and use template after setting var

diff --git a/modules/ssl/manifests/init.pp b/modules/ssl/manifests/init.pp
index 21e51e6..ee83067 100644 (file)
--- a/modules/ssl/manifests/init.pp
+++ b/modules/ssl/manifests/init.pp
@@ -35,11 +35,6 @@ class ssl {
                notify  => Exec['refresh_ca_global_hashes'],
        }
 
-       file { '/etc/apt/apt.conf.d/local-ssl-ca-global':
-               mode   => '0444',
-               content => template('ssl/local-ssl-ca-global.erb'),
-       }
-
        file { '/etc/ssl/certs/ssl-cert-snakeoil.pem':
                ensure => absent,
                notify => Exec['refresh_normal_hashes'],
@@ -145,6 +140,12 @@ class ssl {
                $updatecacerts = $updatecacertsdsa
        }
 
+       file { '/etc/apt/apt.conf.d/local-ssl-ca-global':
+               mode   => '0444',
+               content => template('ssl/local-ssl-ca-global.erb'),
+       }
+
+
        exec { 'refresh_debian_hashes':
                command     => 'c_rehash /etc/ssl/debian/certs',
                refreshonly => true,

diff --git a/modules/ssl/templates/local-ssl-ca-global.erb b/modules/ssl/templates/local-ssl-ca-global.erb
index c5a7f2c..9e6e457 100644 (file)
--- a/modules/ssl/templates/local-ssl-ca-global.erb
+++ b/modules/ssl/templates/local-ssl-ca-global.erb
@@ -2,5 +2,5 @@ DPkg::Pre-Install-Pkgs {
   "if grep -q '/ca-certificates_.*\.deb$' ; then touch /run/dsa-ca-certificates-global ; fi";
 };
 DPkg::Post-Invoke {
-  "if [ -e /run/dsa-ca-certificates-global ] && [ -e \"<%= @updatecacerts %>" ] ; then \"<%= @updatecacerts %>\" --fresh --default --certsconf /etc/ca-certificates-global.conf --etccertsdir /etc/ssl/ca-global --hooksdir /dev/null ; rm -f /run/dsa-ca-certificates-global ; fi";
+  "if [ -e /run/dsa-ca-certificates-global ] && [ -e \"<%= @updatecacerts %>\" ] ; then \"<%= @updatecacerts %>\" --fresh --default --certsconf /etc/ca-certificates-global.conf --etccertsdir /etc/ssl/ca-global --hooksdir /dev/null ; rm -f /run/dsa-ca-certificates-global ; fi";
 };