From 7d2dd22e6375ec5e2719c484b7432ef3f592989a Mon Sep 17 00:00:00 2001
From: Klas Arvidsson <klas.arvidsson@liu.se>
Date: Tue, 3 Oct 2023 21:56:42 +0200
Subject: [PATCH] Adaptions for RHEL9, squid certgen and auth keytab

---
 manifests/auth.pp         |  6 +++++-
 manifests/squid_filter.pp | 12 ++++++++++++
 manifests/tal_cli.pp      |  7 +++++++
 3 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/manifests/auth.pp b/manifests/auth.pp
index 0d746c4..eacb162 100644
--- a/manifests/auth.pp
+++ b/manifests/auth.pp
@@ -7,7 +7,7 @@
 #
 # @param keytab_production_base64
 #   Keytab contents (in base64) for the Kerberos host key used to authenticate
-#   in the production environment (aes-devel.edu.liu.se).
+#   in the production environment (aes.edu.liu.se).
 #
 # @param keytab_devel_base64
 #   Keytab contents (in base64) for the Kerberos host key used to authenticate
@@ -37,6 +37,10 @@ class aes::auth (
     # The AD service account for this key is: ida_sys004_srv
     $auth_keytab_data = $keytab_devel
     $server_type = 'devel'
+  } elsif $facts[networking][fqdn] == 'aes-sbox.it.liu.se' {
+    # The AD service account for this key is: ida_sys004_srv
+    $auth_keytab_data = $keytab_devel
+    $server_type = 'devel'
   } else {
     $auth_keytab_data = undef
     $server_type = 'devel'
diff --git a/manifests/squid_filter.pp b/manifests/squid_filter.pp
index 46e71a0..0e42d76 100644
--- a/manifests/squid_filter.pp
+++ b/manifests/squid_filter.pp
@@ -28,6 +28,12 @@ class aes::squid_filter {
           family => 'ipv6',
           action => 'accept';
       }
+
+      exec { '/usr/lib64/squid/security_file_certgen -c -s /var/lib/squid/ssl_db -M 4MB':
+        user    => 'squid',
+        group   => 'squid',
+        creates => '/var/lib/squid/ssl_db',
+      }
     }
     'CentOS': {
       ::server_firewall::rules_file { '45-permit_squid.rules':
@@ -41,6 +47,12 @@ class aes::squid_filter {
         |-EOF
         # lint:endignore:strict_indent
       }
+
+      exec { '/usr/lib64/squid/ssl_crtd -c -s /var/lib/squid/ssl_db' :
+        user    => 'squid',
+        group   => 'squid',
+        creates => '/var/lib/squid/ssl_db',
+      }
     }
     default: {
       fail("${module_name} - Not supported for family ${fact('os.name')}.")
diff --git a/manifests/tal_cli.pp b/manifests/tal_cli.pp
index 33a462e..0ee5b07 100644
--- a/manifests/tal_cli.pp
+++ b/manifests/tal_cli.pp
@@ -17,6 +17,13 @@ class aes::tal_cli (
     mode   => '0700',
   }
 
+  file { '/home/examadm/bin' :
+    ensure => directory,
+    owner  => examadm,
+    group  => examadm,
+    mode   => '0755',
+  }
+
   file { '/home/examadm/bin/tal-cli' :
     ensure => file,
     owner  => examadm,
-- 
GitLab