Clark Boylan fd97e061ae Evaluate files vhosts after we determine ssl file paths
Previously we evaluated the vhost templates before setting
ssl_cert_file_ and ssl_key_file_ and ssl_chain_file_. This made erb
unhappy because those are the three variables we use to set paths in the
vhost. Fix this by moving the vhost after the ssl file vars are set.

Change-Id: I4ba62521c9e7da104f8799d016cbcf0214cbdfc1
2019-06-06 16:28:37 -07:00

92 lines
2.4 KiB
Puppet

# Copyright 2017 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
define openstack_project::website (
$aliases = undef,
$volume_name = undef,
$ssl_cert = undef,
$ssl_key = undef,
$ssl_intermediate = undef,
$ssl_cert_file = undef,
$ssl_key_file = undef,
$ssl_chain_file = undef,
$template = 'openstack_project/website.vhost.erb',
$docroot = undef,
) {
$afs_root = '/afs/openstack.org/'
if $volume_name == undef {
# Default to volume name matching vhost name
$volume_name_ = $name
} else {
$volume_name_ = $volume_name
}
if $docroot == undef {
$docroot_ = "${afs_root}/project/${volume_name_}/www"
} else {
$docroot_ = $docroot
}
if ($ssl_cert != undef) {
$ssl_cert_file_ = "/etc/ssl/certs/${name}.pem"
file { "${ssl_cert_file_}":
ensure => present,
owner => 'root',
group => 'root',
mode => '0644',
content => $ssl_cert,
require => File['/etc/ssl/certs'],
}
} else {
$ssl_cert_file_ = $ssl_cert_file
}
if ($ssl_key != undef) {
$ssl_key_file_ = "/etc/ssl/private/${name}.key"
file { "${ssl_key_file_}":
ensure => present,
owner => 'root',
group => 'root',
mode => '0600',
content => $ssl_key,
require => File['/etc/ssl/private'],
}
} else {
$ssl_key_file_ = $ssl_key_file
}
if ($ssl_intermediate != undef) {
$ssl_chain_file_ = "/etc/ssl/certs/${name}_intermediate.pem"
file { "${ssl_chain_file_}":
ensure => present,
owner => 'root',
group => 'root',
mode => '0644',
content => $ssl_intermediate,
require => File['/etc/ssl/certs'],
}
} else {
$ssl_chain_file_ = $ssl_chain_file
}
::httpd::vhost { $name:
serveraliases => $aliases,
port => 443, # Is required despite not being used.
docroot => $docroot_,
priority => '50',
content => template($template)
}
}