diff options
-rwxr-xr-x | bin/puppet_command | 35 | ||||
-rw-r--r-- | provider_base/services/_couchdb_multimaster.json | 6 | ||||
-rw-r--r-- | puppet/modules/site_apache/templates/vhosts.d/api.conf.erb | 2 | ||||
-rw-r--r-- | puppet/modules/site_apache/templates/vhosts.d/common.conf.erb | 2 | ||||
-rw-r--r-- | puppet/modules/site_apt/manifests/preferences/rsyslog.pp | 14 | ||||
-rw-r--r-- | puppet/modules/site_obfsproxy/manifests/init.pp | 14 |
6 files changed, 47 insertions, 26 deletions
diff --git a/bin/puppet_command b/bin/puppet_command index a9d39066..5e690bef 100755 --- a/bin/puppet_command +++ b/bin/puppet_command @@ -57,13 +57,9 @@ def apply end def set_hostname - unless File.exists?(HIERA_FILE) - puts("ERROR: Cannot set hostname without #{HIERA_FILE}") - exit(1) - end - hostname = YAML.load_file(HIERA_FILE)['name'] + hostname = hiera_file['name'] if hostname.nil? || hostname.empty? - puts('ERROR: NAME argument required') + puts('ERROR: "name" missing from hiera file') exit(1) end current_hostname_file = File.read('/etc/hostname') rescue nil @@ -75,7 +71,7 @@ def set_hostname f.write hostname end if File.read('/etc/hostname') == hostname - puts "Set /etc/hostname to #{hostname}" + puts "Changed /etc/hostname to #{hostname}" else puts "ERROR: failed to update /etc/hostname" end @@ -84,9 +80,9 @@ def set_hostname # call /bin/hostname if current_hostname != hostname if run("/bin/hostname #{hostname}") == 0 - puts "Set hostname to #{hostname}" + puts "Changed hostname to #{hostname}" else - puts "ERROR: failed to call `/bin/hostname #{hostname}`" + puts "ERROR: call to `/bin/hostname #{hostname}` returned an error." end end end @@ -97,9 +93,26 @@ end def puppet_apply(options={}, &block) options = {:verbosity => @verbosity, :tags => @tags}.merge(options) manifest = options[:manifest] || SITE_MANIFEST + fqdn = hiera_file['domain']['name'] + domain = hiera_file['domain']['full_suffix'] Dir.chdir(PUPPET_DIRECTORY) do - return run("#{PUPPET_BIN} apply #{custom_parameters(options)} #{PUPPET_PARAMETERS} #{manifest}", &block) + return run("FACTER_fqdn='#{fqdn}' FACTER_domain='#{domain}' #{PUPPET_BIN} apply #{custom_parameters(options)} #{PUPPET_PARAMETERS} #{manifest}", &block) + end +end + +# +# Return a ruby object representing the contents of the hiera yaml file. +# +def hiera_file + unless File.exists?(HIERA_FILE) + puts("ERROR: hiera file '#{HIERA_FILE}' does not exist.") + exit(1) end + $hiera_contents ||= YAML.load_file(HIERA_FILE) + return $hiera_contents +rescue Exception => exc + puts("ERROR: problem reading hiera file '#{HIERA_FILE}' (#{exc})") + exit(1) end def custom_parameters(options) @@ -201,4 +214,4 @@ Signal.trap("EXIT") do # but only after the child puppet process is also dead (I think). end -main()
\ No newline at end of file +main() diff --git a/provider_base/services/_couchdb_multimaster.json b/provider_base/services/_couchdb_multimaster.json index 8c433188..0f340e00 100644 --- a/provider_base/services/_couchdb_multimaster.json +++ b/provider_base/services/_couchdb_multimaster.json @@ -8,8 +8,8 @@ "ednp_server": "= stunnel_server(couch.bigcouch.ednp_port)" }, "clients": { - "epmd_clients": "= stunnel_client(nodes_like_me[:services => :couchdb], couch.bigcouch.epmd_port)", - "ednp_clients": "= stunnel_client(nodes_like_me[:services => :couchdb], couch.bigcouch.ednp_port)" + "epmd_clients": "= stunnel_client(nodes_like_me['services' => 'couchdb']['couch.mode' => 'multimaster'], couch.bigcouch.epmd_port)", + "ednp_clients": "= stunnel_client(nodes_like_me['services' => 