41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
|
# File 'manifests/vhost.pp', line 41
define certs::vhost (
$source_name = $name,
$source_path = undef,
$target_path = '/etc/ssl/certs',
$service = 'httpd',
$vault = undef,
$notify_service = true,
Enum['crt','pem'] $cert_extension = 'crt',
) {
if ($name == undef) {
fail('You must provide a name value for the vhost to certs::vhost.')
}
if ($source_path == undef) {
fail('You must provide a source_path for the SSL files to certs::vhost.')
}
if ($target_path == undef) {
fail('You must provide a target_ path for the certs to certs::vhost.')
}
$cert_name = "${name}.${cert_extension}"
$key_name = "${name}.key"
if $vault {
$vault_ssl_hash = vault_lookup("${source_path}/${source_name}")
file { $cert_name:
ensure => file,
path => "${target_path}/${cert_name}",
content => inline_epp('<%= $data %>', {'data' => $vault_ssl_hash['crt']}),
}
-> file { $key_name:
ensure => file,
path => "${target_path}/${key_name}",
content => inline_epp('<%= $data %>', {'data' => $vault_ssl_hash['key']}),
}
}
else {
file { $cert_name:
ensure => file,
path => "${target_path}/${cert_name}",
source => "${source_path}/${source_name}.crt",
}
-> file { $key_name:
ensure => file,
path => "${target_path}/${key_name}",
source => "${source_path}/${source_name}.key",
}
}
if $notify_service { Certs::Vhost[$title] ~> Service[$service] }
}
|