From e111c2ffb6b1c4baf5ecefd0c8627eafadbb3d6c Mon Sep 17 00:00:00 2001
From: Tollef Fog Heen <tfheen@err.no>
Date: Tue, 10 Jan 2017 21:13:43 +0100
Subject: [PATCH] Add key + cert in a single file to /etc/ssl/private

Hitch and HAProxy both need this, so let's just do it for all keys and
certs.
---
 modules/ssl/manifests/service.pp | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/modules/ssl/manifests/service.pp b/modules/ssl/manifests/service.pp
index 711f755b8..f01a75c5e 100644
--- a/modules/ssl/manifests/service.pp
+++ b/modules/ssl/manifests/service.pp
@@ -35,6 +35,15 @@ define ssl::service($ensure = present, $tlsaport = 443, $notify = [], $key = fal
 			notify => [ $notify ],
 			links  => follow,
 		}
+
+		file { "/etc/ssl/private/$name.key-certchain":
+			ensure => $ssl_ensure,
+			mode   => '0440',
+			group => 'ssl-cert',
+			content => template('ssl/key-chained.erb'),
+			notify => [ $notify ],
+			links  => follow,
+		}
 	}
 
 	if (size($tlsaports) > 0 and $ssl_ensure == "present") {
-- 
2.20.1