Defined Type: sslcert::ocsp::conf

Defined in:
modules/sslcert/manifests/ocsp/conf.pp

Overview

Parameters:

  • ensure (Wmflib::Ensure) (defaults to: present)
  • certs (Array[String]) (defaults to: [$title])
  • proxy (Optional[String]) (defaults to: undef) 


26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
 
# File 'modules/sslcert/manifests/ocsp/conf.pp', line 26

define sslcert::ocsp::conf(
  Wmflib::Ensure   $ensure = present,
  Array[String]    $certs  = [$title],
  Optional[String] $proxy  = undef,
) {
    if !defined(Class['sslcert::ocsp::init']) {
        fail('sslcert::ocsp::conf should only be used once the sslcert::ocsp::init class is declared.')
    }

    $output = "/var/cache/ocsp/${title}.ocsp"
    $config = "/etc/update-ocsp.d/${title}.conf"

    file { $config:
        ensure  => $ensure,
        owner   => 'root',
        group   => 'root',
        mode    => '0444',
        content => template('sslcert/update-ocsp.erb'),
        require => Sslcert::Certificate[$certs],
    }

    if $ensure == 'present' {
        # initial creation on the first puppet run
        exec { "${title}-create-ocsp":
            command => "/usr/local/sbin/update-ocsp --config ${config}",
            creates => $output,
            require => File[$config],
        }
    } else {
        file { $output:
            ensure => absent,
        }
    }
}