Zordrak · June 29, 2018 14:48
diff --git a/.mcollective b/.mcollective
 collectives = mcollective
 connector = activemq
 direct_addressing = 1
 libdir = /usr/local/libexec/mcollective:/usr/libexec/mcollective
 logger_type = console
 loglevel = warn
 main_collective = mcollective
 plugin.activemq.base64 = yes
 plugin.activemq.heartbeat_interval = 30
 plugin.activemq.pool.1.host = puppet.allfiled.local
 plugin.activemq.pool.1.password = marionette
 plugin.activemq.pool.1.port = 61613
 plugin.activemq.pool.1.ssl = 1
 plugin.activemq.pool.1.ssl.ca = /root/.mcollective.d/credentials/certs/ca.pem
 plugin.activemq.pool.1.ssl.cert = /root/.mcollective.d/credentials/certs/root.pem
 plugin.activemq.pool.1.ssl.fallback = 0
 plugin.activemq.pool.1.ssl.key = /root/.mcollective.d/credentials/private_keys/root.pem
 plugin.activemq.pool.1.user = mcollective
 plugin.activemq.pool.size = 1
 plugin.activemq.randomize = true
 plugin.ssl_client_private = /root/.mcollective.d/credentials/private_keys/root.pem
 plugin.ssl_client_public = /root/.mcollective.d/credentials/certs/root.pem
 plugin.ssl_server_public = /root/.mcollective.d/credentials/certs/server_public.pem
 securityprovider = ssl
diff --git a/activemq.pp b/activemq.pp
 # This class prepares an ActiveMQ middleware service for use by MCollective.
 #
 # The default parameters come from the mco_profile::params class for only one
 # reason. It allows the user to OPTIONALLY use Hiera to set values in one place
 # and have them propagate multiple related classes. This will only work if the
 # parameters are set in Hiera. It will not work if the parameters are set from
 # an ENC.
 #
 class mco_profile::middleware::activemq (
  $memoryusage               = '200 mb',
  $storeusage                = '1 gb',
  $tempusage                 = '1 gb',
  $console                   = false,
  $ssl_ca_cert               = $mco_profile::params::ssl_ca_cert,
  $ssl_server_cert           = $mco_profile::params::ssl_server_cert,
  $ssl_server_private        = $mco_profile::params::ssl_server_private,
  $middleware_user           = $mco_profile::params::middleware_user,
  $middleware_password       = $mco_profile::params::middleware_password,
  $middleware_admin_user     = $mco_profile::params::middleware_admin_user,
  $middleware_admin_password = $mco_profile::params::middleware_admin_password,
  $middleware_ssl_port       = $mco_profile::params::middleware_ssl_port,
 ) inherits mco_profile::params {

  # We need to know somewhat for sure exactly what configuration directory
  # will be used for ActiveMQ in order to correctly build the template.
  $confdir = $::osfamily ? {
    'Debian' => '/etc/activemq/instances-available/mcollective',
    default  => '/etc/activemq',
  }

  # Set up and contain the ActiveMQ server using the puppetlabs/activemq
  # module
  class { '::activemq':
    instance      => 'mcollective',
    server_config => template('mco_profile/activemq_template.erb'),
  }

  # Set up SSL configuration. Use copies of the PEM keys specified to create
  # the Java keystores.
  file { "${confdir}/ca.pem":
    owner   => 'activemq',
    group   => 'activemq',
    mode    => '0444',
    source  => $ssl_ca_cert,
    require => Class['activemq::packages'],
  }
  file { "${confdir}/server_cert.pem":
    owner   => 'activemq',
    group   => 'activemq',
    mode    => '0444',
    source  => $ssl_server_cert,
    require => Class['activemq::packages'],
  }
  file { "${confdir}/server_private.pem":
    owner   => 'activemq',
    group   => 'activemq',
    mode    => '0400',
    source  => $ssl_server_private,
    require => Class['activemq::packages'],
  }

  java_ks { 'mcollective:truststore':
    ensure       => 'latest',
    certificate  => "${confdir}/ca.pem",
    target       => "${confdir}/truststore.jks",
    password     => 'puppet',
    trustcacerts => true,
    notify       => Class['activemq::service'],
    require      => File["${confdir}/ca.pem"],
  } ->

  file { "${confdir}/truststore.jks":
    owner   => 'activemq',
    group   => 'activemq',
    mode    => '0400',
    require => Class['activemq::packages'],
    before  => Java_ks['mcollective:keystore'],
  }

  java_ks { 'mcollective:keystore':
    ensure       => 'latest',
    certificate  => "${confdir}/server_cert.pem",
    private_key  => "${confdir}/server_private.pem",
    target       => "${confdir}/keystore.jks",
    password     => 'puppet',
    trustcacerts => true,
    before       => Class['activemq::service'],
    require      => [
      File["${confdir}/server_cert.pem"],
      File["${confdir}/server_private.pem"],
    ],
  } ->
  file { "${confdir}/keystore.jks":
    owner   => 'activemq',
    group   => 'activemq',
    mode    => '0400',
    require => Class['activemq::packages'],
    before  => Class['activemq::service'],
  }

 }
diff --git a/client.pp b/client.pp
 class mco_profile::client (
  $middleware_hosts   = $mco_profile::params::middleware_hosts,
  $ssl_server_cert    = $mco_profile::params::ssl_server_cert,
  $ssl_server_private = $mco_profile::params::ssl_server_private,
  $ssl_server_public  = $mco_profile::params::ssl_server_public,
  $ssl_ca_cert        = $mco_profile::params::ssl_ca_cert,
  $connector          = $mco_profile::params::connector,
 ) {

  mcollective::user { "root":
    homedir           => '/root',
    certificate       => $ssl_server_cert,
    private_key       => $ssl_server_private,
    ssl_ca_cert       => $ssl_ca_cert,
    ssl_server_public => $ssl_server_public,
    middleware_hosts  => $middleware_host,
    middleware_ssl    => true,
    securityprovider  => 'ssl',
    connector         => $connector,
  }

 # Old Example from Source
 #  mcollective::user { "${::hostname}_client":
 #    homedir           => '/root',
 #    certificate       => $ssl_server_cert,
 #    private_key       => $ssl_server_private,
 #    ssl_ca_cert       => $ssl_ca_cert,
 #    ssl_server_public => $ssl_server_public,
 #    middleware_hosts  => $middleware_host,
 #    middleware_ssl    => true,
 #    securityprovider  => 'ssl',
 #    connector         => $connector,
 #  }

 }
diff --git a/gistfile1.txt b/gistfile1.txt
 All hosts to be configured for mcollective client and server.
 /root/.mcollective is identical on all hosts

 puppet.example.org :: Puppet Master and Middleware Host
 4ee2c3b6a2d4df140ac0d08fc1527b9a  /etc/activemq/server_cert.pem
 4ee2c3b6a2d4df140ac0d08fc1527b9a  /etc/mcollective/server_public.pem
 4ee2c3b6a2d4df140ac0d08fc1527b9a  /root/.mcollective.d/credentials/certs/root.pem # plugin.ssl_client_public
 4ee2c3b6a2d4df140ac0d08fc1527b9a  /var/lib/puppet/ssl/certs/puppet.allfiled.local.pem
 8717fca2cb36cea0abb6b08eae975474  /root/.mcollective.d/credentials/private_keys/root.pem # plugin.ssl_client_private
 a142eb51e5bc8e155233c93c24b3b91b  /root/.mcollective.d/credentials/certs/server_public.pem
 a142eb51e5bc8e155233c93c24b3b91b  /var/lib/puppet/ssl/public_keys/puppet.allfiled.local.pem

 otherhost.example.org :: Random other host
 0c5145f0dbbe14e76d9c49d6cfca8d38  /root/.mcollective.d/credentials/private_keys/root.pem # plugin.ssl_client_private
 c5b6810023c014393626475fbf0a329c  /etc/mcollective/server_public.pem
 c5b6810023c014393626475fbf0a329c  /root/.mcollective.d/credentials/certs/root.pem # plugin.ssl_client_public
 c5b6810023c014393626475fbf0a329c  /var/lib/puppet/ssl/certs/otherhost.example.org.pem
 ccca429bead5cdacc3b5c08c434c5f20  /root/.mcollective.d/credentials/certs/server_public.pem
 ccca429bead5cdacc3b5c08c434c5f20  /var/lib/puppet/ssl/public_keys/otherhost.example.org.pem


