Revision 38316a3e
Added by Eric Helms 27 days ago
manifests/apache.pp | ||
---|---|---|
Stdlib::Absolutepath $pki_dir = $certs::pki_dir,
|
||
Optional[Stdlib::Absolutepath] $server_cert = $certs::server_cert,
|
||
Optional[Stdlib::Absolutepath] $server_key = $certs::server_key,
|
||
Optional[Stdlib::Absolutepath] $server_cert_req = $certs::server_cert_req,
|
||
String[2,2] $country = $certs::country,
|
||
String $state = $certs::state,
|
||
String $city = $certs::city,
|
||
... | ... | |
# This variable is unused but considered public API
|
||
$apache_ca_cert = $certs::katello_server_ca_cert
|
||
|
||
$apache_cert_path = "${certs::ssl_build_dir}/${hostname}/${apache_cert_name}"
|
||
|
||
if $server_cert {
|
||
cert { $apache_cert_name:
|
||
ensure => present,
|
||
hostname => $hostname,
|
||
cname => $cname,
|
||
generate => $generate,
|
||
deploy => false,
|
||
regenerate => $regenerate,
|
||
custom_pubkey => $server_cert,
|
||
custom_privkey => $server_key,
|
||
custom_req => $server_cert_req,
|
||
build_dir => $certs::ssl_build_dir,
|
||
file { "${apache_cert_path}.crt":
|
||
ensure => file,
|
||
source => $server_cert,
|
||
owner => 'root',
|
||
group => 'root',
|
||
mode => '0440',
|
||
}
|
||
file { "${apache_cert_path}.key":
|
||
ensure => file,
|
||
source => $server_key,
|
||
owner => 'root',
|
||
group => 'root',
|
||
mode => '0440',
|
||
}
|
||
|
||
$require_cert = File["${apache_cert_path}.crt"]
|
||
} else {
|
||
cert { $apache_cert_name:
|
||
ensure => present,
|
||
... | ... | |
password_file => $ca_key_password_file,
|
||
build_dir => $certs::ssl_build_dir,
|
||
}
|
||
|
||
$require_cert = Cert[$apache_cert_name]
|
||
}
|
||
|
||
if $deploy {
|
||
... | ... | |
cert_owner => 'root',
|
||
cert_group => $group,
|
||
cert_mode => '0440',
|
||
require => Cert[$apache_cert_name],
|
||
require => $require_cert,
|
||
}
|
||
}
|
||
}
|
Also available in: Unified diff
Copy server cert for Apache using file resource