1 |
class openssl { |
2 |
class base { |
3 |
package { 'openssl': } |
4 |
} |
5 |
|
6 |
define self_signed_cert($directory = '/etc/certs') { |
7 |
include openssl::base |
8 |
|
9 |
$pem_file = "$name.pem" |
10 |
exec { "openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout $pem_file -out $pem_file -subj '/CN=$name'": |
11 |
cwd => $directory, |
12 |
creates => "$directory/$name.pem", |
13 |
require => Package['openssl'] |
14 |
} |
15 |
} |
16 |
|
17 |
define self_signed_splitted_cert( $filename = '', |
18 |
$directory = '/etc/certs', |
19 |
$owner = 'root', |
20 |
$group = 'root', |
21 |
$mode = '0600') { |
22 |
include openssl::base |
23 |
|
24 |
$crt_file = "$filename.crt" |
25 |
$key_file = "$filename.key" |
26 |
exec { "openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout $key_file -out $crt_file -subj '/CN=$name'": |
27 |
cwd => $directory, |
28 |
creates => "$directory/$key_file", |
29 |
require => Package['openssl'], |
30 |
before => [File["$directory/$key_file"], |
31 |
File["$directory/$crt_file"]] |
32 |
} |
33 |
|
34 |
file { ["$directory/$key_file","$directory/$crt_file"]: |
35 |
owner => $owner, |
36 |
group => $group, |
37 |
mode => $mode, |
38 |
} |
39 |
} |
40 |
} |