example42
Parameterize apache::ssl
Hi folks,
example42-apache does exactly what we need it do--give us a barebones, RHEL-default Apache installation. We now need to tweak our SSL parameters. While we could use a separate Puppet module, keeping it all in the family, as it were, is more appealing.
In particular, my organization needs parameters to set:
- SSLProtocol
- SSLCipherSuite
- SSLCertificateFile
- SSLCertificateKeyFile
- SSLCertificateChainFile
- SSLHonorCipherSuite
Obviously, there's so many Apache config parameters out there, but these would be a good place to start. Is this something you'd be willing to include, either in apache::ssl or apache::vhost ? I've forked the repository, and am currently working on a patch for this limited set of parameters.
Looking at pull request #76 , looks like there's an option for an ssl_template, so we may be able to solve this with that patch, along with an $ssl_options parameter that's similar to the $options parameter from init.pp. However, there's an SSLOptions parameter in mod_ssl, which would make $ssl_options somewhat ambiguous. Given that the main class uses $options for its Apache parameters, I'm going to continue with the same interface for apache::ssl and create an $ssl_options hash.
Or would it be preferable to use the main $apache::params::options for the SSL parameters as well?
Do you need to tweak the SSL related directives in vhosts fles on in ssl.conf? In the first case I'd add to apache::vhost a pameter for a generic options hash whose key values a be used in custom templates, in the second case I'd add parametesr to manage the template and options for custom versions of ssl.conf
