summaryrefslogtreecommitdiff
path: root/puppet/modules/site_webapp
diff options
context:
space:
mode:
authorMicah Anderson <micah@riseup.net>2016-11-04 10:54:28 -0400
committerMicah Anderson <micah@riseup.net>2016-11-04 10:54:28 -0400
commit34a381efa8f6295080c843f86bfa07d4e41056af (patch)
tree9282cf5d4c876688602705a7fa0002bc4a810bde /puppet/modules/site_webapp
parent0a72bc6fd292bf9367b314fcb0347c4d35042f16 (diff)
parent5821964ff7e16ca7aa9141bd09a77d355db492a9 (diff)
Merge branch 'develop'
Diffstat (limited to 'puppet/modules/site_webapp')
-rw-r--r--puppet/modules/site_webapp/manifests/apache.pp2
-rw-r--r--puppet/modules/site_webapp/manifests/hidden_service.pp13
-rw-r--r--puppet/modules/site_webapp/manifests/init.pp71
3 files changed, 52 insertions, 34 deletions
diff --git a/puppet/modules/site_webapp/manifests/apache.pp b/puppet/modules/site_webapp/manifests/apache.pp
index 80c7b29b..e559217d 100644
--- a/puppet/modules/site_webapp/manifests/apache.pp
+++ b/puppet/modules/site_webapp/manifests/apache.pp
@@ -18,7 +18,7 @@ class site_webapp::apache {
include apache::module::removeip
include site_webapp::common_vhost
- class { 'passenger': use_munin => false }
+ class { 'passenger': }
apache::vhost::file {
'api':
diff --git a/puppet/modules/site_webapp/manifests/hidden_service.pp b/puppet/modules/site_webapp/manifests/hidden_service.pp
index 72a2ce95..d2662b65 100644
--- a/puppet/modules/site_webapp/manifests/hidden_service.pp
+++ b/puppet/modules/site_webapp/manifests/hidden_service.pp
@@ -1,3 +1,4 @@
+# Configure tor hidden service for webapp
class site_webapp::hidden_service {
$tor = hiera('tor')
$hidden_service = $tor['hidden_service']
@@ -8,7 +9,7 @@ class site_webapp::hidden_service {
include apache::module::alias
include apache::module::expires
include apache::module::removeip
-
+
include tor::daemon
tor::daemon::hidden_service { 'webapp': ports => [ '80 127.0.0.1:80'] }
@@ -24,14 +25,16 @@ class site_webapp::hidden_service {
source => "/srv/leap/files/nodes/${::hostname}/tor.key",
owner => 'debian-tor',
group => 'debian-tor',
- mode => '0600';
+ mode => '0600',
+ notify => Service['tor'];
'/var/lib/tor/webapp/hostname':
ensure => present,
- content => $tor_domain,
+ content => "${tor_domain}\n",
owner => 'debian-tor',
group => 'debian-tor',
- mode => '0600';
+ mode => '0600',
+ notify => Service['tor'];
}
# it is necessary to zero out the config of the status module
@@ -40,7 +43,7 @@ class site_webapp::hidden_service {
apache::module { 'status': ensure => present, conf_content => ' ' }
# the access_compat module is required to enable Allow directives
apache::module { 'access_compat': ensure => present }
-
+
apache::vhost::file {
'hidden_service':
content => template('site_apache/vhosts.d/hidden_service.conf.erb');
diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp
index 15925aba..83cf99a9 100644
--- a/puppet/modules/site_webapp/manifests/init.pp
+++ b/puppet/modules/site_webapp/manifests/init.pp
@@ -16,21 +16,22 @@ class site_webapp {
Class['site_config::default'] -> Class['site_webapp']
- include site_config::ruby::dev
- include site_webapp::apache
- include site_webapp::couchdb
- include site_haproxy
- include site_webapp::cron
- include site_config::default
- include site_config::x509::cert
- include site_config::x509::key
- include site_config::x509::ca
- include site_config::x509::client_ca::ca
- include site_config::x509::client_ca::key
- include site_nickserver
+ include ::site_config::ruby::dev
+ include ::site_webapp::apache
+ include ::site_webapp::couchdb
