summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--provider_base/services/ca.json11
-rw-r--r--puppet/manifests/site.pp4
-rw-r--r--puppet/modules/site_ca_daemon/manifests/apache.pp62
-rw-r--r--puppet/modules/site_ca_daemon/manifests/couchdb.pp16
-rw-r--r--puppet/modules/site_ca_daemon/manifests/init.pp103
-rw-r--r--puppet/modules/site_ca_daemon/templates/leap_ca.yaml.erb31
6 files changed, 0 insertions, 227 deletions
diff --git a/provider_base/services/ca.json b/provider_base/services/ca.json
deleted file mode 100644
index 64866ddc..00000000
--- a/provider_base/services/ca.json
+++ /dev/null
@@ -1,11 +0,0 @@
-{
- "ca_daemon": {
- "couchdb_hosts": "= hostnames nodes_like_me[:services => :couchdb]",
- "couchdb_user": "= global.services[:couchdb].couch.users[:ca_daemon]"
- },
- "service_type": "internal_service",
- "x509": {
- "use": true,
- "ca_key": "= file(:ca_key, :missing => 'CA key. Run `leap cert ca` to create the Certificate Authority.')"
- }
-}
diff --git a/puppet/manifests/site.pp b/puppet/manifests/site.pp
index 34c19370..f1b02aca 100644
--- a/puppet/manifests/site.pp
+++ b/puppet/manifests/site.pp
@@ -33,10 +33,6 @@ if 'webapp' in $services {
include site_webapp
}
-if 'ca' in $services {
- include site_ca_daemon
-}
-
if 'monitor' in $services {
include site_nagios
}
diff --git a/puppet/modules/site_ca_daemon/manifests/apache.pp b/puppet/modules/site_ca_daemon/manifests/apache.pp
deleted file mode 100644
index ab6b08fd..00000000
--- a/puppet/modules/site_ca_daemon/manifests/apache.pp
+++ /dev/null
@@ -1,62 +0,0 @@
-class site_ca_daemon::apache {
-
- $api_domain = hiera('api_domain')
- $x509 = hiera('x509')
- $commercial_key = $x509['commercial_key']
- $commercial_cert = $x509['commercial_cert']
- $commercial_root = $x509['commercial_ca_cert']
- $api_key = $x509['key']
- $api_cert = $x509['cert']
- $api_root = $x509['ca_cert']
-
- $apache_no_default_site = true
- include apache::ssl
-
- apache::module {
- 'alias': ensure => present;
- 'rewrite': ensure => present;
- 'headers': ensure => present;
- }
-
- class { 'passenger': use_munin => false }
-
- apache::vhost::file {
- 'leap_ca_daemon':
- content => template('site_apache/vhosts.d/leap_ca_daemon.conf.erb')
- }
-
- apache::vhost::file {
- 'api':
- content => template('site_apache/vhosts.d/api.conf.erb')
- }
-
- x509::key {
- 'leap_ca_daemon':
- content => $commercial_key,
- notify => Service[apache];
-
- 'leap_api':
- content => $api_key,
- notify => Service[apache];
- }
-
- x509::cert {
- 'leap_ca_daemon':
- content => $commercial_cert,
- notify => Service[apache];
-
- 'leap_api':
- content => $api_cert,
- notify => Service[apache];
- }
-
- x509::ca {
- 'leap_ca_daemon':
- content => $commercial_root,
- notify => Service[apache];
-
- 'leap_api':
- content => $api_root,
- notify => Service[apache];
- }
-}
diff --git a/puppet/modules/site_ca_daemon/manifests/couchdb.pp b/puppet/modules/site_ca_daemon/manifests/couchdb.pp
deleted file mode 100644
index f446a05b..00000000
--- a/puppet/modules/site_ca_daemon/manifests/couchdb.pp
+++ /dev/null
@@ -1,16 +0,0 @@
-class site_ca_daemon::couchdb {
-
- $ca = hiera('ca_daemon')
- $couchdb_host = $ca['couchdb_hosts']
- $couchdb_user = $ca['couchdb_user']['username']
- $couchdb_password = $ca['couchdb_user']['password']
-
- file {
- '/etc/leap/leap_ca.yaml':
- content => template('site_ca_daemon/leap_ca.yaml.erb'),
- owner => leap_ca_daemon,
- group => leap_ca_daemon,
- mode => '0600';
- }
-
-}
