Mercurial > repos > other > Puppet

comparison modules/website/manifests/https.pp @ 133:9337c9ce648a puppet-3.6

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Switch to using LetsEncrypt certs by default
author IBBoard <dev@ibboard.co.uk>
date Fri, 11 Nov 2016 17:15:23 +0000
parents ef0926ee389a
children 765e72629b3e
comparison
equal deleted inserted replaced
132:9af4b04c2667 133:9337c9ce648a
3 define website::https( 3 define website::https(
4 $docroot = undef, 4 $docroot = undef,
5 $ip = $website::primary_ip, 5 $ip = $website::primary_ip,
6 $ssl_cert = undef, 6 $ssl_cert = undef,
7 $ssl_key = undef, 7 $ssl_key = undef,
8 $ssl_ca_chain = $website::ca_chain, 8 $ssl_ca_chain = undef,
9 $priority = undef, 9 $priority = undef,
10 $docroot_owner = undef, 10 $docroot_owner = undef,
11 $docroot_group = undef, 11 $docroot_group = undef,
12 $serveraliases = [], 12 $serveraliases = [],
13 $ensure = 'present', 13 $ensure = 'present',
68 } else { 68 } else {
69 $siteroot = $docroot 69 $siteroot = $docroot
70 } 70 }
71 71
72 if $ssl_cert == undef { 72 if $ssl_cert == undef {
73 $sslcert = "${website::certdir}/${shortdomain}.crt" 73 $sslcert = "/etc/letsencrypt/live/${::fqdn}/cert.pem"
74 $sslkey = "${website::certdir}/${shortdomain}.key" 74 $sslkey = "/etc/letsencrypt/live/${::fqdn}/privkey.pem"
75 File {
76 mode => '0400',
77 owner => 'root',
78 group => 'root',
79 }
80 file { $sslcert:
81 source => "puppet:///private/pki/custom/${shortdomain}.crt",
82 before => Apache::Vhost[$name],
83 notify => Service['httpd'],
84 ensure => present;
85 }
86 file { $sslkey:
87 source => "puppet:///private/pki/custom/${shortdomain}.key",
88 before => Apache::Vhost[$name],
89 notify => Service['httpd'],
90 ensure => present;
91 }
92 } else { 75 } else {
93 $sslcert = $ssl_cert 76 $sslcert = $ssl_cert
94 $sslkey = $ssl_key 77 $sslkey = $ssl_key
95 } 78 }
96 79
97 if $ssl_ca_chain == '' { 80 if $ssl_ca_chain == undef {
81 $ssl_chain = $website::ca_chain
82 }
83 elsif $ssl_ca_chain == '' {
98 # Special case where we're directly under the CA and don't want to unnecessarily send the CA cert 84 # Special case where we're directly under the CA and don't want to unnecessarily send the CA cert
99 $ssl_chain = undef 85 $ssl_chain = undef
100 } else { 86 } else {
101 $ssl_chain = "/etc/pki/custom/$ssl_ca_chain" 87 $ssl_chain = "/etc/pki/custom/$ssl_ca_chain"
102 if ! defined(File[$ssl_chain]) { 88 if ! defined(File[$ssl_chain]) {