Zordrak/.mcollective

## .mcollective
collectives = mcollective
connector = activemq
direct_addressing = 1
libdir = /usr/local/libexec/mcollective:/usr/libexec/mcollective
logger_type = console
loglevel = warn
main_collective = mcollective
plugin.activemq.base64 = yes
plugin.activemq.heartbeat_interval = 30
plugin.activemq.pool.1.host = puppet.allfiled.local
plugin.activemq.pool.1.password = marionette
plugin.activemq.pool.1.port = 61613
plugin.activemq.pool.1.ssl = 1
plugin.activemq.pool.1.ssl.ca = /root/.mcollective.d/credentials/certs/ca.pem
plugin.activemq.pool.1.ssl.cert = /root/.mcollective.d/credentials/certs/root.pem
plugin.activemq.pool.1.ssl.fallback = 0
plugin.activemq.pool.1.ssl.key = /root/.mcollective.d/credentials/private_keys/root.pem
plugin.activemq.pool.1.user = mcollective
plugin.activemq.pool.size = 1
plugin.activemq.randomize = true
plugin.ssl_client_private = /root/.mcollective.d/credentials/private_keys/root.pem
plugin.ssl_client_public = /root/.mcollective.d/credentials/certs/root.pem
plugin.ssl_server_public = /root/.mcollective.d/credentials/certs/server_public.pem
securityprovider = ssl

## activemq.pp
# This class prepares an ActiveMQ middleware service for use by MCollective.
#
# The default parameters come from the mco_profile::params class for only one
# reason. It allows the user to OPTIONALLY use Hiera to set values in one place
# and have them propagate multiple related classes. This will only work if the
# parameters are set in Hiera. It will not work if the parameters are set from
# an ENC.
#
class mco_profile::middleware::activemq (
  $memoryusage               = '200 mb',
  $storeusage                = '1 gb',
  $tempusage                 = '1 gb',
  $console                   = false,
  $ssl_ca_cert               = $mco_profile::params::ssl_ca_cert,
  $ssl_server_cert           = $mco_profile::params::ssl_server_cert,
  $ssl_server_private        = $mco_profile::params::ssl_server_private,
  $middleware_user           = $mco_profile::params::middleware_user,
  $middleware_password       = $mco_profile::params::middleware_password,
  $middleware_admin_user     = $mco_profile::params::middleware_admin_user,
  $middleware_admin_password = $mco_profile::params::middleware_admin_password,
  $middleware_ssl_port       = $mco_profile::params::middleware_ssl_port,
) inherits mco_profile::params {

  # We need to know somewhat for sure exactly what configuration directory
  # will be used for ActiveMQ in order to correctly build the template.
  $confdir = $::osfamily ? {
    'Debian' => '/etc/activemq/instances-available/mcollective',
    default  => '/etc/activemq',
  }

  # Set up and contain the ActiveMQ server using the puppetlabs/activemq
  # module
  class { '::activemq':
    instance      => 'mcollective',
    server_config => template('mco_profile/activemq_template.erb'),
  }

  # Set up SSL configuration. Use copies of the PEM keys specified to create
  # the Java keystores.
  file { "${confdir}/ca.pem":
    owner   => 'activemq',
    group   => 'activemq',
    mode    => '0444',
    source  => $ssl_ca_cert,
    require => Class['activemq::packages'],
  }
  file { "${confdir}/server_cert.pem":
    owner   => 'activemq',
    group   => 'activemq',
    mode    => '0444',
    source  => $ssl_server_cert,
    require => Class['activemq::packages'],
  }
  file { "${confdir}/server_private.pem":
    owner   => 'activemq',
    group   => 'activemq',
    mode    => '0400',
    source  => $ssl_server_private,
    require => Class['activemq::packages'],
  }

  java_ks { 'mcollective:truststore':
    ensure       => 'latest',
    certificate  => "${confdir}/ca.pem",
    target       => "${confdir}/truststore.jks",
    password     => 'puppet',
    trustcacerts => true,
    notify       => Class['activemq::service'],
    require      => File["${confdir}/ca.pem"],
  } ->

  file { "${confdir}/truststore.jks":
    owner   => 'activemq',
    group   => 'activemq',
    mode    => '0400',
    require => Class['activemq::packages'],
    before  => Java_ks['mcollective:keystore'],
  }

