diff options
| -rw-r--r-- | provider_base/services/soledad.json | 2 | ||||
| -rw-r--r-- | puppet/manifests/site.pp | 4 | ||||
| -rw-r--r-- | puppet/modules/site_shorewall/manifests/soledad.pp | 20 | ||||
| -rw-r--r-- | puppet/modules/soledad/manifests/init.pp | 34 | ||||
| -rw-r--r-- | puppet/modules/soledad/manifests/server.pp | 62 | ||||
| -rw-r--r-- | puppet/modules/soledad/templates/soledad-server.conf.erb | 3 |
6 files changed, 124 insertions, 1 deletions
diff --git a/provider_base/services/soledad.json b/provider_base/services/soledad.json index 10657563..de24d8ef 100644 --- a/provider_base/services/soledad.json +++ b/provider_base/services/soledad.json @@ -3,4 +3,4 @@ "soledad": { "port": 1111 } -}
\ No newline at end of file +} diff --git a/puppet/manifests/site.pp b/puppet/manifests/site.pp index 08cbbb9e..bdb57c83 100644 --- a/puppet/manifests/site.pp +++ b/puppet/manifests/site.pp @@ -30,6 +30,10 @@ if $services =~ /\bwebapp\b/ { include site_nickserver } +if $services =~ /\bsoledad\b/ { + include soledad::server +} + if $services =~ /\bmonitor\b/ { include site_nagios } diff --git a/puppet/modules/site_shorewall/manifests/soledad.pp b/puppet/modules/site_shorewall/manifests/soledad.pp new file mode 100644 index 00000000..f3272c04 --- /dev/null +++ b/puppet/modules/site_shorewall/manifests/soledad.pp @@ -0,0 +1,20 @@ +class site_shorewall::soledad { + + include site_shorewall::defaults + + # define macro for incoming services + file { '/etc/shorewall/macro.leap_soledad': + content => 'PARAM - - tcp 2424', + notify => Service['shorewall'], + require => Package['shorewall'] + } + + shorewall::rule { + 'net2fw-soledad': + source => 'net', + destination => '$FW', + action => 'leap_soledad(ACCEPT)', + order => 200; + } +} + diff --git a/puppet/modules/soledad/manifests/init.pp b/puppet/modules/soledad/manifests/init.pp new file mode 100644 index 00000000..08ba88a7 --- /dev/null +++ b/puppet/modules/soledad/manifests/init.pp @@ -0,0 +1,34 @@ +class soledad { + + group { 'soledad': + ensure => present, + allowdupe => false; + } + + user { 'soledad': + ensure => present, + allowdupe => false, + gid => 'soledad', + home => '/srv/leap/soledad', + require => Group['soledad']; + } + + file { + '/srv/leap/soledad': + ensure => directory, + owner => 'soledad', + group => 'soledad', + require => User['soledad']; + + '/var/lib/soledad': + ensure => directory, + owner => 'soledad', + group => 'soledad', + require => User['soledad']; + } + + package { 'soledad-common': + ensure => installed, + require => User['soledad']; + } +} diff --git a/puppet/modules/soledad/manifests/server.pp b/puppet/modules/soledad/manifests/server.pp new file mode 100644 index 00000000..06de8642 --- /dev/null +++ b/puppet/modules/soledad/manifests/server.pp @@ -0,0 +1,62 @@ +class soledad::server { + tag 'leap_service' + include soledad + + $couchdb = hiera('couch') + $couchdb_host = 'localhost' + $couchdb_port = '4096' + $couchdb_user = $couchdb['users']['soledad']['username'] + $couchdb_password = $couchdb['users']['soledad']['password'] + + $x509 = hiera('x509') + $x509_key = $x509['key'] + $x509_cert = $x509['cert'] + $x509_ca = $x509['ca_cert'] + + x509::key { 'soledad': + content => $x509_key, + notify => Service['soledad-server']; + } + + x509::cert { 'soledad': + content => $x509_cert, + notify => Service['soledad-server']; + } + + x509::ca { 'soledad': + content => $x509_ca, + notify => Service['soledad-server']; + } + + # + # SOLEDAD CONFIG + # + + file { '/etc/leap/soledad-server.conf': + content => template('soledad/soledad-server.conf.erb'), + owner => 'soledad', + group => 'soledad', + mode => '0600', + notify => Service['soledad-server'], + require => Class['soledad']; + } + + package { 'soledad-server': + ensure => installed + } + + file { '/etc/default/soledad': + content => "CERT_PATH=/etc/x509/certs/soledad.crt\nPRIVKEY_PATH=/etc/x509/keys/soledad.key\n", + require => Package['soledad-server'] + } + + service { 'soledad-server': + ensure => running, + enable => true, + hasstatus => true, + hasrestart => true, + require => [ Class['soledad'], Package['soledad-server'] ]; + } + + include site_shorewall::soledad +} diff --git a/puppet/modules/soledad/templates/soledad-server.conf.erb b/puppet/modules/soledad/templates/soledad-server.conf.erb new file mode 100644 index 00000000..47d1f6e4 --- /dev/null +++ b/puppet/modules/soledad/templates/soledad-server.conf.erb @@ -0,0 +1,3 @@ +[soledad-server] +couch_url = http://<%= @couchdb_user %>:<%= @couchdb_password %>@<%= @couchdb_host %>:<%= @couchdb_port %> + |