opendev/puppet-ethercalc
Code Issues Proposed changes
puppet-ethercalc/manifests/apache.pp
James E. Blair 555733c1cb Align etherpad vhost ssl section with standard. 
As copied from jenkins.  Both old and new names for the
cert contents are in hiera.

Change-Id: Ic6d8258479c260ac37346c49c1ecde8339c96a37
Reviewed-on: https://review.openstack.org/14432
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Approved: James E. Blair <corvus@inaugust.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
2012-10-20 15:39:25 +00:00

94 lines
2.2 KiB
Puppet
Raw Blame History

class etherpad_lite::apache (
$vhost_name = $fqdn,
$ssl_cert_file='',
$ssl_key_file='',
$ssl_chain_file='',
$ssl_cert_file_contents='', # If left empty puppet will not create file.
$ssl_key_file_contents='', # If left empty puppet will not create file.
$ssl_chain_file_contents='' # If left empty puppet will not create file.
) {
apache::vhost { $vhost_name:
port => 443,
docroot => 'MEANINGLESS ARGUMENT',
priority => '50',
template => 'etherpad_lite/etherpadlite.vhost.erb',
require => File["/etc/ssl/certs/${vhost_name}.pem",
"/etc/ssl/private/${vhost_name}.key"],
ssl => true,
}
a2mod { 'rewrite':
ensure => present
}
a2mod { 'proxy':
ensure => present
}
a2mod { 'proxy_http':
ensure => present
}
file { '/etc/ssl/certs':
ensure => directory,
owner => 'root',
mode => 0700,
}
file { '/etc/ssl/private':
ensure => directory,
owner => 'root',
mode => 0700,
}
file { "/etc/ssl/certs/${vhost_name}.pem":
ensure => present,
replace => true,
owner => 'root',
mode => 0600,
content => template('etherpad_lite/eplite.crt.erb'),
require => File['/etc/ssl/certs'],
}
file { "/etc/ssl/private/${vhost_name}.key":
ensure => present,
replace => true,
owner => 'root',
mode => 0600,
content => template('etherpad_lite/eplite.key.erb'),
require => File['/etc/ssl/private'],
}
if $ssl_cert_file_contents != '' {
file { $ssl_cert_file:
owner => 'root',
group => 'root',
mode => '0640',
content => $ssl_cert_file_contents,
before => Apache::Vhost[$vhost_name],
}
}
if $ssl_key_file_contents != '' {
file { $ssl_key_file:
owner => 'root',
group => 'ssl-cert',
mode => '0640',
content => $ssl_key_file_contents,
require => Package['ssl-cert'],
before => Apache::Vhost[$vhost_name],
}
}
if $ssl_chain_file_contents != '' {
file { $ssl_chain_file:
owner => 'root',
group => 'root',
mode => '0640',
content => $ssl_chain_file_contents,
before => Apache::Vhost[$vhost_name],
}
}
}
View Git Blame Copy Permalink