_ca_cert,
99
Stdlib::Absolutepath $ca_key = $certs::candlepin_ca_key,
1010
Stdlib::Absolutepath $pki_dir = $certs::pki_dir,
11+
Optional[String] $keystore_password = undef,
1112
Stdlib::Absolutepath $keystore = $certs::candlepin_keystore,
1213
String $keystore_password_file = 'keystore_password-file',
14+
Optional[String] $truststore_password = undef,
1315
Stdlib::Absolutepath $truststore = $certs::candlepin_truststore,
1416
String $truststore_password_file = 'truststore_password-file',
1517
String[2,2] $country = $certs::country,
@@ -67,8 +69,20 @@
6769
build_dir => $certs::ssl_build_dir,
6870
}
6971

70-
$keystore_password = extlib::cache_data('foreman_cache_data', $keystore_password_file, extlib::random_password(32))
71-
$truststore_password = extlib::cache_data('foreman_cache_data', $truststore_password_file, extlib::random_password(32))
72+
# Generate and cache the password on the master once
73+
# In multi-puppetmaster setups, the user should specify their own
74+
if $keystore_password {
75+
$final_keystore_password = $keystore_password
76+
} else {
77+
$final_keystore_password = extlib::cache_data('foreman_cache_data', $keystore_password_file, extlib::random_password(32))
78+
}
79+
80+
if $truststore_password {
81+
$final_truststore_password = $truststore_password
82+
} else {
83+
$final_truststore_password = extlib::cache_data('foreman_cache_data', $truststore_password_file, extlib::random_password(32))
84+
}
85+
7286
$keystore_password_path = "${pki_dir}/${keystore_password_file}"
7387
$truststore_password_path = "${pki_dir}/${truststore_password_file}"
7488
$client_key = $certs::foreman::client_key
@@ -109,7 +123,7 @@
109123

110124
file { $keystore_password_path:
111125
ensure => file,
112-
content => $keystore_password,
126+
content => $final_keystore_password,
113127
owner => 'root',
114128
group => $group,
115129
mode => '0440',
@@ -134,7 +148,7 @@
134148

135149
file { $truststore_password_path:
136150
ensure => file,
137-
content => $truststore_password,
151+
content => $final_truststore_password,
138152
owner => 'root',
139153
group => $group,
140154
mode => '0440',

manifests/init.pp

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -39,6 +39,8 @@
3939
# $deploy:: Deploy the certs on the configured system. False means
4040
# we want to apply it to a different system
4141
#
42+
# $ca_key_password:: Optional string to use for the CA key password
43+
#
4244
# $ca_common_name:: Common name for the generated CA certificate
4345
#
4446
# $country:: Country attribute for managed certificates
@@ -73,6 +75,7 @@
7375
Boolean $generate = true,
7476
Boolean $regenerate = false,
7577
Boolean $deploy = true,
78+
String[10] $ca_key_password = $certs::params::ca_key_password,
7679
String $ca_common_name = $certs::params::ca_common_name,
7780
String[2,2] $country = 'US',
7881
String $state = 'North Carolina',
@@ -103,7 +106,6 @@
103106
$ca_key = "${pki_dir}/private/${default_ca_name}.key"
104107
$ca_cert = "${pki_dir}/certs/${default_ca_name}.crt"
105108
$ca_cert_stripped = "${pki_dir}/certs/${default_ca_name}-stripped.crt"
106-
$ca_key_password = extlib::cache_data('foreman_cache_data', 'ca_key_password', extlib::random_password(24))
107109
$ca_key_password_file = "${ssl_build_dir}/${default_ca_name}.pwd"
108110

109111
$katello_server_ca_cert = "${pki_dir}/certs/${server_ca_name}.crt"

manifests/params.pp

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,11 @@
2323
$qpid_client_cert = "${pulp_pki_dir}/qpid/client.crt"
2424
$qpid_client_ca_cert = "${pulp_pki_dir}/qpid/ca.crt"
2525

26+
# Generate and cache the password on the master once
27+
# In multi-puppetmaster setups, the user should specify their own
28+
$ca_key_password = extlib::cache_data('foreman_cache_data', 'ca_key_password', extlib::random_password(24))
29+
$nss_db_password = extlib::cache_data('foreman_cache_data', 'certs-nss-db-password', extlib::random_password(32))
30+
2631
$qpid_router_server_cert = "${pki_dir}/qpid_router_server.crt"
2732
$qpid_router_client_cert = "${pki_dir}/qpid_router_client.crt"
2833
$qpid_router_server_key = "${pki_dir}/qpid_router_server.key"

manifests/ssltools/nssdb.pp

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
class certs::ssltools::nssdb (
33
Stdlib::Absolutepath $nss_db_dir = "${certs::pki_dir}/nssdb",
44
Stdlib::Absolutepath $nss_db_password_file = "${certs::pki_dir}/nss_db_password-file",
5-
String[10] $nss_db_password = extlib::cache_data('foreman_cache_data', 'certs-nss-db-password', extlib::random_password(32)),
5+
String[10] $nss_db_password = $certs::params::nss_db_password,
66
String[1] $group = 'qpidd',
77
) {
88
stdlib::ensure_packages(['nss-tools'])

0 commit comments

Comments
 (0)