s_ldap: add master-restart cron job

1a90cf17 · Srinivas Rao Puttagunta · ee770ce0 · 1a90cf17 · 1a90cf17 · 1a90cf17
Commit 1a90cf17 authored 5 years ago by Srinivas Rao Puttagunta
--- a/manifests/backups.pp
+++ b/manifests/backups.pp
@@ -10,6 +10,16 @@ class su_ldap::backups(
  # first, put awscli on the host - you don't have to use python if you have puppet
  package { 'awscli': ensure => present }

+  # Add the service/ldap keytab to the above primary keytab. This is only
+  # needed by the master.
+  if ( $env == 'prod') {
+    $service_name = "service/ldap"
+    $master_name = "ldap/ldap-master.stanford.edu"
+  } else {
+    $service_name = "service/ldap-${env}"
+    $master_name = "ldap/ldap-${env}master.stanford.edu"
+  }
+
  ## Directory where we put GCP credentials
  file {'/etc/ldapadmin':
    ensure => directory;
@@ -68,4 +78,14 @@ class su_ldap::backups(
     }
  }

+  # cron jobs we care about
+  file {
+    '/etc/cron.d/master-audit':
+      mode    => '0644',
+      source  => template('su_ldap/etc/cron.d/master-audit.erb');
+    '/etc/cron.d/master-restart':
+      mode    => '0644',
+      content => template('s_ldap/etc/cron.d/master-restart.erb');
+  }
+
 }
--- a/templates/etc/cron.d/master-audit.erb
+++ b/templates/etc/cron.d/master-audit.erb
+# Audit the master logs
+0 2 * * *     root    /usr/bin/remail -t /usr/bin/master-audit "data-admin-reports@lists.stanford.edu,directory-reports@lists.stanford.edu" "[audit.ldap.master]"
--- a/templates/etc/cron.d/master-restart.erb
+++ b/templates/etc/cron.d/master-restart.erb
+# Restart the master server, and drop a backup in AFS
+9 4 * * *     root    /usr/bin/k5start -q -t -f /etc/krb5.keytab service/ldap /usr/sbin/newsyslog /etc/newsyslog/master
+41 4 * * *    root    /usr/bin/ldap-dump-to-s3 -b <%= @s3bucket %>
+<% if (@env == 'prod' ) then -%>
+12 5 * * *    root    /usr/bin/ldap-dump-to-gcs -k /etc/ldapadmin/gcs_prod_ldapuser_serviceaccount.json -b gs://prod-uit-authnz-ldap-backup -e <%= @env %>
+42 5 * * *    root    /usr/bin/ldap-dump-to-gcs -k /etc/ldapadmin/gcs_stage_ldapuser_serviceaccount.json -b gs://stage-uit-authnz-ldap-backup -e int
+<% else -%>
+12 5 * * *    root    /usr/bin/ldap-dump-to-gcs -k /etc/ldapadmin/gcs_stage_ldapuser_serviceaccount.json -b gs://stage-uit-authnz-ldap-backup -e <%= @env %>
+<% end -%>