From 3b5ce74f81bb56af0b94a119a85649446a3d6e19 Mon Sep 17 00:00:00 2001 From: Micah Date: Tue, 3 May 2016 13:21:17 -0400 Subject: migrate from obsolete SSLCertificateChainFile apache option (#8055) Change-Id: I20a28ae77c98071aefc1933e0ea73e5f3b895acb --- puppet/modules/site_apache/templates/vhosts.d/common.conf.erb | 1 - puppet/modules/site_config/manifests/x509/commercial/cert.pp | 5 ++++- puppet/modules/site_static/manifests/domain.pp | 8 +++----- puppet/modules/site_static/templates/apache.conf.erb | 1 - 4 files changed, 7 insertions(+), 8 deletions(-) diff --git a/puppet/modules/site_apache/templates/vhosts.d/common.conf.erb b/puppet/modules/site_apache/templates/vhosts.d/common.conf.erb index b24d1353..bf60e794 100644 --- a/puppet/modules/site_apache/templates/vhosts.d/common.conf.erb +++ b/puppet/modules/site_apache/templates/vhosts.d/common.conf.erb @@ -16,7 +16,6 @@ CustomLog ${APACHE_LOG_DIR}/other_vhosts_access.log common SSLCACertificatePath /etc/ssl/certs - SSLCertificateChainFile <%= scope.lookupvar('x509::variables::local_CAs') %>/<%= scope.lookupvar('site_config::params::commercial_ca_name') %>.crt SSLCertificateKeyFile <%= scope.lookupvar('x509::variables::keys') %>/<%= scope.lookupvar('site_config::params::commercial_cert_name') %>.key SSLCertificateFile <%= scope.lookupvar('x509::variables::certs') %>/<%= scope.lookupvar('site_config::params::commercial_cert_name') %>.crt diff --git a/puppet/modules/site_config/manifests/x509/commercial/cert.pp b/puppet/modules/site_config/manifests/x509/commercial/cert.pp index d71d9838..9dd6ffcd 100644 --- a/puppet/modules/site_config/manifests/x509/commercial/cert.pp +++ b/puppet/modules/site_config/manifests/x509/commercial/cert.pp @@ -4,9 +4,12 @@ class site_config::x509::commercial::cert { $x509 = hiera('x509') $cert = $x509['commercial_cert'] + $ca = $x509['commercial_ca_cert'] + + $cafile = "${cert}\n${ca}" x509::cert { $site_config::params::commercial_cert_name: - content => $cert + content => $cafile } } diff --git a/puppet/modules/site_static/manifests/domain.pp b/puppet/modules/site_static/manifests/domain.pp index 8b9378f2..b26cc9e3 100644 --- a/puppet/modules/site_static/manifests/domain.pp +++ b/puppet/modules/site_static/manifests/domain.pp @@ -11,22 +11,20 @@ define site_static::domain ( $domain = $name $base_dir = '/srv/static' + $cafile = "${cert}\n${ca_cert}" + if is_hash($locations) { create_resources(site_static::location, $locations) } x509::cert { $domain: - content => $cert, + content => $cafile, notify => Service[apache] } x509::key { $domain: content => $key, notify => Service[apache] } - x509::ca { "${domain}_ca": - content => $ca_cert, - notify => Service[apache] - } apache::vhost::file { $domain: content => template('site_static/apache.conf.erb') diff --git a/puppet/modules/site_static/templates/apache.conf.erb b/puppet/modules/site_static/templates/apache.conf.erb index 2853c5c7..6b969d1c 100644 --- a/puppet/modules/site_static/templates/apache.conf.erb +++ b/puppet/modules/site_static/templates/apache.conf.erb @@ -56,7 +56,6 @@ SSLCertificateKeyFile /etc/x509/keys/<%= @domain %>.key SSLCertificateFile /etc/x509/certs/<%= @domain %>.crt - SSLCertificateChainFile /etc/ssl/certs/<%= @domain %>_ca.pem RequestHeader set X_FORWARDED_PROTO 'https' -- cgit v1.2.3