Add option for LE provisioned certs to zuul::web
We need to communicate to apache vhost config that we want LE certs to be used in some cases. Add a vhosts_flags flag to signal this then plumb the correct data into the vhost when set. Note this requires the vhost name and the le cert name to match as that is our mapping between puppet and ansibe here. Change-Id: I40131525c10152ebb0a7495588f137e3c019bbc5
This commit is contained in:
parent
b7d49bf548
commit
fb45aaaeec
|
@ -15,6 +15,7 @@
|
|||
define zuul::status_backups (
|
||||
$tenant_name,
|
||||
$ssl,
|
||||
$use_le = undef, # Unused here
|
||||
$status_uri = undef,
|
||||
) {
|
||||
if $status_uri == undef {
|
||||
|
|
|
@ -74,6 +74,7 @@ class zuul::web (
|
|||
"${vhost_name}" => {
|
||||
tenant_name => $tenant_name,
|
||||
ssl => $use_ssl,
|
||||
use_le => false,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -6,11 +6,17 @@
|
|||
<% if @ssl -%>
|
||||
SSLEngine on
|
||||
SSLProtocol All -SSLv2 -SSLv3
|
||||
<% if ! [false, '', nil].include?(scope.lookupvar('::zuul::web::vhosts_flags_int')[@vhost_name]['use_le']) -%>
|
||||
SSLCertificateFile /etc/letsencrypt-certs/<%= @vhost_name %>/<%= @vhost_name %>.cer
|
||||
SSLCertificateKeyFile /etc/letsencrypt-certs/<%= @vhost_name %>/<%= @vhost_name %>.key
|
||||
SSLCertificateChainFile /etc/letsencrypt-certs/<%= @vhost_name %>/ca.cer
|
||||
<% else -%>
|
||||
SSLCertificateFile /etc/ssl/certs/<%= @vhost_name %>.pem
|
||||
SSLCertificateKeyFile /etc/ssl/private/<%= @vhost_name %>.key
|
||||
<% if scope.lookupvar('::zuul::web::vhosts_ssl_int')[@vhost_name]['ssl_chain_file_contents'] != '' -%>
|
||||
SSLCertificateChainFile /etc/ssl/certs/<%= @vhost_name %>_intermediate.pem
|
||||
<% end -%>
|
||||
<% end -%>
|
||||
<% end -%>
|
||||
|
||||
ServerName <%= @vhost_name %>
|
||||
|
|
Loading…
Reference in New Issue