Skip to content
Snippets Groups Projects
Commit 98079c59 authored by Adam Lewenberg's avatar Adam Lewenberg
Browse files

add hosting model parameter

parent 6ff0fa19
No related branches found
No related tags found
No related merge requests found
...@@ -4,6 +4,10 @@ ...@@ -4,6 +4,10 @@
# #
class secure_afs_request ( class secure_afs_request (
Enum['present', 'absent'] $ensure = 'present', Enum['present', 'absent'] $ensure = 'present',
#
Enum['traditional', 'docker']
$hosting_model = 'traditional',
#
String $vhost = 'secure-afs-request.example.com', String $vhost = 'secure-afs-request.example.com',
# #
Enum['wallet', 'none'] $db_credentials_source = 'wallet', Enum['wallet', 'none'] $db_credentials_source = 'wallet',
...@@ -22,26 +26,6 @@ class secure_afs_request ( ...@@ -22,26 +26,6 @@ class secure_afs_request (
require => Package['secure-afs-request-web'], require => Package['secure-afs-request-web'],
} }
# Install the database ini file
case $db_credentials_source {
'wallet': {
if ($db_wallet_name != undef) {
wallet { $db_wallet_name:
ensure => $ensure,
type => 'file',
path => '/etc/secure-afs-request/database.ini',
mode => '0640',
owner => 'root',
group => 'www-data',
}
} else {
crit('wallet_name not defined')
}
}
'none': { }
default: { crit('unknown value for db_credentials_source') }
}
# Install the Apache configuration. # Install the Apache configuration.
file { '/etc/apache2/sites-enabled/secure-afs-request.conf': file { '/etc/apache2/sites-enabled/secure-afs-request.conf':
ensure => $ensure, ensure => $ensure,
...@@ -51,20 +35,41 @@ class secure_afs_request ( ...@@ -51,20 +35,41 @@ class secure_afs_request (
mode => '0755', mode => '0755',
} }
# Install the key-pair # Install the database ini file and other secrets (traditional hosts only)
su_apache::cert::incommon { $vhost: if ($hosting_model == 'traditional') {
ensure => $ensure, case $db_credentials_source {
} 'wallet': {
if ($db_wallet_name != undef) {
wallet { $db_wallet_name:
ensure => $ensure,
type => 'file',
path => '/etc/secure-afs-request/database.ini',
mode => '0640',
owner => 'root',
group => 'www-data',
}
} else {
crit('wallet_name not defined')
}
}
'none': { }
default: { crit('unknown value for db_credentials_source') }
}
# We need a Kerberos keytab for LDAP lookups. # Install the key-pair
wallet { $ldap_wallet_name: su_apache::cert::incommon { $vhost:
ensure => $ensure, ensure => $ensure,
type => 'keytab', }
path => '/etc/secure-afs-request/keytab',
mode => '0640',
owner => 'root',
group => 'www-data',
}
# We need a Kerberos keytab for LDAP lookups.
wallet { $ldap_wallet_name:
ensure => $ensure,
type => 'keytab',
path => '/etc/secure-afs-request/keytab',
mode => '0640',
owner => 'root',
group => 'www-data',
}
}
} }
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment