Merge pull request 'feat: dynamically add subscribe to nginx resource' (#129) from neoloc/subscribe_ssl_cert into develop
Reviewed-on: unkinben/puppet-prod#129
This commit is contained in:
commit
e61ae597f6
@ -102,5 +102,25 @@ class profiles::pki::vault (
|
|||||||
require => File[$base_path],
|
require => File[$base_path],
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
}else{
|
||||||
|
# manage each file resources, but dont change the content
|
||||||
|
$certificate_files = [
|
||||||
|
"${base_path}/certificate.crt",
|
||||||
|
"${base_path}/private.key",
|
||||||
|
"${base_path}/full_chain.crt",
|
||||||
|
"${base_path}/ca_certificate.crt",
|
||||||
|
"${base_path}/certificate.pem"
|
||||||
|
]
|
||||||
|
|
||||||
|
$certificate_files.each |$file_path| {
|
||||||
|
file { $file_path:
|
||||||
|
ensure => file,
|
||||||
|
owner => 'root',
|
||||||
|
group => 'root',
|
||||||
|
mode => '0644',
|
||||||
|
require => File[$base_path],
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -32,6 +32,7 @@ class profiles::reposync::webserver (
|
|||||||
$ssl_key = undef
|
$ssl_key = undef
|
||||||
$listen_port = $nginx_port
|
$listen_port = $nginx_port
|
||||||
$listen_ssl_port = undef
|
$listen_ssl_port = undef
|
||||||
|
$extras_hash = {}
|
||||||
}
|
}
|
||||||
'https': {
|
'https': {
|
||||||
$enable_ssl = true
|
$enable_ssl = true
|
||||||
@ -39,6 +40,9 @@ class profiles::reposync::webserver (
|
|||||||
$ssl_key = $selected_ssl_key
|
$ssl_key = $selected_ssl_key
|
||||||
$listen_port = $nginx_ssl_port
|
$listen_port = $nginx_ssl_port
|
||||||
$listen_ssl_port = $nginx_ssl_port
|
$listen_ssl_port = $nginx_ssl_port
|
||||||
|
$extras_hash = {
|
||||||
|
'subscribe' => [File[$ssl_cert], File[$ssl_key]],
|
||||||
|
}
|
||||||
}
|
}
|
||||||
'both': {
|
'both': {
|
||||||
$enable_ssl = true
|
$enable_ssl = true
|
||||||
@ -46,29 +50,37 @@ class profiles::reposync::webserver (
|
|||||||
$ssl_key = $selected_ssl_key
|
$ssl_key = $selected_ssl_key
|
||||||
$listen_port = $nginx_port
|
$listen_port = $nginx_port
|
||||||
$listen_ssl_port = $nginx_ssl_port
|
$listen_ssl_port = $nginx_ssl_port
|
||||||
|
$extras_hash = {
|
||||||
|
'subscribe' => [File[$ssl_cert], File[$ssl_key]],
|
||||||
|
}
|
||||||
}
|
}
|
||||||
default: {
|
default: {
|
||||||
# enum param prevents this ever being reached
|
# enum param prevents this ever being reached
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
class { 'nginx': }
|
# define the default parameters for the nginx server
|
||||||
|
$defaults = {
|
||||||
# create the nginx vhost
|
'listen_port' => $listen_port,
|
||||||
nginx::resource::server { $nginx_vhost:
|
'server_name' => [$nginx_vhost],
|
||||||
listen_port => $listen_port,
|
'use_default_location' => true,
|
||||||
server_name => [$nginx_vhost],
|
'access_log' => "/var/log/nginx/${nginx_vhost}_access.log",
|
||||||
use_default_location => true,
|
'error_log' => "/var/log/nginx/${nginx_vhost}_error.log",
|
||||||
access_log => "/var/log/nginx/${nginx_vhost}_access.log",
|
'www_root' => $www_root,
|
||||||
error_log => "/var/log/nginx/${nginx_vhost}_error.log",
|
'autoindex' => 'on',
|
||||||
www_root => $www_root,
|
'ssl' => $enable_ssl,
|
||||||
autoindex => 'on',
|
'ssl_cert' => $ssl_cert,
|
||||||
ssl => $enable_ssl,
|
'ssl_key' => $ssl_key,
|
||||||
ssl_cert => $ssl_cert,
|
'ssl_port' => $listen_ssl_port,
|
||||||
ssl_key => $ssl_key,
|
|
||||||
ssl_port => $listen_ssl_port,
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# merge the hashes conditionally
|
||||||
|
$nginx_parameters = merge($defaults, $extras_hash)
|
||||||
|
|
||||||
|
# create the nginx vhost with the merged parameters
|
||||||
|
class { 'nginx': }
|
||||||
|
create_resources('nginx::resource::server', { $nginx_vhost => $nginx_parameters })
|
||||||
|
|
||||||
if $favicon {
|
if $favicon {
|
||||||
file { "${www_root}/favicon.ico":
|
file { "${www_root}/favicon.ico":
|
||||||
ensure => 'file',
|
ensure => 'file',
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user