Define common SSL data and configuration

This is primarily an entry point for platform agnostic SSL data.

To simply mange the directories associated with SSL on a given system, just include the ssl class. This module can also deploy SSL certificates from your master to nodes, including combining them as haproxy and nginx prefer.

To simply manage directories:

include ssl

If you have a module that needs to use these SSL directories, you can simply reference the variables using the full name.

$ssl::ssl_dir

This is useful if you want to deploy certs, or just have a more consistent, repeatable SSL deployment.

To have this module deploy a certificate:

include ssl
ssl::cert {'puppetlabs_wildcard': }

This will copy puppetlabs_wildcard.crt, puppetlabs_wildcard.key, puppetlabs_wildcard_chain.crt, and puppetlabs_wildcard_inter.crt to ssl::params::ssl_certdir.

If you're using haproxy, these certs can be combined into one file:

include ssl
ssl::cert {'puppetlabs_wildcard':
  concat => 'haproxy',
}

More examples are provided in manifests/cert.pp.

This module was using the hiera() functions to do the lookup that has now been replaced with the ssl::params class. Now to support new platforms, you just need extend the ssl::params class. What follows is being deprecated and should no longer be used. PLEASE UPDATE YOUR MANIFESTS.

Hiera is the main place to inject data into this module. To make it work out of the box you'll need to have the following hierarchy, or something equivalent:

----
hierarchy:
  - %{osfamily}

You'll also need the following files:

----
# hiera_dir/Debian.yaml
ssl::params::ssl_path: '/etc/ssl'
ssl::params::ssl_cert_file: %{ssl_path}/certs/ssl-cert-snakeoil.pem
ssl::params::ssl_key_file: %{ssl_path}/private/ssl-cert-snakeoil.key

---
# hiera_dir/RedHat.yaml
ssl::params::ssl_path: '/etc/pki'
ssl::params::ssl_cert_file: %{ssl_path}/tls/certs/localhost.crt
ssl::params::ssl_key_file: %{ssl_path}/tls/private/localhost.key

This will set up the system to use the system's self signed ssl certs.