ldap_alias_maint.pp

# Support the synchronization process for updating the email aliases
# maintained in the Email Virtual Domain MySQL database with the Directory.
#
# This only runs on master.
#
# A cron job is set up that calls /usr/bin/ldap-alias-maint-remctl which
# is a a thin wrapper around /usr/bin/ldap-alias-maint
#
# See also https://ikiwiki.stanford.edu/service/ldap/sync-scripts/#index6h2

class su_ldap::sync_scripts::ldap_alias_maint (
  $ensure            = undef,
  $env               = undef,
  $ldap_master_fqdn  = undef,
){

  # Do we want the service to be running or stopped?
  if ($ensure == 'present') {
    $service_status = 'running'
  } elsif ($ensure == 'absent') {
    $service_status = 'stopped'
  } else {
    fail("ensure must be one 'present' or 'absent'")
  }

  # Configuration directory
  file { '/etc/ldap-aliases':
    ensure => directory,
    mode   => '0755',
  }

  # The properties file used by /usr/bin/ldap-alias-maint.
  file { '/etc/ldap-aliases/maint.conf':
    content => template('su_ldap/etc/ldap-aliases/ldap-alias-maint.conf.erb'),
    mode    => '0644',
    require => File['/etc/ldap-aliases'],
  }

  # Configure remctl for ldap-aliases.
  file { '/etc/remctl/conf.d/ldap-alias-maint':
    source => 'puppet:///modules/su_ldap/etc/remctl/conf.d/ldap-alias-maint',
    mode   => '0644',
  }

  # The MySQL connection informationi and ldap service keytab.
  case $env {
    'prod': {
       base::wallet { 'idg-ldap-db-ldapaliases':
         path => '/etc/ldap-aliases/mysql.conf',
         type => 'file'
       }

       base::wallet { 'service/ldap':
         path => '/etc/ldap-aliases/ldap-service.keytab',
         type => 'keytab',
       }
    }
    default: {
      base::wallet { 'idg-ldap-db-ldapaliases-test':
        path => '/etc/ldap-aliases/mysql.conf',
        type => 'file',
      }

      base::wallet { "service/ldap":
        path => '/etc/ldap-aliases/ldap-service.keytab',
        type => 'keytab',
      }
    }
  }

  # The mysql-alias-maint script needs the update.conf file. ???
  file { '/etc/ldap-aliases/update.conf':
    source  => 'puppet:///modules/su_ldap/etc/ldap-aliases/update.conf',
    mode    => '0644',
    require => File['/etc/ldap-aliases'],
  }

  # Set up the cron job. The cron job calls a script provided by the
  # libstanford-ldap-sync-scripts-perl package.
  file { '/etc/cron.d/ldap-alias-maint':
    ensure  => $ensure,
    source  => 'puppet:///modules/su_ldap/etc/cron.d/ldap-alias-maint',
    mode    => '0644',
    require => Package['libstanford-ldap-sync-scripts-perl'],
  }

}