Merge branch 'feature/webapp' into develop

author: Micah Anderson <micah@riseup.net> 2012-11-27 16:04:51 -0500
committer: Micah Anderson <micah@riseup.net> 2012-11-27 16:04:51 -0500
commit: b85ac1f7d58e267c66b089ccd4a087b6b21c91e1 (patch)
tree: 6052b349bf766401d9b2e0f51c6932832e95cf06 /puppet
parent: 05d3c0903f48e9c0d69145c9e027b70a392c9602 (diff)
parent: ea60af41f4a5a7bdd67fd7da129716c8f698cf1a (diff)
13 files changed, 247 insertions, 0 deletions
diff --git a/puppet/manifests/site.pp b/puppet/manifests/site.pp
index 0ae86f8e..9da2174c 100644
--- a/puppet/manifests/site.pp
+++ b/puppet/manifests/site.pp
@@ -18,4 +18,8 @@ node 'default' {
   if 'couchdb' in $services {
     include site_couchdb
   }
+
+  if 'webapp' in $services {
+    include site_webapp
+  }
 }
diff --git a/puppet/modules/bundler b/puppet/modules/bundler
new file mode 160000
+Subproject b91d6abfa931b8ef63594092d841701d3ee2328
diff --git a/puppet/modules/passenger b/puppet/modules/passenger
new file mode 160000
+Subproject d1b46de84acf4d9e3582b64e019935fb1125f9b
diff --git a/puppet/modules/ruby b/puppet/modules/ruby
new file mode 160000
+Subproject e4de25d78eefc7df70a35dee22a3e0dc1b7e1d0
diff --git a/puppet/modules/rubygems b/puppet/modules/rubygems
new file mode 160000
+Subproject 1e5ed3dbef9381bb9d5e2a7b4957bb3f5288d6a
diff --git a/puppet/modules/site_apache/templates/vhosts.d/api.conf.erb b/puppet/modules/site_apache/templates/vhosts.d/api.conf.erb
new file mode 100644
index 00000000..37c4a727
--- /dev/null
+++ b/puppet/modules/site_apache/templates/vhosts.d/api.conf.erb
@@ -0,0 +1,37 @@
+<VirtualHost *:80>
+  ServerName <%= api_domain %>
+  RewriteEngine On
+  RewriteRule ^.*$ https://<%= api_domain -%>%{REQUEST_URI} [R=permanent,L]
+</VirtualHost>
+
+<VirtualHost *:443>
+  ServerName <%= api_domain %>
+
+  SSLEngine on
+  SSLProtocol -all +SSLv3 +TLSv1
+  SSLCipherSuite HIGH:MEDIUM:!aNULL:!SSLv2:!MD5:@STRENGTH
+  SSLHonorCipherOrder on
+
+  SSLCACertificatePath /etc/ssl/certs
+  SSLCertificateChainFile /etc/ssl/certs/leap_api.pem
+  SSLCertificateKeyFile /etc/x509/keys/leap_api.key
+  SSLCertificateFile /etc/x509/certs/leap_api.crt
+
+  RequestHeader set X_FORWARDED_PROTO 'https'
+
+  DocumentRoot /srv/leap_webapp/public
+  Alias /1 /srv/leap_webapp/public
+
+  # Check for maintenance file and redirect all requests
+  RewriteEngine On
+  RewriteCond %{DOCUMENT_ROOT}/system/maintenance.html -f
+  RewriteCond %{SCRIPT_FILENAME} !maintenance.html
+  RewriteCond %{REQUEST_URI} !/images/maintenance.jpg
+  RewriteRule ^.*$ %{DOCUMENT_ROOT}/system/maintenance.html [L]
+
+  # http://www.modrails.com/documentation/Users%20guide%20Apache.html#_passengerallowencodedslashes_lt_on_off_gt
+  AllowEncodedSlashes on
+  PassengerAllowEncodedSlashes on
+  PassengerFriendlyErrorPages off
+  SetEnv TMPDIR /var/tmp
+</VirtualHost>
diff --git a/puppet/modules/site_apache/templates/vhosts.d/leap_webapp.conf.erb b/puppet/modules/site_apache/templates/vhosts.d/leap_webapp.conf.erb
new file mode 100644
index 00000000..85e7289b
--- /dev/null
+++ b/puppet/modules/site_apache/templates/vhosts.d/leap_webapp.conf.erb
@@ -0,0 +1,40 @@
+<VirtualHost *:80>
+  ServerName <%= domain %>
+  ServerAlias www.<%= domain %>
+  RewriteEngine On
+  RewriteRule ^.*$ https://<%= domain -%>%{REQUEST_URI} [R=permanent,L]
+</VirtualHost>
+
+<VirtualHost *:443>
