aboutsummaryrefslogtreecommitdiffstats
path: root/manifests/certmonger
diff options
context:
space:
mode:
Diffstat (limited to 'manifests/certmonger')
-rw-r--r--manifests/certmonger/ca/crl.pp2
-rw-r--r--manifests/certmonger/haproxy.pp13
-rw-r--r--manifests/certmonger/httpd.pp10
-rw-r--r--manifests/certmonger/mongodb.pp10
-rw-r--r--manifests/certmonger/mysql.pp10
-rw-r--r--manifests/certmonger/rabbitmq.pp10
6 files changed, 40 insertions, 15 deletions
diff --git a/manifests/certmonger/ca/crl.pp b/manifests/certmonger/ca/crl.pp
index 2454460..a69065d 100644
--- a/manifests/certmonger/ca/crl.pp
+++ b/manifests/certmonger/ca/crl.pp
@@ -129,7 +129,7 @@ class tripleo::certmonger::ca::crl (
if $ensure == 'present' {
# Fetch CRL in cron job and notify needed services
- $cmd_list = concat(["${sleep}curl -L -o ${fetched_crl} ${crl_source}"], $process_cmd, $reload_cmds)
+ $cmd_list = concat(["${sleep}curl -s -L -o ${fetched_crl} ${crl_source}"], $process_cmd, $reload_cmds)
$cron_cmd = join($cmd_list, ' && ')
} else {
$cron_cmd = absent
diff --git a/manifests/certmonger/haproxy.pp b/manifests/certmonger/haproxy.pp
index d4f4ad2..819348d 100644
--- a/manifests/certmonger/haproxy.pp
+++ b/manifests/certmonger/haproxy.pp
@@ -32,10 +32,6 @@
# The hostname that certmonger will use as the common name for the
# certificate.
#
-# [*postsave_cmd*]
-# The post-save-command that certmonger will use once it renews the
-# certificate.
-#
# [*certmonger_ca*]
# (Optional) The CA that certmonger will use to generate the certificates.
# Defaults to hiera('certmonger_ca', 'local').
@@ -48,15 +44,19 @@
# [*principal*]
# The haproxy service principal that is set for HAProxy in kerberos.
#
+# [*postsave_cmd*]
+# The post-save-command that certmonger will use once it renews the
+# certificate.
+#
define tripleo::certmonger::haproxy (
$service_pem,
$service_certificate,
$service_key,
$hostname,
- $postsave_cmd,
$certmonger_ca = hiera('certmonger_ca', 'local'),
$dnsnames = undef,
$principal = undef,
+ $postsave_cmd = undef,
){
include ::certmonger
include ::haproxy::params
@@ -74,6 +74,7 @@ define tripleo::certmonger::haproxy (
$dnsnames_real = $hostname
}
+ $postsave_cmd_real = pick($postsave_cmd, 'systemctl reload haproxy')
certmonger_certificate { "${title}-cert":
ensure => 'present',
ca => $certmonger_ca,
@@ -81,7 +82,7 @@ define tripleo::certmonger::haproxy (
dnsname => $dnsnames_real,
certfile => $service_certificate,
keyfile => $service_key,
- postsave_cmd => $postsave_cmd,
+ postsave_cmd => $postsave_cmd_real,
principal => $principal,
wait => true,
tag => 'haproxy-cert',
diff --git a/manifests/certmonger/httpd.pp b/manifests/certmonger/httpd.pp
index e9754f7..1b57984 100644
--- a/manifests/certmonger/httpd.pp
+++ b/manifests/certmonger/httpd.pp
@@ -36,6 +36,11 @@
# in the certificate. If left unset, the value will be set to the $hostname.
# Defaults to undef
#
+# [*postsave_cmd*]
+# (Optional) Specifies the command to execute after requesting a certificate.
+# If nothing is given, it will default to: "systemctl restart ${service name}"
+# Defaults to undef.
+#
# [*principal*]
# The haproxy service principal that is set for HAProxy in kerberos.
#
@@ -45,6 +50,7 @@ define tripleo::certmonger::httpd (
$service_key,
$certmonger_ca = hiera('certmonger_ca', 'local'),
$dnsnames = undef,
+ $postsave_cmd = undef,
$principal = undef,
) {
include ::certmonger
@@ -56,7 +62,7 @@ define tripleo::certmonger::httpd (
$dnsnames_real = $hostname
}
- $postsave_cmd = "systemctl reload ${::apache::params::service_name}"
+ $postsave_cmd_real = pick($postsave_cmd, "systemctl reload ${::apache::params::service_name}")
certmonger_certificate { $name :
ensure => 'present',
certfile => $service_certificate,
@@ -64,7 +70,7 @@ define tripleo::certmonger::httpd (
hostname => $hostname,
dnsname => $dnsnames_real,
principal => $principal,
- postsave_cmd => $postsave_cmd,
+ postsave_cmd => $postsave_cmd_real,
ca => $certmonger_ca,
wait => true,
tag => 'apache-cert',
diff --git a/manifests/certmonger/mongodb.pp b/manifests/certmonger/mongodb.pp
index 0b2dd6a..37af82c 100644
--- a/manifests/certmonger/mongodb.pp
+++ b/manifests/certmonger/mongodb.pp
@@ -34,6 +34,11 @@
# (Optional) The CA that certmonger will use to generate the certificates.
# Defaults to hiera('certmonger_ca', 'local').
#
+# [*postsave_cmd*]
+# (Optional) Specifies the command to execute after requesting a certificate.
+# If nothing is given, it will default to: "systemctl restart ${service name}"
+# Defaults to undef.
+#
# [*principal*]
# (Optional) The service principal that is set for the service in kerberos.
# Defaults to undef
@@ -44,12 +49,13 @@ class tripleo::certmonger::mongodb (
$service_key,
$service_pem,
$certmonger_ca = hiera('certmonger_ca', 'local'),
+ $postsave_cmd = undef,
$principal = undef,
) {
include ::certmonger
include ::mongodb::params
- $postsave_cmd = "systemctl restart ${::mongodb::params::service_name}"
+ $postsave_cmd_real = pick($postsave_cmd, "systemctl restart ${::mongodb::params::service_name}")
certmonger_certificate { 'mongodb' :
ensure => 'present',
certfile => $service_certificate,
@@ -57,7 +63,7 @@ class tripleo::certmonger::mongodb (
hostname => $hostname,
dnsname => $hostname,
principal => $principal,
- postsave_cmd => $postsave_cmd,
+ postsave_cmd => $postsave_cmd_real,
ca => $certmonger_ca,
wait => true,
require => Class['::certmonger'],
diff --git a/manifests/certmonger/mysql.pp b/manifests/certmonger/mysql.pp
index 0988c55..ae408b6 100644
--- a/manifests/certmonger/mysql.pp
+++ b/manifests/certmonger/mysql.pp
@@ -37,6 +37,11 @@
# This parameter can take both a string or an array of strings.
# Defaults to $hostname
#
+# [*postsave_cmd*]
+# (Optional) Specifies the command to execute after requesting a certificate.
+# If nothing is given, it will default to: "systemctl restart ${service name}"
+# Defaults to undef.
+#
# [*principal*]
# (Optional) The haproxy service principal that is set for MySQL in kerberos.
# Defaults to undef
@@ -47,12 +52,13 @@ class tripleo::certmonger::mysql (
$service_key,
$certmonger_ca = hiera('certmonger_ca', 'local'),
$dnsnames = $hostname,
+ $postsave_cmd = undef,
$principal = undef,
) {
include ::certmonger
include ::mysql::params
- $postsave_cmd = "systemctl reload ${::mysql::params::server_service_name}"
+ $postsave_cmd_real = pick($postsave_cmd, "systemctl reload ${::mysql::params::server_service_name}")
certmonger_certificate { 'mysql' :
ensure => 'present',
certfile => $service_certificate,
@@ -60,7 +66,7 @@ class tripleo::certmonger::mysql (
hostname => $hostname,
dnsname => $dnsnames,
principal => $principal,
- postsave_cmd => $postsave_cmd,
+ postsave_cmd => $postsave_cmd_real,
ca => $certmonger_ca,
wait => true,
require => Class['::certmonger'],
diff --git a/manifests/certmonger/rabbitmq.pp b/manifests/certmonger/rabbitmq.pp
index 4a47938..15b1fc3 100644
--- a/manifests/certmonger/rabbitmq.pp
+++ b/manifests/certmonger/rabbitmq.pp
@@ -31,6 +31,11 @@
# (Optional) The CA that certmonger will use to generate the certificates.
# Defaults to hiera('certmonger_ca', 'local').
#
+# [*postsave_cmd*]
+# (Optional) Specifies the command to execute after requesting a certificate.
+# If nothing is given, it will default to: "systemctl restart ${service name}"
+# Defaults to undef.
+#
# [*principal*]
# (Optional) The service principal that is set for the service in kerberos.
# Defaults to undef
@@ -40,12 +45,13 @@ class tripleo::certmonger::rabbitmq (
$service_certificate,
$service_key,
$certmonger_ca = hiera('certmonger_ca', 'local'),
+ $postsave_cmd = undef,
$principal = undef,
) {
include ::certmonger
include ::rabbitmq::params
- $postsave_cmd = "systemctl restart ${::rabbitmq::params::service_name}"
+ $postsave_cmd_real = pick($postsave_cmd, "systemctl restart ${::rabbitmq::params::service_name}")
certmonger_certificate { 'rabbitmq' :
ensure => 'present',
certfile => $service_certificate,
@@ -53,7 +59,7 @@ class tripleo::certmonger::rabbitmq (
hostname => $hostname,
dnsname => $hostname,
principal => $principal,
- postsave_cmd => $postsave_cmd,
+ postsave_cmd => $postsave_cmd_real,
ca => $certmonger_ca,
wait => true,
require => Class['::certmonger'],