From 9186472845c422afa978094d1b31be8df8e14cf6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Filip=20Str=C3=B6mb=C3=A4ck?= <filip.stromback@liu.se>
Date: Fri, 26 Feb 2021 11:08:05 +0100
Subject: [PATCH] Using SSL for the broker and others.
---
files/broker/broker.service | 2 +-
files/broker/cert/devel_cert.pem | 34 +++++++++++++++++
files/broker/cert/devel_key.pem | 54 +++++++++++++++++++++++++++
files/broker/cert/devel_password | 1 +
files/broker/cert/production_cert.pem | 33 ++++++++++++++++
files/broker/cert/production_key.pem | 54 +++++++++++++++++++++++++++
files/broker/cert/production_password | 1 +
manifests/broker.pp | 40 ++++++++++++++++++++
8 files changed, 218 insertions(+), 1 deletion(-)
create mode 100644 files/broker/cert/devel_cert.pem
create mode 100644 files/broker/cert/devel_key.pem
create mode 100644 files/broker/cert/devel_password
create mode 100644 files/broker/cert/production_cert.pem
create mode 100644 files/broker/cert/production_key.pem
create mode 100644 files/broker/cert/production_password
diff --git a/files/broker/broker.service b/files/broker/broker.service
index c8f80a8..751cec9 100644
--- a/files/broker/broker.service
+++ b/files/broker/broker.service
@@ -6,7 +6,7 @@ After=network.target
Type=simple
User=broker
WorkingDirectory=/srv/broker/
-ExecStart=/srv/broker/bin/broker 31337 localhost 31338
+ExecStart=/srv/broker/bin/broker --ssl ssl/cert.pem ssl/key.pem file:ssl/password 31337 localhost 31338
Restart=on-failure
RestartSec=10
diff --git a/files/broker/cert/devel_cert.pem b/files/broker/cert/devel_cert.pem
new file mode 100644
index 0000000..d29d81e
--- /dev/null
+++ b/files/broker/cert/devel_cert.pem
@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIFzzCCA7egAwIBAgIUUovCzY4lSVRxKYmB4g1oU53OKugwDQYJKoZIhvcNAQEL
+BQAwdzEdMBsGA1UEAwwUYWVzLWRldmVsLmVkdS5saXUuc2UxEDAOBgNVBAsMB1Nh
+Uy9VUFAxIDAeBgNVBAoMF0xpbmvDg8K2cGluZyBVbml2ZXJzaXR5MRUwEwYDVQQH
+DAxMaW5rw4PCtnBpbmcxCzAJBgNVBAYTAlNFMB4XDTIxMDIyNjEwMDUwMloXDTMx
+MDIyNDEwMDUwMlowdzEdMBsGA1UEAwwUYWVzLWRldmVsLmVkdS5saXUuc2UxEDAO
+BgNVBAsMB1NhUy9VUFAxIDAeBgNVBAoMF0xpbmvDg8K2cGluZyBVbml2ZXJzaXR5
+MRUwEwYDVQQHDAxMaW5rw4PCtnBpbmcxCzAJBgNVBAYTAlNFMIICIjANBgkqhkiG
+9w0BAQEFAAOCAg8AMIICCgKCAgEAswRwlpwI6h6wpoJEo7jjTxa99WDMXFkCJhan
+deOoPC7b531ZCCq7Dx6I0CetaC3GkURbLpZX8fYLZTZCsHI9qK2C+30fzGv6i9Vn
+0Z84FRfoRwiIudJa+Cn1hJXC3vViUusCqLbHhjN2buEwGpBXMcGF80cRaiwz7m4Q
+upgZX2Rj1XJVne9calcDw9EKq/N0kd5JW+AS6cpJ66f8brC/5M9TJIPljtCHMUd5
+FJhUP7otQZAL+3sDiZ5OBRIX6rd/JRzGbiDPUF8+Bg5ZOvzRq/e2rkIncdTFGpVM
+YLncTYUgQBc+zp9pmQo6HSK260N4JXiz3fyi44GcBviFfkwLN2OJ+823l3+TlBCq
+ucHZiS558iZbrlaW0quJdq+4zt34595yC66quWUnflv4NIj4nUqJYeppwdG06Ena
+6tdvw10+iv/1TKiT3OgeH8n70weK0tfvAyedOq8MnDk5ZE7CiKSe9pe/o73LGlDB
+PSazOWYmGv+Bo+hCzXGhusf1ybhfZ0u4fLXC7x9SJw9+Du7xEVzewNsNDdP/kf1G
+1wovbhfsvi/uYe9rBDSl3UjP5C1TjyUupBuRXYGM1hUyKKd7b05MVFa+Muckxf6h
+UZavzvrl5xuRvnOFjyTmdCEpoV9tKitKuLm3KS3/ndf5P1KIAJDIiIpj1ACeTXs5
+u+v1h3ECAwEAAaNTMFEwHQYDVR0OBBYEFLd9Gndboy46YZ6xS47UZzLAN+gJMB8G
+A1UdIwQYMBaAFLd9Gndboy46YZ6xS47UZzLAN+gJMA8GA1UdEwEB/wQFMAMBAf8w
+DQYJKoZIhvcNAQELBQADggIBAKW1LvBeX6enapAfKXyJ0Mb5oe8qaFXp06ZLPVWV
+R24I/bPE/MfzL7DjIONuugwaOILKRrHkXnfrB23pgn3ZxD3ZASy5QYNYgs/xfaV8
+fB8xks3cg0oWYXKHqoZHDJuiUJOc6tHysC1YtomJF4fQZ11kfxiy+7fJTSf9MNET
+lZrJ5pIb3/ZYGGz6yjMinRG8lscgVPJiQCh0ItWEMmI3ml+VbzDgUH/9Sh6cSZwf
+tIrnlheRe7i6NN753LcOROCn2cm+WQZTpfAGwXuwDbeEotybG1Zws/fB0EVQt8sK
+04MHbEfp/jCd4emetPCgXqmNd0KHCk8wSoSduppc/qRVWStrf1YdH3UbpyK5nzFN
+op9wWjuRGV5wa7AYuElIlfu771k2EGH/CbHzT2kal4+4PYCz9ADnVAxLUF7VzQNw
+Aieks++Kn+vl9OGa8sx3xwyq4IaTr2GJbBV+nDYpsNli1uk3lSDski0Mskyagdbg
+H/h4/q+eAnEF8lPOTB+Ru8yR7pXcingyWdbAc0jLM4NUv0m+drGFtrKTWaDoFL5A
+E9Q9J66Klt1AU2wCRl9hJdvJ/Hz05q7QdFeq80aUywA3GVmkfwOPQY7Dh9WxUYuq
+NPTzglKI/UYLuCzp1sT2W1QtKyX8Zqrj6LDhq39/iVye0q77hZanjHrsOM7TL7E8
+7u84
+-----END CERTIFICATE-----
diff --git a/files/broker/cert/devel_key.pem b/files/broker/cert/devel_key.pem
new file mode 100644
index 0000000..9d07bd7
