certmaster
Certmaster is a set of tools and a library for easily distributing SSL certificates to applications that need them.
Version information
released Jun 30th 2017
This version is compatible with:
- Puppet Enterprise 2017.2.x, 2017.1.x, 2016.5.x, 2016.4.x
- Puppet >=2.7.20 <5.0.0
- , , ,
Start using this module
Add this module to your Puppetfile:
mod 'razorsedge-certmaster', '1.3.0'Learn more about managing modules with a PuppetfileDocumentation
razorsedge/certmaster — version 1.3.0 Jun 30th 2017
Puppet Certmaster Module
master branch: 
develop branch: 
Introduction
This module manages the installation and configuration of certmaster. Certmaster is a set of tools and a library for easily distributing SSL certificates to applications that need them.
Actions:
- Installs the certmaster package.
- Manages the certmaster.conf and minion.conf files.
- Stops the certmaster service unless the host is configured as the certmaster.
OS Support:
- RedHat family - tested on CentOS 5.8+ and CentOS 6.3+
- Debian family - presently unsupported (patches welcome)
Class documentation is available via puppetdoc.
Examples
Normal Certmaster operation:
Top Scope variable (i.e. via Dashboard):
$certmaster_certmaster = 'certmaster.example.com'
$certmaster_autoupgrade = true
include 'certmaster'
Parameterized Class:
# clients
node default {
class { 'certmaster':
certmaster => 'certmaster.example.com',
}
}
# master
node 'certmaster.example.com' {
class { 'certmaster':
certmaster => 'certmaster.example.com',
autosign => false, # Can be true to automatically sign certificates.
listen_addr => 'certmaster.example.com',
service_ensure => 'running',
service_enable => true,
}
}
Use Puppet certificates instead of Certmaster's:
Top Scope variable (i.e. via Dashboard):
$certmaster_use_puppet_certs = true
include 'certmaster'
Parameterized Class:
# (There is no need to run the Certmaster daemon in this mode.)
class { 'certmaster':
use_puppet_certs => true,
}
Notes
- By default the certmaster service will be disabled as we assume most nodes will be clients. Set service_ensure and service_enable to turn on the certmaster service.
- Requires EPEL for RedHat family hosts.
Issues
- None
TODO
- Add firewall support.
Contributing
Please see CONTRIBUTING.md for contribution information.
License
Please see LICENSE file.
Copyright
Copyright (C) 2012 Mike Arnold mike@razorsedge.org
2017-07-01 Michael Arnold github@razorsedge.org - 1.3.0
Michael Arnold github@razorsedge.org (25):
- Fix license and unbounded ranges in metadata.json.
- Manage common files with modulesync.
- Manage .puppet-lint.rc with modulesync.
- Update rspec-puppet ~> 2.0 and metadata-json-lint >= 0.0.4 with modulesync.
- Update rspec-puppet ~> 2.0 and metadata-json-lint >= 0.0.4 with modulesync.
- Fix puppetlint rake task with modulesync.
- Stick with rspec 2 for unit tests.
- Get code ready for Puppet 4 via modulesync.
- Update Puppet 4 gem and support puppet_blacksmith with modulesync.
- Update Geppetto .project.
- Unit test against Puppet 4 via modulesync.
- Now supporting Puppet 4.
- Keep Puppet 2.7 support.
- Pin rake below version 11 to keep Ruby 1.8 support.
- The "pe" requirement is no longer supported by the Forge.
- Add .vendor to .gitignore.
- Pin gems to specific Ruby versions with modulesync.
- Rename DEVELOP.md to CONTRIBUTING.md.
- Update instructions in CONTRIBUTING.md.
- Use Ruby 2.3.1 and remove puppet-lint-variable_contains_upcase with modulesync.
- Constrain metadata-json-lint on Ruby 1.x with modulesync.
- Remove Ruby 2.3.1 testing and add Puppet 5 testing with modulesync.
- No longer accept failures in Puppet 4 testing with modulesync.
- Support STRICT_VARIABLES for Puppet 4.
- Update versions for 1.3.0 release.
2014-09-26 Michael Arnold github@razorsedge.org - 1.2.0
Michael Arnold github@razorsedge.org (10):
- Add a directory filter for Geppetto.
- Update Geppetto .project to version 4.
- Update Modulefile summary to be more concise.
- Convert fixtures repositories to use https.
- Expand Puppet versions tested in Travis-CI.
- Update Modulefile source to use https.
- Allow tracking of metadata.json.
- Switch to using metadata.json vs Modulefile.
- Remove unneeded dependency on stahnma/epel.
- Update versions for 1.2.0 release.
2013-09-01 Michael Arnold github@razorsedge.org - 1.1.1
Michael Arnold github@razorsedge.org (2):
- Drat. Missed an instance variable.
- Update versions for 1.1.1 release.
2013-09-01 Michael Arnold github@razorsedge.org - 1.1.0
Michael Arnold github@razorsedge.org (8):
- Update module build scaffolding.
- Expand Puppet versions tested in Travis-CI.
- Rake validate to also check ERB for syntax errors.
- Update tests/init.pp to pass puppet-lint.
- Add contribution instructions to README.md.
- Convert to Ruby instance variables in templates.
- Update the GFM in the README.md.
- Update versions for 1.1.0 release.
2012-11-19 Michael Arnold github@razorsedge.org - 1.0.1
Michael Arnold github@razorsedge.org (3):
- Add tests for absence.
- Change Modulefile dependency.
- Update versions for 1.0.1 release.
2012-11-18 Michael Arnold github@razorsedge.org - 1.0.0
2014-09-26 Michael Arnold github@razorsedge.org - list
Dependencies
- puppetlabs/stdlib (>=2.1.0 <5.0.0)
Copyright (C) 2012 Mike Arnold <mike@razorsedge.org>
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.