summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.gitignore1
-rw-r--r--platform.rb4
-rw-r--r--provider_base/services/mx.json3
-rw-r--r--puppet/manifests/site.pp1
-rw-r--r--puppet/modules/leap_mx/manifests/init.pp56
-rw-r--r--puppet/modules/leap_mx/templates/mx.conf.erb15
-rw-r--r--puppet/modules/site_config/manifests/default.pp3
-rw-r--r--puppet/modules/site_config/manifests/files.pp10
-rw-r--r--puppet/modules/site_config/manifests/hosts.pp2
-rw-r--r--puppet/modules/site_config/templates/hosts3
-rw-r--r--puppet/modules/site_mx/manifests/init.pp1
-rw-r--r--puppet/modules/site_nickserver/manifests/init.pp41
-rw-r--r--puppet/modules/site_openvpn/manifests/init.pp13
-rw-r--r--puppet/modules/site_openvpn/manifests/resolver.pp10
-rw-r--r--puppet/modules/site_openvpn/manifests/server_config.pp54
-rw-r--r--puppet/modules/site_postfix/manifests/mx.pp12
-rw-r--r--puppet/modules/site_postfix/manifests/mx/smtp_auth.pp10
-rw-r--r--puppet/modules/site_webapp/manifests/init.pp29
-rw-r--r--puppet/modules/try/manifests/file.pp104
19 files changed, 272 insertions, 100 deletions
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 00000000..62603355
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+.reviewboardrc
diff --git a/platform.rb b/platform.rb
index 9f63b4ca..9921f3a2 100644
--- a/platform.rb
+++ b/platform.rb
@@ -3,8 +3,8 @@
#
Leap::Platform.define do
- self.version = "1.1.2"
- self.compatible_cli = "1.1.2".."1.99"
+ self.version = "0.2.3"
+ self.compatible_cli = "1.1.3".."1.99"
#
# the facter facts that should be gathered
diff --git a/provider_base/services/mx.json b/provider_base/services/mx.json
index b15bfbc8..91ad3277 100644
--- a/provider_base/services/mx.json
+++ b/provider_base/services/mx.json
@@ -16,5 +16,6 @@
"commercial_cert": "= file [:commercial_cert, domain.full_suffix]",
"commercial_key": "= file [:commercial_key, domain.full_suffix]",
"commercial_ca_cert": "= try_file :commercial_ca_cert"
- }
+ },
+ "service_type": "user_service"
}
diff --git a/puppet/manifests/site.pp b/puppet/manifests/site.pp
index a340ce66..c1ac8396 100644
--- a/puppet/manifests/site.pp
+++ b/puppet/manifests/site.pp
@@ -40,3 +40,4 @@ if $services =~ /\btor\b/ {
if $services =~ /\bmx\b/ {
include site_mx
}
+
diff --git a/puppet/modules/leap_mx/manifests/init.pp b/puppet/modules/leap_mx/manifests/init.pp
new file mode 100644
index 00000000..652eb85b
--- /dev/null
+++ b/puppet/modules/leap_mx/manifests/init.pp
@@ -0,0 +1,56 @@
+class leap_mx {
+
+ $couchdb_host = 'localhost'
+ $couchdb_port = '4096'
+ $couchdb_user = $soledad::couchdb::user
+ $couchdb_password = $soledad::couchdb::password
+
+ #
+ # USER AND GROUP
+ #
+
+ group { 'leap-mx':
+ ensure => present,
+ allowdupe => false;
+ }
+
+ user { 'leap-mx':
+ ensure => present,
+ allowdupe => false,
+ gid => 'leap-mx',
+ home => '/etc/leap',
+ require => Group['leap-mx'];
+ }
+
+ #
+ # LEAP-MX CONFIG
+ #
+
+ file { '/etc/leap/mx.conf':
+ content => template('leap_mx/mx.conf.erb'),
+ owner => 'leap-mx',
+ group => 'leap-mx',
+ mode => '0600',
+ notify => Service['leap-mx'];
+ }
+
+ #
+ # LEAP-MX CODE
+ #
+
+ package { 'leap-mx':
+ ensure => installed;
+ }
+
+ #
+ # LEAP-MX DAEMON
+ #
+
+ service { 'leap_mx':
+ ensure => running,
+ enable => true,
+ hasstatus => true,
+ hasrestart => true,
+ require => [ Package['leap-mx'] ];
