Restart slapd on TLS cert renew
[mirror/dsa-puppet.git] / modules / roles / manifests / dbmaster.pp
index c45a138..5b83b66 100644 (file)
@@ -13,8 +13,18 @@ class roles::dbmaster {
        $rabbit_password = $roles::pubsub::parameters::rabbit_password
 
        ssl::service { 'db.debian.org':
-               notify  => Exec['service apache2 reload'],
-               tlsaport => [],
+               notify  => [ Exec['service apache2 reload'],
+                            Service['slapd'] ],
+               key => true,
+               tlsaport => [443, 389, 636],
+       }
+
+       file { "/etc/ldap/db.debian.org.key":
+              ensure => present,
+              mode   => '0440',
+              group  => 'openldap',
+              source => 'puppet:///modules/ssl/from-letsencrypt/db.debian.org.key',
+              links  => follow,
        }
 
        roles::pubsub::config { 'generate':