X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;ds=sidebyside;f=modules%2Fentropykey%2Fmanifests%2Finit.pp;h=8f91cf554b1bed6bd7922cc5d3de8ffa7a167b1e;hb=87df4a00d449682730d9f30ed89452564dd59a24;hp=e9a2bbec6df0666bbe9073350c5c0f5be5e463d2;hpb=3b9bedfb9c7e5cd42e2d198b8dbd7a8649a3608d;p=mirror%2Fdsa-puppet.git

diff --git a/modules/entropykey/manifests/init.pp b/modules/entropykey/manifests/init.pp
index e9a2bbec6..8f91cf554 100644
--- a/modules/entropykey/manifests/init.pp
+++ b/modules/entropykey/manifests/init.pp
@@ -8,7 +8,13 @@ class entropykey::provider {
             source => "puppet:///modules/entropykey/ekeyd.conf",
             notify  => Exec['restart_ekeyd'],
             require => [ Package['ekeyd'] ],
-        ;
+            ;
+        # our CRL expires after a while (2 or 4 weeks?), so we have
+        # to restart stunnel so it loads the new CRL.
+        "/etc/cron.weekly/stunnel-ekey-restart":
+            content =>  "#!/bin/sh\n# This file is under puppet control\nenv -i /etc/init.d/stunnel4 restart puppet-ekeyd > /dev/null\n",
+            mode => "555",
+            ;
     }
 
     exec {
@@ -55,12 +61,26 @@ class entropykey::remote_consumer inherits entropykey::local_consumer {
     stunnel4::stunnel_client {
         "ekeyd":
             accept => "127.0.0.1:8888",
-            connecthost => "heininen.debian.org",
+            connecthost => "${entropy_provider}",
             connectport => 18888,
             ;
     }
 }
 
+class entropykey {
+    case getfromhash($nodeinfo, 'entropy_key') {
+        true:  { include entropykey::provider }
+    }
+
+    $entropy_provider  = entropy_provider($fqdn, $nodeinfo)
+    case $entropy_provider {
+        false: {}
+        local: { include entropykey::local_consumer }
+        default: { include entropykey::remote_consumer }
+    }
+
+}
+
 # vim:set et:
 # vim:set sts=4 ts=4:
 # vim:set shiftwidth=4: