D2646.diff
No OneTemporary
Actions

Size

3 KB

Referenced Files

None

Subscribers

None

D2646.diff
View Options

	diff --git a/roles/core/certificates/files/nasqueron-vault-ca.crt b/roles/core/certificates/files/nasqueron-vault-ca.crt
	new file mode 100644
	--- /dev/null
	+++ b/roles/core/certificates/files/nasqueron-vault-ca.crt
	@@ -0,0 +1,20 @@
	+-----BEGIN CERTIFICATE-----
	+MIIDQTCCAimgAwIBAgIUeZZqwDWEe/AZNVnDDqrr8u+2hWYwDQYJKoZIhvcNAQEL
	+BQAwGjEYMBYGA1UEAxMPbmFzcXVlcm9uLmRyYWtlMB4XDTIyMDMyNTIzMDMyOFoX
	+DTMyMDMyMjIzMDM1OFowGjEYMBYGA1UEAxMPbmFzcXVlcm9uLmRyYWtlMIIBIjAN
	+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw5k3EprQ1QyrFL54TQCchx2J3V+i
	+1c30Uswn1Nn1OhexDWv0ER/j74XGeXlyHu3RYLtzo8LFZ7Ejvmkx+86AnRMJo8D5
	+5ZeoJvldkx1m/V66fTLuVKd/21q7mLw2r0vkOihc1UF4P7IyG4IznBC6uxlpHHbs
	+e/miJMk7UnjywrwjPqpx1szc9/EI3semesCDSXfTAoDWl+LS/E/sRZKdfVd+J2Vo
	+Bx5VL02g6O6gBjmqVF6Y37hyQ5d20nkghXFgjaVSQGzgrZqnkOcMKdkaPKLmzFm9
	+TdU3HK4n9CwABT8RbDUGeP+qdPl20oaxY15HCOAYJmCMWG6R4V8MpOQUlwIDAQAB
	+o38wfTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU
	+p3uXKKHUaY5qS7L13eYxHRjKl/IwHwYDVR0jBBgwFoAUp3uXKKHUaY5qS7L13eYx
	+HRjKl/IwGgYDVR0RBBMwEYIPbmFzcXVlcm9uLmRyYWtlMA0GCSqGSIb3DQEBCwUA
	+A4IBAQBKSB8G9/yZf2fdSuUN43DhMrdQ2lQeAIKjVzlX5eZk9CMRI2rZ6yQuXiMk
	+Hsznx4W9obVS1BcFle+EjdlA0wEA3ip6CDodI31sNRpLOy855ZHxuAUmRPKVvnNM
	+s/cCFFzIjVeFzeFDADIRvvA9KkrKg4EgvVIMtBTAIOAoJkie+sVMAXk5Ah+QgC8S
	++bbTEIgzn7BsZsJ90F1G6VEk0wsfmNdIxZTXQq2TnVSU8lLbAroVveXEOneDgS/v
	+YFTLZoDlOb5tL6yfk+4Y666ZNL0nipIHcm0xEBPK6hT0REnXwgwdFBmjMBmhJGGE
	+5Ggr+BUhJSS3+w/PDOWTpfkvT9v2
	+-----END CERTIFICATE-----
	diff --git a/roles/core/certificates/init.sls b/roles/core/certificates/init.sls
	new file mode 100644
	--- /dev/null
	+++ b/roles/core/certificates/init.sls
	@@ -0,0 +1,45 @@
	+# -------------------------------------------------------------
	+# Salt - Deploy certificates
	+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
	+# Project: Nasqueron
	+# License: Trivial work, not eligible to copyright
	+# -------------------------------------------------------------
	+
	+{% from "roles/core/certificates/map.jinja" import certificates with context %}
	+
	+# -------------------------------------------------------------
	+# Certificates provided by trusted sources
	+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
	+
	+{% if "packages" in certificates %}
	+
	+certificates_packages:
	+ pkg.installed:
	+ - pkgs: {{ certificates.packages }}
	+
	+{% endif %}
	+
	+# -------------------------------------------------------------
	+# Deploy Nasqueron certificates
	+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
	+
	+{{ certificates.dir }}:
	+ file.directory:
	+ - makedirs: True
	+
	+# Vault PKI Root CA
	+# Used to sign intermediate authorities for 172.27.27.* services
	+{{ certificates.dir }}/nasqueron-vault-ca.crt:
	+ file.managed:
	+ - source: salt://roles/core/certificates/files/nasqueron-vault-ca.crt
	+ - mode: 444
	+
	+{% if "update-store" in certificates %}
	+
	+certificates_update_store:
	+ cmd.run:
	+ - name: {{ certificates.update-store }}
	+ - onchanges:
	+ - file: {{ certificates.dir }}/nasqueron-vault-ca.crt
	+
	+{% endif %}
	diff --git a/roles/core/certificates/map.jinja b/roles/core/certificates/map.jinja
	new file mode 100644
	--- /dev/null
	+++ b/roles/core/certificates/map.jinja
	@@ -0,0 +1,16 @@
	+{% set certificates = salt["grains.filter_by"]({
	+ "Debian":
	+ "packages": ["ca-certicates"],
	+ "dir": "/usr/local/share/ca-certificates",
	+ "update-store": "update-ca-certificates",
	+ },
	+ "FreeBSD": {
	+ "packages": ["ca_root_nss"],
	+ "dir": "/usr/local/share/certs",
	+ },
	+ "RedHat": {
	+ "packages": ["ca-certicates"],
	+ "dir": "/etc/pki/ca-trust/source/anchors",
	+ "update-store": "update-ca-trust",
	+ }
	+}, default="Debian") %}
	diff --git a/roles/core/init.sls b/roles/core/init.sls
	--- a/roles/core/init.sls
	+++ b/roles/core/init.sls
	@@ -7,6 +7,7 @@

	include:
	- .rc
	+ - .certificates
	- .hostname
	- .login
	- .network

File Metadata

Mime Type: text/plain
Expires: Sat, Nov 16, 13:37 (19 h, 59 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 2247602
Default Alt Text: D2646.diff (3 KB)

D2646.diffNo OneTemporaryActions

D2646.diffView Options

File Metadata

Event Timeline

D2646.diff
No OneTemporary
Actions

D2646.diff
View Options