Merge "Install DC adminep cert and DC root ca certificate"

2020-04-28 21:44:49 +00:00 · 2020-04-28 21:44:49 +00:00 · 53a4250a65
commit 53a4250a65
parent f0cf1888a3 c82b459703
1 changed files with 40 additions and 0 deletions
--- a/puppet-manifests/src/modules/platform/manifests/config.pp
+++ b/puppet-manifests/src/modules/platform/manifests/config.pp
@ -295,6 +295,43 @@ class platform::config::certs::ssl_ca
  }
 }

+class platform::config::dccert::params (
+  $dc_root_ca_crt = '',
+  $dc_adminep_crt = ''
+) { }
+
+
+class platform::config::dc_root_ca
+  inherits ::platform::config::dccert::params {
+  $dc_root_ca_file = '/etc/pki/ca-trust/source/anchors/dc-adminep-root-ca.crt'
+  $dc_adminep_cert_file = '/etc/ssl/private/admin-ep-cert.pem'
+
+  if ! empty($dc_adminep_crt) {
+    file { 'adminep-cert':
+      ensure  => present,
+      path    => $dc_adminep_cert_file,
+      owner   => root,
+      group   => root,
+      mode    => '0400',
+      content => $dc_adminep_crt,
+    }
+  }
+
+  if ! empty($dc_root_ca_crt) {
+    file { 'create-dc-adminep-root-ca-cert':
+      ensure  => present,
+      path    => $dc_root_ca_file,
+      owner   => root,
+      group   => root,
+      mode    => '0644',
+      content => $dc_root_ca_crt,
+    }
+    -> exec { 'update-dc-ca-trust':
+      command     => 'update-ca-trust',
+    }
+  }
+}
+

 class platform::config::runtime {
  include ::platform::config::certs::ssl_ca
@ -313,6 +350,9 @@ class platform::config::pre {
  include ::platform::config::file
  include ::platform::config::tpm
  include ::platform::config::certs::ssl_ca
+  if $::platform::params::distributed_cloud_role =='systemcontroller' {
+    include ::platform::config::dc_root_ca
+  }
 }