diff options
| author | Micah Anderson <micah@leap.se> | 2014-11-20 15:22:09 -0500 |
|---|---|---|
| committer | Micah Anderson <micah@leap.se> | 2014-11-20 15:22:09 -0500 |
| commit | 896dd69710fa24a0235fc70081a71f35adbf9af1 (patch) | |
| tree | 0216da5e47addce20d68b60aab5129b540a5a5c4 | |
| parent | e334f10447303209ac3802436437670f45511603 (diff) | |
Make sure that stunnel restarts when cert/key change (#6181)
Change-Id: I5085247a87018e18e73833119ac73225afbfea1e
4 files changed, 17 insertions, 10 deletions
diff --git a/puppet/modules/site_stunnel/manifests/client.pp b/puppet/modules/site_stunnel/manifests/client.pp index 76815174..3b10ecb8 100644 --- a/puppet/modules/site_stunnel/manifests/client.pp +++ b/puppet/modules/site_stunnel/manifests/client.pp @@ -35,11 +35,7 @@ define site_stunnel::client ( pid => "/var/run/stunnel4/${pid}.pid", rndfile => $rndfile, debuglevel => $debuglevel, - sslversion => 'TLSv1', - subscribe => [ - Class['Site_config::X509::Key'], - Class['Site_config::X509::Cert'], - Class['Site_config::X509::Ca'] ]; + sslversion => 'TLSv1'; } site_shorewall::stunnel::client { $name: diff --git a/puppet/modules/site_stunnel/manifests/init.pp b/puppet/modules/site_stunnel/manifests/init.pp index b292f1cd..2e0cf5b8 100644 --- a/puppet/modules/site_stunnel/manifests/init.pp +++ b/puppet/modules/site_stunnel/manifests/init.pp @@ -28,5 +28,7 @@ class site_stunnel { $clients = $stunnel['clients'] $client_sections = keys($clients) site_stunnel::clients { $client_sections: } + + include site_stunnel::override_service } diff --git a/puppet/modules/site_stunnel/manifests/override_service.pp b/puppet/modules/site_stunnel/manifests/override_service.pp new file mode 100644 index 00000000..96187048 --- /dev/null +++ b/puppet/modules/site_stunnel/manifests/override_service.pp @@ -0,0 +1,13 @@ +class site_stunnel::override_service inherits stunnel::debian { + + include site_config::x509::cert + include site_config::x509::key + include site_config::x509::ca + + Service[stunnel] { + subscribe => [ + Class['Site_config::X509::Key'], + Class['Site_config::X509::Cert'], + Class['Site_config::X509::Ca'] ] + } +} diff --git a/puppet/modules/site_stunnel/manifests/servers.pp b/puppet/modules/site_stunnel/manifests/servers.pp index 8d537644..b6fac319 100644 --- a/puppet/modules/site_stunnel/manifests/servers.pp +++ b/puppet/modules/site_stunnel/manifests/servers.pp @@ -35,11 +35,7 @@ define site_stunnel::servers ( pid => "/var/run/stunnel4/${pid}.pid", rndfile => '/var/lib/stunnel4/.rnd', debuglevel => $debuglevel, - sslversion => 'TLSv1', - require => [ - Class['Site_config::X509::Key'], - Class['Site_config::X509::Cert'], - Class['Site_config::X509::Ca'] ]; + sslversion => 'TLSv1'; } # allow incoming connections on $accept_port |