Modify icinga2 agent setup

- use ticket generated by icinga2 pki ticket on master - remove commented code from icinga2_master manifest - use icinga2 module for icinga2_agent
author: Jan Dittberner <jandd@cacert.org> 2019-07-21 16:29:15 +0200
committer: Jan Dittberner <jandd@cacert.org> 2019-07-21 16:29:15 +0200
commit: 93ce031466058317b5bfdefc20412150449d8b3c (patch)
tree: 7a808a7f2990e74c532f28cfca31afe535f51720
parent: a6f98d12beff0c2204cbb838c68020fcd8f0e950 (diff)
download: cacert-puppet-93ce031466058317b5bfdefc20412150449d8b3c.tar.gz
cacert-puppet-93ce031466058317b5bfdefc20412150449d8b3c.tar.xz
cacert-puppet-93ce031466058317b5bfdefc20412150449d8b3c.zip
5 files changed, 80 insertions, 163 deletions
diff --git a/hieradata/common.yaml b/hieradata/common.yaml
index 6961942..9ea31c9 100644
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@@ -141,34 +141,34 @@ profiles::icinga2_agent::pki_api_password: >
     RmIpGTBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBAAs0An2QOnxac51GTU
     gCG3gDAX0FOzW/oWi8c1PDIFb+0B4cTQRi9gP2fzugKu0bp0FBB7akZV6Zx0
     T5GP0WQAzU0=]
-profiles::icinga2_common::master_host: monitor.infra.cacert.org
-profiles::icinga2_common::master_certificate: |
+profiles::icinga2_agent::master_host: monitor.infra.cacert.org
+profiles::icinga2_agent::master_certificate: |
     -----BEGIN CERTIFICATE-----
-    MIIE+jCCAuKgAwIBAgIUKbBk4rIgCPf77noCKofD3WKBR6EwDQYJKoZIhvcNAQEL
-    BQAwFDESMBAGA1UEAwwJSWNpbmdhIENBMB4XDTE5MDcyMTA5NTYzMVoXDTM0MDcx
-    NzA5NTYzMVowIzEhMB8GA1UEAwwYbW9uaXRvci5pbmZyYS5jYWNlcnQub3JnMIIC
-    IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA7Z9Yf0kd7Jo88QH/xhQNYvZr
-    m3rL2nIz+B67HFgQu6Q1o6wqYvn6bccTjdQFhrHcDob9XpoCs18IwDIG9fBhNR5k
-    ph7XjVzv40vh3tjjzfkvoKzPyEDxJI98DTTkDKK3UfsvTL0PwlS1xrBRW8IbbKmq
-    NNA7p8VJJanzJCv0k7idpLmmyKeRoBF0HFaGynFcoOwjoLib9polUExD8kSRfemO
-    Lwq46BGORX7id49J3DHPQv89dm4N0BPjnWGMd1x3puk+GgptEzFDNEigNmFerojM
-    KqoIhNEi4+bB3tz/aU6Sn0vm4Jm0tnlkrdX7O1nBvTvrwBa6jt94v0n9amvFV+Lz
-    Kde4ukvn8FRoEmJMaiHgSMjlU0KwawhCqC67Rf+L+nwhi4o916BcLzCMkEHbCAW0
-    4uBZJdj29BwvWkfd7rrydUMZuBJIsKydJ13H9/kWUlsgqXayWpMl7qrJSx7XiY0Z
-    909Nmu6+ZphlqesRcOFyZHB4hkBP8tZA9lYHOjSBFI340Fni38cMKrJQiyKAZXUQ
-    mE/i3a1J5ZXuKmYjhha4A3MtEvxrXbWP7rokYCqShJO72ThGM6RRwnEmyL4J46eR
-    GHta3apZjOqjHjY9Za+bGbQFjQ12/YanP8DeXh4Y3vxwxu3jkUnOf0VF//qav52i
-    YXn9PnJlQ2GhRtTWoccCAwEAAaM1MDMwDAYDVR0TAQH/BAIwADAjBgNVHREEHDAa
-    ghhtb25pdG9yLmluZnJhLmNhY2VydC5vcmcwDQYJKoZIhvcNAQELBQADggIBACTq
-    0WxyhdboNInC8xNDlA/gHdWXyDx6GfOwSt9C6VDtJ4h+khoI79QKJ37cWBnhihCH
-    +evaTNo/LiXfGh41vZPKDMPrZeTJ6Zqhs/Fj5dXZ9cOh14ySDnSicHUrDvpeolE6
-    AB4GA4vyDQ5FmtCb2ewpBgFHfoOqPWdcS9S2mTrdWHIvqEfam7A1lX32SfHY6HRc