+ }
+}
diff --git a/puppet/modules/leap_mx/templates/mx.conf.erb b/puppet/modules/leap_mx/templates/mx.conf.erb
new file mode 100644
index 00000000..bf1e6421
--- /dev/null
+++ b/puppet/modules/leap_mx/templates/mx.conf.erb
@@ -0,0 +1,15 @@
+[mail1]
+path=/var/mail/vmail
+recursive=True
+
+[couchdb]
+user=<%= @couchdb_user %>
+password=<%= @couchdb_password %>
+server=<%= @couchdb_host %>
+port=<%= @couchdb_port %>
+
+[alias map]
+port=4242
+
+[check recipient]
+port=2244 \ No newline at end of file
diff --git a/puppet/modules/site_config/manifests/default.pp b/puppet/modules/site_config/manifests/default.pp
index 00eee9d0..e299a0f4 100644
--- a/puppet/modules/site_config/manifests/default.pp
+++ b/puppet/modules/site_config/manifests/default.pp
@@ -41,4 +41,7 @@ class site_config::default {
# include basic shell config
include site_config::shell
+
+ # set up core leap files and directories
+ include site_config::files
}
diff --git a/puppet/modules/site_config/manifests/files.pp b/puppet/modules/site_config/manifests/files.pp
new file mode 100644
index 00000000..03c9aff8
--- /dev/null
+++ b/puppet/modules/site_config/manifests/files.pp
@@ -0,0 +1,10 @@
+class site_config::files {
+
+ file { '/srv/leap':
+ ensure => directory,
+ owner => 'root',
+ group => 'root',
+ mode => '0711'
+ }
+
+} \ No newline at end of file
diff --git a/puppet/modules/site_config/manifests/hosts.pp b/puppet/modules/site_config/manifests/hosts.pp
index ccedf036..a3ce0c1f 100644
--- a/puppet/modules/site_config/manifests/hosts.pp
+++ b/puppet/modules/site_config/manifests/hosts.pp
@@ -1,5 +1,5 @@
class site_config::hosts() {
- $hosts = hiera('hosts','')
+ $hosts = hiera('hosts', false)
$hostname = hiera('name')
$domain_hash = hiera('domain')
$domain_public = $domain_hash['full_suffix']
diff --git a/puppet/modules/site_config/templates/hosts b/puppet/modules/site_config/templates/hosts
index 2c784b05..c0a2740f 100644
--- a/puppet/modules/site_config/templates/hosts
+++ b/puppet/modules/site_config/templates/hosts
@@ -4,7 +4,8 @@
127.0.1.1 <%= @hostname %>.<%= @domain_public %> <%= @hostname %>
<%- if @hosts then -%>
-<% @hosts.each do |name, props| -%>
+<% @hosts.keys.sort.each do |name| -%>
+<%- props = @hosts[name] -%>
<%= props["ip_address"] %> <%= props["domain_full"] %> <%= props["domain_internal"] %> <%= name %>
<% end -%>
<% end -%>
diff --git a/puppet/modules/site_mx/manifests/init.pp b/puppet/modules/site_mx/manifests/init.pp
index 86ae56e1..4cf3f41a 100644
--- a/puppet/modules/site_mx/manifests/init.pp
+++ b/puppet/modules/site_mx/manifests/init.pp
@@ -6,4 +6,5 @@ class site_mx {
include site_shorewall::mx
include site_shorewall::service::smtp
include site_mx::couchdb
+ include leap_mx
}
diff --git a/puppet/modules/site_nickserver/manifests/init.pp b/puppet/modules/site_nickserver/manifests/init.pp
index 7dfa2603..a3368771 100644
--- a/puppet/modules/site_nickserver/manifests/init.pp
+++ b/puppet/modules/site_nickserver/manifests/init.pp
@@ -1,10 +1,12 @@
#
-# TODO: currently, this is dependent on some things that are set up in site_webapp
+# TODO: currently, this is dependent on some things that are set up in
+# site_webapp
#
# (1) HAProxy -> couchdb
# (2) Apache
#
-# It would be good in the future to make nickserver installable independently of site_webapp.
+# It would be good in the future to make nickserver installable independently of
+# site_webapp.
#
class site_nickserver {
@@ -16,14 +18,18 @@ class site_nickserver {
#
$nickserver = hiera('nickserver')
- $nickserver_port = $nickserver['port'] # the port that public connects to (should be 6425)
- $nickserver_local_port = '64250' # the port that nickserver is actually running on
+ # the port that public connects to (should be 6425)
+ $nickserver_port = $nickserver['port']
+ # the port that nickserver is actually running on
+ $nickserver_local_port = '64250'
$nickserver_domain = $nickserver['domain']
$couchdb_user = $nickserver['couchdb_user']['username']
$couchdb_password = $nickserver['couchdb_user']['password']
- $couchdb_host = 'localhost' # couchdb is available on localhost via haproxy, which is bound to 4096.
- $couchdb_port = '4096' # See site_webapp/templates/haproxy_couchdb.cfg.erg
+ # couchdb is available on localhost via haproxy, which is bound to 4096.
+ $couchdb_host = 'localhost'
+ # See site_webapp/templates/haproxy_couchdb.cfg.erg
+ $couchdb_port = '4096'
# temporarily for now:
$domain = hiera('domain')
@@ -41,6 +47,7 @@ class site_nickserver {
ensure => present,
allowdupe => false;
}
+
user { 'nickserver':
ensure => present,
allowdupe => false,
@@ -50,14 +57,14 @@ class site_nickserver {
}
#
- # NICKSERVER CODE
- # NOTE: in order to support TLS, libssl-dev must be installed before EventMachine gem
- # is built/installed.
+ # NICKSERVER CODE NOTE: in order to support TLS, libssl-dev must be installed
+ # before EventMachine gem is built/installed.
#
package {
'libssl-dev': ensure => installed;
}
+
vcsrepo { '/srv/leap/nickserver':
ensure => present,
revision => 'origin/master',
@@ -68,13 +75,15 @@ class site_nickserver {
require => [ User['nickserver'], Group['nickserver'] ],
notify => Exec['nickserver_bundler_update'];
}
+
exec { 'nickserver_bundler_update':
cwd => '/srv/leap/nickserver',
command => '/bin/bash -c "/usr/bin/bundle check || /usr/bin/bundle install --path vendor/bundle"',
unless => '/usr/bin/bundle check',
user => 'nickserver',
timeout => 600,
- require => [ Class['bundler::install'], Vcsrepo['/srv/leap/nickserver'], Package['libssl-dev'] ],
+ require => [ Class['bundler::install'], Vcsrepo['/srv/leap/nickserver'],
+ Package['libssl-dev'] ],
notify => Service['nickserver'];
}
@@ -99,8 +108,11 @@ class site_nickserver {
ensure => link,
target => '/srv/leap/nickserver/bin/nickserver',
require => Vcsrepo['/srv/leap/nickserver'];
+
'/etc/init.d/nickserver':
- owner => root, group => 0, mode => '0755',
+ owner => root,
+ group => 0,
+ mode => '0755',
source => '/srv/leap/nickserver/dist/debian-init-script',
require => Vcsrepo['/srv/leap/nickserver'];
}
@@ -119,7 +131,7 @@ class site_nickserver {
#
file { '/etc/shorewall/macro.nickserver':
- content => "PARAM - - tcp $nickserver_port",
+ content => "PARAM - - tcp ${nickserver_port}",
notify => Service['shorewall'],
require => Package['shorewall'];
}
@@ -142,7 +154,8 @@ class site_nickserver {
}
apache::vhost::file {
- 'nickserver': content => template('site_nickserver/nickserver-proxy.conf.erb')
+ 'nickserver':
+ content => template('site_nickserver/nickserver-proxy.conf.erb')
}
x509::key { 'nickserver':
@@ -159,4 +172,4 @@ class site_nickserver {
content => $x509_ca,
notify => Service[apache];
}
-} \ No newline at end of file
+}
diff --git a/puppet/modules/site_openvpn/manifests/init.pp b/puppet/modules/site_openvpn/manifests/init.pp
index 4f900623..b2bb0d3a 100644
--- a/puppet/modules/site_openvpn/manifests/init.pp
+++ b/puppet/modules/site_openvpn/manifests/init.pp
@@ -5,8 +5,9 @@
# (2) unlimited only
# (3) limited only
#
-# The difference is that 'unlimited' gateways only allow client certs that match the 'unlimited_prefix',
-# and 'limited' gateways only allow certs that match the 'limited_prefix'.
