projects
/
mirror
/
dsa-puppet.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Move tlsa setup from mail_incoming_port to mta role
[mirror/dsa-puppet.git]
/
modules
/
ssl
/
manifests
/
init.pp
diff --git
a/modules/ssl/manifests/init.pp
b/modules/ssl/manifests/init.pp
index
744cb46
..
2474f20
100644
(file)
--- a/
modules/ssl/manifests/init.pp
+++ b/
modules/ssl/manifests/init.pp
@@
-1,6
+1,6
@@
-class ssl
{
- $caconf = '/etc/ca-certificates.conf'
-
+class ssl
(
+ Boolean $insecure_ssl = false
+) {
package { 'openssl':
ensure => installed,
}
package { 'openssl':
ensure => installed,
}
@@
-11,7
+11,7
@@
class ssl {
ensure => installed,
}
ensure => installed,
}
- if
has_role('insecure_ssl')
{
+ if
$insecure_ssl
{
$extra_ssl_certs_flags = ' --default'
$ssl_certs_config = 'puppet:///modules/ssl/ca-certificates-global.conf'
} else {
$extra_ssl_certs_flags = ' --default'
$ssl_certs_config = 'puppet:///modules/ssl/ca-certificates-global.conf'
} else {
@@
-29,7
+29,7
@@
class ssl {
}
file { '/etc/ca-certificates-debian.conf':
mode => '0444',
}
file { '/etc/ca-certificates-debian.conf':
mode => '0444',
- source => 'puppet:///modules/ssl/ca-certificates
-debian
.conf',
+ source => 'puppet:///modules/ssl/ca-certificates.conf',
notify => Exec['refresh_ca_debian_hashes'],
}
file { '/etc/ca-certificates-global.conf':
notify => Exec['refresh_ca_debian_hashes'],
}
file { '/etc/ca-certificates-global.conf':
@@
-37,11
+37,6
@@
class ssl {
notify => Exec['refresh_ca_global_hashes'],
}
notify => Exec['refresh_ca_global_hashes'],
}
- file { '/etc/apt/apt.conf.d/local-ssl-ca-global':
- mode => '0444',
- source => 'puppet:///modules/ssl/local-ssl-ca-global',
- }
-
file { '/etc/ssl/certs/ssl-cert-snakeoil.pem':
ensure => absent,
notify => Exec['refresh_normal_hashes'],
file { '/etc/ssl/certs/ssl-cert-snakeoil.pem':
ensure => absent,
notify => Exec['refresh_normal_hashes'],
@@
-147,6
+142,12
@@
class ssl {
$updatecacerts = $updatecacertsdsa
}
$updatecacerts = $updatecacertsdsa
}
+ file { '/etc/apt/apt.conf.d/local-ssl-ca-global':
+ mode => '0444',
+ content => template('ssl/local-ssl-ca-global.erb'),
+ }
+
+
exec { 'refresh_debian_hashes':
command => 'c_rehash /etc/ssl/debian/certs',
refreshonly => true,
exec { 'refresh_debian_hashes':
command => 'c_rehash /etc/ssl/debian/certs',
refreshonly => true,