  java_ks { 'mcollective:keystore':
    ensure       => 'latest',
    certificate  => "${confdir}/server_cert.pem",
    private_key  => "${confdir}/server_private.pem",
    target       => "${confdir}/keystore.jks",
    password     => 'puppet',
    trustcacerts => true,
    before       => Class['activemq::service'],
    require      => [
      File["${confdir}/server_cert.pem"],
      File["${confdir}/server_private.pem"],
    ],
  } ->
  file { "${confdir}/keystore.jks":
    owner   => 'activemq',
    group   => 'activemq',
    mode    => '0400',
    require => Class['activemq::packages'],
    before  => Class['activemq::service'],
  }

}

## client.pp
class mco_profile::client (
  $middleware_hosts   = $mco_profile::params::middleware_hosts,
  $ssl_server_cert    = $mco_profile::params::ssl_server_cert,
  $ssl_server_private = $mco_profile::params::ssl_server_private,
  $ssl_server_public  = $mco_profile::params::ssl_server_public,
  $ssl_ca_cert        = $mco_profile::params::ssl_ca_cert,
  $connector          = $mco_profile::params::connector,
) {

  mcollective::user { "root":
    homedir           => '/root',
    certificate       => $ssl_server_cert,
    private_key       => $ssl_server_private,
    ssl_ca_cert       => $ssl_ca_cert,
    ssl_server_public => $ssl_server_public,
    middleware_hosts  => $middleware_host,
    middleware_ssl    => true,
    securityprovider  => 'ssl',
    connector         => $connector,
  }

# Old Example from Source
#  mcollective::user { "${::hostname}_client":
#    homedir           => '/root',
#    certificate       => $ssl_server_cert,
#    private_key       => $ssl_server_private,
#    ssl_ca_cert       => $ssl_ca_cert,
#    ssl_server_public => $ssl_server_public,
#    middleware_hosts  => $middleware_host,
#    middleware_ssl    => true,
#    securityprovider  => 'ssl',
#    connector         => $connector,
#  }

}

## gistfile1.txt
All hosts to be configured for mcollective client and server.
/root/.mcollective is identical on all hosts

puppet.example.org :: Puppet Master and Middleware Host
4ee2c3b6a2d4df140ac0d08fc1527b9a  /etc/activemq/server_cert.pem
4ee2c3b6a2d4df140ac0d08fc1527b9a  /etc/mcollective/server_public.pem
4ee2c3b6a2d4df140ac0d08fc1527b9a  /root/.mcollective.d/credentials/certs/root.pem # plugin.ssl_client_public
4ee2c3b6a2d4df140ac0d08fc1527b9a  /var/lib/puppet/ssl/certs/puppet.allfiled.local.pem
8717fca2cb36cea0abb6b08eae975474  /root/.mcollective.d/credentials/private_keys/root.pem # plugin.ssl_client_private
a142eb51e5bc8e155233c93c24b3b91b  /root/.mcollective.d/credentials/certs/server_public.pem
a142eb51e5bc8e155233c93c24b3b91b  /var/lib/puppet/ssl/public_keys/puppet.allfiled.local.pem

otherhost.example.org :: Random other host
0c5145f0dbbe14e76d9c49d6cfca8d38  /root/.mcollective.d/credentials/private_keys/root.pem # plugin.ssl_client_private
c5b6810023c014393626475fbf0a329c  /etc/mcollective/server_public.pem
c5b6810023c014393626475fbf0a329c  /root/.mcollective.d/credentials/certs/root.pem # plugin.ssl_client_public
c5b6810023c014393626475fbf0a329c  /var/lib/puppet/ssl/certs/otherhost.example.org.pem
ccca429bead5cdacc3b5c08c434c5f20  /root/.mcollective.d/credentials/certs/server_public.pem
ccca429bead5cdacc3b5c08c434c5f20  /var/lib/puppet/ssl/public_keys/otherhost.example.org.pem


## params.pp
# This class exists solely to aggregate the set of information that tie
# together the MCollective middleware.
#
class mco_profile::params (
  $main_collective           = 'mcollective',
  $collectives               = undef,
  $middleware_hosts          = undef, # Overwritten by the ENC
  $middleware_user           = 'mcollective',
  $middleware_password       = 'mcollective', # Overwritten by the ENC
  $middleware_ssl_port       = '61613',
  $ssl_server_public         = "${::settings::ssldir}/public_keys/${::clientcert}.pem",
  $ssl_server_private        = "${::settings::ssldir}/private_keys/${::clientcert}.pem",
  $ssl_server_cert           = "${::settings::ssldir}/certs/${::clientcert}.pem",
  $ssl_ca_cert               = "${::settings::ssldir}/certs/ca.pem",
  $ssl_client_certs          = "puppet:///modules/mco_profile/client_certs", # MODIFIED FROM EXAMPLE
  $connector                 = undef,
  $middleware_admin_user     = 'admin',
  $middleware_admin_password = 'mcollective',
  $rabbitmq_vhost            = '/mcollective',
) {

  # No resources are declared by this class. It should only be used to set
  # Hiera parameters to propagate to inheriting classes.

}

## server.cfg
classesfile = /var/lib/puppet/state/classes.txt
collectives = mcollective
connector = activemq
daemonize = 1
direct_addressing = 1
factsource = yaml
libdir = /usr/local/libexec/mcollective:/usr/libexec/mcollective
logfile = /var/log/mcollective.log
loglevel = info
main_collective = mcollective
plugin.actionpolicy.allow_unconfigured = 1
plugin.activemq.base64 = yes
plugin.activemq.heartbeat_interval = 30
plugin.activemq.pool.1.host = puppet.example.org
plugin.activemq.pool.1.password = marionette
plugin.activemq.pool.1.port = 61613
plugin.activemq.pool.1.ssl = 1
plugin.activemq.pool.1.ssl.ca = /etc/mcollective/ca.pem
plugin.activemq.pool.1.ssl.cert = /etc/mcollective/server_public.pem
plugin.activemq.pool.1.ssl.fallback = 0
plugin.activemq.pool.1.ssl.key = /etc/mcollective/server_private.pem
plugin.activemq.pool.1.user = mcollective
plugin.activemq.pool.size = 1
plugin.activemq.randomize = true
plugin.rpcaudit.logfile = /var/log/mcollective-audit.log
plugin.ssl_client_cert_dir = /etc/mcollective/clients
plugin.ssl_server_private = /etc/mcollective/server_private.pem
plugin.ssl_server_public = /etc/mcollective/server_public.pem
plugin.yaml = /etc/mcollective/facts.yaml
rpcaudit = 1
rpcauditprovider = logfile
rpcauthorization = 1
rpcauthprovider = action_policy
securityprovider = ssl

## server.pp
# This class should be applied to all servers, and sets up the MCollective
# server. It includes its parent class "site" and uses the parameters set
# there. Inheritance is used to ensure order of evaluation and exposition of
# parameters without needing to call "include".
#
# The default parameters come from the mco_profile::params class for only one
# reason. It allows the user to OPTIONALLY use Hiera to set values in one place
# and have them propagate multiple related classes. This will only work if the
# parameters are set in Hiera. It will not work if the parameters are set from
# an ENC.
#
class mco_profile::server (
  $middleware_hosts    = $mco_profile::params::middleware_hosts,
  $middleware_ssl_port = $mco_profile::params::middleware_ssl_port,
  $middleware_user     = $mco_profile::params::middleware_user,
  $middleware_password = $mco_profile::params::middleware_password,
  $main_collective     = $mco_profile::params::main_collective,
  $collectives         = $mco_profile::params::collectives,
  $connector           = $mco_profile::params::connector,
  $ssl_server_cert     = $mco_profile::params::ssl_server_cert,
  $ssl_server_private  = $mco_profile::params::ssl_server_private,
  $ssl_ca_cert         = $mco_profile::params::ssl_ca_cert,
  $ssl_client_certs    = $mco_profile::params::ssl_client_certs,
) inherits mco_profile::params {

  class { '::mcollective':
    client               => true,
    server               => true,
    securityprovider     => 'ssl',
    middleware_ssl       => true,
    middleware_hosts     => $middleware_hosts,
    middleware_ssl_port  => $middleware_ssl_port,
    middleware_user      => $middleware_user,
    middleware_password  => $middleware_password,
    main_collective      => $main_collective,
    collectives          => $collectives,
    connector            => $connector,
    ssl_server_public    => $ssl_server_cert,
    ssl_server_private   => $ssl_server_private,
    ssl_ca_cert          => $ssl_ca_cert,
    ssl_client_certs     => $ssl_client_certs,
  }

