5 files changed, 98 insertions, 33 deletions

diff --git a/bin/ci-build.sh b/bin/ci-build.sh
index 7b4895e5..248bd9f8 100755
--- a/bin/ci-build.sh
+++ b/bin/ci-build.sh
@@ -2,6 +2,9 @@
 
 . tests/puppet/provider/.platform-test.conf
 
+# break on every error
+set -e
+
 # create node(s) with unique id so we can run tests in parallel
 export TAG="build${CI_BUILD_ID}"
 [ -d "${PROVIDERDIR}/tags" ] || mkdir "${PROVIDERDIR}/tags"
diff --git a/puppet/modules/site_apt/manifests/preferences/twisted.pp b/puppet/modules/site_apt/manifests/preferences/twisted.pp
new file mode 100644
index 00000000..a3fa0950
--- /dev/null
+++ b/puppet/modules/site_apt/manifests/preferences/twisted.pp
@@ -0,0 +1,11 @@
+# Pin twisted to jessie-backports in order to
+# use 16.2.0 for i.e. soledad
+class site_apt::preferences::twisted {
+
+  apt::preferences_snippet { 'twisted':
+    package  => 'python-twisted*',
+    release  => "${::lsbdistcodename}-backports",
+    priority => 999;
+  }
+
+}
diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp
index 15925aba..83cf99a9 100644
--- a/puppet/modules/site_webapp/manifests/init.pp
+++ b/puppet/modules/site_webapp/manifests/init.pp
@@ -16,21 +16,22 @@ class site_webapp {
 
   Class['site_config::default'] -> Class['site_webapp']
 
-  include site_config::ruby::dev
-  include site_webapp::apache
-  include site_webapp::couchdb
-  include site_haproxy
-  include site_webapp::cron
-  include site_config::default
-  include site_config::x509::cert
-  include site_config::x509::key
-  include site_config::x509::ca
-  include site_config::x509::client_ca::ca
-  include site_config::x509::client_ca::key
-  include site_nickserver
+  include ::site_config::ruby::dev
+  include ::site_webapp::apache
+  include ::site_webapp::couchdb
+  include ::site_haproxy
+  include ::site_webapp::cron
+  include ::site_config::default
+  include ::site_config::x509::cert
+  include ::site_config::x509::key
+  include ::site_config::x509::ca
+  include ::site_config::x509::client_ca::ca
+  include ::site_config::x509::client_ca::key
+  include ::site_nickserver
+  include ::site_apt::preferences::twisted
 
   # remove leftovers from previous installations on webapp nodes
-  include site_config::remove::webapp
+  include ::site_config::remove::webapp
 
   group { 'leap-webapp':
     ensure    => present,
@@ -91,12 +92,16 @@ class site_webapp {
     '/srv/leap/webapp/config/provider':
       ensure  => directory,
       require => Vcsrepo['/srv/leap/webapp'],
-      owner   => leap-webapp, group => leap-webapp, mode => '0755';
+      owner   => 'leap-webapp',
+      group   => 'leap-webapp',
+      mode    => '0755';
 
     '/srv/leap/webapp/config/provider/provider.json':
       content => $provider,
       require => Vcsrepo['/srv/leap/webapp'],
-      owner   => leap-webapp, group => leap-webapp, mode => '0644';
+      owner   => 'leap-webapp',
+      group   => 'leap-webapp',
+      mode    => '0644';
 
     '/srv/leap/webapp/public/ca.crt':
       ensure  => link,
@@ -106,27 +111,37 @@ class site_webapp {
     "/srv/leap/webapp/public/${api_version}":
       ensure  => directory,
       require => Vcsrepo['/srv/leap/webapp'],
-      owner   => leap-webapp, group => leap-webapp, mode => '0755';
+      owner   => 'leap-webapp',
+      group   => 'leap-webapp',
+      mode    => '0755';
 
     "/srv/leap/webapp/public/${api_version}/config/":
       ensure  => directory,
       require => Vcsrepo['/srv/leap/webapp'],
-      owner   => leap-webapp, group => leap-webapp, mode => '0755';
+      owner   => 'leap-webapp',
+      group   => 'leap-webapp',
+      mode    => '0755';
 
