added module site_ca_daemon

author: varac <varacanero@zeromail.org> 2012-12-07 14:49:22 +0100
committer: varac <varacanero@zeromail.org> 2012-12-07 14:49:22 +0100
commit: 528aaee2f24b2b1b57435df6db42b89af6ba76de (patch)
tree: 329f6c60a1ab0b730eae1aef74fc3e94ced22867
parent: 51f37d8132a44e25350db66b7156892980d3e4fa (diff)
4 files changed, 140 insertions, 0 deletions
diff --git a/puppet/modules/site_ca_daemon/manifests/apache.pp b/puppet/modules/site_ca_daemon/manifests/apache.pp
new file mode 100644
index 00000000..ab6b08fd
--- /dev/null
+++ b/puppet/modules/site_ca_daemon/manifests/apache.pp
@@ -0,0 +1,62 @@
+class site_ca_daemon::apache {
+
+  $api_domain       = hiera('api_domain')
+  $x509             = hiera('x509')
+  $commercial_key   = $x509['commercial_key']
+  $commercial_cert  = $x509['commercial_cert']
+  $commercial_root  = $x509['commercial_ca_cert']
+  $api_key          = $x509['key']
+  $api_cert         = $x509['cert']
+  $api_root         = $x509['ca_cert']
+
+  $apache_no_default_site = true
+  include apache::ssl
+
+  apache::module {
+    'alias':   ensure => present;
+    'rewrite': ensure => present;
+    'headers': ensure => present;
+  }
+
+  class { 'passenger': use_munin => false }
+
+  apache::vhost::file {
+    'leap_ca_daemon':
+      content => template('site_apache/vhosts.d/leap_ca_daemon.conf.erb')
+  }
+
+  apache::vhost::file {
+    'api':
+      content => template('site_apache/vhosts.d/api.conf.erb')
+  }
+
+  x509::key {
+    'leap_ca_daemon':
+      content => $commercial_key,
+      notify  => Service[apache];
+
+    'leap_api':
+      content => $api_key,
+      notify  => Service[apache];
+  }
+
+  x509::cert {
+    'leap_ca_daemon':
+      content => $commercial_cert,
+      notify  => Service[apache];
+
+    'leap_api':
+      content => $api_cert,
+      notify  => Service[apache];
+  }
+
+  x509::ca {
+    'leap_ca_daemon':
+      content => $commercial_root,
+      notify  => Service[apache];
+
+    'leap_api':
+      content => $api_root,
+      notify  => Service[apache];
+  }
+}
diff --git a/puppet/modules/site_ca_daemon/manifests/couchdb.pp b/puppet/modules/site_ca_daemon/manifests/couchdb.pp
new file mode 100644
index 00000000..b5a1d2d4
--- /dev/null
+++ b/puppet/modules/site_ca_daemon/manifests/couchdb.pp
@@ -0,0 +1,16 @@
+class site_ca_daemon::couchdb {
+
+  $ca               = hiera('ca_daemon')
+  $couchdb_host     = $ca['couchdb_hosts']
+  $couchdb_user     = $ca['couchdb_user']['username']
+  $couchdb_password = $ca['couchdb_user']['password']
+
+  file {
+    '/srv/leap_ca_daemon/config/couchdb.yml':
+      content => template('site_ca_daemon/couchdb.yml.erb'),
+      owner   => leap_ca_daemon,
+      group   => leap_ca_daemon,
+      mode    => '0600';
+  }
+
+}
diff --git a/puppet/modules/site_ca_daemon/manifests/init.pp b/puppet/modules/site_ca_daemon/manifests/init.pp
new file mode 100644
index 00000000..c749da12
--- /dev/null
+++ b/puppet/modules/site_ca_daemon/manifests/init.pp
@@ -0,0 +1,55 @@
+class site_ca_daemon {
+
+  #$definition_files = hiera('definition_files')
+  #$provider         = $definition_files['provider']
+  #$eip_service      = $definition_files['eip_service']
+
+  Class[Ruby] -> Class[rubygems] -> Class[bundler::install]
+
+  class { 'ruby': ruby_version => '1.9.3' }
+
+  class { 'bundler::install': install_method => 'package' }
+
+  include rubygems
+  #include site_ca_daemon::apache
+  include site_ca_daemon::couchdb
+
+  group { 'leap_ca_daemon':
+    ensure    => present,
+    allowdupe => false;
+  }
+
+  user { 'leap_ca_daemon':
+    ensure    => present,
+    allowdupe => false,
+    gid       => 'leap_ca_daemon',
+    home      => '/srv/leap_ca_daemon',
+    require   => [ Group['leap_ca_daemon'] ];
+  }
+
+  file { '/srv/leap_ca_daemon':
+    ensure  => directory,
+    owner   => 'leap_ca_daemon',
+    group   => 'leap_ca_daemon',
+    require => User['leap_ca_daemon'];
+  }
+
+  vcsrepo { '/srv/leap_ca_daemon':
+    ensure   => present,
+    revision => 'origin/deploy',
+    provider => git,
+    source   => 'git://code.leap.se/leap_ca',
+    owner    => 'leap_ca_daemon',
+    group    => 'leap_ca_daemon',
+    require  => [ User['leap_ca_daemon'], Group['leap_ca_daemon'] ],
+    notify   => Exec['bundler_update']
+  }
+
+  exec { 'bundler_update':
+    cwd     => '/srv/leap_ca_daemon',
+    command => '/bin/bash -c "/usr/bin/bundle check || /usr/bin/bundle install"',
+    unless  => '/usr/bin/bundle check',
+    require => [ Class['bundler::install'], Vcsrepo['/srv/leap_ca_daemon'] ];
+  }
+
+}
diff --git a/puppet/modules/site_ca_daemon/templates/couchdb.yml.erb b/puppet/modules/site_ca_daemon/templates/couchdb.yml.erb
new file mode 100644
index 00000000..f5132599
--- /dev/null
+++ b/puppet/modules/site_ca_daemon/templates/couchdb.yml.erb
@@ -0,0 +1,7 @@
+production:
+  protocol: 'https'
+  host: <%= couchdb_host %>
+  port: 443
+  username: <%= couchdb_user %>
+  password: <%= couchdb_password %>
+
author	varac <varacanero@zeromail.org>	2012-12-07 14:49:22 +0100
committer	varac <varacanero@zeromail.org>	2012-12-07 14:49:22 +0100
commit	528aaee2f24b2b1b57435df6db42b89af6ba76de (patch)
tree	329f6c60a1ab0b730eae1aef74fc3e94ced22867
parent	51f37d8132a44e25350db66b7156892980d3e4fa (diff)