Commit 98a72e7b authored by Jonathan Gazeley's avatar Jonathan Gazeley
Browse files

Purge all non-managed certificates, to get rid of the ones that come in the RPM

parent abf97388
......@@ -34,7 +34,6 @@ class freeradius (
"${freeradius::fr_basepath}/policy.d",
"${freeradius::fr_basepath}/dictionary.d",
"${freeradius::fr_basepath}/scripts",
"${freeradius::fr_basepath}/certs",
]:
ensure => directory,
mode => '0750',
......@@ -44,6 +43,18 @@ class freeradius (
notify => Service[$freeradius::fr_service],
}
# Create cert directory separately so we can set purge option
file { "${freeradius::fr_basepath}/certs":
ensure => directory,
purge => true,
recurse => true,
mode => '0750',
owner => 'root',
group => $freeradius::fr_group,
require => [Package[$freeradius::fr_package], Group[$freeradius::fr_group]],
notify => Service[$freeradius::fr_service],
}
# Set up concat policy file, as there is only one global policy
# We also add standard header and footer
concat { "${freeradius::fr_basepath}/policy.conf":
......@@ -203,6 +214,12 @@ class freeradius (
require => [Package[$freeradius::fr_package], Group[$freeradius::fr_group]],
}
# Placeholder resource for dh and random as they are dynamically generated, so they
# exist in the catalogue and don't get purged
file { ["${freeradius::fr_basepath}/certs/dh", "${freeradius::fr_basepath}/certs/random"]:
require => Exec['dh', 'random'],
}
# Generate global SSL parameters
exec { 'dh':
command => "openssl dhparam -out ${freeradius::fr_basepath}/certs/dh 1024",
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment