diff options
author | Micah Anderson <micah@riseup.net> | 2013-01-31 18:31:02 -0500 |
---|---|---|
committer | Micah Anderson <micah@riseup.net> | 2013-01-31 18:31:02 -0500 |
commit | 5a825f7f6045cea00d94bcebf339c8e2dff5b067 (patch) | |
tree | d0d2b0438ddace8a22366c4f6202e7ef86a4a3b7 /puppet/modules | |
parent | c4805af340ae63e9129696e0c96f9896417eb9c4 (diff) |
update the x509 submodule to get non-root application access to key file enhancement
put the leap-webapp user in the 'ssl-cert' group
pass group => 'leap-webapp' to the leap_client_ca.key so the application can access it
Diffstat (limited to 'puppet/modules')
-rw-r--r-- | puppet/modules/site_webapp/manifests/client_ca.pp | 1 | ||||
-rw-r--r-- | puppet/modules/site_webapp/manifests/init.pp | 1 | ||||
m--------- | puppet/modules/x509 | 0 |
3 files changed, 2 insertions, 0 deletions
diff --git a/puppet/modules/site_webapp/manifests/client_ca.pp b/puppet/modules/site_webapp/manifests/client_ca.pp index 53c49d69..0d9b15d6 100644 --- a/puppet/modules/site_webapp/manifests/client_ca.pp +++ b/puppet/modules/site_webapp/manifests/client_ca.pp @@ -13,6 +13,7 @@ class site_webapp::client_ca { x509::key { 'leap_client_ca': source => $x509['client_ca_key'], + group => 'leap-webapp', notify => Service[apache]; } diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index 592241c1..d59cebba 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -27,6 +27,7 @@ class site_webapp { ensure => present, allowdupe => false, gid => 'leap-webapp', + groups => 'ssl-cert', home => '/srv/leap-webapp', require => [ Group['leap-webapp'] ]; } diff --git a/puppet/modules/x509 b/puppet/modules/x509 -Subproject d7a252b77db843e800ed9fc92a56d5214f43202 +Subproject 456212d16e55e1299c2d9bfcc7965b40e0318cb |