summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMicah Anderson <micah@riseup.net>2013-03-19 18:20:33 -0400
committerMicah Anderson <micah@riseup.net>2013-03-19 18:20:33 -0400
commit92ea0355de872a502d552d89ed88729b9b4fbaa2 (patch)
treefd25da102373c0d92d4ae962107c06422141651f
parente69e40e55abcd3d86e1a12ce214bb64851961e13 (diff)
add webapp secret token that pulls from hiera a 'secret'
-rw-r--r--provider_base/services/webapp.json3
-rw-r--r--puppet/modules/site_webapp/manifests/init.pp6
2 files changed, 8 insertions, 1 deletions
diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json
index 0288a0cd..69c015a6 100644
--- a/provider_base/services/webapp.json
+++ b/provider_base/services/webapp.json
@@ -11,7 +11,8 @@
"client_certificates": "= global.provider.ca.client_certificates",
"allow_limited_certs": "= global.provider.service.allow_limited_bandwidth",
"allow_unlimited_certs": "= global.provider.service.allow_unlimited_bandwidth",
- "allow_anonymous_certs": "= global.provider.service.allow_anonymous"
+ "allow_anonymous_certs": "= global.provider.service.allow_anonymous",
+ "secret_token": "= secret :webapp_secret_token"
},
"definition_files": {
"provider": "= file :provider_json_template",
diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp
index ec70a68d..1e6abe42 100644
--- a/puppet/modules/site_webapp/manifests/init.pp
+++ b/puppet/modules/site_webapp/manifests/init.pp
@@ -6,6 +6,7 @@ class site_webapp {
$node_domain = hiera('domain')
$provider_domain = $node_domain['full_suffix']
$webapp = hiera('webapp')
+ $secret_token = $webapp['secret_token']
Class[Ruby] -> Class[rubygems] -> Class[bundler::install]
@@ -111,6 +112,11 @@ class site_webapp {
owner => leap-webapp,
group => leap-webapp,
mode => '0600';
+
+ '/srv/leap-webapp/config/initializers/secret_token.rb':
+ content => "LeapWeb::Application.config.secret_token = '${secret_token}'\n",
+ owner => leap-webapp, group => leap-webapp, mode => '0644',
+ notify => Service['apache'];
}
include site_shorewall::webapp