diff options
author | Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | 2019-07-03 21:12:04 +0200 |
---|---|---|
committer | Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | 2019-07-03 21:12:04 +0200 |
commit | abcf21c90fba937a442011e93fa8393ebfd5cff0 (patch) | |
tree | 2c87cd6a8e9ae528e353278491baea86372a8d88 | |
parent | c809ebd9ca8b47158d9842a9c7d6c2c1845bee91 (diff) | |
download | puppet.KATH-abcf21c90fba937a442011e93fa8393ebfd5cff0.tar.gz puppet.KATH-abcf21c90fba937a442011e93fa8393ebfd5cff0.tar.bz2 puppet.KATH-abcf21c90fba937a442011e93fa8393ebfd5cff0.zip |
Test and Fix LDAP server cert renewal.
-rw-r--r-- | code/environments/production/manifests/site.pp | 32 |
1 files changed, 23 insertions, 9 deletions
diff --git a/code/environments/production/manifests/site.pp b/code/environments/production/manifests/site.pp index ec67601..53036d5 100644 --- a/code/environments/production/manifests/site.pp +++ b/code/environments/production/manifests/site.pp @@ -129,16 +129,30 @@ class cachefilesd { } class ldapservercert_renewal { - exec { 'ensure_remove_ldapservercert_prebuster_removed': - command => "/usr/bin/find /etc/ldap/ssl/ldap-server-pubkey.pem -type f -not -newermt \"2019:07:02 17:00:00\" -delete" - onlyif => "test -e /etc/ldap/ssl/ldap-server-pubkey.pem" - } - exec { 'ensure_ldapservercert_renewed': - command => "/bin/systemctl restart fetch-ldap-cert" - unless => "test `-e /etc/ldap/ssl/ldap-server-pubkey.pem -o -e /etc/ssl/certs/debian-edu-server.crt" + exec { 'ldapservercert_age_test': + command => "/usr/bin/test /etc/ldap/ssl/ldap-server-pubkey.pem -ot /etc/debian-edu/itzks.buster-rollout-date", + onlyif => ["/usr/bin/test ! -e /etc/debian-edu/itzks.buster-rollout-date", "/usr/bin/touch -t 201907021800.00 /etc/debian-edu/itzks.buster-rollout-date"], } } +exec { 'ensure_ldapservercert_prebuster_removed': + command => "/usr/bin/find /etc/ldap/ssl/ldap-server-pubkey.pem -type f -not -newermt \"2019-07-02 18:00:00\" -delete", + subscribe => Exec['ldapservercert_age_test'], + refreshonly => true, +} + +exec { 'ensure_ldapservercert_renewed': + command => "/bin/systemctl restart fetch-ldap-cert", + subscribe => Exec['ensure_ldapservercert_prebuster_removed'], + refreshonly => true, +} + +exec { 'ldapservercert_renewal_restart_nslcd': + command => "/bin/systemctl restart nslcd", + subscribe => Exec['ensure_ldapservercert_renewed'], + refreshonly => true, +} + class itzks_systems_common { package { 'itzks-systems-common': ensure => 'latest', @@ -345,7 +359,7 @@ node "devserver.intern" { debdelta => 1, }, } - class { 'ldapservercert_renewal: '} + class { 'ldapservercert_renewal': } } node "bibserv.intern" { class { 'ssh_pubkeys_admins': } @@ -366,7 +380,7 @@ node "bibserv.intern" { }, } class { 'browsers': } - class { 'ldapservercert_renewal: '} + class { 'ldapservercert_renewal': } } # Notebooks in den Medienwagen |