+ include ::site_haproxy
+ include ::site_webapp::cron
+ include ::site_config::default
+ include ::site_config::x509::cert
+ include ::site_config::x509::key
+ include ::site_config::x509::ca
+ include ::site_config::x509::client_ca::ca
+ include ::site_config::x509::client_ca::key
+ include ::site_nickserver
+ include ::site_apt::preferences::twisted
# remove leftovers from previous installations on webapp nodes
- include site_config::remove::webapp
+ include ::site_config::remove::webapp
group { 'leap-webapp':
ensure => present,
@@ -91,12 +92,16 @@ class site_webapp {
'/srv/leap/webapp/config/provider':
ensure => directory,
require => Vcsrepo['/srv/leap/webapp'],
- owner => leap-webapp, group => leap-webapp, mode => '0755';
+ owner => 'leap-webapp',
+ group => 'leap-webapp',
+ mode => '0755';
'/srv/leap/webapp/config/provider/provider.json':
content => $provider,
require => Vcsrepo['/srv/leap/webapp'],
- owner => leap-webapp, group => leap-webapp, mode => '0644';
+ owner => 'leap-webapp',
+ group => 'leap-webapp',
+ mode => '0644';
'/srv/leap/webapp/public/ca.crt':
ensure => link,
@@ -106,27 +111,37 @@ class site_webapp {
"/srv/leap/webapp/public/${api_version}":
ensure => directory,
require => Vcsrepo['/srv/leap/webapp'],
- owner => leap-webapp, group => leap-webapp, mode => '0755';
+ owner => 'leap-webapp',
+ group => 'leap-webapp',
+ mode => '0755';
"/srv/leap/webapp/public/${api_version}/config/":
ensure => directory,
require => Vcsrepo['/srv/leap/webapp'],
- owner => leap-webapp, group => leap-webapp, mode => '0755';
+ owner => 'leap-webapp',
+ group => 'leap-webapp',
+ mode => '0755';
"/srv/leap/webapp/public/${api_version}/config/eip-service.json":
content => $eip_service,
require => Vcsrepo['/srv/leap/webapp'],
- owner => leap-webapp, group => leap-webapp, mode => '0644';
+ owner => 'leap-webapp',
+ group => 'leap-webapp',
+ mode => '0644';
"/srv/leap/webapp/public/${api_version}/config/soledad-service.json":
content => $soledad_service,
require => Vcsrepo['/srv/leap/webapp'],
- owner => leap-webapp, group => leap-webapp, mode => '0644';
+ owner => 'leap-webapp',
+ group => 'leap-webapp',
+ mode => '0644';
"/srv/leap/webapp/public/${api_version}/config/smtp-service.json":
content => $smtp_service,
require => Vcsrepo['/srv/leap/webapp'],
- owner => leap-webapp, group => leap-webapp, mode => '0644';
+ owner => 'leap-webapp',
+ group => 'leap-webapp',
+ mode => '0644';
}
try::file {
@@ -135,8 +150,8 @@ class site_webapp {
recurse => true,
purge => true,
force => true,
- owner => leap-webapp,
- group => leap-webapp,
+ owner => 'leap-webapp',
+ group => 'leap-webapp',
mode => 'u=rwX,go=rX',
require => Vcsrepo['/srv/leap/webapp'],
notify => Exec['compile_assets'],
@@ -153,8 +168,8 @@ class site_webapp {
file {
'/srv/leap/webapp/config/config.yml':
content => template('site_webapp/config.yml.erb'),
- owner => leap-webapp,
- group => leap-webapp,
+ owner => 'leap-webapp',
+ group => 'leap-webapp',
mode => '0600',
require => Vcsrepo['/srv/leap/webapp'],
notify => Service['apache'];
@@ -163,17 +178,17 @@ class site_webapp {
if $tor {
$hidden_service = $tor['hidden_service']
if $hidden_service['active'] {
- include site_webapp::hidden_service
+ include ::site_webapp::hidden_service
}
}
# needed for the soledad-sync check which is run on the
# webapp node
- include soledad::client
+ include ::soledad::client
leap::logfile { 'webapp': }
- include site_shorewall::webapp
- include site_check_mk::agent::webapp
+ include ::site_shorewall::webapp
+ include ::site_check_mk::agent::webapp
}