Revision 677a47e7
Added by Stephen Benjamin almost 6 years ago
manifests/apache.pp | ||
---|---|---|
$expiration = $::certs::expiration,
|
||
$default_ca = $::certs::default_ca,
|
||
$ca_key_password_file = $::certs::ca_key_password_file,
|
||
$group = $::certs::group,
|
||
) inherits certs {
|
||
|
||
$apache_cert_name = "${hostname}-apache"
|
||
... | ... | |
key_file => $apache_key,
|
||
manage_key => true,
|
||
key_owner => 'root',
|
||
key_group => 'root',
|
||
key_group => $group,
|
||
key_mode => '0440',
|
||
cert_file => $apache_cert,
|
||
}
|
spec/classes/certs_apache_spec.rb | ||
---|---|---|
describe 'with default parameters' do
|
||
it { should compile.with_all_deps }
|
||
end
|
||
|
||
describe "with group overridden" do
|
||
let :pre_condition do
|
||
"class {'certs': group => 'foreman',}"
|
||
end
|
||
|
||
it { should compile.with_all_deps }
|
||
|
||
it do
|
||
is_expected.to contain_certs__keypair('apache')
|
||
.with_key_group('foreman')
|
||
end
|
||
end
|
||
end
|
Also available in: Unified diff
fixes #24210 - certs group must be overridable (#204)
For Katello, we override the certs ownership so Foreman can read it.
This is required for WebVNC: the foreman user launches websockify
using the certificate.