diff options
-rw-r--r-- | puppet/modules/site_config/manifests/x509/client_ca.pp | 5 | ||||
-rw-r--r-- | puppet/modules/site_webapp/manifests/apache.pp | 24 | ||||
-rw-r--r-- | puppet/modules/site_webapp/manifests/client_ca.pp | 25 | ||||
-rw-r--r-- | puppet/modules/site_webapp/manifests/couchdb.pp | 19 | ||||
-rw-r--r-- | puppet/modules/site_webapp/manifests/init.pp | 3 |
5 files changed, 20 insertions, 56 deletions
diff --git a/puppet/modules/site_config/manifests/x509/client_ca.pp b/puppet/modules/site_config/manifests/x509/client_ca.pp index f91ea970..3e914cf5 100644 --- a/puppet/modules/site_config/manifests/x509/client_ca.pp +++ b/puppet/modules/site_config/manifests/x509/client_ca.pp @@ -1,5 +1,10 @@ class site_config::x509::client_ca { + ## + ## This is for the special CA that is used exclusively for generating + ## client certificates by the webapp. + ## + $x509 = hiera('x509') $client_ca = $x509['client_ca_cert'] diff --git a/puppet/modules/site_webapp/manifests/apache.pp b/puppet/modules/site_webapp/manifests/apache.pp index 4331afe4..3dd1c4c7 100644 --- a/puppet/modules/site_webapp/manifests/apache.pp +++ b/puppet/modules/site_webapp/manifests/apache.pp @@ -8,9 +8,15 @@ class site_webapp::apache { $commercial_key = $x509['commercial_key'] $commercial_cert = $x509['commercial_cert'] $commercial_root = $x509['commercial_ca_cert'] - $api_key = $x509['key'] - $api_cert = $x509['cert'] - $api_root = $x509['ca_cert'] + + include site_config::x509::cert_key + include site_config::x509::ca + + include x509::variables + + X509::Cert[$site_config::params::cert_name] ~> Service[apache] + X509::Key[$site_config::params::cert_name] ~> Service[apache] + X509::Ca[$site_config::params::ca_name] ~> Service[apache] class { '::apache': no_default_site => true, ssl => true } @@ -34,29 +40,17 @@ class site_webapp::apache { 'leap_webapp': content => $commercial_key, notify => Service[apache]; - - 'leap_api': - content => $api_key, - notify => Service[apache]; } x509::cert { 'leap_webapp': content => $commercial_cert, notify => Service[apache]; - - 'leap_api': - content => $api_cert, - notify => Service[apache]; } x509::ca { 'leap_webapp': content => $commercial_root, notify => Service[apache]; - - 'leap_api': - content => $api_root, - notify => Service[apache]; } } diff --git a/puppet/modules/site_webapp/manifests/client_ca.pp b/puppet/modules/site_webapp/manifests/client_ca.pp deleted file mode 100644 index 0d9b15d6..00000000 --- a/puppet/modules/site_webapp/manifests/client_ca.pp +++ /dev/null @@ -1,25 +0,0 @@ -## -## This is for the special CA that is used exclusively for generating -## client certificates by the webapp. -## - -class site_webapp::client_ca { - include x509::variables - - $x509 = hiera('x509') - $cert_path = "${x509::variables::certs}/leap_client_ca.crt" - $key_path = "${x509::variables::keys}/leap_client_ca.key" - - x509::key { - 'leap_client_ca': - source => $x509['client_ca_key'], - group => 'leap-webapp', - notify => Service[apache]; - } - - x509::cert { - 'leap_client_ca': - source => $x509['client_ca_cert'], - notify => Service[apache]; - } -} diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index 24f9279d..5a5cccad 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -13,18 +13,7 @@ class site_webapp::couchdb { $couch_client = $stunnel['couch_client'] $couch_client_connect = $couch_client['connect'] - include site_config::x509::cert_key - include site_config::x509::ca include x509::variables - $x509 = hiera('x509') - $key = $x509['key'] - $cert = $x509['cert'] - $ca = $x509['ca_cert'] - $cert_name = 'leap_couchdb' - $ca_name = 'leap_ca' - $ca_path = "${x509::variables::local_CAs}/${ca_name}.crt" - $cert_path = "${x509::variables::certs}/${cert_name}.crt" - $key_path = "${x509::variables::keys}/${cert_name}.key" file { '/srv/leap/webapp/config/couchdb.yml.admin': @@ -73,10 +62,10 @@ class site_webapp::couchdb { $couchdb_stunnel_client_defaults = { 'connect_port' => $couch_client_connect, - 'client' => true, - 'cafile' => $ca_path, - 'key' => $key_path, - 'cert' => $cert_path, + 'client' => true, + 'cafile' => "${x509::variables::local_CAs}/${site_config::params::ca_name}.crt", + 'key' => "${x509::variables::keys}/${site_config::params::cert_name}.key", + 'cert' => "${x509::variables::certs}/${site_config::params::cert_name}.crt", } create_resources(site_stunnel::clients, $couch_client, $couchdb_stunnel_client_defaults) diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index 97a75010..4b06cea6 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -16,8 +16,9 @@ class site_webapp { include site_config::ruby include site_webapp::apache include site_webapp::couchdb - include site_webapp::client_ca include site_webapp::haproxy + include site_config::x509::cert_key + include site_config::x509::ca group { 'leap-webapp': ensure => present, |