[MediaWiki-commits] [Gerrit] operations/puppet[production]: ldap: Factor out role that provides ldap.yaml file

Wed, 07 Sep 2016 17:02:09 -0700 

Yuvipanda has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/309209

Change subject: ldap: Factor out role that provides ldap.yaml file
......................................................................

ldap: Factor out role that provides ldap.yaml file

Is used in other places, including the puppetmaster

Change-Id: I8e35ac14db0717ce1e97f56e2655d33be674e480
---
M modules/ldap/manifests/client/nss.pp
A modules/ldap/manifests/yamlcreds.pp
M modules/role/manifests/labs/puppetmaster.pp
3 files changed, 22 insertions(+), 11 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/09/309209/1

diff --git a/modules/ldap/manifests/client/nss.pp 
b/modules/ldap/manifests/client/nss.pp
index 0ff80ea..9cdc164 100644
--- a/modules/ldap/manifests/client/nss.pp
+++ b/modules/ldap/manifests/client/nss.pp
@@ -44,17 +44,7 @@
     }
 
     # So scripts don't have to parse the ldap.conf format
-    $ldap_pw = $ldapconfig['basedn']
-    $client_readable_config = {
-        'servers'  => $ldapconfig['servernames'],
-        'basedn'   => $ldapconfig['basedn'],
-        'user'     => "cn=proxyagent,ou=profile,${ldap_pw}",
-        'password' => $ldapconfig['proxypass'],
-    }
-
-    file { '/etc/ldap.yaml':
-        content => ordered_yaml($client_readable_config),
-    }
+    include ldap::yamlcreds
 
     # Allow labs projects to give people custom shells
     $shell_override = hiera('user_login_shell', false)
diff --git a/modules/ldap/manifests/yamlcreds.pp 
b/modules/ldap/manifests/yamlcreds.pp
new file mode 100644
index 0000000..3cd77e7
--- /dev/null
+++ b/modules/ldap/manifests/yamlcreds.pp
@@ -0,0 +1,19 @@
+# Provision /etc/ldap.yaml file, with credentials for
+# readonly access to the labs ldap
+class ldap::yamlcreds {
+    include ldap::role::config::labs
+
+    $ldapconfig = $::ldap::role::config::labs::ldapconfig
+
+    $ldap_pw = $ldapconfig['basedn']
+    $client_readable_config = {
+        'servers'  => $ldapconfig['servernames'],
+        'basedn'   => $ldapconfig['basedn'],
+        'user'     => "cn=proxyagent,ou=profile,${ldap_pw}",
+        'password' => $ldapconfig['proxypass'],
+    }
+
+    file { '/etc/ldap.yaml':
+        content => ordered_yaml($client_readable_config),
+    }
+}
diff --git a/modules/role/manifests/labs/puppetmaster.pp 
b/modules/role/manifests/labs/puppetmaster.pp
index 625a79c..cb28a3e 100644
--- a/modules/role/manifests/labs/puppetmaster.pp
+++ b/modules/role/manifests/labs/puppetmaster.pp
@@ -24,6 +24,8 @@
         # Setup ENC
         require_package('python3-yaml', 'python3-ldap3')
 
+        include ldap::yamlcreds
+
         file { '/usr/local/bin/puppet-enc':
             source => 'puppet:///modules/role/labs/puppet-enc.py',
             mode   => '0555',

-- 
To view, visit https://gerrit.wikimedia.org/r/309209
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I8e35ac14db0717ce1e97f56e2655d33be674e480
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Yuvipanda <yuvipa...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to