-define ssl::service($ensure = present, $tlsaport = 443) {
+define ssl::service($ensure = present, $tlsaport = 443, $notify = []) {
$link_target = $ensure ? {
present => link,
absent => absent,
default => fail ( "Unknown ensure value: '$ensure'" ),
}
- file { "/etc/munin/plugins/${name}":
- ensure => $link_target,
- target => "/usr/share/munin/plugins/${link}",
- require => Package['munin-node'],
- notify => Service['munin-node'],
- }
-
file { "/etc/ssl/debian/certs/$name.crt":
source => "puppet:///modules/ssl/servicecerts/${name}.crt",
- notify => Exec['c_rehash /etc/ssl/debian/certs'],
+ notify => [ Exec['refresh_debian_hashes'], $notify ],
+ }
+ file { "/etc/ssl/debian/certs/$name.crt-chain":
+ source => [ "puppet:///modules/ssl/chains/${name}.crt", "puppet:///modules/ssl/servicecerts/${name}.crt" ],
+ notify => [ Exec['refresh_debian_hashes'], $notify ],
+ links => follow,
}
if $tlsaport > 0 {
- dnsextras::tlsa_record{ "tlsa-${tlsaport}":
- zone => 'debian.org',
+ dnsextras::tlsa_record{ "tlsa-${name}-${tlsaport}":
+ zone => 'debian.org',
certfile => "/etc/puppet/modules/ssl/files/servicecerts/${name}.crt",
- port => $tlsaport,
+ port => $tlsaport,
hostname => "$name",
}
}
projects / dsa-puppet.git / blobdiff