+# The difference is that 'unlimited' gateways only allow client certs that match
+# the 'unlimited_prefix', and 'limited' gateways only allow certs that match the
+# 'limited_prefix'.
#
# We potentially create four openvpn config files (thus four daemons):
#
@@ -89,8 +90,8 @@ class site_openvpn {
management => '127.0.0.1 1001'
}
} else {
- tidy { "/etc/openvpn/tcp_config.conf": }
- tidy { "/etc/openvpn/udp_config.conf": }
+ tidy { '/etc/openvpn/tcp_config.conf': }
+ tidy { '/etc/openvpn/udp_config.conf': }
}
if $openvpn_allow_limited {
@@ -113,8 +114,8 @@ class site_openvpn {
management => '127.0.0.1 1003'
}
} else {
- tidy { "/etc/openvpn/limited_tcp_config.conf": }
- tidy { "/etc/openvpn/limited_udp_config.conf": }
+ tidy { '/etc/openvpn/limited_tcp_config.conf': }
+ tidy { '/etc/openvpn/limited_udp_config.conf': }
}
file {
diff --git a/puppet/modules/site_openvpn/manifests/resolver.pp b/puppet/modules/site_openvpn/manifests/resolver.pp
index dc31767c..c1bce858 100644
--- a/puppet/modules/site_openvpn/manifests/resolver.pp
+++ b/puppet/modules/site_openvpn/manifests/resolver.pp
@@ -54,28 +54,28 @@ class site_openvpn::resolver {
# go away and instead the caching_resolver should be configured to
# include: /etc/unbound/conf.d/*
- line {
+ file_line {
'add_unlimited_tcp_resolver':
ensure => $ensure_unlimited,
- file => '/etc/unbound/unbound.conf',
+ path => '/etc/unbound/unbound.conf',
line => 'server: include: /etc/unbound/conf.d/vpn_unlimited_tcp_resolver',
notify => Service['unbound'],
require => Package['unbound'];
'add_unlimited_udp_resolver':
ensure => $ensure_unlimited,
- file => '/etc/unbound/unbound.conf',
+ path => '/etc/unbound/unbound.conf',
line => 'server: include: /etc/unbound/conf.d/vpn_unlimited_udp_resolver',
notify => Service['unbound'],
require => Package['unbound'];
'add_limited_tcp_resolver':
ensure => $ensure_limited,
- file => '/etc/unbound/unbound.conf',
+ path => '/etc/unbound/unbound.conf',
line => 'server: include: /etc/unbound/conf.d/vpn_limited_tcp_resolver',
notify => Service['unbound'],
require => Package['unbound'];
'add_limited_udp_resolver':
ensure => $ensure_limited,
- file => '/etc/unbound/unbound.conf',
+ path => '/etc/unbound/unbound.conf',
line => 'server: include: /etc/unbound/conf.d/vpn_limited_udp_resolver',
notify => Service['unbound'],
require => Package['unbound']
diff --git a/puppet/modules/site_openvpn/manifests/server_config.pp b/puppet/modules/site_openvpn/manifests/server_config.pp
index 6106cfbb..5ba9812f 100644
--- a/puppet/modules/site_openvpn/manifests/server_config.pp
+++ b/puppet/modules/site_openvpn/manifests/server_config.pp
@@ -70,97 +70,97 @@ define site_openvpn::server_config(
if $tls_remote != undef {
openvpn::option {
- "tls-remote $openvpn_configname":
- key => 'tls-remote',
- value => $tls_remote,
- server => $openvpn_configname;
+ "tls-remote ${openvpn_configname}":
+ key => 'tls-remote',
+ value => $tls_remote,
+ server => $openvpn_configname;
}
}
openvpn::option {
- "ca $openvpn_configname":
+ "ca ${openvpn_configname}":
key => 'ca',
value => '/etc/openvpn/ca_bundle.pem',
server => $openvpn_configname;
- "cert $openvpn_configname":
+ "cert ${openvpn_configname}":
key => 'cert',
value => '/etc/x509/certs/leap_openvpn.crt',
server => $openvpn_configname;
- "key $openvpn_configname":
