Merge branch 'master' of git+ssh://puppet.debian.org/srv/puppet.debian.org/git/dsa...

author Martin Zobel-Helas <zobel@debian.org>

Sun, 20 Jun 2010 09:16:01 +0000 (11:16 +0200)

committer Martin Zobel-Helas <zobel@debian.org>

Sun, 20 Jun 2010 09:16:01 +0000 (11:16 +0200)
author Martin Zobel-Helas <zobel@debian.org>
Sun, 20 Jun 2010 09:16:01 +0000 (11:16 +0200)
committer Martin Zobel-Helas <zobel@debian.org>
Sun, 20 Jun 2010 09:16:01 +0000 (11:16 +0200)
diff --git a/.gitignore b/.gitignore

index dcb5fa66eb5081566b5351ff83eed3a2f8fad09e..94994447e3b7577d5a1b0735e143cabe86e06287 100644 (file)
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,4 @@
  puppet.conf
  modules/nagios/files/dsa-nagios
  modules/exim/files/certs/
+modules/ssl/files/
diff --git a/manifests/site.pp b/manifests/site.pp

index 896f6baff3efd308208d4b673963a445302277c2..4ad02242ac9acfd6afb3d2a89c456022d66be703 100644 (file)
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -29,6 +29,7 @@ node default {
      include monit
      include apt-keys
      include ntp
+    include ssl
  
      include motd
  
diff --git a/modules/samhain/templates/samhainrc.erb b/modules/samhain/templates/samhainrc.erb

index 40e1c9e52230d55b0acc365ccde4b9dd57629f32..89c341f92a1e18252a1e3a0c5c298e66ad52600c 100644 (file)
--- a/modules/samhain/templates/samhainrc.erb
+++ b/modules/samhain/templates/samhainrc.erb
@@ -392,6 +392,7 @@ dir=1/etc/ferm/dsa.d
  file=/etc/ferm/conf.d/me.conf
  file=/etc/ferm/conf.d/defs.conf
  file=/etc/ferm/ferm.conf
+dir=2/etc/ssl/debian
  
  [IgnoreNone]
  ##
diff --git a/modules/ssl/manifests/init.pp b/modules/ssl/manifests/init.pp

new file mode 100644 (file)

index 0000000..81bdb89
--- /dev/null
+++ b/modules/ssl/manifests/init.pp
@@ -0,0 +1,57 @@
+class ssl {
+    package { openssl: ensure => installed }
+
+    file {
+        "/etc/ssl/debian":
+          ensure  => directory,
+          mode    => 755,
+          purge   => true,
+          recurse => true,
+          force   => true,
+          source  => "puppet:///files/empty/"
+        ;
+        "/etc/ssl/debian/certs":
+          ensure  => directory,
+          mode    => 755,
+          source  => "puppet:///files/empty/"
+        ;
+        "/etc/ssl/debian/crls":
+          ensure  => directory,
+          mode    => 755,
+          purge   => true,
+          force   => true,
+          recurse => true,
+          source  => "puppet:///files/empty/"
+        ;
+        "/etc/ssl/debian/keys":
+          ensure  => directory,
+          mode    => 750,
+          purge   => true,
+          force   => true,
+          recurse => true,
+          source  => "puppet:///files/empty/"
+        ;
+        "/etc/ssl/debian/certs/thishost.crt":
+          source  => "puppet:///ssl/clientcerts/$fqdn.client.crt",
+          notify  => Exec["c_rehash /etc/ssl/debian/certs"],
+          ;
+        "/etc/ssl/debian/keys/thishost.key":
+          source  => "puppet:///ssl/clientcerts/$fqdn.key",
+          mode    => 640
+          ;
+        "/etc/ssl/debian/certs/ca.crt":
+          source  => "puppet:///ssl/clientcerts/ca.crt",
+          notify  => Exec["c_rehash /etc/ssl/debian/certs"],
+          ;
+        "/etc/ssl/debian/crls/ca.crl":
+          source  => "puppet:///ssl/clientcerts/ca.crl",
+          ;
+    }
+
+    exec { "c_rehash /etc/ssl/debian/certs":
+        refreshonly => true,
+    }
+}
+# vim:set et:
+# vim:set sts=4 ts=4:
+# vim:set shiftwidth=4:
author	Martin Zobel-Helas <zobel@debian.org>
	Sun, 20 Jun 2010 09:16:01 +0000 (11:16 +0200)
committer	Martin Zobel-Helas <zobel@debian.org>
	Sun, 20 Jun 2010 09:16:01 +0000 (11:16 +0200)
.gitignore		patch \| blob \| history
manifests/site.pp		patch \| blob \| history
modules/samhain/templates/samhainrc.erb		patch \| blob \| history
modules/ssl/manifests/init.pp	[new file with mode: 0644]	patch \| blob