Try shipping SSO CRL
authorPeter Palfrader <peter@palfrader.org>
Tue, 25 Aug 2015 17:41:25 +0000 (19:41 +0200)
committerPeter Palfrader <peter@palfrader.org>
Tue, 25 Aug 2015 17:41:25 +0000 (19:41 +0200)
hieradata/common.yaml
modules/roles/manifests/sso_rp.pp [new file with mode: 0644]
modules/roles/templates/sso_rp/ca.crl.erb [new file with mode: 0644]

index 9a8b1f9..c07709e 100644 (file)
@@ -106,6 +106,9 @@ roles:
     - coccia.debian.org
   sso:
     - diabelli.debian.org
+  # single sign on relying party (host)
+  sso_rp:
+    - nono.debian.org
   static_master:
     - bizet.debian.org
     - dillon.debian.org
diff --git a/modules/roles/manifests/sso_rp.pp b/modules/roles/manifests/sso_rp.pp
new file mode 100644 (file)
index 0000000..e4eb9ac
--- /dev/null
@@ -0,0 +1,14 @@
+class roles::sso_rp {
+       file { '/var/lib/dsa':
+               ensure => directory,
+               mode   => '02755'
+       }
+       file { '/var/lib/dsa/sso':
+               ensure => directory,
+               mode   => '02755'
+       }
+       file { '/var/lib/dsa/sso/ca.crl':
+               content => template('roles/sso_rp/ca.crl.erb'),
+       }
+
+}
diff --git a/modules/roles/templates/sso_rp/ca.crl.erb b/modules/roles/templates/sso_rp/ca.crl.erb
new file mode 100644 (file)
index 0000000..b102218
--- /dev/null
@@ -0,0 +1,28 @@
+<%=
+def getcrl(host)
+  crl = nil
+  begin
+    facts = YAML.load(File.open("/var/lib/puppet/yaml/facts/#{host}.yaml").read)
+    return facts.values['debsso_skac_crl']
+  rescue Exception => e
+  end
+  return crl
+end
+
+allnodeinfo = scope.lookupvar('site::allnodeinfo')
+crl = []
+
+allnodeinfo.keys.sort.each do |node|
+  next unless scope.lookupvar('site::allnodeinfo')[node]['purpose']
+  next unless scope.lookupvar('site::allnodeinfo')[node]['purpose'].include?('sso')
+  c = getcrl(node)
+  next if c.nil?
+  crl << c
+end
+
+crl.join("\n")
+
+# vim:set et:
+# vim:set sts=4 ts=4:
+# vim:set shiftwidth=4:
+%>