-    kf+S9z0/rk0sCOdmBuX/mcgEFtGuT23uVIJcWxWxiqW1W9BBd+ZKMXPk7A/9F3E1
-    JtI6ZQ2ToF+uxPA79ZUZaYNMSg7kS0ZtayHnxzKOK5pIiUgWBPUVGNXlindw2TGJ
-    RApS/QCanaIrxxqS1xSjahVowHD9EWcJJBxvfDX125k/FQ3gZbEvqrcSCoPClZbQ
-    K+rjjG/7v/+kU6Ruj2jopPltuS2ERLJdQyvsU7t1cpEoQ/ZbiYO2hBTguZEfY1Ek
-    BhyZWVak8Daxe/UgV7wPs8o4EsEphWie121C54a6kGmaqv+RoslWD+PzZfJA1ku+
-    5UnNaUuqg5bD/Gxx0YpMSk9UmLpa7EUeAYw8teGwqoRiQYq6zaxkSCS3i+MlNZ7p
-    W5JiUD886njJsNu04yJObI9GVzukudVZ8SlwabM0I42aDfNpDN/AJY/ah00nTHL2
-    RUVoXfI86h8Jq7YdRNqT5g2I0HgclOi1pjGwvAuK
+    MIIE+jCCAuKgAwIBAgIUakjWIH5VKmS7yZycSG7EzfIYWkswDQYJKoZIhvcNAQEL
+    BQAwFDESMBAGA1UEAwwJSWNpbmdhIENBMB4XDTE5MDcyMTE0MDYwMFoXDTM0MDcx
+    NzE0MDYwMFowIzEhMB8GA1UEAwwYbW9uaXRvci5pbmZyYS5jYWNlcnQub3JnMIIC
+    IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArjQIqs6zXncatT2luZImFAkx
+    XwUnApePQvxJ98cAyirNR6Ugh95syo9BP9PJvIojjxtuPK5FzZmLi3c5UO3ly72Q
+    Yxho/yZ/qLllmluhreiMAcofDdwyo9X9kAfexjeztopdY2flBT7LpQ7txuOgK91p
+    WmI2uH5Htjwtbumh4E2UO9NkenFpNpUVg58mBNZpnNDApYacj2zz1v2WBFgaM1/3
+    UABD+HicNd/aS1ji6eMOglgq5arYrfKZxpe2GgVZ50xfvWrIfg/C7HvU+GyghS7f
+    XgpyzjLQoR9gS4aAPIvb45hG4p2u3Fx14PR3IynYtaZV3KSh5RNKBkQSlu9hmVRS
+    y8aR5DqneDmTVX944lvlr1+x8+Xy37DZH9+6Bq0mBrnnlEc5y7ybcreuUm1Vx30l
+    /iZfnt8uwC1SyB2J3ZbtXK9vIPHG097rLl0l+Rw8eaObaWl8rn4PVjdAUaFI+q2B
+    hep8b4gfyF393Ih54OTYCI5QyEbBPP7syTCSgrWDUUnLv/ar2AvXTfzzydqmcKsz
+    Yliok3iZfjf61TETTpBjqkKHTpS+mE55L2DSS0R1X0JTbjwmkvANYQ80emKk49Xa
+    k7IqYJYT8+h2wDYambcTR+rhBV7c6QBS+phCPqO+7miYdyDeZCvPtQcO3lxMEnVv
+    y2nh6+8BvEveNfdTNOUCAwEAAaM1MDMwDAYDVR0TAQH/BAIwADAjBgNVHREEHDAa
+    ghhtb25pdG9yLmluZnJhLmNhY2VydC5vcmcwDQYJKoZIhvcNAQELBQADggIBADGz
+    W4rXl1xK5qNHRWVy6wqH8/2OkZCg1O8X1b3mEnYYXyXRB8L6OKDUDfNZaldACegT
+    aEmEzBL27+/7wW6SymWoL74ni9WOZPqJ3GsWtHDUWSsolvQWHmYFnIGTOm+8PsVw
+    L3X2ftPg1krXhTWevK4rZdLNh4KM4Gr6nFHxiuxiOV22xqLSaFh/rVd0TNlpgCIZ
+    oWOsKYrqx4Hudq4blDI0w0NLySgOVEgl1EJA/vED1DzOFmbmuvujODUhjm5sVvuN
+    x9Zm4G0KuZX7LgKc6VeGnAyAUzgrD/uhZvc3oAzmfUUC3dx7tWB7WUuI9ji9bL8v
+    94oXsQ7Ig329RdSsE3AoH6w54cVgCEo3WZ7j7z+ejPPLI9DbvFFwM/JFEO+A1cPw
+    EEUG8bSHHo8Twe5tgTwr0t1Sch3D5Ur7qv0nBAjwphEVoIGiu5yudmFbscPgTz+i
+    /NPtJ1zZ2NCjLabeXmaSq8Zxy4dCJ0YJ6fuFz2SKd92RDO4okhDbRgnW1RT1+eAT
+    2dNvOd3V878PS7BM3OAzZTfVnVD+/DTRyUHAz07iSB/1KNfEfn3qDSTapx9PL4aJ
+    X74w5WZ7FlNdQHRFvvjNI849fVb2MoLxeIwd7W5flv6gpLlMX49PMp62ZtfupbRJ
+    5AtYgSC6FbF3WwkRKTz2/KZi5j0oCHqxl31HY1Hx
     -----END CERTIFICATE-----
diff --git a/hieradata/nodes/puppet.yaml b/hieradata/nodes/puppet.yaml
index 6cb160e..502574b 100644
--- a/hieradata/nodes/puppet.yaml
+++ b/hieradata/nodes/puppet.yaml
@@ -15,4 +15,15 @@ profiles::puppet_server::git_pull_ssh_passphrase: >
