Defined Type: certs::vhost

Defined in:
manifests/vhost.pp

Overview

Examples:

Without Hiera:

  $cname = www.example.com
  certs::vhost{ $cname:
    source_path => 'puppet:///site_certificates',
  }

With Hiera:

  server.yaml
  ---
  certsvhost:
    'www.example.com':
      source_path: 'puppet:///modules/site_certificates/'

  manifest.pp
  ---
  certsvhost = hiera_hash('certsvhost')
  create_resources(certs::vhost, certsvhost)
  Certs::Vhost<| |> -> Apache::Vhost<| |>

Parameters:

  • title

    The title of the resource matches the certificate's name # e.g. 'www.example.com' matches the certificate for the hostname # 'www.example.com'

  • source_path (Any) (defaults to: undef)

    Required. The location of the certificate files. Typically references a module's files. e.g. 'puppet:///site_certs' will search $modulepath/site_certs/files on the master for the specified files.

  • target_path (Any) (defaults to: '/etc/ssl/certs')

    Location where the certificate files will be stored on the managed node. Default: '/etc/ssl/certs'

  • service (Any) (defaults to: 'httpd')

    Name of the web server service to notify when certificates are updated. Default: 'http'

  • source_name (Any) (defaults to: $name)

    Name of the file to use if different than the title of the resource Default: '$name'

  • vault (Any) (defaults to: undef)

    Use vault_lookup to query vault service for crt/key pair Default: 'undef'

  • notify_service (Any) (defaults to: true)
  • cert_extension (Enum['crt','pem']) (defaults to: 'crt') 


41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
 
# File 'manifests/vhost.pp', line 41

define certs::vhost (
  $source_name                      = $name,
  $source_path                      = undef,
  $target_path                      = '/etc/ssl/certs',
  $service                          = 'httpd',
  $vault                            = undef,
  $notify_service                   = true,
  Enum['crt','pem'] $cert_extension = 'crt',
) {
  if ($name == undef) {
    fail('You must provide a name value for the vhost to certs::vhost.')
  }
  if ($source_path == undef) {
    fail('You must provide a source_path for the SSL files to certs::vhost.')
  }
  if ($target_path == undef) {
    fail('You must provide a target_ path for the certs to certs::vhost.')
  }

  $cert_name = "${name}.${cert_extension}"
  $key_name = "${name}.key"

  if $vault {
    $vault_ssl_hash = vault_lookup("${source_path}/${source_name}")

    file { $cert_name:
      ensure  => file,
      path    => "${target_path}/${cert_name}",
      content => inline_epp('<%= $data %>', {'data' => $vault_ssl_hash['crt']}),
    }
    -> file { $key_name:
      ensure  => file,
      path    => "${target_path}/${key_name}",
      content => inline_epp('<%= $data %>', {'data' => $vault_ssl_hash['key']}),
    }
  }
  else {
    file { $cert_name:
      ensure => file,
      path   => "${target_path}/${cert_name}",
      source => "${source_path}/${source_name}.crt",
    }
    -> file { $key_name:
      ensure => file,
      path   => "${target_path}/${key_name}",
      source => "${source_path}/${source_name}.key",
    }
  }
  if $notify_service { Certs::Vhost[$title] ~> Service[$service] }
}