-class ssl {
+class ssl (
+ Boolean $insecure_ssl = false
+) {
package { 'openssl':
ensure => installed,
}
ensure => installed,
}
- if has_role('insecure_ssl') {
+ if $insecure_ssl {
$extra_ssl_certs_flags = ' --default'
$ssl_certs_config = 'puppet:///modules/ssl/ca-certificates-global.conf'
} else {
notify => Exec['refresh_ca_global_hashes'],
}
- file { '/etc/apt/apt.conf.d/local-ssl-ca-global':
- mode => '0444',
- content => template('ssl/local-ssl-ca-global.erb'),
- }
-
file { '/etc/ssl/certs/ssl-cert-snakeoil.pem':
ensure => absent,
notify => Exec['refresh_normal_hashes'],
$updatecacerts = $updatecacertsdsa
}
+ file { '/etc/apt/apt.conf.d/local-ssl-ca-global':
+ mode => '0444',
+ content => template('ssl/local-ssl-ca-global.erb'),
+ }
+
+
exec { 'refresh_debian_hashes':
command => 'c_rehash /etc/ssl/debian/certs',
refreshonly => true,