Restart slapd on TLS cert renew

[mirror/dsa-puppet.git] / modules / roles / manifests / dbmaster.pp

diff --git a/modules/roles/manifests/dbmaster.pp b/modules/roles/manifests/dbmaster.pp
index 5375884..5b83b66 100644 (file)
--- a/modules/roles/manifests/dbmaster.pp
+++ b/modules/roles/manifests/dbmaster.pp
@@ -1,5 +1,38 @@
+# = Class: roles::dbmaster
+#
+# Setup for db.debian.org master host
+#
+# == Sample Usage:
+#
+#   include roles::dbmaster
+#
 class roles::dbmaster {
+
+       include roles::pubsub::parameters
+
+       $rabbit_password = $roles::pubsub::parameters::rabbit_password
+
        ssl::service { 'db.debian.org':
-               notify => Service['apache2'],
+               notify  => [ Exec['service apache2 reload'],
+                            Service['slapd'] ],
+               key => true,
+               tlsaport => [443, 389, 636],
+       }
+
+       file { "/etc/ldap/db.debian.org.key":
+              ensure => present,
+              mode   => '0440',
+              group  => 'openldap',
+              source => 'puppet:///modules/ssl/from-letsencrypt/db.debian.org.key',
+              links  => follow,
+       }
+
+       roles::pubsub::config { 'generate':
+               key      => 'dsa-udgenerate',
+               exchange => dsa,
+               topic    => 'dsa.ud.replicate',
+               vhost    => dsa,
+               username => $::fqdn,
+               password => $rabbit_password
        }
 }