Using ssl::cert to define certificates

author Silvio Rhatto <rhatto@riseup.net>

Tue, 29 Nov 2011 01:37:28 +0000 (23:37 -0200)

committer Silvio Rhatto <rhatto@riseup.net>

Tue, 29 Nov 2011 01:37:28 +0000 (23:37 -0200)
author Silvio Rhatto <rhatto@riseup.net>
Tue, 29 Nov 2011 01:37:28 +0000 (23:37 -0200)
committer Silvio Rhatto <rhatto@riseup.net>
Tue, 29 Nov 2011 01:37:28 +0000 (23:37 -0200)
diff --git a/manifests/init.pp b/manifests/init.pp

index e368530682d7346f5f750c0ae465ec68277836b0..b758903d5006b8df93f67ed31b8646eebd2c79fc 100644 (file)
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -5,24 +5,6 @@ class ssl {
      group   => "root",
    }
  
-  file { "/etc/ssl/certs/cert.crt":
-    ensure => present,
-    owner   => "root",
-    group   => "root",
-    mode    => 644,
-    source  => "puppet:///modules/site-keys/ssl/cert.crt",
-    require => File["/etc/ssl/certs"],
-  }
-
-  file { "/etc/ssl/private/cert.pem":
-    ensure => present,
-    owner   => "root",
-    group   => "root",
-    mode    => 600,
-    source  => "puppet:///modules/site-keys/ssl/cert.pem",
-    require => File["/etc/ssl/private"],
-  }
-
    file { "/usr/local/bin/ssl-cert-check":
      ensure => present,
      owner   => "root",
@@ -31,6 +13,29 @@ class ssl {
      source  => "puppet://$server/modules/ssl/ssl-cert-check",
    }
  
+  define cert($ensure  = present, $owner    = 'root', $group = 'root', $notify = undef,
+              $pubmode = '644',   $privmode = '600') {
+    file { "/etc/ssl/certs/$name.crt":
+      ensure  => $ensure,
+      owner   => $owner,
+      group   => $group,
+      mode    => $pubmode,
+      source  => "puppet:///modules/site-keys/ssl/$name.crt",
+      require => File["/etc/ssl/certs"],
+      notify  => $notify,
+    }
+  
+    file { "/etc/ssl/private/$name.pem":
+      ensure  => $ensure,
+      owner   => $owner,
+      group   => $group,
+      mode    => $privmode,
+      source  => "puppet:///modules/site-keys/ssl/$name.pem",
+      require => File["/etc/ssl/private"],
+      notify  => $notify,
+    }
+  }
+
    define check($port = '443', $interval = '60', $email = 'root',
                 $hour = '0',   $minute   = '0',  $weekday = '0',
                 $file = false, $ensure   = present) {
@@ -54,21 +59,3 @@ class ssl {
      }
    }
  }
-
-class ssl::mail inherits ssl {
-  File['/etc/ssl/private/cert.pem'] {
-    group  => postfix,
-    mode   => 0640,
-    notify => Service['postfix'],
-  }
-
-  File['/etc/ssl/certs/cert.crt'] {
-    notify => Service['postfix'],
-  }
-}
-
-class ssl::proxy inherits ssl {
-  File['/etc/ssl/certs/cert.crt', '/etc/ssl/private/cert.pem'] {
-    notify => Service['nginx'],
-  }
-}
author	Silvio Rhatto <rhatto@riseup.net>
	Tue, 29 Nov 2011 01:37:28 +0000 (23:37 -0200)
committer	Silvio Rhatto <rhatto@riseup.net>
	Tue, 29 Nov 2011 01:37:28 +0000 (23:37 -0200)