From 518402d1358802435049470844325d96256ca906 Mon Sep 17 00:00:00 2001 From: "Eric D. Helms" Date: Sat, 23 Sep 2023 14:06:43 -0400 Subject: [PATCH] Copy server cert for Apache using file resource --- manifests/apache.pp | 35 ++++++++++++++++++++++------------- 1 file changed, 22 insertions(+), 13 deletions(-) diff --git a/manifests/apache.pp b/manifests/apache.pp index ca6df07b..0a609207 100644 --- a/manifests/apache.pp +++ b/manifests/apache.pp @@ -54,7 +54,6 @@ Stdlib::Absolutepath $pki_dir = $certs::pki_dir, Optional[Stdlib::Absolutepath] $server_cert = $certs::server_cert, Optional[Stdlib::Absolutepath] $server_key = $certs::server_key, - Optional[Stdlib::Absolutepath] $server_cert_req = $certs::server_cert_req, String[2,2] $country = $certs::country, String $state = $certs::state, String $city = $certs::city, @@ -70,18 +69,22 @@ # This variable is unused but considered public API $apache_ca_cert = $certs::katello_server_ca_cert + $apache_cert_path = "${certs::ssl_build_dir}/${hostname}/${apache_cert_name}" + if $server_cert { - cert { $apache_cert_name: - ensure => present, - hostname => $hostname, - cname => $cname, - generate => $generate, - deploy => false, - regenerate => $regenerate, - custom_pubkey => $server_cert, - custom_privkey => $server_key, - custom_req => $server_cert_req, - build_dir => $certs::ssl_build_dir, + file { "${apache_cert_path}.crt": + ensure => file, + source => $server_cert, + owner => 'root', + group => 'root', + mode => '0440', + } + file { "${apache_cert_path}.key": + ensure => file, + source => $server_key, + owner => 'root', + group => 'root', + mode => '0440', } } else { cert { $apache_cert_name: @@ -100,6 +103,12 @@ deploy => false, password_file => $ca_key_password_file, build_dir => $certs::ssl_build_dir, + } -> + file { "${apache_cert_path}.crt": + ensure => file, + owner => 'root', + group => 'root', + mode => '0440', } } @@ -114,7 +123,7 @@ cert_owner => 'root', cert_group => $group, cert_mode => '0440', - require => Cert[$apache_cert_name], + require => File["${apache_cert_path}.crt"], } } }