eid-ops/global/overlay/etc/puppet/modules/eid/manifests/idm_app.pp

# idm_app
class eid::idm_app (
) {

  $redises = lookup('redis_cluster_nodes', undef, undef, [])
  $dbs = lookup('mariadb_cluster_nodes', undef, undef, [])
  $dbs_string = join($dbs,',')

  $sql_password = lookup('sql_password', undef, undef, undef)

  ensure_resource('sunet::misc::create_dir', '/opt/idm_app/config/', { owner => 'root', group => 'root', mode => '0750'})
  file { '/opt/idm_app/config/idm.yml':
    content => template('eid/idm/idm.yml.erb'),
    mode    => '0755',
  }

  # Unwanted password - but hey Java!
  $pass = 'qwerty123'
  exec { "${facts['networking']['fqdn']}_infra.p12":
    command => "openssl pkcs12 -export -in /etc/ssl/certs/${facts['networking']['fqdn']}_infra.crt -inkey /etc/ssl/private/${facts['networking']['fqdn']}_infra.pem -name 'infra' -out /etc/ssl/private/${facts['networking']['fqdn']}_infra.p12 -passout pass:${pass}",
    onlyif  => "test ! -f /etc/ssl/private/${facts['networking']['fqdn']}_infra.p12"
  }

  sunet::docker_compose { 'idm_app':
    content          => template('eid/idm/docker-compose.yml.erb'),
    service_name     => 'idm_app',
    compose_dir      => '/opt/',
    compose_filename => 'docker-compose.yml',
    description      => 'Identity matching'
  }
}