Fix setting ssl when key_file is defined
This patch fixes logic around ssl cert generation to skip it
when key_file is defined.
Related-Prod: PROD-17052
Change-Id: Ib61908d462be1ab47f9de91d377cc435ecd47134
diff --git a/apache/server/site.sls b/apache/server/site.sls
index 04fe0b1..4b40191 100644
--- a/apache/server/site.sls
+++ b/apache/server/site.sls
@@ -44,6 +44,7 @@
{%- endfor %}
{%- if site.get('ssl', {'enabled': False}).enabled and site.host.name not in ssl_certificates.keys() %}
+ {%- if 'key_file' not in site.get('ssl') %}
{%- set _dummy = ssl_certificates.update({site.host.name: []}) %}
/etc/ssl/certs/{{ site.host.name }}.crt:
@@ -76,6 +77,16 @@
- require:
- pkg: apache_packages
+ {%- else %}
+ {%- set certs_files = [ site.ssl.key_file, site.ssl.cert_file] %}
+ {%- if site.ssl.chain_file is defined %}
+ {%- do certs_files.append(site.ssl.chain_file) %}
+ {%- endif %}
+{{ site.name }}_certs_files_exist:
+ file.exists:
+ - names: {{ certs_files }}
+ {%- endif %}
+
{%- endif %}
{%- if grains.os_family == "Debian" %}