Project

General

Profile

« Previous | Next » 

Revision 222fb5e5

Added by Adam Heinz over 10 years ago

Make use of $foreman::params::server_ssl_* in vhost conf.

View differences:

manifests/config/passenger.pp
# specifiy which interface to bind passenger to eth0, eth1, ...
$listen_on_interface = '',
$scl_prefix = undef
$scl_prefix = undef,
$ssl_ca = $foreman::server_ssl_ca,
$ssl_cert = $foreman::server_ssl_cert,
$ssl_key = $foreman::server_ssl_key
) {
include apache::ssl
include ::passenger
manifests/init.pp
#
# $passenger_interface:: Defines which network interface passenger should listen on, undef means all interfaces
#
# $server_ssl_ca:: Defines Apache mod_ssl SSLCertificateChainFile setting in Foreman vhost conf file.
#
# $server_ssl_cert:: Defines Apache mod_ssl SSLCertificateFile setting in Foreman vhost conf file.
#
# $server_ssl_key:: Defines Apache mod_ssl SSLCertificateKeyFile setting in Foreman vhost conf file.
#
# $oauth_active:: Enable OAuth authentication for REST API
# type:boolean
#
......
$locations_enabled = $foreman::params::locations_enabled,
$organizations_enabled = $foreman::params::organizations_enabled,
$passenger_interface = $foreman::params::passenger_interface,
$server_ssl_ca = $foreman::params::server_ssl_ca,
$server_ssl_cert = $foreman::params::server_ssl_cert,
$server_ssl_key = $foreman::params::server_ssl_key,
$oauth_active = $foreman::params::oauth_active,
$oauth_map_users = $foreman::params::oauth_map_users,
$oauth_consumer_key = $foreman::params::oauth_consumer_key,
manifests/params.pp
$client_ssl_cert = "${puppet_home}/ssl/certs/${::fqdn}.pem"
$client_ssl_key = "${puppet_home}/ssl/private_keys/${::fqdn}.pem"
# Set these values if you want Passenger to serve a CA-provided cert instead of puppet's
$server_ssl_ca = "${puppet_home}/ssl/certs/ca.pem"
$server_ssl_cert = "${puppet_home}/ssl/certs/${::fqdn}.pem"
$server_ssl_key = "${puppet_home}/ssl/private_keys/${::fqdn}.pem"
# We need the REST API interface with OAuth for some REST Puppet providers
$oauth_active = true
$oauth_map_users = true
spec/classes/foreman_config_passenger_spec.rb
should_not contain_file('foreman_vhost').with_content(/<VirtualHost \*:443>/)
end
end
describe 'with custom ssl cert' do
let :pre_condition do
"class {'foreman':
server_ssl_cert => 'foo',
server_ssl_key => 'bar',
server_ssl_ca => 'baz',
ssl => true,
}"
end
it 'should specify trust chain' do
should contain_file('foreman_vhost').with_content(/SSLCertificateFile\s+foo/)
should contain_file('foreman_vhost').with_content(/SSLCertificateKeyFile\s+bar/)
should contain_file('foreman_vhost').with_content(/SSLCertificateChainFile\s+baz/)
end
end
end
end
templates/foreman-vhost.conf.erb
<%= scope.function_template(['foreman/_assets.conf.erb']) %>
# Use puppet certificates for SSL
SSLEngine On
SSLCertificateFile /var/lib/puppet/ssl/certs/<%= @fqdn %>.pem
SSLCertificateKeyFile /var/lib/puppet/ssl/private_keys/<%= @fqdn %>.pem
SSLCertificateChainFile /var/lib/puppet/ssl/certs/ca.pem
SSLCertificateFile <%= @ssl_cert %>
SSLCertificateKeyFile <%= @ssl_key %>
SSLCertificateChainFile <%= @ssl_ca %>
SSLCACertificateFile /var/lib/puppet/ssl/certs/ca.pem
SSLVerifyClient optional
SSLOptions +StdEnvVars

Also available in: Unified diff