other/Puppet: modules/apache/manifests/mod/ssl.pp annotate

annotate modules/apache/manifests/mod/ssl.pp @ 482:d83de9b3a62b default tip

Update hiera.yaml within Puppet config Forgot that we manage it from here. Now has content to match new packages

author	IBBoard <dev@ibboard.co.uk>
date	Fri, 30 Aug 2024 16:10:36 +0100
parents	adf6fe9bbc17
children

rev	line source
275 d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	1 # @summary
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	2 # Installs `mod_ssl`.
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	3 #
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	4 # @param ssl_compression
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	5 # Enable compression on the SSL level.
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	6 #
437 b8d6ada284dd Update Apache module to latest version IBBoard <dev@ibboard.co.uk> parents: 275 diff changeset	7 # @param ssl_sessiontickets
b8d6ada284dd Update Apache module to latest version IBBoard <dev@ibboard.co.uk> parents: 275 diff changeset	8 # Enable or disable use of TLS session tickets
b8d6ada284dd Update Apache module to latest version IBBoard <dev@ibboard.co.uk> parents: 275 diff changeset	9 #
275 d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	10 # @param ssl_cryptodevice
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	11 # Enable use of a cryptographic hardware accelerator.
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	12 #
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	13 # @param ssl_options
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	14 # Configure various SSL engine run-time options.
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	15 #
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	16 # @param ssl_openssl_conf_cmd
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	17 # Configure OpenSSL parameters through its SSL_CONF API.
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	18 #
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	19 # @param ssl_cert
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	20 # Path to server PEM-encoded X.509 certificate data file.
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	21 #
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	22 # @param ssl_key
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	23 # Path to server PEM-encoded private key file
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	24 #
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	25 # @param ssl_ca
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	26 # File of concatenated PEM-encoded CA Certificates for Client Auth.
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	27 #
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	28 # @param ssl_cipher
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	29 # Cipher Suite available for negotiation in SSL handshake.
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	30 #
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	31 # @param ssl_honorcipherorder
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	32 # Option to prefer the server's cipher preference order.
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	33 #
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	34 # @param ssl_protocol
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	35 # Configure usable SSL/TLS protocol versions.
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	36 # Default based on the OS:
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	37 # - RedHat 8: [ 'all' ].
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	38 # - Other Platforms: [ 'all', '-SSLv2', '-SSLv3' ].
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	39 #
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	40 # @param ssl_proxy_protocol
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	41 # Configure usable SSL protocol flavors for proxy usage.
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	42 #
478 adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 437 diff changeset	43 # @param ssl_proxy_cipher_suite
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 437 diff changeset	44 # Configure usable SSL ciphers for proxy usage. Equivalent to ssl_cipher but for proxy connections.
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 437 diff changeset	45 #
275 d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	46 # @param ssl_pass_phrase_dialog
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	47 # Type of pass phrase dialog for encrypted private keys.
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	48 #
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	49 # @param ssl_random_seed_bytes
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	50 # Pseudo Random Number Generator (PRNG) seeding source.
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	51 #
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	52 # @param ssl_sessioncache
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	53 # Configures the storage type of the global/inter-process SSL Session Cache
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	54 #
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	55 # @param ssl_sessioncachetimeout
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	56 # Number of seconds before an SSL session expires in the Session Cache.
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	57 #
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	58 # @param ssl_stapling
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	59 # Enable stapling of OCSP responses in the TLS handshake.
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	60 #
437 b8d6ada284dd Update Apache module to latest version IBBoard <dev@ibboard.co.uk> parents: 275 diff changeset	61 # @param stapling_cache
b8d6ada284dd Update Apache module to latest version IBBoard <dev@ibboard.co.uk> parents: 275 diff changeset	62 # Configures the cache used to store OCSP responses which get included in
b8d6ada284dd Update Apache module to latest version IBBoard <dev@ibboard.co.uk> parents: 275 diff changeset	63 # the TLS handshake if SSLUseStapling is enabled.
b8d6ada284dd Update Apache module to latest version IBBoard <dev@ibboard.co.uk> parents: 275 diff changeset	64 #
275 d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	65 # @param ssl_stapling_return_errors
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	66 # Pass stapling related OCSP errors on to client.
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	67 #
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	68 # @param ssl_mutex
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	69 # Configures mutex mechanism and lock file directory for all or specified mutexes.
437 b8d6ada284dd Update Apache module to latest version IBBoard <dev@ibboard.co.uk> parents: 275 diff changeset	70 #
b8d6ada284dd Update Apache module to latest version IBBoard <dev@ibboard.co.uk> parents: 275 diff changeset	71 # @param ssl_reload_on_change
b8d6ada284dd Update Apache module to latest version IBBoard <dev@ibboard.co.uk> parents: 275 diff changeset	72 # Enable reloading of apache if the content of ssl files have changed. It only affects ssl files configured here and not vhost ones.
275 d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	73 #
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	74 # @param package_name
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	75 # Name of ssl package to install.
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	76 #
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	77 # On most operating systems, the ssl.conf is placed in the module configuration directory. On Red Hat based operating systems, this
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	78 # file is placed in /etc/httpd/conf.d, the same location in which the RPM stores the configuration.
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	79 #
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	80 # To use SSL with a virtual host, you must either set the default_ssl_vhost parameter in ::apache to true or the ssl parameter in
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	81 # apache::vhost to true.
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	82 #
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	83 # @see https://httpd.apache.org/docs/current/mod/mod_ssl.html for additional documentation.
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	84 #
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	85 class apache::mod::ssl (
275 d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	86 Boolean $ssl_compression = false,
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	87 Optional[Boolean] $ssl_sessiontickets = undef,
437 b8d6ada284dd Update Apache module to latest version IBBoard <dev@ibboard.co.uk> parents: 275 diff changeset	88 String $ssl_cryptodevice = 'builtin',
b8d6ada284dd Update Apache module to latest version IBBoard <dev@ibboard.co.uk> parents: 275 diff changeset	89 Array[String] $ssl_options = ['StdEnvVars'],
b8d6ada284dd Update Apache module to latest version IBBoard <dev@ibboard.co.uk> parents: 275 diff changeset	90 Optional[String] $ssl_openssl_conf_cmd = undef,
b8d6ada284dd Update Apache module to latest version IBBoard <dev@ibboard.co.uk> parents: 275 diff changeset	91 Optional[Stdlib::Absolutepath] $ssl_cert = undef,
b8d6ada284dd Update Apache module to latest version IBBoard <dev@ibboard.co.uk> parents: 275 diff changeset	92 Optional[Stdlib::Absolutepath] $ssl_key = undef,
b8d6ada284dd Update Apache module to latest version IBBoard <dev@ibboard.co.uk> parents: 275 diff changeset	93 Optional[Stdlib::Absolutepath] $ssl_ca = undef,
478 adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 437 diff changeset	94 Variant[String[1], Hash[String[1], String[1]]] $ssl_cipher = $apache::params::ssl_cipher,
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 437 diff changeset	95 Variant[Boolean, Apache::OnOff] $ssl_honorcipherorder = true,
437 b8d6ada284dd Update Apache module to latest version IBBoard <dev@ibboard.co.uk> parents: 275 diff changeset	96 Array[String] $ssl_protocol = $apache::params::ssl_protocol,
275 d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	97 Array $ssl_proxy_protocol = [],
478 adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 437 diff changeset	98 Optional[String[1]] $ssl_proxy_cipher_suite = $apache::params::ssl_proxy_cipher_suite,
437 b8d6ada284dd Update Apache module to latest version IBBoard <dev@ibboard.co.uk> parents: 275 diff changeset	99 String $ssl_pass_phrase_dialog = 'builtin',
b8d6ada284dd Update Apache module to latest version IBBoard <dev@ibboard.co.uk> parents: 275 diff changeset	100 Integer $ssl_random_seed_bytes = 512,
b8d6ada284dd Update Apache module to latest version IBBoard <dev@ibboard.co.uk> parents: 275 diff changeset	101 String $ssl_sessioncache = $apache::params::ssl_sessioncache,
b8d6ada284dd Update Apache module to latest version IBBoard <dev@ibboard.co.uk> parents: 275 diff changeset	102 Integer $ssl_sessioncachetimeout = 300,
275 d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	103 Boolean $ssl_stapling = false,
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	104 Optional[String] $stapling_cache = undef,
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	105 Optional[Boolean] $ssl_stapling_return_errors = undef,
