summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xbin/ci-build.sh3
-rw-r--r--lib/leap_cli/commands/inspect.rb43
-rw-r--r--puppet/modules/site_apt/manifests/preferences/twisted.pp11
-rw-r--r--puppet/modules/site_webapp/manifests/init.pp71
-rw-r--r--tests/puppet/provider/common.json13
-rw-r--r--tests/puppet/provider/nodes/catalogtest.json33
6 files changed, 126 insertions, 48 deletions
diff --git a/bin/ci-build.sh b/bin/ci-build.sh
index 7b4895e5..248bd9f8 100755
--- a/bin/ci-build.sh
+++ b/bin/ci-build.sh
@@ -2,6 +2,9 @@
. tests/puppet/provider/.platform-test.conf
+# break on every error
+set -e
+
# create node(s) with unique id so we can run tests in parallel
export TAG="build${CI_BUILD_ID}"
[ -d "${PROVIDERDIR}/tags" ] || mkdir "${PROVIDERDIR}/tags"
diff --git a/lib/leap_cli/commands/inspect.rb b/lib/leap_cli/commands/inspect.rb
index fbd577e5..b71da80e 100644
--- a/lib/leap_cli/commands/inspect.rb
+++ b/lib/leap_cli/commands/inspect.rb
@@ -25,27 +25,22 @@ module LeapCli; module Commands
"PEM certificate request" => :inspect_x509_csr
}
+ SUFFIX_MAP = {
+ ".json" => :inspect_unknown_json,
+ ".key" => :inspect_x509_key
+ }
+
def inspection_method(object)
if File.exist?(object)
ftype = `file #{object}`.split(':').last.strip
+ suffix = File.extname(object)
log 2, "file is of type '#{ftype}'"
if FTYPE_MAP[ftype]
FTYPE_MAP[ftype]
- elsif File.extname(object) == ".json"
- full_path = File.expand_path(object, Dir.pwd)
- if path_match?(:node_config, full_path)
- :inspect_node
- elsif path_match?(:service_config, full_path)
- :inspect_service
- elsif path_match?(:tag_config, full_path)
- :inspect_tag
- elsif path_match?(:provider_config, full_path) || path_match?(:provider_env_config, full_path)
- :inspect_provider
- elsif path_match?(:common_config, full_path)
- :inspect_common
- else
- nil
- end
+ elsif SUFFIX_MAP[suffix]
+ SUFFIX_MAP[suffix]
+ else
+ nil
end
elsif manager.nodes[object]
:inspect_node
@@ -72,6 +67,7 @@ module LeapCli; module Commands
end
def inspect_x509_cert(file_path, options)
+ require 'leap_cli/x509'
assert_bin! 'openssl'
puts assert_run! 'openssl x509 -in %s -text -noout' % file_path
log 0, :"SHA1 fingerprint", X509.fingerprint("SHA1", file_path)
@@ -124,6 +120,23 @@ module LeapCli; module Commands
end
end
+ def inspect_unknown_json(arg, options)
+ full_path = File.expand_path(arg, Dir.pwd)
+ if path_match?(:node_config, full_path)
+ inspect_node(arg, options)
+ elsif path_match?(:service_config, full_path)
+ inspect_service(arg, options)
+ elsif path_match?(:tag_config, full_path)
+ inspect_tag(arg, options)
+ elsif path_match?(:provider_config, full_path) || path_match?(:provider_env_config, full_path)
+ inspect_provider(arg, options)
+ elsif path_match?(:common_config, full_path)
+ inspect_common(arg, options)
+ else
+ inspect_json(arg, options)
+ end
+ end
+
#
# helpers
#
diff --git a/puppet/modules/site_apt/manifests/preferences/twisted.pp b/puppet/modules/site_apt/manifests/preferences/twisted.pp
new file mode 100644
index 00000000..a3fa0950
--- /dev/null
+++ b/puppet/modules/site_apt/manifests/preferences/twisted.pp
@@ -0,0 +1,11 @@
+# Pin twisted to jessie-backports in order to
+# use 16.2.0 for i.e. soledad
+class site_apt::preferences::twisted {
+
+ apt::preferences_snippet { 'twisted':
+ package => 'python-twisted*',
+ release => "${::lsbdistcodename}-backports",
+ priority => 999;
+ }
+
+}
diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp
index 15925aba..83cf99a9 100644
--- a/puppet/modules/site_webapp/manifests/init.pp
+++ b/puppet/modules/site_webapp/manifests/init.pp
@@ -16,21 +16,22 @@ class site_webapp {
Class['site_config::default'] -> Class['site_webapp']
- include site_config::ruby::dev
- include site_webapp::apache
- include site_webapp::couchdb
- include site_haproxy
- include site_webapp::cron
- include site_config::default
- include site_config::x509::cert
- include site_config::x509::key
- include site_config::x509::ca
- include site_config::x509::client_ca::ca
- include site_config::x509::client_ca::key
- include site_nickserver
+ include ::site_config::ruby::dev
+ include ::site_webapp::apache
+ include ::site_webapp::couchdb
+ include ::site_haproxy
+ include ::site_webapp::cron
+ include ::site_config::default
+ include ::site_config::x509::cert
+ include ::site_config::x509::key
+ include ::site_config::x509::ca
+ include ::site_config::x509::client_ca::ca
+ include ::site_config::x509::client_ca::key
+ include ::site_nickserver
+ include ::site_apt::preferences::twisted
