diff options
author | varac <varacanero@zeromail.org> | 2012-12-10 23:36:48 +0100 |
---|---|---|
committer | varac <varacanero@zeromail.org> | 2012-12-10 23:36:48 +0100 |
commit | 3f0bbccb1b0020530ae4e4a0682fbf9f5f401e3b (patch) | |
tree | 9e55f411b2e465d92b6701bd2ff07dc19a4960b2 | |
parent | 3c52477a6c0cb4d4cc3caee2aea350acc51a5c8a (diff) |
couchdb: use x509 module to deploy certs (fixes #1063)
-rw-r--r-- | puppet/modules/site_apache/files/vhosts.d/couchdb_proxy.conf | 4 | ||||
-rw-r--r-- | puppet/modules/site_couchdb/manifests/apache_ssl_proxy.pp | 20 |
2 files changed, 10 insertions, 14 deletions
diff --git a/puppet/modules/site_apache/files/vhosts.d/couchdb_proxy.conf b/puppet/modules/site_apache/files/vhosts.d/couchdb_proxy.conf index 79ad931d..0dff2cd6 100644 --- a/puppet/modules/site_apache/files/vhosts.d/couchdb_proxy.conf +++ b/puppet/modules/site_apache/files/vhosts.d/couchdb_proxy.conf @@ -3,8 +3,8 @@ Listen 0.0.0.0:6984 <VirtualHost *:6984> SSLEngine On SSLProxyEngine On - SSLCertificateKeyFile /etc/couchdb/server_key.pem - SSLCertificateFile /etc/couchdb/server_cert.pem + SSLCertificateKeyFile /etc/x509/keys/leap_couchdb.key + SSLCertificateFile /etc/x509/certs/leap_couchdb.crt ProxyPass / http://127.0.0.1:5984/ ProxyPassReverse / http://127.0.0.1:5984/ </VirtualHost> diff --git a/puppet/modules/site_couchdb/manifests/apache_ssl_proxy.pp b/puppet/modules/site_couchdb/manifests/apache_ssl_proxy.pp index fb3477db..02aae0c3 100644 --- a/puppet/modules/site_couchdb/manifests/apache_ssl_proxy.pp +++ b/puppet/modules/site_couchdb/manifests/apache_ssl_proxy.pp @@ -10,20 +10,16 @@ define site_couchdb::apache_ssl_proxy ($key, $cert) { } apache::vhost::file { 'couchdb_proxy': } - file { '/etc/couchdb/server_cert.pem': - mode => '0644', - owner => 'couchdb', - group => 'couchdb', - content => $cert, - notify => Service[apache], + x509::key { + 'leap_couchdb': + content => $x509['key'], + notify => Service[apache]; } - file { '/etc/couchdb/server_key.pem': - mode => '0600', - owner => 'couchdb', - group => 'couchdb', - content => $key, - notify => Service[apache], + x509::cert { + 'leap_couchdb': + content => $x509['cert'], + notify => Service[apache]; } } |