4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
# File 'plans/create_pe_certs.pp', line 4
plan complyadm::create_pe_certs(
String $pe_target_name,
String $resolvable_host_name,
) {
$pe_target = get_targets($pe_target_name)[0]
# check pe certname to make sure we dont try to accidentaly delete PE certs due to accidental selection
$pe_certname=run_command('/opt/puppetlabs/bin/puppet config print certname', $pe_target)[0].value['stdout']
if ( $resolvable_host_name in $pe_certname ) {
fail_plan('Attempted to Install Comply on Puppet Enterprise', 'comply/error')
}
# remove any existing certs for this host
run_command("rm -f /etc/puppetlabs/puppet/ssl/certs/${resolvable_host_name}.pem", $pe_target)
run_command("rm -f /etc/puppetlabs/puppet/ssl/private_keys/${resolvable_host_name}.pem", $pe_target)
run_command("rm -f /etc/puppetlabs/puppet/ssl/public_keys/${resolvable_host_name}.pem", $pe_target)
run_command("rm -f /etc/puppetlabs/puppetserver/ca/signed/${resolvable_host_name}.pem", $pe_target)
# generate the certs
run_command("/opt/puppetlabs/bin/puppetserver ca generate --certname ${resolvable_host_name}", $pe_target)
$tls_crt = run_command("cat /etc/puppetlabs/puppet/ssl/ca/signed/${resolvable_host_name}.pem", $pe_target)[0].value['stdout']
$tls_key = run_command("cat /etc/puppetlabs/puppet/ssl/private_keys/${resolvable_host_name}.pem", $pe_target)[0].value['stdout']
$ca_crt = run_command('cat /etc/puppetlabs/puppet/ssl/ca/ca_crt.pem', $pe_target)[0].value['stdout']
return [$tls_crt, $tls_key, $ca_crt]
}
|