summaryrefslogtreecommitdiff
path: root/puppet
diff options
context:
space:
mode:
authorMicah Anderson <micah@leap.se>2013-11-20 13:13:36 -0500
committerMicah Anderson <micah@leap.se>2013-11-27 14:48:00 -0500
commit69e626d819317ce977007571714dd7a2f1235492 (patch)
treede0bd001ad5e07572f8ce8154940eaf988b46401 /puppet
parent92d68c912d0de44ec9e88f7327303cc0fce7114b (diff)
initial tapicero configuration
Change-Id: Ie53b09df0758ba01b30ed658bee04682bc180b01
Diffstat (limited to 'puppet')
-rw-r--r--puppet/manifests/site.pp1
-rwxr-xr-xpuppet/modules/tapicero/files/tapicero.init60
-rw-r--r--puppet/modules/tapicero/manifests/init.pp126
-rw-r--r--puppet/modules/tapicero/templates/tapicero.yaml.erb36
4 files changed, 223 insertions, 0 deletions
diff --git a/puppet/manifests/site.pp b/puppet/manifests/site.pp
index 9f5d82d8..def0a642 100644
--- a/puppet/manifests/site.pp
+++ b/puppet/manifests/site.pp
@@ -14,6 +14,7 @@ if $services =~ /\bopenvpn\b/ {
if $services =~ /\bcouchdb\b/ {
include site_couchdb
+ include tapicero
}
if $services =~ /\bwebapp\b/ {
diff --git a/puppet/modules/tapicero/files/tapicero.init b/puppet/modules/tapicero/files/tapicero.init
new file mode 100755
index 00000000..7a9af45f
--- /dev/null
+++ b/puppet/modules/tapicero/files/tapicero.init
@@ -0,0 +1,60 @@
+#!/bin/sh
+
+### BEGIN INIT INFO
+# Provides: tapicero
+# Required-Start: $remote_fs $syslog
+# Required-Stop: $remote_fs $syslog
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: tapicero initscript
+# Description: Controls tapicero daemon
+### END INIT INFO
+
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+BUNDLER=/usr/bin/bundle
+NAME=tapicero
+HOME="/srv/leap"
+DAEMON="${HOME}/${NAME}/bin/${NAME}"
+BUNDLE_GEMFILE="${HOME}/${NAME}/Gemfile"
+
+export BUNDLE_GEMFILE
+
+# exit if the daemon doesn't exist
+[ -x "$DAEMON" ] || exit 0
+
+. /lib/init/vars.sh
+. /lib/lsb/init-functions
+
+if [ "$VERBOSE" != no ]; then
+ OPTIONS="--verbose"
+else
+ OPTIONS=""
+fi
+
+case "$1" in
+ start)
+ $BUNDLER exec $DAEMON start $OPTIONS
+ exit $?
+ ;;
+ stop)
+ $BUNDLER exec $DAEMON stop $OPTIONS
+ exit $?
+ ;;
+ restart)
+ $BUNDLER exec $DAEMON restart $OPTIONS
+ exit $?
+ ;;
+ reload)
+ $BUNDLER exec $DAEMON reload $OPTIONS
+ exit $?
+ ;;
+ status)
+ $BUNDLER exec $DAEMON status $OPTIONS
+ exit $?
