Mercurial > repos > other > Puppet

comparison modules/website/manifests/https.pp @ 256:0ebd8efeef04

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Merge Puppet divergences and fix SSL chain issues it caused
author IBBoard <dev@ibboard.co.uk>
date Sun, 29 Dec 2019 15:31:28 +0000
parents 4519b727cc4c
children f99974dc0f1a
comparison
equal deleted inserted replaced
255:d4b2bdfe47a6 256:0ebd8efeef04
104 } else { 104 } else {
105 $sslcert = "/etc/letsencrypt/live/${::fqdn}/cert.pem" 105 $sslcert = "/etc/letsencrypt/live/${::fqdn}/cert.pem"
106 $sslkey = "/etc/letsencrypt/live/${::fqdn}/privkey.pem" 106 $sslkey = "/etc/letsencrypt/live/${::fqdn}/privkey.pem"
107 } 107 }
108 108
109 if $ssl_ca_chain != '' { 109 if $ssl_ca_chain == '' and '' in [$ssl_ca_chain] {
110 # Special case where we're directly under the CA and don't want to unnecessarily send the CA cert
111 $ssl_chain = undef
112 } elsif $ssl_ca_chain != undef {
110 $ssl_chain = "/etc/pki/custom/$ssl_ca_chain" 113 $ssl_chain = "/etc/pki/custom/$ssl_ca_chain"
111 if ! defined(File[$ssl_chain]) { 114 if ! defined(File[$ssl_chain]) {
112 file { $ssl_chain: 115 file { $ssl_chain:
113 ensure => present, 116 ensure => present,
114 source => "puppet:///private/pki/custom/$ssl_ca_chain", 117 source => "puppet:///private/pki/custom/$ssl_ca_chain",
115 notify => Service['httpd'], 118 notify => Service['httpd'],
116 } 119 }
117 } 120 }
118 } elsif $ssl_ca_chain == '' and '' in [$ssl_ca_chain] {
119 # Special case where we're directly under the CA and don't want to unnecessarily send the CA cert
120 $ssl_chain = undef
121 } elsif $letsencrypt_name != undef { 121 } elsif $letsencrypt_name != undef {
122 $ssl_chain = "/etc/letsencrypt/live/${letsencrypt_name}/chain.pem" 122 $ssl_chain = "/etc/letsencrypt/live/${letsencrypt_name}/chain.pem"
123 } else { 123 } else {
124 $ssl_chain = $website::ca_chain 124 $ssl_chain = $website::ca_chain
125 } 125 }