mq certificate file
Overview
Extracts individual certificates from a certificate key database.
Depending on the value f the type parameter, different actions will be done.
- When the type is either
asciiofbinarya certificate file will be created - When the type is one of:
cms,kdb,pkcs12,p12,pkcs7,pema certificate database of the specified type will be created and the certificate with the specified label will be added to it.
Here is an example on how you can use this:
mq_certificate_file {'/var/mqm/keys/my_label_1.p12':
ensure => 'present',
ource_type => 'p12',
key_db => '/var/mqm/keys/test_db_1.kdb',
label => 'my_label_1',
type => 'p12',
password => 'verysecret',
target_password => 'verysecret',
}
Attributes
| Attribute Name | Short Description |
|---|---|
| db_type | The type of key database. |
| disable_corrective_change | Disable the modification of a resource when Puppet® decides it is a corrective change. |
| disable_corrective_ensure | Disable the creation or removal of a resource when Puppet® decides is a corrective change. |
| ensure | The basic property that the resource should be in. |
| key_db | The name of the key database. |
| label | |
| name | |
| password | The certificate database password. |
| provider | resource. |
| target_password | The password to put on the certificate file. |
| type | The type of certificate file to create. |
db_type
The type of key database.
This is a puppet parameter and not a managed property. Therefor it is only used during creation of the resource. Changes to this parameter in your manifest, do NOT result in modifications on the system.
Valid values are cms, jceks, jks, kdb, p12, pkcs12, pkcs12s2.
Back to overview of mq_certificate_file
disable_corrective_change
Disable the modification of a resource when Puppet® decides it is a corrective change.
(requires easy_type V2.11.0 or higher)
When using a Puppet® Server, Puppet® knows about adaptive and corrective changes. A corrective change is when Puppet® notices that the resource has changed, but the catalog has not changed. This can occur for example, when a user, by accident or willingly, changed something on the system that Puppet® is managing. The normal Puppet® process then repairs this and puts the resource back in the state as defined in the catalog. This process is precisely what you want most of the time, but not always. This can sometimes also occur when a hardware or network error occurs. Then Puppet® cannot correctly determine the current state of the system and thinks the resource is changed, while in fact, it is not. Letting Puppet recreate remove or change the resource in these cases, is NOT wat you want.
Using the disable_corrective_change parameter, you can disable corrective changes on the current resource.
Here is an example of this:
crucial_resource {'be_carefull':
...
disable_corrective_change => true,
...
}
When a corrective ensure does happen on the resource Puppet® will not modify the resource and signal an error:
Error: Corrective change present requested by catalog, but disabled by parameter disable_corrective_change
Error: /Stage[main]/Main/Crucial_resource[be_carefull]/parameter: change from '10' to '20' failed: Corrective change present requested by catalog, but disabled by parameter disable_corrective_change. (corrective)
Back to overview of mq_certificate_file
disable_corrective_ensure
Disable the creation or removal of a resource when Puppet® decides is a corrective change.
(requires easy_type V2.11.0 or higher)
When using a Puppet® Server, Puppet® knows about adaptive and corrective changes. A corrective change is when Puppet® notices that the resource has changed, but the catalog has not changed. This can occur for example, when a user, by accident or willingly, changed something on the system that Puppet® is managing. The normal Puppet® process then repairs this and puts the resource back in the state as defined in the catalog. This process is precisely what you want most of the time, but not always. This can sometimes also occur when a hardware or network error occurs. Then Puppet® cannot correctly determine the current state of the system and thinks the resource is changed, while in fact, it is not. Letting Puppet recreate remove or change the resource in these cases, is NOT wat you want.
Using the disable_corrective_ensure parameter, you can disable corrective ensure present or ensure absent actions on the current resource.
Here is an example of this:
crucial_resource {'be_carefull':
ensure => 'present',
...
disable_corrective_ensure => true,
...
}
When a corrective ensure does happen on the resource Puppet® will not create or remove the resource and signal an error:
Error: Corrective ensure present requested by catalog, but disabled by parameter disable_corrective_ensure.
Error: /Stage[main]/Main/Crucial_resource[be_carefull]/ensure: change from 'absent' to 'present' failed: Corrective ensure present requested by catalog, but disabled by parameter disable_corrective_ensure. (corrective)
Back to overview of mq_certificate_file
ensure
The basic property that the resource should be in.
Valid values are present, absent.
Back to overview of mq_certificate_file
key_db
The name of the key database.
Back to overview of mq_certificate_file
label
Back to overview of mq_certificate_file
name
Back to overview of mq_certificate_file
password
The certificate database password.
This is a puppet parameter and not a managed property. Therefor it is only used during creation of the resource. Changes to this parameter in your manifest, do NOT result in modifications on the system.
Back to overview of mq_certificate_file
provider
The specific backend to use for this mq_certificate_file resource. You will seldom need to specify this — Puppet® will usually discover the appropriate provider for your platform.Available providers are:
- simple
- Manage MQ certificate files
Back to overview of mq_certificate_file
target_password
The password to put on the certificate file.
This only works when you specifcy a database type file.
This is a puppet parameter and not a managed property. Therefor it is only used during creation of the resource. Changes to this parameter in your manifest, do NOT result in modifications on the system.
Back to overview of mq_certificate_file
type
The type of certificate file to create.
This is a puppet parameter and not a managed property. Therefor it is only used during creation of the resource. Changes to this parameter in your manifest, do NOT result in modifications on the system.
Valid values are cms, jceks, jks, kdb, p12, pkcs12, pkcs12s2, binary, ascii.
