Puppet Master F5

gistfile1.pp

  f5_key { 'puppet.key':
    ensure  => 'present',
    content => file("${settings::ssldir}/ca/ca_key.pem"),
    mode    => 'MANAGEMENT_MODE_DEFAULT',
  }

  f5_profileclientssl { 'puppetmaster':    
    ensure                     => present,
    certificate_file           => 'puppet.crt',
    key_file                   => 'puppet.key',
    ca_file                    => 'puppetca.crt',
    client_certificate_ca_file => 'puppetca.crt', 
    peer_certification_mode    => 'REQUIRE', 
  }

  f5_pool { 'puppetmaster':
    ensure    => present,
    lb_method => 'LEAST_CONNECTION_MEMBER',
    member    => { '192.168.1.1:8140' => {}, 
                   '192.168.1.2:8140' => {} },
  }

  f5_rule { 'puppetmaster':
    ensure     => present,
    definition => 'when HTTP_REQUEST {
  HTTP::header insert "X-Forwarded-Proto" "https"                                                                                                                                   
  set cert_request 0
  set path2 [URI::path [HTTP::uri] 2 2 ]

  if { $path2 == "/certificate/" || $path2 == "/certificate_request/" } {
    set cert_request 1
  }
}

when HTTP_REQUEST_SEND {
  if { $cert_request == 0}{
   clientside {
     if {[SSL::verify_result] == 0} {
        HTTP::header insert "X-Client-Verify" "SUCCESS"
     }
     HTTP::header insert "X-Client-DN" /[X509::subject [SSL::cert 0]]
     HTTP::header insert "X-SSL-Subject" /[X509::subject [SSL::cert 0]]
   }
  }
}',
  }