couchdb: use x509 module to deploy certs (fixes #1063)

2 files changed, 10 insertions, 14 deletions

diff --git a/puppet/modules/site_apache/files/vhosts.d/couchdb_proxy.conf b/puppet/modules/site_apache/files/vhosts.d/couchdb_proxy.conf
index 79ad931d..0dff2cd6 100644
--- a/puppet/modules/site_apache/files/vhosts.d/couchdb_proxy.conf
+++ b/puppet/modules/site_apache/files/vhosts.d/couchdb_proxy.conf
@@ -3,8 +3,8 @@ Listen 0.0.0.0:6984
 <VirtualHost *:6984>
     SSLEngine On
     SSLProxyEngine On
-    SSLCertificateKeyFile /etc/couchdb/server_key.pem
-    SSLCertificateFile    /etc/couchdb/server_cert.pem 
+    SSLCertificateKeyFile /etc/x509/keys/leap_couchdb.key
+    SSLCertificateFile    /etc/x509/certs/leap_couchdb.crt
     ProxyPass / http://127.0.0.1:5984/
     ProxyPassReverse / http://127.0.0.1:5984/
 </VirtualHost>
diff --git a/puppet/modules/site_couchdb/manifests/apache_ssl_proxy.pp b/puppet/modules/site_couchdb/manifests/apache_ssl_proxy.pp
index fb3477db..02aae0c3 100644
--- a/puppet/modules/site_couchdb/manifests/apache_ssl_proxy.pp
+++ b/puppet/modules/site_couchdb/manifests/apache_ssl_proxy.pp
@@ -10,20 +10,16 @@ define site_couchdb::apache_ssl_proxy ($key, $cert) {
   }
   apache::vhost::file { 'couchdb_proxy': }
 
-  file { '/etc/couchdb/server_cert.pem':
-    mode    => '0644',
-    owner   => 'couchdb',
-    group   => 'couchdb',
-    content => $cert,
-    notify  => Service[apache],
+  x509::key {
+    'leap_couchdb':
+      content => $x509['key'],
+      notify  => Service[apache];
   }
 
-  file { '/etc/couchdb/server_key.pem':
-    mode    => '0600',
-    owner   => 'couchdb',
-    group   => 'couchdb',
-    content => $key,
-    notify  => Service[apache],
+  x509::cert {
+    'leap_couchdb':
+      content => $x509['cert'],
+      notify  => Service[apache];
   }
 
 }