Commit 98a72e7b authored by Jonathan Gazeley's avatar Jonathan Gazeley
Browse files

Purge all non-managed certificates, to get rid of the ones that come in the RPM

parent abf97388
...@@ -34,7 +34,6 @@ class freeradius ( ...@@ -34,7 +34,6 @@ class freeradius (
"${freeradius::fr_basepath}/policy.d", "${freeradius::fr_basepath}/policy.d",
"${freeradius::fr_basepath}/dictionary.d", "${freeradius::fr_basepath}/dictionary.d",
"${freeradius::fr_basepath}/scripts", "${freeradius::fr_basepath}/scripts",
"${freeradius::fr_basepath}/certs",
]: ]:
ensure => directory, ensure => directory,
mode => '0750', mode => '0750',
...@@ -44,6 +43,18 @@ class freeradius ( ...@@ -44,6 +43,18 @@ class freeradius (
notify => Service[$freeradius::fr_service], notify => Service[$freeradius::fr_service],
} }
# Create cert directory separately so we can set purge option
file { "${freeradius::fr_basepath}/certs":
ensure => directory,
purge => true,
recurse => true,
mode => '0750',
owner => 'root',
group => $freeradius::fr_group,
require => [Package[$freeradius::fr_package], Group[$freeradius::fr_group]],
notify => Service[$freeradius::fr_service],
}
# Set up concat policy file, as there is only one global policy # Set up concat policy file, as there is only one global policy
# We also add standard header and footer # We also add standard header and footer
concat { "${freeradius::fr_basepath}/policy.conf": concat { "${freeradius::fr_basepath}/policy.conf":
...@@ -203,6 +214,12 @@ class freeradius ( ...@@ -203,6 +214,12 @@ class freeradius (
require => [Package[$freeradius::fr_package], Group[$freeradius::fr_group]], require => [Package[$freeradius::fr_package], Group[$freeradius::fr_group]],
} }
# Placeholder resource for dh and random as they are dynamically generated, so they
# exist in the catalogue and don't get purged
file { ["${freeradius::fr_basepath}/certs/dh", "${freeradius::fr_basepath}/certs/random"]:
require => Exec['dh', 'random'],
}
# Generate global SSL parameters # Generate global SSL parameters
exec { 'dh': exec { 'dh':
command => "openssl dhparam -out ${freeradius::fr_basepath}/certs/dh 1024", command => "openssl dhparam -out ${freeradius::fr_basepath}/certs/dh 1024",
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment