From 2b6f92067f14d83ee0e56d9d3173eea8060c0295 Mon Sep 17 00:00:00 2001
From: Filip Polbratt <octol@nsc.liu.se>
Date: Thu, 2 Dec 2021 16:25:16 +0000
Subject: [PATCH] Add support for EL8 systems.
The packaging of fetch-crl in EPEL-8 uses a systemd timer unit,
instead of a cron job, to run fetch-crl regularly. Thus, in EL-8
we need to manage the 'fetch-crl.timer' service instead of the old
'fetch-crl-cron' and 'fetch-crl-boot' services.
Signed-off-by: Thomas Bellman <bellman@nsc.liu.se>
---
manifests/fetchcrl.pp | 34 ++++++++++++++++++++++++++--------
1 file changed, 26 insertions(+), 8 deletions(-)
diff --git a/manifests/fetchcrl.pp b/manifests/fetchcrl.pp
index 1c9b60f..f0f9947 100644
--- a/manifests/fetchcrl.pp
+++ b/manifests/fetchcrl.pp
@@ -20,7 +20,7 @@ class x509certs::fetchcrl
notify => Exec['x509certs::fetchcrl::initial'];
}
}
- /^(CentOS|RedHat|Scientific):(7)(\.[^:]+)?$/: {
+ /^(CentOS|RedHat|Scientific):([7-8])(\.[^:]+)?$/: {
package {
'perl-LWP-Protocol-https':
ensure => installed, before => Package['fetch-crl'],
@@ -40,14 +40,32 @@ class x509certs::fetchcrl
# Obsolete; now just an empty package depending on fetch-crl.
ensure => absent;
}
- service {
- 'fetch-crl-cron':
- enable => true, ensure => running,
- require => Package['fetch-crl'];
- 'fetch-crl-boot':
- enable => false,
- require => Package['fetch-crl'];
+
+ # Activate services as required per operatingsystem
+ case "${::operatingsystem}:${::operatingsystemrelease}"
+ {
+ /^(CentOS|RedHat|Scientific):([6-7])(\.[^:]+)?$/: {
+ service {
+ 'fetch-crl-cron':
+ enable => true, ensure => running,
+ require => Package['fetch-crl'];
+ 'fetch-crl-boot':
+ enable => false,
+ require => Package['fetch-crl'];
+ }
+ }
+ /^(CentOS|RedHat|Scientific):(8)(\.[^:]+)?$/: {
+ service {
+ 'fetch-crl.timer':
+ enable => true, ensure => running,
+ require => Package['fetch-crl'];
+ }
+ }
+ default: {
+ fail("X509certs::Fetchcrl: Unsupported operating system")
+ }
}
+
exec {
'x509certs::fetchcrl::initial':
command => '/usr/sbin/fetch-crl -p 16',
--
GitLab