让我们加密和本地 puppet 开发

Question

我在自己的 Vagrant 盒子上采取的一种方法是使用本地的“snakeoil”证书，并在需要时对我的类进行参数化，以便我可以传递不同的证书。

class custom::profile::apache(
  $vhost_domain    = $::fqdn,
  $use_letsencrypt = true,
){

  if $::custom::profile::apache::use_letsencrypt == true {
    $ssl_cert  = "/etc/letsencrypt/live/${::custom::profile::apache::vhost_domain}/cert.pem"
    $ssl_key   = "/etc/letsencrypt/live/${::custom::profile::apache::vhost_domain}/privkey.pem"
    $ssl_chain = "/etc/letsencrypt/live/${::custom::profile::apache::vhost_domain}/chain.pem"
    $require   = Exec["letsencrypt certonly ${::fqdn}"]
  } else {
    $ssl_cert   = '/etc/ssl/certs/ssl-cert-snakeoil.pem'
    $ssl_key    = '/etc/ssl/private/ssl-cert-snakeoil.key'
    $ssl_chain  = undef
    $require    = undef
  }

  include ::apache

  ::apache::vhost { "https-${::custom::profile::apache::vhost_domain}":
    ...
    ssl_cert  => $ssl_cert,
    ssl_key   => $ssl_key,
    ssl_chain => $ssl_chain,
    require   => $require,
  }
}

Answer 1

我在自己的 Vagrant 盒子上采取的一种方法是使用本地的“snakeoil”证书，并在需要时对我的类进行参数化，以便我可以传递不同的证书。

class custom::profile::apache(
  $vhost_domain    = $::fqdn,
  $use_letsencrypt = true,
){

  if $::custom::profile::apache::use_letsencrypt == true {
    $ssl_cert  = "/etc/letsencrypt/live/${::custom::profile::apache::vhost_domain}/cert.pem"
    $ssl_key   = "/etc/letsencrypt/live/${::custom::profile::apache::vhost_domain}/privkey.pem"
    $ssl_chain = "/etc/letsencrypt/live/${::custom::profile::apache::vhost_domain}/chain.pem"
    $require   = Exec["letsencrypt certonly ${::fqdn}"]
  } else {
    $ssl_cert   = '/etc/ssl/certs/ssl-cert-snakeoil.pem'
    $ssl_key    = '/etc/ssl/private/ssl-cert-snakeoil.key'
    $ssl_chain  = undef
    $require    = undef
  }

  include ::apache

  ::apache::vhost { "https-${::custom::profile::apache::vhost_domain}":
    ...
    ssl_cert  => $ssl_cert,
    ssl_key   => $ssl_key,
    ssl_chain => $ssl_chain,
    require   => $require,
  }
}

让我们加密和本地 puppet 开发

答案1

相关内容