Alexandros Kosiaris has uploaded a new change for review.
https://gerrit.wikimedia.org/r/308442
Change subject: puppetmaster: Vary ssldir in frontend on masterness
......................................................................
puppetmaster: Vary ssldir in frontend on masterness
A frontend might or might not be a master. Vary the $ssldir variable on
it based on that to allow for non-master frontends to have the correct
SSL apache directives
Change-Id: I431f7e8f9f732a261ef3940d6b7b1d08c1c9eb16
---
M modules/puppetmaster/manifests/web_frontend.pp
M modules/puppetmaster/templates/web-frontend.conf.erb
2 files changed, 8 insertions(+), 8 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/42/308442/1
diff --git a/modules/puppetmaster/manifests/web_frontend.pp
b/modules/puppetmaster/manifests/web_frontend.pp
index f4b4215..57f4ba8 100644
--- a/modules/puppetmaster/manifests/web_frontend.pp
+++ b/modules/puppetmaster/manifests/web_frontend.pp
@@ -29,7 +29,6 @@
$alt_names=undef,
){
$server_name = $title
- $ssldir = $::puppetmaster::ssl::ssldir
$ssl_settings = ssl_ciphersuite('apache', 'compat')
if $alt_names {
@@ -57,12 +56,13 @@
creates => "${ssldir}/certs/${server_name}.pem",
before => Service['apache2'],
}
-
+ $ssldir = '/var/lib/puppet/ssl'
+ } else {
+ $ssldir = $::puppetmaster::ssl::ssldir
}
apache::site { $server_name:
ensure => present,
content => template('puppetmaster/web-frontend.conf.erb'),
priority => $priority,
}
-
}
diff --git a/modules/puppetmaster/templates/web-frontend.conf.erb
b/modules/puppetmaster/templates/web-frontend.conf.erb
index 7abcb20..c475a01 100644
--- a/modules/puppetmaster/templates/web-frontend.conf.erb
+++ b/modules/puppetmaster/templates/web-frontend.conf.erb
@@ -4,13 +4,13 @@
<%- if @alt_names %> ServerAlias <%= @alt_names.sort.join(" ") %><% end %>
SSLEngine on
<%= @ssl_settings.join("\n") %>
- SSLCertificateFile /var/lib/puppet/server/ssl/certs/<%= @server_name
%>.pem
- SSLCertificateKeyFile /var/lib/puppet/server/ssl/private_keys/<%=
@server_name %>.pem
- SSLCACertificateFile /var/lib/puppet/server/ssl/ca/ca_crt.pem
- SSLCertificateChainFile /var/lib/puppet/server/ssl/ca/ca_crt.pem
+ SSLCertificateFile <%= @ssldir %>/ssl/certs/<%= @server_name %>.pem
+ SSLCertificateKeyFile <%= @ssldir %>/ssl/private_keys/<%= @server_name
%>.pem
+ SSLCACertificateFile <%= @ssldir %>/ssl/ca/ca_crt.pem
+ SSLCertificateChainFile <%= @ssldir %>/ssl/ca/ca_crt.pem
# If Apache complains about invalid signatures on the CRL, you can try
disabling
# CRL checking by commenting the next line, but this is not recommended.
- SSLCARevocationPath /var/lib/puppet/server/ssl/crl
+ SSLCARevocationPath <%= @ssldir %>/ssl/crl
SSLVerifyClient <%= scope.lookupvar('puppetmaster::verify_client') %>
SSLVerifyDepth 1
SSLOptions +StdEnvVars
--
To view, visit https://gerrit.wikimedia.org/r/308442
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I431f7e8f9f732a261ef3940d6b7b1d08c1c9eb16
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Alexandros Kosiaris <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
