Add param to specify app protocol

Templates/manifests for https hosting already exist, but we currently force
http hosting. This patch adds a 'protocol' param to allow the capability
to host with https. This patch also changes the hostname to default to
the fully qualified domain name and changes certs/keys to snakeoil.

Change-Id: Ic3cd47f4166c5219030254e8ae557b654f0756eb
This commit is contained in:
Paul Van Eck 2015-09-01 14:10:20 -07:00
parent e1482bf068
commit 579d39bbda
4 changed files with 29 additions and 6 deletions

View File

@ -21,7 +21,15 @@ class refstack (
$mysql_database = 'refstack',
$mysql_user = 'refstack',
$mysql_user_password,
$hostname = $::ipaddress,
$hostname = $::fqdn,
$protocol = 'http',
$ssl_cert_content = undef,
$ssl_cert = '/etc/ssl/certs/ssl-cert-snakeoil.pem',
$ssl_key_content = undef,
$ssl_key = '/etc/ssl/private/ssl-cert-snakeoil.key',
$ssl_ca_content = undef,
$ssl_ca = undef, # '/etc/ssl/certs/ca.pem'
) {
# Configure the entire refstack instance. This does not install anything,
@ -30,11 +38,23 @@ class refstack (
mysql_database => $mysql_database,
mysql_user => $mysql_user,
mysql_user_password => $mysql_user_password,
hostname => $hostname
hostname => $hostname,
protocol => $protocol,
ssl_cert_content => $ssl_cert_content,
ssl_cert => $ssl_cert,
ssl_key_content => $ssl_key_content,
ssl_key => $ssl_key,
ssl_ca_content => $ssl_ca_content,
ssl_ca => $ssl_ca
}
include ::refstack::mysql
include ::refstack::app
include ::refstack::api
include ::refstack::apache::http
if $protocol == 'https' {
include ::refstack::apache::https
} else {
include ::refstack::apache::http
}
}

View File

@ -27,7 +27,8 @@ class refstack::params (
$user = 'refstack',
$group = 'refstack',
$server_admin = undef,
$hostname = $::ipaddress,
$hostname = $::fqdn,
$protocol = 'http',
# [database] refstack.conf
$mysql_user = 'refstack',
@ -38,9 +39,9 @@ class refstack::params (
# Apache2 ssl configuration
$ssl_cert_content = undef,
$ssl_cert = '/etc/ssl/certs/refstack.pem',
$ssl_cert = '/etc/ssl/certs/ssl-cert-snakeoil.pem',
$ssl_key_content = undef,
$ssl_key = '/etc/ssl/private/refstack.key',
$ssl_key = '/etc/ssl/private/ssl-cert-snakeoil.key',
$ssl_ca_content = undef,
$ssl_ca = undef, # '/etc/ssl/certs/ca.pem'
) {

View File

@ -25,6 +25,7 @@
CustomLog ${APACHE_LOG_DIR}/refstack-ssl-access.log combined
SSLEngine on
SSLProtocol All -SSLv2 -SSLv3
SSLCertificateFile <%= @ssl_cert %>
SSLCertificateKeyFile <%= @ssl_key %>

View File

@ -1,6 +1,7 @@
node default {
class { '::refstack':
hostname => '192.168.99.88',
protocol => 'http',
mysql_user_password => 'refstack',
}
}