diff options
author | Micah Anderson <micah@riseup.net> | 2013-03-19 18:20:33 -0400 |
---|---|---|
committer | Micah Anderson <micah@riseup.net> | 2013-03-19 18:20:33 -0400 |
commit | 92ea0355de872a502d552d89ed88729b9b4fbaa2 (patch) | |
tree | fd25da102373c0d92d4ae962107c06422141651f | |
parent | e69e40e55abcd3d86e1a12ce214bb64851961e13 (diff) |
add webapp secret token that pulls from hiera a 'secret'
-rw-r--r-- | provider_base/services/webapp.json | 3 | ||||
-rw-r--r-- | puppet/modules/site_webapp/manifests/init.pp | 6 |
2 files changed, 8 insertions, 1 deletions
diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index 0288a0cd..69c015a6 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -11,7 +11,8 @@ "client_certificates": "= global.provider.ca.client_certificates", "allow_limited_certs": "= global.provider.service.allow_limited_bandwidth", "allow_unlimited_certs": "= global.provider.service.allow_unlimited_bandwidth", - "allow_anonymous_certs": "= global.provider.service.allow_anonymous" + "allow_anonymous_certs": "= global.provider.service.allow_anonymous", + "secret_token": "= secret :webapp_secret_token" }, "definition_files": { "provider": "= file :provider_json_template", diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index ec70a68d..1e6abe42 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -6,6 +6,7 @@ class site_webapp { $node_domain = hiera('domain') $provider_domain = $node_domain['full_suffix'] $webapp = hiera('webapp') + $secret_token = $webapp['secret_token'] Class[Ruby] -> Class[rubygems] -> Class[bundler::install] @@ -111,6 +112,11 @@ class site_webapp { owner => leap-webapp, group => leap-webapp, mode => '0600'; + + '/srv/leap-webapp/config/initializers/secret_token.rb': + content => "LeapWeb::Application.config.secret_token = '${secret_token}'\n", + owner => leap-webapp, group => leap-webapp, mode => '0644', + notify => Service['apache']; } include site_shorewall::webapp |