site.pp: Test automatic LDAP pubcert renewal on bibserv (stretch) and devserver (jessie).

1 files changed, 13 insertions, 0 deletions

diff --git a/code/environments/production/manifests/site.pp b/code/environments/production/manifests/site.pp
index 6bba500..b805470 100644
--- a/code/environments/production/manifests/site.pp
+++ b/code/environments/production/manifests/site.pp
@@ -128,6 +128,17 @@ class cachefilesd {
 	}
 }
 
+class ldapservercert_renewal {
+	exec { 'ensure_remove_ldapservercert_prebuster_removed':
+		command => "/usr/bin/find /etc/ldap/ssl/ldap-server-pubkey.pem -type f -not -newermt "2019:07:02 17:00:00" -delete"
+		onlyif => "test -e /etc/ldap/ssl/ldap-server-pubkey.pem"
+	}
+	exec { 'ensure_ldapservercert_renewed':
+		command => "/bin/systemctl restart fetch-ldap-cert"
+		unless   => "test `-e /etc/ldap/ssl/ldap-server-pubkey.pem -o -e /etc/ssl/certs/debian-edu-server.crt"
+	}
+}
+
 class itzks_systems_common {
 	package { 'itzks-systems-common':
 		ensure => 'latest',
@@ -334,6 +345,7 @@ node "devserver.intern" {
 			debdelta => 1,
 		},
 	}
+	class { 'ldapservercert_renewal: '}
 }
 node "bibserv.intern" {
 	class { 'ssh_pubkeys_admins': }
@@ -354,6 +366,7 @@ node "bibserv.intern" {
 		},
 	}
 	class { 'browsers': }
+	class { 'ldapservercert_renewal: '}
 }
 
 # Notebooks in den Medienwagen