sso -> hiera role; explicitly include apache2

diff --git a/hieradata/common.yaml b/hieradata/common.yaml
index 1e02cf0..cd148b2 100644 (file)
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@@ -103,8 +103,6 @@ roles:
       fastly-backend: true
   security_tracker:
     - soriano.debian.org
-  sso:
-    - diabelli.debian.org
   # single sign on relying party (host) - also required apache2 module enabled on that host via other means
   sso_rp:
     - debussy.debian.org

diff --git a/hieradata/nodes/diabelli.debian.org.yaml b/hieradata/nodes/diabelli.debian.org.yaml
new file mode 100644 (file)
index 0000000..6b89fb9
--- /dev/null
+++ b/hieradata/nodes/diabelli.debian.org.yaml
@@ -0,0 +1,6 @@
+---
+classes:
+  - roles::sso
+
+# the sso service sometimes needs a lot of memory.  raise the limit to 512 MB
+apache2::rlimitmem: 536870912

diff --git a/modules/apache2/manifests/init.pp b/modules/apache2/manifests/init.pp
index f7a69a1..d998e88 100644 (file)
--- a/modules/apache2/manifests/init.pp
+++ b/modules/apache2/manifests/init.pp
@@ -56,8 +56,6 @@ class apache2(
 
   if has_role('udd') {
     $memlimit = 512 * 1024 * 1024
-  } elsif has_role('sso') {
-    $memlimit = 512 * 1024 * 1024
   } elsif has_role('popcon') {
     $memlimit = 512 * 1024 * 1024
   } elsif has_role('qamaster') {

diff --git a/modules/roles/manifests/sso.pp b/modules/roles/manifests/sso.pp
index de296bd..6cda237 100644 (file)
--- a/modules/roles/manifests/sso.pp
+++ b/modules/roles/manifests/sso.pp
@@ -1,38 +1,38 @@
 class roles::sso {
-       ssl::service { 'sso.debian.org':
-               notify  => Exec['service apache2 reload'],
-               key => true,
-       }
+  include apache2
 
-       ensure_packages ( [
-               "slapd",
-               ], {
-               ensure => 'installed',
-       })
-       service { 'slapd':
-               ensure  => running,
-       }
-       file { '/etc/ldap/slapd.d':
-               ensure => absent,
-               force  => true,
-               notify  => Service['slapd'],
-       }
-       file { '/etc/ldap/slapd.conf':
-               source => 'puppet:///modules/roles/sso/slapd.conf',
-               notify  => Service['slapd'],
-       }
-       file { '/etc/ldap/slapd-ftmg.conf':
-               source => 'puppet:///modules/roles/sso/slapd-ftmg.conf',
-               notify  => Service['slapd'],
-       }
-       file { '/etc/default/slapd':
-               source => 'puppet:///modules/roles/sso/default-slapd',
-               notify  => Service['slapd'],
-       }
+  ssl::service { 'sso.debian.org':
+    notify => Exec['service apache2 reload'],
+    key    => true,
+  }
+  ssl::service { 'ftmg.sso.debian.org':
+    notify => Exec['service apache2 reload'],
+    key    => true,
+  }
 
-
-       ssl::service { 'ftmg.sso.debian.org':
-               notify  => Exec['service apache2 reload'],
-               key => true,
-       }
+  ensure_packages ( [
+    'slapd',
+    ], {
+    ensure => 'installed',
+  })
+  service { 'slapd':
+    ensure  => running,
+  }
+  file { '/etc/ldap/slapd.d':
+    ensure => absent,
+    force  => true,
+    notify => Service['slapd'],
+  }
+  file { '/etc/ldap/slapd.conf':
+    source => 'puppet:///modules/roles/sso/slapd.conf',
+    notify => Service['slapd'],
+  }
+  file { '/etc/ldap/slapd-ftmg.conf':
+    source => 'puppet:///modules/roles/sso/slapd-ftmg.conf',
+    notify => Service['slapd'],
+  }
+  file { '/etc/default/slapd':
+    source => 'puppet:///modules/roles/sso/default-slapd',
+    notify => Service['slapd'],
+  }
 }