Defined Type: sslcert::chainedcert

Defined in:
modules/sslcert/manifests/chainedcert.pp

Overview

Parameters:

  • ensure (Wmflib::Ensure) (defaults to: present)
  • group (String) (defaults to: 'ssl-cert')


32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
# File 'modules/sslcert/manifests/chainedcert.pp', line 32

define sslcert::chainedcert(
  Wmflib::Ensure $ensure = present,
  String         $group  = 'ssl-cert',
) {
    require sslcert

    $chainedfile = "/etc/ssl/localcerts/${title}.chained.crt"
    $chainfile = "/etc/ssl/localcerts/${title}.chain.crt"

    if $ensure == 'present' {
        $inpath = "/etc/ssl/localcerts/${title}.crt"
        $script = '/usr/local/sbin/x509-bundle'
        exec { "x509-bundle ${title}-chained":
            path    => 'bin:/usr/bin',
            cwd     => '/etc/ssl/localcerts',
            command => "${script} --skip-root -c ${inpath} -o ${chainedfile}",
            unless  => "[ ${chainedfile} -nt ${inpath} -a ${chainedfile} -nt ${script} ]",
            require => [ File[$inpath], File[$script] ],
        }
        exec { "x509-bundle ${title}-chain":
            path    => 'bin:/usr/bin',
            cwd     => '/etc/ssl/localcerts',
            command => "${script} --skip-root --skip-first -c ${inpath} -o ${chainfile}",
            unless  => "[ ${chainfile} -nt ${inpath} -a ${chainfile} -nt ${script} ]",
            require => [ File[$inpath], File[$script] ],
        }

        # set owner/group/permissions on the chained/chain files
        file { $chainedfile:
            ensure  => $ensure,
            mode    => '0444',
            owner   => 'root',
            group   => $group,
            require => Exec["x509-bundle ${title}-chained"],
        }
        file { $chainfile:
            ensure  => $ensure,
            mode    => '0444',
            owner   => 'root',
            group   => $group,
            require => Exec["x509-bundle ${title}-chain"],
        }
    } else {
        file { [$chainedfile, $chainfile]:
            ensure => $ensure,
        }
    }
}