--- /dev/null
+++ b/files/broker/cert/devel_key.pem
@@ -0,0 +1,54 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJpDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIdZFHLQGgpdoCAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECOB27pdG2YGEBIIJUFv6rQ32jAF2
+Qz8kcOTz7MB1e//TgL3R44oLEY83uWUtFnvSMsBq3YsPAlNboR/bLj7ijFVUojKS
+0Bm6FTMyramN93cexWNNWJDyLaU8vZEEC230x57/6qf+80AjCxg5BGAl/xTpRgIn
+m6lju5vAGjconb95UnII0BzMmEE/FtGpM5vBg9EAU0/YYTXkDKi3yFa7+hidF54K
+0fOC2CUxVxXiP/pNJbgivvUmt/9Ae7BZuqzXlEj3vTxrAWzXW6GS3fp0rR2YfLgx
+mZYfcEEFvQex+AhtirgpV2U+QK1IUmh7NlFsnJRn1uoxU+r2jYRluQ76t6fypRqi
+Jbycx0zVuKdWm3x9np9dsXUU/ovyFYIwLzaBd0ZTN+clBkHbrfF0UlVupeUngS3p
+2uFW59iYKF+Y1E7X+eCb8okI+ODiDT5xgkU8Mle2F62wA1bugAgK3KQs5JeUI5aW
+KQd5XlKfEAXDJgu6UFx2vV/qm1Qv5aWjgzm7ccRWVto3kdmHSvTZtMF82lhn8eMA
+kG5Yd4ilyHLUJ+A3A+I+weQsUMTU0ZFIUEMwOzT7kmeBJBKiX4dZ+y6QDuebc8OR
+vo/bijgC+eWu/ODMm1PYV7nnsLDrDXueurAPMBot/aDbJpyruuuE2EZ9gdg5z46F
+impegAMZD7xIKJmbdwa1aHJjAk3hdtano8iqQq9QvJiu9ncTBAgGeTdgRUNg3BJI
+uVLkG5C3tGBZ56oUDu8BKZXCKhKAUZ2+ZswDpNjIxW42s3QHlJ9p9UI+QSTF7dyr
+NSh7qOU93dhBeCzUoqkgzWYfh6we2+RxzrWENkVIO76unwsJItU5hhnVFGF7U5dv
+2QojZNHYyhU/D+j+8wJioM8NJwWw2dhQDRi0R5mJZCkoO1iZLM6o7XcSw1Gs/Py7
+EaLR26s69tzxRxbmuCkBtLFKljUF40YyNfAtVlcsml1laf24yhaqYYSIZDJq4jCD
+TbK3wMaP7WD2tXD1lQwDRLZ0ygQsYKl+UzmbmF4iAiUDjSgnkAyyvx0BVAOdY/bd
+6Q8fNIwqHE4VBNyUuEco4ft3wtKuJNDYAMX8JuwYK2MJOya1DOyfE6kFVYjJWvfd
+54mKhyAGQhYQQqC1Shbd4x6Q7ZC+HA9pGH/EcOhtt5oww6zyE6sEJWphJ30Aiko/
+BUCneIeTcI2hzgaffkb5FxrXFfttufsi/URVnPGF9UeV5jwhd0quiFnI51kno0rK
+kEsfyYSf5GM5PieM9Q3/MxTtqD3hiFFh6G3Y6D75WHuNHlRNIxvn1MYDw0krcteK
+9rtY5KTGcKC7n0EVyFKVBgQuaapD1XD70PWUZRhVjaAj4Tv3XYCc34dXmPNOc2eU
+cyF480w4Hant+yecHQx+ddnHiW7MXOZKnZVYqTH7oOUkYOPm1MZhwKLVnINfFIxz
+fp16ZMjMJ24Ni8saXXtaZ68K0y/Rau107aulrRNdck1YZ8jVlwRqGPJPIFgsB303
+MEhRhaT57XEUFoWBwv7pwYjVlMxRwVzvhnj8FOqrQ42QOhvUoYOVdkhjPgDA8g3l
+LlvT4MovtAEHWPg8Iowh+cUru5SXDp7sLy5gMtJ6EacSRYz+xV9FcAJbQ2vtELYF
+AhkjEUJzFTfb9NKrq3nfRObK1wfBAjc+aHI75k49mfmkH81xGQd3YlGP3s91jUCw
