Mercurial > repos > other > Puppet

comparison modules/website/manifests/https/redir.pp @ 133:9337c9ce648a puppet-3.6

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Switch to using LetsEncrypt certs by default
author IBBoard <dev@ibboard.co.uk>
date Fri, 11 Nov 2016 17:15:23 +0000
parents 501afb45ffc7
children 765e72629b3e
comparison
equal deleted inserted replaced
132:9af4b04c2667 133:9337c9ce648a
4 $docroot = undef, 4 $docroot = undef,
5 $ip = $website::primary_ip, 5 $ip = $website::primary_ip,
6 $redir, 6 $redir,
7 $ssl_cert = undef, 7 $ssl_cert = undef,
8 $ssl_key = undef, 8 $ssl_key = undef,
9 $ssl_ca_chain = $website::ca_chain, 9 $ssl_ca_chain = undef,
10 $docroot_owner = undef, 10 $docroot_owner = undef,
11 $docroot_group = undef, 11 $docroot_group = undef,
12 $serveraliases = [], 12 $serveraliases = [],
13 $ensure = 'present', 13 $ensure = 'present',
14 $separate_log = false, 14 $separate_log = false,
33 } else { 33 } else {
34 $siteroot = $docroot 34 $siteroot = $docroot
35 } 35 }
36 36
37 if $ssl_cert == undef { 37 if $ssl_cert == undef {
38 $sslcert = "${website::certdir}/${shortdomain}.crt" 38 $sslcert = "/etc/letsencrypt/live/${::fqdn}/cert.pem"
39 $sslkey = "${website::certdir}/${shortdomain}.key" 39 $sslkey = "/etc/letsencrypt/live/${::fqdn}/privkey.pem"
40 File {
41 mode => '0400',
42 owner => 'root',
43 group => 'root',
44 }
45 if ! defined(File[$sslcert]) {
46 file { $sslcert:
47 source => "puppet:///private/pki/custom/${shortdomain}.crt",
48 before => Apache::Vhost[$name],
49 notify => Service['httpd'],
50 ensure => present;
51 }
52 }
53 if ! defined(File[$sslkey]) {
54 file { $sslkey:
55 source => "puppet:///private/pki/custom/${shortdomain}.key",
56 before => Apache::Vhost[$name],
57 notify => Service['httpd'],
58 ensure => present;
59 }
60 }
61 } else { 40 } else {
62 $sslcert = $ssl_cert 41 $sslcert = $ssl_cert
63 $sslkey = $ssl_key 42 $sslkey = $ssl_key
64 } 43 }
65 44
66 if $ssl_ca_chain == '' { 45 if $ssl_ca_chain == undef {
46 $ssl_chain = $website::ca_chain
47 }
48 elsif $ssl_ca_chain == '' {
67 # Special case where we're directly under the CA and don't want to unnecessarily send the CA cert 49 # Special case where we're directly under the CA and don't want to unnecessarily send the CA cert
68 $ssl_chain = undef 50 $ssl_chain = undef
69 } else { 51 } else {
70 $ssl_chain = "/etc/pki/custom/$ssl_ca_chain" 52 $ssl_chain = "/etc/pki/custom/$ssl_ca_chain"
71 if ! defined(File[$ssl_chain]) { 53 if ! defined(File[$ssl_chain]) {