diff options
| author | varac <varacanero@zeromail.org> | 2013-09-20 18:58:29 +0200 |
|---|---|---|
| committer | varac <varacanero@zeromail.org> | 2013-09-20 18:58:29 +0200 |
| commit | 0bf2c2eeaf5f8b683454ce0d0dbe88bb6f17c08f (patch) | |
| tree | a5252934c67cb2316e8d7163c5170f58e3f51491 /puppet/modules/site_nickserver | |
| parent | e182d12c72743491805a3873e8b6cd804fe5394c (diff) | |
| parent | 486a9cd3b7bd8d643a9623fd40db2286cdf52fc8 (diff) | |
Merge branch 'feature/3832_Unify_x509_certs__keys_and_ca' into develop
Diffstat (limited to 'puppet/modules/site_nickserver')
| -rw-r--r-- | puppet/modules/site_nickserver/manifests/init.pp | 27 | ||||
| -rw-r--r-- | puppet/modules/site_nickserver/templates/nickserver-proxy.conf.erb | 6 |
2 files changed, 11 insertions, 22 deletions
diff --git a/puppet/modules/site_nickserver/manifests/init.pp b/puppet/modules/site_nickserver/manifests/init.pp index 45503d8a..a12ed3a2 100644 --- a/puppet/modules/site_nickserver/manifests/init.pp +++ b/puppet/modules/site_nickserver/manifests/init.pp @@ -36,10 +36,10 @@ class site_nickserver { # temporarily for now: $domain = hiera('domain') $address_domain = $domain['full_suffix'] - $x509 = hiera('x509') - $x509_key = $x509['key'] - $x509_cert = $x509['cert'] - $x509_ca = $x509['ca_cert'] + + + include site_config::x509::cert_key + include site_config::x509::ca # # USER AND GROUP @@ -124,7 +124,10 @@ class site_nickserver { enable => true, hasrestart => true, hasstatus => true, - require => File['/etc/init.d/nickserver']; + require => [ + File['/etc/init.d/nickserver'], + Class['Site_config::X509::Cert_key'], + Class['Site_config::X509::Ca'] ]; } # @@ -160,18 +163,4 @@ class site_nickserver { content => template('site_nickserver/nickserver-proxy.conf.erb') } - x509::key { 'nickserver': - content => $x509_key, - notify => Service[apache]; - } - - x509::cert { 'nickserver': - content => $x509_cert, - notify => Service[apache]; - } - - x509::ca { 'nickserver': - content => $x509_ca, - notify => Service[apache]; - } } diff --git a/puppet/modules/site_nickserver/templates/nickserver-proxy.conf.erb b/puppet/modules/site_nickserver/templates/nickserver-proxy.conf.erb index 67896cd3..ae06410e 100644 --- a/puppet/modules/site_nickserver/templates/nickserver-proxy.conf.erb +++ b/puppet/modules/site_nickserver/templates/nickserver-proxy.conf.erb @@ -14,9 +14,9 @@ Listen 0.0.0.0:<%= @nickserver_port -%> SSLHonorCipherOrder on SSLCACertificatePath /etc/ssl/certs - SSLCertificateChainFile /etc/ssl/certs/nickserver.pem - SSLCertificateKeyFile /etc/x509/keys/nickserver.key - SSLCertificateFile /etc/x509/certs/nickserver.crt + SSLCertificateChainFile <%= scope.lookupvar('x509::variables::local_CAs') %>/<%= scope.lookupvar('site_config::params::ca_name') %>.crt + SSLCertificateKeyFile <%= scope.lookupvar('x509::variables::keys') %>/<%= scope.lookupvar('site_config::params::cert_name') %>.key + SSLCertificateFile <%= scope.lookupvar('x509::variables::certs') %>/<%= scope.lookupvar('site_config::params::cert_name') %>.crt ProxyPass / http://localhost:<%= @nickserver_local_port %>/ ProxyPreserveHost On # preserve Host header in HTTP request |