+  ServerName <%= domain %>
+  ServerAlias www.<%= domain %>
+
+  SSLEngine on
+  SSLProtocol -all +SSLv3 +TLSv1
+  SSLCipherSuite HIGH:MEDIUM:!aNULL:!SSLv2:!MD5:@STRENGTH
+  SSLHonorCipherOrder on
+
+  SSLCACertificatePath /etc/ssl/certs
+  SSLCertificateChainFile /etc/ssl/certs/leap_webapp.pem
+  SSLCertificateKeyFile /etc/x509/keys/leap_webapp.key
+  SSLCertificateFile /etc/x509/certs/leap_webapp.crt
+
+  RequestHeader set X_FORWARDED_PROTO 'https'
+
+  DocumentRoot /srv/leap_webapp/public
+  Alias /1 /srv/leap_webapp/public
+
+  RewriteEngine On
+  # Check for maintenance file and redirect all requests
+  RewriteCond %{DOCUMENT_ROOT}/system/maintenance.html -f
+  RewriteCond %{SCRIPT_FILENAME} !maintenance.html
+  RewriteCond %{REQUEST_URI} !/images/maintenance.jpg
+  RewriteRule ^.*$ %{DOCUMENT_ROOT}/system/maintenance.html [L]
+
+  # http://www.modrails.com/documentation/Users%20guide%20Apache.html#_passengerallowencodedslashes_lt_on_off_gt
+  AllowEncodedSlashes on
+  PassengerAllowEncodedSlashes on
+  PassengerFriendlyErrorPages off
+  SetEnv TMPDIR /var/tmp
+</VirtualHost>
+
diff --git a/puppet/modules/site_webapp/manifests/apache.pp b/puppet/modules/site_webapp/manifests/apache.pp
new file mode 100644
index 00000000..8532cc38
--- /dev/null
+++ b/puppet/modules/site_webapp/manifests/apache.pp
@@ -0,0 +1,62 @@
+class site_webapp::apache {
+
+  $api_domain       = hiera('api_domain')
+  $x509             = hiera('x509')
+  $commercial_key   = $x509['commercial_key']
+  $commercial_cert  = $x509['commercial_cert']
+  $commercial_root  = $x509['commercial_ca_cert']
+  $api_key          = $x509['key']
+  $api_cert         = $x509['cert']
+  $api_root         = $x509['ca_cert']
+
+  $apache_no_default_site = true
+  include apache::ssl
+
+  apache::module {
+    'alias':   ensure => present;
+    'rewrite': ensure => present;
+    'headers': ensure => present;
+  }
+
+  class { 'passenger': use_munin => false }
+
+  apache::vhost::file {
+    'leap_webapp':
+      content => template('site_apache/vhosts.d/leap_webapp.conf.erb')
+  }
+
+  apache::vhost::file {
+    'api':
+      content => template('site_apache/vhosts.d/api.conf.erb')
+  }
+
+  x509::key {
+    'leap_webapp':
+      content => $commercial_key,
+      notify  => Service[apache];
+
+    'leap_api':
+      content => $api_key,
+      notify  => Service[apache];
+  }
+
+  x509::cert {
+    'leap_webapp':
+      content => $commercial_cert,
+      notify  => Service[apache];
+
+    'leap_api':
+      content => $api_cert,
+      notify  => Service[apache];
+  }
+
+  x509::ca {
+    'leap_webapp':
+      content => $commercial_root,
+      notify  => Service[apache];
+
+    'leap_api':
+      content => $api_root,
+      notify  => Service[apache];
+  }
+}
diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp
new file mode 100644
index 00000000..6cac666f
--- /dev/null
+++ b/puppet/modules/site_webapp/manifests/couchdb.pp
@@ -0,0 +1,16 @@
+class site_webapp::couchdb {
+
+  $webapp           = hiera('webapp')
+  $couchdb_host     = $webapp['couchdb_hosts']
+  $couchdb_user     = $webapp['couchdb_user']['username']
+  $couchdb_password = $webapp['couchdb_user']['password']
+
+  file {
+    '/srv/leap-webapp/config/couchdb.yml':
+      content => template('site_webapp/couchdb.yml.erb'),
+      owner   => leap-webapp,