+wcA8zmVbU9xX1Tf7hm7Y+EIt6lZCC/ZE1q7iwML/YJH3Y7Vi6+USxulAx7ZXMYuM
+TO/cuiYCdcptJD9iXoAUHNlcgnDtuiZBE9AOJmYgZWAhiQAk7ng/sECjg3u/v7e7
+XfuuaExNPc3pigtCsXDLbODkerLjtABdAS414SK37Ag3h9xcoIyEZVz8rRDWm/U1
+nllTvhawJ+w5zy51R/LibCfalmVdiQslSTBaQ/nFB+lmMdKZoRO85v2DU+sL79rg
+iM4yboM1otjV60dkf2QjiLT6SclAUHM82s/CQZ5nmDLsE5SOJVOI9VeZLBEuclQH
+HojaXp0gZRcBrhjPDqfsY1viFtnvaj3fAEFCp87Z9mysXAvo+m/n1JuNvoOairih
+SxJdzDrL3GkRmPmMszCuPfrDo2Wm8br3piRDRTSFF9Wd/3VQInB5cB6UzMs36qNN
+i9vS7DecOKogJlvKMDN7DZxr16efWWeeVa7+2odWDeEGj/Vmjh3rb+AApSn3uVC+
+YGvmcpY7IJ7iotoA7gzy+E4BwYRT0TgNGQMt0lr6NibM8smfK/BBoTKSKjo7lhvl
+V88+n5IMv3J8IezA+YVd4adYmFfq14ET35pNe6VHv3GGT7eg5Q97LKkkj7IiKQ9y
+rZM5XUhQpSm29hjLsSrscEv62aKMiXOoZr/Ktsrm1O7IW7dCeSB1dFoZbbUZUlmW
+ci0x0pmcLN5tBFD8GEkl0g+cDeqkVXMkV6sFUKRWFuo9golNraUWfswrBUSCfUsW
+I31zRX2MWZvLlDlFalPQ7QD3Rgy+QoiCm5IQMSjmi/vhPKKDjOGYLL+HcV7QKwoN
+JJPRTF8L3Rrcptse1T7Z8+8C4DysQuyMYInb/2/un6C6n0xVXy5eMtrNNtlWIQbp
+Dp/8YV2CPDJOFjZ4EcBLVW4+VpZezXVD9yPFjoW31kpqDJs+sPklYVCyte2tprFG
+5AumR1okzL6BzNwPJ5S8DCvhrkOoVLUSujg9hHLb4BHihRfc9i5bZI9+v2Avnlxv
+oL3bxb8+xwtnSiloO2ZgHZ10cOnRAA4gHy0evMojsLUFsz3W8f3zCXkQNxKLDLZt
+J/SpYx0FAVIxeCXJP7OU13qK49wzWtq+cr4mMwBUyv8eal5BvDiF6p+F6JjHZjgk
+ymP9UDPoDf90f3l69rk9GmBJtzsjdGQVOaER7H7gmQPNeyySRHgCoFuCE4uxpB4M
+EVEWlfez+IHKKQfh0yWE8O+zy+lr7villSLYJSuFMPm5asMqahxEaQOB09V1uUN5
+iEpPu9o5Nv7bgbMKiqHXHFgyQuh6vJ4ZuKMU/GyRRHyfj592r43NZ3OxiTCtI3Ka
+BMk8vDPtTjxnpb1ukPQJIEHRIdPJrMiIC9vUOKmWSMyVtdqULhzNiorMsjtI8cMS
+0xo51Ib5fQKU7meVi7UmZ4oi85eRZVPsX12vauEtALGzqSAvZD+nBuKEskNSNiLF
+I57ZHP1z3jUCX+T7Y3mGVsu0vTZRGePT
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/files/broker/cert/devel_password b/files/broker/cert/devel_password
new file mode 100644
index 0000000..d9d1c8c
--- /dev/null
+++ b/files/broker/cert/devel_password
@@ -0,0 +1 @@
+upp-aes-devel
diff --git a/files/broker/cert/production_cert.pem b/files/broker/cert/production_cert.pem
new file mode 100644
index 0000000..514adc2
