diff options
-rw-r--r-- | provider_base/services/ca.json | 11 | ||||
-rw-r--r-- | puppet/manifests/site.pp | 4 | ||||
-rw-r--r-- | puppet/modules/site_ca_daemon/manifests/apache.pp | 62 | ||||
-rw-r--r-- | puppet/modules/site_ca_daemon/manifests/couchdb.pp | 16 | ||||
-rw-r--r-- | puppet/modules/site_ca_daemon/manifests/init.pp | 103 | ||||
-rw-r--r-- | puppet/modules/site_ca_daemon/templates/leap_ca.yaml.erb | 31 |
6 files changed, 0 insertions, 227 deletions
diff --git a/provider_base/services/ca.json b/provider_base/services/ca.json deleted file mode 100644 index 64866ddc..00000000 --- a/provider_base/services/ca.json +++ /dev/null @@ -1,11 +0,0 @@ -{ - "ca_daemon": { - "couchdb_hosts": "= hostnames nodes_like_me[:services => :couchdb]", - "couchdb_user": "= global.services[:couchdb].couch.users[:ca_daemon]" - }, - "service_type": "internal_service", - "x509": { - "use": true, - "ca_key": "= file(:ca_key, :missing => 'CA key. Run `leap cert ca` to create the Certificate Authority.')" - } -} diff --git a/puppet/manifests/site.pp b/puppet/manifests/site.pp index 34c19370..f1b02aca 100644 --- a/puppet/manifests/site.pp +++ b/puppet/manifests/site.pp @@ -33,10 +33,6 @@ if 'webapp' in $services { include site_webapp } -if 'ca' in $services { - include site_ca_daemon -} - if 'monitor' in $services { include site_nagios } diff --git a/puppet/modules/site_ca_daemon/manifests/apache.pp b/puppet/modules/site_ca_daemon/manifests/apache.pp deleted file mode 100644 index ab6b08fd..00000000 --- a/puppet/modules/site_ca_daemon/manifests/apache.pp +++ /dev/null @@ -1,62 +0,0 @@ -class site_ca_daemon::apache { - - $api_domain = hiera('api_domain') - $x509 = hiera('x509') - $commercial_key = $x509['commercial_key'] - $commercial_cert = $x509['commercial_cert'] - $commercial_root = $x509['commercial_ca_cert'] - $api_key = $x509['key'] - $api_cert = $x509['cert'] - $api_root = $x509['ca_cert'] - - $apache_no_default_site = true - include apache::ssl - - apache::module { - 'alias': ensure => present; - 'rewrite': ensure => present; - 'headers': ensure => present; - } - - class { 'passenger': use_munin => false } - - apache::vhost::file { - 'leap_ca_daemon': - content => template('site_apache/vhosts.d/leap_ca_daemon.conf.erb') - } - - apache::vhost::file { - 'api': - content => template('site_apache/vhosts.d/api.conf.erb') - } - - x509::key { - 'leap_ca_daemon': - content => $commercial_key, - notify => Service[apache]; - - 'leap_api': - content => $api_key, - notify => Service[apache]; - } - - x509::cert { - 'leap_ca_daemon': - content => $commercial_cert, - notify => Service[apache]; - - 'leap_api': - content => $api_cert, - notify => Service[apache]; - } - - x509::ca { - 'leap_ca_daemon': - content => $commercial_root, - notify => Service[apache]; - - 'leap_api': - content => $api_root, - notify => Service[apache]; - } -} diff --git a/puppet/modules/site_ca_daemon/manifests/couchdb.pp b/puppet/modules/site_ca_daemon/manifests/couchdb.pp deleted file mode 100644 index f446a05b..00000000 --- a/puppet/modules/site_ca_daemon/manifests/couchdb.pp +++ /dev/null @@ -1,16 +0,0 @@ -class site_ca_daemon::couchdb { - - $ca = hiera('ca_daemon') - $couchdb_host = $ca['couchdb_hosts'] - $couchdb_user = $ca['couchdb_user']['username'] - $couchdb_password = $ca['couchdb_user']['password'] - - file { - '/etc/leap/leap_ca.yaml': - content => template('site_ca_daemon/leap_ca.yaml.erb'), - owner => leap_ca_daemon, - group => leap_ca_daemon, - mode => '0600'; - } - -} diff --git a/puppet/modules/site_ca_daemon/manifests/init.pp b/puppet/modules/site_ca_daemon/manifests/init.pp deleted file mode 100644 index 8ba9c506..00000000 --- a/puppet/modules/site_ca_daemon/manifests/init.pp +++ /dev/null @@ -1,103 +0,0 @@ -class site_ca_daemon { - tag 'leap_service' - #$definition_files = hiera('definition_files') - #$provider = $definition_files['provider'] - #$eip_service = $definition_files['eip_service'] - $x509 = hiera('x509') - - Class[Ruby] -> Class[rubygems] -> Class[bundler::install] - - class { 'ruby': ruby_version => '1.9.3' } - - class { 'bundler::install': install_method => 'package' } - - include rubygems - #include site_ca_daemon::apache - include site_ca_daemon::couchdb - - group { 'leap_ca_daemon': - ensure => present, - allowdupe => false; - } - - user { 'leap_ca_daemon': - ensure => present, - allowdupe => false, - gid => 'leap_ca_daemon', - home => '/srv/leap_ca_daemon', - require => [ Group['leap_ca_daemon'] ]; - } - - - x509::key { - 'leap_ca_daemon': - content => $x509['ca_key']; - #notify => Service['leap_ca_daemon']; <== no service yet for leap_ca_daemon - } - - x509::cert { - 'leap_ca_daemon': - content => $x509['ca_cert']; - #notify => Service['leap_ca_daemon']; <== no service yet for leap_ca_daemon - } - - # - # Does CA need a server key/cert? I think not now. - # - # x509::key { - # 'server': - # content => $x509['key']; - # } - # - # x509::cert { - # 'server': - # content => $x509['cert']; - # } - - # x509::ca { - # 'leap_ca_daemon': - # content => $x509['ca_cert']; - # } - - - file { '/srv/leap_ca_daemon': - ensure => directory, - owner => 'leap_ca_daemon', - group => 'leap_ca_daemon', - require => User['leap_ca_daemon']; - } - - vcsrepo { '/srv/leap_ca_daemon': - ensure => present, - revision => 'origin/master', - provider => git, - source => 'git://code.leap.se/leap_ca', - owner => 'leap_ca_daemon', - group => 'leap_ca_daemon', - require => [ User['leap_ca_daemon'], Group['leap_ca_daemon'] ], - notify => Exec['bundler_update'] - } - - exec { 'bundler_update': - cwd => '/srv/leap_ca_daemon', - command => '/bin/bash -c "/usr/bin/bundle check || /usr/bin/bundle install"', - unless => '/usr/bin/bundle check', - timeout => 600, - require => [ Class['bundler::install'], Vcsrepo['/srv/leap_ca_daemon'] ]; - } - - file { '/usr/local/bin/leap_ca_daemon': - ensure => link, - target => '/srv/leap_ca_daemon/bin/leap_ca_daemon', - } - - file { '/etc/cron.hourly/leap_ca': - ensure => present, - content => "#/bin/sh\n/srv/leap_ca_daemon/bin/leap_ca_daemon --run-once > /dev/null", - owner => 'root', - group => 0, - mode => '0755', - } - - -} diff --git a/puppet/modules/site_ca_daemon/templates/leap_ca.yaml.erb b/puppet/modules/site_ca_daemon/templates/leap_ca.yaml.erb deleted file mode 100644 index e0b95278..00000000 --- a/puppet/modules/site_ca_daemon/templates/leap_ca.yaml.erb +++ /dev/null @@ -1,31 +0,0 @@ -# -# Default configuration options for LEAP Certificate Authority Daemon -# - -# -# Certificate Authority -# -ca_key_path: "/etc/x509/keys/leap_ca_daemon.key" -ca_key_password: nil -ca_cert_path: "/etc/x509/certs/leap_ca_daemon.crt" - -# -# Certificate pool -# -max_pool_size: 100 -client_cert_lifespan: 2 -client_cert_bit_size: 2024 -client_cert_hash: "SHA256" - -# -# Database -# -db_name: "client_certificates" -couch_connection: - protocol: "https" - host: <%= couchdb_host %> - port: 6984 - username: <%= couchdb_user %> - password: <%= couchdb_password %> - prefix: "" - suffix: "" |