     72sBgDCNDoJmkzzjSfLIvN/Q2D0p2XBtKWrc7NkmVzZrzVZ6cLJCBornuJ72
     fOJnmPqpFng=]
 profiles::puppet_server::git_pull_tokens:
-  - ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAWLS320bvmv2NSEtEFn5dFD5goJ2g3T2JDT8EylyZ5WDMdlW3w8kx4cQSju1TvjrUIRimkYMKIi9Ej2cXUEMZZoWXpdTbxBreBY5NNlzz0UWmzuwgx6qVy3Czlvhbqq2vb97W1/e30sKcaXe4Mly9UWy+pslH3KHEs4vwipZ+MaIlY76HOPVUmQBtNwaaIiY2KtBTfVGXGUp5VXYGQZsUL2K6DucT+xP3duYjK5iCPfk+w/iYz1bv3m2uT5GvsahZhCBGJNu81ZZ9MY4+WZfKwqfEN2fQz1X6mqBvpaXqE3w573SZo6K7ofhiK8q6+4QlNJ6qlLrsuetlgu8+aHYhcDBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBDoG8fxzhnn0Xp4Bk+Yg4RsgDDTTKABVrszTg2gZ1bZPm0ysvpoG6tSE0FVmexQjR814RSl81f7coXap/pnWwAhpPo=]
-\ No newline at end of file
+  - ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAWLS320bvmv2NSEtEFn5dFD5goJ2g3T2JDT8EylyZ5WDMdlW3w8kx4cQSju1TvjrUIRimkYMKIi9Ej2cXUEMZZoWXpdTbxBreBY5NNlzz0UWmzuwgx6qVy3Czlvhbqq2vb97W1/e30sKcaXe4Mly9UWy+pslH3KHEs4vwipZ+MaIlY76HOPVUmQBtNwaaIiY2KtBTfVGXGUp5VXYGQZsUL2K6DucT+xP3duYjK5iCPfk+w/iYz1bv3m2uT5GvsahZhCBGJNu81ZZ9MY4+WZfKwqfEN2fQz1X6mqBvpaXqE3w573SZo6K7ofhiK8q6+4QlNJ6qlLrsuetlgu8+aHYhcDBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBDoG8fxzhnn0Xp4Bk+Yg4RsgDDTTKABVrszTg2gZ1bZPm0ysvpoG6tSE0FVmexQjR814RSl81f7coXap/pnWwAhpPo=]
+profiles::icinga2_agent::pki_ticket: >
+    ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEw
+    DQYJKoZIhvcNAQEBBQAEggEAdehEizEK2eAr85FD4XwS8dzDiIqKV2vanCjn
+    yJtnyX3IZ66tJkqtUUUMW5cWDY6I5eMmmmMOdqfXi+ZJ43aXmGNw9T6p05P6
+    mVIUG4opuW6Udug1eo9t0QTgtFKquuTJD+bqmvEtXvQ9JR2mKOH24OPi6kp9
+    jXbj6Gf9TNbGo9LXFEMuf4PaugOiIyW3rqBqpCX6MI3Fbt5BCkPFgRSl+yxG
+    2fAdNzOz5aDVLptT5fGHCvUPUpTuVGGAToqs4JOVGob1EFfwGniWqYoyzxWq
+    1g8bJ6OJ9w3oXYDm24lqmQB7U7enzrHEnP4wRRiuzXZasoeEjQumLdOmVgZd
+    sBBGGjBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBCixanHeFcVKKQc02XF
+    oewVgDB5dfRWbXLWJUcemnGSTPZWFh7Tb7zKl4X9ihJgMsM9NDb2syw4rAfU
+    DFxe1xKUOAo=]
diff --git a/sitemodules/profiles/manifests/icinga2_agent.pp b/sitemodules/profiles/manifests/icinga2_agent.pp
index 285ba74..178bdf8 100644
--- a/sitemodules/profiles/manifests/icinga2_agent.pp
+++ b/sitemodules/profiles/manifests/icinga2_agent.pp
@@ -6,10 +6,12 @@
 # Parameters
 # ----------
 #
-# @param pki_api_user       Icinga2 API user name for retrieving a
-#                           ticket for a certificate signing request
-# @param pki_api_password   Icinga2 API password for retrieving a ticket
-#                           for a certificate signing request
+# @param pki_ticket         Ticket for getting a signed certificate
+#                           from the master
+#
+# @param master_host        Hostname of the master
+#
+# @param master_certificate TLS certificate of the master
 #
 # Examples
 # --------
@@ -29,32 +31,44 @@
 #
 # Copyright 2019 Jan Dittberner
 class profiles::icinga2_agent (
-  String $pki_api_user,
-  String $pki_api_password,
+  String $pki_ticket,
+  String $master_host,
+  String $master_certificate,
 ) {
   include 'profiles::icinga2_common'
 
-  file { '/var/lib/icinga2/setup_agent.sh':
+  file { "/var/lib/icinga2/certs/trusted-cert.crt":
     ensure  => file,
-    content => epp('profiles/icinga2_agent/setup_agent.sh.epp', {
-      pki_api_user     => $pki_api_user,
-      pki_api_password => $pki_api_password,
-      master_host      => $::profiles::icinga2_common::master_host,
-    }),
+    content => $master_certificate,
     owner   => 'nagios',
     group   => 'nagios',
-    mode    => '0700',
+    mode    => '0644',
+    require => File['/var/lib/icinga2/certs'],
   }
-  exec { '/bin/sh /var/lib/icinga2/setup_agent.sh':
-    creates => "/etc/icinga2/pki/${::fqdn}.key",
-    require => [
-      File['/var/lib/icinga2/setup_agent.sh'],
-      File['/var/lib/icinga2/certs/ca.crt'],
-      File["/var/lib/icinga2/certs/${::profiles::icinga2_common::master_host}.crt"],
-      Package['icinga2'],
-    ],
+
+  class { '::icinga2':
+    manage_repo => false,
+    features    => ['mainlog'],
+  }
+
+  class { '::icinga2::feature::api':
+    pki             => 'none',
+    accept_config   => true,
+    accept_commands => true,
+    ticket_id       => $pki_ticket,
+    endpoints       => {
+      'NodeName' => {},
+    }
+    zones           => {
+      'ZoneName'   => {
+        'endpoints' => ['NodeName'],
+        'parent'    => $master_host,
+      },
+      $master_host => {
+        'endpoints' => [$master_host],
+      }
+    }
   }
-  Exec['/bin/sh /var/lib/icinga2/setup_agent.sh'] ~> Service<| name == 'icinga2' |>
 
   @@icinga2::object::endpoint { $::fqdn:
     ensure        => present,
@@ -64,7 +78,7 @@ class profiles::icinga2_agent (
   @@icinga2::object::zone { $::fqdn:
     ensure    => present,
     endpoints => [$::fqdn],
-    parent    => $::profiles::icinga2_common::master_host,
+    parent    => $master_host,
     target        => "/etc/icinga2/zones.d/${::fqdn}.conf",
   }
 }
diff --git a/sitemodules/profiles/manifests/icinga2_common.pp b/sitemodules/profiles/manifests/icinga2_common.pp
index 56ac1d2..829994b 100644
--- a/sitemodules/profiles/manifests/icinga2_common.pp
+++ b/sitemodules/profiles/manifests/icinga2_common.pp
@@ -37,20 +37,4 @@ class profiles::icinga2_common (
     }
     Apt::Pin['icinga2_backports'] -> Package <| name == 'icinga2' or name == 'icinga2-ido-pgsql' |>
   }
-  #file { '/var/lib/icinga2/certs/ca.crt':
-  #  ensure  => file,
