diff options
Diffstat (limited to 'code/environments/production/modules/ca_extend/REFERENCE.md')
| -rw-r--r-- | code/environments/production/modules/ca_extend/REFERENCE.md | 188 |
1 files changed, 0 insertions, 188 deletions
diff --git a/code/environments/production/modules/ca_extend/REFERENCE.md b/code/environments/production/modules/ca_extend/REFERENCE.md deleted file mode 100644 index 2657a3d..0000000 --- a/code/environments/production/modules/ca_extend/REFERENCE.md +++ /dev/null @@ -1,188 +0,0 @@ -# Reference - -<!-- DO NOT EDIT: This document was generated by Puppet Strings --> - -## Table of Contents - -### Tasks - -* [`check_agent_expiry`](#check_agent_expiry): Check the expiration date of all agent certificates -* [`check_ca_expiry`](#check_ca_expiry): Check the expiration date of a CA certificate -* [`check_primary_cert`](#check_primary_cert): Check the expiration date of the primary server cert -* [`configure_primary`](#configure_primary): Backup ssldir and copy newly generated CA certificate -* [`extend_ca_cert`](#extend_ca_cert): Extend CA certificate expiry date - -### Plans - -* [`ca_extend::extend_ca_cert`](#ca_extendextend_ca_cert): Plan that extends the Puppet CA certificate and configures the primary Puppet server -and Compilers to use the extended certificate. -* [`ca_extend::get_agent_facts`](#ca_extendget_agent_facts): A plan to work around BOLT-1168 so that one agent failing in apply_prep won't cause the whole plan to fail. -* [`ca_extend::upload_ca_cert`](#ca_extendupload_ca_cert): A plan to upload a given CA certificate to a number of Puppet agent nodes - -## Tasks - -### <a name="check_agent_expiry"></a>`check_agent_expiry` - -Check the expiration date of all agent certificates - -**Supports noop?** false - -#### Parameters - -##### `date` - -Data type: `Optional[String[1]]` - -YYYY-MM-DD date to test whether the certificates will expire by. Defaults to three months from today - -### <a name="check_ca_expiry"></a>`check_ca_expiry` - -Check the expiration date of a CA certificate - -**Supports noop?** false - -#### Parameters - -##### `cert` - -Data type: `Optional[String[1]]` - -Location of the CA certificate to check. Defaults to Puppet's default location - -##### `date` - -Data type: `Optional[String[1]]` - -YYYY-MM-DD date to test whether the certificate will expire by. Defaults to three months from today - -### <a name="check_primary_cert"></a>`check_primary_cert` - -Check the expiration date of the primary server cert - -**Supports noop?** false - -### <a name="configure_primary"></a>`configure_primary` - -Backup ssldir and copy newly generated CA certificate - -**Supports noop?** false - -#### Parameters - -##### `new_cert` - -Data type: `String` - -Location of the newly generated CA certificate - -##### `regen_primary_cert` - -Data type: `Boolean` - -Flag to regerate the primary server's certificate. Set to true to perform the regeneration - -### <a name="extend_ca_cert"></a>`extend_ca_cert` - -Extend CA certificate expiry date - -**Supports noop?** false - -## Plans - -### <a name="ca_extendextend_ca_cert"></a>`ca_extend::extend_ca_cert` - -Plan that extends the Puppet CA certificate and configures the primary Puppet server -and Compilers to use the extended certificate. - -#### Examples - -##### Extend the CA cert and regenerate the primary agent cert locally on the primary Puppet server - -```puppet -bolt plan run ca_extend::extend_ca_cert regen_primary_cert=true --targets local://$(hostname -f) --run-as root -``` - -##### Extend the CA cert by running the plan remotely - -```puppet -bolt plan run ca_extend::extend_ca_cert --targets <primary_fqdn> --run-as root -``` - -#### Parameters - -The following parameters are available in the `ca_extend::extend_ca_cert` plan: - -* [`targets`](#targets) -* [`compilers`](#compilers) -* [`ssldir`](#ssldir) -* [`regen_primary_cert`](#regen_primary_cert) - -##### <a name="targets"></a>`targets` - -Data type: `TargetSpec` - -The target node on which to run the plan. Should be the primary Puppet server - -##### <a name="compilers"></a>`compilers` - -Data type: `Optional[TargetSpec]` - -Optional comma separated list of compilers to upload the certificate to - -Default value: ``undef`` - -##### <a name="ssldir"></a>`ssldir` - -Data type: `Any` - -Location of the ssldir on disk - -Default value: `'/etc/puppetlabs/puppet/ssl'` - -##### <a name="regen_primary_cert"></a>`regen_primary_cert` - -Data type: `Any` - -Whether to also regenerate the agent certificate of the primary Puppet server - -Default value: ``false`` - -### <a name="ca_extendget_agent_facts"></a>`ca_extend::get_agent_facts` - -A plan to work around BOLT-1168 so that one agent failing in apply_prep won't cause the whole plan to fail. - -#### Parameters - -The following parameters are available in the `ca_extend::get_agent_facts` plan: - -* [`nodes`](#nodes) - -##### <a name="nodes"></a>`nodes` - -Data type: `TargetSpec` - -The targets to run apply_prep on - -### <a name="ca_extendupload_ca_cert"></a>`ca_extend::upload_ca_cert` - -A plan to upload a given CA certificate to a number of Puppet agent nodes - -#### Parameters - -The following parameters are available in the `ca_extend::upload_ca_cert` plan: - -* [`nodes`](#nodes) -* [`cert`](#cert) - -##### <a name="nodes"></a>`nodes` - -Data type: `TargetSpec` - -The targets to upload the certificate to - -##### <a name="cert"></a>`cert` - -Data type: `String` - -The location of the CA certificate on disk of the local machine - |