diff --git a/manifests/hitch.pp b/manifests/hitch.pp index 3a22affc..c77dd7ae 100644 --- a/manifests/hitch.pp +++ b/manifests/hitch.pp @@ -1,27 +1,38 @@ # Support for hitch TLS termination proxy class profile::hitch { $frontend = hiera('hitch::frontend') $proxy_support = hiera('hitch::proxy_support') + $ocsp_dir = '/var/lib/hitch' + if $proxy_support { $varnish_proxy_port = hiera('varnish::proxy_port') $backend = "[::1]:${varnish_proxy_port}" $write_proxy_v2 = 'on' } else { $apache_http_port = hiera('apache::http_port') $backend = "[::1]:${apache_http_port}" $write_proxy_v2 = 'off' } class {'::hitch': frontend => $frontend, backend => $backend, write_proxy_v2 => $write_proxy_v2, + require => File[$ocsp_dir], + } + + file {$ocsp_dir: + ensure => directory, + mode => '0700', + owner => $::hitch::user, + group => $::hitch::group, + notify => Service[$::hitch::service_name], } # Provide virtual resources for each possible hitch TLS certificate # Users can realize the resource using # realize(::Profile::Hitch::Ssl_Cert[$cert_name]) $ssl_certs = keys(hiera('ssl')) @::profile::hitch::ssl_cert {$ssl_certs:} }