[MediaWiki-commits] [Gerrit] Introduce role::openldap::corp - change (operations/puppet)

Mon, 29 Sep 2014 10:41:51 -0700 

Alexandros Kosiaris has submitted this change and it was merged.

Change subject: Introduce role::openldap::corp
......................................................................


Introduce role::openldap::corp

And assign it to plutonium as Corp OIT LDAP mirror

Change-Id: Id1d116bc080d4b2598c1fb45f9d58ceb24ac64e3
---
A manifests/role/openldap.pp
M manifests/site.pp
2 files changed, 45 insertions(+), 0 deletions(-)

Approvals:
  Alexandros Kosiaris: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/manifests/role/openldap.pp b/manifests/role/openldap.pp
new file mode 100644
index 0000000..21c882b
--- /dev/null
+++ b/manifests/role/openldap.pp
@@ -0,0 +1,38 @@
+# vim: set ts=4 et sw=4:
+
+@monitor_group { 'openldap_corp_mirror': description => 'Corp OIT LDAP Mirror' 
}
+
+class role::openldap::corp {
+    include passwords::openldap::corp
+
+    system::role { 'role::openldap::corp':
+        description => 'Corp OIT openldap Mirror server'
+    }
+
+    $master = 'ldap1.corp.wikimedia.org'
+    $sync_pass = $passwords::openldap::oit::sync_pass
+
+    # TODO: Actuall acquire a certificate for this
+    install-certificate { 'star.wikimedia.org': }
+
+    class { '::openldap':
+        server_id   => 3, # 1 and 2 used in OIT
+        suffix      => 'dc=corp,dc=wikimedia,dc=org',
+        datadir     => '/var/lib/ldap/corp',
+        master      => $master,
+        sync_pass   => $sync_pass,
+        ca          => '/etc/ssl/certs/ca-certificates.crt',
+        certificate => "/etc/ssl/certs/star.wikimedia.org.crt",
+        key         => "/etc/ssl/private/star.wikimedia.org.key",
+    }
+
+    ferm::service { 'corp_ldap':
+      proto => 'tcp',
+      port  => '389' # Yes, explicitly not supporting LDAPS (port 636)
+    }
+
+    monitor_service { 'corp_ldap_mirror':
+      description   => 'Corp OIT LDAP Mirror ',
+      check_command => 'check_ldap!dc=corp,dc=wikimedia,dc=org',
+    }
+}
diff --git a/manifests/site.pp b/manifests/site.pp
index dfb4090..0358d8c 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -2474,6 +2474,13 @@
     include role::logging::systemusers
 }
 
+node 'plutonium.wikimedia.org' {
+    $cluster = 'openldap_corp_mirror'
+
+    include standard
+    include role::openldap::corp
+}
+
 node 'polonium.wikimedia.org' {
     class { 'admin': groups => ['oit'] }
     include standard-noexim

-- 
To view, visit https://gerrit.wikimedia.org/r/163184
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Id1d116bc080d4b2598c1fb45f9d58ceb24ac64e3
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Alexandros Kosiaris <[email protected]>
Gerrit-Reviewer: Alexandros Kosiaris <[email protected]>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to