projects
/
mirror
/
dsa-puppet.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Revert "prepare hpacucli to be run on kernel 3.x"
[mirror/dsa-puppet.git]
/
modules
/
ssl
/
manifests
/
init.pp
diff --git
a/modules/ssl/manifests/init.pp
b/modules/ssl/manifests/init.pp
index
4e52ad3
..
3d37fb8
100644
(file)
--- a/
modules/ssl/manifests/init.pp
+++ b/
modules/ssl/manifests/init.pp
@@
-1,7
+1,12
@@
class ssl {
class ssl {
- package { 'openssl':
- ensure => installed
+ package {
+ 'openssl':
+ ensure => installed,
+ ;
+ 'ssl-cert':
+ ensure => installed,
+ ;
}
file { '/etc/ssl/debian':
}
file { '/etc/ssl/debian':
@@
-22,7
+27,9
@@
class ssl {
}
file { '/etc/ssl/debian/keys':
ensure => directory,
}
file { '/etc/ssl/debian/keys':
ensure => directory,
+ group => ssl-cert,
mode => '0750',
mode => '0750',
+ require => Package['ssl-cert'],
}
file { '/etc/ssl/debian/certs/thishost.crt':
source => "puppet:///modules/ssl/clientcerts/${::fqdn}.client.crt",
}
file { '/etc/ssl/debian/certs/thishost.crt':
source => "puppet:///modules/ssl/clientcerts/${::fqdn}.client.crt",
@@
-30,7
+37,9
@@
class ssl {
}
file { '/etc/ssl/debian/keys/thishost.key':
source => "puppet:///modules/ssl/clientcerts/${::fqdn}.key",
}
file { '/etc/ssl/debian/keys/thishost.key':
source => "puppet:///modules/ssl/clientcerts/${::fqdn}.key",
- mode => '0640'
+ mode => '0440',
+ group => ssl-cert,
+ require => Package['ssl-cert'],
}
file { '/etc/ssl/debian/certs/ca.crt':
source => 'puppet:///modules/ssl/clientcerts/ca.crt',
}
file { '/etc/ssl/debian/certs/ca.crt':
source => 'puppet:///modules/ssl/clientcerts/ca.crt',
@@
-44,10
+53,11
@@
class ssl {
source => "puppet:///modules/exim/certs/${::fqdn}.crt",
notify => Exec['c_rehash /etc/ssl/debian/certs'],
}
source => "puppet:///modules/exim/certs/${::fqdn}.crt",
notify => Exec['c_rehash /etc/ssl/debian/certs'],
}
- file { '/etc/ssl/debian/
cert
s/thishost-server.key':
+ file { '/etc/ssl/debian/
key
s/thishost-server.key':
source => "puppet:///modules/exim/certs/${::fqdn}.key",
source => "puppet:///modules/exim/certs/${::fqdn}.key",
- group => ssl-certm,
- mode => '0640',
+ mode => '0440',
+ group => ssl-cert,
+ require => Package['ssl-cert'],
}
exec { 'c_rehash /etc/ssl/debian/certs':
}
exec { 'c_rehash /etc/ssl/debian/certs':