diff options
Diffstat (limited to 'provider_base/services')
-rw-r--r-- | provider_base/services/_api_tester.json | 13 | ||||
-rw-r--r-- | provider_base/services/monitor.rb | 3 | ||||
-rw-r--r-- | provider_base/services/mx.json | 2 | ||||
-rw-r--r-- | provider_base/services/mx.rb | 1 | ||||
-rw-r--r-- | provider_base/services/soledad.rb | 22 | ||||
-rw-r--r-- | provider_base/services/webapp.json | 10 |
6 files changed, 47 insertions, 4 deletions
diff --git a/provider_base/services/_api_tester.json b/provider_base/services/_api_tester.json new file mode 100644 index 00000000..790aa7d8 --- /dev/null +++ b/provider_base/services/_api_tester.json @@ -0,0 +1,13 @@ +// +// This partial should be added to any service that runs tests that rely on +// accessing the bonafide webapp API. +// +{ + "testing": { + "monitor_auth_token": "= secret :api_monitor_auth_token", + "api_uri": "= global.services[:webapp].api.uri", + // api_hosts is not used directly, but calling hostnames() will ensure + // that the hostnames are added to /etc/hosts + "api_hosts": "= hostnames(nodes_like_me[:services => 'webapp'])" + } +}
\ No newline at end of file diff --git a/provider_base/services/monitor.rb b/provider_base/services/monitor.rb new file mode 100644 index 00000000..01590d5c --- /dev/null +++ b/provider_base/services/monitor.rb @@ -0,0 +1,3 @@ +unless self.services.include? "webapp" + LeapCli.log :error, "service `monitor` requires service `webapp` on the same node (node #{self.name})." +end diff --git a/provider_base/services/mx.json b/provider_base/services/mx.json index 676e075b..c7e99d85 100644 --- a/provider_base/services/mx.json +++ b/provider_base/services/mx.json @@ -30,7 +30,7 @@ "password": "= secret :couch_leap_mx_password", "salt": "= hex_secret :couch_leap_mx_password_salt, 128" }, - "mynetworks": "= nodes['environment' => '!local'].map{|name, n| [n.ip_address, (global.facts[name]||{})['ec2_public_ipv4']]}.flatten.compact.uniq", + "mynetworks": "= host_ips(nodes)", "rbls": ["zen.spamhaus.org"], "clamav": { "whitelisted_addresses": [] diff --git a/provider_base/services/mx.rb b/provider_base/services/mx.rb new file mode 100644 index 00000000..741ff313 --- /dev/null +++ b/provider_base/services/mx.rb @@ -0,0 +1 @@ +apply_partial('services/_api_tester.json') diff --git a/provider_base/services/soledad.rb b/provider_base/services/soledad.rb index b55e90b6..4391dead 100644 --- a/provider_base/services/soledad.rb +++ b/provider_base/services/soledad.rb @@ -1,3 +1,23 @@ unless self.services.include? "couchdb" LeapCli.log :error, "service `soledad` requires service `couchdb` on the same node (node #{self.name})." -end
\ No newline at end of file +end + +# +# currently, mx tests keep the same test user around, +# by rely on the soledad test to destroy the email +# test user's mail storage (so that it does not just +# keep accumulating test emails). +# +# We do it this way because: +# +# (1) couchdb bloats if you create and destroy test users, +# so we keep the test user around. +# +# (2) the mx test has access to the bonafide api, but the +# bonafide api (webapp) does not have access to destroy +# user storage dbs. +# +# If any of these conditions change, then this partial +# will no longer be required. +# +apply_partial('services/_api_tester.json')
\ No newline at end of file diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index 9e3d751b..b1d2ca59 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -33,7 +33,11 @@ "support" ], "locales": "= provider.languages", - "default_locale": "= provider.default_language" + "default_locale": "= provider.default_language", + "api_tokens": { + "monitor": "= secret :api_monitor_auth_token", + "allowed_ips": "= host_ips(nodes_like_me)" + } }, "stunnel": { "clients": { @@ -55,8 +59,10 @@ "service_type": "public_service", "api": { "domain": "= 'api.' + webapp.domain", + "version": 1, "port": 4430, - "ca_cert_uri": "= 'https://' + webapp.domain + '/ca.crt'" + "ca_cert_uri": "= 'https://' + webapp.domain + '/ca.crt'", + "uri": "= %(https://#{api.domain}:#{api.port}/#{api.version})" }, "nickserver": { "domain": "= 'nicknym.' + domain.full_suffix", |