Use puppet certificates in ejabberd by default
This commit is contained in:
Ossi Salmi
parent
12791c5891
commit
5f06698dbd
1 changed files with 39 additions and 33 deletions
|
|
@ -78,45 +78,51 @@ class ejabberd {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if $ejabberd_ssl_key and $ejabberd_ssl_cert {
|
if !$ejabberd_ssl_key {
|
||||||
file { "${cert_prefix}/private/ejabberd.key":
|
$ejabberd_ssl_key = "${puppet_ssldir}/private_keys/${homename}.pem"
|
||||||
|
}
|
||||||
|
if !$ejabberd_ssl_cert {
|
||||||
|
$ejabberd_ssl_cert = "${puppet_ssldir}/certs/${homename}.pem"
|
||||||
|
}
|
||||||
|
|
||||||
|
file { "${cert_prefix}/private/ejabberd.key":
|
||||||
|
ensure => present,
|
||||||
|
source => $ejabberd_ssl_key,
|
||||||
|
mode => "0600",
|
||||||
|
owner => "root",
|
||||||
|
group => "root",
|
||||||
|
notify => Exec["generate-ejabberd-pem"],
|
||||||
|
}
|
||||||
|
file { "${cert_prefix}/certs/ejabberd.crt":
|
||||||
|
ensure => present,
|
||||||
|
source => $ejabberd_ssl_cert,
|
||||||
|
mode => "0644",
|
||||||
|
owner => "root",
|
||||||
|
group => "root",
|
||||||
|
notify => Exec["generate-ejabberd-pem"],
|
||||||
|
}
|
||||||
|
if $ejabberd_ssl_chain {
|
||||||
|
file { "${cert_prefix}/certs/ejabberd.chain.crt":
|
||||||
ensure => present,
|
ensure => present,
|
||||||
source => $ejabberd_ssl_key,
|
source => $ejabberd_ssl_chain,
|
||||||
mode => "0600",
|
|
||||||
owner => "root",
|
|
||||||
group => "root",
|
|
||||||
notify => Exec["generate-ejabberd-pem"],
|
|
||||||
}
|
|
||||||
file { "${cert_prefix}/certs/ejabberd.crt":
|
|
||||||
ensure => present,
|
|
||||||
source => $ejabberd_ssl_cert,
|
|
||||||
mode => "0644",
|
mode => "0644",
|
||||||
owner => "root",
|
owner => "root",
|
||||||
group => "root",
|
group => "root",
|
||||||
notify => Exec["generate-ejabberd-pem"],
|
notify => Exec["generate-ejabberd-pem"],
|
||||||
}
|
}
|
||||||
if $ejabberd_ssl_chain {
|
$cert_files = "private/ejabberd.key certs/ejabberd.crt certs/ejabberd.chain.crt"
|
||||||
file { "${cert_prefix}/certs/ejabberd.chain.crt":
|
} else {
|
||||||
ensure => present,
|
$cert_files = "private/ejabberd.key certs/ejabberd.crt"
|
||||||
source => $ejabberd_ssl_chain,
|
}
|
||||||
mode => "0644",
|
|
||||||
owner => "root",
|
exec { "generate-ejabberd-pem":
|
||||||
group => "root",
|
path => "/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin",
|
||||||
notify => Exec["generate-ejabberd-pem"],
|
cwd => $cert_prefix,
|
||||||
}
|
command => "/bin/sh -c 'umask 077 ; cat ${cert_files} > /etc/ejabberd/ejabberd.pem'",
|
||||||
$cert_files = "private/ejabberd.key certs/ejabberd.crt certs/ejabberd.chain.crt"
|
refreshonly => true,
|
||||||
} else {
|
before => File["/etc/ejabberd/ejabberd.pem"],
|
||||||
$cert_files = "private/ejabberd.key certs/ejabberd.crt"
|
require => Package["ejabberd"],
|
||||||
}
|
notify => Service["ejabberd"],
|
||||||
exec { "generate-ejabberd-pem":
|
|
||||||
path => "/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin",
|
|
||||||
cwd => $cert_prefix,
|
|
||||||
command => "/bin/sh -c 'umask 077 ; cat ${cert_files} > /etc/ejabberd/ejabberd.pem'",
|
|
||||||
refreshonly => true,
|
|
||||||
before => File["/etc/ejabberd/ejabberd.pem"],
|
|
||||||
require => Package["ejabberd"],
|
|
||||||
notify => Service["ejabberd"],
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
file { "/etc/ejabberd/ejabberd.pem":
|
file { "/etc/ejabberd/ejabberd.pem":
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue