Created
January 25, 2022 08:22
-
-
Save tom-krieger/f129b1e55df2594de85de08b0521550c to your computer and use it in GitHub Desktop.
url_upload
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # @summary Upload new crl to puppet primary | |
| # | |
| # This code example used the same shell script as the task to upload a new crl | |
| # ito Puppet Primary server. Keep in mind that running this class the first time | |
| # will fire the upload task and upload the crl in this repository. | |
| # | |
| class profile::crl_upload ( | |
| Stdlib::Absolutepath $crl_base_dir = '/usr/share/crl_upload', | |
| ) { | |
| $crl_file = "${crl_base_dir}/crl/crl.pem" | |
| file { $crl_base_dir: | |
| ensure => directory, | |
| owner => 'root', | |
| group => 'root', | |
| mode => '0700', | |
| } | |
| file { "${crl_base_dir}/bin": | |
| ensure => directory, | |
| owner => 'root', | |
| group => 'root', | |
| mode => '0700', | |
| } | |
| file { "${crl_base_dir}/crl": | |
| ensure => directory, | |
| owner => 'root', | |
| group => 'root', | |
| mode => '0700', | |
| } | |
| file { $crl_file: | |
| ensure => file, | |
| source => 'puppet:///modules/profile/crl.pem', | |
| owner => 'root', | |
| group => 'root', | |
| mode => '0600', | |
| notify => Exec['upload_crl'], | |
| } | |
| file { "${crl_base_dir}/bin/upload_new_crl.sh": | |
| ensure => file, | |
| content => epp('profile/upload_new_crl.sh.epp', { | |
| crl_file => $crl_file, | |
| }), | |
| owner => 'root', | |
| group => 'root', | |
| mode => '0700', | |
| } | |
| exec { 'upload_crl': | |
| command => "${crl_base_dir}/bin/upload_new_crl.sh", | |
| path => ["${crl_base_dir}/bin"], | |
| refreshonly => true, | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| BINDIR=/opt/puppetlabs/bin | |
| if [ -x /bin/hostname ] ; then | |
| hostcmd='/bin/hostname' | |
| else | |
| hostcmd='/usr/bin/hostame' | |
| fi | |
| if ${BINDIR}/puppet config print server | grep -v -q `${hostcmd}`; then | |
| echo "This task can only be run on the PE primary server!"; | |
| exit 1 | |
| fi | |
| crl_file="<%= $crl_file %>" | |
| if [ -f "$crl_file" ] ; then | |
| type_header='Content-Type: text/plain' | |
| cert="$(puppet config print hostcert)" | |
| cacert="$(puppet config print localcacert)" | |
| key="$(puppet config print hostprivkey)" | |
| uri="https://$(puppet config print server):8140/puppet-ca/v1/certificate_revocation_list" | |
| curl --insecure --cert "$cert" --cacert "$cacert" --key "$key" \ | |
| --header "Content-Type: text/plain" \ | |
| --header "Accept: text/plain" \ | |
| --request PUT --data-binary "@$crl_file" "$uri" | |
| echo | |
| else | |
| echo "The file ${crl_file} is not available or not readable." | |
| exit 2 | |
| fi | |
| exit 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment