GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → puppetlabs → puppetlabs-java_ks

puppetlabs / puppetlabs-java_ks

Licence: Apache-2.0 license
Uses a combination of keytool and openssl to manage entries in a Java keystore

Programming Languages

ruby
36898 projects - #4 most used programming language

Labels

modulehacktoberfestsupported

Projects that are alternatives of or similar to puppetlabs-java ks

puppetlabs-acl
ACL (Access Control List) module
Stars: ✭ 20 (-41.18%)
Mutual labels:  module, supported
puppetlabs-apt
Puppet module to help manage Apt
Stars: ✭ 215 (+532.35%)
Mutual labels:  module, supported
puppetlabs-puppet agent
Module for managing Puppet-Agent
Stars: ✭ 39 (+14.71%)
Mutual labels:  module, supported
puppetlabs-docker
The Puppet Docker repository
Stars: ✭ 78 (+129.41%)
Mutual labels:  module, supported
puppetlabs-vcsrepo
Support for source control repositories
Stars: ✭ 228 (+570.59%)
Mutual labels:  module, supported
OregonCore-Modules
Modules made for Oregoncore
Stars: ✭ 18 (-47.06%)
Mutual labels:  module
react-watermark-module
React水印组件,支持图片水印,文字水印。
Stars: ✭ 31 (-8.82%)
Mutual labels:  module
ScsmPx
System Center Service Manager PowerShell Extensions
Stars: ✭ 30 (-11.76%)
Mutual labels:  module
Instant-Face-Unlock
Xposed Module's InstantFaceUnlock Code
Stars: ✭ 23 (-32.35%)
Mutual labels:  module
SelectTransform
This project is based upon https://github.com/SelectTransform/st.js but differs in implementation, functionality and robustness.
Stars: ✭ 17 (-50%)
Mutual labels:  module
ui patterns
[NOTE] Development has moved to https://drupal.org/project/ui_patterns
Stars: ✭ 87 (+155.88%)
Mutual labels:  module
Thread
type safe multi-threading made easier
Stars: ✭ 34 (+0%)
Mutual labels:  module
nrf24
nrf24l01 linux device driver
Stars: ✭ 20 (-41.18%)
Mutual labels:  module
ark.db
Small and fast JSON database for Node and browser. 😋
Stars: ✭ 65 (+91.18%)
Mutual labels:  module
yii2-queue-monitor
Yii2 Queue Analytics Module
Stars: ✭ 99 (+191.18%)
Mutual labels:  module
nuxt-brotli
Nuxt.js module which compresses assets with Brotli compression algorithm using `iltorb` library for serving it with `ngx_brotli`
Stars: ✭ 19 (-44.12%)
Mutual labels:  module
modjpeg-nginx
NGINX filter module for adding overlays and logos to JPEGs on-the-fly without degrading the quality of the image.
Stars: ✭ 18 (-47.06%)
Mutual labels:  module
ReDe
A Redis dehydrator module
Stars: ✭ 63 (+85.29%)
Mutual labels:  module
puppetlabs-dism
No description or website provided.
Stars: ✭ 19 (-44.12%)
Mutual labels:  module
ProtocolServiceKit
iOS组件通信中间件(Protocol Service),Adapter Swift/Objective-C
Stars: ✭ 139 (+308.82%)
Mutual labels:  module
View All Similar Projects ➔

java_ks

Build Status

Table of Contents

  1. Overview
  2. Module Description
  3. Setup
  4. Usage
  5. Reference
  6. Limitations
  7. Development

Overview

The java_ks module uses a combination of keytool and openssl to manage entries in a Java keystore.

Module Description

The java_ks module contains a type called java_ks and a single provider named keytool. Their purpose is to enable importation of arbitrary, already generated and signed certificates into a Java keystore for use by various applications.

Setup

Beginning with the module

To get started with java_ks, declare each java_ks resource you need.

java_ks { 'puppetca:truststore':
  ensure       => latest,
  certificate  => '/etc/puppet/ssl/certs/ca.pem',
  target       => '/etc/activemq/broker.ts',
  password     => 'puppet',
  trustcacerts => true,
}

Usage

You must specify a target in some way. You can specify target after the colon in the title or by using the target attribute in the resource. If you declare both, it will prefer the attribute.

java_ks { 'puppetca:keystore':
  ensure       => latest,
  certificate  => '/etc/puppet/ssl/certs/ca.pem',
  target       => '/etc/activemq/broker.ks',
  password     => 'puppet',
  trustcacerts => true,
}

java_ks { 'broker.example.com:/etc/activemq/broker.ks':
  ensure              => latest,
  certificate         => '/etc/puppet/ssl/certs/broker.example.com.pe-internal-broker.pem',
  private_key         => '/etc/puppet/ssl/private_keys/broker.example.com.pe-internal-broker.pem',
  password            => 'albatros',
  password_fail_reset => true,
}

For use cases where you want to fetch the certificate data from a secure store, like vault, you can use the _content attributes. Here is an example:

java_ks { 'broker.example.com:/etc/activemq/broker.ks':
  ensure              => latest,
  certificate_content => $certificate_data_fetched_from_secure_store,
  private_key_content => $private_key_data_fetched_from_secure_store
  password            => 'albatros',
  password_fail_reset => true,
}

We recommend using the data type Senstive for the attributes certificate_content and private_key_content. But These attributes also support a regular String data type. The _content attributes are mutual exclusive with their file-based variants.

You can also use Hiera by passing params to the java_ks::config class:

java_ks::config::params:
  'broker.example.com:/etc/activemq/broker.ks':
    ensure: latest
    certificate: '/etc/puppet/ssl/certs/broker.example.com.pe-internal-broker.pem'
    private_key: '/etc/puppet/ssl/private_keys/broker.example.com.pe-internal-broker.pem'
    password: true

Certificates

To have a Java application server use a specific certificate for incoming connections, use the certificate parameter. You will need to simultaneously import the private key accompanying the signed certificate you want to use. As long as you provide the path to the key and the certificate, the provider will do the conversion for you.

Namevars

The java_ks module supports multiple certificates with different keystores but the same alias by implementing Puppet's composite namevar functionality. Titles map to namevars via $alias:$target (alias of certificate, colon, on-disk path to the keystore). If you create dependencies on these resources you need to remember to use the same title syntax outlined for generating the composite namevars.

Note about composite namevars: The way composite namevars currently work, you must have the colon in the title. This is true even if you define name and target parameters. The title can be foo:bar, but the name and target parameters must be broker.example.com and /etc/activemq/broker.ks. If you follow convention, it will do as you expect and correctly create an entry in the broker.ks keystore with the alias of broker.example.com.

Reference

For information on the classes and types, see the REFERENCE.md.

Limitations

The java_ks module uses the keytool and openssl commands. It should work on all systems with these commands.

Java 7 is supported as of 1.0.0.

Developed against IBM Java 6 on AIX. Other versions may be unsupported.

For an extensive list of supported operating systems, see metadata.json

Development

Puppet modules on the Puppet Forge are open projects, and community contributions are essential for keeping them great. We can’t access the huge number of platforms and myriad hardware, software, and deployment configurations that Puppet is intended to serve.

We want to keep it as easy as possible to contribute changes so that our modules work in your environment. There are a few guidelines that we need contributors to follow so that we can have a chance of keeping on top of things. For more information, see our module contribution guide.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].