diff --git a/params.pp b/params.pp
 # This class exists solely to aggregate the set of information that tie
 # together the MCollective middleware.
 #
 class mco_profile::params (
  $main_collective           = 'mcollective',
  $collectives               = undef,
  $middleware_hosts          = undef, # Overwritten by the ENC
  $middleware_user           = 'mcollective',
  $middleware_password       = 'mcollective', # Overwritten by the ENC
  $middleware_ssl_port       = '61613',
  $ssl_server_public         = "${::settings::ssldir}/public_keys/${::clientcert}.pem",
  $ssl_server_private        = "${::settings::ssldir}/private_keys/${::clientcert}.pem",
  $ssl_server_cert           = "${::settings::ssldir}/certs/${::clientcert}.pem",
  $ssl_ca_cert               = "${::settings::ssldir}/certs/ca.pem",
  $ssl_client_certs          = "puppet:///modules/mco_profile/client_certs", # MODIFIED FROM EXAMPLE
  $connector                 = undef,
  $middleware_admin_user     = 'admin',
  $middleware_admin_password = 'mcollective',
  $rabbitmq_vhost            = '/mcollective',
 ) {

  # No resources are declared by this class. It should only be used to set
  # Hiera parameters to propagate to inheriting classes.

 }
diff --git a/server.cfg b/server.cfg
 classesfile = /var/lib/puppet/state/classes.txt
 collectives = mcollective
 connector = activemq
 daemonize = 1
 direct_addressing = 1
 factsource = yaml
 libdir = /usr/local/libexec/mcollective:/usr/libexec/mcollective
 logfile = /var/log/mcollective.log
 loglevel = info
 main_collective = mcollective
 plugin.actionpolicy.allow_unconfigured = 1
 plugin.activemq.base64 = yes
 plugin.activemq.heartbeat_interval = 30
 plugin.activemq.pool.1.host = puppet.example.org
 plugin.activemq.pool.1.password = marionette
 plugin.activemq.pool.1.port = 61613
 plugin.activemq.pool.1.ssl = 1
 plugin.activemq.pool.1.ssl.ca = /etc/mcollective/ca.pem
 plugin.activemq.pool.1.ssl.cert = /etc/mcollective/server_public.pem
 plugin.activemq.pool.1.ssl.fallback = 0
 plugin.activemq.pool.1.ssl.key = /etc/mcollective/server_private.pem
 plugin.activemq.pool.1.user = mcollective
 plugin.activemq.pool.size = 1
 plugin.activemq.randomize = true
 plugin.rpcaudit.logfile = /var/log/mcollective-audit.log
 plugin.ssl_client_cert_dir = /etc/mcollective/clients
 plugin.ssl_server_private = /etc/mcollective/server_private.pem
 plugin.ssl_server_public = /etc/mcollective/server_public.pem
 plugin.yaml = /etc/mcollective/facts.yaml
 rpcaudit = 1
 rpcauditprovider = logfile
 rpcauthorization = 1
 rpcauthprovider = action_policy
 securityprovider = ssl
diff --git a/server.pp b/server.pp
 # This class should be applied to all servers, and sets up the MCollective
 # server. It includes its parent class "site" and uses the parameters set
 # there. Inheritance is used to ensure order of evaluation and exposition of
 # parameters without needing to call "include".
 #
 # The default parameters come from the mco_profile::params class for only one
 # reason. It allows the user to OPTIONALLY use Hiera to set values in one place
 # and have them propagate multiple related classes. This will only work if the
 # parameters are set in Hiera. It will not work if the parameters are set from
 # an ENC.
 #
 class mco_profile::server (
  $middleware_hosts    = $mco_profile::params::middleware_hosts,
  $middleware_ssl_port = $mco_profile::params::middleware_ssl_port,
  $middleware_user     = $mco_profile::params::middleware_user,
  $middleware_password = $mco_profile::params::middleware_password,
  $main_collective     = $mco_profile::params::main_collective,
  $collectives         = $mco_profile::params::collectives,
  $connector           = $mco_profile::params::connector,
  $ssl_server_cert     = $mco_profile::params::ssl_server_cert,
  $ssl_server_private  = $mco_profile::params::ssl_server_private,
  $ssl_ca_cert         = $mco_profile::params::ssl_ca_cert,
  $ssl_client_certs    = $mco_profile::params::ssl_client_certs,
 ) inherits mco_profile::params {

  class { '::mcollective':
    client               => true,
    server               => true,
    securityprovider     => 'ssl',
    middleware_ssl       => true,
    middleware_hosts     => $middleware_hosts,
    middleware_ssl_port  => $middleware_ssl_port,
    middleware_user      => $middleware_user,
    middleware_password  => $middleware_password,
    main_collective      => $main_collective,
    collectives          => $collectives,
    connector            => $connector,
    ssl_server_public    => $ssl_server_cert,
    ssl_server_private   => $ssl_server_private,
    ssl_ca_cert          => $ssl_ca_cert,
    ssl_client_certs     => $ssl_client_certs,
  }

