projects / mirror / dsa-puppet.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Stop hardcoding /srv/puppet.debian.org/from-letsencrypt/ all over the place
[mirror/dsa-puppet.git] / modules / roles / manifests / dbmaster.pp
diff --git a/modules/roles/manifests/dbmaster.pp b/modules/roles/manifests/dbmaster.pp
index 5a96209..5dbc7b6 100644 (file)
--- a/modules/roles/manifests/dbmaster.pp
+++ b/modules/roles/manifests/dbmaster.pp
@@ -8,12 +8,23 @@
 #
 class roles::dbmaster {
 
-       include roles::pubsub::params
+       include roles::pubsub::parameters
 
-       $rabbit_password = $roles::pubsub::params::rabbit_password
+       $rabbit_password = $roles::pubsub::parameters::rabbit_password
 
        ssl::service { 'db.debian.org':
-               notify => Service['apache2'],
+               notify  => [ Exec['service apache2 reload'],
+                            Service['slapd'] ],
+               key => true,
+               tlsaport => [443, 389, 636],
+       }
+
+       file { "/etc/ldap/db.debian.org.key":
+              ensure => present,
+              mode   => '0440',
+              group  => 'openldap',
+              content => inline_template('<%= File.read(scope().call_function("hiera", ["paths.letsencrypt_dir"]) + "/db.debian.org.key") %>'),
+              links  => follow,
        }
 
        roles::pubsub::config { 'generate':
@@ -24,4 +35,8 @@ class roles::dbmaster {
                username => $::fqdn,
                password => $rabbit_password
        }
+
+       service { 'slapd':
+               ensure => running,
+       }
 }
Unnamed repository; edit this file 'description' to name the repository.