Commit 78ba8d28 authored by Jonathan Gazeley's avatar Jonathan Gazeley
Browse files

Add resource for installing certificates and keys

parent 8986e6f6
......@@ -9,6 +9,7 @@
* [`freeradius`](#freeradius)
* [Resources](#resources)
* [`freeradius::attr`](#freeradiusattr)
* [`freeradius::cert`](#freeradiuscert)
* [`freeradius::client`](#freeradiusclient)
* [`freeradius::config`](#freeradiusconfig)
* [`freeradius::dictionary`](#freeradiusdictionary)
......@@ -110,6 +111,21 @@ freeradius::attr { 'eduroamlocal':
}
```
#### `freeradius::cert`
Install certificates as provided. These are installed in `/etc/raddb/certs`
```puppet
freeradius::cert { 'mycert.pem':
source => 'puppet:///modules/site_freeradius/mycert.pem',
type => 'key',
}
```
##### `type`
Set file permissions on the installed certificate differently depending on whether this is a private key or a public certificate. Note that the default is to treat the file as a private key and remove world-readable privileges. Allowable values: `cert`, `key`. Default: `key`.
#### `freeradius::client`
Define RADIUS clients as seen in `clients.conf`
......
# Install FreeRADIUS certificates
define freeradius::cert (
$source,
$type = 'key',
) {
$fr_package = $::freeradius::params::fr_package
$fr_service = $::freeradius::params::fr_service
$fr_basepath = $::freeradius::params::fr_basepath
$fr_group = $::freeradius::params::fr_group
file { "${fr_basepath}/certs/${name}":
mode => $type ? {
'key' => '0640',
'cert' => '0644',
default => '0644',
},
owner => 'root',
group => $fr_group,
source => $source,
require => [File["${fr_basepath}/certs"], Package[$fr_package], Group[$fr_group]],
notify => Service[$fr_service],
}
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment