[liukke, asedge] - Fixed openssl.cnf becomes a directory instead of syml...

[Liukke]

...ink. Change crl.pem to apply mode and group after being created.

The most recent version of this module is causing a failure of the exec that generates the crl.pem file on our CentOS 6.5 machines. We traced this back to the openssl.cnf symlink in the easy-rsa directory incorrectly being turned into an empty directory. It appears this is occuring because of the change to the File resource that adds the 'group' and 'recurse' attribute to all file resources.

I did a quick test of the result of setting 'recurse' to true on a file resource that has 'ensure' set to 'link'. It looks like this will result in an empty directory simply because 'recurse' is being set to true and ignores the fact that it should be a link. In order to deal with this, we moved the 'recurse' attribute to only the file resources that are actually intended to be directories.

After fixing the above issue, we ran into another snag on our system where the permissions for the crl.pem file were still incorrect after it was generated. When the client machine tried to connect using openvpn, the server would try to read this crl.pem, get a permission denied error, and fail. The permissions should fix themselves if puppet runs a second time for this module. However, we added a small change to allow the permissions to be consistent with the directories in a single run of puppet.

Let us know if you have any questions. Thanks!

[luxflux]

Thanks for fixing this bug!