From ca7e6f7d28df4689cd74da6412989f5baecd0215 Mon Sep 17 00:00:00 2001
From: Klas Arvidsson <klas.arvidsson@liu.se>
Date: Tue, 3 Oct 2023 23:07:12 +0200
Subject: [PATCH] Adaptions for RHEL9, corrections, cleanup

---
 files/squid/squid.conf    |  4 ++--
 manifests/broker.pp       |  2 ++
 manifests/init.pp         | 33 ++++++---------------------------
 manifests/latex.pp        |  2 +-
 manifests/squid_filter.pp | 23 +++++++++++++----------
 5 files changed, 24 insertions(+), 40 deletions(-)

diff --git a/files/squid/squid.conf b/files/squid/squid.conf
index 137bf1d..2bb701e 100644
--- a/files/squid/squid.conf
+++ b/files/squid/squid.conf
@@ -131,8 +131,8 @@ always_direct allow all
 ssl_bump server-first all
 
 # Inititate with:
-# /usr/lib64/squid/ssl_crtd -c -s /var/lib/ssl_db
-sslcrtd_program /usr/lib64/squid/ssl_crtd -s /var/lib/squid/ssl_db -M 4MB
+# /usr/lib64/squid/security_file_certgen -c -s /var/lib/ssl_db
+sslcrtd_program /usr/lib64/squid/security_file_certgen -s /var/lib/squid/ssl_db -M 4MB
 sslcrtd_children 32 startup=5 idle=1
 
 # the following two options are unsafe and not always necessary:
diff --git a/manifests/broker.pp b/manifests/broker.pp
index c52ab67..4dfa689 100644
--- a/manifests/broker.pp
+++ b/manifests/broker.pp
@@ -76,6 +76,8 @@ class aes::broker {
     $server_type = 'production'
   } elsif $facts[networking][fqdn] == 'aes-devel.edu.liu.se' {
     $server_type = 'devel'
+  } elsif $facts[networking][fqdn] == 'aes-sbox.it.liu.se' {
+    $server_type = 'devel'
   } else {
     $server_type = undef
   }
diff --git a/manifests/init.pp b/manifests/init.pp
index 0799d53..6f146c4 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -66,38 +66,17 @@ class aes {
     content => file("${module_name}/anacrontab"),
   }
 
-  # File for updating repositories.
-  # file { '/opt/utils':
-  #   ensure => directory,
-  #   mode   => '0755',
-  #   owner  => root,
-  #   group  => root,
-  # }
-  # file { '/opt/utils/update_repo.sh':
+  # 2023-10-03: Is this used for anything? What breaks?
+  #
+  # # File containing which environment is used.
+  # file { '/var/puppet_environment' :
   #   ensure  => file,
-  #   mode    => '0755',
+  #   mode    => '0644',
   #   owner   => root,
   #   group   => root,
-  #   content => file("${module_name}/update_repo.sh"),
-  # }
-
-  # File to easily see when Puppet was last executed.
-  # Ideally, we would like to know if it is devel or production as well.
-  # exec { '/usr/bin/touch /var/last_puppet_run' :
-  #   cwd   => '/var',
-  #   user  => root,
-  #   group => root,
+  #   content => $environment,
   # }
 
-  # File containing which environment is used.
-  file { '/var/puppet_environment' :
-    ensure  => file,
-    mode    => '0644',
-    owner   => root,
-    group   => root,
-    content => $environment,
-  }
-
   ::users::liu_user { 'klaar36':
     commonname => 'Klas Arvidsson',
     shell      => '/bin/bash',
diff --git a/manifests/latex.pp b/manifests/latex.pp
index 8914174..46a6f27 100644
--- a/manifests/latex.pp
+++ b/manifests/latex.pp
@@ -13,7 +13,7 @@ class aes::latex {
       'texlive-collection-xetex',
       'texlive-collection-latex',
       'texlive-collection-latexrecommended',
-      'texlive-xetex-def',
+#      'texlive-xetex-def', # Not in RHEL9, why is this required? What breaks?
       'texlive-tcolorbox',
       'texlive-booktabs',
       'latexmk',
diff --git a/manifests/squid_filter.pp b/manifests/squid_filter.pp
index da87587..c541560 100644
--- a/manifests/squid_filter.pp
+++ b/manifests/squid_filter.pp
@@ -2,6 +2,7 @@
 #   Describe what this class do!
 #
 #   Detailed summary info if suitable
+#   TODO: certificat generation and management
 #
 #
 class aes::squid_filter {
@@ -28,12 +29,6 @@ class aes::squid_filter {
           family => 'ipv6',
           action => 'accept';
       }
-
-      exec { '/usr/lib64/squid/security_file_certgen -c -s /var/lib/squid/ssl_db -M 4MB':
-        user    => 'squid',
-        group   => 'squid',
-        creates => '/var/lib/squid/ssl_db',
-      }
     }
     'CentOS': {
       ::server_firewall::rules_file { '45-permit_squid.rules':
@@ -48,10 +43,12 @@ class aes::squid_filter {
         # lint:endignore:strict_indent
       }
 
-      exec { '/usr/lib64/squid/ssl_crtd -c -s /var/lib/squid/ssl_db' :
-        user    => 'squid',
-        group   => 'squid',
-        creates => '/var/lib/squid/ssl_db',
+      # ensure new name exist to match new config file
+      file { '/usr/lib64/squid/security_file_certgen':
+        ensure  => link,
+        owner   => root,
+        group   => root,
+        target => '/usr/lib64/squid/ssl_crtd',
       }
     }
     default: {
@@ -113,6 +110,12 @@ class aes::squid_filter {
     group  => squid,
   }
 
+  exec { '/usr/lib64/squid/security_file_certgen -c -s /var/lib/squid/ssl_db -M 4MB' :
+    user    => 'squid',
+    group   => 'squid',
+    creates => '/var/lib/squid/ssl_db',
+  }
+
   # todo: logrotate
   service { 'squid' :
     ensure => 'running',
-- 
GitLab