oops, nano. In the above code,
creates=>["/etc/ldap/server.crt","/etc/ldap/server.key","/etc/ldap/server.pem"]
On Sat, Aug 7, 2010 at 9:22 AM, mohit chawla
<mohit.chawla.bin...@gmail.com>wrote:
> Also, I have something like this for creating the certificates, works just
> about fine, and helps in not being paranoid about drawbacks of using
> puppet's certs:
>
> class certs{
>
>
> package {"openssl":
>
>
> ensure=>present,
>
> }
>
> file
> {"/var/local/certificates/certs.sh":
> ensure=>"present",
>
> content=>template("certs.erb"),
> owner=>"puppet",
> group=>"puppet",
> mode=>"755",
>
> require=>Package["openssl"],
> }
>
> exec {"sh certs.sh":
>
> cwd=>"/var/local/certificates",
>
> creates=>["/etc/ldap/server.crt","/etc/ldap/server.key","$
>
> path=>"/usr/bin:/usr/sbin:/bin:/sbin",
>
> require=>File["/var/local/certificates/certs.sh"],
> }
>
> }
>
>
> certs.erb:
>
> #!/bin/sh
>
> openssl req -new -x509 -nodes -days 1826 \
> -out /etc/ldap/server.crt \
> -keyout /etc/ldap/server.key \
> -subj /CN=<%= fqdn %>
>
> # Generate the .pem file
> cat /etc/ldap/server.crt \
> /etc/ldap/server.key \
> > /etc/ldap/server.pem
>
> chown openldap:openldap /etc/ldap/server.pem
> chown openldap:openldap /etc/ldap/server.crt
> chown openldap:openldap /etc/ldap/server.key
>
>
> I could just add a few lines of copying certs to other locations and set
> the required permissions.
>
> On Fri, Aug 6, 2010 at 11:45 PM, Richard Crowley <r...@rcrowley.org> wrote:
>
>> I use Puppet's certs to setup stunnels and do all other private
>> communication through those. I also reference them directly rather
>> than copying them around. I haven't gone through the whole firedrill
>> yet but this at least seems like it won't make moving services between
>> hosts more painful.
>>
>> Rich
>> (iPhoned it in.)
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Puppet Users" group.
>> To post to this group, send email to puppet-us...@googlegroups.com.
>> To unsubscribe from this group, send email to
>> puppet-users+unsubscr...@googlegroups.com<puppet-users%2bunsubscr...@googlegroups.com>
>> .
>> For more options, visit this group at
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
