modules/roles/manifests/dbmaster.pp

   1 # = Class: roles::dbmaster
   2 #
   3 # Setup for db.debian.org master host
   4 #
   5 # == Sample Usage:
   6 #
   7 #   include roles::dbmaster
   8 #
   9 class roles::dbmaster {
  10
  11   include roles::pubsub::parameters
  12
  13   $rabbit_password = $roles::pubsub::parameters::rabbit_password
  14
  15   ssl::service { 'db.debian.org':
  16     notify  => [ Exec['service apache2 reload'],
  17                  Service['slapd'] ],
  18     key => true,
  19     tlsaport => [443, 389, 636],
  20   }
  21
  22   file { "/etc/ldap/db.debian.org.key":
  23     ensure => present,
  24     mode   => '0440',
  25     group  => 'openldap',
  26     content => inline_template('<%= File.read(scope().call_function("hiera", ["paths.letsencrypt_dir"]) + "/db.debian.org.key") %>'),
  27     links  => follow,
  28   }
  29
  30   roles::pubsub::config { 'generate':
  31     key      => 'dsa-udgenerate',
  32     exchange => dsa,
  33     topic    => 'dsa.ud.replicate',
  34     vhost    => dsa,
  35     username => $::fqdn,
  36     password => $rabbit_password
  37   }
  38
  39   service { 'slapd':
  40     ensure => running,
  41   }
  42
  43   ssh::keygen {'dsa': }
  44   ssh::authorized_key_add { 'dbmaster::puppetmaster::nagios-build':
  45     target_user => 'puppet',
  46     command     => '/srv/puppet.debian.org/sync/bin/puppet-ssh-wrap draghi.debian.org nagiosconfig',
  47     key         => $facts['dsa_key'],
  48     collect_tag => 'puppetmaster',
  49   }
  50 }