+ "key ${openvpn_configname}":
key => 'key',
value => '/etc/x509/keys/leap_openvpn.key',
server => $openvpn_configname;
- "dh $openvpn_configname":
+ "dh ${openvpn_configname}":
key => 'dh',
value => '/etc/openvpn/keys/dh.pem',
server => $openvpn_configname;
- "tls-cipher $openvpn_configname":
+ "tls-cipher ${openvpn_configname}":
key => 'tls-cipher',
value => 'DHE-RSA-AES128-SHA',
server => $openvpn_configname;
- "auth $openvpn_configname":
+ "auth ${openvpn_configname}":
key => 'auth',
value => 'SHA1',
server => $openvpn_configname;
- "cipher $openvpn_configname":
+ "cipher ${openvpn_configname}":
key => 'cipher',
value => 'AES-128-CBC',
server => $openvpn_configname;
- "dev $openvpn_configname":
+ "dev ${openvpn_configname}":
key => 'dev',
value => 'tun',
server => $openvpn_configname;
- "duplicate-cn $openvpn_configname":
+ "duplicate-cn ${openvpn_configname}":
key => 'duplicate-cn',
server => $openvpn_configname;
- "keepalive $openvpn_configname":
+ "keepalive ${openvpn_configname}":
key => 'keepalive',
value => '5 20',
server => $openvpn_configname;
- "local $openvpn_configname":
+ "local ${openvpn_configname}":
key => 'local',
value => $local,
server => $openvpn_configname;
- "mute $openvpn_configname":
+ "mute ${openvpn_configname}":
key => 'mute',
value => '5',
server => $openvpn_configname;
- "mute-replay-warnings $openvpn_configname":
+ "mute-replay-warnings ${openvpn_configname}":
key => 'mute-replay-warnings',
server => $openvpn_configname;
- "management $openvpn_configname":
+ "management ${openvpn_configname}":
key => 'management',
value => $management,
server => $openvpn_configname;
- "proto $openvpn_configname":
+ "proto ${openvpn_configname}":
key => 'proto',
value => $proto,
server => $openvpn_configname;
- "push1 $openvpn_configname":
+ "push1 ${openvpn_configname}":
key => 'push',
value => $push,
server => $openvpn_configname;
- "push2 $openvpn_configname":
+ "push2 ${openvpn_configname}":
key => 'push',
value => '"redirect-gateway def1"',
server => $openvpn_configname;
- "script-security $openvpn_configname":
+ "script-security ${openvpn_configname}":
key => 'script-security',
value => '2',
server => $openvpn_configname;
- "server $openvpn_configname":
+ "server ${openvpn_configname}":
key => 'server',
value => $server,
server => $openvpn_configname;
- "status $openvpn_configname":
+ "status ${openvpn_configname}":
key => 'status',
value => '/var/run/openvpn-status 10',
server => $openvpn_configname;
- "status-version $openvpn_configname":
+ "status-version ${openvpn_configname}":
key => 'status-version',
value => '3',
server => $openvpn_configname;
- "topology $openvpn_configname":
+ "topology ${openvpn_configname}":
key => 'topology',
value => 'subnet',
server => $openvpn_configname;
@@ -169,7 +169,7 @@ define site_openvpn::server_config(
# key => 'up',
# value => '/etc/openvpn/server-up.sh',
# server => $openvpn_configname;
- "verb $openvpn_configname":
+ "verb ${openvpn_configname}":
key => 'verb',
value => '3',
server => $openvpn_configname;
diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp
index 5ec8ab49..0581f147 100644
--- a/puppet/modules/site_postfix/manifests/mx.pp
+++ b/puppet/modules/site_postfix/manifests/mx.pp
@@ -13,11 +13,11 @@ class site_postfix::mx {
value => "\$myorigin, localhost, localhost.\$mydomain, ${domain}";
