From: Peter Palfrader Date: Tue, 25 Aug 2015 17:41:25 +0000 (+0200) Subject: Try shipping SSO CRL X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=44067b78758a5ca0e0f9a68b036c8202af3b700f;p=mirror%2Fdsa-puppet.git Try shipping SSO CRL --- diff --git a/hieradata/common.yaml b/hieradata/common.yaml index 9a8b1f9f6..c07709e5d 100644 --- a/hieradata/common.yaml +++ b/hieradata/common.yaml @@ -106,6 +106,9 @@ roles: - coccia.debian.org sso: - diabelli.debian.org + # single sign on relying party (host) + sso_rp: + - nono.debian.org static_master: - bizet.debian.org - dillon.debian.org diff --git a/modules/roles/manifests/sso_rp.pp b/modules/roles/manifests/sso_rp.pp new file mode 100644 index 000000000..e4eb9ac90 --- /dev/null +++ b/modules/roles/manifests/sso_rp.pp @@ -0,0 +1,14 @@ +class roles::sso_rp { + file { '/var/lib/dsa': + ensure => directory, + mode => '02755' + } + file { '/var/lib/dsa/sso': + ensure => directory, + mode => '02755' + } + file { '/var/lib/dsa/sso/ca.crl': + content => template('roles/sso_rp/ca.crl.erb'), + } + +} diff --git a/modules/roles/templates/sso_rp/ca.crl.erb b/modules/roles/templates/sso_rp/ca.crl.erb new file mode 100644 index 000000000..b10221819 --- /dev/null +++ b/modules/roles/templates/sso_rp/ca.crl.erb @@ -0,0 +1,28 @@ +<%= +def getcrl(host) + crl = nil + begin + facts = YAML.load(File.open("/var/lib/puppet/yaml/facts/#{host}.yaml").read) + return facts.values['debsso_skac_crl'] + rescue Exception => e + end + return crl +end + +allnodeinfo = scope.lookupvar('site::allnodeinfo') +crl = [] + +allnodeinfo.keys.sort.each do |node| + next unless scope.lookupvar('site::allnodeinfo')[node]['purpose'] + next unless scope.lookupvar('site::allnodeinfo')[node]['purpose'].include?('sso') + c = getcrl(node) + next if c.nil? + crl << c +end + +crl.join("\n") + +# vim:set et: +# vim:set sts=4 ts=4: +# vim:set shiftwidth=4: +%>