Skip to content

Commit

Permalink
Copy server cert for Apache using file resource
Browse files Browse the repository at this point in the history
  • Loading branch information
ehelms committed Mar 23, 2024
1 parent 6b76e2c commit 518402d
Showing 1 changed file with 22 additions and 13 deletions.
35 changes: 22 additions & 13 deletions manifests/apache.pp
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,6 @@
Stdlib::Absolutepath $pki_dir = $certs::pki_dir,
Optional[Stdlib::Absolutepath] $server_cert = $certs::server_cert,
Optional[Stdlib::Absolutepath] $server_key = $certs::server_key,
Optional[Stdlib::Absolutepath] $server_cert_req = $certs::server_cert_req,
String[2,2] $country = $certs::country,
String $state = $certs::state,
String $city = $certs::city,
Expand All @@ -70,18 +69,22 @@
# This variable is unused but considered public API
$apache_ca_cert = $certs::katello_server_ca_cert

$apache_cert_path = "${certs::ssl_build_dir}/${hostname}/${apache_cert_name}"

if $server_cert {
cert { $apache_cert_name:
ensure => present,
hostname => $hostname,
cname => $cname,
generate => $generate,
deploy => false,
regenerate => $regenerate,
custom_pubkey => $server_cert,
custom_privkey => $server_key,
custom_req => $server_cert_req,
build_dir => $certs::ssl_build_dir,
file { "${apache_cert_path}.crt":
ensure => file,
source => $server_cert,
owner => 'root',
group => 'root',
mode => '0440',
}
file { "${apache_cert_path}.key":
ensure => file,
source => $server_key,
owner => 'root',
group => 'root',
mode => '0440',
}
} else {
cert { $apache_cert_name:
Expand All @@ -100,6 +103,12 @@
deploy => false,
password_file => $ca_key_password_file,
build_dir => $certs::ssl_build_dir,
} ->
file { "${apache_cert_path}.crt":
ensure => file,
owner => 'root',
group => 'root',
mode => '0440',
}
}

Expand All @@ -114,7 +123,7 @@
cert_owner => 'root',
cert_group => $group,
cert_mode => '0440',
require => Cert[$apache_cert_name],
require => File["${apache_cert_path}.crt"],
}
}
}

0 comments on commit 518402d

Please sign in to comment.