diff --git a/manifests/foreman_proxy.pp b/manifests/foreman_proxy.pp index 75c102a2..0f263aa1 100644 --- a/manifests/foreman_proxy.pp +++ b/manifests/foreman_proxy.pp @@ -37,18 +37,22 @@ $foreman_proxy_client_cert_name = "${hostname}-foreman-proxy-client" $foreman_proxy_ssl_client_bundle = "${pki_dir}/private/${foreman_proxy_client_cert_name}-bundle.pem" + $proxy_cert_path = "${certs::ssl_build_dir}/${hostname}/${proxy_cert_name}" + if $server_cert { - cert { $proxy_cert_name: - ensure => present, - hostname => $hostname, - cname => $cname, - generate => $generate, - regenerate => $regenerate, - deploy => false, - custom_pubkey => $server_cert, - custom_privkey => $server_key, - custom_req => $server_cert_req, - build_dir => $certs::ssl_build_dir, + file { "${proxy_cert_path}.crt": + ensure => file, + source => $server_cert, + owner => 'root', + group => 'root', + mode => '0440', + } + file { "${proxy_cert_path}.key": + ensure => file, + source => $server_key, + owner => 'root', + group => 'root', + mode => '0440', } } else { # cert for ssl of foreman-proxy @@ -68,6 +72,12 @@ deploy => false, password_file => $ca_key_password_file, build_dir => $certs::ssl_build_dir, + } -> + file { "${proxy_cert_path}.crt": + ensure => file, + owner => 'root', + group => 'root', + mode => '0440', } } @@ -101,7 +111,7 @@ cert_owner => $owner, cert_group => $group, cert_mode => $public_key_mode, - require => Cert[$proxy_cert_name], + require => File["${proxy_cert_path}.crt"], } file { $proxy_ca_cert: