diff --git a/manifests/auth.pp b/manifests/auth.pp index 0d746c4c19b20f7982edf326905b08ebdd5c0dfe..eacb162d31cce551ca10c7e012ba9513698610dc 100644 --- a/manifests/auth.pp +++ b/manifests/auth.pp @@ -7,7 +7,7 @@ # # @param keytab_production_base64 # Keytab contents (in base64) for the Kerberos host key used to authenticate -# in the production environment (aes-devel.edu.liu.se). +# in the production environment (aes.edu.liu.se). # # @param keytab_devel_base64 # Keytab contents (in base64) for the Kerberos host key used to authenticate @@ -37,6 +37,10 @@ class aes::auth ( # The AD service account for this key is: ida_sys004_srv $auth_keytab_data = $keytab_devel $server_type = 'devel' + } elsif $facts[networking][fqdn] == 'aes-sbox.it.liu.se' { + # The AD service account for this key is: ida_sys004_srv + $auth_keytab_data = $keytab_devel + $server_type = 'devel' } else { $auth_keytab_data = undef $server_type = 'devel' diff --git a/manifests/squid_filter.pp b/manifests/squid_filter.pp index 46e71a01d4e23160359718ef1dd0cd2da66d0123..0e42d763f33649e58c795b8a0acfb4b2471ec628 100644 --- a/manifests/squid_filter.pp +++ b/manifests/squid_filter.pp @@ -28,6 +28,12 @@ class aes::squid_filter { family => 'ipv6', action => 'accept'; } + + exec { '/usr/lib64/squid/security_file_certgen -c -s /var/lib/squid/ssl_db -M 4MB': + user => 'squid', + group => 'squid', + creates => '/var/lib/squid/ssl_db', + } } 'CentOS': { ::server_firewall::rules_file { '45-permit_squid.rules': @@ -41,6 +47,12 @@ class aes::squid_filter { |-EOF # lint:endignore:strict_indent } + + exec { '/usr/lib64/squid/ssl_crtd -c -s /var/lib/squid/ssl_db' : + user => 'squid', + group => 'squid', + creates => '/var/lib/squid/ssl_db', + } } default: { fail("${module_name} - Not supported for family ${fact('os.name')}.") diff --git a/manifests/tal_cli.pp b/manifests/tal_cli.pp index 33a462ee93e6a5d92fa3935700eac5033d54ff86..0ee5b074c389a01d5cc75a904bd10d9bea7b16b8 100644 --- a/manifests/tal_cli.pp +++ b/manifests/tal_cli.pp @@ -17,6 +17,13 @@ class aes::tal_cli ( mode => '0700', } + file { '/home/examadm/bin' : + ensure => directory, + owner => examadm, + group => examadm, + mode => '0755', + } + file { '/home/examadm/bin/tal-cli' : ensure => file, owner => examadm,