Newer
Older
# The ldap-wg-maint service.
#
# The ldap-wg-maint service looks at the suSeasLocal attribute and, based
# on its value, updates one of the itservices e-mail workgroups in
# Workgroup Manager.
#
# See also https://ikiwiki.stanford.edu/service/ldap/sync-scripts/
#
# NOTE: Normally installed only on prod and UAT.
class su_ldap::sync_scripts::ldap_wg_maint (
){
# Do we want the service to be running or stopped?
if ($ensure == 'present') {
$service_status = 'running'
} elsif ($ensure == 'absent') {
$service_status = 'stopped'
} else {
fail("ensure must be one 'present' or 'absent'")
}
# (Note: $wg_host is used in a template file.)
$wg_wallet = 'ssl-key/ldap.stanford.edu/wg-api'
$wg_cert = 'wg-api.ldap.stanford.edu'
$wg_host = 'workgroupsvc.stanford.edu'
} else {
$wg_wallet = 'ssl-key/ldap-uat.stanford.edu/wg-api'
$wg_cert = 'wg-api.ldap-uat.stanford.edu'
$wg_host = 'workgroupsvc-uat.stanford.edu'
}
## Workgroup API credentials
# Credential for connection to the workgroup api web service
ensure => $ensure,
path => "/etc/ssl/private/${wg_cert}.key",
type => 'file',
}
file { "/etc/ssl/certs/${wg_cert}.pem":
source => "puppet:///modules/su_ldap/etc/ssl/certs/${wg_cert}.pem",
}
## Configuration file
content => template('su_ldap/etc/ldapadmin/ldap-wg-maint.conf.erb'),
}
# We want to reload the systemd daemon on any change to the unit
# file. We use the base::systemd shared library's systemd-daemon-reload
# to do this.
file { '/lib/systemd/system/ldap-wg-maint.service':
Linda J Laubenheimer
committed
content => template('su_ldap/lib/systemd/system/ldap-wg-maint.service'),
}
service { 'ldap-wg-maint':
ensure => $service_status,
require => [
File['/lib/systemd/system/ldap-wg-maint.service'],
],
}
## Cron job
file { '/etc/cron.d/ldap-wg-maint':
ensure => $ensure,
source => 'puppet:///modules/su_ldap/etc/cron.d/ldap-wg-maint',