diff options
-rw-r--r-- | .gitignore | 2 | ||||
-rw-r--r-- | README.md | 7 | ||||
-rwxr-xr-x | bin/run_tests | 17 | ||||
-rw-r--r-- | provider_base/common.json | 6 | ||||
-rw-r--r-- | provider_base/services/monitor.json | 6 | ||||
-rw-r--r-- | provider_base/services/mx.json | 6 | ||||
-rw-r--r-- | provider_base/services/webapp.json | 13 | ||||
-rw-r--r-- | puppet/modules/site_webapp/manifests/init.pp | 4 | ||||
-rw-r--r-- | puppet/modules/site_webapp/templates/config.yml.erb | 6 | ||||
-rw-r--r-- | tests/white-box/webapp.rb | 9 |
10 files changed, 47 insertions, 29 deletions
@@ -1,2 +1,2 @@ -/.reviewboardrc +.reviewboardrc /puppet/modules/site_custom @@ -33,17 +33,12 @@ Visit https://leap.se/en/docs/get-involved/communication for details on how to c Known issues ============ -The following issues are known to be there in 0.5.1: +The following issues are known to be there in 0.5.2: CouchDB Sync ------------ You can't deploy new couchdb nodes after one or more have been deployed. Make *sure* that you configure and deploy all your couchdb nodes when first creating your provider. The problem is that we dont not have a clean way of adding couch nodes after initial creation of the databases, so any nodes added after result in improperly synchronized data. See Bug [#5601](https://leap.se/code/issues/5601) for more information. -Service separation ------------------- - -. You can't deploy all services to one single node. You need at least to seperate the mx and the webapp node. The reason is because they both use haproxy to query the couch db, and haproxy still doesn't have a way to split up its config files in a .d directory (see: https://leap.se/code/issues/3839) - User setup and ssh ------------------ diff --git a/bin/run_tests b/bin/run_tests index 526aa83a..3ba89684 100755 --- a/bin/run_tests +++ b/bin/run_tests @@ -127,11 +127,18 @@ class LeapTest < MiniTest::Unit::TestCase if params uri.query = URI.encode_www_form(params) end - response = Net::HTTP.get_response(uri) - if response.is_a?(Net::HTTPSuccess) - yield response.body, response, nil - else - yield nil, response, nil + http = Net::HTTP.new uri.host, uri.port + if uri.scheme == 'https' + http.verify_mode = OpenSSL::SSL::VERIFY_NONE + http.use_ssl = true + end + http.start do |agent| + response = agent.get(uri.request_uri) + if response.is_a?(Net::HTTPSuccess) + yield response.body, response, nil + else + yield nil, response, nil + end end rescue => exc yield nil, nil, exc diff --git a/provider_base/common.json b/provider_base/common.json index 265d2ce4..dcd018d8 100644 --- a/provider_base/common.json +++ b/provider_base/common.json @@ -25,9 +25,13 @@ "hosts": "=> hosts_file", "x509": { "use": true, + "use_commercial": false, "cert": "= x509.use ? file(:node_x509_cert, :missing => 'x509 certificate for node $node. Run `leap cert update`') : nil", "key": "= x509.use ? file(:node_x509_key, :missing => 'x509 key for node $node. Run `leap cert update`') : nil", - "ca_cert": "= try_file :ca_cert" + "ca_cert": "= try_file :ca_cert", + "commercial_cert": "= x509.use_commercial ? file([:commercial_cert, webapp.domain], :missing => 'commercial x509 certificate for node $node. Add file $file, or run `leap cert csr` to generate a temporary self-signed cert and CSR you can use to purchase a real cert.') : nil", + "commercial_key": "= x509.use_commercial ? file([:commercial_key, webapp.domain], :missing => 'commercial x509 certificate for node $node. Add file $file, or run `leap cert csr` to generate a temporary self-signed cert and CSR you can use to purchase a real cert.') : nil", + "commercial_ca_cert": "= x509.use_commercial ? try_file(:commercial_ca_cert) : nil" }, "service_type": "internal_service", "development": { diff --git a/provider_base/services/monitor.json b/provider_base/services/monitor.json index 03f6c6d1..c24724bf 100644 --- a/provider_base/services/monitor.json +++ b/provider_base/services/monitor.json @@ -12,11 +12,9 @@ }, "x509": { "use": true, + "use_commercial": true, "ca_cert": "= file :ca_cert, :missing => 'provider CA. Run `leap cert ca`'", "client_ca_cert": "= file :client_ca_cert, :missing => 'Certificate Authority. Run `leap cert ca`'", - "client_ca_key": "= file :client_ca_key, :missing => 'Certificate Authority. Run `leap cert ca`'", - "commercial_cert": "= file [:commercial_cert, domain.full_suffix]", - "commercial_key": "= file [:commercial_key, domain.full_suffix]", - "commercial_ca_cert": "= try_file :commercial_ca_cert" + "client_ca_key": "= file :client_ca_key, :missing => 'Certificate Authority. Run `leap cert ca`'" } } diff --git a/provider_base/services/mx.json b/provider_base/services/mx.json index d28f03ed..1f0e613e 100644 --- a/provider_base/services/mx.json +++ b/provider_base/services/mx.json @@ -18,12 +18,10 @@ "mynetworks": "= nodes['environment' => '!local'].map{|name, n| [n.ip_address, (global.facts[name]||{})['ec2_public_ipv4']]}.flatten.compact.uniq", "x509": { "use": true, + "use_commercial": true, "ca_cert": "= file :ca_cert, :missing => 'provider CA. Run `leap cert ca`'", "client_ca_cert": "= file :client_ca_cert, :missing => 'Certificate Authority. Run `leap cert ca`'", - "client_ca_key": "= file :client_ca_key, :missing => 'Certificate Authority. Run `leap cert ca`'", - "commercial_cert": "= file [:commercial_cert, domain.full_suffix]", - "commercial_key": "= file [:commercial_key, domain.full_suffix]", - "commercial_ca_cert": "= try_file :commercial_ca_cert" + "client_ca_key": "= file :client_ca_key, :missing => 'Certificate Authority. Run `leap cert ca`'" }, "service_type": "user_service" } diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index 9f319910..1b550af9 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -26,7 +26,10 @@ "nagios_test_user": { "username": "nagios_test", "password": "= secret :nagios_test_password" - } + }, + "engines": [ + "support" + ] }, "stunnel": { "clients": { @@ -64,11 +67,9 @@ }, "x509": { "use": true, + "use_commercial": true, "ca_cert": "= file :ca_cert, :missing => 'provider CA. Run `leap cert ca`'", - "client_ca_cert": "= file :client_ca_cert, :missing => 'Certificate Authority. Run `leap cert ca`'", - "client_ca_key": "= file :client_ca_key, :missing => 'Certificate Authority. Run `leap cert ca`'", - "commercial_cert": "= file [:commercial_cert, webapp.domain]", - "commercial_key": "= file [:commercial_key, webapp.domain]", - "commercial_ca_cert": "= try_file :commercial_ca_cert" + "client_ca_cert": "= file :client_ca_cert, :missing => 'Certificate Authority. Run `leap cert ca`.'", + "client_ca_key": "= file :client_ca_key, :missing => 'Certificate Authority. Run `leap cert ca`.'" } } diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index d6f1d7ae..08618457 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -52,8 +52,8 @@ class site_webapp { exec { 'bundler_update': cwd => '/srv/leap/webapp', - command => '/bin/bash -c "/usr/bin/bundle check || /usr/bin/bundle install --path vendor/bundle --without test development"', - unless => '/usr/bin/bundle check', + command => '/bin/bash -c "/usr/bin/bundle check --path vendor/bundle || /usr/bin/bundle install --path vendor/bundle --without test development"', + unless => '/usr/bin/bundle check --path vendor/bundle', user => 'leap-webapp', timeout => 600, require => [ diff --git a/puppet/modules/site_webapp/templates/config.yml.erb b/puppet/modules/site_webapp/templates/config.yml.erb index 6461c5e8..8faf76f4 100644 --- a/puppet/modules/site_webapp/templates/config.yml.erb +++ b/puppet/modules/site_webapp/templates/config.yml.erb @@ -18,3 +18,9 @@ production: minimum_client_version: "<%= @webapp['client_version']['min'] %>" default_service_level: "<%= @webapp['default_service_level'] %>" service_levels: <%= @webapp['service_levels'].to_json %> +<%- if @webapp['engines'] && @webapp['engines'].any? -%> + engines: +<%- @webapp['engines'].each do |engine| -%> + - <%= engine %> +<%- end -%> +<%- end -%>
\ No newline at end of file diff --git a/tests/white-box/webapp.rb b/tests/white-box/webapp.rb index 142ac2de..05b86a41 100644 --- a/tests/white-box/webapp.rb +++ b/tests/white-box/webapp.rb @@ -60,4 +60,13 @@ class Webapp < LeapTest pass end + # + # this is technically a black-box test. so, move this when we have support + # for black box tests. + # + def test_04_Can_access_webapp? + assert_get('https://' + $node['webapp']['domain'] + '/') + pass + end + end |