Puppet Class: minio::server::certs

Defined in:
manifests/server/certs.pp

Summary

Manages minio certificate deployment.

Overview

Examples:

class {'minio::server::certs':
  cert_ensure                => 'present',
  owner                      => 'minio',
  group                      => 'minio',
  cert_directory             => '/etc/minio/certs',
  default_cert_name          => 'miniodefault',
  default_cert_configuration => {
    'source_path'      => 'puppet:///modules/minio/examples',
    'source_cert_name' => 'localhost',
    'source_key_name'  => 'localhost',
  },

  additional_certs           => {
    'example' => {
      'source_path'      => 'puppet:///modules/minio/examples',
      'source_cert_name' => 'example.test',
      'source_key_name'  => 'example.test',
    }
  }
}

Parameters:

  • cert_ensure (Enum['present', 'absent']) (defaults to: $minio::server::cert_ensure)

    Decides if minio certificates binary will be installed.

  • owner (String) (defaults to: $minio::server::owner)

    The user owning minio cerfificates.

  • group (String) (defaults to: $minio::server::group)

    The group owning minio certificates.

  • cert_directory (Stdlib::Absolutepath) (defaults to: $minio::server::cert_directory)

    Directory where minio will keep all cerfiticates.

  • default_cert_name (Optional[String[1]]) (defaults to: $minio::server::default_cert_name)

    Name of the default certificate. If no value provided, ‘miniodefault` is going to be used.

  • default_cert_configuration (Optional[Hash]) (defaults to: $minio::server::default_cert_configuration)

    Hash with the configuration for the default certificate. See ‘certs::site` of the `broadinstitute/certs` module for parameter descriptions.

  • additional_certs (Optional[Hash]) (defaults to: $minio::server::additional_certs)

    Hash of the additional certificates to deploy. The key is a directory name, value is a hash of certificate configuration. See ‘certs::site` of the `broadinstitute/certs` module for parameter descriptions. Important: if you use additional certificates, their corresponding SAN names should be filled for SNI to work.



46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
 
# File 'manifests/server/certs.pp', line 46

class minio::server::certs(
  Enum['present', 'absent'] $cert_ensure = $minio::server::cert_ensure,
  String $owner = $minio::server::owner,
  String $group = $minio::server::group,
  Stdlib::Absolutepath $cert_directory = $minio::server::cert_directory,
  Optional[String[1]] $default_cert_name = $minio::server::default_cert_name,
  Optional[Hash] $default_cert_configuration = $minio::server::default_cert_configuration,
  Optional[Hash] $additional_certs = $minio::server::additional_certs,
) {
  $link_ensure = $cert_ensure ? {
    'present' => 'link',
    default   => 'absent',
  }

  $default_site_name = pick($default_cert_name, 'miniodefault')

  if (!empty($default_cert_configuration)) {
    certs::site { $default_site_name:
      ensure    => $cert_ensure,
      cert_path => $cert_directory,
      key_path  => $cert_directory,
      owner     => $owner,
      group     => $group,
      *         => $default_cert_configuration,
    }

    -> file {"${cert_directory}/private.key":
      ensure => $link_ensure,
      target => "${cert_directory}/${default_site_name}.key",
      mode   => '0600',
      owner  => $owner,
      group  => $group,
    }

    -> file {"${cert_directory}/public.crt":
      ensure => $link_ensure,
      target => "${cert_directory}/${default_site_name}.pem",
      mode   => '0600',
      owner  => $owner,
      group  => $group,
    }
  }

  $additional_certs.each | $name, $cert_values | {
    certs::site {$name:
      ensure    => $cert_ensure,
      cert_path => "${cert_directory}/${name}",
      key_path  => "${cert_directory}/${name}",
      owner     => $owner,
      group     => $group,
      *         => $cert_values,
    }
    -> file {"${cert_directory}/${name}/private.key":
      ensure => $link_ensure,
      target => "${cert_directory}/${name}/${name}.key",
      mode   => '0600',
      owner  => $owner,
      group  => $group,
    }
    -> file {"${cert_directory}/${name}/public.crt":
      ensure => $link_ensure,
      target => "${cert_directory}/${name}/${name}.pem",
      mode   => '0600',
      owner  => $owner,
      group  => $group,
    }
  }
}