summaryrefslogtreecommitdiff
path: root/puppet/modules
diff options
context:
space:
mode:
authorelijah <elijah@riseup.net>2013-07-11 10:04:21 -0700
committerelijah <elijah@riseup.net>2013-07-11 12:17:33 -0700
commit8478e8613ded138b5d68b122cb82f5418a199764 (patch)
tree504137470336f899abb4ca3abca0021f7f4a0303 /puppet/modules
parent0e7b47380edb2af6683a0cdc871eaa60a4101f5c (diff)
changes to support restrictive permissions for /etc/leap. this is required to work with the latest leap_cli.
Diffstat (limited to 'puppet/modules')
-rw-r--r--puppet/modules/site_config/manifests/default.pp3
-rw-r--r--puppet/modules/site_config/manifests/files.pp10
-rw-r--r--puppet/modules/site_webapp/manifests/init.pp29
-rw-r--r--puppet/modules/try/manifests/file.pp38
4 files changed, 64 insertions, 16 deletions
diff --git a/puppet/modules/site_config/manifests/default.pp b/puppet/modules/site_config/manifests/default.pp
index 00eee9d0..e299a0f4 100644
--- a/puppet/modules/site_config/manifests/default.pp
+++ b/puppet/modules/site_config/manifests/default.pp
@@ -41,4 +41,7 @@ class site_config::default {
# include basic shell config
include site_config::shell
+
+ # set up core leap files and directories
+ include site_config::files
}
diff --git a/puppet/modules/site_config/manifests/files.pp b/puppet/modules/site_config/manifests/files.pp
new file mode 100644
index 00000000..03c9aff8
--- /dev/null
+++ b/puppet/modules/site_config/manifests/files.pp
@@ -0,0 +1,10 @@
+class site_config::files {
+
+ file { '/srv/leap':
+ ensure => directory,
+ owner => 'root',
+ group => 'root',
+ mode => '0711'
+ }
+
+} \ No newline at end of file
diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp
index e743dc07..103a0faf 100644
--- a/puppet/modules/site_webapp/manifests/init.pp
+++ b/puppet/modules/site_webapp/manifests/init.pp
@@ -107,24 +107,35 @@ class site_webapp {
try::file {
'/srv/leap/webapp/public/favicon.ico':
- ensure => 'link',
+ ensure => present,
+ owner => leap-webapp,
+ group => leap-webapp,
require => Vcsrepo['/srv/leap/webapp'],
- target => $webapp['favicon'];
+ source => $webapp['favicon'];
'/srv/leap/webapp/app/assets/stylesheets/tail.scss':
- ensure => 'link',
+ ensure => present,
+ owner => leap-webapp,
+ group => leap-webapp,
require => Vcsrepo['/srv/leap/webapp'],
- target => $webapp['tail_scss'];
+ source => $webapp['tail_scss'];
'/srv/leap/webapp/app/assets/stylesheets/head.scss':
- ensure => 'link',
+ ensure => present,
+ owner => leap-webapp,
+ group => leap-webapp,
require => Vcsrepo['/srv/leap/webapp'],
- target => $webapp['head_scss'];
+ source => $webapp['head_scss'];
'/srv/leap/webapp/public/img':
- ensure => 'link',
- require => Vcsrepo['/srv/leap/webapp'],
- target => $webapp['img_dir'];
+ ensure => directory,
+ recurse => true,
+ purge => true,
+ force => true,
+ owner => leap-webapp,
+ group => leap-webapp,
+ mode => '0644',
+ source => $webapp['img_dir'];
}
file {
diff --git a/puppet/modules/try/manifests/file.pp b/puppet/modules/try/manifests/file.pp
index 47a8c269..7063ded9 100644
--- a/puppet/modules/try/manifests/file.pp
+++ b/puppet/modules/try/manifests/file.pp
@@ -1,23 +1,47 @@
#
-# like built-in type "file", but gets gracefully ignored if the target does not exist or is undefined.
+# Works like the built-in type "file", but gets gracefully ignored if the target/source does not exist or is undefined.
+#
+# Also, if the source or target doesn't exist, and the destination is a git repo, then the file is restored from git.
#
# /bin/true and /usr/bin/test are hardcoded to their paths in debian.
#
-
+# known limitations:
+# * restore does not work for directories
+#
define try::file (
$ensure = undef,
$target = undef,
+ $source = undef,
+ $owner = undef,
+ $group = undef,
+ $recurse = undef,
+ $purge = undef,
+ $force = undef,
+ $mode = undef,
$restore = true) {
- if $target != undef {
+ if $target {
+ $target_or_source = $target
+ } else {
+ $target_or_source = $source
+ }
+
+ if $target_or_source != undef {
exec { "check_${name}":
command => "/bin/true",
- onlyif => "/usr/bin/test -e '${target}'",
+ onlyif => "/usr/bin/test -e '${target_or_source}'",
loglevel => info;
}
file { "$name":
ensure => $ensure,
target => $target,
+ source => $source,
+ owner => $owner,
+ group => $group,
+ recurse => $recurse,
+ purge => $purge,
+ force => $force,
+ mode => $mode,
require => $require ? {
undef => Exec["check_${name}"],
default => [ $require, Exec["check_${name}"] ]
@@ -27,10 +51,10 @@ define try::file (
}
#
- # if the target does not exist (or is undef), and the file happens to be in a git repo,
+ # if the target/source does not exist (or is undef), and the file happens to be in a git repo,
# then restore the file to its original state.
#
- if $target == undef or $restore {
+ if ($target_or_source == undef) or $restore {
$file_basename = basename($name)
$file_dirname = dirname($name)
$command = "git rev-parse && unlink '${name}'; git checkout -- '${file_basename}' && chown --reference='${file_dirname}' '${name}'; true"
@@ -48,7 +72,7 @@ define try::file (
}
} else {
exec { "restore_${name}":
- unless => "/usr/bin/test -e '${target}'",
+ unless => "/usr/bin/test -e '${target_or_source}'",
command => $command,
cwd => $file_dirname,
require => $require ? {