}
	collectives = mcollective
	connector = activemq
	direct_addressing = 1
	libdir = /usr/local/libexec/mcollective:/usr/libexec/mcollective
	logger_type = console
	loglevel = warn
	main_collective = mcollective
	plugin.activemq.base64 = yes
	plugin.activemq.heartbeat_interval = 30
	plugin.activemq.pool.1.host = puppet.allfiled.local
	plugin.activemq.pool.1.password = marionette
	plugin.activemq.pool.1.port = 61613
	plugin.activemq.pool.1.ssl = 1
	plugin.activemq.pool.1.ssl.ca = /root/.mcollective.d/credentials/certs/ca.pem
	plugin.activemq.pool.1.ssl.cert = /root/.mcollective.d/credentials/certs/root.pem
	plugin.activemq.pool.1.ssl.fallback = 0
	plugin.activemq.pool.1.ssl.key = /root/.mcollective.d/credentials/private_keys/root.pem
	plugin.activemq.pool.1.user = mcollective
	plugin.activemq.pool.size = 1
	plugin.activemq.randomize = true
	plugin.ssl_client_private = /root/.mcollective.d/credentials/private_keys/root.pem
	plugin.ssl_client_public = /root/.mcollective.d/credentials/certs/root.pem
	plugin.ssl_server_public = /root/.mcollective.d/credentials/certs/server_public.pem
	securityprovider = ssl
	# This class prepares an ActiveMQ middleware service for use by MCollective.
	#
	# The default parameters come from the mco_profile::params class for only one
	# reason. It allows the user to OPTIONALLY use Hiera to set values in one place
	# and have them propagate multiple related classes. This will only work if the
	# parameters are set in Hiera. It will not work if the parameters are set from
	# an ENC.
	#
	class mco_profile::middleware::activemq (
	$memoryusage = '200 mb',
	$storeusage = '1 gb',
	$tempusage = '1 gb',
	$console = false,
	$ssl_ca_cert = $mco_profile::params::ssl_ca_cert,
	$ssl_server_cert = $mco_profile::params::ssl_server_cert,
	$ssl_server_private = $mco_profile::params::ssl_server_private,
	$middleware_user = $mco_profile::params::middleware_user,
	$middleware_password = $mco_profile::params::middleware_password,
	$middleware_admin_user = $mco_profile::params::middleware_admin_user,
	$middleware_admin_password = $mco_profile::params::middleware_admin_password,
	$middleware_ssl_port = $mco_profile::params::middleware_ssl_port,
	) inherits mco_profile::params {

	# We need to know somewhat for sure exactly what configuration directory
	# will be used for ActiveMQ in order to correctly build the template.
	$confdir = $::osfamily ? {
	'Debian' => '/etc/activemq/instances-available/mcollective',
	default => '/etc/activemq',
	}

	# Set up and contain the ActiveMQ server using the puppetlabs/activemq
	# module
	class { '::activemq':
	instance => 'mcollective',
	server_config => template('mco_profile/activemq_template.erb'),
	}

	# Set up SSL configuration. Use copies of the PEM keys specified to create
	# the Java keystores.
	file { "${confdir}/ca.pem":
	owner => 'activemq',
	group => 'activemq',
	mode => '0444',
	source => $ssl_ca_cert,
	require => Class['activemq::packages'],
	}
	file { "${confdir}/server_cert.pem":
	owner => 'activemq',
	group => 'activemq',
	mode => '0444',
	source => $ssl_server_cert,
	require => Class['activemq::packages'],
	}
	file { "${confdir}/server_private.pem":
	owner => 'activemq',
	group => 'activemq',
	mode => '0400',
	source => $ssl_server_private,
	require => Class['activemq::packages'],
	}

	java_ks { 'mcollective:truststore':
	ensure => 'latest',
	certificate => "${confdir}/ca.pem",
	target => "${confdir}/truststore.jks",
	password => 'puppet',
	trustcacerts => true,
	notify => Class['activemq::service'],
	require => File["${confdir}/ca.pem"],
	} ->

	file { "${confdir}/truststore.jks":
	owner => 'activemq',
	group => 'activemq',
	mode => '0400',
	require => Class['activemq::packages'],
	before => Java_ks['mcollective:keystore'],
	}

	java_ks { 'mcollective:keystore':
	ensure => 'latest',
	certificate => "${confdir}/server_cert.pem",
	private_key => "${confdir}/server_private.pem",
	target => "${confdir}/keystore.jks",
	password => 'puppet',
	trustcacerts => true,
	before => Class['activemq::service'],
	require => [
	File["${confdir}/server_cert.pem"],
	File["${confdir}/server_private.pem"],
	],
	} ->
	file { "${confdir}/keystore.jks":
	owner => 'activemq',
	group => 'activemq',
	mode => '0400',
	require => Class['activemq::packages'],
	before => Class['activemq::service'],
	}

