Add option for LE provisioned certs to zuul::web
We need to communicate to apache vhost config that we want LE certs to be used in some cases. Add a vhosts_flags flag to signal this then plumb the correct data into the vhost when set. Note this requires the vhost name and the le cert name to match as that is our mapping between puppet and ansibe here. Change-Id: I40131525c10152ebb0a7495588f137e3c019bbc5
This commit is contained in:
parent
9f5225752d
commit
bc5302e71a
|
@ -15,6 +15,7 @@
|
|||
define zuul::status_backups (
|
||||
$tenant_name,
|
||||
$ssl,
|
||||
$use_le = undef, # Unused here
|
||||
$status_uri = undef,
|
||||
) {
|
||||
if $status_uri == undef {
|
||||
|
|
|
@ -74,6 +74,7 @@ class zuul::web (
|
|||
"${vhost_name}" => {
|
||||
tenant_name => $tenant_name,
|
||||
ssl => $use_ssl,
|
||||
use_le => false,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -6,11 +6,17 @@
|
|||
<% if @ssl -%>
|
||||
SSLEngine on
|
||||
SSLProtocol All -SSLv2 -SSLv3
|
||||
<% if ! [false, '', nil].include?(scope.lookupvar('::zuul::web::vhosts_flags_int')[@vhost_name]['use_le']) -%>
|
||||
SSLCertificateFile /etc/letsencrypt-certs/<%= @vhost_name %>/<%= @vhost_name %>.cer
|
||||
SSLCertificateKeyFile /etc/letsencrypt-certs/<%= @vhost_name %>/<%= @vhost_name %>.key
|
||||
SSLCertificateChainFile /etc/letsencrypt-certs/<%= @vhost_name %>/ca.cer
|
||||
<% else -%>
|
||||
SSLCertificateFile /etc/ssl/certs/<%= @vhost_name %>.pem
|
||||
SSLCertificateKeyFile /etc/ssl/private/<%= @vhost_name %>.key
|
||||
<% if scope.lookupvar('::zuul::web::vhosts_ssl_int')[@vhost_name]['ssl_chain_file_contents'] != '' -%>
|
||||
SSLCertificateChainFile /etc/ssl/certs/<%= @vhost_name %>_intermediate.pem
|
||||
<% end -%>
|
||||
<% end -%>
|
||||
<% end -%>
|
||||
|
||||
ServerName <%= @vhost_name %>
|
||||
|
|
Loading…
Reference in New Issue