summaryrefslogtreecommitdiff
path: root/puppet/modules
diff options
context:
space:
mode:
authorvarac <varacanero@zeromail.org>2012-12-10 23:45:05 +0100
committervarac <varacanero@zeromail.org>2012-12-10 23:45:05 +0100
commite8f28cf269fe706ed556f84d6e03d6a574dfa26d (patch)
tree06a5dbd178a0c81fb1b54f139c20ccacd4a0b333 /puppet/modules
parent3f0bbccb1b0020530ae4e4a0682fbf9f5f401e3b (diff)
openvpn: use x509 module to deploy certs (fixes #1064)
Diffstat (limited to 'puppet/modules')
-rw-r--r--puppet/modules/site_openvpn/manifests/keys.pp26
-rw-r--r--puppet/modules/site_openvpn/manifests/server_config.pp6
2 files changed, 18 insertions, 14 deletions
diff --git a/puppet/modules/site_openvpn/manifests/keys.pp b/puppet/modules/site_openvpn/manifests/keys.pp
index 12c1bd8f..4c43ec05 100644
--- a/puppet/modules/site_openvpn/manifests/keys.pp
+++ b/puppet/modules/site_openvpn/manifests/keys.pp
@@ -1,22 +1,26 @@
class site_openvpn::keys {
- file { '/etc/openvpn/keys/ca.crt':
- content => $site_openvpn::x509_config['ca_cert'],
- mode => '0644',
+ x509::key {
+ 'leap_openvpn':
+ content => $site_openvpn::x509_config['key'],
+ notify => Service[openvpn];
}
- file { '/etc/openvpn/keys/dh.pem':
- content => $site_openvpn::x509_config['dh'],
- mode => '0644',
+ x509::cert {
+ 'leap_openvpn':
+ content => $site_openvpn::x509_config['cert'],
+ notify => Service[openvpn];
}
- file { '/etc/openvpn/keys/server.key':
- content => $site_openvpn::x509_config['key'],
- mode => '0600',
+ x509::ca {
+ 'leap_openvpn':
+ content => $site_openvpn::x509_config['ca_cert'],
+ notify => Service[openvpn];
}
- file { '/etc/openvpn/keys/server.crt':
- content => $site_openvpn::x509_config['cert'],
+ file { '/etc/openvpn/keys/dh.pem':
+ content => $site_openvpn::x509_config['dh'],
mode => '0644',
}
+
}
diff --git a/puppet/modules/site_openvpn/manifests/server_config.pp b/puppet/modules/site_openvpn/manifests/server_config.pp
index 6fc3a3c2..c4f64225 100644
--- a/puppet/modules/site_openvpn/manifests/server_config.pp
+++ b/puppet/modules/site_openvpn/manifests/server_config.pp
@@ -69,15 +69,15 @@ define site_openvpn::server_config ($port, $proto, $local, $server, $push, $mana
openvpn::option {
"ca $openvpn_configname":
key => 'ca',
- value => '/etc/openvpn/keys/ca.crt',
+ value => '/usr/local/share/ca-certificates/leap_openvpn.crt',
server => $openvpn_configname;
"cert $openvpn_configname":
key => 'cert',
- value => '/etc/openvpn/keys/server.crt',
+ value => '/etc/x509/certs/leap_openvpn.crt',
server => $openvpn_configname;
"key $openvpn_configname":
key => 'key',
- value => '/etc/openvpn/keys/server.key',
+ value => '/etc/x509/keys/leap_openvpn.key',
server => $openvpn_configname;
"dh $openvpn_configname":
key => 'dh',