Disable the usual SSL setup for godard

author Paul Wise <pabs@debian.org>

Sun, 3 Sep 2017 12:30:46 +0000 (20:30 +0800)

committer Paul Wise <pabs@debian.org>

Sun, 3 Sep 2017 12:33:03 +0000 (20:33 +0800)
author Paul Wise <pabs@debian.org>
Sun, 3 Sep 2017 12:30:46 +0000 (20:30 +0800)
committer Paul Wise <pabs@debian.org>
Sun, 3 Sep 2017 12:33:03 +0000 (20:33 +0800)
diff --git a/modules/ssl/manifests/init.pp b/modules/ssl/manifests/init.pp

index 636d2b5..756661e 100644 (file)
--- a/modules/ssl/manifests/init.pp
+++ b/modules/ssl/manifests/init.pp
@@ -156,13 +156,19 @@ class ssl {
                 refreshonly => true,
                 require     => Package['openssl'],
         }
+       if $::hostname == 'godard' {
+               $extra_ssl_certs_flags = ' --default'
+       } else {
+               $extra_ssl_certs_flags = ''
+       }
+
         exec { 'refresh_normal_hashes':
                 # NOTE 1: always use update-ca-certificates to manage hashes in
                 #         /etc/ssl/certs otherwise /etc/ssl/ca-certificates.crt will
                 #         get a hash overriding the hash that would have been generated
                 #         for another certificate ... which is problem, comrade
                 # NOTE 2: always ask update-ca-certificates to freshen (-f) the links
-               command     => '/usr/sbin/update-ca-certificates -f',
+               command     => "/usr/sbin/update-ca-certificates --fresh${extra_ssl_certs_flags}",
                 refreshonly => true,
                 require     => Package['ca-certificates'],
         }
author	Paul Wise <pabs@debian.org>
	Sun, 3 Sep 2017 12:30:46 +0000 (20:30 +0800)
committer	Paul Wise <pabs@debian.org>
	Sun, 3 Sep 2017 12:33:03 +0000 (20:33 +0800)