diff options
Diffstat (limited to 'puppet/modules/tapicero')
| -rwxr-xr-x | puppet/modules/tapicero/files/tapicero.init | 60 | ||||
| -rw-r--r-- | puppet/modules/tapicero/manifests/init.pp | 123 | ||||
| -rw-r--r-- | puppet/modules/tapicero/templates/tapicero.yaml.erb | 42 |
3 files changed, 225 insertions, 0 deletions
diff --git a/puppet/modules/tapicero/files/tapicero.init b/puppet/modules/tapicero/files/tapicero.init new file mode 100755 index 00000000..7a9af45f --- /dev/null +++ b/puppet/modules/tapicero/files/tapicero.init @@ -0,0 +1,60 @@ +#!/bin/sh + +### BEGIN INIT INFO +# Provides: tapicero +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: tapicero initscript +# Description: Controls tapicero daemon +### END INIT INFO + +PATH=/sbin:/usr/sbin:/bin:/usr/bin +BUNDLER=/usr/bin/bundle +NAME=tapicero +HOME="/srv/leap" +DAEMON="${HOME}/${NAME}/bin/${NAME}" +BUNDLE_GEMFILE="${HOME}/${NAME}/Gemfile" + +export BUNDLE_GEMFILE + +# exit if the daemon doesn't exist +[ -x "$DAEMON" ] || exit 0 + +. /lib/init/vars.sh +. /lib/lsb/init-functions + +if [ "$VERBOSE" != no ]; then + OPTIONS="--verbose" +else + OPTIONS="" +fi + +case "$1" in + start) + $BUNDLER exec $DAEMON start $OPTIONS + exit $? + ;; + stop) + $BUNDLER exec $DAEMON stop $OPTIONS + exit $? + ;; + restart) + $BUNDLER exec $DAEMON restart $OPTIONS + exit $? + ;; + reload) + $BUNDLER exec $DAEMON reload $OPTIONS + exit $? + ;; + status) + $BUNDLER exec $DAEMON status $OPTIONS + exit $? + ;; + *) + echo "Usage: /etc/init.d/$NAME {start|stop|reload|restart|status}" + exit 1 +esac + +exit 0 diff --git a/puppet/modules/tapicero/manifests/init.pp b/puppet/modules/tapicero/manifests/init.pp new file mode 100644 index 00000000..743e8a84 --- /dev/null +++ b/puppet/modules/tapicero/manifests/init.pp @@ -0,0 +1,123 @@ +class tapicero { + tag 'leap_service' + + $couchdb = hiera('couch') + $couchdb_port = $couchdb['port'] + + $couchdb_users = $couchdb['users'] + + $couchdb_admin_user = $couchdb_users['admin']['username'] + $couchdb_admin_password = $couchdb_users['admin']['password'] + + $couchdb_soledad_user = $couchdb_users['soledad']['username'] + $couchdb_leap_mx_user = $couchdb_users['leap_mx']['username'] + + + Class['site_config::default'] -> Class['tapicero'] + + include site_config::ruby::dev + + # + # USER AND GROUP + # + + group { 'tapicero': + ensure => present, + allowdupe => false; + } + + user { 'tapicero': + ensure => present, + allowdupe => false, + gid => 'tapicero', + home => '/srv/leap/tapicero', + require => Group['tapicero']; + } + + # + # TAPICERO FILES + # + + file { + + ## + ## TAPICERO DIRECTORIES + ## + + '/srv/leap/tapicero': + ensure => directory, + owner => 'tapicero', + group => 'tapicero', + require => User['tapicero']; + + '/var/lib/leap/tapicero': + ensure => directory, + owner => 'tapicero', + group => 'tapicero', + require => User['tapicero']; + + ## + ## TAPICERO CONFIG + ## + + '/etc/leap/tapicero.yaml': + content => template('tapicero/tapicero.yaml.erb'), + owner => 'tapicero', + group => 'tapicero', + mode => '0600', + notify => Service['tapicero']; + + ## + ## TAPICERO INIT + ## + + '/etc/init.d/tapicero': + source => 'puppet:///modules/tapicero/tapicero.init', + owner => root, + group => 0, + mode => '0755', + require => Vcsrepo['/srv/leap/tapicero']; + } + + # + # TAPICERO CODE + # + + vcsrepo { '/srv/leap/tapicero': + ensure => present, + force => true, + revision => 'origin/master', + provider => git, + source => 'https://leap.se/git/tapicero', + owner => 'tapicero', + group => 'tapicero', + require => [ User['tapicero'], Group['tapicero'] ], + notify => Exec['tapicero_bundler_update'] + } + + exec { 'tapicero_bundler_update': + cwd => '/srv/leap/tapicero', + command => '/bin/bash -c "/usr/bin/bundle check || /usr/bin/bundle install --path vendor/bundle --without test development"', + unless => '/usr/bin/bundle check', + user => 'tapicero', + timeout => 600, + require => [ + Class['bundler::install'], + Vcsrepo['/srv/leap/tapicero'], + Class['site_config::ruby::dev'] ], + notify => Service['tapicero']; + } + + # + # TAPICERO DAEMON + # + + service { 'tapicero': + ensure => running, + enable => true, + hasstatus => true, + hasrestart => true, + require => File['/etc/init.d/tapicero']; + } + +} diff --git a/puppet/modules/tapicero/templates/tapicero.yaml.erb b/puppet/modules/tapicero/templates/tapicero.yaml.erb new file mode 100644 index 00000000..8e19b22f --- /dev/null +++ b/puppet/modules/tapicero/templates/tapicero.yaml.erb @@ -0,0 +1,42 @@ +# +# Default configuration options for Tapicero +# + +# couch connection configuration +connection: + protocol: "http" + host: "localhost" + port: <%= @couchdb_port %> + username: <%= @couchdb_admin_user %> + password: <%= @couchdb_admin_password %> + prefix : "" + suffix : "" + +# file to store the last processed user record in so we can resume after +# a restart: +seq_file: "/var/lib/leap/tapicero/tapicero.seq" + +# Configure log_file like this if you want to log to a file instead of syslog: +# log_file: "/var/leap/log/tapicero.log" +log_level: info + +# tapicero specific options +options: + # prefix for per user databases: + db_prefix: "user-" + + # security settings to be used for the per user databases + security: + admins: + names: + # We explicitly allow the admin user to access per user databases, even + # though admin access ignores per database security we just do this to be + # explicit about this + - <%= @couchdb_admin_user %> + roles: [] + readers: + names: + - <%= @couchdb_soledad_user %> + - <%= @couchdb_leap_mx_user %> + roles: [] + |