+      group   => leap-webapp,
+      mode    => '0600';
+  }
+
+}
diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp
new file mode 100644
index 00000000..c5f33b5a
--- /dev/null
+++ b/puppet/modules/site_webapp/manifests/init.pp
@@ -0,0 +1,73 @@
+class site_webapp {
+
+  $definition_files = hiera('definition_files')
+  $provider         = $definition_files['provider']
+  $eip_service      = $definition_files['eip_service']
+
+  Class[Ruby] -> Class[rubygems] -> Class[bundler::install]
+
+  class { 'ruby': ruby_version => '1.9.3' }
+
+  class { 'bundler::install': install_method => '' }
+
+  include rubygems
+  include site_webapp::apache
+  include site_webapp::couchdb
+
+  group { 'leap-webapp':
+    ensure    => present,
+    allowdupe => false;
+  }
+
+  user { 'leap-webapp':
+    ensure    => present,
+    allowdupe => false,
+    gid       => 'leap-webapp',
+    home      => '/srv/leap-webapp',
+    require   => [ Group['leap-webapp'] ];
+  }
+
+  file { '/srv/leap-webapp':
+    ensure  => present,
+    owner   => 'leap-webapp',
+    group   => 'leap-webapp',
+    require => User['leap-webapp'];
+  }
+
+  vcsrepo { '/srv/leap-webapp':
+    ensure   => present,
+    revision => 'origin/develop',
+    provider => git,
+    source   => 'git://code.leap.se/leap_web',
+    owner    => 'leap-webapp',
+    group    => 'leap-webapp',
+    require  => [ User['leap-webapp'], Group['leap-webapp'] ],
+    notify   => Exec['bundler_update']
+  }
+
+  exec { 'bundler_update':
+    cwd     => '/srv/leap-webapp',
+    command => '/bin/bash -c "/usr/bin/bundle check || /usr/bin/bundle install"',
+    unless  => '/usr/bin/bundle check',
+    require => [ Class['bundler::install'], Vcsrepo['/srv/leap-webapp'] ];
+  }
+
+  file {
+    '/srv/leap-webapp/public/provider.json':
+      content => $provider,
+      owner   => leap-webapp, group => leap-webapp, mode => '0644';
+
+    '/srv/leap-webapp/public/ca.crt':
+      content => $cert_root,
+      owner   => leap-webapp, group => leap-webapp, mode => '0644';
+
+    '/srv/leap-webapp/public/config':
+      ensure => directory,
+      owner  => leap-webapp, group => leap-webapp, mode => '0755';
+
+    '/srv/leap-webapp/public/config/eip-service.json':
+      content => $eip_service,
+      owner   => leap-webapp, group => leap-webapp, mode => '0644';
+  }
+
+}
diff --git a/puppet/modules/site_webapp/templates/couchdb.yml.erb b/puppet/modules/site_webapp/templates/couchdb.yml.erb
new file mode 100644
index 00000000..f5132599
--- /dev/null
+++ b/puppet/modules/site_webapp/templates/couchdb.yml.erb
@@ -0,0 +1,7 @@
+production:
+  protocol: 'https'
+  host: <%= couchdb_host %>
+  port: 443
+  username: <%= couchdb_user %>
+  password: <%= couchdb_password %>
+
diff --git a/puppet/modules/vcsrepo b/puppet/modules/vcsrepo
new file mode 160000
+Subproject 04851c28b12973c679fc9f234fd0f5a193df9d7
diff --git a/puppet/modules/x509 b/puppet/modules/x509
new file mode 160000
+Subproject d7a252b77db843e800ed9fc92a56d5214f43202
author	Micah Anderson <micah@riseup.net>	2012-11-27 16:04:51 -0500
committer	Micah Anderson <micah@riseup.net>	2012-11-27 16:04:51 -0500
commit	b85ac1f7d58e267c66b089ccd4a087b6b21c91e1 (patch)
tree	6052b349bf766401d9b2e0f51c6932832e95cf06 /puppet
parent	05d3c0903f48e9c0d69145c9e027b70a392c9602 (diff)
parent	ea60af41f4a5a7bdd67fd7da129716c8f698cf1a (diff)