Mercurial > repos > other > Puppet
comparison modules/website/manifests/https/redir.pp @ 133:9337c9ce648a puppet-3.6
Switch to using LetsEncrypt certs by default
author | IBBoard <dev@ibboard.co.uk> |
---|---|
date | Fri, 11 Nov 2016 17:15:23 +0000 |
parents | 501afb45ffc7 |
children | 765e72629b3e |
comparison
equal
deleted
inserted
replaced
132:9af4b04c2667 | 133:9337c9ce648a |
---|---|
4 $docroot = undef, | 4 $docroot = undef, |
5 $ip = $website::primary_ip, | 5 $ip = $website::primary_ip, |
6 $redir, | 6 $redir, |
7 $ssl_cert = undef, | 7 $ssl_cert = undef, |
8 $ssl_key = undef, | 8 $ssl_key = undef, |
9 $ssl_ca_chain = $website::ca_chain, | 9 $ssl_ca_chain = undef, |
10 $docroot_owner = undef, | 10 $docroot_owner = undef, |
11 $docroot_group = undef, | 11 $docroot_group = undef, |
12 $serveraliases = [], | 12 $serveraliases = [], |
13 $ensure = 'present', | 13 $ensure = 'present', |
14 $separate_log = false, | 14 $separate_log = false, |
33 } else { | 33 } else { |
34 $siteroot = $docroot | 34 $siteroot = $docroot |
35 } | 35 } |
36 | 36 |
37 if $ssl_cert == undef { | 37 if $ssl_cert == undef { |
38 $sslcert = "${website::certdir}/${shortdomain}.crt" | 38 $sslcert = "/etc/letsencrypt/live/${::fqdn}/cert.pem" |
39 $sslkey = "${website::certdir}/${shortdomain}.key" | 39 $sslkey = "/etc/letsencrypt/live/${::fqdn}/privkey.pem" |
40 File { | |
41 mode => '0400', | |
42 owner => 'root', | |
43 group => 'root', | |
44 } | |
45 if ! defined(File[$sslcert]) { | |
46 file { $sslcert: | |
47 source => "puppet:///private/pki/custom/${shortdomain}.crt", | |
48 before => Apache::Vhost[$name], | |
49 notify => Service['httpd'], | |
50 ensure => present; | |
51 } | |
52 } | |
53 if ! defined(File[$sslkey]) { | |
54 file { $sslkey: | |
55 source => "puppet:///private/pki/custom/${shortdomain}.key", | |
56 before => Apache::Vhost[$name], | |
57 notify => Service['httpd'], | |
58 ensure => present; | |
59 } | |
60 } | |
61 } else { | 40 } else { |
62 $sslcert = $ssl_cert | 41 $sslcert = $ssl_cert |
63 $sslkey = $ssl_key | 42 $sslkey = $ssl_key |
64 } | 43 } |
65 | 44 |
66 if $ssl_ca_chain == '' { | 45 if $ssl_ca_chain == undef { |
46 $ssl_chain = $website::ca_chain | |
47 } | |
48 elsif $ssl_ca_chain == '' { | |
67 # Special case where we're directly under the CA and don't want to unnecessarily send the CA cert | 49 # Special case where we're directly under the CA and don't want to unnecessarily send the CA cert |
68 $ssl_chain = undef | 50 $ssl_chain = undef |
69 } else { | 51 } else { |
70 $ssl_chain = "/etc/pki/custom/$ssl_ca_chain" | 52 $ssl_chain = "/etc/pki/custom/$ssl_ca_chain" |
71 if ! defined(File[$ssl_chain]) { | 53 if ! defined(File[$ssl_chain]) { |