diff options
| author | Micah Anderson <micah@riseup.net> | 2013-02-12 11:14:32 -0500 |
|---|---|---|
| committer | Micah Anderson <micah@riseup.net> | 2013-02-12 11:14:32 -0500 |
| commit | 05b4a4d9d6ddb594ffa900192ad0ad714957663f (patch) | |
| tree | 2a24f3b6ecf55e8f8265cf7b9aa0e86c5563638b | |
| parent | 1a2789d084c3c2beccb97726b8799cb194a634fd (diff) | |
| parent | 102af94df02decef888bac09748dbac6773dedd6 (diff) | |
Merge remote-tracking branch 'origin/develop' into bundle-and-precompile-as-user
| -rw-r--r-- | provider_base/provider.json | 3 | ||||
| -rw-r--r-- | puppet/modules/site_couchdb/files/local.ini | 6 | ||||
| -rw-r--r-- | puppet/modules/site_nagios/manifests/server.pp | 1 | ||||
| -rw-r--r-- | puppet/modules/site_shorewall/manifests/monitor.pp | 8 | ||||
| -rw-r--r-- | puppet/modules/site_shorewall/manifests/service/http.pp | 13 | ||||
| -rw-r--r-- | puppet/modules/site_shorewall/manifests/service/https.pp | 12 | ||||
| -rw-r--r-- | puppet/modules/site_shorewall/manifests/service/webapp_api.pp | 21 | ||||
| -rw-r--r-- | puppet/modules/site_shorewall/manifests/tor.pp | 6 | ||||
| -rw-r--r-- | puppet/modules/site_shorewall/manifests/webapp.pp | 11 | ||||
| -rw-r--r-- | puppet/modules/site_webapp/manifests/init.pp | 12 | ||||
| -rw-r--r-- | puppet/modules/try/README.md | 13 | ||||
| -rw-r--r-- | puppet/modules/try/manifests/file.pp | 51 | ||||
| -rw-r--r-- | puppet/modules/try/manifests/init.pp | 3 |
13 files changed, 135 insertions, 25 deletions
diff --git a/provider_base/provider.json b/provider_base/provider.json index 0eae1f87..8ce848f3 100644 --- a/provider_base/provider.json +++ b/provider_base/provider.json @@ -26,8 +26,5 @@ "life_span": "1y" } }, - "vagrant":{ - "network":"10.5.5.0/24" - }, "hiera_sync_destination": "/etc/leap" } diff --git a/puppet/modules/site_couchdb/files/local.ini b/puppet/modules/site_couchdb/files/local.ini index 4003bfcd..b3376cbb 100644 --- a/puppet/modules/site_couchdb/files/local.ini +++ b/puppet/modules/site_couchdb/files/local.ini @@ -27,7 +27,11 @@ [httpd_global_handlers] ;_google = {couch_httpd_proxy, handle_proxy_req, <<"http://www.google.com">>} -_utils = {couch_httpd_misc_handlers, handle_welcome_req, <<"Welcome, Futon is disabled!">>} + +# enable futon +_utils = {couch_httpd_misc_handlers, handle_utils_dir_req, "/usr/share/couchdb/www"} +# disable futon +#_utils = {couch_httpd_misc_handlers, handle_welcome_req, <<"Welcome, Futon is disabled!">>} [couch_httpd_auth] ; If you set this to true, you should also uncomment the WWW-Authenticate line diff --git a/puppet/modules/site_nagios/manifests/server.pp b/puppet/modules/site_nagios/manifests/server.pp index 5e2f832b..c98a8a1f 100644 --- a/puppet/modules/site_nagios/manifests/server.pp +++ b/puppet/modules/site_nagios/manifests/server.pp @@ -34,4 +34,5 @@ class site_nagios::server inherits nagios::base { } site_nagios::add_host {$hosts:} + include site_shorewall::monitor } diff --git a/puppet/modules/site_shorewall/manifests/monitor.pp b/puppet/modules/site_shorewall/manifests/monitor.pp new file mode 100644 index 00000000..f4ed4f7c --- /dev/null +++ b/puppet/modules/site_shorewall/manifests/monitor.pp @@ -0,0 +1,8 @@ +class site_shorewall::monitor { + + include site_shorewall::defaults + include site_shorewall::service::http + include site_shorewall::service::https + + +} diff --git a/puppet/modules/site_shorewall/manifests/service/http.pp b/puppet/modules/site_shorewall/manifests/service/http.pp new file mode 100644 index 00000000..74b874d5 --- /dev/null +++ b/puppet/modules/site_shorewall/manifests/service/http.pp @@ -0,0 +1,13 @@ +class site_shorewall::service::http { + + include site_shorewall::defaults + + shorewall::rule { + 'net2fw-http': + source => 'net', + destination => '$FW', + action => 'HTTP(ACCEPT)', + order => 200; + } + +} diff --git a/puppet/modules/site_shorewall/manifests/service/https.pp b/puppet/modules/site_shorewall/manifests/service/https.pp new file mode 100644 index 00000000..4a8b119c --- /dev/null +++ b/puppet/modules/site_shorewall/manifests/service/https.pp @@ -0,0 +1,12 @@ +class site_shorewall::service::https { + + include site_shorewall::defaults + + shorewall::rule { + 'net2fw-https': + source => 'net', + destination => '$FW', + action => 'HTTPS(ACCEPT)', + order => 200; + } +} diff --git a/puppet/modules/site_shorewall/manifests/service/webapp_api.pp b/puppet/modules/site_shorewall/manifests/service/webapp_api.pp new file mode 100644 index 00000000..9d4296e5 --- /dev/null +++ b/puppet/modules/site_shorewall/manifests/service/webapp_api.pp @@ -0,0 +1,21 @@ +class site_shorewall::service::webapp_api { + + $api = hiera('api') + $api_port = $api['port'] + + # define macro for incoming services + file { '/etc/shorewall/macro.leap_webapp_api': + content => "PARAM - - tcp $api_port ", + notify => Service['shorewall'] + } + + + shorewall::rule { + 'net2fw-webapp_api': + source => 'net', + destination => '$FW', + action => 'leap_webapp_api(ACCEPT)', + order => 200; + } + +} diff --git a/puppet/modules/site_shorewall/manifests/tor.pp b/puppet/modules/site_shorewall/manifests/tor.pp index a72d9dfc..8fe21ee6 100644 --- a/puppet/modules/site_shorewall/manifests/tor.pp +++ b/puppet/modules/site_shorewall/manifests/tor.pp @@ -18,11 +18,7 @@ class site_shorewall::tor { destination => '$FW', action => 'leap_tor(ACCEPT)', order => 200; - 'net2fw-http': - source => 'net', - destination => '$FW', - action => 'HTTP(ACCEPT)', - order => 200; } + include site_shorewall::service::http } diff --git a/puppet/modules/site_shorewall/manifests/webapp.pp b/puppet/modules/site_shorewall/manifests/webapp.pp index ff9b7646..d12bbc8f 100644 --- a/puppet/modules/site_shorewall/manifests/webapp.pp +++ b/puppet/modules/site_shorewall/manifests/webapp.pp @@ -1,13 +1,6 @@ class site_shorewall::webapp { include site_shorewall::defaults - - shorewall::rule { - 'net2fw-https': - source => 'net', - destination => '$FW', - action => 'HTTPS(ACCEPT)', - order => 200; - } - + include site_shorewall::service::https + include site_shorewall::service::webapp_api } diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index 46cc0ed6..e8134521 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -84,7 +84,9 @@ class site_webapp { '/srv/leap-webapp/public/config/eip-service.json': content => $eip_service, owner => leap-webapp, group => leap-webapp, mode => '0644'; + } + try::file { '/srv/leap-webapp/public/favicon.ico': ensure => 'link', target => $webapp['favicon']; @@ -96,14 +98,10 @@ class site_webapp { '/srv/leap-webapp/app/assets/stylesheets/head.scss': ensure => 'link', target => $webapp['head_scss']; - } - if $webapp['img_dir'] != undef { - file { - '/srv/leap-webapp/public/img': - ensure => 'link', - target => $webapp['img_dir']; - } + '/srv/leap-webapp/public/img': + ensure => 'link', + target => $webapp['img_dir']; } file { diff --git a/puppet/modules/try/README.md b/puppet/modules/try/README.md new file mode 100644 index 00000000..3888661e --- /dev/null +++ b/puppet/modules/try/README.md @@ -0,0 +1,13 @@ +This module provides a "try" wrapper around common resource types. + +For example: + + try::file { + '/path/to/file': + ensure => 'link', + target => $target; + } + +This will work just like `file`, but will silently fail if `$target` is undefined or the file does not exist. + +So far, only `file` type with symlinks works. diff --git a/puppet/modules/try/manifests/file.pp b/puppet/modules/try/manifests/file.pp new file mode 100644 index 00000000..406c0b7a --- /dev/null +++ b/puppet/modules/try/manifests/file.pp @@ -0,0 +1,51 @@ +# +# like built-in type "file", but gets gracefully ignored if the target does not exist or is undefined. +# +# /bin/true and /usr/bin/test are hardcoded to their paths in debian. +# + +define try::file ( + $ensure = undef, + $target = undef, + $restore = true) { + + if $target != undef { + exec { "check_${name}": + command => "/bin/true", + onlyif => "/usr/bin/test -e '${target}'", + loglevel => info; + } + file { "$name": + ensure => $ensure, + target => $target, + require => Exec["check_${name}"], + loglevel => info; + } + } + + # + # if the target does not exist (or is undef), and the file happens to be in a git repo, + # then restore the file to its original state. + # + if $target == undef or $restore { + $file_basename = basename($name) + $file_dirname = dirname($name) + $command = "git rev-parse && unlink '${name}'; git checkout -- '${file_basename}' && chown --reference='${file_dirname}' '${name}'; true" + debug($command) + + if $target == undef { + exec { "restore_${name}": + command => $command, + cwd => $file_dirname, + loglevel => info; + } + } else { + exec { "restore_${name}": + unless => "/usr/bin/test -e '${target}'", + command => $command, + cwd => $file_dirname, + loglevel => info; + } + } + } +} diff --git a/puppet/modules/try/manifests/init.pp b/puppet/modules/try/manifests/init.pp new file mode 100644 index 00000000..1d2108c9 --- /dev/null +++ b/puppet/modules/try/manifests/init.pp @@ -0,0 +1,3 @@ +class try { + +} |