summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.gitignore2
-rw-r--r--README.md7
-rwxr-xr-xbin/run_tests17
-rw-r--r--provider_base/common.json6
-rw-r--r--provider_base/services/monitor.json6
-rw-r--r--provider_base/services/mx.json6
-rw-r--r--provider_base/services/webapp.json13
-rw-r--r--puppet/modules/site_webapp/manifests/init.pp4
-rw-r--r--puppet/modules/site_webapp/templates/config.yml.erb6
-rw-r--r--tests/white-box/webapp.rb9
10 files changed, 47 insertions, 29 deletions
diff --git a/.gitignore b/.gitignore
index f9d757dd..eda5e35f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,2 @@
-/.reviewboardrc
+.reviewboardrc
/puppet/modules/site_custom
diff --git a/README.md b/README.md
index 297c2720..5477c3ea 100644
--- a/README.md
+++ b/README.md
@@ -33,17 +33,12 @@ Visit https://leap.se/en/docs/get-involved/communication for details on how to c
Known issues
============
-The following issues are known to be there in 0.5.1:
+The following issues are known to be there in 0.5.2:
CouchDB Sync
------------
You can't deploy new couchdb nodes after one or more have been deployed. Make *sure* that you configure and deploy all your couchdb nodes when first creating your provider. The problem is that we dont not have a clean way of adding couch nodes after initial creation of the databases, so any nodes added after result in improperly synchronized data. See Bug [#5601](https://leap.se/code/issues/5601) for more information.
-Service separation
-------------------
-
-. You can't deploy all services to one single node. You need at least to seperate the mx and the webapp node. The reason is because they both use haproxy to query the couch db, and haproxy still doesn't have a way to split up its config files in a .d directory (see: https://leap.se/code/issues/3839)
-
User setup and ssh
------------------
diff --git a/bin/run_tests b/bin/run_tests
index 526aa83a..3ba89684 100755
--- a/bin/run_tests
+++ b/bin/run_tests
@@ -127,11 +127,18 @@ class LeapTest < MiniTest::Unit::TestCase
if params
uri.query = URI.encode_www_form(params)
end
- response = Net::HTTP.get_response(uri)
- if response.is_a?(Net::HTTPSuccess)
- yield response.body, response, nil
- else
- yield nil, response, nil
+ http = Net::HTTP.new uri.host, uri.port
+ if uri.scheme == 'https'
+ http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+ http.use_ssl = true
+ end
+ http.start do |agent|
+ response = agent.get(uri.request_uri)
+ if response.is_a?(Net::HTTPSuccess)
+ yield response.body, response, nil
+ else
+ yield nil, response, nil
+ end
end
rescue => exc
yield nil, nil, exc
diff --git a/provider_base/common.json b/provider_base/common.json
index 265d2ce4..dcd018d8 100644
--- a/provider_base/common.json
+++ b/provider_base/common.json
@@ -25,9 +25,13 @@
"hosts": "=> hosts_file",
"x509": {
"use": true,
+ "use_commercial": false,
"cert": "= x509.use ? file(:node_x509_cert, :missing => 'x509 certificate for node $node. Run `leap cert update`') : nil",
"key": "= x509.use ? file(:node_x509_key, :missing => 'x509 key for node $node. Run `leap cert update`') : nil",
- "ca_cert": "= try_file :ca_cert"
+ "ca_cert": "= try_file :ca_cert",
+ "commercial_cert": "= x509.use_commercial ? file([:commercial_cert, webapp.domain], :missing => 'commercial x509 certificate for node $node. Add file $file, or run `leap cert csr` to generate a temporary self-signed cert and CSR you can use to purchase a real cert.') : nil",
+ "commercial_key": "= x509.use_commercial ? file([:commercial_key, webapp.domain], :missing => 'commercial x509 certificate for node $node. Add file $file, or run `leap cert csr` to generate a temporary self-signed cert and CSR you can use to purchase a real cert.') : nil",
+ "commercial_ca_cert": "= x509.use_commercial ? try_file(:commercial_ca_cert) : nil"
},
"service_type": "internal_service",
"development": {
diff --git a/provider_base/services/monitor.json b/provider_base/services/monitor.json
index 03f6c6d1..c24724bf 100644
--- a/provider_base/services/monitor.json
+++ b/provider_base/services/monitor.json
@@ -12,11 +12,9 @@
},
"x509": {
"use": true,
+ "use_commercial": true,
"ca_cert": "= file :ca_cert, :missing => 'provider CA. Run `leap cert ca`'",
"client_ca_cert": "= file :client_ca_cert, :missing => 'Certificate Authority. Run `leap cert ca`'",
- "client_ca_key": "= file :client_ca_key, :missing => 'Certificate Authority. Run `leap cert ca`'",
- "commercial_cert": "= file [:commercial_cert, domain.full_suffix]",
- "commercial_key": "= file [:commercial_key, domain.full_suffix]",
- "commercial_ca_cert": "= try_file :commercial_ca_cert"
+ "client_ca_key": "= file :client_ca_key, :missing => 'Certificate Authority. Run `leap cert ca`'"
}
}
diff --git a/provider_base/services/mx.json b/provider_base/services/mx.json
index d28f03ed..1f0e613e 100644
--- a/provider_base/services/mx.json
+++ b/provider_base/services/mx.json
@@ -18,12 +18,10 @@
"mynetworks": "= nodes['environment' => '!local'].map{|name, n| [n.ip_address, (global.facts[name]||{})['ec2_public_ipv4']]}.flatten.compact.uniq",
"x509": {
"use": true,
+ "use_commercial": true,
"ca_cert": "= file :ca_cert, :missing => 'provider CA. Run `leap cert ca`'",
"client_ca_cert": "= file :client_ca_cert, :missing => 'Certificate Authority. Run `leap cert ca`'",
- "client_ca_key": "= file :client_ca_key, :missing => 'Certificate Authority. Run `leap cert ca`'",
- "commercial_cert": "= file [:commercial_cert, domain.full_suffix]",
- "commercial_key": "= file [:commercial_key, domain.full_suffix]",
- "commercial_ca_cert": "= try_file :commercial_ca_cert"
+ "client_ca_key": "= file :client_ca_key, :missing => 'Certificate Authority. Run `leap cert ca`'"
},
"service_type": "user_service"
}
diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json
index 9f319910..1b550af9 100644
--- a/provider_base/services/webapp.json
+++ b/provider_base/services/webapp.json
@@ -26,7 +26,10 @@
"nagios_test_user": {
"username": "nagios_test",
"password": "= secret :nagios_test_password"
- }
+ },
+ "engines": [
+ "support"
+ ]
},
"stunnel": {
"clients": {
@@ -64,11 +67,9 @@
},
"x509": {
"use": true,
+ "use_commercial": true,
"ca_cert": "= file :ca_cert, :missing => 'provider CA. Run `leap cert ca`'",
- "client_ca_cert": "= file :client_ca_cert, :missing => 'Certificate Authority. Run `leap cert ca`'",
- "client_ca_key": "= file :client_ca_key, :missing => 'Certificate Authority. Run `leap cert ca`'",
- "commercial_cert": "= file [:commercial_cert, webapp.domain]",
- "commercial_key": "= file [:commercial_key, webapp.domain]",
- "commercial_ca_cert": "= try_file :commercial_ca_cert"
+ "client_ca_cert": "= file :client_ca_cert, :missing => 'Certificate Authority. Run `leap cert ca`.'",
+ "client_ca_key": "= file :client_ca_key, :missing => 'Certificate Authority. Run `leap cert ca`.'"
}
}
diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp
index d6f1d7ae..08618457 100644
--- a/puppet/modules/site_webapp/manifests/init.pp
+++ b/puppet/modules/site_webapp/manifests/init.pp
@@ -52,8 +52,8 @@ class site_webapp {
exec { 'bundler_update':
cwd => '/srv/leap/webapp',
- command => '/bin/bash -c "/usr/bin/bundle check || /usr/bin/bundle install --path vendor/bundle --without test development"',
- unless => '/usr/bin/bundle check',
+ command => '/bin/bash -c "/usr/bin/bundle check --path vendor/bundle || /usr/bin/bundle install --path vendor/bundle --without test development"',
+ unless => '/usr/bin/bundle check --path vendor/bundle',
user => 'leap-webapp',
timeout => 600,
require => [
diff --git a/puppet/modules/site_webapp/templates/config.yml.erb b/puppet/modules/site_webapp/templates/config.yml.erb
index 6461c5e8..8faf76f4 100644
--- a/puppet/modules/site_webapp/templates/config.yml.erb
+++ b/puppet/modules/site_webapp/templates/config.yml.erb
@@ -18,3 +18,9 @@ production:
minimum_client_version: "<%= @webapp['client_version']['min'] %>"
default_service_level: "<%= @webapp['default_service_level'] %>"
service_levels: <%= @webapp['service_levels'].to_json %>
+<%- if @webapp['engines'] && @webapp['engines'].any? -%>
+ engines:
+<%- @webapp['engines'].each do |engine| -%>
+ - <%= engine %>
+<%- end -%>
+<%- end -%> \ No newline at end of file
diff --git a/tests/white-box/webapp.rb b/tests/white-box/webapp.rb
index 142ac2de..05b86a41 100644
--- a/tests/white-box/webapp.rb
+++ b/tests/white-box/webapp.rb
@@ -60,4 +60,13 @@ class Webapp < LeapTest
pass
end
+ #
+ # this is technically a black-box test. so, move this when we have support
+ # for black box tests.
+ #
+ def test_04_Can_access_webapp?
+ assert_get('https://' + $node['webapp']['domain'] + '/')
+ pass
+ end
+
end