Produce a -chained file for our certs

author Peter Palfrader <peter@palfrader.org>

Fri, 28 Feb 2014 18:10:37 +0000 (18:10 +0000)

committer Peter Palfrader <peter@palfrader.org>

Fri, 28 Feb 2014 18:10:37 +0000 (18:10 +0000)
author Peter Palfrader <peter@palfrader.org>
Fri, 28 Feb 2014 18:10:37 +0000 (18:10 +0000)
committer Peter Palfrader <peter@palfrader.org>
Fri, 28 Feb 2014 18:10:37 +0000 (18:10 +0000)
diff --git a/modules/ssl/manifests/service.pp b/modules/ssl/manifests/service.pp

index f0400525dd76313b9145e5911dacd9be03e0e67c..5c2509af1e82cfac6ed384916f69fa8210b3be3b 100644 (file)
--- a/modules/ssl/manifests/service.pp
+++ b/modules/ssl/manifests/service.pp
@@ -14,6 +14,10 @@ define ssl::service($ensure = present, $tlsaport = 443, $notify = []) {
                 notify => [ Exec['refresh_debian_hashes'], $notify ],
                 links  => follow,
         }
+       file { "/etc/ssl/debian/certs/$name.crt-chained":
+               content => template('ssl/chained.erb'),
+               notify => [ Exec['refresh_debian_hashes'], $notify ],
+       }
  
         if $tlsaport > 0 {
                 dnsextras::tlsa_record{ "tlsa-${name}-${tlsaport}":
diff --git a/modules/ssl/templates/chained.erb b/modules/ssl/templates/chained.erb

new file mode 100644 (file)

index 0000000..1ae6581
--- /dev/null
+++ b/modules/ssl/templates/chained.erb
@@ -0,0 +1,7 @@
+<%=
+    File.read("/etc/puppet/modules/ssl/files/servicecerts/#{name}.crt")
+%>
+<%=
+    fn = "/etc/puppet/modules/ssl/files/chains/#{name}.crt"
+    File.exist?(fn) ? File.read(fn) : ''
+%>
author	Peter Palfrader <peter@palfrader.org>
	Fri, 28 Feb 2014 18:10:37 +0000 (18:10 +0000)
committer	Peter Palfrader <peter@palfrader.org>
	Fri, 28 Feb 2014 18:10:37 +0000 (18:10 +0000)
modules/ssl/manifests/service.pp		patch \| blob \| history
modules/ssl/templates/chained.erb	[new file with mode: 0644]	patch \| blob