Mercurial > repos > other > Puppet

comparison modules/website/manifests/https/redir.pp @ 8:16e9e26337be

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Lock down ownership and permissions on certificates
author IBBoard <dev@ibboard.co.uk>
date Wed, 08 Oct 2014 19:45:54 +0000
parents 956e484adc12
children 4b42f65ae875
comparison
equal deleted inserted replaced
7:3523e4c2604c 8:16e9e26337be
35 } 35 }
36 36
37 if $ssl_cert == undef { 37 if $ssl_cert == undef {
38 $sslcert = "${website::certdir}/${shortdomain}.crt" 38 $sslcert = "${website::certdir}/${shortdomain}.crt"
39 $sslkey = "${website::certdir}/${shortdomain}.key" 39 $sslkey = "${website::certdir}/${shortdomain}.key"
40 File {
41 mode => '0400',
42 owner => 'root',
43 group => 'root',
44 }
40 if ! defined(File[$sslcert]) { 45 if ! defined(File[$sslcert]) {
41 file { $sslcert: 46 file { $sslcert:
42 source => "puppet:///private/pki/custom/${shortdomain}.crt", 47 source => "puppet:///private/pki/custom/${shortdomain}.crt",
43 before => Apache::Vhost[$name], 48 before => Apache::Vhost[$name],
44 notify => Service['httpd'], 49 notify => Service['httpd'],
45 ensure => present; 50 ensure => present;
46 } 51 }
47 } 52 }
48 if ! defined(File["/etc/pki/custom/$ssl_chain"]) { 53 if ! defined(File["/etc/pki/custom/$ssl_chain"]) {
49 file { $ssslkey: 54 file { $sslkey:
50 source => "puppet:///private/pki/custom/${shortdomain}.key", 55 source => "puppet:///private/pki/custom/${shortdomain}.key",
51 before => Apache::Vhost[$name], 56 before => Apache::Vhost[$name],
52 notify => Service['httpd'], 57 notify => Service['httpd'],
53 ensure => present; 58 ensure => present;
54 } 59 }