summaryrefslogtreecommitdiff
path: root/puppet/modules/site_webapp
diff options
context:
space:
mode:
authorMicah Anderson <micah@leap.se>2015-06-11 12:10:09 -0400
committerMicah Anderson <micah@leap.se>2015-06-11 12:10:09 -0400
commitb429b30bda4dafc78cb02f6ece5d82f08e35de1f (patch)
tree37efc30a4fcb642dec583c3accea76f7a7de9c39 /puppet/modules/site_webapp
parent67b2bea2dfcfb06191bf5ed562309f264c6aed8c (diff)
parentd9146415db0e6b7dd0c945039c0a4ed4fd054a7d (diff)
Merge tag '0.7.0'
Releasing 0.7.0
Diffstat (limited to 'puppet/modules/site_webapp')
-rw-r--r--puppet/modules/site_webapp/manifests/apache.pp3
-rw-r--r--puppet/modules/site_webapp/manifests/couchdb.pp9
-rw-r--r--puppet/modules/site_webapp/manifests/cron.pp17
-rw-r--r--puppet/modules/site_webapp/manifests/init.pp14
-rw-r--r--puppet/modules/site_webapp/manifests/logging.pp16
-rw-r--r--puppet/modules/site_webapp/templates/config.yml.erb4
-rw-r--r--puppet/modules/site_webapp/templates/couchdb.admin.yml.erb9
7 files changed, 45 insertions, 27 deletions
diff --git a/puppet/modules/site_webapp/manifests/apache.pp b/puppet/modules/site_webapp/manifests/apache.pp
index 21243d34..93e172a0 100644
--- a/puppet/modules/site_webapp/manifests/apache.pp
+++ b/puppet/modules/site_webapp/manifests/apache.pp
@@ -7,6 +7,9 @@ class site_webapp::apache {
$web_domain = hiera('domain')
$domain_name = $web_domain['name']
+ $webapp = hiera('webapp')
+ $webapp_domain = $webapp['domain']
+
include site_apache::common
include site_apache::module::headers
include site_apache::module::alias
diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp
index 3ae4d266..1dbc745d 100644
--- a/puppet/modules/site_webapp/manifests/couchdb.pp
+++ b/puppet/modules/site_webapp/manifests/couchdb.pp
@@ -6,6 +6,8 @@ class site_webapp::couchdb {
$couchdb_port = '4096'
$couchdb_webapp_user = $webapp['couchdb_webapp_user']['username']
$couchdb_webapp_password = $webapp['couchdb_webapp_user']['password']
+ $couchdb_admin_user = $webapp['couchdb_admin_user']['username']
+ $couchdb_admin_password = $webapp['couchdb_admin_user']['password']
include x509::variables
@@ -17,6 +19,13 @@ class site_webapp::couchdb {
mode => '0600',
require => Vcsrepo['/srv/leap/webapp'];
+ '/srv/leap/webapp/config/couchdb.admin.yml':
+ content => template('site_webapp/couchdb.admin.yml.erb'),
+ owner => leap-webapp,
+ group => leap-webapp,
+ mode => '0600',
+ require => Vcsrepo['/srv/leap/webapp'];
+
'/srv/leap/webapp/log':
ensure => directory,
owner => leap-webapp,
diff --git a/puppet/modules/site_webapp/manifests/cron.pp b/puppet/modules/site_webapp/manifests/cron.pp
index 811ad11d..d26ee312 100644
--- a/puppet/modules/site_webapp/manifests/cron.pp
+++ b/puppet/modules/site_webapp/manifests/cron.pp
@@ -2,11 +2,26 @@ class site_webapp::cron {
# cron tasks that need to be performed to cleanup the database
cron {
+ 'rotate_databases':
+ command => 'cd /srv/leap/webapp && bundle exec rake db:rotate',
+ environment => 'RAILS_ENV=production',
+ hour => [0,6,12,18],
+ minute => 0;
+
+ 'delete_tmp_databases':
+ command => 'cd /srv/leap/webapp && bundle exec rake db:deletetmp',
+ environment => 'RAILS_ENV=production',
+ hour => 1,
+ minute => 1;
+
+ # there is no longer a need to remove expired sessions, since the database
+ # will get destroyed.
'remove_expired_sessions':
command => 'cd /srv/leap/webapp && bundle exec rake cleanup:sessions',
environment => 'RAILS_ENV=production',
hour => 2,
- minute => 30;
+ minute => 30,
+ ensure => absent;
'remove_expired_tokens':
command => 'cd /srv/leap/webapp && bundle exec rake cleanup:tokens',
diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp
index 9f97d2c5..ec94c090 100644
--- a/puppet/modules/site_webapp/manifests/init.pp
+++ b/puppet/modules/site_webapp/manifests/init.pp
@@ -11,13 +11,13 @@ class site_webapp {
$api_version = $webapp['api_version']
$secret_token = $webapp['secret_token']
$tor = hiera('tor', false)
+ $sources = hiera('sources')
Class['site_config::default'] -> Class['site_webapp']
include site_config::ruby::dev
include site_webapp::apache
include site_webapp::couchdb
- include site_webapp::logging
include site_haproxy
include site_webapp::cron
include site_config::x509::cert
@@ -43,9 +43,9 @@ class site_webapp {
vcsrepo { '/srv/leap/webapp':
ensure => present,
force => true,
- revision => $webapp['git']['revision'],
- provider => git,
- source => $webapp['git']['source'],
+ revision => $sources['webapp']['revision'],
+ provider => $sources['webapp']['type'],
+ source => $sources['webapp']['source'],
owner => 'leap-webapp',
group => 'leap-webapp',
require => [ User['leap-webapp'], Group['leap-webapp'] ],
@@ -92,10 +92,6 @@ class site_webapp {
require => Vcsrepo['/srv/leap/webapp'],
owner => leap-webapp, group => leap-webapp, mode => '0644';
- # old provider.json location. this can be removed after everyone upgrades.
- '/srv/leap/webapp/public/provider.json':
- ensure => absent;
-
'/srv/leap/webapp/public/ca.crt':
ensure => link,
require => Vcsrepo['/srv/leap/webapp'],
@@ -172,6 +168,8 @@ class site_webapp {
ensure => latest,
}
+ leap::logfile { 'webapp': }
+
include site_shorewall::webapp
include site_check_mk::agent::webapp
}
diff --git a/puppet/modules/site_webapp/manifests/logging.pp b/puppet/modules/site_webapp/manifests/logging.pp
deleted file mode 100644
index b414b82c..00000000
--- a/puppet/modules/site_webapp/manifests/logging.pp
+++ /dev/null
@@ -1,16 +0,0 @@
-class site_webapp::logging {
-
- rsyslog::snippet { '01-webapp':
- content => 'if $programname == "webapp" then /var/log/leap/webapp.log
-&~'
- }
-
- augeas {
- 'logrotate_webapp':
- context => '/files/etc/logrotate.d/webapp/rule',
- changes => [ 'set file /var/log/leap/webapp.log', 'set rotate 7',
- 'set schedule daily', 'set compress compress',
- 'set missingok missingok', 'set ifempty notifempty',
- 'set copytruncate copytruncate' ]
- }
-}
diff --git a/puppet/modules/site_webapp/templates/config.yml.erb b/puppet/modules/site_webapp/templates/config.yml.erb
index 0c75f3ca..ccde2d2e 100644
--- a/puppet/modules/site_webapp/templates/config.yml.erb
+++ b/puppet/modules/site_webapp/templates/config.yml.erb
@@ -7,7 +7,7 @@ production:
client_ca_key: <%= scope.lookupvar('x509::variables::keys') %>/<%= scope.lookupvar('site_config::params::client_ca_name') %>.key
client_ca_cert: <%= scope.lookupvar('x509::variables::local_CAs') %>/<%= scope.lookupvar('site_config::params::client_ca_name') %>.crt
secret_token: "<%= @secret_token %>"
- client_cert_lifespan: <%= cert_options['life_span'].to_i %>
+ client_cert_lifespan: <%= cert_options['life_span'] %>
client_cert_bit_size: <%= cert_options['bit_size'].to_i %>
client_cert_hash: <%= cert_options['digest'] %>
allow_limited_certs: <%= @webapp['allow_limited_certs'].inspect %>
@@ -17,7 +17,7 @@ production:
unlimited_cert_prefix: "<%= cert_options['unlimited_prefix'] %>"
minimum_client_version: "<%= @webapp['client_version']['min'] %>"
default_service_level: "<%= @webapp['default_service_level'] %>"
- service_levels: <%= @webapp['service_levels'].to_json %>
+ service_levels: <%= scope.function_sorted_json([@webapp['service_levels']]) %>
allow_registration: <%= @webapp['allow_registration'].inspect %>
handle_blacklist: <%= @webapp['forbidden_usernames'].inspect %>
<%- if @webapp['engines'] && @webapp['engines'].any? -%>
diff --git a/puppet/modules/site_webapp/templates/couchdb.admin.yml.erb b/puppet/modules/site_webapp/templates/couchdb.admin.yml.erb
new file mode 100644
index 00000000..a0921add
--- /dev/null
+++ b/puppet/modules/site_webapp/templates/couchdb.admin.yml.erb
@@ -0,0 +1,9 @@
+production:
+ prefix: ""
+ protocol: 'http'
+ host: <%= @couchdb_host %>
+ port: <%= @couchdb_port %>
+ auto_update_design_doc: false
+ username: <%= @couchdb_admin_user %>
+ password: <%= @couchdb_admin_password %>
+