Alexandros Kosiaris has submitted this change and it was merged.
Change subject: Introduce role::openldap::corp
......................................................................
Introduce role::openldap::corp
And assign it to plutonium as Corp OIT LDAP mirror
Change-Id: Id1d116bc080d4b2598c1fb45f9d58ceb24ac64e3
---
A manifests/role/openldap.pp
M manifests/site.pp
2 files changed, 45 insertions(+), 0 deletions(-)
Approvals:
Alexandros Kosiaris: Looks good to me, approved
jenkins-bot: Verified
diff --git a/manifests/role/openldap.pp b/manifests/role/openldap.pp
new file mode 100644
index 0000000..21c882b
--- /dev/null
+++ b/manifests/role/openldap.pp
@@ -0,0 +1,38 @@
+# vim: set ts=4 et sw=4:
+
+@monitor_group { 'openldap_corp_mirror': description => 'Corp OIT LDAP Mirror'
}
+
+class role::openldap::corp {
+ include passwords::openldap::corp
+
+ system::role { 'role::openldap::corp':
+ description => 'Corp OIT openldap Mirror server'
+ }
+
+ $master = 'ldap1.corp.wikimedia.org'
+ $sync_pass = $passwords::openldap::oit::sync_pass
+
+ # TODO: Actuall acquire a certificate for this
+ install-certificate { 'star.wikimedia.org': }
+
+ class { '::openldap':
+ server_id => 3, # 1 and 2 used in OIT
+ suffix => 'dc=corp,dc=wikimedia,dc=org',
+ datadir => '/var/lib/ldap/corp',
+ master => $master,
+ sync_pass => $sync_pass,
+ ca => '/etc/ssl/certs/ca-certificates.crt',
+ certificate => "/etc/ssl/certs/star.wikimedia.org.crt",
+ key => "/etc/ssl/private/star.wikimedia.org.key",
+ }
+
+ ferm::service { 'corp_ldap':
+ proto => 'tcp',
+ port => '389' # Yes, explicitly not supporting LDAPS (port 636)
+ }
+
+ monitor_service { 'corp_ldap_mirror':
+ description => 'Corp OIT LDAP Mirror ',
+ check_command => 'check_ldap!dc=corp,dc=wikimedia,dc=org',
+ }
+}
diff --git a/manifests/site.pp b/manifests/site.pp
index dfb4090..0358d8c 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -2474,6 +2474,13 @@
include role::logging::systemusers
}
+node 'plutonium.wikimedia.org' {
+ $cluster = 'openldap_corp_mirror'
+
+ include standard
+ include role::openldap::corp
+}
+
node 'polonium.wikimedia.org' {
class { 'admin': groups => ['oit'] }
include standard-noexim
--
To view, visit https://gerrit.wikimedia.org/r/163184
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Id1d116bc080d4b2598c1fb45f9d58ceb24ac64e3
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Alexandros Kosiaris <[email protected]>
Gerrit-Reviewer: Alexandros Kosiaris <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits