|
61 | 61 | if $::osfamily == 'redhat' { |
62 | 62 |
|
63 | 63 | file{"${puppet_ssldir}/ca": |
64 | | - ensure => directory, |
65 | | - owner => $::puppet::params::puppet_user, |
66 | | - group => $::puppet::params::puppet_group, |
67 | | - mode => '0770', |
68 | | - before => Exec['Certificate_Check'], |
| 64 | + ensure => directory, |
| 65 | + owner => $::puppet::params::puppet_user, |
| 66 | + group => $::puppet::params::puppet_group, |
| 67 | + mode => '0770', |
| 68 | + before => Exec['Certificate_Check'], |
69 | 69 | } |
70 | 70 |
|
71 | 71 | file{"${puppet_ssldir}/ca/requests": |
72 | | - ensure => directory, |
73 | | - owner => $::puppet::params::puppet_user, |
74 | | - group => $::puppet::params::puppet_group, |
75 | | - mode => '0750', |
76 | | - before => Exec['Certificate_Check'], |
| 72 | + ensure => directory, |
| 73 | + owner => $::puppet::params::puppet_user, |
| 74 | + group => $::puppet::params::puppet_group, |
| 75 | + mode => '0750', |
| 76 | + before => Exec['Certificate_Check'], |
77 | 77 | } |
78 | 78 |
|
79 | 79 | } |
|
108 | 108 | } |
109 | 109 |
|
110 | 110 | apache::vhost { "puppet-${certname}": |
111 | | - port => $puppet_passenger_port, |
112 | | - priority => '40', |
113 | | - docroot => $puppet_docroot, |
114 | | - serveradmin => $apache_serveradmin, |
115 | | - servername => $certname, |
116 | | - ssl => true, |
117 | | - ssl_cert => "${puppet_ssldir}/certs/${certname}.pem", |
118 | | - ssl_key => "${puppet_ssldir}/private_keys/${certname}.pem", |
119 | | - ssl_chain => "${puppet_ssldir}/ca/ca_crt.pem", |
120 | | - ssl_ca => "${puppet_ssldir}/ca/ca_crt.pem", |
121 | | - ssl_crl => "${puppet_ssldir}/ca/ca_crl.pem", |
122 | | - ssl_protocol => 'ALL -SSLv2 -SSLv3', |
123 | | - ssl_cipher => 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK', |
| 111 | + port => $puppet_passenger_port, |
| 112 | + priority => '40', |
| 113 | + docroot => $puppet_docroot, |
| 114 | + serveradmin => $apache_serveradmin, |
| 115 | + servername => $certname, |
| 116 | + ssl => true, |
| 117 | + ssl_cert => "${puppet_ssldir}/certs/${certname}.pem", |
| 118 | + ssl_key => "${puppet_ssldir}/private_keys/${certname}.pem", |
| 119 | + ssl_chain => "${puppet_ssldir}/ca/ca_crt.pem", |
| 120 | + ssl_ca => "${puppet_ssldir}/ca/ca_crt.pem", |
| 121 | + ssl_crl => "${puppet_ssldir}/ca/ca_crl.pem", |
| 122 | + ssl_protocol => 'ALL -SSLv2 -SSLv3', |
| 123 | + ssl_cipher => 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK', |
124 | 124 | ssl_honorcipherorder => 'On', |
125 | | - ssl_verify_client => 'optional', |
126 | | - ssl_verify_depth => '1', |
127 | | - ssl_options => ['+StdEnvVars', '+ExportCertData'], |
128 | | - rack_base_uris => '/', |
129 | | - directories => [ |
| 125 | + ssl_verify_client => 'optional', |
| 126 | + ssl_verify_depth => '1', |
| 127 | + ssl_options => ['+StdEnvVars', '+ExportCertData'], |
| 128 | + rack_base_uris => '/', |
| 129 | + directories => [ |
130 | 130 | { |
131 | 131 | path => $puppet_docroot, |
132 | 132 | }, |
|
135 | 135 | options => 'None', |
136 | 136 | }, |
137 | 137 | ], |
138 | | - require => [ File['/etc/puppet/rack/config.ru'], File[$puppet_conf] ], |
| 138 | + require => [ File['/etc/puppet/rack/config.ru'], File[$puppet_conf] ], |
139 | 139 | } |
140 | 140 |
|
141 | 141 | #Hack to add extra passenger configurations for puppetmaster |
|
0 commit comments