certmaster

Certmaster is a set of tools and a library for easily distributing SSL certificates to applications that need them.

Mike Arnold

razorsedge

10,944 downloads

4,737 latest version

4.1 quality score

Version information

  • 1.3.0 (latest)
  • 1.2.0
  • 1.1.1
  • 1.1.0
  • 1.0.1
  • 1.0.0
released Jun 30th 2017
This version is compatible with:
  • Puppet Enterprise 2017.2.x, 2017.1.x, 2016.5.x, 2016.4.x
  • Puppet >=2.7.20 <5.0.0
  • RedHat
    ,
    CentOS
    ,
    OracleLinux
    ,
    Fedora

Start using this module

Documentation

razorsedge/certmaster — version 1.3.0 Jun 30th 2017

Puppet Certmaster Module

master branch: Build Status develop branch: Build Status

Introduction

This module manages the installation and configuration of certmaster. Certmaster is a set of tools and a library for easily distributing SSL certificates to applications that need them.

Actions:

  • Installs the certmaster package.
  • Manages the certmaster.conf and minion.conf files.
  • Stops the certmaster service unless the host is configured as the certmaster.

OS Support:

  • RedHat family - tested on CentOS 5.8+ and CentOS 6.3+
  • Debian family - presently unsupported (patches welcome)

Class documentation is available via puppetdoc.

Examples

Normal Certmaster operation:

Top Scope variable (i.e. via Dashboard):

$certmaster_certmaster = 'certmaster.example.com'
$certmaster_autoupgrade = true
include 'certmaster'

Parameterized Class:

# clients
node default {
  class { 'certmaster':
    certmaster  => 'certmaster.example.com',
  }
}

# master
node 'certmaster.example.com' {
  class { 'certmaster':
    certmaster     => 'certmaster.example.com',
    autosign       => false,  # Can be true to automatically sign certificates.
    listen_addr    => 'certmaster.example.com',
    service_ensure => 'running',
    service_enable => true,
  }
}

Use Puppet certificates instead of Certmaster's:

Top Scope variable (i.e. via Dashboard):

$certmaster_use_puppet_certs = true
include 'certmaster'

Parameterized Class:

# (There is no need to run the Certmaster daemon in this mode.)
class { 'certmaster':
  use_puppet_certs => true,
}

Notes

  • By default the certmaster service will be disabled as we assume most nodes will be clients. Set service_ensure and service_enable to turn on the certmaster service.
  • Requires EPEL for RedHat family hosts.

Issues

  • None

TODO

  • Add firewall support.

Contributing

Please see CONTRIBUTING.md for contribution information.

License

Please see LICENSE file.

Copyright

Copyright (C) 2012 Mike Arnold mike@razorsedge.org