Ensure Debian-Edu_rootCA.crt is added to the system-wide ca-certificates.crt file.

1 files changed, 21 insertions, 0 deletions

diff --git a/code/environments/production/manifests/site.pp b/code/environments/production/manifests/site.pp
index f4055f2..7571f93 100644
--- a/code/environments/production/manifests/site.pp
+++ b/code/environments/production/manifests/site.pp
@@ -153,6 +153,13 @@ class ldapservercert_renewal {
 	}
 }
 
+class debianeducacert_2_cacerts {
+	exec { 'ensure_ldapservercert_renewed':
+		command => "/usr/sbin/update-ca-certificates",
+		onlyif => [ "/usr/bin/test ! -e /usr/local/share/ca-certificates/debian-edu/Debian-Edu_rootCA.crt", "/usr/bin/test -e /etc/ssl/certs/Debian-Edu_rootCA.crt", "/bin/mkdir -p /usr/local/share/ca-certificates/debian-edu", "/bin/cp /etc/ssl/certs/Debian-Edu_rootCA.crt /usr/local/share/ca-certificates/debian-edu/" ],
+	}
+}
+
 class cups_browsed_polling {
 
 	exec { 'cups-browsed-reload':
@@ -277,6 +284,7 @@ node "disklserver.intern" {
 		},
 	}
 	class { 'cups_browsed_polling': }
+	class { 'debianeducacert_2_cacerts':  }
 }
 
 node "tjener.intern" {
@@ -320,6 +328,7 @@ node "faiserver.intern" {
 		},
 	}
 	class { 'cups_browsed_polling': }
+	class { 'debianeducacert_2_cacerts':  }
 }
 
 node "filter.intern" {
@@ -342,6 +351,7 @@ node "filter.intern" {
 		},
 	}
 	class { 'cups_browsed_polling': }
+	class { 'debianeducacert_2_cacerts':  }
 }
 
 # NOT PRESENT node "opsiserver.intern" inherits "all_servers" {}
@@ -365,6 +375,7 @@ node "contentserver.intern" {
 		},
 	}
 	class { 'cups_browsed_polling': }
+	class { 'debianeducacert_2_cacerts':  }
 }
 node "devserver.intern" {
 	class { 'ssh_pubkeys_admins': }
@@ -386,6 +397,7 @@ node "devserver.intern" {
 	}
 	class { 'ldapservercert_renewal': }
 	class { 'cups_browsed_polling': }
+	class { 'debianeducacert_2_cacerts':  }
 }
 node "bibserv.intern" {
 	class { 'ssh_pubkeys_admins': }
@@ -408,6 +420,7 @@ node "bibserv.intern" {
 	class { 'browsers': }
 	class { 'ldapservercert_renewal': }
 	class { 'cups_browsed_polling': }
+	class { 'debianeducacert_2_cacerts':  }
 }
 
 # Notebooks in den Medienwagen
@@ -437,6 +450,7 @@ node /^mw.*\.intern$/ {
 	class { 'cachefilesd': }
 	class { 'ldapservercert_renewal': }
 	class { 'cups_browsed_polling': }
+	class { 'debianeducacert_2_cacerts':  }
 }
 
 node /^nbw.*\.intern$/ {
@@ -463,6 +477,7 @@ node /^nbw.*\.intern$/ {
 	class { 'cachefilesd': }
 	class { 'ldapservercert_renewal': }
 	class { 'cups_browsed_polling': }
+	class { 'debianeducacert_2_cacerts':  }
 }
 
 node /^net.*\.intern$/ {
@@ -489,6 +504,7 @@ node /^net.*\.intern$/ {
 	class { 'cachefilesd': }
 	class { 'ldapservercert_renewal': }
 	class { 'cups_browsed_polling': }
+	class { 'debianeducacert_2_cacerts':  }
 }
 
 node /^snb.*\.intern$/ {
@@ -515,6 +531,7 @@ node /^snb.*\.intern$/ {
 	class { 'cachefilesd': }
 	class { 'ldapservercert_renewal': }
 	class { 'cups_browsed_polling': }
+	class { 'debianeducacert_2_cacerts':  }
 }
 
 node /^t410.*\.intern$/ {
@@ -541,6 +558,7 @@ node /^t410.*\.intern$/ {
 	class { 'cachefilesd': }
 	class { 'ldapservercert_renewal': }
 	class { 'cups_browsed_polling': }
+	class { 'debianeducacert_2_cacerts':  }
 }
 
 node /^t61.*\.intern$/ {
@@ -567,6 +585,7 @@ node /^t61.*\.intern$/ {
 	class { 'cachefilesd': }
 	class { 'ldapservercert_renewal': }
 	class { 'cups_browsed_polling': }
+	class { 'debianeducacert_2_cacerts':  }
 }
 
 node /^tp.*\.intern$/ {
@@ -593,6 +612,7 @@ node /^tp.*\.intern$/ {
 	class { 'cachefilesd': }
 	class { 'ldapservercert_renewal': }
 	class { 'cups_browsed_polling': }
+	class { 'debianeducacert_2_cacerts':  }
 }
 
 # default / minimal
@@ -614,4 +634,5 @@ node "default" {
 	}
 	class { 'ldapservercert_renewal': }
 	class { 'cups_browsed_polling': }
+	class { 'debianeducacert_2_cacerts':  }
 }