From fc9b5830681afdc3d1e8e949d5c03f8045fcbd02 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Felix=20D=C3=B6rre?= <felix@dogcraft.de>
Date: Sat, 3 Jun 2017 09:33:58 -0400
Subject: [PATCH] add: ocsp server configuration

Change-Id: I85f96f989ecb11a584a8ca3a808764e761a0051d
---
 environments/production/manifests/gigi.pp     | 20 ++++++++++++++++---
 .../gigi/templates/cassiopeia-client-conf.epp |  2 ++
 2 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/environments/production/manifests/gigi.pp b/environments/production/manifests/gigi.pp
index 80bb50a..44ac47d 100644
--- a/environments/production/manifests/gigi.pp
+++ b/environments/production/manifests/gigi.pp
@@ -35,7 +35,18 @@ node gigi {
   $gigi_pg_ip = $ips[postgres];
   $gigi_pg_password = $passwords[postgres][gigi];
   file { '/var/lib/wpia-gigi':
-    ensure => 'directory'
+    ensure => 'directory',
+    require => Package[$gigi_pkg]
+  }
+  file {'/var/lib/wpia-gigi/ocsp':
+    ensure => 'link',
+    target => '/var/lib/cassiopeia/ca',
+    before => Exec['/gigi-ready'],
+  }
+  file {'/var/lib/wpia-gigi/ocsp.pkcs12':
+    ensure => 'file',
+    owner => 'gigi',
+    before => Exec['/gigi-ready'],
   }
   file { '/var/lib/wpia-gigi/config':
     ensure => 'directory'
@@ -91,12 +102,14 @@ node gigi {
   file {'/var/lib/wpia-gigi/keys/crt':
     ensure => 'directory',
     owner => 'gigi',
-    require => Package[$gigi_pkg]
+    require => Package[$gigi_pkg],
+    before => Exec['/gigi-ready'],
   }
   file {'/var/lib/wpia-gigi/keys/csr':
     ensure => 'directory',
     owner => 'gigi',
-    require => Package[$gigi_pkg]
+    require => Package[$gigi_pkg],
+    before => Exec['/gigi-ready'],
   }
   exec {'/gigi-ready':
     creates => '/gigi-ready',
@@ -163,6 +176,7 @@ if $signerLocation == 'self' {
   }
   file {'/var/lib/cassiopeia/ca':
     ensure => 'directory',
+    owner => 'gigi',
     source => 'puppet:///modules/cassiopeia_client/ca',
     recurse => true,
   }
diff --git a/modules/gigi/templates/cassiopeia-client-conf.epp b/modules/gigi/templates/cassiopeia-client-conf.epp
index 6b7a8a5..e7ff160 100644
--- a/modules/gigi/templates/cassiopeia-client-conf.epp
+++ b/modules/gigi/templates/cassiopeia-client-conf.epp
@@ -11,3 +11,5 @@ key.directory=/var/lib/wpia-gigi/keys
 
 crlPrefix=http://g2.crl.<%=$systemDomain%>
 crtPrefix=http://g2.crt.<%=$systemDomain%>
+
+ocsp.path=http://g2.ocsp.<%=$systemDomain%>
-- 
2.39.2