-  #  content => $ca_certificate,
-  #  owner   => 'nagios',
-  #  group   => 'nagios',
-  #  mode    => '0644',
-  #  require => File['/var/lib/icinga2/certs'],
-  #}
-  #file { "/var/lib/icinga2/certs/${master_host}.crt":
-  #  ensure  => file,
-  #  content => $master_certificate,
-  #  owner   => 'nagios',
-  #  group   => 'nagios',
-  #  mode    => '0644',
-  #  require => File['/var/lib/icinga2/certs'],
-  #}
 }
diff --git a/sitemodules/profiles/manifests/icinga2_master.pp b/sitemodules/profiles/manifests/icinga2_master.pp
index 274e3a8..e6db26d 100644
--- a/sitemodules/profiles/manifests/icinga2_master.pp
+++ b/sitemodules/profiles/manifests/icinga2_master.pp
@@ -7,14 +7,12 @@
 # Parameters
 # ----------
 #
-# @param web2_database_name     database name for IcingaWeb2 database
-# @param web2_database_user     database user for IcingaWeb2 database
+# @param ido_database_password  database password for Icinga2 IDO database
 # @param web2_database_password database password for IcingaWeb2 database
 # @param api_users              Icinga2 API users
+# @param pki_ticket_salt        Ticket salt for API endpoint
 # @param ca_key                 Icinga2 CA private key content
 # @param ca_certificate         Icinga2 CA certificate content
-# @param master_key             Icinga2 master private key content
-# @param master_csr             Icinga2 master CSR
 #
 # Examples
 # --------
@@ -40,8 +38,6 @@ class profiles::icinga2_master (
   String $pki_ticket_salt,
   String $ca_key,
   String $ca_certificate,
-  String $master_key,
-  String $master_csr,
 ) {
   include profiles::icinga2_common
   include postgresql::server
@@ -81,101 +77,13 @@ class profiles::icinga2_master (
 
   class { '::icinga2::feature::api':
     pki        => 'none',
-    ssl_cacert => $ca_certificate,
-    ssl_key    => $master_key,
-    ssl_cert   => $::profiles::icinga2_common::master_certificate,
   }
 
   icinga2::object::zone { 'global-templates':
     global => true,
   }
 
-  #file { '/etc/icinga2/conf.d/api-users.conf':
-  #  ensure  => file,
-  #  content => epp('profiles/icinga2_master/conf.d/api-users.conf.epp', {
-  #    'api_users' => $api_users
-  #  }),
-  #  owner   => 'root',
-  #  group   => 'nagios',
-  #  mode    => '0640',
-  #  require => Package['icinga2'],
-  #}
-
   create_resources(icinga2::object::apiuser, $api_users)
-  #file { "/var/lib/icinga2/certs/${::facts['fqdn']}.key":
-  #  ensure  => file,
-  #  owner   => 'nagios',
-  #  group   => 'nagios',
-  #  mode    => '0600',
-  #  content => $master_key,
-  #  require => File['/var/lib/icinga2/certs'],
-  #}
-  #file { "/var/lib/icinga2/certs/${::facts['fqdn']}.csr":
-  #  ensure  => file,
