From 7cc1cd689819df5a9a07aaf08e8278f8b3384839 Mon Sep 17 00:00:00 2001 From: Mike Gabriel Date: Tue, 8 Feb 2022 11:59:32 +0100 Subject: Revert "code/environments/production/modules: Add ca_extend module instead." This reverts commit eff99e3e61f4e216b055a805002f5ece8567a915. --- .../production/modules/ca_extend/REFERENCE.md | 188 --------------------- 1 file changed, 188 deletions(-) delete mode 100644 code/environments/production/modules/ca_extend/REFERENCE.md (limited to 'code/environments/production/modules/ca_extend/REFERENCE.md') diff --git a/code/environments/production/modules/ca_extend/REFERENCE.md b/code/environments/production/modules/ca_extend/REFERENCE.md deleted file mode 100644 index 2657a3d..0000000 --- a/code/environments/production/modules/ca_extend/REFERENCE.md +++ /dev/null @@ -1,188 +0,0 @@ -# Reference - - - -## Table of Contents - -### Tasks - -* [`check_agent_expiry`](#check_agent_expiry): Check the expiration date of all agent certificates -* [`check_ca_expiry`](#check_ca_expiry): Check the expiration date of a CA certificate -* [`check_primary_cert`](#check_primary_cert): Check the expiration date of the primary server cert -* [`configure_primary`](#configure_primary): Backup ssldir and copy newly generated CA certificate -* [`extend_ca_cert`](#extend_ca_cert): Extend CA certificate expiry date - -### Plans - -* [`ca_extend::extend_ca_cert`](#ca_extendextend_ca_cert): Plan that extends the Puppet CA certificate and configures the primary Puppet server -and Compilers to use the extended certificate. -* [`ca_extend::get_agent_facts`](#ca_extendget_agent_facts): A plan to work around BOLT-1168 so that one agent failing in apply_prep won't cause the whole plan to fail. -* [`ca_extend::upload_ca_cert`](#ca_extendupload_ca_cert): A plan to upload a given CA certificate to a number of Puppet agent nodes - -## Tasks - -### `check_agent_expiry` - -Check the expiration date of all agent certificates - -**Supports noop?** false - -#### Parameters - -##### `date` - -Data type: `Optional[String[1]]` - -YYYY-MM-DD date to test whether the certificates will expire by. Defaults to three months from today - -### `check_ca_expiry` - -Check the expiration date of a CA certificate - -**Supports noop?** false - -#### Parameters - -##### `cert` - -Data type: `Optional[String[1]]` - -Location of the CA certificate to check. Defaults to Puppet's default location - -##### `date` - -Data type: `Optional[String[1]]` - -YYYY-MM-DD date to test whether the certificate will expire by. Defaults to three months from today - -### `check_primary_cert` - -Check the expiration date of the primary server cert - -**Supports noop?** false - -### `configure_primary` - -Backup ssldir and copy newly generated CA certificate - -**Supports noop?** false - -#### Parameters - -##### `new_cert` - -Data type: `String` - -Location of the newly generated CA certificate - -##### `regen_primary_cert` - -Data type: `Boolean` - -Flag to regerate the primary server's certificate. Set to true to perform the regeneration - -### `extend_ca_cert` - -Extend CA certificate expiry date - -**Supports noop?** false - -## Plans - -### `ca_extend::extend_ca_cert` - -Plan that extends the Puppet CA certificate and configures the primary Puppet server -and Compilers to use the extended certificate. - -#### Examples - -##### Extend the CA cert and regenerate the primary agent cert locally on the primary Puppet server - -```puppet -bolt plan run ca_extend::extend_ca_cert regen_primary_cert=true --targets local://$(hostname -f) --run-as root -``` - -##### Extend the CA cert by running the plan remotely - -```puppet -bolt plan run ca_extend::extend_ca_cert --targets --run-as root -``` - -#### Parameters - -The following parameters are available in the `ca_extend::extend_ca_cert` plan: - -* [`targets`](#targets) -* [`compilers`](#compilers) -* [`ssldir`](#ssldir) -* [`regen_primary_cert`](#regen_primary_cert) - -##### `targets` - -Data type: `TargetSpec` - -The target node on which to run the plan. Should be the primary Puppet server - -##### `compilers` - -Data type: `Optional[TargetSpec]` - -Optional comma separated list of compilers to upload the certificate to - -Default value: ``undef`` - -##### `ssldir` - -Data type: `Any` - -Location of the ssldir on disk - -Default value: `'/etc/puppetlabs/puppet/ssl'` - -##### `regen_primary_cert` - -Data type: `Any` - -Whether to also regenerate the agent certificate of the primary Puppet server - -Default value: ``false`` - -### `ca_extend::get_agent_facts` - -A plan to work around BOLT-1168 so that one agent failing in apply_prep won't cause the whole plan to fail. - -#### Parameters - -The following parameters are available in the `ca_extend::get_agent_facts` plan: - -* [`nodes`](#nodes) - -##### `nodes` - -Data type: `TargetSpec` - -The targets to run apply_prep on - -### `ca_extend::upload_ca_cert` - -A plan to upload a given CA certificate to a number of Puppet agent nodes - -#### Parameters - -The following parameters are available in the `ca_extend::upload_ca_cert` plan: - -* [`nodes`](#nodes) -* [`cert`](#cert) - -##### `nodes` - -Data type: `TargetSpec` - -The targets to upload the certificate to - -##### `cert` - -Data type: `String` - -The location of the CA certificate on disk of the local machine - -- cgit v1.2.3