Skip to content
Snippets Groups Projects
Normal view Permalink
ldap_wg_maint.pp 2.36 KiB
Newer Older
Linda J Laubenheimer's avatar
initial commit of parts of the sync scripts from puppet 3
Linda J Laubenheimer committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 
# The ldap-wg-maint service.
#
# The ldap-wg-maint service looks at the suSeasLocal attribute and, based
# on its value, updates one of the itservices e-mail workgroups in
# Workgroup Manager.
#
# See also https://ikiwiki.stanford.edu/service/ldap/sync-scripts/
#
# NOTE: Normally installed only on prod and UAT.

class s_ldap::base::syncs::ldap_wg_maint (
  $ensure       = undef,
){

  # Do we want the service to be running or stopped?
  if ($ensure == 'present') {
    $service_status = 'running'
  } elsif ($ensure == 'absent') {
    $service_status = 'stopped'
  } else {
    fail("ensure must be one 'present' or 'absent'")
  }

  include s_ldap::base::ldap_admin

  # (Note: $wg_host is used in a template file.)
  if ($s_ldap::base::prod) {
    $wg_wallet = 'ssl-key/ldap.stanford.edu/wg-api'
    $wg_cert   = 'wg-api.ldap.stanford.edu'
    $wg_host   = 'workgroupsvc.stanford.edu'
  } else {
    $wg_wallet = 'ssl-key/ldap-uat.stanford.edu/wg-api'
    $wg_cert   = 'wg-api.ldap-uat.stanford.edu'
    $wg_host   = 'workgroupsvc-uat.stanford.edu'
  }

  ## Workgroup API credentials
  # Credential for connection to the workgroup api web service
  base::wallet { $wg_wallet:
    path => "/etc/ssl/private/${wg_cert}.key",
    type => 'file',
  }
  file { "/etc/ssl/certs/${wg_cert}.pem":
    ensure => present,
    source => "puppet:///modules/s_ldap/etc/ssl/certs/${wg_cert}.pem",
  }

  ## Configuration file
  file { '/etc/ldapadmin/ldap-wg-maint.conf':
    ensure  => present,
    content => template('s_ldap/etc/ldapadmin/ldap-wg-maint.conf.erb'),
  }

  ## Service (listener)
  include s_ldap::base::systemd

  # We want to reload the systemd daemon on any change to the unit
  # file. We use the base::systemd shared library's systemd-daemon-reload
  # to do this.
  file { '/lib/systemd/system/ldap-wg-maint.service':
    ensure => present,
    source => 'puppet:///modules/s_ldap/lib/systemd/system/ldap-wg-maint.service',
    mode   => '0644',
    notify => Exec['systemd-daemon-reload']
  }

  service { 'ldap-wg-maint':
    ensure  => $service_status,
    require => [
      File['/lib/systemd/system/ldap-wg-maint.service'],
      File['/etc/ldapadmin/ldap-wg-maint.conf'],
    ],
  }

  ## Cron job
  file { '/etc/cron.d/ldap-wg-maint':
    ensure => $ensure,
    source => 'puppet:///modules/s_ldap/etc/cron.d/ldap-wg-maint',
    require => File['/etc/ldapadmin/ldap-wg-maint.conf'],
  }

}