--- /dev/null
+++ b/files/broker/cert/production_cert.pem
@@ -0,0 +1,33 @@
+-----BEGIN CERTIFICATE-----
+MIIFwzCCA6ugAwIBAgIUPGonFCe9e5LzywN67bHbIOdPGTowDQYJKoZIhvcNAQEL
+BQAwcTEXMBUGA1UEAwwOYWVzLmVkdS5saXUuc2UxEDAOBgNVBAsMB1NhUy9VUFAx
+IDAeBgNVBAoMF0xpbmvDg8K2cGluZyBVbml2ZXJzaXR5MRUwEwYDVQQHDAxMaW5r
+w4PCtnBpbmcxCzAJBgNVBAYTAlNFMB4XDTIxMDIyNjEwMDUwM1oXDTMxMDIyNDEw
+MDUwM1owcTEXMBUGA1UEAwwOYWVzLmVkdS5saXUuc2UxEDAOBgNVBAsMB1NhUy9V
+UFAxIDAeBgNVBAoMF0xpbmvDg8K2cGluZyBVbml2ZXJzaXR5MRUwEwYDVQQHDAxM
+aW5rw4PCtnBpbmcxCzAJBgNVBAYTAlNFMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
+MIICCgKCAgEAtlErHFreFJsL20J0WoF3unE/AhmQEK7UqMaO2g54fxuYNTPu1B/K
+MS1TiQS/gYmnKXyIRIhdf4gBUqRraqHNH1D07BqZitRNDYMA9AFM7StgjXlsObDc
+ZgsAMHXXD9GR08Mi8FjVCoMweJgJPJ4z5W+hrMntAN/2z/cpdMV+a2CVJra6qvVR
+pQF9GJkToq+e+m0t+t3O1i04IBKmEnHeXaNI+Zf4y0XAiysz8t57JCWxfF5w0HaC
+sOv7o7awU6Z1yTe5fSlJBlkHfAazsgy17Ic+2H9oWdtEzQgOuzNNtke/IKkiXzx0
++CKkf9g0jv9WUxAjK5PwIhu68HGrUiYT8W4IQchl86Kyk+aRJZuIVw/ZNwLPjf6e
+Rngnq/zejv5OII61SfHR1zJlNcBroO0WK3e9ecRd/mXJPLj7Iwo1/5krvHeJ6vZ3
+DB+J2wtGQZAHAnInH/+YzcVK4PpjKjFv20HoaRL72eOmIYQZTaQukunfcrCFLvRZ
+eMUgs+xbKEreENTdaP3lM7eRdR5rnJSECPaHxps2EfsMZ+3OLqARLv42KALbsCC5
+Qx05RwFTjBr11WfJR5h5S5DBj775ebu/pP6ifyYSwMx2y59YYvxHRYdWK7h4KXnq
+rG8hqZ6Esn5bMIqWKRQyvrEIjUV+N76dSuD9GNFLDODMoIVJF6TJLVsCAwEAAaNT
+MFEwHQYDVR0OBBYEFO6lfpOP6ACNfuLAqVAg6PD36fKEMB8GA1UdIwQYMBaAFO6l
+fpOP6ACNfuLAqVAg6PD36fKEMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL
+BQADggIBAFrpmBfBUT7Hp+NRMgMcJPTHdf3JXTYdEaYeZcerVkU6RD+5IsBBgX7f
+WSYBTn7Ru8Njo2P/PyQ4uWYOud4oMI12rcqp94EVQTFU2MaTpCk0OpD+entfMwK8
+B8eEaCrj0zNS2pICYTAEwAQIhJv9B53Ip5HO9Niva4BCbjN8rrCaE6ODUqBWFSnS
+P3UHwcz+kj5vl6cVfUP4JMloKHOjcNmrTVLSBIjXYrANlE++PNAnc9IO8jGv1eZP
+DytvBm5KK4R7FNgP+ykC0LaNvw4zHeL7E+nbTIt2HOfvQnrDtTpaYXuuMg+wqn5l
+yLmyFEtesQj3teiH9i1G7RKtNEr3ShYFsC+nGeVQGCgJ3RUBgwMTN9fLlgeYdKe7
+ZP/Hb15Bw/FnphomWP5usvCKutj+i1dMP+uHVdUtM6BNDGfe8amjhA9Uw397wvfu
