OP#232 add file control for tla

2025-12-08 16:30:44 +01:00
parent 5251a0868d
commit ba94323c8d
6 changed files with 64 additions and 0 deletions
--- a/manifests/puppetdb/files.pp
+++ b/manifests/puppetdb/files.pp
@@ -127,5 +127,47 @@ class puppet_cd::puppetdb::files (
      content  => template($pt_repl_ini_erb),
      notify   => Service[$pt_db_service],
    }
+    if $pt_enable_tls == true {
+      # create tls certs
+      ## ca.crt
+      file { $pt_ca_crt_file:
+        ensure   => file,
+        owner    => 'puppetdb',
+        group    => 'puppetdb',
+        mode     => '0440',
+        selrange => s0,
+        selrole  => object_r,
+        seltype  => puppet_etc_t,
+        seluser  => system_u,
+        content  => template($pt_ca_crt_erb),
+        notify   => Service[$pt_db_service],
+      }
+      ## server.crt
+      file { $pt_server_crt_file:
+        ensure   => file,
+        owner    => 'puppetdb',
+        group    => 'puppetdb',
+        mode     => '0440',
+        selrange => s0,
+        selrole  => object_r,
+        seltype  => puppet_etc_t,
+        seluser  => system_u,
+        content  => template($pt_server_crt_erb),
+        notify   => Service[$pt_db_service],
+      }
+      ## server.key
+      file { $pt_server_key_file:
+        ensure   => file,
+        owner    => 'puppetdb',
+        group    => 'puppetdb',
+        mode     => '0440',
+        selrange => s0,
+        selrole  => object_r,
+        seltype  => puppet_etc_t,
+        seluser  => system_u,
+        content  => template($pt_server_key_erb),
+        notify   => Service[$pt_db_service],
+      }
+    }
  }
 }