From 53c921fcea04facf874254f940d850d3e62d60f1 Mon Sep 17 00:00:00 2001 From: Stephen Gran Date: Sat, 19 Jun 2010 22:06:18 +0000 Subject: [PATCH] add ssl module for clientcerts Signed-off-by: Stephen Gran --- modules/ssl/manifests/init.pp | 60 +++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) create mode 100644 modules/ssl/manifests/init.pp diff --git a/modules/ssl/manifests/init.pp b/modules/ssl/manifests/init.pp new file mode 100644 index 00000000..20a00307 --- /dev/null +++ b/modules/ssl/manifests/init.pp @@ -0,0 +1,60 @@ +class ssl { + package { openssl: ensure => installed } + + file { + "/etc/ssl/debian": + ensure => directory, + mode => 755, + purge => true + recurse => true, + force => true, + source => "puppet:///files/empty/" + ; + "/etc/ssl/debian/certs": + ensure => directory, + mode => 755, + purge => true, + force => true, + recurse => true, + source => "puppet:///files/empty/" + ; + "/etc/ssl/debian/crls": + ensure => directory, + mode => 755, + purge => true, + force => true, + recurse => true, + source => "puppet:///files/empty/" + ; + "/etc/ssl/debian/keys": + ensure => directory, + mode => 750, + purge => true + force => true, + recurse => true, + source => "puppet:///files/empty/" + ; + "/etc/ssl/debian/certs/thishost.crt": + source => "puppet:///ssl/clientcerts/$fqdn.crt", + notify => Exec["c_rehash /etc/ssl/debian/certs"], + ; + "/etc/ssl/debian/keys/thishost.key": + source => "puppet:///ssl/clientcerts/$fqdn.key", + mode => 640 + ; + "/etc/ssl/debian/certs/ca.crt": + source => "puppet:///exim/certs/ca.crt", + notify => Exec["c_rehash /etc/ssl/debian/certs"], + ; + "/etc/ssl/debian/crls/ca.crl": + source => "puppet:///exim/certs/ca.crl", + ; + } + + exec { "c_rehash /etc/ssl/debian/certs": + refreshonly => true, + } +} +# vim:set et: +# vim:set sts=4 ts=4: +# vim:set shiftwidth=4: -- 2.39.2