;
}
- file { '/etc/ssl/debian':
+ file { '/etc/ssl/servicecerts':
ensure => directory,
mode => '0755',
purge => true,
recurse => true,
force => true,
- source => 'puppet:///files/empty/'
+ source => 'puppet:///modules/ssl/servicecerts/',
+ notify => Exec['make_new_service_links']
}
- file { '/etc/ssl/certs':
+
+ file { '/etc/ssl/debian':
ensure => directory,
- source => 'puppet:///modules/ssl/servicecerts/',
- recurse => true,
mode => '0755',
- ignore => '*[^c][^r][^t]',
- notify => Exec['c_rehash /etc/ssl/certs'],
+ purge => true,
+ recurse => true,
+ force => true,
+ source => 'puppet:///files/empty/'
}
file { '/etc/ssl/debian/certs':
ensure => directory,
require => Package['ssl-cert'],
}
- exec { 'c_rehash /etc/ssl/debian/certs':
+ exec { 'make_new_service_links':
+ command => 'cp --symbolic-link /etc/ssl/servicecerts/* /etc/ssl/certs',
+ refreshonly => true,
+ notify => Exec['cleanup_dead_links']
+ }
+
+ exec { 'cleanup_dead_links':
+ command => 'find /etc/ssl/certs -mindepth 1 -maxdepth 1 -L -type l -delete',
refreshonly => true,
+ notify => Exec['c_rehash /etc/ssl/certs']
}
+
exec { 'c_rehash /etc/ssl/certs':
refreshonly => true,
}
+
+ exec { 'c_rehash /etc/ssl/debian/certs':
+ refreshonly => true,
+ }
}