Skip to content
Snippets Groups Projects
Commit 191fc434 authored by Chris Burr's avatar Chris Burr
Browse files

Merge branch 'master-subjectAltName' into 'master'

Support adding extra subjectAltName to the host certificate

See merge request ai/it-puppet-module-dirac!124
parents 4f0c3ba4 9a5edc8c
No related branches found
No related tags found
No related merge requests found
...@@ -33,6 +33,7 @@ ...@@ -33,6 +33,7 @@
# @param oracle_support if set to true, ensures that the oracle RPM client libraries are installed # @param oracle_support if set to true, ensures that the oracle RPM client libraries are installed
# @param oracle_client_version version of the oracle RPM client libraries to install # @param oracle_client_version version of the oracle RPM client libraries to install
# @param tornado_processes number of processes tornado is going to spawn if the web app is used # @param tornado_processes number of processes tornado is going to spawn if the web app is used
# @param extra_aliases extra aliases to include as subjectAltName in the host certificate
# #
# #
# Although some parameters (like master_cs, master_config_name, extensions*, etc) could be part of the config_args, # Although some parameters (like master_cs, master_config_name, extensions*, etc) could be part of the config_args,
...@@ -53,7 +54,8 @@ class dirac (String $dirac_user = 'dirac', String $dirac_group = 'dirac', ...@@ -53,7 +54,8 @@ class dirac (String $dirac_user = 'dirac', String $dirac_group = 'dirac',
Hash $dirac_config_args = {}, Hash $dirac_config_args = {},
Boolean $oracle_support = false, Boolean $oracle_support = false,
String $oracle_client_version = '12.1', String $oracle_client_version = '12.1',
Numeric $tornado_processes = 4){ Numeric $tornado_processes = 4,
Array $extra_aliases = []){
# Retrieve the fully qualified name # Retrieve the fully qualified name
...@@ -89,22 +91,21 @@ class dirac (String $dirac_user = 'dirac', String $dirac_group = 'dirac', ...@@ -89,22 +91,21 @@ class dirac (String $dirac_user = 'dirac', String $dirac_group = 'dirac',
target => '/etc/grid-security/allCAs.pem', target => '/etc/grid-security/allCAs.pem',
} }
# Collect the DNS alias to add them to the host certificate # Collect the DNS alias to add them to the host certificate
if $facts['landb_ip_aliases'] { $ip_aliases = $facts['landb_ip_aliases'] ? {
# landb_ip_aliases are not FQDN undef => [], # no fact → empty list
$aliases = split($facts['landb_ip_aliases'], ',') default => split($facts['landb_ip_aliases'], ','), # comma-separated
$diraccertifalias = join(suffix($aliases, '.cern.ch'), ',')
}
else {
$diraccertifalias = ''
} }
$fqdn_ip_aliases = suffix($ip_aliases, '.cern.ch')
$all_aliases = $fqdn_ip_aliases + $extra_aliases
$san_string = join($all_aliases, ',')
certmgr::certificate {'dirac perm': certmgr::certificate {'dirac perm':
hostcert => '/opt/dirac/etc/grid-security/hostcert.pem', hostcert => '/opt/dirac/etc/grid-security/hostcert.pem',
hostkey => '/opt/dirac/etc/grid-security/hostkey.pem', hostkey => '/opt/dirac/etc/grid-security/hostkey.pem',
owner => $dirac_user, owner => $dirac_user,
group => $dirac_group, group => $dirac_group,
san => $diraccertifalias, san => $san_string,
hostkey_mode => '0400', hostkey_mode => '0400',
hostcert_mode => '0440', hostcert_mode => '0440',
# require => File['/opt/dirac/etc/grid-security/hostkey.pem'], # require => File['/opt/dirac/etc/grid-security/hostkey.pem'],
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment