5

I have the following class and definition in puppet:

$certDirectory = "/var/lib/ssl/certs" class openssl { package { "openssl": ensure => latest } file { "openssl": path => "/var/lib/ssl", ensure => directory, mode => 0644 } file { "openssl-certs": path => "/var/lib/ssl/certs", ensure => directory, mode => 0644 } define cert($ensure = present) { $certfile = "${certDirectory}/${name}.cert" $keyfile = "${certDirectory}/${name}.key" $pemfile = "${certDirectory}/${name}.pem" file { "${name}.cert": path => $certfile, source => "puppet:///openssl/${name}.cert", mode => 0640, ensure => $ensure, } file { "${name}.key": path => $keyfile, source => "puppet:///openssl/${name}.key", mode => 0640, ensure => $ensure, } } }

I'm later (in a node) using this openssl::cert define to pass a cert to an apache vhost config:

openssl::cert { "rri": ensure=>present } apache2::site-config { "default": ip => "*", order => "000", docroot => '/home/support/public_html', cert => Openssl::Cert["rri"] }

And inside of the apache2::site-config define:

 file { "site-config-$name": path => "/etc/apache2/sites-available/$name", owner => root, group => root, mode => 0644, content => template($template), notify => Exec["reload-apache2"], }

The question I'm having - how can I reference the $certfile / $keyfile from the cert variable in the .erb file located at $template?

I'd also be very interested to know if I'm approaching this the wrong way too - its my first time trying to get anything setup using puppet and just trying to play around with what I can do.

UPDATED - Semi Working Now Based on freiheit's answer - I made a few changes to my apache2::site-config

 define site-config ( $ensure = 'present', $template = 'apache2/vhost.erb', $docroot, $ip='*', $order='000', $logs = "", $cert = false) { if $cert { File["site-config-$name"] { require=>Openssl::Cert[$cert] } $certfile = "${openssl::certDirectory}/${cert}.cert" $keyfile = "${openssl::certDirectory}/${cert}.key" } file { "site-config-$name": path => "/etc/apache2/sites-available/$name", owner => root, group => root, mode => 0644, content => template($template), notify => Exec["reload-apache2"], }

Then in the .erb

 SSLCertificateFile <%= certfile %> SSLCertificateKeyFile <%= keyfile %>

This seems to be working fairly well - I was just hoping that in the event of me changing the cert naming conventions around at some point that I would be able to access the actual filenames from the reference to the Openssl::Cert resource. Still curious to know if there is a way to do that.

Improve this question

1 Answer 1

Reset to default
4

Something like this in $template.erb:

<VirtualHost <%= ip %>:443> Document Root <%= docroot %> SSLCertificateFile <%= cert %> # ... </VirtualHost>

That is, any variable in puppet is available as a local variable in the ruby bits hiding in the .erb file.

Not sure why you have "$template" instead of a named .erb file (not seeing $template set anywhere, but willing to assume it's hiding somewhere)

And this seems wrong: cert => Openssl::Cert["rri"]. I'd expect something more like:

openssl::cert { "rri": }

And then the .erb would be more like:

<VirtualHost <%= ip %>:443> Document Root <%= docroot %> SSLCertificateFile <%= certDirectory %>/<%= name %> # ... </VirtualHost>
Improve this answer
2
  • $template="apache2/vhost.erb" in the define for apache2::site-config - Currently if I print the cert variable from the erb I just get Openssl::Cert[rri], but I think your post showed me my answer I needed anyway - will update in a minute Commented Sep 8, 2009 at 17:13
  • Well - I got it working by defining cert=>"rri" and then just doing a require=>Openssl::Cert[$cert] although I still think it should be possible to access a variable from a resource like the original question attempts. Commented Sep 8, 2009 at 17:27

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.