478 adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 437 diff changeset	106 String $ssl_mutex = 'default',
437 b8d6ada284dd Update Apache module to latest version IBBoard <dev@ibboard.co.uk> parents: 275 diff changeset	107 Boolean $ssl_reload_on_change = false,
b8d6ada284dd Update Apache module to latest version IBBoard <dev@ibboard.co.uk> parents: 275 diff changeset	108 Optional[String] $package_name = undef,
b8d6ada284dd Update Apache module to latest version IBBoard <dev@ibboard.co.uk> parents: 275 diff changeset	109 ) inherits apache::params {
b8d6ada284dd Update Apache module to latest version IBBoard <dev@ibboard.co.uk> parents: 275 diff changeset	110 include apache
b8d6ada284dd Update Apache module to latest version IBBoard <dev@ibboard.co.uk> parents: 275 diff changeset	111 include apache::mod::mime
257 675c1cc61eaf Update Apache module to get CentOS 8 support IBBoard <dev@ibboard.co.uk> parents: 36 diff changeset	112
275 d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	113 if $ssl_honorcipherorder =~ Boolean {
257 675c1cc61eaf Update Apache module to get CentOS 8 support IBBoard <dev@ibboard.co.uk> parents: 36 diff changeset	114 $_ssl_honorcipherorder = $ssl_honorcipherorder
675c1cc61eaf Update Apache module to get CentOS 8 support IBBoard <dev@ibboard.co.uk> parents: 36 diff changeset	115 } else {
675c1cc61eaf Update Apache module to get CentOS 8 support IBBoard <dev@ibboard.co.uk> parents: 36 diff changeset	116 $_ssl_honorcipherorder = $ssl_honorcipherorder ? {
675c1cc61eaf Update Apache module to get CentOS 8 support IBBoard <dev@ibboard.co.uk> parents: 36 diff changeset	117 'on' => true,
478 adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 437 diff changeset	118 'On' => true,
257 675c1cc61eaf Update Apache module to get CentOS 8 support IBBoard <dev@ibboard.co.uk> parents: 36 diff changeset	119 'off' => false,
478 adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 437 diff changeset	120 'Off' => false,
257 675c1cc61eaf Update Apache module to get CentOS 8 support IBBoard <dev@ibboard.co.uk> parents: 36 diff changeset	121 default => true,
675c1cc61eaf Update Apache module to get CentOS 8 support IBBoard <dev@ibboard.co.uk> parents: 36 diff changeset	122 }
675c1cc61eaf Update Apache module to get CentOS 8 support IBBoard <dev@ibboard.co.uk> parents: 36 diff changeset	123 }
675c1cc61eaf Update Apache module to get CentOS 8 support IBBoard <dev@ibboard.co.uk> parents: 36 diff changeset	124
275 d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	125 if $stapling_cache =~ Undef {
437 b8d6ada284dd Update Apache module to latest version IBBoard <dev@ibboard.co.uk> parents: 275 diff changeset	126 $_stapling_cache = $facts['os']['family'] ? {
478 adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 437 diff changeset	127 'Debian' => "\${APACHE_RUN_DIR}/ocsp(32768)",
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 437 diff changeset	128 'RedHat' => '/run/httpd/ssl_stapling(32768)',
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 437 diff changeset	129 'FreeBSD' => '/var/run/ssl_stapling(32768)',
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 437 diff changeset	130 'Gentoo' => '/var/run/ssl_stapling(32768)',
275 d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	131 'Suse' => '/var/lib/apache2/ssl_stapling(32768)',
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	132 }
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	133 } else {
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	134 $_stapling_cache = $stapling_cache
257 675c1cc61eaf Update Apache module to get CentOS 8 support IBBoard <dev@ibboard.co.uk> parents: 36 diff changeset	135 }
675c1cc61eaf Update Apache module to get CentOS 8 support IBBoard <dev@ibboard.co.uk> parents: 36 diff changeset	136
437 b8d6ada284dd Update Apache module to latest version IBBoard <dev@ibboard.co.uk> parents: 275 diff changeset	137 if $facts['os']['family'] == 'Suse' {
b8d6ada284dd Update Apache module to latest version IBBoard <dev@ibboard.co.uk> parents: 275 diff changeset	138 if defined(Class['apache::mod::worker']) {
257 675c1cc61eaf Update Apache module to get CentOS 8 support IBBoard <dev@ibboard.co.uk> parents: 36 diff changeset	139 $suse_path = '/usr/lib64/apache2-worker'
675c1cc61eaf Update Apache module to get CentOS 8 support IBBoard <dev@ibboard.co.uk> parents: 36 diff changeset	140 } else {
275 d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	141 $suse_path = '/usr/lib64/apache2-prefork'
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	142 }
257 675c1cc61eaf Update Apache module to get CentOS 8 support IBBoard <dev@ibboard.co.uk> parents: 36 diff changeset	143 ::apache::mod { 'ssl':
675c1cc61eaf Update Apache module to get CentOS 8 support IBBoard <dev@ibboard.co.uk> parents: 36 diff changeset	144 package => $package_name,
675c1cc61eaf Update Apache module to get CentOS 8 support IBBoard <dev@ibboard.co.uk> parents: 36 diff changeset	145 lib_path => $suse_path,
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	146 }
257 675c1cc61eaf Update Apache module to get CentOS 8 support IBBoard <dev@ibboard.co.uk> parents: 36 diff changeset	147 } else {
675c1cc61eaf Update Apache module to get CentOS 8 support IBBoard <dev@ibboard.co.uk> parents: 36 diff changeset	148 ::apache::mod { 'ssl':
675c1cc61eaf Update Apache module to get CentOS 8 support IBBoard <dev@ibboard.co.uk> parents: 36 diff changeset	149 package => $package_name,
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	150 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	151 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	152
478 adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 437 diff changeset	153 include apache::mod::socache_shmcb
437 b8d6ada284dd Update Apache module to latest version IBBoard <dev@ibboard.co.uk> parents: 275 diff changeset	154
b8d6ada284dd Update Apache module to latest version IBBoard <dev@ibboard.co.uk> parents: 275 diff changeset	155 if $ssl_reload_on_change {
b8d6ada284dd Update Apache module to latest version IBBoard <dev@ibboard.co.uk> parents: 275 diff changeset	156 [$ssl_cert, $ssl_key, $ssl_ca].each \|$ssl_file\| {
b8d6ada284dd Update Apache module to latest version IBBoard <dev@ibboard.co.uk> parents: 275 diff changeset	157 if $ssl_file {
b8d6ada284dd Update Apache module to latest version IBBoard <dev@ibboard.co.uk> parents: 275 diff changeset	158 include apache::mod::ssl::reload
b8d6ada284dd Update Apache module to latest version IBBoard <dev@ibboard.co.uk> parents: 275 diff changeset	159 $_ssl_file_copy = regsubst($ssl_file, '/', '_', 'G')
b8d6ada284dd Update Apache module to latest version IBBoard <dev@ibboard.co.uk> parents: 275 diff changeset	160 file { $_ssl_file_copy:
b8d6ada284dd Update Apache module to latest version IBBoard <dev@ibboard.co.uk> parents: 275 diff changeset	161 path => "${apache::params::puppet_ssl_dir}/${_ssl_file_copy}",
b8d6ada284dd Update Apache module to latest version IBBoard <dev@ibboard.co.uk> parents: 275 diff changeset	162 source => "file://${ssl_file}",
b8d6ada284dd Update Apache module to latest version IBBoard <dev@ibboard.co.uk> parents: 275 diff changeset	163 owner => 'root',
b8d6ada284dd Update Apache module to latest version IBBoard <dev@ibboard.co.uk> parents: 275 diff changeset	164 group => $apache::params::root_group,
b8d6ada284dd Update Apache module to latest version IBBoard <dev@ibboard.co.uk> parents: 275 diff changeset	165 mode => '0640',
b8d6ada284dd Update Apache module to latest version IBBoard <dev@ibboard.co.uk> parents: 275 diff changeset	166 seltype => 'cert_t',
b8d6ada284dd Update Apache module to latest version IBBoard <dev@ibboard.co.uk> parents: 275 diff changeset	167 notify => Class['apache::service'],
b8d6ada284dd Update Apache module to latest version IBBoard <dev@ibboard.co.uk> parents: 275 diff changeset	168 }
b8d6ada284dd Update Apache module to latest version IBBoard <dev@ibboard.co.uk> parents: 275 diff changeset	169 }
b8d6ada284dd Update Apache module to latest version IBBoard <dev@ibboard.co.uk> parents: 275 diff changeset	170 }
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	171 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	172
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	173 # Template uses
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	174 #
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	175 # $ssl_compression
275 d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	176 # $ssl_sessiontickets
257 675c1cc61eaf Update Apache module to get CentOS 8 support IBBoard <dev@ibboard.co.uk> parents: 36 diff changeset	177 # $ssl_cryptodevice
275 d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	178 # $ssl_ca
257 675c1cc61eaf Update Apache module to get CentOS 8 support IBBoard <dev@ibboard.co.uk> parents: 36 diff changeset	179 # $ssl_cipher
675c1cc61eaf Update Apache module to get CentOS 8 support IBBoard <dev@ibboard.co.uk> parents: 36 diff changeset	180 # $ssl_honorcipherorder
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	181 # $ssl_options
257 675c1cc61eaf Update Apache module to get CentOS 8 support IBBoard <dev@ibboard.co.uk> parents: 36 diff changeset	182 # $ssl_openssl_conf_cmd
