summaryrefslogtreecommitdiff
path: root/sitemodules/profiles/manifests
diff options
context:
space:
mode:
Diffstat (limited to 'sitemodules/profiles/manifests')
-rw-r--r--sitemodules/profiles/manifests/base.pp45
1 files changed, 32 insertions, 13 deletions
diff --git a/sitemodules/profiles/manifests/base.pp b/sitemodules/profiles/manifests/base.pp
index fd6f225..ff3d9e4 100644
--- a/sitemodules/profiles/manifests/base.pp
+++ b/sitemodules/profiles/manifests/base.pp
@@ -14,9 +14,7 @@
#
# @param rootalias alias that gets emails for root
#
-# @param crl_job_enable whether to setup the hourly CRL update job
-#
-# @param crl_job_services which services to reload after the CRL update
+# @param crl_job configure the hourly CRL update job
#
# @param is_external whether the node is outside of CAcert infrastructure
#
@@ -36,15 +34,21 @@
# Copyright
# ---------
#
-# Copyright 2016-2021 Jan Dittberner
+# Copyright 2016-2022 Jan Dittberner
#
class profiles::base (
- Array[String] $admins = [],
- Hash[String, Data] $users = {},
- String $rootalias = "${trusted['certname']}-admin@cacert.org",
- Boolean $crl_job_enable = false,
- Array[String] $crl_job_services = [],
- Boolean $is_external = false,
+ Array[String] $admins = [],
+ Hash[String, Data] $users = {},
+ String $rootalias = "${trusted['certname']}-admin@cacert.org",
+ Hash[String, Data] $crl_job = {
+ 'enable' => false,
+ 'hostname' => $trusted['certname'],
+ 'services' => [],
+ 'check_url' => 'https://monitor.infra.cacert.org:5665/v1/actions/process-check-result',
+ 'api_user' => '',
+ 'api_password' => '',
+ },
+ Boolean $is_external = false,
) {
# ensure admin users for this container
$admins.each |String $username| {
@@ -172,7 +176,10 @@ class profiles::base (
repos => 'main',
release => "${::lsbdistcodename}-updates",
}
- if Integer($facts['os']['release']['major']) < 11 {
+
+ $os_major = Integer($facts['os']['release']['major'])
+
+ if $os_major < 11 {
apt::source { "security.debian.org-${::lsbdistcodename}-security":
location => 'http://security.debian.org/debian-security',
repos => 'main',
@@ -255,7 +262,11 @@ class profiles::base (
subscribe => [File[$cacert_class1_file], File[$cacert_class3_file]],
}
- if ($crl_job_enable) {
+ if ($crl_job['enable']) {
+ package { 'python3-requests':
+ ensure => installed,
+ }
+
file { '/var/local/ssl':
ensure => directory,
owner => 'root',
@@ -278,9 +289,17 @@ class profiles::base (
mode => '0755',
content => epp(
'profiles/base/update-crls.epp',
- { 'services' => $crl_job_services }),
+ {
+ 'services' => $crl_job['services'],
+ 'check_url' => $crl_job['check_url'],
+ 'api_user' => $crl_job['api_user'],
+ 'api_password' => $crl_job['api_password'],
+ 'hostname' => $crl_job['hostname'],
+ },
+ ),
require => [
Package['ca-certificates'],
+ Package['python3-requests'],
File['/var/local/ssl/crls'],
File[$cacert_class1_file],
File[$cacert_class3_file]