+MFjzcey8BW5IhJSSWJzSC+UKeLTtGOAoj2kWr/e8PrzQWBiqi7EbdrGFjfd+VCpT
+Y+8L0sFd+DoEXW0/SdSWWthp1j3OReufpCE+Kgn1pp/ZeEUAO0d56M310EfH5+ej
+9raCY+qtyFjxIDOw1AVgSx1kTtZhi+wyFnqM6zvbKIogyR+tWeBNAoZTILDHh6Z4
+h4+UdJOoBSnNqpL9DHTUgbZJa6swkeorlUsKMJ3IJEmQqqE8gWJD
+-----END CERTIFICATE-----
diff --git a/files/broker/cert/production_key.pem b/files/broker/cert/production_key.pem
new file mode 100644
index 0000000..0b60ade
--- /dev/null
+++ b/files/broker/cert/production_key.pem
@@ -0,0 +1,54 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQI0F2iqTcGrykCAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECAgfrAxtR0Z5BIIJSF+E0NBKi4hg
+vwIzr/aGQ88utJ0VQe0g7LcdQAngEOJNNWxT7GDgf9t/VXhPhmNBDmWkfWD+uqku
+HQy9/Ys77HsxaOitN/NVYO4bmlTuMHERmVzvLJXMmLNMrkd9+MBcklWsXxPWnoGH
+8Yrcf23vaE9KAbTMl5+OFgRI1592b08Z8pQVw65N9xSPH8FgzSb/87kpmiAzG6Dc
+zv6Vkz+DYN3pfXhsL7HLhVB0/VZbTLy8on9dCnsK7ExsyOLo4GrGH9CXMVu/TKhZ
+39REnkFN+BrUVgUEJeeEJlKU/7tHRSBiXUQcHHI8tIUY8S6V/0WNBq0vxJX/DCRu
+L4XYeSaVIjiq6cahNE7LGxJ4XP6wEPcvlzaqab/tOIpC6Q2Aaxu5zEa06DvJqiSI
+CCqiW6rDtrcRkyuJhYL2bb0hULywnRAWmRPwcyHHYqM/ltpODV8Wb+CU55Zi2Up5
+T+Yl2dVE75Gino1kXGzKCgoFHREOxYBiH6jrRCSBd2eY9L6Z2iH/gZXBDqy2O/TL
+ReGawEoBfaETWs5m8cIrRH3RZmEbF4lkH4AikekUoF9bCKvdDSurYanX/V0P2uVj
+cKnTDrTvnJCUxreqOO2fwUksbaL8ZQmuHvibQAHqCTEVNyAM/C3+H5M1hCWWJaD3
+hbL1afPeX1wm9hKkcDQZkKFrOrF1oiEuaku5/+UmA8Ha2uVMFgWXco/qVISWyRPv
+XmngamOAlPc6e5fzzHcBTchMjb7Fgb/n6t6T4nghkehx7MJRx4y8iBYu3qsCYxGH
+MXtrZtj/hxcMfk954CWsj9XA+sK70M3qug3RzsTZfviy5CFf3WtAMK8cT82avwF9
+b9YZRNwNgnEdkQ1OIFzEji48vTiTzKxrXGWs/8WoQBbmlF6civ1OnABW1phH/n+W
+3N4OPT2ZVxebsV7nhqPQHkhRuRqJEKA/9ziFuA9jI1OrFZMKr9/4wf+0WWwL1BiO
+Xo8hLp78eMsuk6yqGu4l0q3aaLQdbdAK3IVQA34J8fILAGZdNyO6Anjsp2VkKOus
+9EDXOVSStCXAayVLZqATcunB/EAQCxk5hT5KJuexRFVj76RnODynxqlsM44GT0j7
+MoF66eZ3Uiyoq6V/02l5wHWQOp42PhLIs5QJTKGkvq0nZLEHO7pUxCL2fPoLX8t9
+Z3aZrXnV90XQRA/70T9hWKNJEOZWnLWVe+CeYVfrLVXsT4RMJN6A/MgSbXden2As
+vu0jx9I6r8NIkBHFwhz28GHO1O8k6LP8oX+kzDBstx8zQcp/bJHwnSePVGJDHWUu
+S8GtxG4KZUjOYleOjnJMnoiK1OQuOyx/6Vmgr7cjXcbXu5l1J5ORRFCBx+7Efy5/
+Bh4Bin+Hyqg7uoPeyQt71UbChYqKBVRkkQEjzE/Ql7Qz8gqAYCFE4cb4t28Lmj+1
+zNQeAVU8TUbnVi7prlcEv5oKolqj1XrfOlXdurH7iTTmPhnoPtwrg+8BXJkAAgfc
+mxj3F86GFzdlWT6nzF2jBatBnq4RBtwqlf11ph8OJBP5TCCCXGMdkdxfJxdmsjgu
+I4WDikGd1dycamXaPiDKWZmPRl5mGTzrVsYLgFQjC0cxOpds1MKzYv6x8HyjpjC0
+Ljd2nMQD5C/hr7frEqgHno+OmqWw0mohSNmx3QVHcBsXyFPvqWAEl545+O7o6GRa
+oqo3WTxTGtlYSqRnYAafNnOkDyZ3g5skWxxrTU2pYZF2goiyLPGlO3hg+sTbUNYI
+hQjKmaoY7538BkLdZ+yU67T5kp5CnuqL8VZegkSuGQycEGneHdn0qKBCBnTjULIn
+m82iLF7Fhnd9c2cV7ZQ7xOuIxYoV0S5FCbGlcQP00nQf4LADmbrJme12O/avCDiQ
+NLUc3UN2WmSjbZ3ftz0i9Y5BJawIT/kkroHcJd65UJYMaTJ9h8wAaT4giSZo+XFv
+Porx0YXQbRkiWSuKLuzTuxTwgEpL+HP+XskTD/Pq61i7B/WwynWWsp2fac4Hfpn4
+s96wHFHUSqIpVn0tLb49xEK1oGvcpXho4WMzGx6YEacCv146eKWEagsHlh6ZlTOm
+18X/DGSgY5kJUc50H5z1wCYBiOS0D2y8fqIssknDhW2QuYVwepnm373EDzJtHOxK
+JAzwCgWdNX/tSFz3ttDVF4OV7RW0wbvldzZgurjZ6osT7VQc2aYKHfJm51x57h9o
+tOStaPVeXVP8ndR4dbLN0bGtaZnQ7ysQ0U6j9xwPu+wsJIKmwwRWONWD/zYb1BTP
+grmL7a/5dXeXa7dDdZVWHWXB9wA26mMAL45CzkkmWlN7juArkDVRHZ7oPOPRasEy
+pGI/CBFWFWVeaBWBNgWErr10YgkrYp/1lIwFCZaJ83Xc65Vr8baYtCI74YQ/bv1W
+akEH6ySMfUUJLAByK7Q0JjVg7v2IIzBdrn8YvuTICLgTKFg9i9rx4T9ZEXJhAXfk
+wMDHkVsn/dUx253besMV0OAp3B6qElXBUPvPqSPVdYbiUW4I9SBwDKZFYSuwhZ1d
+PGMqEDDi2uKyRtA6dk6XxFIsPEEDL7iT2Cxbwa9kCbxnA70yMo/ymgxXVAXhXHRZ
+RNFDvs8qzLQTgVESt0oTOG047g7aQTUQSkL+JI3CRTKix+CsIqoSg7Xr0X0vL806
+uv96OsIgBeH9X3xaSHfkzBqgERuO9msDvGMFp75bhhkfE3SDCwP11FiUMs277jDG
+RfrLje2S5GSa6DWeVk6j/scSUOkSThTTooH1q6uAKbtT1SM/nG5Y2xqd3ZHlUMiX
+KeKZqAIEiSeNIbnyzjLXz08UC3vHCdii5IVIISHNWPkRNgf6NgmtwB/4yH6wHczR
+89O4ZyNfEHuhGzO2FGAMPrzAa+UrjsClct1MmPXQnvi2pOtX95uA0gJ8YgxKGULE
+F3vIQcMwthqA2J9r1n9XH+eAmliUhAwhQ/cK9fCUvEOUGGvlZE0BcP20brV7dalH
+kLXTmkHnTKMrAEq2I5q/Mp3ItxP2ma21i+z1B3T4cModTrH1yWVCqcU9mn2iEvf2
+ZI0nHsV7ovrzlG4Sp1MxQmL0aQqnFpCuts68U3wb2QvA8fmrZL0KtpkHPBa3z25l
+4gx3iPK4NDgrv3oUlHZ6eHtxv6qL++nWgKzH4DJ/BjdvyELYDS2tYhTuOafb5Jtr
+QAbRP+JcUVzO6VU7h9DDzQ==