     "/srv/leap/webapp/public/${api_version}/config/eip-service.json":
       content => $eip_service,
       require => Vcsrepo['/srv/leap/webapp'],
-      owner   => leap-webapp, group => leap-webapp, mode => '0644';
+      owner   => 'leap-webapp',
+      group   => 'leap-webapp',
+      mode    => '0644';
 
     "/srv/leap/webapp/public/${api_version}/config/soledad-service.json":
       content => $soledad_service,
       require => Vcsrepo['/srv/leap/webapp'],
-      owner   => leap-webapp, group => leap-webapp, mode => '0644';
+      owner   => 'leap-webapp',
+      group   => 'leap-webapp',
+      mode    => '0644';
 
     "/srv/leap/webapp/public/${api_version}/config/smtp-service.json":
       content => $smtp_service,
       require => Vcsrepo['/srv/leap/webapp'],
-      owner   => leap-webapp, group => leap-webapp, mode => '0644';
+      owner   => 'leap-webapp',
+      group   => 'leap-webapp',
+      mode    => '0644';
   }
 
   try::file {
@@ -135,8 +150,8 @@ class site_webapp {
       recurse => true,
       purge   => true,
       force   => true,
-      owner   => leap-webapp,
-      group   => leap-webapp,
+      owner   => 'leap-webapp',
+      group   => 'leap-webapp',
       mode    => 'u=rwX,go=rX',
       require => Vcsrepo['/srv/leap/webapp'],
       notify  => Exec['compile_assets'],
@@ -153,8 +168,8 @@ class site_webapp {
   file {
     '/srv/leap/webapp/config/config.yml':
       content => template('site_webapp/config.yml.erb'),
-      owner   => leap-webapp,
-      group   => leap-webapp,
+      owner   => 'leap-webapp',
+      group   => 'leap-webapp',
       mode    => '0600',
       require => Vcsrepo['/srv/leap/webapp'],
       notify  => Service['apache'];
@@ -163,17 +178,17 @@ class site_webapp {
   if $tor {
     $hidden_service = $tor['hidden_service']
     if $hidden_service['active'] {
-      include site_webapp::hidden_service
+      include ::site_webapp::hidden_service
     }
   }
 
 
   # needed for the soledad-sync check which is run on the
   # webapp node
-  include soledad::client
+  include ::soledad::client
 
   leap::logfile { 'webapp': }
 
-  include site_shorewall::webapp
-  include site_check_mk::agent::webapp
+  include ::site_shorewall::webapp
+  include ::site_check_mk::agent::webapp
 }
diff --git a/tests/puppet/provider/common.json b/tests/puppet/provider/common.json
index c891fea3..a13f8f75 100644
--- a/tests/puppet/provider/common.json
+++ b/tests/puppet/provider/common.json
@@ -1,5 +1,12 @@
-//
-// Options put here are inherited by all nodes.
-//
 {
+  "sources": {
+    "platform": {
+      "apt": {
+        "basic": "http://deb.leap.se/experimental-0.9"
+      }
+    },
+    "nickserver": {
+      "revision": "develop"
+    }
+  }
 }
diff --git a/tests/puppet/provider/nodes/catalogtest.json b/tests/puppet/provider/nodes/catalogtest.json
index 4f86ac19..05703666 100644
--- a/tests/puppet/provider/nodes/catalogtest.json
+++ b/tests/puppet/provider/nodes/catalogtest.json
@@ -1,10 +1,39 @@
 {
   "ip_address": "1.1.1.1",
+  "openvpn": {
+    "gateway_address": "1.1.1.2"
+  },
   "services": [
     "couchdb",
     "mx",
     "soledad",
-    "webapp"
+    "webapp",
+    "monitor",
+    "openvpn",
+    "tor",
+    "obfsproxy",
+    "static"
   ],
-  "tags": ["catalogtest"]
+  "tags": ["catalogtest","development"],
+  "static": {
+    "domains":{
+      "example.org": {
+        "tls_only": true,
+        "locations": {
+          "front": {
+            "path": "/",
+            "format": "amber",
+            "source": {
+              "type": "git",
+              "repo": "https://leap.se/git/bitmask_help",
+              "revision": "origin/master"
+            }
+          }
+        },
+        "cert": "= file('cert/example.org.crt')",
+        "key": "= file('cert/example.org.key')",
+        "ca_cert": "= file('cert/commercial_ca.crt')"
+      }
+    }
+  }
 }