275 d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	183 # $ssl_sessioncache
d9352a684e62 Mass update of modules to remove deprecation warnings IBBoard <dev@ibboard.co.uk> parents: 257 diff changeset	184 # $_stapling_cache
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	185 # $ssl_mutex
257 675c1cc61eaf Update Apache module to get CentOS 8 support IBBoard <dev@ibboard.co.uk> parents: 36 diff changeset	186 # $ssl_random_seed_bytes
675c1cc61eaf Update Apache module to get CentOS 8 support IBBoard <dev@ibboard.co.uk> parents: 36 diff changeset	187 # $ssl_sessioncachetimeout
478 adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 437 diff changeset	188 $parameters = {
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 437 diff changeset	189 'ssl_random_seed_bytes' => $ssl_random_seed_bytes,
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 437 diff changeset	190 'ssl_pass_phrase_dialog' => $ssl_pass_phrase_dialog,
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 437 diff changeset	191 'ssl_sessioncache' => $ssl_sessioncache,
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 437 diff changeset	192 'ssl_sessioncachetimeout' => $ssl_sessioncachetimeout,
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 437 diff changeset	193 'ssl_mutex' => $ssl_mutex,
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 437 diff changeset	194 'ssl_compression' => $ssl_compression,
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 437 diff changeset	195 'ssl_sessiontickets' => $ssl_sessiontickets,
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 437 diff changeset	196 'ssl_cryptodevice' => $ssl_cryptodevice,
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 437 diff changeset	197 '_ssl_honorcipherorder' => $_ssl_honorcipherorder,
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 437 diff changeset	198 'ssl_cert' => $ssl_cert,
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 437 diff changeset	199 'ssl_key' => $ssl_key,
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 437 diff changeset	200 'ssl_ca' => $ssl_ca,
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 437 diff changeset	201 'ssl_stapling' => $ssl_stapling,
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 437 diff changeset	202 'ssl_stapling_return_errors' => $ssl_stapling_return_errors,
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 437 diff changeset	203 '_stapling_cache' => $_stapling_cache,
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 437 diff changeset	204 'ssl_cipher' => $ssl_cipher,
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 437 diff changeset	205 'ssl_protocol' => $ssl_protocol,
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 437 diff changeset	206 'ssl_proxy_protocol' => $ssl_proxy_protocol,
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 437 diff changeset	207 'ssl_proxy_cipher_suite' => $ssl_proxy_cipher_suite,
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 437 diff changeset	208 'ssl_options' => $ssl_options,
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 437 diff changeset	209 'ssl_openssl_conf_cmd' => $ssl_openssl_conf_cmd,
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 437 diff changeset	210 }
adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 437 diff changeset	211
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	212 file { 'ssl.conf':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	213 ensure => file,
437 b8d6ada284dd Update Apache module to latest version IBBoard <dev@ibboard.co.uk> parents: 275 diff changeset	214 path => $apache::_ssl_file,
b8d6ada284dd Update Apache module to latest version IBBoard <dev@ibboard.co.uk> parents: 275 diff changeset	215 mode => $apache::file_mode,
478 adf6fe9bbc17 Update Puppet modules to latest versions IBBoard <dev@ibboard.co.uk> parents: 437 diff changeset	216 content => epp('apache/mod/ssl.conf.epp', $parameters),
437 b8d6ada284dd Update Apache module to latest version IBBoard <dev@ibboard.co.uk> parents: 275 diff changeset	217 require => Exec["mkdir ${apache::mod_dir}"],
b8d6ada284dd Update Apache module to latest version IBBoard <dev@ibboard.co.uk> parents: 275 diff changeset	218 before => File[$apache::mod_dir],
36 37675581a273 Update Puppet module for Apache (pulls in concat module) IBBoard <dev@ibboard.co.uk> parents: 0 diff changeset	219 notify => Class['apache::service'],
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	220 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	221 }

Mercurial > repos > other > Puppet

annotate modules/apache/manifests/mod/ssl.pp @ 482:d83de9b3a62b default tip