From ffa4504f81c0abecc62b068951ec147741028128 Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 24 Sep 2013 09:09:30 +0200 Subject: seperate cert and key deployment (#3918) --- puppet/modules/site_webapp/manifests/apache.pp | 3 ++- puppet/modules/site_webapp/manifests/init.pp | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/apache.pp b/puppet/modules/site_webapp/manifests/apache.pp index d604b00f..062344d7 100644 --- a/puppet/modules/site_webapp/manifests/apache.pp +++ b/puppet/modules/site_webapp/manifests/apache.pp @@ -12,7 +12,8 @@ class site_webapp::apache { $commercial_cert = $x509['commercial_cert'] $commercial_root = $x509['commercial_ca_cert'] - include site_config::x509::cert_key + include site_config::x509::cert + include site_config::x509::key include site_config::x509::ca include x509::variables diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index 4b06cea6..ff230417 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -17,7 +17,8 @@ class site_webapp { include site_webapp::apache include site_webapp::couchdb include site_webapp::haproxy - include site_config::x509::cert_key + include site_config::x509::cert + include site_config::x509::key include site_config::x509::ca group { 'leap-webapp': -- cgit v1.2.3 From 9fae612bd8d147321e0cb553610fcaf0140e84eb Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 24 Sep 2013 09:23:54 +0200 Subject: move commercial x509 deployment to site_x509 (Feature #3889) --- puppet/modules/site_webapp/manifests/apache.pp | 35 +++++--------------------- 1 file changed, 6 insertions(+), 29 deletions(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/apache.pp b/puppet/modules/site_webapp/manifests/apache.pp index 062344d7..6a199b9e 100644 --- a/puppet/modules/site_webapp/manifests/apache.pp +++ b/puppet/modules/site_webapp/manifests/apache.pp @@ -7,20 +7,14 @@ class site_webapp::apache { $web_domain = hiera('domain') $domain_name = $web_domain['name'] - $x509 = hiera('x509') - $commercial_key = $x509['commercial_key'] - $commercial_cert = $x509['commercial_cert'] - $commercial_root = $x509['commercial_ca_cert'] - - include site_config::x509::cert - include site_config::x509::key - include site_config::x509::ca - include x509::variables + include site_config::x509::commercial::cert + include site_config::x509::commercial::key + include site_config::x509::commercial::ca - X509::Cert[$site_config::params::cert_name] ~> Service[apache] - X509::Key[$site_config::params::cert_name] ~> Service[apache] - X509::Ca[$site_config::params::ca_name] ~> Service[apache] + Class['Site_config::X509::Commercial::Key'] ~> Service[apache] + Class['Site_config::X509::Commercial::Cert'] ~> Service[apache] + Class['Site_config::X509::Commercial::Ca'] ~> Service[apache] class { '::apache': no_default_site => true, ssl => true } @@ -40,21 +34,4 @@ class site_webapp::apache { content => template('site_apache/vhosts.d/api.conf.erb') } - x509::key { - 'leap_webapp': - content => $commercial_key, - notify => Service[apache]; - } - - x509::cert { - 'leap_webapp': - content => $commercial_cert, - notify => Service[apache]; - } - - x509::ca { - 'leap_webapp': - content => $commercial_root, - notify => Service[apache]; - } } -- cgit v1.2.3 From abb03cd19389188c38ccaeb96e3136cac5397563 Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 24 Sep 2013 17:15:35 +0200 Subject: https://bitmask.net/ca.crt gives 403 Forbidden (Bug #3919) --- puppet/modules/site_webapp/manifests/init.pp | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index ff230417..e630875c 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -17,8 +17,7 @@ class site_webapp { include site_webapp::apache include site_webapp::couchdb include site_webapp::haproxy - include site_config::x509::cert - include site_config::x509::key + include site_config::x509::cert_key include site_config::x509::ca group { 'leap-webapp': @@ -75,7 +74,7 @@ class site_webapp { '/srv/leap/webapp/public/ca.crt': ensure => link, require => Vcsrepo['/srv/leap/webapp'], - target => '/usr/local/share/ca-certificates/leap_api.crt'; + target => "${x509::variables::local_CAs}/${site_config::params::ca_name}.crt"; "/srv/leap/webapp/public/${api_version}": ensure => directory, -- cgit v1.2.3