Hi,
I'm currently trying to write a module to manage Squid, including the
SSL certificates it uses. Sometimes you want Squid to listen on
multiple IPs with multiple certificates, so I'm trying to get Puppet
to push the certificates to the nodes and configure Squid accordingly.
I've run into a problem with the idea of pushing multiple certificates
though. The module has a definition called squid::config, which is
called in each node manifest if you need to override certain settings
on the node. For example, if a node needed Squid to use two
certificates, you would put this in the manifest:
squid::config { "www.example.com":
certificatename => ['www.example.com','www.example2.com']
}
Now, I've got the config file management working fine, but getting it
to push the certificates and private keys is a pain. Essentially I
need Puppet to iterate over the keys in the array as part of a file
resource, like this:
file { "/etc/squid/keys/$certificatename.crt":
ensure => present,
source => "puppet:///modules/squid/certificates/$certificatename.crt"
}
file { "/etc/squid/keys/$certificatename.key.pem":
ensure => present,
source => "puppet:///modules/squid/certificates/
$certificatename.key.pem"
}
It would then grab the .crt files from the /certificates directory and
put them on the node. If I was writing this in Bash, I'd just use a
for loop, but that isn't an option with Puppet as far as I can see...
I've tried a number of different things, but I keep on hitting a brick
wall, to the point that I think I'm just approaching this in entirely
the wrong way. If anyone could give me some advice on how to proceed
it would be much appreciated.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
