Puppet Class: puppet::config::webserver

Inherits:
puppet::params
Defined in:
manifests/config/webserver.pp

Summary

webserver.conf file

Overview

The webserver.conf file configures the Puppet Server webserver service

Examples:

include puppet::config::webserver

Parameters:

  • client_auth (Enum['need', 'want', 'none']) (defaults to: 'want')

    This determines the mode that the server uses to validate the client’s certificate for incoming SSL connections. One of the following values may be specified:

    need - The server will request the client's certificate and the
  certificate must be provided and be valid. The certificate must have
  been issued by a Certificate Authority whose certificate resides in the
  truststore.
want - The server will request the client's certificate. A certificate,
  if provided by the client, must have been issued by a Certificate
  Authority whose certificate resides in the truststore. If the client
  does not provide a certificate, the server will still consider the
  client valid.
none - The server will not request a certificate from the client and will
  consider the client valid.
  • ssl_cert (Stdlib::Absolutepath) (defaults to: $puppet::params::hostcert)

    The value of puppet server –configprint hostcert. Equivalent to the ‘SSLCertificateFile’ Apache config setting.

  • ssl_key (Stdlib::Absolutepath) (defaults to: $puppet::params::hostprivkey)

    The value of puppet server –configprint hostprivkey. Equivalent to the ‘SSLCertificateKeyFile’ Apache config setting.

  • ssl_ca_cert (Stdlib::Absolutepath) (defaults to: $puppet::params::localcacert)

    The value of puppet server –configprint localcacert. Equivalent to the ‘SSLCACertificateFile’ Apache config setting.

  • ssl_cert_chain (Stdlib::Absolutepath) (defaults to: $puppet::params::localcacert)

    Equivalent to the ‘SSLCertificateChainFile’ Apache config setting.

  • ssl_crl_path (Stdlib::Absolutepath) (defaults to: $puppet::params::hostcrl)

    The path to the CRL file to use.



38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
 
# File 'manifests/config/webserver.pp', line 38

class puppet::config::webserver (
  Enum['need', 'want', 'none'] $client_auth = 'want',
  Stdlib::Absolutepath $ssl_cert = $puppet::params::hostcert,
  Stdlib::Absolutepath $ssl_key = $puppet::params::hostprivkey,
  Stdlib::Absolutepath $ssl_ca_cert = $puppet::params::localcacert,
  Stdlib::Absolutepath $ssl_cert_chain = $puppet::params::localcacert,
  Stdlib::Absolutepath $ssl_crl_path = $puppet::params::hostcrl,
) inherits puppet::params {
  # https://www.puppet.com/docs/puppet/7/server/config_file_webserver.html
  # https://github.com/puppetlabs/trapperkeeper-webserver-jetty9/blob/main/doc/jetty-config.md
  file { '/etc/puppetlabs/puppetserver/conf.d/webserver.conf':
    ensure  => file,
    content => template('puppet/webserver.conf.erb'),
  }
}