Starting off the certmaster tree with most of the func code, shortly non-certmaster related parts will be removed, and other small parts added/tweaked

4 files changed, 39 insertions, 0 deletions

diff --git a/etc/certmaster.conf b/etc/certmaster.conf
new file mode 100644
index 0000000..71b2068
--- /dev/null
+++ b/etc/certmaster.conf
@@ -0,0 +1,7 @@
+[main]
+listen_addr = 
+cadir = /etc/pki/func/ca
+certroot = /var/lib/func/certmaster/certs
+csrroot = /var/lib/func/certmaster/csrs
+autosign = no
+
diff --git a/etc/func_rotate b/etc/func_rotate
new file mode 100644
index 0000000..e12edfb
--- /dev/null
+++ b/etc/func_rotate
@@ -0,0 +1,19 @@
+/var/log/func/audit.log {
+   missingok
+   notifempty
+   rotate 4
+   weekly
+   postrotate
+      if [ -f /var/lock/subsys/funcd ]; then
+         /etc/init.d/funcd condrestart
+      fi
+   endscript
+}
+
+/var/log/func/func.log {
+   missingok
+   notifempty
+   rotate 4
+   weekly
+}
+
diff --git a/etc/minion.conf b/etc/minion.conf
new file mode 100644
index 0000000..f2e2b34
--- /dev/null
+++ b/etc/minion.conf
@@ -0,0 +1,8 @@
+# configuration for minions
+
+[main]
+log_level = DEBUG
+certmaster = certmaster
+cert_dir = /etc/pki/func
+acl_dir = /etc/func/minion-acl.d
+
diff --git a/etc/sample.acl b/etc/sample.acl
new file mode 100644
index 0000000..1a093a8
--- /dev/null
+++ b/etc/sample.acl
@@ -0,0 +1,5 @@
+#config file for minion Access control lists
+#this specifies which methods a connecting client is allowed to run
+# format is: cn-certificate-hash = method1, method2, method3
+# default allows the certmaster key to run all methods
+