# our CRL expires after a while (2 or 4 weeks?), so we have
# to restart stunnel so it loads the new CRL.
file { '/etc/cron.weekly/stunnel-ekey-restart':
- content => "#!/bin/sh\n# This file is under puppet control\n# weekly restart of stunnel on ${::hostname}\nenv -i /etc/init.d/stunnel4 restart puppet-ekeyd > /dev/null\n",
+ content => @("EOF"),
+ #!/bin/sh
+ # This file is under puppet control
+ # weekly restart of stunnel so it learns about the new CRL
+ env -i chronic /etc/init.d/stunnel4 restart puppet-ekeyd
+ | EOF
mode => '0555',
}
service { 'ekeyd':
ensure => running,
- require => File['/etc/entropykey/ekeyd.conf'],
+ require => [
+ File['/etc/entropykey/ekeyd.conf'],
+ Package['ekeyd']
+ ]
}
stunnel4::server { 'ekeyd':