# remove leftovers from previous installations on webapp nodes
- include site_config::remove::webapp
+ include ::site_config::remove::webapp
group { 'leap-webapp':
ensure => present,
@@ -91,12 +92,16 @@ class site_webapp {
'/srv/leap/webapp/config/provider':
ensure => directory,
require => Vcsrepo['/srv/leap/webapp'],
- owner => leap-webapp, group => leap-webapp, mode => '0755';
+ owner => 'leap-webapp',
+ group => 'leap-webapp',
+ mode => '0755';
'/srv/leap/webapp/config/provider/provider.json':
content => $provider,
require => Vcsrepo['/srv/leap/webapp'],
- owner => leap-webapp, group => leap-webapp, mode => '0644';
+ owner => 'leap-webapp',
+ group => 'leap-webapp',
+ mode => '0644';
'/srv/leap/webapp/public/ca.crt':
ensure => link,
@@ -106,27 +111,37 @@ class site_webapp {
"/srv/leap/webapp/public/${api_version}":
ensure => directory,
require => Vcsrepo['/srv/leap/webapp'],
- owner => leap-webapp, group => leap-webapp, mode => '0755';
+ owner => 'leap-webapp',
+ group => 'leap-webapp',
+ mode => '0755';
"/srv/leap/webapp/public/${api_version}/config/":
ensure => directory,
require => Vcsrepo['/srv/leap/webapp'],
- owner => leap-webapp, group => leap-webapp, mode => '0755';
+ owner => 'leap-webapp',
+ group => 'leap-webapp',
+ mode => '0755';
"/srv/leap/webapp/public/${api_version}/config/eip-service.json":
content => $eip_service,
require => Vcsrepo['/srv/leap/webapp'],
- owner => leap-webapp, group => leap-webapp, mode => '0644';
+ owner => 'leap-webapp',
+ group => 'leap-webapp',
+ mode => '0644';
"/srv/leap/webapp/public/${api_version}/config/soledad-service.json":
content => $soledad_service,
require => Vcsrepo['/srv/leap/webapp'],
- owner => leap-webapp, group => leap-webapp, mode => '0644';
+ owner => 'leap-webapp',
+ group => 'leap-webapp',
+ mode => '0644';
"/srv/leap/webapp/public/${api_version}/config/smtp-service.json":
content => $smtp_service,
require => Vcsrepo['/srv/leap/webapp'],
- owner => leap-webapp, group => leap-webapp, mode => '0644';
+ owner => 'leap-webapp',
+ group => 'leap-webapp',
+ mode => '0644';
}
try::file {
@@ -135,8 +150,8 @@ class site_webapp {
recurse => true,
purge => true,
force => true,
- owner => leap-webapp,
- group => leap-webapp,
+ owner => 'leap-webapp',
+ group => 'leap-webapp',
mode => 'u=rwX,go=rX',
require => Vcsrepo['/srv/leap/webapp'],
notify => Exec['compile_assets'],
@@ -153,8 +168,8 @@ class site_webapp {
file {
'/srv/leap/webapp/config/config.yml':
content => template('site_webapp/config.yml.erb'),
- owner => leap-webapp,
- group => leap-webapp,
+ owner => 'leap-webapp',
+ group => 'leap-webapp',
mode => '0600',
require => Vcsrepo['/srv/leap/webapp'],
notify => Service['apache'];
@@ -163,17 +178,17 @@ class site_webapp {
if $tor {
$hidden_service = $tor['hidden_service']
if $hidden_service['active'] {
- include site_webapp::hidden_service
+ include ::site_webapp::hidden_service
}
}
# needed for the soledad-sync check which is run on the
# webapp node
- include soledad::client
+ include ::soledad::client
leap::logfile { 'webapp': }
- include site_shorewall::webapp
- include site_check_mk::agent::webapp
+ include ::site_shorewall::webapp
+ include ::site_check_mk::agent::webapp
}
diff --git a/tests/puppet/provider/common.json b/tests/puppet/provider/common.json
index c891fea3..a13f8f75 100644
--- a/tests/puppet/provider/common.json
+++ b/tests/puppet/provider/common.json
@@ -1,5 +1,12 @@
-//
-// Options put here are inherited by all nodes.
-//
{
+ "sources": {
+ "platform": {
+ "apt": {
+ "basic": "http://deb.leap.se/experimental-0.9"
+ }
+ },
+ "nickserver": {
+ "revision": "develop"
+ }
+ }
}
diff --git a/tests/puppet/provider/nodes/catalogtest.json b/tests/puppet/provider/nodes/catalogtest.json
index 4f86ac19..05703666 100644
--- a/tests/puppet/provider/nodes/catalogtest.json
+++ b/tests/puppet/provider/nodes/catalogtest.json
@@ -1,10 +1,39 @@
{
"ip_address": "1.1.1.1",
+ "openvpn": {
+ "gateway_address": "1.1.1.2"
+ },
"services": [
"couchdb",
"mx",
"soledad",
- "webapp"
+ "webapp",
+ "monitor",
+ "openvpn",
+ "tor",
+ "obfsproxy",
+ "static"
],
- "tags": ["catalogtest"]
+ "tags": ["catalogtest","development"],
+ "static": {
+ "domains":{
+ "example.org": {
+ "tls_only": true,
+ "locations": {
+ "front": {
+ "path": "/",
+ "format": "amber",
+ "source": {
+ "type": "git",
+ "repo": "https://leap.se/git/bitmask_help",
+ "revision": "origin/master"
+ }
+ }
+ },
+ "cert": "= file('cert/example.org.crt')",
+ "key": "= file('cert/example.org.key')",
+ "ca_cert": "= file('cert/commercial_ca.crt')"
+ }
+ }
+ }
}