diff --git a/puppet/modules/site_ca_daemon/manifests/init.pp b/puppet/modules/site_ca_daemon/manifests/init.pp
deleted file mode 100644
index 8ba9c506..00000000
--- a/puppet/modules/site_ca_daemon/manifests/init.pp
+++ /dev/null
@@ -1,103 +0,0 @@
-class site_ca_daemon {
- tag 'leap_service'
- #$definition_files = hiera('definition_files')
- #$provider = $definition_files['provider']
- #$eip_service = $definition_files['eip_service']
- $x509 = hiera('x509')
-
- Class[Ruby] -> Class[rubygems] -> Class[bundler::install]
-
- class { 'ruby': ruby_version => '1.9.3' }
-
- class { 'bundler::install': install_method => 'package' }
-
- include rubygems
- #include site_ca_daemon::apache
- include site_ca_daemon::couchdb
-
- group { 'leap_ca_daemon':
- ensure => present,
- allowdupe => false;
- }
-
- user { 'leap_ca_daemon':
- ensure => present,
- allowdupe => false,
- gid => 'leap_ca_daemon',
- home => '/srv/leap_ca_daemon',
- require => [ Group['leap_ca_daemon'] ];
- }
-
-
- x509::key {
- 'leap_ca_daemon':
- content => $x509['ca_key'];
- #notify => Service['leap_ca_daemon']; <== no service yet for leap_ca_daemon
- }
-
- x509::cert {
- 'leap_ca_daemon':
- content => $x509['ca_cert'];
- #notify => Service['leap_ca_daemon']; <== no service yet for leap_ca_daemon
- }
-
- #
- # Does CA need a server key/cert? I think not now.
- #
- # x509::key {
- # 'server':
- # content => $x509['key'];
- # }
- #
- # x509::cert {
- # 'server':
- # content => $x509['cert'];
- # }
-
- # x509::ca {
- # 'leap_ca_daemon':
- # content => $x509['ca_cert'];
- # }
-
-
- file { '/srv/leap_ca_daemon':
- ensure => directory,
- owner => 'leap_ca_daemon',
- group => 'leap_ca_daemon',
- require => User['leap_ca_daemon'];
- }
-
- vcsrepo { '/srv/leap_ca_daemon':
- ensure => present,
- revision => 'origin/master',
- provider => git,
- source => 'git://code.leap.se/leap_ca',
- owner => 'leap_ca_daemon',
- group => 'leap_ca_daemon',
- require => [ User['leap_ca_daemon'], Group['leap_ca_daemon'] ],
- notify => Exec['bundler_update']
- }
-
- exec { 'bundler_update':
- cwd => '/srv/leap_ca_daemon',
- command => '/bin/bash -c "/usr/bin/bundle check || /usr/bin/bundle install"',
- unless => '/usr/bin/bundle check',
- timeout => 600,
- require => [ Class['bundler::install'], Vcsrepo['/srv/leap_ca_daemon'] ];
- }
-
- file { '/usr/local/bin/leap_ca_daemon':
- ensure => link,
- target => '/srv/leap_ca_daemon/bin/leap_ca_daemon',
- }
-
- file { '/etc/cron.hourly/leap_ca':
- ensure => present,
- content => "#/bin/sh\n/srv/leap_ca_daemon/bin/leap_ca_daemon --run-once > /dev/null",
- owner => 'root',
- group => 0,
- mode => '0755',
- }
-
-
-}
diff --git a/puppet/modules/site_ca_daemon/templates/leap_ca.yaml.erb b/puppet/modules/site_ca_daemon/templates/leap_ca.yaml.erb
deleted file mode 100644
index e0b95278..00000000
--- a/puppet/modules/site_ca_daemon/templates/leap_ca.yaml.erb
+++ /dev/null
@@ -1,31 +0,0 @@
-#
-# Default configuration options for LEAP Certificate Authority Daemon
-#
-
-#
-# Certificate Authority
-#
-ca_key_path: "/etc/x509/keys/leap_ca_daemon.key"
-ca_key_password: nil
-ca_cert_path: "/etc/x509/certs/leap_ca_daemon.crt"
-
-#
-# Certificate pool
-#
-max_pool_size: 100
-client_cert_lifespan: 2
-client_cert_bit_size: 2024
-client_cert_hash: "SHA256"
-
-#
-# Database
-#
-db_name: "client_certificates"
-couch_connection:
- protocol: "https"
- host: <%= couchdb_host %>
- port: 6984
- username: <%= couchdb_user %>
- password: <%= couchdb_password %>
- prefix: ""
- suffix: ""