aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2015-03-18 18:13:16 -0300
committerSilvio Rhatto <rhatto@riseup.net>2015-03-18 18:13:16 -0300
commite36237cd5a8fb7326c1a5a4eb0b3548be9dca2d9 (patch)
treed2558e92b74fb7535a5ada11def4dfc55bdace6c
parent2d81c0893343a701ff10646ce8235a05ac394d74 (diff)
downloadpuppet-ssl-e36237cd5a8fb7326c1a5a4eb0b3548be9dca2d9.tar.gz
puppet-ssl-e36237cd5a8fb7326c1a5a4eb0b3548be9dca2d9.tar.bz2
Split into separate files
-rw-r--r--manifests/cert.pp30
-rw-r--r--manifests/check.pp29
-rw-r--r--manifests/init.pp48
3 files changed, 59 insertions, 48 deletions
diff --git a/manifests/cert.pp b/manifests/cert.pp
new file mode 100644
index 0000000..e112817
--- /dev/null
+++ b/manifests/cert.pp
@@ -0,0 +1,30 @@
+define ssl::cert(
+ $ensure = present,
+ $owner = 'root',
+ $group = 'root',
+ $pubmode = '644',
+ $privmode = '600',
+ $base = '/etc/ssl',
+ $private = true
+) {
+ file { "${base}/certs/$name.crt":
+ ensure => $ensure,
+ owner => $owner,
+ group => $group,
+ mode => $pubmode,
+ source => "puppet:///ssl/$name.crt",
+ require => File["${base}/certs"],
+ }
+
+ if ($private == true) {
+ file { "${base}/private/$name.pem":
+ ensure => $ensure,
+ owner => $owner,
+ group => $group,
+ mode => $privmode,
+ backup => false, # Do not backup the private key
+ source => "puppet:///ssl/$name.pem",
+ require => File["${base}/private"],
+ }
+ }
+}
diff --git a/manifests/check.pp b/manifests/check.pp
new file mode 100644
index 0000000..46030ee
--- /dev/null
+++ b/manifests/check.pp
@@ -0,0 +1,29 @@
+define ssl::check(
+ $port = '443',
+ $interval = '60',
+ $email = 'root',
+ $hour = '0',
+ $minute = '0',
+ $weekday = '0',
+ $file = false,
+ $ensure = present,
+ $base = '/etc/ssl'
+) {
+ $ssl_cert_check = "/usr/local/bin/ssl-cert-check -a -q -x ${interval} -e ${email}"
+
+ $command = $file ? {
+ false => "$ssl_cert_check -s ${name} -p ${port}",
+ true => "$ssl_cert_check -c ${base}/certs/cert.crt",
+ default => "$ssl_cert_check -c ${file}",
+ }
+
+ cron { "ssl-cert-check-${name}":
+ command => $command,
+ user => root,
+ hour => $hour,
+ minute => $minute,
+ weekday => $weekday,
+ ensure => $ensure,
+ require => File["/usr/local/bin/ssl-cert-check"],
+ }
+}
diff --git a/manifests/init.pp b/manifests/init.pp
index c387fa0..901eda9 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -12,52 +12,4 @@ class ssl {
mode => 755,
source => "puppet://$server/modules/ssl/ssl-cert-check",
}
-
- define cert($ensure = present, $owner = 'root', $group = 'root',
- $pubmode = '644', $privmode = '600', $base = '/etc/ssl',
- $private = true) {
- file { "${base}/certs/$name.crt":
- ensure => $ensure,
- owner => $owner,
- group => $group,
- mode => $pubmode,
- source => "puppet:///ssl/$name.crt",
- require => File["${base}/certs"],
- }
-
- if ($private == true) {
- file { "${base}/private/$name.pem":
- ensure => $ensure,
- owner => $owner,
- group => $group,
- mode => $privmode,
- backup => false, # Do not backup the private key
- source => "puppet:///ssl/$name.pem",
- require => File["${base}/private"],
- }
- }
- }
-
- define check($port = '443', $interval = '60', $email = 'root',
- $hour = '0', $minute = '0', $weekday = '0',
- $file = false, $ensure = present, $base = '/etc/ssl') {
-
- $ssl_cert_check = "/usr/local/bin/ssl-cert-check -a -q -x ${interval} -e ${email}"
-
- $command = $file ? {
- false => "$ssl_cert_check -s ${name} -p ${port}",
- true => "$ssl_cert_check -c ${base}/certs/cert.crt",
- default => "$ssl_cert_check -c ${file}",
- }
-
- cron { "ssl-cert-check-${name}":
- command => $command,
- user => root,
- hour => $hour,
- minute => $minute,
- weekday => $weekday,
- ensure => $ensure,
- require => File["/usr/local/bin/ssl-cert-check"],
- }
- }
}