Dzahn has uploaded a new change for review.
https://gerrit.wikimedia.org/r/160066
Change subject: SSL certs - add class for GlobalSign CA
......................................................................
SSL certs - add class for GlobalSign CA
in Ibbe0a4f209422 a new CA has been added
we also need a new class for it, see the other
similar classes above. just adding the file
to files/ssl does not install it on servers
and then puppet can't find it and fails
Change-Id: I083b9ce388e97acfb8915d51059d43b58deec374
---
M manifests/certs.pp
1 file changed, 18 insertions(+), 0 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/66/160066/1
diff --git a/manifests/certs.pp b/manifests/certs.pp
index 423246e..e0884fa 100644
--- a/manifests/certs.pp
+++ b/manifests/certs.pp
@@ -302,3 +302,21 @@
require => File['/etc/ssl/certs/DigiCertHighAssuranceCA-3.pem'],
}
}
+
+class certificates::globalsign_ca {
+
+ include certificates::packages
+
+ file { '/etc/ssl/certs/GlobalSign_CA.pem':
+ owner => 'root',
+ group => 'root',
+ mode => '0444',
+ source => 'puppet:///files/ssl/GlobalSign_CA.pem',
+ require => Package['openssl'],
+ }
+
+ exec { '/bin/ln -sf /etc/ssl/certs/GlobalSign_CA.pem
/etc/ssl/certs/$(/usr/bin/openssl x509 -hash -noout -in
/etc/ssl/certs/DigiCertHighAssuranceCA-3.pem).0':
+ unless => "/usr/bin/[ -f \"/etc/ssl/certs/$(/usr/bin/openssl x509
-hash -noout -in /etc/ssl/certs/GlobalSign_CA.pem).0\" ]",
+ require => File['/etc/ssl/certs/GlobalSign_CA.pem'],
+ }
+}
--
To view, visit https://gerrit.wikimedia.org/r/160066
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I083b9ce388e97acfb8915d51059d43b58deec374
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
