Newer
Older
# The common part of the sync_scripts.
class su_ldap::sync_scripts::common (
Enum['present', 'absent'] $ensure = 'present',
String $env = undef,
String $basedir = '/etc/ldapadmin',
# We need this for systemd-daemon-reload
include base::systemd
# We need some definitions for the kerberos ticket service.
# This is the sync keytab ticket, for service/ldap-$env
$k5start_service_name = "k5start-ldap-sync-$env"
$keytab_path = "${basedir}/ldap-sync-$env.keytab"
$ticket_file_path = "/var/run/ldap-sync-$env.tkt"
# for debugging
#notify { "k5start_service_name = k5start-ldap-sync-$env ; keytab_path = ${basedir}/ldap-sync-$env.keytab ; ticket_file_path = /var/run/ldap-sync-$env.tkt": }
if ($ensure == 'present') {
# The directory where we put sync script configurations.
file { $basedir:
ensure => directory,
}
# install the sync scripts package first
package{ 'libstanford-ldap-sync-scripts-perl': ensure => installed }
# some of the syncs need this
ensure_packages(['libcrypt-ssleay-perl'], { ensure => 'present' })
# Set up a krb5 ticket keep-alive service for the above principal.
systemd_k5start { $k5start_service_name:
ensure => present,
keytab => $keytab_path,
ticket_file => $ticket_file_path,
}
service { $k5start_service_name:
ensure => 'running',
enable => true,
require => Systemd_K5start[$k5start_service_name],
}
# Add the service/ldap-$env keytab. This is single env only, with
# accountsTreeWrite,peopleTreeWrite,groupsTreeWrite.
ensure => present,
}
# A small shell script used by the sync scripts. This shell script
# detects when the slapd service is running.
file { '/usr/bin/checkforslapd':
ensure => present,
source => 'puppet:///modules/su_ldap/usr/bin/checkforslapd',
mode => '0755',
}
} else {
## ABSENT
package{ 'libstanford-ldap-sync-scripts-perl': ensure => absent }
# Set up a krb5 ticket keep-alive service for the above principal.
systemd_k5start { $k5start_service_name:
ensure => absent,
}
service { $k5start_service_name:
ensure => 'stopped',
enable => false,
require => Systemd_K5start[$k5start_service_name],
}
wallet { "service/ldap-$env":
ensure => absent,
path => $keytab_path,
}
file { '/usr/bin/checkforslapd':
ensure => absent,
}
}
}