initial tapicero configuration

Change-Id: Ie53b09df0758ba01b30ed658bee04682bc180b01
author: Micah Anderson <micah@leap.se> 2013-11-20 13:13:36 -0500
committer: Micah Anderson <micah@leap.se> 2013-11-27 14:48:00 -0500
commit: 69e626d819317ce977007571714dd7a2f1235492 (patch)
tree: de0bd001ad5e07572f8ce8154940eaf988b46401 /puppet
parent: 92d68c912d0de44ec9e88f7327303cc0fce7114b (diff)
4 files changed, 223 insertions, 0 deletions
diff --git a/puppet/manifests/site.pp b/puppet/manifests/site.pp
index 9f5d82d8..def0a642 100644
--- a/puppet/manifests/site.pp
+++ b/puppet/manifests/site.pp
@@ -14,6 +14,7 @@ if $services =~ /\bopenvpn\b/ {
 
 if $services =~ /\bcouchdb\b/ {
   include site_couchdb
+  include tapicero
 }
 
 if $services =~ /\bwebapp\b/ {
diff --git a/puppet/modules/tapicero/files/tapicero.init b/puppet/modules/tapicero/files/tapicero.init
new file mode 100755
index 00000000..7a9af45f
--- /dev/null
+++ b/puppet/modules/tapicero/files/tapicero.init
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+### BEGIN INIT INFO
+# Provides:          tapicero
+# Required-Start:    $remote_fs $syslog
+# Required-Stop:     $remote_fs $syslog
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: tapicero initscript
+# Description:       Controls tapicero daemon
+### END INIT INFO
+
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+BUNDLER=/usr/bin/bundle
+NAME=tapicero
+HOME="/srv/leap"
+DAEMON="${HOME}/${NAME}/bin/${NAME}"
+BUNDLE_GEMFILE="${HOME}/${NAME}/Gemfile"
+
+export BUNDLE_GEMFILE
+
+# exit if the daemon doesn't exist
+[ -x "$DAEMON" ] || exit 0
+
+. /lib/init/vars.sh
+. /lib/lsb/init-functions
+
+if [ "$VERBOSE" != no ]; then
+    OPTIONS="--verbose"
+else
+    OPTIONS=""
+fi
+
+case "$1" in
+    start)
+        $BUNDLER exec $DAEMON start $OPTIONS
+        exit $?
+        ;;
+    stop)
+        $BUNDLER exec $DAEMON stop $OPTIONS
+        exit $?
+        ;;
+    restart)
+        $BUNDLER exec $DAEMON restart $OPTIONS
+        exit $?
+        ;;
+    reload)
+        $BUNDLER exec $DAEMON reload $OPTIONS
+        exit $?
+        ;;
+    status)
+        $BUNDLER exec $DAEMON status $OPTIONS
+        exit $?
+        ;;
+    *)
+        echo "Usage: /etc/init.d/$NAME {start|stop|reload|restart|status}"
+        exit 1
+esac
+
+exit 0
diff --git a/puppet/modules/tapicero/manifests/init.pp b/puppet/modules/tapicero/manifests/init.pp
new file mode 100644
index 00000000..fe33ac75
--- /dev/null
+++ b/puppet/modules/tapicero/manifests/init.pp
@@ -0,0 +1,126 @@
+class tapicero {
+  tag 'leap_service'
+
+  $couchdb                 = hiera('couch')
+  $couchdb_port            = $couchdb['port']
+
+  $couchdb_users           = $couchdb['users']
+
+  $couchdb_admin_user      = $couchdb_users['admin']['username']
+  $couchdb_admin_password  = $couchdb_users['admin']['password']
+
+  $couchdb_soledad_user      = $couchdb_users['soledad']['username']
+  $couchdb_soledad_password  = $couchdb_users['soledad']['password']
+
+  $couchdb_leap_mx_user      = $couchdb_users['leap_mx']['username']
+  $couchdb_leap_mx_password  = $couchdb_users['leap_mx']['password']
+
+
+  Class['site_config::default'] -> Class['tapicero']
+
+  include site_config::ruby::dev
+
+  #
+  # USER AND GROUP
+  #
+
+  group { 'tapicero':
+    ensure    => present,
+    allowdupe => false;
+  }
+
+  user { 'tapicero':
+    ensure    => present,
+    allowdupe => false,
+    gid       => 'tapicero',
+    home      => '/srv/leap/tapicero',
+    require   => Group['tapicero'];
+  }
+
+  #
+  # TAPICERO FILES
+  #
+
+  file {
+
+    ##
+    ## TAPICERO DIRECTORIES
+    ##
+
+    '/srv/leap/tapicero':
+      ensure  => directory,
+      owner   => 'tapicero',
+      group   => 'tapicero',
+      require => User['tapicero'];
+
+    '/var/lib/leap/tapicero':
+      ensure  => directory,
+      owner   => 'tapicero',
+      group   => 'tapicero',
+      require => User['tapicero'];
+
+    ##
+    ## TAPICERO CONFIG
+    ##
+
+    '/etc/leap/tapicero.yaml':
+      content => template('tapicero/tapicero.yaml.erb'),
+      owner   => 'tapicero',
+      group   => 'tapicero',
+      mode    => '0600',
+      notify  => Service['tapicero'];
+
+    ##
+    ## TAPICERO INIT
+    ##
+
+    '/etc/init.d/tapicero':
+      source  => 'puppet:///modules/tapicero/tapicero.init',
+      owner   => root,
+      group   => 0,
+      mode    => '0755',
+      require => Vcsrepo['/srv/leap/tapicero'];
+  }
+
+  #
+  # TAPICERO CODE
+  #
+
+  vcsrepo { '/srv/leap/tapicero':
+    ensure   => present,
+    force    => true,
+    revision => 'origin/master',
+    provider => git,
+    source   => 'https://leap.se/git/tapicero',
+    owner    => 'tapicero',
+    group    => 'tapicero',
+    require  => [ User['tapicero'], Group['tapicero'] ],
+    notify   => Exec['tapicero_bundler_update']
+  }
+
+  exec { 'tapicero_bundler_update':
+    cwd     => '/srv/leap/tapicero',
+    command => '/bin/bash -c "/usr/bin/bundle check || /usr/bin/bundle install --path vendor/bundle --without test development"',
+    unless  => '/usr/bin/bundle check',
+    user    => 'tapicero',
+    timeout => 600,
+    require => [
+                Class['bundler::install'],
+                Vcsrepo['/srv/leap/tapicero'],
+                Class['site_config::ruby::dev'] ],
+    notify  => Service['tapicero'];
+  }
+
+  #
+  # TAPICERO DAEMON
+  #
+
+  service { 'tapicero':
+    ensure     => running,
+    enable     => true,
+    hasstatus  => true,
+    hasrestart => true,
+    require    => File['/etc/init.d/tapicero'];
+  }
+
+}
diff --git a/puppet/modules/tapicero/templates/tapicero.yaml.erb b/puppet/modules/tapicero/templates/tapicero.yaml.erb
new file mode 100644
index 00000000..75b8d5f6
--- /dev/null
+++ b/puppet/modules/tapicero/templates/tapicero.yaml.erb
@@ -0,0 +1,36 @@
+#
+# Default configuration options for Tapicero
+#
+
+# database to observe for changes:
+users_db_name: "users"
+
+# prefix for per user databases:
+db_prefix: "user-"
+
+# couch connection configuration
+couch_connection:
+  protocol: "http"
+  host: "localhost"
+  port: <%= @couchdb_port %>
+  username: <%= @couchdb_admin_user %>
+  password: <%= @couchdb_admin_password %>
+
+# security settings to be used for the per user databases
+security:
+  admins:
+    names: []
+    roles: []
+  readers:
+    names: 
+      - <%= @couchdb_soledad_user %>
+      - <%= @couchdb_leap_mx_user %>
+    roles: []
+
+# file to store the last processed user record in so we can resume after
+# a restart:
+seq_file: "/var/lib/leap/tapicero/tapicero.seq"
+
+# Configure log_file like this if you want to log to a file instead of syslog:
+# log_file: "/var/leap/log/tapicero.log"
+log_level: info
author	Micah Anderson <micah@leap.se>	2013-11-20 13:13:36 -0500
committer	Micah Anderson <micah@leap.se>	2013-11-27 14:48:00 -0500
commit	69e626d819317ce977007571714dd7a2f1235492 (patch)
tree	de0bd001ad5e07572f8ce8154940eaf988b46401 /puppet
parent	92d68c912d0de44ec9e88f7327303cc0fce7114b (diff)