diff options
Diffstat (limited to 'puppet/modules')
| -rw-r--r-- | puppet/modules/site_config/manifests/ruby.pp | 14 | ||||
| -rw-r--r-- | puppet/modules/site_nickserver/manifests/init.pp | 120 | ||||
| -rw-r--r-- | puppet/modules/site_nickserver/templates/nickserver.yml.erb | 7 | ||||
| -rw-r--r-- | puppet/modules/site_webapp/manifests/init.pp | 8 |
4 files changed, 142 insertions, 7 deletions
diff --git a/puppet/modules/site_config/manifests/ruby.pp b/puppet/modules/site_config/manifests/ruby.pp new file mode 100644 index 00000000..2a720114 --- /dev/null +++ b/puppet/modules/site_config/manifests/ruby.pp @@ -0,0 +1,14 @@ +class site_config::ruby { + Class[Ruby] -> Class[rubygems] -> Class[bundler::install] + class { '::ruby': ruby_version => '1.9.3' } + class { 'bundler::install': install_method => 'package' } + include rubygems +} + + +# +# Ruby settings common to all servers +# +# Why this way? So that other classes can do 'include site_ruby' without creating redeclaration errors. +# See https://puppetlabs.com/blog/modeling-class-composition-with-parameterized-classes/ +# diff --git a/puppet/modules/site_nickserver/manifests/init.pp b/puppet/modules/site_nickserver/manifests/init.pp new file mode 100644 index 00000000..4a80d8fd --- /dev/null +++ b/puppet/modules/site_nickserver/manifests/init.pp @@ -0,0 +1,120 @@ +# +# TODO: currently, this is dependent on the HAProxy stuff that is in site_webapp. +# it would be good to factor that out into a site_haproxy, so that nickserver could be applied independently. +# + +class site_nickserver { + tag 'leap_service' + include site_config::ruby + + # + # VARIABLES + # + + $nickserver = hiera('nickserver') + $nickserver_port = $nickserver['port'] + $couchdb_user = $nickserver['couchdb_user']['username'] + $couchdb_password = $nickserver['couchdb_user']['password'] + $couchdb_host = 'localhost' # couchdb is available on localhost via haproxy, which is bound to 4096. + $couchdb_port = '4096' # See site_webapp/templates/haproxy_couchdb.cfg.erg + + # + # USER AND GROUP + # + + group { 'nickserver': + ensure => present, + allowdupe => false; + } + user { 'nickserver': + ensure => present, + allowdupe => false, + gid => 'nickserver', + groups => 'ssl-cert', + home => '/srv/leap/nickserver', + require => Group['nickserver']; + } + + # + # NICKSERVER CODE + # + + #file { '/srv/leap/nickserver': + # ensure => directory, + # owner => 'nickserver', + # group => 'nickserver', + # require => User['nickserver']; + #} + vcsrepo { '/srv/leap/nickserver': + ensure => present, + revision => 'origin/master', + provider => git, + source => 'git://code.leap.se/nickserver', + owner => 'nickserver', + group => 'nickserver', + require => [ User['nickserver'], Group['nickserver'] ], + notify => Exec['nickserver_bundler_update']; + } + exec { 'nickserver_bundler_update': + cwd => '/srv/leap/nickserver', + command => '/bin/bash -c "/usr/bin/bundle check || /usr/bin/bundle install --path vendor/bundle"', + unless => '/usr/bin/bundle check', + user => 'nickserver', + timeout => 600, + require => [ Class['bundler::install'], Vcsrepo['/srv/leap/nickserver'] ], + notify => Service['nickserver']; + } + + # + # NICKSERVER CONFIG + # + + file { '/etc/leap/nickserver.yml': + content => template('site_nickserver/nickserver.yml.erb'), + owner => nickserver, + group => nickserver, + mode => '0600', + notify => Service['nickserver']; + } + + # + # NICKSERVER DAEMON + # + + file { + '/usr/bin/nickserver': + ensure => link, + target => '/srv/leap/nickserver/bin/nickserver', + require => Vcsrepo['/srv/leap/nickserver']; + '/etc/init.d/nickserver': + owner => root, group => 0, mode => '0755', + source => '/srv/leap/nickserver/dist/debian-init-script', + require => Vcsrepo['/srv/leap/nickserver']; + } + + service { 'nickserver': + ensure => running, + enable => true, + hasrestart => true, + hasstatus => true, + require => File['/etc/init.d/nickserver']; + } + + # + # FIREWALL + # + + file { '/etc/shorewall/macro.nickserver': + content => "PARAM - - tcp $nickserver_port", + notify => Service['shorewall'], + require => Package['shorewall']; + } + + shorewall::rule { 'net2fw-nickserver': + source => 'net', + destination => '$FW', + action => 'nickserver(ACCEPT)', + order => 200; + } + +}
\ No newline at end of file diff --git a/puppet/modules/site_nickserver/templates/nickserver.yml.erb b/puppet/modules/site_nickserver/templates/nickserver.yml.erb new file mode 100644 index 00000000..ec1c22ed --- /dev/null +++ b/puppet/modules/site_nickserver/templates/nickserver.yml.erb @@ -0,0 +1,7 @@ +couch_host: <%= @couchdb_host %> +couch_port: <%= @couchdb_port %> +couch_database: 'users' +couch_user: <%= @couchdb_user %> +couch_password: <%= @couchdb_password %> +hkp_url: 'https://hkps.pool.sks-keyservers.net:/pks/lookup' +port: <%= @nickserver_port %> diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index 5c084a0c..80b7c271 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -11,13 +11,7 @@ class site_webapp { $api_version = $webapp['api_version'] $secret_token = $webapp['secret_token'] - Class[Ruby] -> Class[rubygems] -> Class[bundler::install] - - class { 'ruby': ruby_version => '1.9.3' } - - class { 'bundler::install': install_method => 'package' } - - include rubygems + include site_config::ruby include site_webapp::apache include site_webapp::couchdb include site_webapp::client_ca |