Conditionally generate the CA cert.

coolguydork · coolguydork · commit 7c892c5ea2f1 · 2021-04-02T10:53:23.000-07:00
diff --git a/manifests/init.pp b/manifests/init.pp
@@ -734,6 +734,8 @@
   Optional[Integer[1]] $server_max_open_files = $puppet::params::server_max_open_files,
   Optional[Stdlib::Absolutepath] $server_versioned_code_id = undef,
   Optional[Stdlib::Absolutepath] $server_versioned_code_content = undef,
+  Boolean $generate_ca_cert = $puppet::params::generate_ca_cert,
+
 ) inherits puppet::params {
   contain puppet::config
 
diff --git a/manifests/params.pp b/manifests/params.pp
@@ -34,6 +34,7 @@
   $server_compile_mode = undef
   $dns_alt_names       = []
   $use_srv_records     = false
+  $generate_ca_cert    = true
 
   if defined('$::domain') {
     $srv_domain = $facts['networking']['domain']
diff --git a/manifests/server/config.pp b/manifests/server/config.pp
@@ -164,15 +164,16 @@
       $creates = $puppet::server::ssl_cert
       $command = "${puppet::puppet_cmd} cert --generate ${puppet::server::certname} --allow-dns-alt-names"
     }
-
-    exec {'puppet_server_config-generate_ca_cert':
-      creates => $creates,
-      command => $command,
-      umask   => '0022',
-      require => [
-        Concat["${puppet::server::dir}/puppet.conf"],
-        Exec['puppet_server_config-create_ssl_dir'],
-      ],
+    if $puppet::generate_ca_cert {
+      exec {'puppet_server_config-generate_ca_cert':
+        creates => $creates,
+        command => $command,
+        umask   => '0022',
+        require => [
+          Concat["${puppet::server::dir}/puppet.conf"],
+          Exec['puppet_server_config-create_ssl_dir'],
+        ],
+      }
     }
   } elsif $puppet::server::ca_crl_sync {
     # If not a ca AND sync the crl from the ca master
