diff options
| author | Hugo Hörnquist <hugo@lysator.liu.se> | 2023-06-20 02:01:46 +0200 |
|---|---|---|
| committer | Hugo Hörnquist <hugo@lysator.liu.se> | 2023-06-20 02:01:46 +0200 |
| commit | 5a4ed134fea123837772ba5d1911716f198bc6f6 (patch) | |
| tree | 8b376e1ba6772dd90bcccfd552e81000ad778ec6 /manifests/web.pp | |
| parent | fixes (diff) | |
| download | concourse-5a4ed134fea123837772ba5d1911716f198bc6f6.tar.gz concourse-5a4ed134fea123837772ba5d1911716f198bc6f6.tar.xz | |
fixes
Diffstat (limited to 'manifests/web.pp')
| -rw-r--r-- | manifests/web.pp | 19 |
1 files changed, 9 insertions, 10 deletions
diff --git a/manifests/web.pp b/manifests/web.pp index e61ff12..fce84cc 100644 --- a/manifests/web.pp +++ b/manifests/web.pp @@ -75,7 +75,7 @@ class concourse::web ( Variant[String, Sensitive[String]] $tsa_private_key = $concourse::configured_clusters[$cluster]['tsa_private_key'], Array[String] $worker_public_keys = [], - String $key_dir = '/usr/lib/concourse', + String $key_dir = $concourse::key_dir, String $session_signing_key_file = "${key_dir}/session_signing_key", String $tsa_host_key_file = "${key_dir}/tsa_host_key", String $tsa_authorized_keys_file = "${key_dir}/authorized_worker_keys", @@ -147,6 +147,7 @@ class concourse::web ( file { $key_dir: ensure => if $ensure == 'present' { 'directory' } else { 'absent' }, + # TODO this also chmod's all children... mode => '0700', recurse => true, force => true, @@ -165,7 +166,7 @@ class concourse::web ( ; } - concat { "authorized_workers_key - ${cluster}": + concat { "authorized_worker_key - ${cluster}": path => $tsa_authorized_keys_file, warn => '# File managed by puppet, local changes WILL be overwritten', ensure_newline => true, @@ -188,13 +189,11 @@ class concourse::web ( enable => true, } - notify { $peer_address: - } - # Exported resource - # @@nginx::resource::upstream::member { $trusted['certname']: - # ensure => $ensure, - # upstream => $cluster, - # server => "${peer_address}:8080", - # } + @@nginx::resource::upstream::member { $trusted['certname']: + ensure => $ensure, + upstream => $cluster, + server => $peer_address, + port => 8080, + } } |