diff options
| author | elijah <elijah@riseup.net> | 2016-08-31 15:42:23 -0700 |
|---|---|---|
| committer | elijah <elijah@riseup.net> | 2016-08-31 15:42:23 -0700 |
| commit | 1d8236ec76d0aa0aca0171abd82b1a63450c8321 (patch) | |
| tree | f3872af684b9ff03f86de6a1cbb12b5022b57e0e | |
| parent | 184872506094394ca6f2290f546ab10a9e36b293 (diff) | |
| parent | e98d216dedbec1dc672ba3d80d5d34f2f4d4e4df (diff) | |
Merge branch 'cibuild_experimental_09' of https://0xacab.org/varac/platform into develop
| -rwxr-xr-x | bin/ci-build.sh | 3 | ||||
| -rw-r--r-- | puppet/modules/site_apt/manifests/preferences/twisted.pp | 11 | ||||
| -rw-r--r-- | puppet/modules/site_webapp/manifests/init.pp | 71 | ||||
| -rw-r--r-- | tests/puppet/provider/common.json | 13 | ||||
| -rw-r--r-- | tests/puppet/provider/nodes/catalogtest.json | 33 |
5 files changed, 98 insertions, 33 deletions
diff --git a/bin/ci-build.sh b/bin/ci-build.sh index 7b4895e5..248bd9f8 100755 --- a/bin/ci-build.sh +++ b/bin/ci-build.sh @@ -2,6 +2,9 @@ . tests/puppet/provider/.platform-test.conf +# break on every error +set -e + # create node(s) with unique id so we can run tests in parallel export TAG="build${CI_BUILD_ID}" [ -d "${PROVIDERDIR}/tags" ] || mkdir "${PROVIDERDIR}/tags" diff --git a/puppet/modules/site_apt/manifests/preferences/twisted.pp b/puppet/modules/site_apt/manifests/preferences/twisted.pp new file mode 100644 index 00000000..a3fa0950 --- /dev/null +++ b/puppet/modules/site_apt/manifests/preferences/twisted.pp @@ -0,0 +1,11 @@ +# Pin twisted to jessie-backports in order to +# use 16.2.0 for i.e. soledad +class site_apt::preferences::twisted { + + apt::preferences_snippet { 'twisted': + package => 'python-twisted*', + release => "${::lsbdistcodename}-backports", + priority => 999; + } + +} diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index 15925aba..83cf99a9 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -16,21 +16,22 @@ class site_webapp { Class['site_config::default'] -> Class['site_webapp'] - include site_config::ruby::dev - include site_webapp::apache - include site_webapp::couchdb - include site_haproxy - include site_webapp::cron - include site_config::default - include site_config::x509::cert - include site_config::x509::key - include site_config::x509::ca - include site_config::x509::client_ca::ca - include site_config::x509::client_ca::key - include site_nickserver + include ::site_config::ruby::dev + include ::site_webapp::apache + include ::site_webapp::couchdb + include ::site_haproxy + include ::site_webapp::cron + include ::site_config::default + include ::site_config::x509::cert + include ::site_config::x509::key + include ::site_config::x509::ca + include ::site_config::x509::client_ca::ca + include ::site_config::x509::client_ca::key + include ::site_nickserver + include ::site_apt::preferences::twisted # remove leftovers from previous installations on webapp nodes - include site_config::remove::webapp + include ::site_config::remove::webapp group { 'leap-webapp': ensure => present, @@ -91,12 +92,16 @@ class site_webapp { '/srv/leap/webapp/config/provider': ensure => directory, require => Vcsrepo['/srv/leap/webapp'], - owner => leap-webapp, group => leap-webapp, mode => '0755'; + owner => 'leap-webapp', + group => 'leap-webapp', + mode => '0755'; '/srv/leap/webapp/config/provider/provider.json': content => $provider, require => Vcsrepo['/srv/leap/webapp'], - owner => leap-webapp, group => leap-webapp, mode => '0644'; + owner => 'leap-webapp', + group => 'leap-webapp', + mode => '0644'; '/srv/leap/webapp/public/ca.crt': ensure => link, @@ -106,27 +111,37 @@ class site_webapp { "/srv/leap/webapp/public/${api_version}": ensure => directory, require => Vcsrepo['/srv/leap/webapp'], - owner => leap-webapp, group => leap-webapp, mode => '0755'; + owner => 'leap-webapp', + group => 'leap-webapp', + mode => '0755'; "/srv/leap/webapp/public/${api_version}/config/": ensure => directory, require => Vcsrepo['/srv/leap/webapp'], - owner => leap-webapp, group => leap-webapp, mode => '0755'; + owner => 'leap-webapp', + group => 'leap-webapp', + mode => '0755'; "/srv/leap/webapp/public/${api_version}/config/eip-service.json": content => $eip_service, require => Vcsrepo['/srv/leap/webapp'], - owner => leap-webapp, group => leap-webapp, mode => '0644'; + owner => 'leap-webapp', + group => 'leap-webapp', + mode => '0644'; "/srv/leap/webapp/public/${api_version}/config/soledad-service.json": content => $soledad_service, require => Vcsrepo['/srv/leap/webapp'], - owner => leap-webapp, group => leap-webapp, mode => '0644'; + owner => 'leap-webapp', + group => 'leap-webapp', + mode => '0644'; "/srv/leap/webapp/public/${api_version}/config/smtp-service.json": content => $smtp_service, require => Vcsrepo['/srv/leap/webapp'], - owner => leap-webapp, group => leap-webapp, mode => '0644'; + owner => 'leap-webapp', + group => 'leap-webapp', + mode => '0644'; } try::file { @@ -135,8 +150,8 @@ class site_webapp { recurse => true, purge => true, force => true, - owner => leap-webapp, - group => leap-webapp, + owner => 'leap-webapp', + group => 'leap-webapp', mode => 'u=rwX,go=rX', require => Vcsrepo['/srv/leap/webapp'], notify => Exec['compile_assets'], @@ -153,8 +168,8 @@ class site_webapp { file { '/srv/leap/webapp/config/config.yml': content => template('site_webapp/config.yml.erb'), - owner => leap-webapp, - group => leap-webapp, + owner => 'leap-webapp', + group => 'leap-webapp', mode => '0600', require => Vcsrepo['/srv/leap/webapp'], notify => Service['apache']; @@ -163,17 +178,17 @@ class site_webapp { if $tor { $hidden_service = $tor['hidden_service'] if $hidden_service['active'] { - include site_webapp::hidden_service + include ::site_webapp::hidden_service } } # needed for the soledad-sync check which is run on the # webapp node - include soledad::client + include ::soledad::client leap::logfile { 'webapp': } - include site_shorewall::webapp - include site_check_mk::agent::webapp + include ::site_shorewall::webapp + include ::site_check_mk::agent::webapp } diff --git a/tests/puppet/provider/common.json b/tests/puppet/provider/common.json index c891fea3..a13f8f75 100644 --- a/tests/puppet/provider/common.json +++ b/tests/puppet/provider/common.json @@ -1,5 +1,12 @@ -// -// Options put here are inherited by all nodes. -// { + "sources": { + "platform": { + "apt": { + "basic": "http://deb.leap.se/experimental-0.9" + } + }, + "nickserver": { + "revision": "develop" + } + } } diff --git a/tests/puppet/provider/nodes/catalogtest.json b/tests/puppet/provider/nodes/catalogtest.json index 4f86ac19..05703666 100644 --- a/tests/puppet/provider/nodes/catalogtest.json +++ b/tests/puppet/provider/nodes/catalogtest.json @@ -1,10 +1,39 @@ { "ip_address": "1.1.1.1", + "openvpn": { + "gateway_address": "1.1.1.2" + }, "services": [ "couchdb", "mx", "soledad", - "webapp" + "webapp", + "monitor", + "openvpn", + "tor", + "obfsproxy", + "static" ], - "tags": ["catalogtest"] + "tags": ["catalogtest","development"], + "static": { + "domains":{ + "example.org": { + "tls_only": true, + "locations": { + "front": { + "path": "/", + "format": "amber", + "source": { + "type": "git", + "repo": "https://leap.se/git/bitmask_help", + "revision": "origin/master" + } + } + }, + "cert": "= file('cert/example.org.crt')", + "key": "= file('cert/example.org.key')", + "ca_cert": "= file('cert/commercial_ca.crt')" + } + } + } } |