re-ordering

manifests/certbot/config.pp

@@ -25,62 +25,70 @@ class cd_nagios::certbot::config (
 ) inherits cd_nagios::params {
 
   if $::fqdn == $ng_nagios_server {
-    if $ng_enable_certbot == true {
+    if $ng_use_https == true {
+      if $ng_enable_certbot == true {
 
-      require cd_certbot
+        require cd_certbot
 
-      # ensure there is no forward vhost file
+        # ensure there is no forward vhost file
 
-      exec { 'remove forward vhost':
+        exec { 'remove_forward_vhost':
-        command   =>  "rm -Rf ${ng_forward_conf}",
+          command   =>  "rm -Rf ${ng_forward_conf}",
-        creates   =>  '/etc/httpd/conf.d/.cert_created',
+          creates   =>  '/etc/httpd/conf.d/.cert_created',
+        }
+
+        # create temp vhost file
+
+        exec { 'create_temp_vhost':
+          command   =>  template('cd_nagios/certbot/create_tempfile.erb'),
+          cwd       =>  '/tmp',
+          path      =>  ['/bin','/usr/bin'],
+          provider  =>  'shell',
+          creates   =>  '/etc/httpd/conf.d/.created',
+          notify    =>  Service['httpd'],
+          require   =>  Exec['remove_forward_vhost'],
+        }
+
+        # create cert
+
+        exec { 'create_cert':
+          command   =>  template($ng_get_cert_erb),
+          cwd       =>  '/tmp',
+          path      =>  ['/bin','/usr/bin'],
+          provider  =>  'shell',
+          unless    =>  template('cd_nagios/certbot/unless_get_cert.erb'),
+          notify    =>  Service['httpd'],
+          creates   =>  '/etc/httpd/conf.d/.cert_created',
+          require   =>  Exec['create_temp_vhost'],
+        }
+
+        # remove temp_vhost
+
+        exec { 'remove_temp_vhost':
+          command   =>  "rm -Rf ${ng_certbot_temp_file}",
+          cwd       =>  '/tmp',
+          path      =>  ['/bin','/usr/bin'],
+          provider  =>  'shell',
+          notify    =>  Service['httpd'],
+          require   =>  Exec['create_cert'],
+          creates   =>  "/etc/letsencrypt/live/${ng_nagios_server}/cert.pem",
+        }
+
+        # renew certs
+
+        exec {  'renew_cert':
+          command   =>  'certbot renew',
+          cwd       =>  '/tmp',
+          path      =>  ['/bin','/usr/bin','/opt/'],
+          provider  =>  'shell',
+          notify    =>  Service['httpd'],
+          unless    =>  template($ng_unless_renew_erb),
+        }
       }
+    }
 
-      # create temp vhost file
+    else {
-
+      # do nothing as we are not using https and certbot is not required then
-      exec { 'create_temp_vhost':
-        command   =>  template('cd_nagios/certbot/create_tempfile.erb'),
-        cwd       =>  '/tmp',
-        path      =>  ['/bin','/usr/bin'],
-        provider  =>  'shell',
-        creates   =>  '/etc/httpd/conf.d/.created',
-        notify    =>  Service['httpd'],
-      }
-
-      # create cert
-
-      exec { 'create_cert':
-        command   =>  template($ng_get_cert_erb),
-        cwd       =>  '/tmp',
-        path      =>  ['/bin','/usr/bin'],
-        provider  =>  'shell',
-        unless    =>  template('cd_nagios/certbot/unless_get_cert.erb'),
-        notify    =>  Service['httpd'],
-        creates   =>  '/etc/httpd/conf.d/.cert_created',
-      }
-
-      # remove temp_vhost
-
-      exec { 'remove_temp_vhost':
-        command   =>  "rm -Rf ${ng_certbot_temp_file}",
-        cwd       =>  '/tmp',
-        path      =>  ['/bin','/usr/bin'],
-        provider  =>  'shell',
-        notify    =>  Service['httpd'],
-        require   =>  Exec['create_cert'],
-        creates   =>  "/etc/letsencrypt/live/${ng_nagios_server}/cert.pem",
-      }
-
-      # renew certs
-
-      exec {  'renew_cert':
-        command   =>  'certbot renew',
-        cwd       =>  '/tmp',
-        path      =>  ['/bin','/usr/bin','/opt/'],
-        provider  =>  'shell',
-        notify    =>  Service['httpd'],
-        unless    =>  template($ng_unless_renew_erb),
-      }
     }
   }
 }