Merge pull request #5 from treydock/ssl

Fix Apache SSL management

data/os/Debian.yaml

@@ -1,4 +1,6 @@
 ---
 perfsonar::apache_group: www-data
-perfsonar::apache_ssl_conf: /etc/apache2/mods-available/ssl.conf
+perfsonar::ssl_cert: /etc/ssl/certs/ssl-cert-snakeoil.pem
+perfsonar::ssl_key: /etc/ssl/private/ssl-cert-snakeoil.key
+perfsonar::apache_ssl_conf: /etc/apache2/sites-available/default-ssl.conf
 perfsonar::apache_service: apache2

data/os/RedHat.yaml

@@ -1,4 +1,6 @@
 ---
 perfsonar::apache_group: apache
+perfsonar::ssl_cert: /etc/pki/tls/certs/localhost.crt
+perfsonar::ssl_key: /etc/pki/tls/private/localhost.key
 perfsonar::apache_ssl_conf: /etc/httpd/conf.d/ssl.conf
 perfsonar::apache_service: httpd

manifests/config.pp

@@ -23,14 +23,19 @@
   }
 
   if $::perfsonar::manage_apache {
+    if $facts['os']['family'] == 'Debian' {
+      $ssl_change_prefix = 'IfModule/VirtualHost'
+    } else {
+      $ssl_change_prefix = 'VirtualHost'
+    }
     if $::perfsonar::ssl_chain_file {
-      $ssl_chain_file_change = "set /*[self::directive = 'SSLCertificateChainFile']/arg ${::perfsonar::ssl_chain_file}"
+      $ssl_chain_file_change = "set ${ssl_change_prefix}/*[self::directive = 'SSLCertificateChainFile']/arg ${::perfsonar::ssl_chain_file}"
     } else {
-      $ssl_chain_file_change = 'rm /*[self::directive = "SSLCertificateChainFile"]'
+      $ssl_chain_file_change = "rm ${ssl_change_prefix}/*[self::directive = 'SSLCertificateChainFile']"
     }
     $ssl_changes = [
-      "set /*[self::directive = 'SSLCertificateFile']/arg ${::perfsonar::ssl_cert}",
-      "set /*[self::directive = 'SSLCertificateKeyFile']/arg ${::perfsonar::ssl_key}",
+      "set ${ssl_change_prefix}/*[self::directive = 'SSLCertificateFile']/arg ${::perfsonar::ssl_cert}",
+      "set ${ssl_change_prefix}/*[self::directive = 'SSLCertificateKeyFile']/arg ${::perfsonar::ssl_key}",
       $ssl_chain_file_change,
     ]