-  #  owner   => 'nagios',
-  #  group   => 'nagios',
-  #  mode    => '0644',
-  #  content => $master_csr,
-  #  require => File['/var/lib/icinga2/certs'],
-  #}
-  #file { '/var/lib/icinga2/ca':
-  #  ensure  => directory,
-  #  owner   => 'nagios',
-  #  group   => 'nagios',
-  #  mode    => '0700',
-  #  require => Package['icinga2'],
-  #}
-  #file { '/var/lib/icinga2/ca/ca.key':
-  #  ensure  => file,
-  #  content => $ca_key,
-  #  owner   => 'nagios',
-  #  group   => 'nagios',
-  #  mode    => '0600',
-  #  require => File['/var/lib/icinga2/ca'],
-  #}
-  #file { '/var/lib/icinga2/ca/ca.crt':
-  #  ensure  => file,
-  #  content => $::profiles::icinga2_common::ca_certificate,
-  #  owner   => 'nagios',
-  #  group   => 'nagios',
-  #  mode    => '0644',
-  #  require => File['/var/lib/icinga2/ca'],
-  #}
-  #exec { "/usr/sbin/icinga2 node setup --master":
-  #  creates => "/etc/icinga2/features-enabled/api.conf",
-  #  require => [
-  #    Package['icinga2'],
-  #    File['/var/lib/icinga2/ca/ca.key'],
-  #    File["/var/lib/icinga2/certs/${::facts['fqdn']}.key"]
-  #  ],
-  #  notify  => Service['icinga2'],
-  #}
-  #exec { '/usr/sbin/icinga2 feature enable ido-pgsql':
-  #  creates => "/etc/icinga2/features-enabled/ido-pgsql.conf",
-  #  require => Package['icinga2-ido-pgsql'],
-  #  notify  => Service['icinga2'],
-  #}
-  #service { 'icinga2':
-  #  ensure    => 'running',
-  #  enable    => true,
-  #  require   => [
-  #    Package['icinga2'],
-  #    Package['icinga2-ido-pgsql'],
-  #  ],
-  #  subscribe => [
-  #    File['/etc/icinga2/icinga2.conf'],
-  #    File['/etc/icinga2/init.conf'],
-  #    File['/etc/icinga2/features-enabled/checker.conf'],
-  #    File['/etc/icinga2/features-enabled/mainlog.conf'],
-  #    File['/etc/icinga2/features-enabled/notification.conf'],
-  #    File['/etc/icinga2/zones.conf'],
-  #    File['/etc/icinga2/conf.d/api-users.conf'],
-  #    File['/var/lib/icinga2/ca'],
-  #    File['/var/lib/icinga2/ca/ca.key'],
-  #    File['/var/lib/icinga2/ca/ca.crt'],
-  #    File['/var/lib/icinga2/certs/ca.crt'],
-  #  ],
-  #}
 
   Icinga2::Object::Zone <<| |>> ~> Service['icinga2']
   Icinga2::Object::Endpoint <<| |>> ~> Service['icinga2']
author	Jan Dittberner <jandd@cacert.org>	2019-07-21 16:29:15 +0200
committer	Jan Dittberner <jandd@cacert.org>	2019-07-21 16:29:15 +0200
commit	93ce031466058317b5bfdefc20412150449d8b3c (patch)
tree	7a808a7f2990e74c532f28cfca31afe535f51720
parent	a6f98d12beff0c2204cbb838c68020fcd8f0e950 (diff)
download	cacert-puppet-93ce031466058317b5bfdefc20412150449d8b3c.tar.gz cacert-puppet-93ce031466058317b5bfdefc20412150449d8b3c.tar.xz cacert-puppet-93ce031466058317b5bfdefc20412150449d8b3c.zip