From 555733c1cb2165fd3068d5519d72ac416ece1c99 Mon Sep 17 00:00:00 2001
From: "James E. Blair" <jeblair@hp.com>
Date: Sat, 13 Oct 2012 08:55:30 -0700
Subject: [PATCH] Align etherpad vhost ssl section with standard.

As copied from jenkins.  Both old and new names for the
cert contents are in hiera.

Change-Id: Ic6d8258479c260ac37346c49c1ecde8339c96a37
Reviewed-on: https://review.openstack.org/14432
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Approved: James E. Blair <corvus@inaugust.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
---
 manifests/apache.pp              | 43 +++++++++++++++++++++++++++++---
 templates/etherpadlite.vhost.erb |  7 ++++--
 2 files changed, 44 insertions(+), 6 deletions(-)

diff --git a/manifests/apache.pp b/manifests/apache.pp
index 869b0fe..9152b10 100644
--- a/manifests/apache.pp
+++ b/manifests/apache.pp
@@ -1,11 +1,13 @@
 class etherpad_lite::apache (
   $vhost_name = $fqdn,
-  $etherpad_crt,
-  $etherpad_key
+  $ssl_cert_file='',
+  $ssl_key_file='',
+  $ssl_chain_file='',
+  $ssl_cert_file_contents='', # If left empty puppet will not create file.
+  $ssl_key_file_contents='', # If left empty puppet will not create file.
+  $ssl_chain_file_contents='' # If left empty puppet will not create file.
 ) {
 
-  include remove_nginx
-
   apache::vhost { $vhost_name:
     port => 443,
     docroot => 'MEANINGLESS ARGUMENT',
@@ -55,4 +57,37 @@ class etherpad_lite::apache (
     require => File['/etc/ssl/private'],
   }
 
+
+  if $ssl_cert_file_contents != '' {
+    file { $ssl_cert_file:
+      owner   => 'root',
+      group   => 'root',
+      mode    => '0640',
+      content => $ssl_cert_file_contents,
+      before  => Apache::Vhost[$vhost_name],
+    }
+  }
+
+  if $ssl_key_file_contents != '' {
+    file { $ssl_key_file:
+      owner   => 'root',
+      group   => 'ssl-cert',
+      mode    => '0640',
+      content => $ssl_key_file_contents,
+      require => Package['ssl-cert'],
+      before  => Apache::Vhost[$vhost_name],
+    }
+  }
+
+  if $ssl_chain_file_contents != '' {
+    file { $ssl_chain_file:
+      owner   => 'root',
+      group   => 'root',
+      mode    => '0640',
+      content => $ssl_chain_file_contents,
+      before  => Apache::Vhost[$vhost_name],
+    }
+  }
+
+
 }
diff --git a/templates/etherpadlite.vhost.erb b/templates/etherpadlite.vhost.erb
index e9802a5..2de1e36 100644
--- a/templates/etherpadlite.vhost.erb
+++ b/templates/etherpadlite.vhost.erb
@@ -24,8 +24,11 @@
 
   SSLEngine on
 
-  SSLCertificateFile /etc/ssl/certs/<%= scope.lookupvar("etherpad_lite::apache::vhost_name") %>.pem
-  SSLCertificateKeyFile /etc/ssl/private/<%= scope.lookupvar("etherpad_lite::apache::vhost_name") %>.key
+  SSLCertificateFile      <%= scope.lookupvar("etherpad_lite::apache::ssl_cert_file") %>
+  SSLCertificateKeyFile   <%= scope.lookupvar("etherpad_lite::apache::ssl_key_file") %>
+  <% if scope.lookupvar("etherpad_lite::apache::ssl_chain_file") != "" %>
+    SSLCertificateChainFile <%= scope.lookupvar("etherpad_lite::apache::ssl_chain_file") %>
+  <% end %>
 
   BrowserMatch "MSIE [2-6]" \
       nokeepalive ssl-unclean-shutdown \