diff options
author | Micah Anderson <micah@leap.se> | 2015-06-11 12:10:09 -0400 |
---|---|---|
committer | Micah Anderson <micah@leap.se> | 2015-06-11 12:10:09 -0400 |
commit | b429b30bda4dafc78cb02f6ece5d82f08e35de1f (patch) | |
tree | 37efc30a4fcb642dec583c3accea76f7a7de9c39 /puppet/modules/site_webapp | |
parent | 67b2bea2dfcfb06191bf5ed562309f264c6aed8c (diff) | |
parent | d9146415db0e6b7dd0c945039c0a4ed4fd054a7d (diff) |
Merge tag '0.7.0'
Releasing 0.7.0
Diffstat (limited to 'puppet/modules/site_webapp')
-rw-r--r-- | puppet/modules/site_webapp/manifests/apache.pp | 3 | ||||
-rw-r--r-- | puppet/modules/site_webapp/manifests/couchdb.pp | 9 | ||||
-rw-r--r-- | puppet/modules/site_webapp/manifests/cron.pp | 17 | ||||
-rw-r--r-- | puppet/modules/site_webapp/manifests/init.pp | 14 | ||||
-rw-r--r-- | puppet/modules/site_webapp/manifests/logging.pp | 16 | ||||
-rw-r--r-- | puppet/modules/site_webapp/templates/config.yml.erb | 4 | ||||
-rw-r--r-- | puppet/modules/site_webapp/templates/couchdb.admin.yml.erb | 9 |
7 files changed, 45 insertions, 27 deletions
diff --git a/puppet/modules/site_webapp/manifests/apache.pp b/puppet/modules/site_webapp/manifests/apache.pp index 21243d34..93e172a0 100644 --- a/puppet/modules/site_webapp/manifests/apache.pp +++ b/puppet/modules/site_webapp/manifests/apache.pp @@ -7,6 +7,9 @@ class site_webapp::apache { $web_domain = hiera('domain') $domain_name = $web_domain['name'] + $webapp = hiera('webapp') + $webapp_domain = $webapp['domain'] + include site_apache::common include site_apache::module::headers include site_apache::module::alias diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index 3ae4d266..1dbc745d 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -6,6 +6,8 @@ class site_webapp::couchdb { $couchdb_port = '4096' $couchdb_webapp_user = $webapp['couchdb_webapp_user']['username'] $couchdb_webapp_password = $webapp['couchdb_webapp_user']['password'] + $couchdb_admin_user = $webapp['couchdb_admin_user']['username'] + $couchdb_admin_password = $webapp['couchdb_admin_user']['password'] include x509::variables @@ -17,6 +19,13 @@ class site_webapp::couchdb { mode => '0600', require => Vcsrepo['/srv/leap/webapp']; + '/srv/leap/webapp/config/couchdb.admin.yml': + content => template('site_webapp/couchdb.admin.yml.erb'), + owner => leap-webapp, + group => leap-webapp, + mode => '0600', + require => Vcsrepo['/srv/leap/webapp']; + '/srv/leap/webapp/log': ensure => directory, owner => leap-webapp, diff --git a/puppet/modules/site_webapp/manifests/cron.pp b/puppet/modules/site_webapp/manifests/cron.pp index 811ad11d..d26ee312 100644 --- a/puppet/modules/site_webapp/manifests/cron.pp +++ b/puppet/modules/site_webapp/manifests/cron.pp @@ -2,11 +2,26 @@ class site_webapp::cron { # cron tasks that need to be performed to cleanup the database cron { + 'rotate_databases': + command => 'cd /srv/leap/webapp && bundle exec rake db:rotate', + environment => 'RAILS_ENV=production', + hour => [0,6,12,18], + minute => 0; + + 'delete_tmp_databases': + command => 'cd /srv/leap/webapp && bundle exec rake db:deletetmp', + environment => 'RAILS_ENV=production', + hour => 1, + minute => 1; + + # there is no longer a need to remove expired sessions, since the database + # will get destroyed. 'remove_expired_sessions': command => 'cd /srv/leap/webapp && bundle exec rake cleanup:sessions', environment => 'RAILS_ENV=production', hour => 2, - minute => 30; + minute => 30, + ensure => absent; 'remove_expired_tokens': command => 'cd /srv/leap/webapp && bundle exec rake cleanup:tokens', diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index 9f97d2c5..ec94c090 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -11,13 +11,13 @@ class site_webapp { $api_version = $webapp['api_version'] $secret_token = $webapp['secret_token'] $tor = hiera('tor', false) + $sources = hiera('sources') Class['site_config::default'] -> Class['site_webapp'] include site_config::ruby::dev include site_webapp::apache include site_webapp::couchdb - include site_webapp::logging include site_haproxy include site_webapp::cron include site_config::x509::cert @@ -43,9 +43,9 @@ class site_webapp { vcsrepo { '/srv/leap/webapp': ensure => present, force => true, - revision => $webapp['git']['revision'], - provider => git, - source => $webapp['git']['source'], + revision => $sources['webapp']['revision'], + provider => $sources['webapp']['type'], + source => $sources['webapp']['source'], owner => 'leap-webapp', group => 'leap-webapp', require => [ User['leap-webapp'], Group['leap-webapp'] ], @@ -92,10 +92,6 @@ class site_webapp { require => Vcsrepo['/srv/leap/webapp'], owner => leap-webapp, group => leap-webapp, mode => '0644'; - # old provider.json location. this can be removed after everyone upgrades. - '/srv/leap/webapp/public/provider.json': - ensure => absent; - '/srv/leap/webapp/public/ca.crt': ensure => link, require => Vcsrepo['/srv/leap/webapp'], @@ -172,6 +168,8 @@ class site_webapp { ensure => latest, } + leap::logfile { 'webapp': } + include site_shorewall::webapp include site_check_mk::agent::webapp } diff --git a/puppet/modules/site_webapp/manifests/logging.pp b/puppet/modules/site_webapp/manifests/logging.pp deleted file mode 100644 index b414b82c..00000000 --- a/puppet/modules/site_webapp/manifests/logging.pp +++ /dev/null @@ -1,16 +0,0 @@ -class site_webapp::logging { - - rsyslog::snippet { '01-webapp': - content => 'if $programname == "webapp" then /var/log/leap/webapp.log -&~' - } - - augeas { - 'logrotate_webapp': - context => '/files/etc/logrotate.d/webapp/rule', - changes => [ 'set file /var/log/leap/webapp.log', 'set rotate 7', - 'set schedule daily', 'set compress compress', - 'set missingok missingok', 'set ifempty notifempty', - 'set copytruncate copytruncate' ] - } -} diff --git a/puppet/modules/site_webapp/templates/config.yml.erb b/puppet/modules/site_webapp/templates/config.yml.erb index 0c75f3ca..ccde2d2e 100644 --- a/puppet/modules/site_webapp/templates/config.yml.erb +++ b/puppet/modules/site_webapp/templates/config.yml.erb @@ -7,7 +7,7 @@ production: client_ca_key: <%= scope.lookupvar('x509::variables::keys') %>/<%= scope.lookupvar('site_config::params::client_ca_name') %>.key client_ca_cert: <%= scope.lookupvar('x509::variables::local_CAs') %>/<%= scope.lookupvar('site_config::params::client_ca_name') %>.crt secret_token: "<%= @secret_token %>" - client_cert_lifespan: <%= cert_options['life_span'].to_i %> + client_cert_lifespan: <%= cert_options['life_span'] %> client_cert_bit_size: <%= cert_options['bit_size'].to_i %> client_cert_hash: <%= cert_options['digest'] %> allow_limited_certs: <%= @webapp['allow_limited_certs'].inspect %> @@ -17,7 +17,7 @@ production: unlimited_cert_prefix: "<%= cert_options['unlimited_prefix'] %>" minimum_client_version: "<%= @webapp['client_version']['min'] %>" default_service_level: "<%= @webapp['default_service_level'] %>" - service_levels: <%= @webapp['service_levels'].to_json %> + service_levels: <%= scope.function_sorted_json([@webapp['service_levels']]) %> allow_registration: <%= @webapp['allow_registration'].inspect %> handle_blacklist: <%= @webapp['forbidden_usernames'].inspect %> <%- if @webapp['engines'] && @webapp['engines'].any? -%> diff --git a/puppet/modules/site_webapp/templates/couchdb.admin.yml.erb b/puppet/modules/site_webapp/templates/couchdb.admin.yml.erb new file mode 100644 index 00000000..a0921add --- /dev/null +++ b/puppet/modules/site_webapp/templates/couchdb.admin.yml.erb @@ -0,0 +1,9 @@ +production: + prefix: "" + protocol: 'http' + host: <%= @couchdb_host %> + port: <%= @couchdb_port %> + auto_update_design_doc: false + username: <%= @couchdb_admin_user %> + password: <%= @couchdb_admin_password %> + |