I've done some more development on my Puppet module that handles password
integration with Secret Server from Thycotic, and now it handles certificates
as well.
This allows you to have a 'password' define that ensures the password is stored
in SecretServer, and changes it on a regular basis:
password { 'root': maxage=>60; }
password { 'oracle': }
Also now you can manage certificates, and it will install and update them:
ssl::cert { $fqdn: }
ssl::cert { 'foo.company.com': key=>'/usr/local/ssl/foo.key',
crt=>'/usr/local/ssl/foo.crt'; }
The module will retrieve the certificate and key from SecretServer, then
optionally restart Apache after installing them. You can override this
behaviour, or specify a different location for the files than the default of
/etc/httpd/conf.
It can also work from files instead of secretserver if necessary.
This requires SecretServer 7.6 or later (for the certificates) and 7.0 or later
(for passwords). There is also a ruby module (secretserver.rb) that needs to
be installed, as well as Ruby Gems and the 'savon' gem.
I'm working on wrapping the two up into a 'secretserver' module and uploading
to moduleforge.
If anyone would like a copy, let me know.
Steve
Steve Shipway
University of Auckland ITS
UNIX Systems Design Lead
s.ship...@auckland.ac.nz<mailto:s.ship...@auckland.ac.nz>
Ph: +64 9 373 7599 ext 86487
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
