This is better expressed as a dependency

Signed-off-by: Stephen Gran <steve@lobefin.net>

diff --git a/modules/debian-org/lib/facter/mta.rb b/modules/debian-org/lib/facter/mta.rb
index 9b61260..5d2242a 100644 (file)
--- a/modules/debian-org/lib/facter/mta.rb
+++ b/modules/debian-org/lib/facter/mta.rb
@@ -7,18 +7,3 @@ Facter.add("mta") do
                mta
        end
 end
-
-Facter.add("exim_ssl_certs") do
-       certs = FileTest.exist?("/etc/exim4/ssl/") &&
-               FileTest.exist?("/etc/exim4/ssl/ca.crl") &&
-               FileTest.exist?("/etc/exim4/ssl/thishost.crt") &&
-               FileTest.exist?("/etc/exim4/ssl/ca.crt") &&
-               FileTest.exist?("/etc/exim4/ssl/thishost.key")
-       setcode do
-               if certs
-                       true
-               else
-                       ''
-               end
-       end
-end

diff --git a/modules/exim/manifests/init.pp b/modules/exim/manifests/init.pp
index 5b02956..6b83cf8 100644 (file)
--- a/modules/exim/manifests/init.pp
+++ b/modules/exim/manifests/init.pp
@@ -12,7 +12,10 @@ class exim {
 
        service { 'exim4':
                ensure  => running,
-               require => File['/etc/exim4/exim4.conf'],
+               require => [
+                       File['/etc/exim4/exim4.conf'],
+                       Package['exim4'],
+               ]
        }
 
        file { '/etc/exim4/':
@@ -43,6 +46,7 @@ class exim {
        }
        file { '/etc/exim4/exim4.conf':
                content => template('exim/eximconf.erb'),
+               require => File['/etc/exim4/ssl/thishost.crt'],
                notify  => Service['exim4'],
        }
        file { '/etc/mailname':

diff --git a/modules/exim/templates/eximconf.erb b/modules/exim/templates/eximconf.erb
index 4676dad..d508eb0 100644 (file)
--- a/modules/exim/templates/eximconf.erb
+++ b/modules/exim/templates/eximconf.erb
@@ -129,14 +129,12 @@ hostlist reservedaddrs = <%= scope.lookupvar('site::nodeinfo')['reservedaddrs']
 domainlist mailhubdomains = lsearch;/etc/exim4/manualroute
 
 <%- end -%>
-<%- if has_variable?("exim_ssl_certs") && exim_ssl_certs == "true" -%>
 tls_certificate = /etc/exim4/ssl/thishost.crt
 tls_privatekey = /etc/exim4/ssl/thishost.key
 tls_try_verify_hosts = *
 tls_verify_certificates = /etc/exim4/ssl/ca.crt
 tls_crl = /etc/exim4/ssl/ca.crl
 
-<%- end -%>
 # The setting below causes Exim to do a reverse DNS lookup on all incoming
 # IP calls, in order to get the true host name. If you feel this is too
 # expensive, you can specify the networks for which a lookup is done, or
@@ -230,9 +228,7 @@ admin_groups = adm
 remote_sort_domains = *.debian.org:*.debian.net
 
 pipelining_advertise_hosts = !*
-<%- if has_variable?("exim_ssl_certs") && exim_ssl_certs == "true" -%>
 tls_advertise_hosts = *
-<%- end -%>
 smtp_enforce_sync = true
 
 log_selector = +tls_cipher +tls_peerdn +queue_time +deliver_time +smtp_connection +smtp_incomplete_transaction +smtp_confirmation
@@ -1566,10 +1562,8 @@ remote_smtp:
   driver = smtp
   connect_timeout = 1m
   delay_after_cutoff = false
-<%- if has_variable?("exim_ssl_certs") && exim_ssl_certs == "true" -%>
   tls_certificate = /etc/exim4/ssl/thishost.crt
   tls_privatekey = /etc/exim4/ssl/thishost.key
-<%- end -%>
 
 <%=
 out = ""
@@ -1581,13 +1575,11 @@ remote_smtp_smarthost:
   delay_after_cutoff = false
   port = '
   out += scope.lookupvar('site::nodeinfo')['smarthost_port'].to_s + "\n"
-  if has_variable?("exim_ssl_certs") && exim_ssl_certs == "true"
-    out += '  tls_tempfail_tryclear = false
+  out += '  tls_tempfail_tryclear = false
   hosts_require_tls = ' + scope.lookupvar('site::nodeinfo')['smarthost'] + '
   tls_certificate = /etc/exim4/ssl/thishost.crt
   tls_privatekey = /etc/exim4/ssl/thishost.key
 '
-  end
 end
 out
 %>