From: Stephen Gran Date: Sat, 19 Jun 2010 22:06:18 +0000 (+0000) Subject: add ssl module for clientcerts X-Git-Url: https://git.donarmstrong.com/?p=dsa-puppet.git;a=commitdiff_plain;h=53c921fcea04facf874254f940d850d3e62d60f1 add ssl module for clientcerts Signed-off-by: Stephen Gran --- diff --git a/modules/ssl/manifests/init.pp b/modules/ssl/manifests/init.pp new file mode 100644 index 00000000..20a00307 --- /dev/null +++ b/modules/ssl/manifests/init.pp @@ -0,0 +1,60 @@ +class ssl { + package { openssl: ensure => installed } + + file { + "/etc/ssl/debian": + ensure => directory, + mode => 755, + purge => true + recurse => true, + force => true, + source => "puppet:///files/empty/" + ; + "/etc/ssl/debian/certs": + ensure => directory, + mode => 755, + purge => true, + force => true, + recurse => true, + source => "puppet:///files/empty/" + ; + "/etc/ssl/debian/crls": + ensure => directory, + mode => 755, + purge => true, + force => true, + recurse => true, + source => "puppet:///files/empty/" + ; + "/etc/ssl/debian/keys": + ensure => directory, + mode => 750, + purge => true + force => true, + recurse => true, + source => "puppet:///files/empty/" + ; + "/etc/ssl/debian/certs/thishost.crt": + source => "puppet:///ssl/clientcerts/$fqdn.crt", + notify => Exec["c_rehash /etc/ssl/debian/certs"], + ; + "/etc/ssl/debian/keys/thishost.key": + source => "puppet:///ssl/clientcerts/$fqdn.key", + mode => 640 + ; + "/etc/ssl/debian/certs/ca.crt": + source => "puppet:///exim/certs/ca.crt", + notify => Exec["c_rehash /etc/ssl/debian/certs"], + ; + "/etc/ssl/debian/crls/ca.crl": + source => "puppet:///exim/certs/ca.crl", + ; + } + + exec { "c_rehash /etc/ssl/debian/certs": + refreshonly => true, + } +} +# vim:set et: +# vim:set sts=4 ts=4: +# vim:set shiftwidth=4: