TLS everywhere: Configure CA for mongodb

author Juan Antonio Osorio Robles <jaosorior@redhat.com>

Fri, 11 Aug 2017 13:07:13 +0000 (16:07 +0300)

committer Juan Antonio Osorio Robles <jaosorior@redhat.com>

Fri, 11 Aug 2017 13:07:13 +0000 (16:07 +0300)
author Juan Antonio Osorio Robles <jaosorior@redhat.com>
Fri, 11 Aug 2017 13:07:13 +0000 (16:07 +0300)
committer Juan Antonio Osorio Robles <jaosorior@redhat.com>
Fri, 11 Aug 2017 13:07:13 +0000 (16:07 +0300)
diff --git a/puppet/services/database/mongodb.yaml b/puppet/services/database/mongodb.yaml

index 04f34e2..dcead0f 100644 (file)
--- a/puppet/services/database/mongodb.yaml
+++ b/puppet/services/database/mongodb.yaml
@@ -47,6 +47,11 @@ parameters:
    EnableInternalTLS:
      type: boolean
      default: false
+  InternalTLSCAFile:
+    default: '/etc/ipa/ca.crt'
+    type: string
+    description: Specifies the default CA cert to use if TLS is used for
+                 services in the internal network.
  
  conditions:
  
@@ -98,6 +103,7 @@ outputs:
                  generate_service_certificates: true
                  mongodb::server::ssl: true
                  mongodb::server::ssl_key: '/etc/pki/tls/certs/mongodb.pem'
+                mongodb::server::ssl_ca: {get_param: InternalTLSCAFile}
                  mongodb_certificate_specs:
                    service_pem: '/etc/pki/tls/certs/mongodb.pem'
                    service_certificate: '/etc/pki/tls/certs/mongodb.crt'
author	Juan Antonio Osorio Robles <jaosorior@redhat.com>
	Fri, 11 Aug 2017 13:07:13 +0000 (16:07 +0300)
committer	Juan Antonio Osorio Robles <jaosorior@redhat.com>
	Fri, 11 Aug 2017 13:07:13 +0000 (16:07 +0300)