[MediaWiki-commits] [Gerrit] SSL certs - add class for GlobalSign CA - change (operations/puppet)

Fri, 12 Sep 2014 12:30:12 -0700 

Dzahn has submitted this change and it was merged.

Change subject: SSL certs - add class for GlobalSign CA
......................................................................


SSL certs - add class for GlobalSign CA

in Ibbe0a4f209422 a new CA has been added

we also need a new class for it, see the other
similar classes above. just adding the file
to files/ssl does not install it on servers
and then puppet can't find it and fails

Change-Id: I083b9ce388e97acfb8915d51059d43b58deec374
---
M manifests/certs.pp
1 file changed, 18 insertions(+), 0 deletions(-)

Approvals:
  RobH: Looks good to me, but someone else must approve
  jenkins-bot: Verified
  Dzahn: Looks good to me, approved



diff --git a/manifests/certs.pp b/manifests/certs.pp
index 423246e..a91b004 100644
--- a/manifests/certs.pp
+++ b/manifests/certs.pp
@@ -302,3 +302,21 @@
         require => File['/etc/ssl/certs/DigiCertHighAssuranceCA-3.pem'],
     }
 }
+
+class certificates::globalsign_ca {
+
+    include certificates::packages
+
+    file { '/etc/ssl/certs/GlobalSign_CA.pem':
+        owner   => 'root',
+        group   => 'root',
+        mode    => '0444',
+        source  => 'puppet:///files/ssl/GlobalSign_CA.pem',
+        require => Package['openssl'],
+    }
+
+    exec { '/bin/ln -sf /etc/ssl/certs/GlobalSign_CA.pem 
/etc/ssl/certs/$(/usr/bin/openssl x509 -hash -noout -in 
/etc/ssl/certs/GlobalSign_CA.pem).0':
+        unless  => "/usr/bin/[ -f \"/etc/ssl/certs/$(/usr/bin/openssl x509 
-hash -noout -in /etc/ssl/certs/GlobalSign_CA.pem).0\" ]",
+        require => File['/etc/ssl/certs/GlobalSign_CA.pem'],
+    }
+}

-- 
To view, visit https://gerrit.wikimedia.org/r/160066
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I083b9ce388e97acfb8915d51059d43b58deec374
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn <[email protected]>
Gerrit-Reviewer: Alexandros Kosiaris <[email protected]>
Gerrit-Reviewer: Dzahn <[email protected]>
Gerrit-Reviewer: Mark Bergsma <[email protected]>
Gerrit-Reviewer: RobH <[email protected]>
Gerrit-Reviewer: Rush <[email protected]>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to