+ ;;
+ *)
+ echo "Usage: /etc/init.d/$NAME {start|stop|reload|restart|status}"
+ exit 1
+esac
+
+exit 0
diff --git a/puppet/modules/tapicero/manifests/init.pp b/puppet/modules/tapicero/manifests/init.pp
new file mode 100644
index 00000000..fe33ac75
--- /dev/null
+++ b/puppet/modules/tapicero/manifests/init.pp
@@ -0,0 +1,126 @@
+class tapicero {
+ tag 'leap_service'
+
+ $couchdb = hiera('couch')
+ $couchdb_port = $couchdb['port']
+
+ $couchdb_users = $couchdb['users']
+
+ $couchdb_admin_user = $couchdb_users['admin']['username']
+ $couchdb_admin_password = $couchdb_users['admin']['password']
+
+ $couchdb_soledad_user = $couchdb_users['soledad']['username']
+ $couchdb_soledad_password = $couchdb_users['soledad']['password']
+
+ $couchdb_leap_mx_user = $couchdb_users['leap_mx']['username']
+ $couchdb_leap_mx_password = $couchdb_users['leap_mx']['password']
+
+
+ Class['site_config::default'] -> Class['tapicero']
+
+ include site_config::ruby::dev
+
+ #
+ # USER AND GROUP
+ #
+
+ group { 'tapicero':
+ ensure => present,
+ allowdupe => false;
+ }
+
+ user { 'tapicero':
+ ensure => present,
+ allowdupe => false,
+ gid => 'tapicero',
+ home => '/srv/leap/tapicero',
+ require => Group['tapicero'];
+ }
+
+ #
+ # TAPICERO FILES
+ #
+
+ file {
+
+ ##
+ ## TAPICERO DIRECTORIES
+ ##
+
+ '/srv/leap/tapicero':
+ ensure => directory,
+ owner => 'tapicero',
+ group => 'tapicero',
+ require => User['tapicero'];
+
+ '/var/lib/leap/tapicero':
+ ensure => directory,
+ owner => 'tapicero',
+ group => 'tapicero',
+ require => User['tapicero'];
+
+ ##
+ ## TAPICERO CONFIG
+ ##
+
+ '/etc/leap/tapicero.yaml':
+ content => template('tapicero/tapicero.yaml.erb'),
+ owner => 'tapicero',
+ group => 'tapicero',
+ mode => '0600',
+ notify => Service['tapicero'];
+
+ ##
+ ## TAPICERO INIT
+ ##
+
+ '/etc/init.d/tapicero':
+ source => 'puppet:///modules/tapicero/tapicero.init',
+ owner => root,
+ group => 0,
+ mode => '0755',
+ require => Vcsrepo['/srv/leap/tapicero'];
+ }
+
+ #
+ # TAPICERO CODE
+ #
+
+ vcsrepo { '/srv/leap/tapicero':
+ ensure => present,
+ force => true,
+ revision => 'origin/master',
+ provider => git,
+ source => 'https://leap.se/git/tapicero',
+ owner => 'tapicero',
+ group => 'tapicero',
+ require => [ User['tapicero'], Group['tapicero'] ],
+ notify => Exec['tapicero_bundler_update']
+ }
+
+ exec { 'tapicero_bundler_update':
+ cwd => '/srv/leap/tapicero',
+ command => '/bin/bash -c "/usr/bin/bundle check || /usr/bin/bundle install --path vendor/bundle --without test development"',
+ unless => '/usr/bin/bundle check',
+ user => 'tapicero',
+ timeout => 600,
+ require => [
+ Class['bundler::install'],
+ Vcsrepo['/srv/leap/tapicero'],
+ Class['site_config::ruby::dev'] ],
+ notify => Service['tapicero'];
+ }
+
+ #
+ # TAPICERO DAEMON
+ #
+
+ service { 'tapicero':
+ ensure => running,
+ enable => true,
+ hasstatus => true,
+ hasrestart => true,
+ require => File['/etc/init.d/tapicero'];
+ }
+
+}
diff --git a/puppet/modules/tapicero/templates/tapicero.yaml.erb b/puppet/modules/tapicero/templates/tapicero.yaml.erb
new file mode 100644
index 00000000..75b8d5f6
--- /dev/null
+++ b/puppet/modules/tapicero/templates/tapicero.yaml.erb
@@ -0,0 +1,36 @@
+#
+# Default configuration options for Tapicero
+#
+
+# database to observe for changes:
+users_db_name: "users"
+
+# prefix for per user databases:
+db_prefix: "user-"
+
+# couch connection configuration
+couch_connection:
+ protocol: "http"
+ host: "localhost"
+ port: <%= @couchdb_port %>
+ username: <%= @couchdb_admin_user %>
+ password: <%= @couchdb_admin_password %>
+
+# security settings to be used for the per user databases
+security:
+ admins:
+ names: []
+ roles: []
+ readers:
+ names:
+ - <%= @couchdb_soledad_user %>
+ - <%= @couchdb_leap_mx_user %>
+ roles: []
+
+# file to store the last processed user record in so we can resume after
+# a restart:
+seq_file: "/var/lib/leap/tapicero/tapicero.seq"
+
+# Configure log_file like this if you want to log to a file instead of syslog:
+# log_file: "/var/leap/log/tapicero.log"
+log_level: info