diff options
-rw-r--r-- | .gitignore | 1 | ||||
-rw-r--r-- | platform.rb | 4 | ||||
-rw-r--r-- | provider_base/services/mx.json | 3 | ||||
-rw-r--r-- | puppet/manifests/site.pp | 1 | ||||
-rw-r--r-- | puppet/modules/leap_mx/manifests/init.pp | 56 | ||||
-rw-r--r-- | puppet/modules/leap_mx/templates/mx.conf.erb | 15 | ||||
-rw-r--r-- | puppet/modules/site_config/manifests/default.pp | 3 | ||||
-rw-r--r-- | puppet/modules/site_config/manifests/files.pp | 10 | ||||
-rw-r--r-- | puppet/modules/site_config/manifests/hosts.pp | 2 | ||||
-rw-r--r-- | puppet/modules/site_config/templates/hosts | 3 | ||||
-rw-r--r-- | puppet/modules/site_mx/manifests/init.pp | 1 | ||||
-rw-r--r-- | puppet/modules/site_nickserver/manifests/init.pp | 41 | ||||
-rw-r--r-- | puppet/modules/site_openvpn/manifests/init.pp | 13 | ||||
-rw-r--r-- | puppet/modules/site_openvpn/manifests/resolver.pp | 10 | ||||
-rw-r--r-- | puppet/modules/site_openvpn/manifests/server_config.pp | 54 | ||||
-rw-r--r-- | puppet/modules/site_postfix/manifests/mx.pp | 12 | ||||
-rw-r--r-- | puppet/modules/site_postfix/manifests/mx/smtp_auth.pp | 10 | ||||
-rw-r--r-- | puppet/modules/site_webapp/manifests/init.pp | 29 | ||||
-rw-r--r-- | puppet/modules/try/manifests/file.pp | 104 |
19 files changed, 272 insertions, 100 deletions
diff --git a/.gitignore b/.gitignore new file mode 100644 index 00000000..62603355 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.reviewboardrc diff --git a/platform.rb b/platform.rb index 9f63b4ca..9921f3a2 100644 --- a/platform.rb +++ b/platform.rb @@ -3,8 +3,8 @@ # Leap::Platform.define do - self.version = "1.1.2" - self.compatible_cli = "1.1.2".."1.99" + self.version = "0.2.3" + self.compatible_cli = "1.1.3".."1.99" # # the facter facts that should be gathered diff --git a/provider_base/services/mx.json b/provider_base/services/mx.json index b15bfbc8..91ad3277 100644 --- a/provider_base/services/mx.json +++ b/provider_base/services/mx.json @@ -16,5 +16,6 @@ "commercial_cert": "= file [:commercial_cert, domain.full_suffix]", "commercial_key": "= file [:commercial_key, domain.full_suffix]", "commercial_ca_cert": "= try_file :commercial_ca_cert" - } + }, + "service_type": "user_service" } diff --git a/puppet/manifests/site.pp b/puppet/manifests/site.pp index a340ce66..c1ac8396 100644 --- a/puppet/manifests/site.pp +++ b/puppet/manifests/site.pp @@ -40,3 +40,4 @@ if $services =~ /\btor\b/ { if $services =~ /\bmx\b/ { include site_mx } + diff --git a/puppet/modules/leap_mx/manifests/init.pp b/puppet/modules/leap_mx/manifests/init.pp new file mode 100644 index 00000000..652eb85b --- /dev/null +++ b/puppet/modules/leap_mx/manifests/init.pp @@ -0,0 +1,56 @@ +class leap_mx { + + $couchdb_host = 'localhost' + $couchdb_port = '4096' + $couchdb_user = $soledad::couchdb::user + $couchdb_password = $soledad::couchdb::password + + # + # USER AND GROUP + # + + group { 'leap-mx': + ensure => present, + allowdupe => false; + } + + user { 'leap-mx': + ensure => present, + allowdupe => false, + gid => 'leap-mx', + home => '/etc/leap', + require => Group['leap-mx']; + } + + # + # LEAP-MX CONFIG + # + + file { '/etc/leap/mx.conf': + content => template('leap_mx/mx.conf.erb'), + owner => 'leap-mx', + group => 'leap-mx', + mode => '0600', + notify => Service['leap-mx']; + } + + # + # LEAP-MX CODE + # + + package { 'leap-mx': + ensure => installed; + } + + # + # LEAP-MX DAEMON + # + + service { 'leap_mx': + ensure => running, + enable => true, + hasstatus => true, + hasrestart => true, + require => [ Package['leap-mx'] ]; + } +} diff --git a/puppet/modules/leap_mx/templates/mx.conf.erb b/puppet/modules/leap_mx/templates/mx.conf.erb new file mode 100644 index 00000000..bf1e6421 --- /dev/null +++ b/puppet/modules/leap_mx/templates/mx.conf.erb @@ -0,0 +1,15 @@ +[mail1] +path=/var/mail/vmail +recursive=True + +[couchdb] +user=<%= @couchdb_user %> +password=<%= @couchdb_password %> +server=<%= @couchdb_host %> +port=<%= @couchdb_port %> + +[alias map] +port=4242 + +[check recipient] +port=2244
\ No newline at end of file diff --git a/puppet/modules/site_config/manifests/default.pp b/puppet/modules/site_config/manifests/default.pp index 00eee9d0..e299a0f4 100644 --- a/puppet/modules/site_config/manifests/default.pp +++ b/puppet/modules/site_config/manifests/default.pp @@ -41,4 +41,7 @@ class site_config::default { # include basic shell config include site_config::shell + + # set up core leap files and directories + include site_config::files } diff --git a/puppet/modules/site_config/manifests/files.pp b/puppet/modules/site_config/manifests/files.pp new file mode 100644 index 00000000..03c9aff8 --- /dev/null +++ b/puppet/modules/site_config/manifests/files.pp @@ -0,0 +1,10 @@ +class site_config::files { + + file { '/srv/leap': + ensure => directory, + owner => 'root', + group => 'root', + mode => '0711' + } + +}
\ No newline at end of file diff --git a/puppet/modules/site_config/manifests/hosts.pp b/puppet/modules/site_config/manifests/hosts.pp index ccedf036..a3ce0c1f 100644 --- a/puppet/modules/site_config/manifests/hosts.pp +++ b/puppet/modules/site_config/manifests/hosts.pp @@ -1,5 +1,5 @@ class site_config::hosts() { - $hosts = hiera('hosts','') + $hosts = hiera('hosts', false) $hostname = hiera('name') $domain_hash = hiera('domain') $domain_public = $domain_hash['full_suffix'] diff --git a/puppet/modules/site_config/templates/hosts b/puppet/modules/site_config/templates/hosts index 2c784b05..c0a2740f 100644 --- a/puppet/modules/site_config/templates/hosts +++ b/puppet/modules/site_config/templates/hosts @@ -4,7 +4,8 @@ 127.0.1.1 <%= @hostname %>.<%= @domain_public %> <%= @hostname %> <%- if @hosts then -%> -<% @hosts.each do |name, props| -%> +<% @hosts.keys.sort.each do |name| -%> +<%- props = @hosts[name] -%> <%= props["ip_address"] %> <%= props["domain_full"] %> <%= props["domain_internal"] %> <%= name %> <% end -%> <% end -%> diff --git a/puppet/modules/site_mx/manifests/init.pp b/puppet/modules/site_mx/manifests/init.pp index 86ae56e1..4cf3f41a 100644 --- a/puppet/modules/site_mx/manifests/init.pp +++ b/puppet/modules/site_mx/manifests/init.pp @@ -6,4 +6,5 @@ class site_mx { include site_shorewall::mx include site_shorewall::service::smtp include site_mx::couchdb + include leap_mx } diff --git a/puppet/modules/site_nickserver/manifests/init.pp b/puppet/modules/site_nickserver/manifests/init.pp index 7dfa2603..a3368771 100644 --- a/puppet/modules/site_nickserver/manifests/init.pp +++ b/puppet/modules/site_nickserver/manifests/init.pp @@ -1,10 +1,12 @@ # -# TODO: currently, this is dependent on some things that are set up in site_webapp +# TODO: currently, this is dependent on some things that are set up in +# site_webapp # # (1) HAProxy -> couchdb # (2) Apache # -# It would be good in the future to make nickserver installable independently of site_webapp. +# It would be good in the future to make nickserver installable independently of +# site_webapp. # class site_nickserver { @@ -16,14 +18,18 @@ class site_nickserver { # $nickserver = hiera('nickserver') - $nickserver_port = $nickserver['port'] # the port that public connects to (should be 6425) - $nickserver_local_port = '64250' # the port that nickserver is actually running on + # the port that public connects to (should be 6425) + $nickserver_port = $nickserver['port'] + # the port that nickserver is actually running on + $nickserver_local_port = '64250' $nickserver_domain = $nickserver['domain'] $couchdb_user = $nickserver['couchdb_user']['username'] $couchdb_password = $nickserver['couchdb_user']['password'] - $couchdb_host = 'localhost' # couchdb is available on localhost via haproxy, which is bound to 4096. - $couchdb_port = '4096' # See site_webapp/templates/haproxy_couchdb.cfg.erg + # couchdb is available on localhost via haproxy, which is bound to 4096. + $couchdb_host = 'localhost' + # See site_webapp/templates/haproxy_couchdb.cfg.erg + $couchdb_port = '4096' # temporarily for now: $domain = hiera('domain') @@ -41,6 +47,7 @@ class site_nickserver { ensure => present, allowdupe => false; } + user { 'nickserver': ensure => present, allowdupe => false, @@ -50,14 +57,14 @@ class site_nickserver { } # - # NICKSERVER CODE - # NOTE: in order to support TLS, libssl-dev must be installed before EventMachine gem - # is built/installed. + # NICKSERVER CODE NOTE: in order to support TLS, libssl-dev must be installed + # before EventMachine gem is built/installed. # package { 'libssl-dev': ensure => installed; } + vcsrepo { '/srv/leap/nickserver': ensure => present, revision => 'origin/master', @@ -68,13 +75,15 @@ class site_nickserver { require => [ User['nickserver'], Group['nickserver'] ], notify => Exec['nickserver_bundler_update']; } + exec { 'nickserver_bundler_update': cwd => '/srv/leap/nickserver', command => '/bin/bash -c "/usr/bin/bundle check || /usr/bin/bundle install --path vendor/bundle"', unless => '/usr/bin/bundle check', user => 'nickserver', timeout => 600, - require => [ Class['bundler::install'], Vcsrepo['/srv/leap/nickserver'], Package['libssl-dev'] ], + require => [ Class['bundler::install'], Vcsrepo['/srv/leap/nickserver'], + Package['libssl-dev'] ], notify => Service['nickserver']; } @@ -99,8 +108,11 @@ class site_nickserver { ensure => link, target => '/srv/leap/nickserver/bin/nickserver', require => Vcsrepo['/srv/leap/nickserver']; + '/etc/init.d/nickserver': - owner => root, group => 0, mode => '0755', + owner => root, + group => 0, + mode => '0755', source => '/srv/leap/nickserver/dist/debian-init-script', require => Vcsrepo['/srv/leap/nickserver']; } @@ -119,7 +131,7 @@ class site_nickserver { # file { '/etc/shorewall/macro.nickserver': - content => "PARAM - - tcp $nickserver_port", + content => "PARAM - - tcp ${nickserver_port}", notify => Service['shorewall'], require => Package['shorewall']; } @@ -142,7 +154,8 @@ class site_nickserver { } apache::vhost::file { - 'nickserver': content => template('site_nickserver/nickserver-proxy.conf.erb') + 'nickserver': + content => template('site_nickserver/nickserver-proxy.conf.erb') } x509::key { 'nickserver': @@ -159,4 +172,4 @@ class site_nickserver { content => $x509_ca, notify => Service[apache]; } -}
