BBlack has uploaded a new change for review.
https://gerrit.wikimedia.org/r/197459
Change subject: replace certificates::base code with ref to ::sslcert
......................................................................
replace certificates::base code with ref to ::sslcert
Change-Id: Ic08a6d574f9042460a27783651969fd32def428d
---
D files/ssl/ssl_certs
M manifests/certs.pp
2 files changed, 1 insertion(+), 69 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/59/197459/1
diff --git a/files/ssl/ssl_certs b/files/ssl/ssl_certs
deleted file mode 100644
index a2a1c6f..0000000
--- a/files/ssl/ssl_certs
+++ /dev/null
@@ -1,26 +0,0 @@
-# ------------------------------------------------------------------
-#
-# Copyright (C) 2002-2005 Novell/SUSE
-# Copyright (C) 2010-2011 Canonical Ltd.
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of version 2 of the GNU General Public
-# License published by the Free Software Foundation.
-#
-# ------------------------------------------------------------------
-# THIS FILE IS MANAGED BY PUPPET
-# Source: files/ssl/ssl_cert
-# From : certificates::base
-
- /etc/ssl/ r,
- /etc/ssl/certs/ r,
- /etc/ssl/certs/* r,
- /usr/share/ca-certificates/ r,
- /usr/share/ca-certificates/** r,
- /usr/share/ssl/certs/ca-bundle.crt r,
- /usr/local/share/ca-certificates/ r,
- /usr/local/share/ca-certificates/** r,
- /var/lib/ca-certificates/ r,
- /var/lib/ca-certificates/** r,
- /etc/ssl/localcerts/ r,
- /etc/ssl/localcerts/** r,
diff --git a/manifests/certs.pp b/manifests/certs.pp
index d00683e..2cb422b 100644
--- a/manifests/certs.pp
+++ b/manifests/certs.pp
@@ -108,49 +108,7 @@
}
class certificates::base {
-
- package { [ 'openssl', 'ssl-cert' ]:
- ensure => 'latest',
- }
-
- exec { 'update-ca-certificates':
- command => '/usr/sbin/update-ca-certificates',
- refreshonly => true,
- }
-
- package { 'ca-certificates':
- ensure => 'latest',
- notify => Exec['update-ca-certificates'],
- }
-
- # Server certificates now uniformly go in there
- file { '/etc/ssl/localcerts':
- ensure => directory,
- owner => 'root',
- group => 'ssl-cert',
- mode => '0755',
- require => Package['ssl-cert'],
- }
-
- if $::operatingsystem == 'Ubuntu' {
- ## NOTE: The ssl_certs abstraction for apparmor is known to exist
- ## and be mutually compatible up to Trusty; new versions will need
- ## validation before they are cleared.
-
- include apparmor
-
- if versioncmp($::lsbdistrelease, '14.04') > 0 {
- fail("The apparmor profile for certificates::base is only known to
work up to Trusty")
- }
- file { '/etc/apparmor.d/abstractions/ssl_certs':
- ensure => file,
- owner => 'root',
- group => 'root',
- mode => '0444',
- source => 'puppet:///files/ssl/ssl_certs',
- notify => Service['apparmor'],
- }
- }
+ include ::sslcert
}
class certificates::star_wmflabs_org {
--
To view, visit https://gerrit.wikimedia.org/r/197459
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ic08a6d574f9042460a27783651969fd32def428d
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: BBlack <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