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/files/broker/cert/production_password b/files/broker/cert/production_password
new file mode 100644
index 0000000..cc0c88b
--- /dev/null
+++ b/files/broker/cert/production_password
@@ -0,0 +1 @@
+upp-aes-production
diff --git a/manifests/broker.pp b/manifests/broker.pp
index 15fbfd0..381fc4e 100644
--- a/manifests/broker.pp
+++ b/manifests/broker.pp
@@ -15,6 +15,15 @@ class aes::broker {
ensure => installed,
}
+ # Figure out which certificate to use based on the hostname.
+ if $facts[fqdn] == 'aes.edu.liu.se' {
+ $key_prefix = "production"
+ } elsif $facts[fqdn] == 'aes-devel.edu.liu.se' {
+ $key_prefix = "devel"
+ } else {
+ $key_prefix = undef
+ }
+
user { "${broker_user}" :
ensure => present,
home => "${broker_home}",
@@ -48,6 +57,37 @@ class aes::broker {
source => "puppet:///modules/${module_name}/broker/on_update.sh",
}
+ file { "${broker_home}/ssl" :
+ ensure => directory,
+ owner => "${broker_user}",
+ group => "${broker_group}",
+ mode => '0700'
+ }
+
+ file { "${broker_home}/ssl/cert.pem" :
+ ensure => present,
+ owner => "${broker_user}",
+ group => "${broker_group}",
+ mode => '0700',
+ source => "puppet:///modules/${module_name}/broker/cert/${key_prefix}_cert.pem"
+ }
+
+ file { "${broker_home}/ssl/key.pem" :
+ ensure => present,
+ owner => "${broker_user}",
+ group => "${broker_group}",
+ mode => '0700',
+ source => "puppet:///modules/${module_name}/broker/cert/${key_prefix}_key.pem"
+ }
+
+ file { "${broker_home}/ssl/password" :
+ ensure => present,
+ owner => "${broker_user}",
+ group => "${broker_group}",
+ mode => '0700',
+ source => "puppet:///modules/${module_name}/broker/cert/${key_prefix}_password"
+ }
+
exec { 'update-broker-repo' :
command => "/opt/utils/update_repo.sh ${broker_home}/src https://oauth2:F-agHaRXCdyFy38q4c-N@gitlab.liu.se/upp-aes/communication.git production",
environment => [ "REPO_USER=${broker_user}", "REPO_GROUP=${broker_group}", "REPO_ON_UPDATE=${broker_home}/on_update.sh" ],
--
GitLab