Skip to content
Snippets Groups Projects
Normal view Permalink
datasealer.pp 1.42 KiB
Newer Older
Adam Lewenberg's avatar
more
Adam Lewenberg committed
1 2 3 4 5 6 7 8 9 10 11 12 
# If the datasealer file is not present, run datasealer_update.pl so it
# gets created.

class shibb_idp3::datasealer {

  # The datasealer_update.pl script is in the stanford-shibbolethidp3-tool
  # package.
  package { 'stanford-shibbolethidp3-tools':
    ensure  => installed,
    require => Package['shibboleth-identity-provider'],
  }
Adam Lewenberg's avatar
more  
Adam Lewenberg committed
13 14 15 16 17 18 19 20 21 22 23 24 25 26 
  # We want to copy the datasealer file from the master to the slaves. To
  # do whit we use scp and the master host's keytab. Thus, we need to put
  # the master host's keytab in /root/.k5login. We do the simple thing and
  # stick in enough servers to cover expansion of the pool later.
  K5login['/root/.k5login'] {
    principals +> [
      "host/idp-${shibb_idp3::host_suffix}1.stanford.edu@stanford.edu",
      "host/idp-${shibb_idp3::host_suffix}2.stanford.edu@stanford.edu",
      "host/idp-${shibb_idp3::host_suffix}3.stanford.edu@stanford.edu",
      "host/idp-${shibb_idp3::host_suffix}4.stanford.edu@stanford.edu",
      "host/idp-${shibb_idp3::host_suffix}5.stanford.edu@stanford.edu",
    ],
  }
Adam Lewenberg's avatar
more
Adam Lewenberg committed
27 28 29 30 
  # Run this command only if the sealer file does NOT exist.
  exec { 'create_datasealer_file':
    command => 'datasealer_update',
    path    => ['/usr/bin', '/usr/sbin'],
Adam Lewenberg's avatar
more  
Adam Lewenberg committed
31 
    creates => '/opt/shibboleth-idp/credentials/sealer.jks',
Adam Lewenberg's avatar
more
Adam Lewenberg committed
32 33 34 35 36 37 38 
    require => [
                 Package['stanford-shibbolethidp3-tools'],
                 File['/etc/shibboleth-idp/conf/idp.properties'],
               ],
  }

}