diff --git a/manifests/feature/api.pp b/manifests/feature/api.pp index 72dad17a6..3ccdeb7ba 100644 --- a/manifests/feature/api.pp +++ b/manifests/feature/api.pp @@ -311,26 +311,33 @@ command => "icinga2 pki new-cert --cn '${::fqdn}' --key '${_ssl_key_path}' --cert '${_ssl_cert_path}'", creates => $_ssl_key_path, notify => Class['::icinga2::service'], - } -> - file { + } + + -> file { $_ssl_key_path: mode => '0600'; $_ssl_cert_path: - } -> + } - exec { 'icinga2 pki get trusted-cert': + -> exec { 'icinga2 pki get trusted-cert': command => "icinga2 pki save-cert --host '${ca_host}' --port ${ca_port} --key '${_ssl_key_path}' --cert '${_ssl_cert_path}' --trustedcert '${trusted_cert}'", creates => $trusted_cert, notify => Class['::icinga2::service'], - } -> - file { $trusted_cert: } -> + } - exec { 'icinga2 pki request': + -> file { $trusted_cert: + ensure => file, + } + + -> exec { 'icinga2 pki request': command => "icinga2 pki request --host '${ca_host}' --port ${ca_port} --ca '${_ssl_cacert_path}' --key '${_ssl_key_path}' --cert '${_ssl_cert_path}' --trustedcert '${trusted_cert}' --ticket '${ticket_id}'", creates => $_ssl_cacert_path, notify => Class['::icinga2::service'], - } -> - file { $_ssl_cacert_path: } + } + + -> file { $_ssl_cacert_path: + ensure => file, + } } # icinga2 'ca': { diff --git a/manifests/pki/ca.pp b/manifests/pki/ca.pp index 48f476df1..281c6b2c0 100644 --- a/manifests/pki/ca.pp +++ b/manifests/pki/ca.pp @@ -151,6 +151,7 @@ } file { $_ssl_cacert_path: + ensure => file, source => "${ca_dir}/ca.crt", } @@ -158,21 +159,24 @@ command => "icinga2 pki new-cert --cn '${::fqdn}' --key '${_ssl_key_path}' --csr '${_ssl_csr_path}'", creates => $_ssl_key_path, require => File[$_ssl_cacert_path] - } -> - file { - $_ssl_key_path: - mode => '0600'; - } + } + + -> file { $_ssl_key_path: + ensure => file, + mode => '0600', + } exec { 'icinga2 pki sign certificate': command => "icinga2 pki sign-csr --csr '${_ssl_csr_path}' --cert '${_ssl_cert_path}'", subscribe => Exec['icinga2 pki create certificate signing request'], refreshonly => true, notify => Class['::icinga2::service'], - } -> - file { - $_ssl_cert_path:; - $_ssl_csr_path: - ensure => absent; - } + } + + -> file { + $_ssl_cert_path: + ensure => file; + $_ssl_csr_path: + ensure => absent; + } }