modules/ssl/manifests/service.pp

   1 define ssl::service($ensure = present, $tlsaport = 443, $notify = []) {
   2         $link_target = $ensure ? {
   3                 present => link,
   4                 absent  => absent,
   5                 default => fail ( "Unknown ensure value: '$ensure'" ),
   6         }
   7
   8         file { "/etc/ssl/debian/certs/$name.crt":
   9                 source => "puppet:///modules/ssl/servicecerts/${name}.crt",
  10                 notify => [ Exec['c_rehash /etc/ssl/debian/certs'], $notify ],
  11         }
  12         file { "/etc/ssl/debian/certs/$name.crt-chain":
  13                 source => [ "puppet:///modules/ssl/servicecerts/${name}.crt-chain",  "puppet:///modules/ssl/empty" ],
  14                 notify => [ Exec['c_rehash /etc/ssl/debian/certs'], $notify ],
  15         }
  16
  17         if $tlsaport > 0 {
  18                 dnsextras::tlsa_record{ "tlsa-${tlsaport}":
  19                         zone => 'debian.org',
  20                         certfile => "/etc/puppet/modules/ssl/files/servicecerts/${name}.crt",
  21                         port => $tlsaport,
  22                         hostname => "$name",
  23                 }
  24         }
  25 }