Skip to content

voxpupuli/puppet-ca_cert

ca_cert puppet module

Build Status Release Puppet Forge Puppet Forge - downloads Puppet Forge - endorsement Puppet Forge - scores License Donated by Phil Fenstermacher

Table of Contents

  1. Description - What does the module do?
  2. Setup - The basics of getting started with mongodb
  3. Usage - Configuration options and additional functionality
  4. Limitations - OS compatibility, etc.
  5. Development - Guide for contributing to the module

Description

The ca_cert module tries to provide a simple way to manage Certificate Authority (CA) certificates on a Linux system.

Usage

On supported OSes custom and OS default CAs can be managed by using the defined type ca_cert::ca. The ca_cert class could be realized to costomize how this module manages the certificates.

Install a custom CA

ca_cert::ca { 'myorg_ca':
  source => 'https://ca.myorg.com/myorg_ca.pem',
}

Manage custom CAs with hiera

---
ca_cert::ca_certs:
  'myorg_ca':
    source: 'https://ca.myorg.com/myorg_ca.pem'
include ca_cert

Distrust a OS default CA

Distrusting OS default CAs is handled differently by different OS families. On Debian/Ubuntu like OSes that support distrusting by using a configuration file the certificate content is not needed. Simply use

ca_cert::ca { 'DigiCert_Global_Root_G3':
  ensure => 'distrusted',
}

On RedHat like OSes that use a folder to manage distrusted default CAs, the certificate source or content has to be provided as well

ca_cert::ca { 'DigiCert_Global_Root_G3':
  ensure => 'distrusted',
  source => 'https://cacerts.digicert.com/DigiCertGlobalRootG3.crt.pem',
}

Ensuring only puppet managed custom CAs are present

class { 'ca_cert':
  purge_unmanaged_CAs => true,
  ca_certs            => {
    ....
  }
}

Limitations

This module has been tested on operating systems in metadata.json

Development

This module is maintained by Vox Pupuli. Voxpupuli welcomes new contributions to this module, especially those that include documentation and rspec tests. We are happy to provide guidance if necessary.

Please see CONTRIBUTING for more details.

Transfer Notice

This module was originally authored by Phil Fenstermacher. The maintainer preferred that Puppet Community take ownership of the module for future improvement and maintenance. Existing pull requests and issues were transferred over, please fork and continue to contribute here instead.

Previously: https://github.com/pcfens/puppet-ca_cert