openvpn: use x509 module to deploy certs (fixes #1064)

1 files changed, 15 insertions, 11 deletions

diff --git a/puppet/modules/site_openvpn/manifests/keys.pp b/puppet/modules/site_openvpn/manifests/keys.pp
index 12c1bd8f..4c43ec05 100644
--- a/puppet/modules/site_openvpn/manifests/keys.pp
+++ b/puppet/modules/site_openvpn/manifests/keys.pp
@@ -1,22 +1,26 @@
 class site_openvpn::keys {
 
-  file { '/etc/openvpn/keys/ca.crt':
-    content => $site_openvpn::x509_config['ca_cert'],
-    mode    => '0644',
+  x509::key {
+    'leap_openvpn':
+      content => $site_openvpn::x509_config['key'],
+      notify  => Service[openvpn];
   }
 
-  file { '/etc/openvpn/keys/dh.pem':
-    content => $site_openvpn::x509_config['dh'],
-    mode    => '0644',
+  x509::cert {
+    'leap_openvpn':
+      content => $site_openvpn::x509_config['cert'],
+      notify  => Service[openvpn];
   }
 
-  file { '/etc/openvpn/keys/server.key':
-    content => $site_openvpn::x509_config['key'],
-    mode    => '0600',
+  x509::ca {
+    'leap_openvpn':
+      content => $site_openvpn::x509_config['ca_cert'],
+      notify  => Service[openvpn];
   }
 
-  file { '/etc/openvpn/keys/server.crt':
-    content => $site_openvpn::x509_config['cert'],
+  file { '/etc/openvpn/keys/dh.pem':
+    content => $site_openvpn::x509_config['dh'],
     mode    => '0644',
   }
+
 }