\ No newline at end of file +} diff --git a/puppet/modules/site_openvpn/manifests/init.pp b/puppet/modules/site_openvpn/manifests/init.pp index 4f900623..b2bb0d3a 100644 --- a/puppet/modules/site_openvpn/manifests/init.pp +++ b/puppet/modules/site_openvpn/manifests/init.pp @@ -5,8 +5,9 @@ # (2) unlimited only # (3) limited only # -# The difference is that 'unlimited' gateways only allow client certs that match the 'unlimited_prefix', -# and 'limited' gateways only allow certs that match the 'limited_prefix'. +# The difference is that 'unlimited' gateways only allow client certs that match +# the 'unlimited_prefix', and 'limited' gateways only allow certs that match the +# 'limited_prefix'. # # We potentially create four openvpn config files (thus four daemons): # @@ -89,8 +90,8 @@ class site_openvpn { management => '127.0.0.1 1001' } } else { - tidy { "/etc/openvpn/tcp_config.conf": } - tidy { "/etc/openvpn/udp_config.conf": } + tidy { '/etc/openvpn/tcp_config.conf': } + tidy { '/etc/openvpn/udp_config.conf': } } if $openvpn_allow_limited { @@ -113,8 +114,8 @@ class site_openvpn { management => '127.0.0.1 1003' } } else { - tidy { "/etc/openvpn/limited_tcp_config.conf": } - tidy { "/etc/openvpn/limited_udp_config.conf": } + tidy { '/etc/openvpn/limited_tcp_config.conf': } + tidy { '/etc/openvpn/limited_udp_config.conf': } } file { diff --git a/puppet/modules/site_openvpn/manifests/resolver.pp b/puppet/modules/site_openvpn/manifests/resolver.pp index dc31767c..c1bce858 100644 --- a/puppet/modules/site_openvpn/manifests/resolver.pp +++ b/puppet/modules/site_openvpn/manifests/resolver.pp @@ -54,28 +54,28 @@ class site_openvpn::resolver { # go away and instead the caching_resolver should be configured to # include: /etc/unbound/conf.d/* - line { + file_line { 'add_unlimited_tcp_resolver': ensure => $ensure_unlimited, - file => '/etc/unbound/unbound.conf', + path => '/etc/unbound/unbound.conf', line => 'server: include: /etc/unbound/conf.d/vpn_unlimited_tcp_resolver', notify => Service['unbound'], require => Package['unbound']; 'add_unlimited_udp_resolver': ensure => $ensure_unlimited, - file => '/etc/unbound/unbound.conf', + path => '/etc/unbound/unbound.conf', line => 'server: include: /etc/unbound/conf.d/vpn_unlimited_udp_resolver', notify => Service['unbound'], require => Package['unbound']; 'add_limited_tcp_resolver': ensure => $ensure_limited, - file => '/etc/unbound/unbound.conf', + path => '/etc/unbound/unbound.conf', line => 'server: include: /etc/unbound/conf.d/vpn_limited_tcp_resolver', notify => Service['unbound'], require => Package['unbound']; 'add_limited_udp_resolver': ensure => $ensure_limited, - file => '/etc/unbound/unbound.conf', + path => '/etc/unbound/unbound.conf', line => 'server: include: /etc/unbound/conf.d/vpn_limited_udp_resolver', notify => Service['unbound'], require => Package['unbound'] diff --git a/puppet/modules/site_openvpn/manifests/server_config.pp b/puppet/modules/site_openvpn/manifests/server_config.pp index 6106cfbb..5ba9812f 100644 --- a/puppet/modules/site_openvpn/manifests/server_config.pp +++ b/puppet/modules/site_openvpn/manifests/server_config.pp @@ -70,97 +70,97 @@ define site_openvpn::server_config( if $tls_remote != undef { openvpn::option { - "tls-remote $openvpn_configname": - key => 'tls-remote', - value => $tls_remote, - server => $openvpn_configname; + "tls-remote ${openvpn_configname}": + key => 'tls-remote', + value => $tls_remote, + server => $openvpn_configname; } } openvpn::option { - "ca $openvpn_configname": + "ca ${openvpn_configname}": key => 'ca', value => '/etc/openvpn/ca_bundle.pem', server => $openvpn_configname; - "cert $openvpn_configname": + "cert ${openvpn_configname}": key => 'cert', value => '/etc/x509/certs/leap_openvpn.crt', server => $openvpn_configname; - "key $openvpn_configname": + "key ${openvpn_configname}": key => 'key', value => '/etc/x509/keys/leap_openvpn.key', server => $openvpn_configname; - "dh $openvpn_configname": + "dh ${openvpn_configname}": key => 'dh', value => '/etc/openvpn/keys/dh.pem', server => $openvpn_configname; - "tls-cipher $openvpn_configname": + "tls-cipher ${openvpn_configname}": key => 'tls-cipher', value => 'DHE-RSA-AES128-SHA', server => $openvpn_configname; - "auth $openvpn_configname": + "auth ${openvpn_configname}": key => 'auth', value => 'SHA1', server => $openvpn_configname; - "cipher $openvpn_configname": + "cipher ${openvpn_configname}": key => 'cipher', value => 'AES-128-CBC', server => $openvpn_configname; - "dev $openvpn_configname": + "dev ${openvpn_configname}": key => 'dev', value => 'tun', server => $openvpn_configname; - "duplicate-cn $openvpn_configname": + "duplicate-cn ${openvpn_configname}": key => 'duplicate-cn', server => $openvpn_configname; - "keepalive $openvpn_configname": + "keepalive ${openvpn_configname}": key => 'keepalive', value => '5 20', server => $openvpn_configname; - "local $openvpn_configname": + "local ${openvpn_configname}": key => 'local', value => $local, server => $openvpn_configname; - "mute $openvpn_configname": + "mute ${openvpn_configname}": key => 'mute', value => '5', server => $openvpn_configname; - "mute-replay-warnings $openvpn_configname": + "mute-replay-warnings ${openvpn_configname}": key => 'mute-replay-warnings', server => $openvpn_configname; - "management $openvpn_configname": + "management ${openvpn_configname}": key => 'management', value => $management, server => $openvpn_configname; - "proto $openvpn_configname": + "proto ${openvpn_configname}": key => 'proto', value => $proto, server => $openvpn_configname; - "push1 $openvpn_configname": + "push1 ${openvpn_configname}": key => 'push', value => $push, server => $openvpn_configname; - "push2 $openvpn_configname": + "push2 ${openvpn_configname}": key => 'push', value => '"redirect-gateway def1"', server => $openvpn_configname; - "script-security $openvpn_configname": + "script-security ${openvpn_configname}": key => 'script-security', value => '2', server => $openvpn_configname; - "server $openvpn_configname": + "server ${openvpn_configname}": key => 'server', value => $server, server => $openvpn_configname; - "status $openvpn_configname": + "status ${openvpn_configname}": key => 'status', value => '/var/run/openvpn-status 10', server => $openvpn_configname; - "status-version $openvpn_configname": + "status-version ${openvpn_configname}": key => 'status-version', value => '3', server => $openvpn_configname; - "topology $openvpn_configname": + "topology ${openvpn_configname}": key => 'topology', value => 'subnet', server => $openvpn_configname; @@ -169,7 +169,7 @@ define site_openvpn::server_config( # key => 'up', # value => '/etc/openvpn/server-up.sh', # server => $openvpn_configname; - "verb $openvpn_configname": + "verb ${openvpn_configname}": key => 'verb', value => '3', server => $openvpn_configname; diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp index 5ec8ab49..0581f147 100644 --- a/puppet/modules/site_postfix/manifests/mx.pp +++ b/puppet/modules/site_postfix/manifests/mx.pp @@ -13,11 +13,11 @@ class site_postfix::mx { value => "\$myorigin, localhost, localhost.\$mydomain, ${domain}"; 'smtpd_recipient_restrictions': value => 'check_recipient_access tcp:localhost:2244,permit_tls_all_clientcerts,reject_unauth_destination'; - 'mailbox_size_limit': value => '0'; - 'home_mailbox': value => 'Maildir/'; - 'virtual_alias_maps': value => 'tcp:localhost:4242'; - 'luser_relay': value => 'vmail'; - 'local_recipient_maps': value => ''; + 'mailbox_size_limit': value => '0'; + 'home_mailbox': value => 'Maildir/'; + 'virtual_alias_maps': value => 'tcp:localhost:4242'; + 'luser_relay': value => 'vmail'; + 'local_recipient_maps': value => ''; 'debug_peer_list': value => '127.0.0.1'; } @@ -36,6 +36,6 @@ class site_postfix::mx { root_mail_recipient => $root_mail_recipient, smtp_listen => 'all', require => [ X509::Key[$cert_name], X509::Cert[$cert_name], - User['vmail'] ] + User['vmail'] ] } } diff --git a/puppet/modules/site_postfix/manifests/mx/smtp_auth.pp b/puppet/modules/site_postfix/manifests/mx/smtp_auth.pp new file mode 100644 index 00000000..ab75130e --- /dev/null +++ b/puppet/modules/site_postfix/manifests/mx/smtp_auth.pp @@ -0,0 +1,10 @@ +class site_postfix::mx::smtp_auth { + $x509 = hiera('x509') + + postfix::config { + 'smtpd_tls_cert_file': value => $x509['client_ca_cert']; + 'smtpd_tls_key_file': value => $x509['client_ca_key']; + 'smtpd_tls_ask_ccert': value => 'yes'; + #'smtpd_tls_CAfile': value => + } +} diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index e743dc07..103a0faf 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -107,24 +107,35 @@ class site_webapp { try::file { '/srv/leap/webapp/public/favicon.ico': - ensure => 'link', + ensure => present, + owner => leap-webapp, + group => leap-webapp, require => Vcsrepo['/srv/leap/webapp'], - target => $webapp['favicon']; + source => $webapp['favicon']; '/srv/leap/webapp/app/assets/stylesheets/tail.scss': - ensure => 'link', + ensure => present, + owner => leap-webapp, + group => leap-webapp, require => Vcsrepo['/srv/leap/webapp'], - target => $webapp['tail_scss']; + source => $webapp['tail_scss']; '/srv/leap/webapp/app/assets/stylesheets/head.scss': - ensure => 'link', + ensure => present, + owner => leap-webapp, + group => leap-webapp, require => Vcsrepo['/srv/leap/webapp'], - target => $webapp['head_scss']; + source => $webapp['head_scss']; '/srv/leap/webapp/public/img': - ensure => 'link', - require => Vcsrepo['/srv/leap/webapp'], - target => $webapp['img_dir']; + ensure => directory, + recurse => true, + purge => true, + force => true, + owner => leap-webapp, + group => leap-webapp, + mode => '0644', + source => $webapp['img_dir']; } file { diff --git a/puppet/modules/try/manifests/file.pp b/puppet/modules/try/manifests/file.pp index 47a8c269..4cefef2f 100644 --- a/puppet/modules/try/manifests/file.pp +++ b/puppet/modules/try/manifests/file.pp @@ -1,60 +1,108 @@ # -# like built-in type "file", but gets gracefully ignored if the target does not exist or is undefined. +# Works like the built-in type "file", but gets gracefully ignored if the target/source does not exist or is undefined. # -# /bin/true and /usr/bin/test are hardcoded to their paths in debian. +# Also, if the source or target doesn't exist, and the destination is a git repo, then the file is restored from git. +# +# All executable paths are hardcoded to their paths in debian. +# +# known limitations: +# * this is