Resources
Augeas["server.xml_connector_443"]
context => "/files/etc/tomcat6/server.xml/Server/Service[#attribute/name = 'Catalina']"
changes => ["set Connector[last()+1] #empty", "set Connector[last()]/#attribute/port 443", "set Connector[last()]/#attribute/protocol HTTP/1.1", "set Connector[last()]/#attribute/SSLEnabled true", "set Connector[last()]/#attribute/maxThreads 150", "set Connector[last()]/#attribute/scheme https", "set Connector[last()]/#attribute/secure true", "set Connector[last()]/#attribute/clientAuth false", "set Connector[last()]/#attribute/sslProtocol TLS", "set Connector[last()]/#attribute/keyAlias idp2-tomcat-ssl", set Connector[last()]/#attribute/keystoreFile $idp_home/credentials/idp2.ssl.jks, set Connector[last()]/#attribute/keypass $keystorepassword]
onlyif => "get Connector/#attribute/port[../port = '443'] == ''"
require => Augeas["server.xml_connector_8443"]
Augeas["server.xml_connector_80"]
context => "/files/etc/tomcat6/server.xml/Server/Service[#attribute/name = 'Catalina']"
changes => ["set Connector[#attribute/port = '8080']/#attribute/port 80"]
onlyif => "get Connector/#attribute/port[../port = '80'] == ''"
require => Augeas["server.xml_connector_443"]
Augeas["server.xml_connector_8443"]
context => "/files/etc/tomcat6/server.xml/Server/Service[#attribute/name = 'Catalina']"
changes => ["set Connector[last()+1] #empty", "set Connector[last()]/#attribute/port 8443", "set Connector[last()]/#attribute/protocol org.apache.coyote.http11.Http11Protocol", "set Connector[last()]/#attribute/SSLImplementation edu.internet2.middleware.security.tomcat6.DelegateToApplicationJSSEImplementation", "set Connector[last()]/#attribute/scheme https", "set Connector[last()]/#attribute/SSLEnabled true", "set Connector[last()]/#attribute/clientAuth true", "set Connector[last()]/#attribute/keystoreFile /opt/shibboleth-idp/credentials/idp.jks", set Connector[last()]/#attribute/keystorePass $keystorepassword]
onlyif => "get Connector/#attribute/port[../port = '8443'] == ''"
require => Exec["apps_wget_dtassl"]
Augeas["tomcat6_authbind"]
context => "/files/etc/default/tomcat6"
changes => ["defvar authcomment *[. = 'AUTHBIND=no']", "ins AUTHBIND after $authcomment", "set AUTHBIND yes"]
onlyif => "get AUTHBIND != 'yes'"
require => Augeas["server.xml_connector_80"]
Augeas["tomcat6_javahome"]
context => "/files/etc/default/tomcat6"
changes => ["defvar javahome *[. =~ regexp('JAVA_HOME.*')]", "ins JAVA_HOME after $javahome", set JAVA_HOME $shib2idp::prerequisites::java_home]
onlyif => get JAVA_HOME != '$shib2idp::prerequisites::java_home'
require => Augeas["tomcat6_authbind"]
Exec["apps_semaphore_shibboleth_configured"]
cwd => "/usr/local/src"
command => "/bin/echo configured > /usr/local/src/shibboleth-identityprovider/.puppet"
require => Augeas["tomcat6_javahome"]
Exec["apps_wget_dtassl"]
command => /usr/bin/wget https://build.shibboleth.net/nexus/content/repositories/releases/edu/internet2/middleware/security/tomcat6/tomcat6-dta-ssl/1.0.0/tomcat6-dta-ssl-1.0.0.jar -O $tomcat::tomcat_home/lib/tomcat6-dta-ssl-1.0.0.jar
require => [Package["wget"], File_line["idp_environment_rule_2"]]
File_line["idp_environment_rule_1"]
ensure => present
path => "/etc/environment"
line => "JAVA_ENDORSED_DIRS=/usr/share/tomcat6/endorsed"
require => Notify["configuring"]
File_line["idp_environment_rule_2"]
ensure => present
path => "/etc/environment"
line => IDP_HOME=$idp_home
require => File_line["idp_environment_rule_1"]
Notify["check_certs"]
message => "check for new certificates"
require => Exec["apps_semaphore_shibboleth_configured"]
Notify["securitizing"]
message => "securitizing"
require => Exec["apps_semaphore_shibboleth_configured"]