Revision 3145de9d
Added by Alexis Mousset almost 7 years ago
techniques/system/distributePolicy/1.0/apache-acl.st | ||
---|---|---|
{
|
||
|
||
vars:
|
||
"destination" string => "/opt/rudder/etc";
|
||
"destination" string => "/opt/rudder/etc/ssl";
|
||
"ssl_ca_file" string => "ca.cert";
|
||
"ssl_ca_size" string => filestat("${this.promise_dirname}/${ssl_ca_file}", "size");
|
||
|
||
pass1::
|
||
"src_ca_file" string => "${this.promise_dirname}/${ssl_ca_file}",
|
||
ifvarclass => "!empty_ssl_ca";
|
||
"src_ca_file" string => "${destination}/rudder.crt",
|
||
ifvarclass => "empty_ssl_ca";
|
||
|
||
redhat::
|
||
"apache_service" string => "httpd";
|
||
... | ... | |
!redhat::
|
||
"apache_service" string => "apache2";
|
||
|
||
files:
|
||
classes:
|
||
"empty_ssl_ca" expression => strcmp("${ssl_ca_size}", "0");
|
||
|
||
"${destination}/ssl/${ssl_ca_file}"
|
||
"pass3" expression => "pass2";
|
||
"pass2" expression => "pass1";
|
||
"pass1" expression => "any";
|
||
|
||
files:
|
||
pass2::
|
||
"${destination}/${ssl_ca_file}"
|
||
create => "true",
|
||
perms => mog("600", "root", "0"),
|
||
copy_from => local_cp("${this.promise_dirname}/${ssl_ca_file}"),
|
||
copy_from => ncf_local_cp_method("${src_ca_file}", "digest"),
|
||
classes => rudder_common_classes("rudder_apache_acl"),
|
||
comment => "Writing rudder apache ACL";
|
||
|
Also available in: Unified diff
Fixes #11114: ca.cert file is empty, prevent apache2 to start