From 995f7b13a08f4b78fd782153eb65f8b984aa77f7 Mon Sep 17 00:00:00 2001 From: Tobias Wolter Date: Fri, 13 Apr 2018 00:00:27 +0200 Subject: [PATCH] Perform basic taskserver installation This commit should fulfill following goals: * Set up a taskd (on Debian) * Generate certificates (unless otherwise requested) Existence of a well-defined certificate hash will be enforced. --- data/common.yaml | 6 +++++ data/os/Debian.yaml | 15 +++++++++++ manifests/init.pp | 60 +++++++++++++++++++++++++++++++++++++++++++- templates/config.erb | 11 ++++++++ templates/vars.erb | 7 ++++++ 5 files changed, 98 insertions(+), 1 deletion(-) create mode 100644 data/common.yaml create mode 100644 templates/config.erb create mode 100644 templates/vars.erb diff --git a/data/common.yaml b/data/common.yaml new file mode 100644 index 0000000..f13bd94 --- /dev/null +++ b/data/common.yaml @@ -0,0 +1,6 @@ +--- +service_name: 'taskd' +config_file: '/etc/taskd/config' +pki_vars: + bits: 4096 + expiration_days: 365 diff --git a/data/os/Debian.yaml b/data/os/Debian.yaml index 5b6c7d8..28256ed 100644 --- a/data/os/Debian.yaml +++ b/data/os/Debian.yaml @@ -1,2 +1,17 @@ --- package_name: 'taskd' +pki_base_dir: '/usr/share/taskd/pki' +pki_vars_file: "%{alias('pki_base_dir')}/vars" +config: + pid.file: '/run/taskd.pid' + root: '/var/lib/taskd' +certificate: + client: + cert: "%{alias('pki_base_dir')}/client.cert.pem" + key: "%{alias('pki_base_dir')}/client.key.pem" + server: + cert: "%{alias('pki_base_dir')}/server.cert.pem" + key: "%{alias('pki_base_dir')}/server.key.pem" + crl: "%{alias('pki_base_dir')}/server.crl.pem" + ca: + cert: "%{alias('pki_base_dir')}/ca.cert.pem" diff --git a/manifests/init.pp b/manifests/init.pp index acf1805..fde342d 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,15 +1,73 @@ # taskd # # Installs and configures the taskwarrior taskd server. +# It will generate self-signed certificates in the default configuration. # # @summary Installs and configures the taskwarrior taskd server. # # @example # include taskd class taskd ( - String $package_name + String $package_name, + String $service_name, + String $config_file, + Hash $config, + Struct[{ + bits => Optional[Numeric], + expiration_days => Optional[Numeric], + organization => String[1], + cn => String[1], + country => String[1], + state => String[1], + locality => String[1], + }] $pki_vars, + Struct[{ + client => { + cert => String[1], + key => String[1], + crl => String[1], + }, + server => { + cert => String[1], + key => String[1], + }, + ca => { + cert => String[1], + }, + }] $certificate, + Optional[String] $pki_base_dir, + Optional[String] $pki_vars_file, + Boolean $generate_certificates = true, ) { package { $package_name: ensure => present, } + + service { $service_name: + ensure => running, + enable => true, + require => Package[$::package_name], + } + + # Generate taskserver certificates unless user says otherwise + if $generate_certificates { + # Location for the SSL variable file + file { $pki_vars_file: + ensure => present, + content => template('vars'), + require => Package[$package_name], + } + + exec { 'Generate taskserver certificaties': + command => "${pki_base_dir}/generate", + cwd => $pki_base_dir, + path => [ '/usr/bin', '/usr/sbin', '/bin', '/sbin' ], + creates => $certificate['server']['cert'], + } + } + + file { $config_file: + ensure => present, + content => template('config'), + } } diff --git a/templates/config.erb b/templates/config.erb new file mode 100644 index 0000000..5dd8dfb --- /dev/null +++ b/templates/config.erb @@ -0,0 +1,11 @@ +# Taskserver configuration +# Generated by Puppet + +<% @config.each do |key, value| -%> +<%= key %>=<%= value %> +<% end -%> + +<% ['server', 'client', 'ca'].each do |item| -%> +<% @certificate[item].each do |key, value| -%> +<%= item %>.<%= key %> <%= value %> +<% end -%><% end -%> diff --git a/templates/vars.erb b/templates/vars.erb new file mode 100644 index 0000000..2a19ed1 --- /dev/null +++ b/templates/vars.erb @@ -0,0 +1,7 @@ +BITS=<%= @pki_vars['bits'] %> +EXPIRATION_DAYS=<%= @pki_vars['expiration_days'] %> +ORGANIZATION=<%= @pki_vars['organization'] %> +CN=<%= @pki_vars['cn'] %> +COUNTRY=<%= @pki_vars['country'] %> +STATE=<%= @pki_vars['state'] %> +LOCALITY=<%= @pki_vars['locality'] %>