far too noisy +# * $restore does not work for directories +# * only file:// $source is supported +# * $content is not supported, only $target or $source. # - define try::file ( $ensure = undef, $target = undef, + $source = undef, + $owner = undef, + $group = undef, + $recurse = undef, + $purge = undef, + $force = undef, + $mode = undef, $restore = true) { - if $target != undef { - exec { "check_${name}": - command => "/bin/true", - onlyif => "/usr/bin/test -e '${target}'", - loglevel => info; + # dummy exec to propagate requires: + # metaparameter 'require' will get triggered by this dummy exec + # so then we just need to depend on this to capture all requires. + # exec { $name: command => "/bin/true" } + + exec { + "chmod_${name}": + command => "/bin/chmod -R ${mode} '${name}'", + onlyif => "/usr/bin/test $mode", + loglevel => debug; + "chown_${name}": + command => "/bin/chown -R ${owner} '${name}'", + onlyif => "/usr/bin/test $owner", + loglevel => debug; + "chgrp_${name}": + command => "/bin/chgrp -R ${group} '${name}'", + onlyif => "/usr/bin/test $group", + loglevel => debug; + } + + if $target { + exec { "symlink_${name}": + command => "/bin/ln -s ${target} ${name}", + onlyif => "/usr/bin/test -d '${target}'", } - file { "$name": - ensure => $ensure, - target => $target, - require => $require ? { - undef => Exec["check_${name}"], - default => [ $require, Exec["check_${name}"] ] - }, - loglevel => info; + } elsif $source { + if $ensure == 'directory' { + if $purge { + exec { "rsync_${name}": + command => "/usr/bin/rsync -r --delete '${source}/' '${name}'", + onlyif => "/usr/bin/test -d '${source}'", + unless => "/usr/bin/diff -q '${source}' '${name}'", + notify => [Exec["chmod_${name}"], Exec["chown_${name}"], Exec["chgrp_${name}"]] + } + } else { + exec { "cp_r_${name}": + command => "/bin/cp -r '${source}' '${name}'", + onlyif => "/usr/bin/test -d '${source}'", + unless => "/usr/bin/diff -q '${source}' '${name}'", + notify => [Exec["chmod_${name}"], Exec["chown_${name}"], Exec["chgrp_${name}"]] + } + } + } else { + exec { "cp_${name}": + command => "/bin/cp '${source}' '${name}'", + onlyif => "/usr/bin/test -e '${source}'", + unless => "/usr/bin/diff -q '${source}' '${name}'", + notify => [Exec["chmod_${name}"], Exec["chown_${name}"], Exec["chgrp_${name}"]] + } } } # - # if the target does not exist (or is undef), and the file happens to be in a git repo, + # if the target/source does not exist (or is undef), and the file happens to be in a git repo, # then restore the file to its original state. # - if $target == undef or $restore { + + if $target { + $target_or_source = $target + } else { + $target_or_source = $source + } + + if ($target_or_source == undef) or $restore { $file_basename = basename($name) $file_dirname = dirname($name) $command = "git rev-parse && unlink '${name}'; git checkout -- '${file_basename}' && chown --reference='${file_dirname}' '${name}'; true" debug($command) - if $target == undef { + if $target_or_source == undef { exec { "restore_${name}": command => $command, cwd => $file_dirname, - require => $require ? { - undef => undef, - default => [ $require ] - }, loglevel => info; } } else { exec { "restore_${name}": - unless => "/usr/bin/test -e '${target}'", + unless => "/usr/bin/test -e '${target_or_source}'", command => $command, cwd => $file_dirname, - require => $require ? { - undef => undef, - default => [ $require ] - }, loglevel => info; } } |