source => 'puppet:///modules/ssl/ca-certificates.conf',
notify => Exec['refresh_normal_hashes'],
}
+ if (versioncmp($::lsbmajdistrelease, '8') >= 0) {
+ $ca_debian_conf_suffix = ''
+ } else {
+ $ca_debian_conf_suffix = '-wheezy'
+ }
file { '/etc/ca-certificates-debian.conf':
mode => '0444',
- source => 'puppet:///modules/ssl/ca-certificates-debian.conf',
+ source => "puppet:///modules/ssl/ca-certificates-debian${ca_debian_conf_suffix}.conf",
notify => Exec['refresh_ca_debian_hashes'],
}
file { '/etc/ca-certificates-global.conf':
purge => true,
recurse => true,
force => true,
- notify => Exec['refresh_normal_hashes'],
+ notify => [ Exec['refresh_normal_hashes'], Exec['refresh_ca_global_hashes'] ],
}
file { '/etc/ssl/certs/README':
ensure => absent,
}
file { '/etc/ssl/debian/keys':
ensure => absent,
+ force => true,
}
file { '/etc/ssl/private/thishost.key':
source => "puppet:///modules/ssl/clientcerts/${::fqdn}.key",