	}
	class mco_profile::client (
	$middleware_hosts = $mco_profile::params::middleware_hosts,
	$ssl_server_cert = $mco_profile::params::ssl_server_cert,
	$ssl_server_private = $mco_profile::params::ssl_server_private,
	$ssl_server_public = $mco_profile::params::ssl_server_public,
	$ssl_ca_cert = $mco_profile::params::ssl_ca_cert,
	$connector = $mco_profile::params::connector,
	) {

	mcollective::user { "root":
	homedir => '/root',
	certificate => $ssl_server_cert,
	private_key => $ssl_server_private,
	ssl_ca_cert => $ssl_ca_cert,
	ssl_server_public => $ssl_server_public,
	middleware_hosts => $middleware_host,
	middleware_ssl => true,
	securityprovider => 'ssl',
	connector => $connector,
	}

	# Old Example from Source
	# mcollective::user { "${::hostname}_client":
	# homedir => '/root',
	# certificate => $ssl_server_cert,
	# private_key => $ssl_server_private,
	# ssl_ca_cert => $ssl_ca_cert,
	# ssl_server_public => $ssl_server_public,
	# middleware_hosts => $middleware_host,
	# middleware_ssl => true,
	# securityprovider => 'ssl',
	# connector => $connector,
	# }

	}
	All hosts to be configured for mcollective client and server.
	/root/.mcollective is identical on all hosts

	puppet.example.org :: Puppet Master and Middleware Host
	4ee2c3b6a2d4df140ac0d08fc1527b9a /etc/activemq/server_cert.pem
	4ee2c3b6a2d4df140ac0d08fc1527b9a /etc/mcollective/server_public.pem
	4ee2c3b6a2d4df140ac0d08fc1527b9a /root/.mcollective.d/credentials/certs/root.pem # plugin.ssl_client_public
	4ee2c3b6a2d4df140ac0d08fc1527b9a /var/lib/puppet/ssl/certs/puppet.allfiled.local.pem
	8717fca2cb36cea0abb6b08eae975474 /root/.mcollective.d/credentials/private_keys/root.pem # plugin.ssl_client_private
	a142eb51e5bc8e155233c93c24b3b91b /root/.mcollective.d/credentials/certs/server_public.pem
	a142eb51e5bc8e155233c93c24b3b91b /var/lib/puppet/ssl/public_keys/puppet.allfiled.local.pem

	otherhost.example.org :: Random other host
	0c5145f0dbbe14e76d9c49d6cfca8d38 /root/.mcollective.d/credentials/private_keys/root.pem # plugin.ssl_client_private
	c5b6810023c014393626475fbf0a329c /etc/mcollective/server_public.pem
	c5b6810023c014393626475fbf0a329c /root/.mcollective.d/credentials/certs/root.pem # plugin.ssl_client_public
	c5b6810023c014393626475fbf0a329c /var/lib/puppet/ssl/certs/otherhost.example.org.pem
	ccca429bead5cdacc3b5c08c434c5f20 /root/.mcollective.d/credentials/certs/server_public.pem
	ccca429bead5cdacc3b5c08c434c5f20 /var/lib/puppet/ssl/public_keys/otherhost.example.org.pem
	# This class exists solely to aggregate the set of information that tie
	# together the MCollective middleware.
	#
	class mco_profile::params (
	$main_collective = 'mcollective',
	$collectives = undef,
	$middleware_hosts = undef, # Overwritten by the ENC
	$middleware_user = 'mcollective',
	$middleware_password = 'mcollective', # Overwritten by the ENC
	$middleware_ssl_port = '61613',
	$ssl_server_public = "${::settings::ssldir}/public_keys/${::clientcert}.pem",
	$ssl_server_private = "${::settings::ssldir}/private_keys/${::clientcert}.pem",
	$ssl_server_cert = "${::settings::ssldir}/certs/${::clientcert}.pem",
	$ssl_ca_cert = "${::settings::ssldir}/certs/ca.pem",
	$ssl_client_certs = "puppet:///modules/mco_profile/client_certs", # MODIFIED FROM EXAMPLE
	$connector = undef,
	$middleware_admin_user = 'admin',
	$middleware_admin_password = 'mcollective',
	$rabbitmq_vhost = '/mcollective',
	) {

