I have the following class and definition in puppet:
$certDirectory = "/var/lib/ssl/certs"
class openssl {
package { "openssl":
ensure => latest
}
file { "openssl":
path => "/var/lib/ssl",
ensure => directory,
mode => 0644
}
file { "openssl-certs":
path => "/var/lib/ssl/certs",
ensure => directory,
mode => 0644
}
define cert($ensure = present) {
$certfile = "${certDirectory}/${name}.cert"
$keyfile = "${certDirectory}/${name}.key"
$pemfile = "${certDirectory}/${name}.pem"
file { "${name}.cert":
path => $certfile,
source => "puppet:///openssl/${name}.cert",
mode => 0640,
ensure => $ensure,
}
file { "${name}.key":
path => $keyfile,
source => "puppet:///openssl/${name}.key",
mode => 0640,
ensure => $ensure,
}
}
}
I'm later (in a node) using this openssl::cert define to pass a cert to an apache vhost config:
openssl::cert { "rri":
ensure=>present
}
apache2::site-config { "default":
ip => "*",
order => "000",
docroot => '/home/support/public_html',
cert => Openssl::Cert["rri"]
}
And inside of the apache2::site-config define:
file { "site-config-$name":
path => "/etc/apache2/sites-available/$name",
owner => root,
group => root,
mode => 0644,
content => template($template),
notify => Exec["reload-apache2"],
}
The question I'm having – how can I reference the $certfile
/ $keyfile
from the cert variable in the .erb file located at $template?
I'd also be very interested to know if I'm approaching this the wrong way too – its my first time trying to get anything setup using puppet and just trying to play around with what I can do.
UPDATED – Semi Working Now
Based on freiheit's answer – I made a few changes to my apache2::site-config
define site-config (
$ensure = 'present',
$template = 'apache2/vhost.erb',
$docroot,
$ip='*',
$order='000',
$logs = "",
$cert = false) {
if $cert {
File["site-config-$name"] { require=>Openssl::Cert[$cert] }
$certfile = "${openssl::certDirectory}/${cert}.cert"
$keyfile = "${openssl::certDirectory}/${cert}.key"
}
file { "site-config-$name":
path => "/etc/apache2/sites-available/$name",
owner => root,
group => root,
mode => 0644,
content => template($template),
notify => Exec["reload-apache2"],
}
Then in the .erb
SSLCertificateFile <%= certfile %>
SSLCertificateKeyFile <%= keyfile %>
This seems to be working fairly well – I was just hoping that in the event of me changing the cert naming conventions around at some point that I would be able to access the actual filenames from the reference to the Openssl::Cert resource. Still curious to know if there is a way to do that.
Best Answer
Something like this in $template.erb:
That is, any variable in puppet is available as a local variable in the ruby bits hiding in the .erb file.
Not sure why you have "$template" instead of a named .erb file (not seeing $template set anywhere, but willing to assume it's hiding somewhere)
And this seems wrong:
cert => Openssl::Cert["rri"]
. I'd expect something more like:And then the .erb would be more like: