class ssl {
- package { 'openssl':
- ensure => installed
+ package {
+ 'openssl':
+ ensure => installed,
+ ;
+ 'ssl-cert':
+ ensure => installed,
+ ;
+ }
+
+ file { '/etc/ssl/servicecerts':
+ ensure => directory,
+ mode => '0755',
+ purge => true,
+ recurse => true,
+ force => true,
+ source => 'puppet:///modules/ssl/servicecerts/',
+ notify => Exec['make_new_service_links']
}
file { '/etc/ssl/debian':
}
file { '/etc/ssl/debian/keys':
ensure => directory,
+ group => ssl-cert,
mode => '0750',
+ require => Package['ssl-cert'],
}
file { '/etc/ssl/debian/certs/thishost.crt':
source => "puppet:///modules/ssl/clientcerts/${::fqdn}.client.crt",
}
file { '/etc/ssl/debian/keys/thishost.key':
source => "puppet:///modules/ssl/clientcerts/${::fqdn}.key",
- mode => '0440'
+ mode => '0440',
+ group => ssl-cert,
+ require => Package['ssl-cert'],
}
file { '/etc/ssl/debian/certs/ca.crt':
source => 'puppet:///modules/ssl/clientcerts/ca.crt',
}
file { '/etc/ssl/debian/keys/thishost-server.key':
source => "puppet:///modules/exim/certs/${::fqdn}.key",
- group => ssl-cert,
mode => '0440',
+ group => ssl-cert,
+ require => Package['ssl-cert'],
+ }
+
+ exec { 'make_new_service_links':
+ command => 'cp -f --symbolic-link /etc/ssl/servicecerts/* /etc/ssl/certs',
+ refreshonly => true,
+ notify => Exec['cleanup_dead_links']
+ }
+
+ exec { 'cleanup_dead_links':
+ command => 'find -L /etc/ssl/certs -mindepth 1 -maxdepth 1 -type l -delete',
+ refreshonly => true,
+ notify => Exec['c_rehash /etc/ssl/certs']
+ }
+
+ exec { 'c_rehash /etc/ssl/certs':
+ refreshonly => true,
}
exec { 'c_rehash /etc/ssl/debian/certs':