'couchdb']['couch.mode' => 'multimaster'], couch.bigcouch.ednp_port)" } }, "couch": { @@ -18,7 +18,7 @@ "epmd_port": 4369, "ednp_port": 9002, "cookie": "= secret :bigcouch_cookie", - "neighbors": "= nodes_like_me['services' => 'couchdb']['couch.master' => true].exclude(self).field('domain.full')" + "neighbors": "= nodes_like_me['services' => 'couchdb']['couch.mode' => 'multimaster'].exclude(self).field('domain.full')" } } } diff --git a/puppet/modules/site_apache/templates/vhosts.d/api.conf.erb b/puppet/modules/site_apache/templates/vhosts.d/api.conf.erb index 3360ac59..74cd1ced 100644 --- a/puppet/modules/site_apache/templates/vhosts.d/api.conf.erb +++ b/puppet/modules/site_apache/templates/vhosts.d/api.conf.erb @@ -2,12 +2,14 @@ ServerName <%= api_domain %> RewriteEngine On RewriteRule ^.*$ https://<%= api_domain -%>:<%= api_port -%>%{REQUEST_URI} [R=permanent,L] + CustomLog ${APACHE_LOG_DIR}/other_vhosts_access.log common </VirtualHost> Listen 0.0.0.0:<%= api_port %> <VirtualHost *:<%= api_port -%>> ServerName <%= api_domain %> + CustomLog ${APACHE_LOG_DIR}/other_vhosts_access.log common SSLEngine on SSLProtocol all -SSLv2 diff --git a/puppet/modules/site_apache/templates/vhosts.d/common.conf.erb b/puppet/modules/site_apache/templates/vhosts.d/common.conf.erb index ed430510..0e08529c 100644 --- a/puppet/modules/site_apache/templates/vhosts.d/common.conf.erb +++ b/puppet/modules/site_apache/templates/vhosts.d/common.conf.erb @@ -3,12 +3,14 @@ ServerAlias www.<%= domain %> RewriteEngine On RewriteRule ^.*$ https://<%= domain -%>%{REQUEST_URI} [R=permanent,L] + CustomLog ${APACHE_LOG_DIR}/other_vhosts_access.log common </VirtualHost> <VirtualHost *:443> ServerName <%= domain_name %> ServerAlias <%= domain %> ServerAlias www.<%= domain %> + CustomLog ${APACHE_LOG_DIR}/other_vhosts_access.log common SSLEngine on SSLProtocol all -SSLv2 diff --git a/puppet/modules/site_apt/manifests/preferences/rsyslog.pp b/puppet/modules/site_apt/manifests/preferences/rsyslog.pp index 132a6e24..bfeaa7da 100644 --- a/puppet/modules/site_apt/manifests/preferences/rsyslog.pp +++ b/puppet/modules/site_apt/manifests/preferences/rsyslog.pp @@ -1,9 +1,13 @@ class site_apt::preferences::rsyslog { - apt::preferences_snippet { 'rsyslog_anon_depends': - package => 'libestr0 librelp0 rsyslog*', - priority => '999', - pin => 'release a=wheezy-backports', - before => Class['rsyslog::install'] + apt::preferences_snippet { + 'rsyslog_anon_depends': + package => 'libestr0 librelp0 rsyslog*', + priority => '999', + pin => 'release a=wheezy-backports', + before => Class['rsyslog::install']; + + 'fixed_rsyslog_anon_package': + ensure => absent; } } diff --git a/puppet/modules/site_obfsproxy/manifests/init.pp b/puppet/modules/site_obfsproxy/manifests/init.pp index 40b7fba8..6275ebee 100644 --- a/puppet/modules/site_obfsproxy/manifests/init.pp +++ b/puppet/modules/site_obfsproxy/manifests/init.pp @@ -11,13 +11,13 @@ class site_obfsproxy { $dest_ip = $obfsproxy['gateway_address'] $dest_port = '443' - if $::services =~ /\bopenvpn\b/ { - $openvpn = hiera('openvpn') - $bind_address = $openvpn['gateway_address'] - } - elsif $::services =~ /\bobfsproxy\b/ { - $bind_address = hiera('ip_address') - } + if member($::services, 'openvpn') { + $openvpn = hiera('openvpn') + $bind_address = $openvpn['gateway_address'] + } + elsif member($::services, 'obfsproxy') { + $bind_address = hiera('ip_address') + } include site_apt::preferences::twisted include site_apt::preferences::obfsproxy |