 }
	collectives = mcollective
	connector = activemq
	direct_addressing = 1
	libdir = /usr/local/libexec/mcollective:/usr/libexec/mcollective
	logger_type = console
	loglevel = warn
	main_collective = mcollective
	plugin.activemq.base64 = yes
	plugin.activemq.heartbeat_interval = 30
	plugin.activemq.pool.1.host = puppet.allfiled.local
	plugin.activemq.pool.1.password = marionette
	plugin.activemq.pool.1.port = 61613
	plugin.activemq.pool.1.ssl = 1
	plugin.activemq.pool.1.ssl.ca = /root/.mcollective.d/credentials/certs/ca.pem
	plugin.activemq.pool.1.ssl.cert = /root/.mcollective.d/credentials/certs/root.pem
	plugin.activemq.pool.1.ssl.fallback = 0
	plugin.activemq.pool.1.ssl.key = /root/.mcollective.d/credentials/private_keys/root.pem
	plugin.activemq.pool.1.user = mcollective
	plugin.activemq.pool.size = 1
	plugin.activemq.randomize = true
	plugin.ssl_client_private = /root/.mcollective.d/credentials/private_keys/root.pem
	plugin.ssl_client_public = /root/.mcollective.d/credentials/certs/root.pem
	plugin.ssl_server_public = /root/.mcollective.d/credentials/certs/server_public.pem
	securityprovider = ssl
	# This class prepares an ActiveMQ middleware service for use by MCollective.
	#
	# The default parameters come from the mco_profile::params class for only one
	# reason. It allows the user to OPTIONALLY use Hiera to set values in one place
	# and have them propagate multiple related classes. This will only work if the
	# parameters are set in Hiera. It will not work if the parameters are set from
	# an ENC.
	#
	class mco_profile::middleware::activemq (
	$memoryusage = '200 mb',
	$storeusage = '1 gb',
	$tempusage = '1 gb',
	$console = false,
	$ssl_ca_cert = $mco_profile::params::ssl_ca_cert,
	$ssl_server_cert = $mco_profile::params::ssl_server_cert,
	$ssl_server_private = $mco_profile::params::ssl_server_private,
	$middleware_user = $mco_profile::params::middleware_user,
	$middleware_password = $mco_profile::params::middleware_password,
	$middleware_admin_user = $mco_profile::params::middleware_admin_user,
	$middleware_admin_password = $mco_profile::params::middleware_admin_password,
	$middleware_ssl_port = $mco_profile::params::middleware_ssl_port,
	) inherits mco_profile::params {

	# We need to know somewhat for sure exactly what configuration directory
	# will be used for ActiveMQ in order to correctly build the template.
	$confdir = $::osfamily ? {
	'Debian' => '/etc/activemq/instances-available/mcollective',
	default => '/etc/activemq',
	}

	# Set up and contain the ActiveMQ server using the puppetlabs/activemq
	# module
	class { '::activemq':
	instance => 'mcollective',
	server_config => template('mco_profile/activemq_template.erb'),
	}

	# Set up SSL configuration. Use copies of the PEM keys specified to create
	# the Java keystores.
	file { "${confdir}/ca.pem":
	owner => 'activemq',
	group => 'activemq',
	mode => '0444',
	source => $ssl_ca_cert,
	require => Class['activemq::packages'],
	}
	file { "${confdir}/server_cert.pem":
	owner => 'activemq',
	group => 'activemq',
	mode => '0444',
	source => $ssl_server_cert,
	require => Class['activemq::packages'],
	}
	file { "${confdir}/server_private.pem":
	owner => 'activemq',
	group => 'activemq',
	mode => '0400',
	source => $ssl_server_private,
	require => Class['activemq::packages'],
	}

	java_ks { 'mcollective:truststore':
	ensure => 'latest',
	certificate => "${confdir}/ca.pem",
	target => "${confdir}/truststore.jks",
	password => 'puppet',
	trustcacerts => true,
	notify => Class['activemq::service'],
	require => File["${confdir}/ca.pem"],
	} ->

	file { "${confdir}/truststore.jks":
	owner => 'activemq',
	group => 'activemq',
	mode => '0400',
	require => Class['activemq::packages'],
	before => Java_ks['mcollective:keystore'],
	}

	java_ks { 'mcollective:keystore':
	ensure => 'latest',
	certificate => "${confdir}/server_cert.pem",
	private_key => "${confdir}/server_private.pem",
	target => "${confdir}/keystore.jks",
	password => 'puppet',
	trustcacerts => true,
	before => Class['activemq::service'],
	require => [
	File["${confdir}/server_cert.pem"],
	File["${confdir}/server_private.pem"],
	],
	} ->
	file { "${confdir}/keystore.jks":
	owner => 'activemq',
	group => 'activemq',
	mode => '0400',
	require => Class['activemq::packages'],
	before => Class['activemq::service'],
	}

	}
	class mco_profile::client (
	$middleware_hosts = $mco_profile::params::middleware_hosts,
	$ssl_server_cert = $mco_profile::params::ssl_server_cert,
	$ssl_server_private = $mco_profile::params::ssl_server_private,
	$ssl_server_public = $mco_profile::params::ssl_server_public,
	$ssl_ca_cert = $mco_profile::params::ssl_ca_cert,
	$connector = $mco_profile::params::connector,
	) {

	mcollective::user { "root":
	homedir => '/root',
	certificate => $ssl_server_cert,
	private_key => $ssl_server_private,
	ssl_ca_cert => $ssl_ca_cert,
	ssl_server_public => $ssl_server_public,
	middleware_hosts => $middleware_host,
	middleware_ssl => true,
	securityprovider => 'ssl',
	connector => $connector,
	}

	# Old Example from Source
	# mcollective::user { "${::hostname}_client":
	# homedir => '/root',
	# certificate => $ssl_server_cert,
	# private_key => $ssl_server_private,
	# ssl_ca_cert => $ssl_ca_cert,
	# ssl_server_public => $ssl_server_public,
	# middleware_hosts => $middleware_host,
	# middleware_ssl => true,
	# securityprovider => 'ssl',
	# connector => $connector,
	# }

	}
	All hosts to be configured for mcollective client and server.
	/root/.mcollective is identical on all hosts

	puppet.example.org :: Puppet Master and Middleware Host
	4ee2c3b6a2d4df140ac0d08fc1527b9a /etc/activemq/server_cert.pem
	4ee2c3b6a2d4df140ac0d08fc1527b9a /etc/mcollective/server_public.pem
	4ee2c3b6a2d4df140ac0d08fc1527b9a /root/.mcollective.d/credentials/certs/root.pem # plugin.ssl_client_public
	4ee2c3b6a2d4df140ac0d08fc1527b9a /var/lib/puppet/ssl/certs/puppet.allfiled.local.pem
	8717fca2cb36cea0abb6b08eae975474 /root/.mcollective.d/credentials/private_keys/root.pem # plugin.ssl_client_private
	a142eb51e5bc8e155233c93c24b3b91b /root/.mcollective.d/credentials/certs/server_public.pem
	a142eb51e5bc8e155233c93c24b3b91b /var/lib/puppet/ssl/public_keys/puppet.allfiled.local.pem

	otherhost.example.org :: Random other host
	0c5145f0dbbe14e76d9c49d6cfca8d38 /root/.mcollective.d/credentials/private_keys/root.pem # plugin.ssl_client_private
	c5b6810023c014393626475fbf0a329c /etc/mcollective/server_public.pem
	c5b6810023c014393626475fbf0a329c /root/.mcollective.d/credentials/certs/root.pem # plugin.ssl_client_public
	c5b6810023c014393626475fbf0a329c /var/lib/puppet/ssl/certs/otherhost.example.org.pem
	ccca429bead5cdacc3b5c08c434c5f20 /root/.mcollective.d/credentials/certs/server_public.pem
	ccca429bead5cdacc3b5c08c434c5f20 /var/lib/puppet/ssl/public_keys/otherhost.example.org.pem
	# This class exists solely to aggregate the set of information that tie
	# together the MCollective middleware.
	#
	class mco_profile::params (
	$main_collective = 'mcollective',
	$collectives = undef,
	$middleware_hosts = undef, # Overwritten by the ENC
	$middleware_user = 'mcollective',
	$middleware_password = 'mcollective', # Overwritten by the ENC
	$middleware_ssl_port = '61613',
	$ssl_server_public = "${::settings::ssldir}/public_keys/${::clientcert}.pem",
	$ssl_server_private = "${::settings::ssldir}/private_keys/${::clientcert}.pem",
	$ssl_server_cert = "${::settings::ssldir}/certs/${::clientcert}.pem",
	$ssl_ca_cert = "${::settings::ssldir}/certs/ca.pem",
	$ssl_client_certs = "puppet:///modules/mco_profile/client_certs", # MODIFIED FROM EXAMPLE
	$connector = undef,
	$middleware_admin_user = 'admin',
	$middleware_admin_password = 'mcollective',
	$rabbitmq_vhost = '/mcollective',
	) {

	# No resources are declared by this class. It should only be used to set
	# Hiera parameters to propagate to inheriting classes.

	}
	classesfile = /var/lib/puppet/state/classes.txt
	collectives = mcollective
	connector = activemq
	daemonize = 1
	direct_addressing = 1
	factsource = yaml
	libdir = /usr/local/libexec/mcollective:/usr/libexec/mcollective
	logfile = /var/log/mcollective.log
	loglevel = info
	main_collective = mcollective
	plugin.actionpolicy.allow_unconfigured = 1
	plugin.activemq.base64 = yes
	plugin.activemq.heartbeat_interval = 30
	plugin.activemq.pool.1.host = puppet.example.org
	plugin.activemq.pool.1.password = marionette
	plugin.activemq.pool.1.port = 61613
	plugin.activemq.pool.1.ssl = 1
	plugin.activemq.pool.1.ssl.ca = /etc/mcollective/ca.pem
	plugin.activemq.pool.1.ssl.cert = /etc/mcollective/server_public.pem
	plugin.activemq.pool.1.ssl.fallback = 0
	plugin.activemq.pool.1.ssl.key = /etc/mcollective/server_private.pem
	plugin.activemq.pool.1.user = mcollective
	plugin.activemq.pool.size = 1
	plugin.activemq.randomize = true
	plugin.rpcaudit.logfile = /var/log/mcollective-audit.log
	plugin.ssl_client_cert_dir = /etc/mcollective/clients
	plugin.ssl_server_private = /etc/mcollective/server_private.pem
	plugin.ssl_server_public = /etc/mcollective/server_public.pem
	plugin.yaml = /etc/mcollective/facts.yaml
	rpcaudit = 1
	rpcauditprovider = logfile
	rpcauthorization = 1
	rpcauthprovider = action_policy
	securityprovider = ssl
	# This class should be applied to all servers, and sets up the MCollective
	# server. It includes its parent class "site" and uses the parameters set
	# there. Inheritance is used to ensure order of evaluation and exposition of
	# parameters without needing to call "include".
	#
	# The default parameters come from the mco_profile::params class for only one
	# reason. It allows the user to OPTIONALLY use Hiera to set values in one place
	# and have them propagate multiple related classes. This will only work if the
	# parameters are set in Hiera. It will not work if the parameters are set from
	# an ENC.
	#
	class mco_profile::server (
	$middleware_hosts = $mco_profile::params::middleware_hosts,
	$middleware_ssl_port = $mco_profile::params::middleware_ssl_port,
	$middleware_user = $mco_profile::params::middleware_user,
	$middleware_password = $mco_profile::params::middleware_password,
	$main_collective = $mco_profile::params::main_collective,
	$collectives = $mco_profile::params::collectives,
	$connector = $mco_profile::params::connector,
	$ssl_server_cert = $mco_profile::params::ssl_server_cert,
	$ssl_server_private = $mco_profile::params::ssl_server_private,
	$ssl_ca_cert = $mco_profile::params::ssl_ca_cert,
	$ssl_client_certs = $mco_profile::params::ssl_client_certs,
	) inherits mco_profile::params {

	class { '::mcollective':
	client => true,
	server => true,
	securityprovider => 'ssl',
	middleware_ssl => true,
	middleware_hosts => $middleware_hosts,
	middleware_ssl_port => $middleware_ssl_port,
	middleware_user => $middleware_user,
	middleware_password => $middleware_password,
	main_collective => $main_collective,
	collectives => $collectives,
	connector => $connector,
	ssl_server_public => $ssl_server_cert,
	ssl_server_private => $ssl_server_private,
	ssl_ca_cert => $ssl_ca_cert,
	ssl_client_certs => $ssl_client_certs,
	}

	}