diff options
author | varac <varacanero@zeromail.org> | 2013-09-19 13:45:03 +0200 |
---|---|---|
committer | varac <varacanero@zeromail.org> | 2013-09-19 13:45:03 +0200 |
commit | 43a5b322d99effa411c9fddf5f849da70a7768e8 (patch) | |
tree | 3e04903f3f1070f89e691d061888976ceccf766e | |
parent | b798d716e5219d00b5b94ce8b80566e4b3bf0899 (diff) |
tidy nickserver x509 definitions (#3842)
-rw-r--r-- | puppet/modules/site_nickserver/manifests/init.pp | 24 | ||||
-rw-r--r-- | puppet/modules/site_nickserver/templates/nickserver-proxy.conf.erb | 6 |
2 files changed, 7 insertions, 23 deletions
diff --git a/puppet/modules/site_nickserver/manifests/init.pp b/puppet/modules/site_nickserver/manifests/init.pp index 84b07e77..a12ed3a2 100644 --- a/puppet/modules/site_nickserver/manifests/init.pp +++ b/puppet/modules/site_nickserver/manifests/init.pp @@ -41,11 +41,6 @@ class site_nickserver { include site_config::x509::cert_key include site_config::x509::ca - $x509 = hiera('x509') - $x509_key = $x509['key'] - $x509_cert = $x509['cert'] - $x509_ca = $x509['ca_cert'] - # # USER AND GROUP # @@ -129,7 +124,10 @@ class site_nickserver { enable => true, hasrestart => true, hasstatus => true, - require => File['/etc/init.d/nickserver']; + require => [ + File['/etc/init.d/nickserver'], + Class['Site_config::X509::Cert_key'], + Class['Site_config::X509::Ca'] ]; } # @@ -165,18 +163,4 @@ class site_nickserver { content => template('site_nickserver/nickserver-proxy.conf.erb') } - x509::key { 'nickserver': - content => $x509_key, - notify => Service[apache]; - } - - x509::cert { 'nickserver': - content => $x509_cert, - notify => Service[apache]; - } - - x509::ca { 'nickserver': - content => $x509_ca, - notify => Service[apache]; - } } diff --git a/puppet/modules/site_nickserver/templates/nickserver-proxy.conf.erb b/puppet/modules/site_nickserver/templates/nickserver-proxy.conf.erb index 67896cd3..478ae7f1 100644 --- a/puppet/modules/site_nickserver/templates/nickserver-proxy.conf.erb +++ b/puppet/modules/site_nickserver/templates/nickserver-proxy.conf.erb @@ -14,9 +14,9 @@ Listen 0.0.0.0:<%= @nickserver_port -%> SSLHonorCipherOrder on SSLCACertificatePath /etc/ssl/certs - SSLCertificateChainFile /etc/ssl/certs/nickserver.pem - SSLCertificateKeyFile /etc/x509/keys/nickserver.key - SSLCertificateFile /etc/x509/certs/nickserver.crt + SSLCertificateChainFile <%= scope.lookupvar('x509::variables::local_CAs') %>/<%= scope.lookupvar('site_config::params::ca_name') %>.crt + SSLCertificateKeyFile <%= scope.lookupvar('x509::variables::keys') %>/<%= scope.lookupvar('site_config::params::cert_name') %>.key + SSLCertificateFile <%= scope.lookupvar('x509::variables::certs') %>/<%= scope.lookupvar('site_config::params::cert_name') %>.crt ProxyPass / http://localhost:<%= @nickserver_local_port %>/ ProxyPreserveHost On # preserve Host header in HTTP request |