Merge pull request #143 from SUNET/kano-multicert

Allow multiple certs
SUNET · Mar 21, 2024 · 5c741ea · 5c741ea
2 parents 9a8d06d + b483149
commit 5c741ea
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 7 deletions.
diff --git a/manifests/frontend/load_balancer/website2.pp b/manifests/frontend/load_balancer/website2.pp
@@ -66,12 +66,24 @@
 
   # copy $tls_certificate_bundle to the instance 'certs' directory to detect when it is updated
   # so the service can be restarted
-  file {
-    "${confdir}/${instance}/certs/tls_certificate_bundle.pem":
-      source => $tls_certificate_bundle,
-      notify => Sunet::Docker_compose["frontend-${instance}"],
-  }
+  $multi_certs = shell_split($tls_certificate_bundle).filter |String $cert| { $cert != 'crt' }
+  if length($multi_certs) > 1 {
+    $multi_certs.each |Integer $index, String $cert| {
+      file { "${confdir}/${instance}/certs/tls_certificate_bundle.${index}.pem":
+          source => $cert,
+          notify => Sunet::Docker_compose["frontend-${instance}"],
+      }
+    }
+    file { "${confdir}/${instance}/certs/tls_certificate_bundle.pem":
+        ensure => absent,
+    }
+  } else {
+    file { "${confdir}/${instance}/certs/tls_certificate_bundle.pem":
+        source => $tls_certificate_bundle,
+        notify => Sunet::Docker_compose["frontend-${instance}"],
+    }
 
+  }
   # 'export' config to one YAML file per instance
   file {
     "${confdir}/${instance}/config.yml":
@@ -83,9 +95,10 @@
       ;
   }
 
+
   # Parameters used in frontend/docker-compose_template.erb
   $dns                    = pick_default($config['dns'], [])
-  $exposed_ports          = pick_default($config['exposed_ports'], ["443"])
+  $exposed_ports          = pick_default($config['exposed_ports'], ['443'])
   $frontendtools_imagetag = pick($config['frontendtools_imagetag'], 'stable')
   $frontendtools_volumes  = pick($config['frontendtools_volumes'], false)
   $haproxy_image          = pick($config['haproxy_image'], 'docker.sunet.se/library/haproxy')

diff --git a/templates/frontend/docker-compose_template.erb b/templates/frontend/docker-compose_template.erb
@@ -16,7 +16,13 @@ services:
       - '/opt/frontend/scripts/haproxy-start.sh:/haproxy-start.sh:ro'
       - 'haproxy_data:/etc/haproxy'
       - 'haproxy_control:/var/run/haproxy-control'
-<% if @tls_certificate_bundle -%>
+<% if @multi_certs.is_a? Array and @multi_certs.size > 1 -%>
+<%- index = 0 -%>
+<% @multi_certs.each do |cert| -%>
+      - /opt/frontend/config/<%= @instance %>/certs/tls_certificate_bundle.<%= index %>.pem:<%= cert %>:ro
+<%- index += 1 -%>
+<% end -%>
+<% elsif @tls_certificate_bundle -%>
       - /opt/frontend/config/<%= @instance %>/certs/tls_certificate_bundle.pem:<%= @tls_certificate_bundle %>:ro
 <% else -%>
       # tls_certificate_bundle not set in Puppet