	# No resources are declared by this class. It should only be used to set
	# Hiera parameters to propagate to inheriting classes.

	}
	classesfile = /var/lib/puppet/state/classes.txt
	collectives = mcollective
	connector = activemq
	daemonize = 1
	direct_addressing = 1
	factsource = yaml
	libdir = /usr/local/libexec/mcollective:/usr/libexec/mcollective
	logfile = /var/log/mcollective.log
	loglevel = info
	main_collective = mcollective
	plugin.actionpolicy.allow_unconfigured = 1
	plugin.activemq.base64 = yes
	plugin.activemq.heartbeat_interval = 30
	plugin.activemq.pool.1.host = puppet.example.org
	plugin.activemq.pool.1.password = marionette
	plugin.activemq.pool.1.port = 61613
	plugin.activemq.pool.1.ssl = 1
	plugin.activemq.pool.1.ssl.ca = /etc/mcollective/ca.pem
	plugin.activemq.pool.1.ssl.cert = /etc/mcollective/server_public.pem
	plugin.activemq.pool.1.ssl.fallback = 0
	plugin.activemq.pool.1.ssl.key = /etc/mcollective/server_private.pem
	plugin.activemq.pool.1.user = mcollective
	plugin.activemq.pool.size = 1
	plugin.activemq.randomize = true
	plugin.rpcaudit.logfile = /var/log/mcollective-audit.log
	plugin.ssl_client_cert_dir = /etc/mcollective/clients
	plugin.ssl_server_private = /etc/mcollective/server_private.pem
	plugin.ssl_server_public = /etc/mcollective/server_public.pem
	plugin.yaml = /etc/mcollective/facts.yaml
	rpcaudit = 1
	rpcauditprovider = logfile
	rpcauthorization = 1
	rpcauthprovider = action_policy
	securityprovider = ssl
	# This class should be applied to all servers, and sets up the MCollective
	# server. It includes its parent class "site" and uses the parameters set
	# there. Inheritance is used to ensure order of evaluation and exposition of
	# parameters without needing to call "include".
	#
	# The default parameters come from the mco_profile::params class for only one
	# reason. It allows the user to OPTIONALLY use Hiera to set values in one place
	# and have them propagate multiple related classes. This will only work if the
	# parameters are set in Hiera. It will not work if the parameters are set from
	# an ENC.
	#
	class mco_profile::server (
	$middleware_hosts = $mco_profile::params::middleware_hosts,
	$middleware_ssl_port = $mco_profile::params::middleware_ssl_port,
	$middleware_user = $mco_profile::params::middleware_user,
	$middleware_password = $mco_profile::params::middleware_password,
	$main_collective = $mco_profile::params::main_collective,
	$collectives = $mco_profile::params::collectives,
	$connector = $mco_profile::params::connector,
	$ssl_server_cert = $mco_profile::params::ssl_server_cert,
	$ssl_server_private = $mco_profile::params::ssl_server_private,
	$ssl_ca_cert = $mco_profile::params::ssl_ca_cert,
	$ssl_client_certs = $mco_profile::params::ssl_client_certs,
	) inherits mco_profile::params {

	class { '::mcollective':
	client => true,
	server => true,
	securityprovider => 'ssl',
	middleware_ssl => true,
	middleware_hosts => $middleware_hosts,
	middleware_ssl_port => $middleware_ssl_port,
	middleware_user => $middleware_user,
	middleware_password => $middleware_password,
	main_collective => $main_collective,
	collectives => $collectives,
	connector => $connector,
	ssl_server_public => $ssl_server_cert,
	ssl_server_private => $ssl_server_private,
	ssl_ca_cert => $ssl_ca_cert,
	ssl_client_certs => $ssl_client_certs,
	}

	}