diff options
author | Micah Anderson <micah@riseup.net> | 2016-11-04 10:54:28 -0400 |
---|---|---|
committer | Micah Anderson <micah@riseup.net> | 2016-11-04 10:54:28 -0400 |
commit | 34a381efa8f6295080c843f86bfa07d4e41056af (patch) | |
tree | 9282cf5d4c876688602705a7fa0002bc4a810bde /puppet/modules/site_webapp | |
parent | 0a72bc6fd292bf9367b314fcb0347c4d35042f16 (diff) | |
parent | 5821964ff7e16ca7aa9141bd09a77d355db492a9 (diff) |
Merge branch 'develop'
Diffstat (limited to 'puppet/modules/site_webapp')
-rw-r--r-- | puppet/modules/site_webapp/manifests/apache.pp | 2 | ||||
-rw-r--r-- | puppet/modules/site_webapp/manifests/hidden_service.pp | 13 | ||||
-rw-r--r-- | puppet/modules/site_webapp/manifests/init.pp | 71 |
3 files changed, 52 insertions, 34 deletions
diff --git a/puppet/modules/site_webapp/manifests/apache.pp b/puppet/modules/site_webapp/manifests/apache.pp index 80c7b29b..e559217d 100644 --- a/puppet/modules/site_webapp/manifests/apache.pp +++ b/puppet/modules/site_webapp/manifests/apache.pp @@ -18,7 +18,7 @@ class site_webapp::apache { include apache::module::removeip include site_webapp::common_vhost - class { 'passenger': use_munin => false } + class { 'passenger': } apache::vhost::file { 'api': diff --git a/puppet/modules/site_webapp/manifests/hidden_service.pp b/puppet/modules/site_webapp/manifests/hidden_service.pp index 72a2ce95..d2662b65 100644 --- a/puppet/modules/site_webapp/manifests/hidden_service.pp +++ b/puppet/modules/site_webapp/manifests/hidden_service.pp @@ -1,3 +1,4 @@ +# Configure tor hidden service for webapp class site_webapp::hidden_service { $tor = hiera('tor') $hidden_service = $tor['hidden_service'] @@ -8,7 +9,7 @@ class site_webapp::hidden_service { include apache::module::alias include apache::module::expires include apache::module::removeip - + include tor::daemon tor::daemon::hidden_service { 'webapp': ports => [ '80 127.0.0.1:80'] } @@ -24,14 +25,16 @@ class site_webapp::hidden_service { source => "/srv/leap/files/nodes/${::hostname}/tor.key", owner => 'debian-tor', group => 'debian-tor', - mode => '0600'; + mode => '0600', + notify => Service['tor']; '/var/lib/tor/webapp/hostname': ensure => present, - content => $tor_domain, + content => "${tor_domain}\n", owner => 'debian-tor', group => 'debian-tor', - mode => '0600'; + mode => '0600', + notify => Service['tor']; } # it is necessary to zero out the config of the status module @@ -40,7 +43,7 @@ class site_webapp::hidden_service { apache::module { 'status': ensure => present, conf_content => ' ' } # the access_compat module is required to enable Allow directives apache::module { 'access_compat': ensure => present } - + apache::vhost::file { 'hidden_service': content => template('site_apache/vhosts.d/hidden_service.conf.erb'); diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index 15925aba..83cf99a9 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -16,21 +16,22 @@ class site_webapp { Class['site_config::default'] -> Class['site_webapp'] - include site_config::ruby::dev - include site_webapp::apache - include site_webapp::couchdb - include site_haproxy - include site_webapp::cron - include site_config::default - include site_config::x509::cert - include site_config::x509::key - include site_config::x509::ca - include site_config::x509::client_ca::ca - include site_config::x509::client_ca::key - include site_nickserver + include ::site_config::ruby::dev + include ::site_webapp::apache + include ::site_webapp::couchdb + include ::site_haproxy + include ::site_webapp::cron + include ::site_config::default + include ::site_config::x509::cert + include ::site_config::x509::key + include ::site_config::x509::ca + include ::site_config::x509::client_ca::ca + include ::site_config::x509::client_ca::key + include ::site_nickserver + include ::site_apt::preferences::twisted # remove leftovers from previous installations on webapp nodes - include site_config::remove::webapp + include ::site_config::remove::webapp group { 'leap-webapp': ensure => present, @@ -91,12 +92,16 @@ class site_webapp { '/srv/leap/webapp/config/provider': ensure => directory, require => Vcsrepo['/srv/leap/webapp'], - owner => leap-webapp, group => leap-webapp, mode => '0755'; + owner => 'leap-webapp', + group => 'leap-webapp', + mode => '0755'; '/srv/leap/webapp/config/provider/provider.json': content => $provider, require => Vcsrepo['/srv/leap/webapp'], - owner => leap-webapp, group => leap-webapp, mode => '0644'; + owner => 'leap-webapp', + group => 'leap-webapp', + mode => '0644'; '/srv/leap/webapp/public/ca.crt': ensure => link, @@ -106,27 +111,37 @@ class site_webapp { "/srv/leap/webapp/public/${api_version}": ensure => directory, require => Vcsrepo['/srv/leap/webapp'], - owner => leap-webapp, group => leap-webapp, mode => '0755'; + owner => 'leap-webapp', + group => 'leap-webapp', + mode => '0755'; "/srv/leap/webapp/public/${api_version}/config/": ensure => directory, require => Vcsrepo['/srv/leap/webapp'], - owner => leap-webapp, group => leap-webapp, mode => '0755'; + owner => 'leap-webapp', + group => 'leap-webapp', + mode => '0755'; "/srv/leap/webapp/public/${api_version}/config/eip-service.json": content => $eip_service, require => Vcsrepo['/srv/leap/webapp'], - owner => leap-webapp, group => leap-webapp, mode => '0644'; + owner => 'leap-webapp', + group => 'leap-webapp', + mode => '0644'; "/srv/leap/webapp/public/${api_version}/config/soledad-service.json": content => $soledad_service, require => Vcsrepo['/srv/leap/webapp'], - owner => leap-webapp, group => leap-webapp, mode => '0644'; + owner => 'leap-webapp', + group => 'leap-webapp', + mode => '0644'; "/srv/leap/webapp/public/${api_version}/config/smtp-service.json": content => $smtp_service, require => Vcsrepo['/srv/leap/webapp'], - owner => leap-webapp, group => leap-webapp, mode => '0644'; + owner => 'leap-webapp', + group => 'leap-webapp', + mode => '0644'; } try::file { @@ -135,8 +150,8 @@ class site_webapp { recurse => true, purge => true, force => true, - owner => leap-webapp, - group => leap-webapp, + owner => 'leap-webapp', + group => 'leap-webapp', mode => 'u=rwX,go=rX', require => Vcsrepo['/srv/leap/webapp'], notify => Exec['compile_assets'], @@ -153,8 +168,8 @@ class site_webapp { file { '/srv/leap/webapp/config/config.yml': content => template('site_webapp/config.yml.erb'), - owner => leap-webapp, - group => leap-webapp, + owner => 'leap-webapp', + group => 'leap-webapp', mode => '0600', require => Vcsrepo['/srv/leap/webapp'], notify => Service['apache']; @@ -163,17 +178,17 @@ class site_webapp { if $tor { $hidden_service = $tor['hidden_service'] if $hidden_service['active'] { - include site_webapp::hidden_service + include ::site_webapp::hidden_service } } # needed for the soledad-sync check which is run on the # webapp node - include soledad::client + include ::soledad::client leap::logfile { 'webapp': } - include site_shorewall::webapp - include site_check_mk::agent::webapp + include ::site_shorewall::webapp + include ::site_check_mk::agent::webapp } |