Added 'first' parameter to apache::sslsite

When set to true, ensures the site configuration is loaded first, thus becoming the default virtual host when NameVirtualHost (and SNI) is used.
2013-01-31 20:53:08 +02:00 · 2013-01-31 20:53:08 +02:00 · 68ac64b13f
commit 68ac64b13f
parent 3704a86d50
3 changed files with 24 additions and 7 deletions
--- a/apache/manifests/debian.pp
+++ b/apache/manifests/debian.pp
@ -180,7 +180,8 @@ class apache::debian::sslserver inherits apache::debian::common {
 }


-define apache::debian::sslsite($ipaddr, $root, $ssl_cert, $ssl_key, $ssl_chain) {
+define apache::debian::sslsite($first, $ipaddr, $root,
+                               $ssl_cert, $ssl_key, $ssl_chain) {

    if $name == "default" {
        $site_fqdn = $homename
@ -253,8 +254,13 @@ define apache::debian::sslsite($ipaddr, $root, $ssl_cert, $ssl_key, $ssl_chain)
        }
    }

-    $site_conf = "/etc/apache2/sites-enabled/${site_fqdn}-ssl.conf"
-    $site_confdir = "/etc/apache2/sites-enabled/${site_fqdn}-ssl.d"
+    if $first == true {
+        $site_conf = "/etc/httpd/site.https.d/00-${site_fqdn}.conf"
+        $site_confdir = "/etc/httpd/site.https.d/00-${site_fqdn}.d"
+    } else {
+        $site_conf = "/etc/httpd/site.https.d/${site_fqdn}.conf"
+        $site_confdir = "/etc/httpd/site.https.d/${site_fqdn}.d"
+    }

    file { $site_conf:
        ensure  => present,
--- a/apache/manifests/init.pp
+++ b/apache/manifests/init.pp
@ -248,6 +248,9 @@ class apache::sslserver::listen {
 #
 #   $name:
 #       FQDN of virtual host.
+#   $first:
+#       Bool for whether this is the first (default) vhost
+#       when using NameVirtualHost. Defaults to false.
 #   $ipaddr:
 #       IP address of virtual host. Defaults to _default_.
 #   $root:
@ -267,7 +270,7 @@ class apache::sslserver::listen {
 #     ssl_key  => "puppet:///path/to/www.example.com.key",
 # }
 #
-define apache::sslsite($ipaddr="_default_", $root="", $ssl_cert="", $ssl_key="", $ssl_chain="") {
+define apache::sslsite($first=false, $ipaddr="_default_", $root="", $ssl_cert="", $ssl_key="", $ssl_chain="") {

    include apache::sslserver::listen

@ -275,6 +278,7 @@ define apache::sslsite($ipaddr="_default_", $root="", $ssl_cert="", $ssl_key="",
        "debian","ubuntu": {
            $apache_ssldir = "/etc/ssl"
            apache::debian::sslsite { $name:
+                first     => $first,
                ipaddr    => $ipaddr,
                root      => $root,
                ssl_cert  => $ssl_cert,
@ -286,6 +290,7 @@ define apache::sslsite($ipaddr="_default_", $root="", $ssl_cert="", $ssl_key="",
        "centos","redhat","fedora": {
            $apache_ssldir = "/etc/pki/tls"
            apache::redhat::sslsite { $name:
+                first     => $first,
                ipaddr    => $ipaddr,
                root      => $root,
                ssl_cert  => $ssl_cert,
--- a/apache/manifests/redhat.pp
+++ b/apache/manifests/redhat.pp
@ -219,7 +219,8 @@ class apache::redhat::sslserver {
 }


-define apache::redhat::sslsite($ipaddr, $root, $ssl_cert, $ssl_key, $ssl_chain) {
+define apache::redhat::sslsite($first, $ipaddr, $root,
+                               $ssl_cert, $ssl_key, $ssl_chain) {

    if $name == "default" {
        $site_fqdn = $homename
@ -293,8 +294,13 @@ define apache::redhat::sslsite($ipaddr, $root, $ssl_cert, $ssl_key, $ssl_chain)
        }
    }

-    $site_conf = "/etc/httpd/site.https.d/${site_fqdn}.conf"
-    $site_confdir = "/etc/httpd/site.https.d/${site_fqdn}.d"
+    if $first == true {
+        $site_conf = "/etc/httpd/site.https.d/00-${site_fqdn}.conf"
+        $site_confdir = "/etc/httpd/site.https.d/00-${site_fqdn}.d"
+    } else {
+        $site_conf = "/etc/httpd/site.https.d/${site_fqdn}.conf"
+        $site_confdir = "/etc/httpd/site.https.d/${site_fqdn}.d"
+    }

    file { $site_conf:
        ensure  => present,