modules/ssl/manifests/init.pp

   1 class ssl {
   2
   3         package {
   4                 'openssl':
   5                         ensure => installed,
   6                         ;
   7                 'ssl-cert':
   8                         ensure => installed,
   9                         ;
  10         }
  11
  12         file { '/etc/ssl/servicecerts':
  13                 ensure  => directory,
  14                 mode    => '0755',
  15                 purge   => true,
  16                 recurse => true,
  17                 force   => true,
  18                 source  => 'puppet:///modules/ssl/servicecerts/',
  19                 notify  => Exec['make_new_service_links']
  20         }
  21
  22         file { '/etc/ssl/debian':
  23                 ensure  => directory,
  24                 mode    => '0755',
  25                 purge   => true,
  26                 recurse => true,
  27                 force   => true,
  28                 source  => 'puppet:///files/empty/'
  29         }
  30         file { '/etc/ssl/debian/certs':
  31                 ensure => directory,
  32                 mode   => '0755',
  33         }
  34         file { '/etc/ssl/debian/crls':
  35                 ensure => directory,
  36                 mode   => '0755',
  37         }
  38         file { '/etc/ssl/debian/keys':
  39                 ensure => directory,
  40                 group  => ssl-cert,
  41                 mode   => '0750',
  42                 require => Package['ssl-cert'],
  43         }
  44         file { '/etc/ssl/debian/certs/thishost.crt':
  45                 source => "puppet:///modules/ssl/clientcerts/${::fqdn}.client.crt",
  46                 notify => Exec['c_rehash /etc/ssl/debian/certs'],
  47         }
  48         file { '/etc/ssl/debian/keys/thishost.key':
  49                 source => "puppet:///modules/ssl/clientcerts/${::fqdn}.key",
  50                 mode   => '0440',
  51                 group   => ssl-cert,
  52                 require => Package['ssl-cert'],
  53         }
  54         file { '/etc/ssl/debian/certs/ca.crt':
  55                 source => 'puppet:///modules/ssl/clientcerts/ca.crt',
  56                 notify => Exec['c_rehash /etc/ssl/debian/certs'],
  57         }
  58         file { '/etc/ssl/debian/crls/ca.crl':
  59                 source  => 'puppet:///modules/ssl/clientcerts/ca.crl',
  60         }
  61
  62         file { '/etc/ssl/debian/certs/thishost-server.crt':
  63                 source  => "puppet:///modules/exim/certs/${::fqdn}.crt",
  64                 notify => Exec['c_rehash /etc/ssl/debian/certs'],
  65         }
  66         file { '/etc/ssl/debian/keys/thishost-server.key':
  67                 source  => "puppet:///modules/exim/certs/${::fqdn}.key",
  68                 mode    => '0440',
  69                 group   => ssl-cert,
  70                 require => Package['ssl-cert'],
  71         }
  72
  73         exec { 'make_new_service_links':
  74                 command     => 'cp -f --symbolic-link ../servicecerts/* .',
  75                 cwd         => '/etc/ssl/certs',
  76                 refreshonly => true,
  77                 notify      => Exec['cleanup_dead_links']
  78         }
  79
  80         exec { 'cleanup_dead_links':
  81                 command     => 'find -L /etc/ssl/certs -mindepth 1 -maxdepth 1 -type l -delete',
  82                 refreshonly => true,
  83                 notify      => Exec['c_rehash /etc/ssl/certs']
  84         }
  85
  86         exec { 'c_rehash /etc/ssl/certs':
  87                 refreshonly => true,
  88         }
  89
  90         exec { 'c_rehash /etc/ssl/debian/certs':
  91                 refreshonly => true,
  92         }
  93 }