Faidon Liambotis has uploaded a new change for review.
https://gerrit.wikimedia.org/r/215353
Change subject: sslcert: automatically regenerate chained cert on changes
......................................................................
sslcert: automatically regenerate chained cert on changes
This doesn't handle CA changes yet (sslcert::ca or otherwise) but it
should be more than enough for now.
Change-Id: Iafcce2ad465fad953acaff1b36fa993117e12d04
---
M modules/sslcert/manifests/chainedcert.pp
1 file changed, 5 insertions(+), 4 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/53/215353/1
diff --git a/modules/sslcert/manifests/chainedcert.pp
b/modules/sslcert/manifests/chainedcert.pp
index 2f0e3b3..035d807 100644
--- a/modules/sslcert/manifests/chainedcert.pp
+++ b/modules/sslcert/manifests/chainedcert.pp
@@ -36,10 +36,11 @@
if $ensure == 'present' {
exec { "x509-bundle ${title}":
- creates => $chainfile,
- command => "/usr/local/sbin/x509-bundle --skip-root -c
${title}.crt -o $chainfile",
- cwd => '/etc/ssl/localcerts',
- require => File["/etc/ssl/localcerts/${title}.crt"]
+ refreshonly => true,
+ command => "/usr/local/sbin/x509-bundle --skip-root -c
${title}.crt -o $chainfile",
+ cwd => '/etc/ssl/localcerts',
+ require => File["/etc/ssl/localcerts/${title}.crt"],
+ subscribe => File["/etc/ssl/localcerts/${title}.crt"],
}
# set owner/group/permissions on the chained file
--
To view, visit https://gerrit.wikimedia.org/r/215353
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Iafcce2ad465fad953acaff1b36fa993117e12d04
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis <fai...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