'smtpd_recipient_restrictions':
value => 'check_recipient_access tcp:localhost:2244,permit_tls_all_clientcerts,reject_unauth_destination';
- 'mailbox_size_limit': value => '0';
- 'home_mailbox': value => 'Maildir/';
- 'virtual_alias_maps': value => 'tcp:localhost:4242';
- 'luser_relay': value => 'vmail';
- 'local_recipient_maps': value => '';
+ 'mailbox_size_limit': value => '0';
+ 'home_mailbox': value => 'Maildir/';
+ 'virtual_alias_maps': value => 'tcp:localhost:4242';
+ 'luser_relay': value => 'vmail';
+ 'local_recipient_maps': value => '';
'debug_peer_list': value => '127.0.0.1';
}
@@ -36,6 +36,6 @@ class site_postfix::mx {
root_mail_recipient => $root_mail_recipient,
smtp_listen => 'all',
require => [ X509::Key[$cert_name], X509::Cert[$cert_name],
- User['vmail'] ]
+ User['vmail'] ]
}
}
diff --git a/puppet/modules/site_postfix/manifests/mx/smtp_auth.pp b/puppet/modules/site_postfix/manifests/mx/smtp_auth.pp
new file mode 100644
index 00000000..ab75130e
--- /dev/null
+++ b/puppet/modules/site_postfix/manifests/mx/smtp_auth.pp
@@ -0,0 +1,10 @@
+class site_postfix::mx::smtp_auth {
+ $x509 = hiera('x509')
+
+ postfix::config {
+ 'smtpd_tls_cert_file': value => $x509['client_ca_cert'];
+ 'smtpd_tls_key_file': value => $x509['client_ca_key'];
+ 'smtpd_tls_ask_ccert': value => 'yes';
+ #'smtpd_tls_CAfile': value =>
+ }
+}
diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp
index e743dc07..103a0faf 100644
--- a/puppet/modules/site_webapp/manifests/init.pp
+++ b/puppet/modules/site_webapp/manifests/init.pp
@@ -107,24 +107,35 @@ class site_webapp {
try::file {
'/srv/leap/webapp/public/favicon.ico':
- ensure => 'link',
+ ensure => present,
+ owner => leap-webapp,
+ group => leap-webapp,
require => Vcsrepo['/srv/leap/webapp'],
- target => $webapp['favicon'];
+ source => $webapp['favicon'];
'/srv/leap/webapp/app/assets/stylesheets/tail.scss':
- ensure => 'link',
+ ensure => present,
+ owner => leap-webapp,
+ group => leap-webapp,
require => Vcsrepo['/srv/leap/webapp'],
- target => $webapp['tail_scss'];
+ source => $webapp['tail_scss'];
'/srv/leap/webapp/app/assets/stylesheets/head.scss':
- ensure => 'link',
+ ensure => present,
+ owner => leap-webapp,
+ group => leap-webapp,
require => Vcsrepo['/srv/leap/webapp'],
- target => $webapp['head_scss'];
+ source => $webapp['head_scss'];
'/srv/leap/webapp/public/img':
- ensure => 'link',
- require => Vcsrepo['/srv/leap/webapp'],
- target => $webapp['img_dir'];
+ ensure => directory,
+ recurse => true,
+ purge => true,
+ force => true,
+ owner => leap-webapp,
+ group => leap-webapp,
+ mode => '0644',
+ source => $webapp['img_dir'];
}
file {
diff --git a/puppet/modules/try/manifests/file.pp b/puppet/modules/try/manifests/file.pp
index 47a8c269..4cefef2f 100644
--- a/puppet/modules/try/manifests/file.pp
+++ b/puppet/modules/try/manifests/file.pp
@@ -1,60 +1,108 @@
#
-# like built-in type "file", but gets gracefully ignored if the target does not exist or is undefined.
+# Works like the built-in type "file", but gets gracefully ignored if the target/source does not exist or is undefined.
#
-# /bin/true and /usr/bin/test are hardcoded to their paths in debian.
+# Also, if the source or target doesn't exist, and the destination is a git repo, then the file is restored from git.
+#
+# All executable paths are hardcoded to their paths in debian.
+#
+# known limitations:
+# * this is far too noisy
+# * $restore does not work for directories
+# * only file:// $source is supported
+# * $content is not supported, only $target or $source.
#
-
define try::file (
$ensure = undef,
$target = undef,
+ $source = undef,
+ $owner = undef,
+ $group = undef,
+ $recurse = undef,
+ $purge = undef,
+ $force = undef,
+ $mode = undef,
$restore = true) {
- if $target != undef {
- exec { "check_${name}":
- command => "/bin/true",
- onlyif => "/usr/bin/test -e '${target}'",
- loglevel => info;
+ # dummy exec to propagate requires:
+ # metaparameter 'require' will get triggered by this dummy exec
+ # so then we just need to depend on this to capture all requires.
+ # exec { $name: command => "/bin/true" }
+
+ exec {
+ "chmod_${name}":
+ command => "/bin/chmod -R ${mode} '${name}'",
+ onlyif => "/usr/bin/test $mode",
+ loglevel => debug;
+ "chown_${name}":
+ command => "/bin/chown -R ${owner} '${name}'",
+ onlyif => "/usr/bin/test $owner",
+ loglevel => debug;
+ "chgrp_${name}":
+ command => "/bin/chgrp -R ${group} '${name}'",
+ onlyif => "/usr/bin/test $group",
+ loglevel => debug;
+ }
+
+ if $target {
+ exec { "symlink_${name}":
+ command => "/bin/ln -s ${target} ${name}",
+ onlyif => "/usr/bin/test -d '${target}'",
}
- file { "$name":
- ensure => $ensure,
- target => $target,
- require => $require ? {
- undef => Exec["check_${name}"],
- default => [ $require, Exec["check_${name}"] ]
- },
- loglevel => info;
+ } elsif $source {
+ if $ensure == 'directory' {
+ if $purge {
+ exec { "rsync_${name}":
+ command => "/usr/bin/rsync -r --delete '${source}/' '${name}'",
+ onlyif => "/usr/bin/test -d '${source}'",
+ unless => "/usr/bin/diff -q '${source}' '${name}'",
+ notify => [Exec["chmod_${name}"], Exec["chown_${name}"], Exec["chgrp_${name}"]]
+ }
+ } else {
+ exec { "cp_r_${name}":
+ command => "/bin/cp -r '${source}' '${name}'",
+ onlyif => "/usr/bin/test -d '${source}'",
+ unless => "/usr/bin/diff -q '${source}' '${name}'",
+ notify => [Exec["chmod_${name}"], Exec["chown_${name}"], Exec["chgrp_${name}"]]
+ }
+ }
+ } else {
+ exec { "cp_${name}":
+ command => "/bin/cp '${source}' '${name}'",
+ onlyif => "/usr/bin/test -e '${source}'",
+ unless => "/usr/bin/diff -q '${source}' '${name}'",
+ notify => [Exec["chmod_${name}"], Exec["chown_${name}"], Exec["chgrp_${name}"]]
+ }
}
}
#
- # if the target does not exist (or is undef), and the file happens to be in a git repo,
+ # if the target/source does not exist (or is undef), and the file happens to be in a git repo,
# then restore the file to its original state.
#
- if $target == undef or $restore {
+
+ if $target {
+ $target_or_source = $target
+ } else {
+ $target_or_source = $source
+ }
+
+ if ($target_or_source == undef) or $restore {
$file_basename = basename($name)
$file_dirname = dirname($name)
$command = "git rev-parse && unlink '${name}'; git checkout -- '${file_basename}' && chown --reference='${file_dirname}' '${name}'; true"
debug($command)
- if $target == undef {
+ if $target_or_source == undef {
exec { "restore_${name}":
command => $command,
cwd => $file_dirname,
- require => $require ? {
- undef => undef,
- default => [ $require ]
- },
loglevel => info;
}
} else {
exec { "restore_${name}":
- unless => "/usr/bin/test -e '${target}'",
+ unless => "/usr/bin/test -e '${target_or_source}'",
command => $command,
cwd => $file_dirname,
- require => $require ? {
- undef => undef,
- default => [ $require ]
- },
loglevel => info;
}
}