diff options
-rw-r--r-- | manifests/cert.pp | 30 | ||||
-rw-r--r-- | manifests/check.pp | 29 | ||||
-rw-r--r-- | manifests/init.pp | 48 |
3 files changed, 59 insertions, 48 deletions
diff --git a/manifests/cert.pp b/manifests/cert.pp new file mode 100644 index 0000000..e112817 --- /dev/null +++ b/manifests/cert.pp @@ -0,0 +1,30 @@ +define ssl::cert( + $ensure = present, + $owner = 'root', + $group = 'root', + $pubmode = '644', + $privmode = '600', + $base = '/etc/ssl', + $private = true +) { + file { "${base}/certs/$name.crt": + ensure => $ensure, + owner => $owner, + group => $group, + mode => $pubmode, + source => "puppet:///ssl/$name.crt", + require => File["${base}/certs"], + } + + if ($private == true) { + file { "${base}/private/$name.pem": + ensure => $ensure, + owner => $owner, + group => $group, + mode => $privmode, + backup => false, # Do not backup the private key + source => "puppet:///ssl/$name.pem", + require => File["${base}/private"], + } + } +} diff --git a/manifests/check.pp b/manifests/check.pp new file mode 100644 index 0000000..46030ee --- /dev/null +++ b/manifests/check.pp @@ -0,0 +1,29 @@ +define ssl::check( + $port = '443', + $interval = '60', + $email = 'root', + $hour = '0', + $minute = '0', + $weekday = '0', + $file = false, + $ensure = present, + $base = '/etc/ssl' +) { + $ssl_cert_check = "/usr/local/bin/ssl-cert-check -a -q -x ${interval} -e ${email}" + + $command = $file ? { + false => "$ssl_cert_check -s ${name} -p ${port}", + true => "$ssl_cert_check -c ${base}/certs/cert.crt", + default => "$ssl_cert_check -c ${file}", + } + + cron { "ssl-cert-check-${name}": + command => $command, + user => root, + hour => $hour, + minute => $minute, + weekday => $weekday, + ensure => $ensure, + require => File["/usr/local/bin/ssl-cert-check"], + } +} diff --git a/manifests/init.pp b/manifests/init.pp index c387fa0..901eda9 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -12,52 +12,4 @@ class ssl { mode => 755, source => "puppet://$server/modules/ssl/ssl-cert-check", } - - define cert($ensure = present, $owner = 'root', $group = 'root', - $pubmode = '644', $privmode = '600', $base = '/etc/ssl', - $private = true) { - file { "${base}/certs/$name.crt": - ensure => $ensure, - owner => $owner, - group => $group, - mode => $pubmode, - source => "puppet:///ssl/$name.crt", - require => File["${base}/certs"], - } - - if ($private == true) { - file { "${base}/private/$name.pem": - ensure => $ensure, - owner => $owner, - group => $group, - mode => $privmode, - backup => false, # Do not backup the private key - source => "puppet:///ssl/$name.pem", - require => File["${base}/private"], - } - } - } - - define check($port = '443', $interval = '60', $email = 'root', - $hour = '0', $minute = '0', $weekday = '0', - $file = false, $ensure = present, $base = '/etc/ssl') { - - $ssl_cert_check = "/usr/local/bin/ssl-cert-check -a -q -x ${interval} -e ${email}" - - $command = $file ? { - false => "$ssl_cert_check -s ${name} -p ${port}", - true => "$ssl_cert_check -c ${base}/certs/cert.crt", - default => "$ssl_cert_check -c ${file}", - } - - cron { "ssl-cert-check-${name}": - command => $command, - user => root, - hour => $hour, - minute => $minute, - weekday => $weekday, - ensure => $ensure, - require => File["/usr/local/bin/ssl-cert-check"], - } - } } |