Version information
This version is compatible with:
- Puppet Enterprise 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x
- Puppet >= 6.0.0 < 8.0.0
- ,
Start using this module
Add this module to your Puppetfile:
mod 'rnelson0-certs', '2.0.0'Learn more about managing modules with a PuppetfileDocumentation
certs
Table of Contents
- Overview
- Setup - The basics of getting started with certs
- Usage - Configuration options and additional functionality
Overview
Provides SSL certificate files required by apache and other webservers via the certs::vhost define. These files can then be provided to apache::vhost and other classes that require the files to already exist on a managed node.
Setup
Setup Requirements
The certificate files must come from an external store. Recommended stores are a site-specific (and private!) module containing SSL files or a network- accessible filesystem, such as NFS, that the managed node can access.
Beginning with certs
Once a file store is determined, include at least one certs::vhost define
and specify the file store location as the source_path. You may optionally
specify a target_path if the default location of /etc/ssl/certs is not
desired.
Usage
No trailing slash should be provided to source_path.
certs::vhost { 'www.example.com':
source_path => 'puppet:///modules/site_certificates',
}
Creates /etc/ssl/certs/www.example.com.crt and
/etc/ssl/certs/www.example.com.key based off of
puppet:///site_certificates/www.example.com.crt and
puppet:///site_certificates/www.example.com.key.
certs::vhost { 'www.example.com':
target_path => '/etc/httpd/ssl.d',
source_path => 'puppet:///modules/site_certificates',
}
Creates the same crt and key files in /etc/httpd/ssl.d.
Certs::Vhost<| |> -> Apache::Vhost<| |>
If you wish for your certificate and key to go to different paths, you can specify them accordingly. If one or bothof these values are not passed, target_path will be used.
certs::vhost { 'www.example.com':
crt_target_path => '/etc/pki/certs',
key_target_path => '/etc/pki/private',
source_path => 'puppet:///modules/site_certificates',
}
When providing the certificate files to the apache::vhost or similar classes
it is best to ensure they are properly dependent upon the certs::vhost.
To use the vault options, you must have a module that is API compatible with puppet-vault_lookup installed. If you are not using vault, this dependency is optional. Some types of certificates may have been encoded with base64 for compatibility with Vault, you can specify base64_vault_crt to decode this certificate type.
certs::vhost { 'www.example.com':
target_path => '/etc/httpd/ssl.d',
source_path => '/v1/kv/puppet/ssl',
vault => true,
base64_vault_crt => true,
}
You can optionally specify file options such as owner and mode by using the file_options variable.
certs::vhost { 'www.example.com':
target_path => '/etc/httpd/ssl.d',
source_path => 'puppet:///modules/site_certificates',
file_options => { owner => 'root',
group => 'root',
mode => '0644',}
}
Change log
All notable changes to this project will be documented in this file. The format is based on Keep a Changelog and this project adheres to Semantic Versioning.
v2.0.0 (2022-09-13)
Added
v1.2.0 (2022-03-10)
Added
- v1.2.0 release #42 (rnelson0)
- add param for extension #41 (thunderpants73)
v1.1.1 (2020-10-20)
Added
Fixed
v1.1.0 (2020-09-30)
Added
- v1.1.0 release #37 (rnelson0)
- Updating contributing docs, mock_with Rspec for future compatibility, and puppet-vault_lookup dependency #36 (ekingme)
- Adding support for reading crt/key from Vault #35 (ekingme)
v1.0.0 (2019-12-27)
Added
- Remove puppet 3 testing, add puppet 5 testing #31 (rnelson0)
- Update test configuration #23 (rnelson0)
- Update README.md #18 (rnelson0)
- Initial rspec fixtures #12 (rnelson0)
- Improvements to match puppet style. #10 (rnelson0)
- Empty class and trailing slashes #5 (rnelson0)
- Update vhost_spec.rb #4 (paschdan)
Fixed
- Remove direct reference to semantic_puppet #30 (rnelson0)
- Gemfile: Remove guard-rake from development group. #22 (rnelson0)
- Bump to v0.6.0 #9 (rnelson0)
- Certs modified to fail when included directly. #1 (rnelson0)
UNCATEGORIZED PRS; LABEL THEM ON GITHUB
- Release candidate for v1.0.0 #34 (rnelson0)
- Pdkconvert #33 (rnelson0)
- Use puppet-strings for documentation #32 (rnelson0)
- Modulesync #29 (rnelson0)
- MSync Gemfile and Rakefile #28 (rnelson0)
- Update .travis.yml and Rakefile #21 (rnelson0)
- August msync #20 (rnelson0)
- Update from rnelson0's modulesync #19 (rnelson0)
- Add hiera boilerplate (testing an empty hiera config for errors or warnings) #17 (rnelson0)
- Build master branch as well as PRs #15 (rnelson0)
- Add badges #14 (rnelson0)
- Initial commit using Travis CI for testing #13 (rnelson0)
- v0.6.2 - Update url to match renamed repo #11 (rnelson0)
- Ready for the forge #7 (rnelson0)
- Spec helper #6 (rnelson0)
- Correct README.md's TOC #3 (rnelson0)
- Create a proper README.md file #2 (rnelson0)
* This Changelog was automatically generated by github_changelog_generator