[MediaWiki-commits] [Gerrit] ldap-corp: Populate the per DC certificates - change (operations/puppet)

Mon, 02 Nov 2015 05:45:08 -0800 

Alexandros Kosiaris has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/250418

Change subject: ldap-corp: Populate the per DC certificates
......................................................................

ldap-corp: Populate the per DC certificates

Use ssl::certificate to populate the per-DC certificates into the
ldap-mirror hosts. Also puppetize the ownership of the certificate and
key file to be group readable by slapd

Change-Id: I607f188d3a3ea4d73471c03a2b2af2b8d3ee12f3
---
M modules/role/manifests/openldap/corp.pp
1 file changed, 4 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/18/250418/1

diff --git a/modules/role/manifests/openldap/corp.pp 
b/modules/role/manifests/openldap/corp.pp
index bda1502..8a644e0 100644
--- a/modules/role/manifests/openldap/corp.pp
+++ b/modules/role/manifests/openldap/corp.pp
@@ -13,6 +13,10 @@
     $sync_pass = $passwords::openldap::corp::sync_pass
 
     sslcert::certificate { 'ldap-mirror.wikimedia.org': }
+    # Certificate needs to be readable by slapd
+    sslcert::certificate { "ldap-corp.${::site}.wikimedia.org":
+        group => 'openldap',
+    }
 
     class { '::openldap':
         server_id   => 3, # 1 and 2 used in OIT

-- 
To view, visit https://gerrit.wikimedia.org/r/250418
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I607f188d3a3ea4d73471c03a2b2af2b8d3ee12f3
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Alexandros Kosiaris <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to