[MediaWiki-commits] [Gerrit] operations/puppet[production]: Puppetmaster: Fix apache config ssldir

Thu, 13 Jul 2017 09:15:57 -0700 

Andrew Bogott has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/365053 )

Change subject: Puppetmaster:  Fix apache config ssldir
......................................................................

Puppetmaster:  Fix apache config ssldir

In an earlier change we moved the puppetmaster's ssl dir
to /var/lib/puppet/server/ssl.  Since Apache uses the
same certs, it should also point to /var/lib/puppet/server/ssl
instead of /var/lib/puppet/ssl.

As far as I can tell this was only working because no one had
tried this code path before.

Change-Id: Idafc5b08b811750c310499925d484f06a347142c
---
M modules/puppetmaster/manifests/web_frontend.pp
M modules/puppetmaster/templates/web-frontend.conf.erb
2 files changed, 3 insertions(+), 3 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/53/365053/1

diff --git a/modules/puppetmaster/manifests/web_frontend.pp 
b/modules/puppetmaster/manifests/web_frontend.pp
index 6dffdbe..1aebaca 100644
--- a/modules/puppetmaster/manifests/web_frontend.pp
+++ b/modules/puppetmaster/manifests/web_frontend.pp
@@ -29,7 +29,7 @@
     $alt_names=undef,
 ){
     $server_name = $title
-    $ssldir = '/var/lib/puppet/ssl'
+    $ssldir = '/var/lib/puppet/server/ssl'
     $ssl_settings = ssl_ciphersuite('apache', 'compat')
 
     if $server_name != $::fqdn {
diff --git a/modules/puppetmaster/templates/web-frontend.conf.erb 
b/modules/puppetmaster/templates/web-frontend.conf.erb
index 98dd85e..1f5e86e 100644
--- a/modules/puppetmaster/templates/web-frontend.conf.erb
+++ b/modules/puppetmaster/templates/web-frontend.conf.erb
@@ -6,8 +6,8 @@
     <%= @ssl_settings.join("\n    ") %>
     SSLCertificateFile      <%= @ssldir %>/certs/<%= @server_name %>.pem
     SSLCertificateKeyFile   <%= @ssldir %>/private_keys/<%= @server_name %>.pem
-    SSLCACertificateFile    /var/lib/puppet/ssl/certs/ca.pem
-    SSLCertificateChainFile /var/lib/puppet/ssl/certs/ca.pem
+    SSLCACertificateFile    <%= @ssldir %>/certs/ca.pem
+    SSLCertificateChainFile <%= @ssldir %>/certs/ca.pem
     # If Apache complains about invalid signatures on the CRL, you can try 
disabling
     # CRL checking by commenting the next line, but this is not recommended.
     # NOTE: https://tickets.puppetlabs.com/browse/PUP-2310 says that CRL is 
not updated. Need to reevaluate this

-- 
To view, visit https://gerrit.wikimedia.org/r/365053
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Idafc5b08b811750c310499925d484f06a347142c
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Andrew Bogott <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to