summaryrefslogtreecommitdiff
path: root/puppet/modules
diff options
context:
space:
mode:
Diffstat (limited to 'puppet/modules')
-rw-r--r--puppet/modules/site_couchdb/files/local.ini6
-rw-r--r--puppet/modules/site_nagios/manifests/server.pp1
-rw-r--r--puppet/modules/site_shorewall/manifests/monitor.pp8
-rw-r--r--puppet/modules/site_shorewall/manifests/service/http.pp13
-rw-r--r--puppet/modules/site_shorewall/manifests/service/https.pp12
-rw-r--r--puppet/modules/site_shorewall/manifests/service/webapp_api.pp21
-rw-r--r--puppet/modules/site_shorewall/manifests/tor.pp6
-rw-r--r--puppet/modules/site_shorewall/manifests/webapp.pp11
-rw-r--r--puppet/modules/site_webapp/manifests/init.pp12
-rw-r--r--puppet/modules/try/README.md13
-rw-r--r--puppet/modules/try/manifests/file.pp51
-rw-r--r--puppet/modules/try/manifests/init.pp3
12 files changed, 135 insertions, 22 deletions
diff --git a/puppet/modules/site_couchdb/files/local.ini b/puppet/modules/site_couchdb/files/local.ini
index 4003bfcd..b3376cbb 100644
--- a/puppet/modules/site_couchdb/files/local.ini
+++ b/puppet/modules/site_couchdb/files/local.ini
@@ -27,7 +27,11 @@
[httpd_global_handlers]
;_google = {couch_httpd_proxy, handle_proxy_req, <<"http://www.google.com">>}
-_utils = {couch_httpd_misc_handlers, handle_welcome_req, <<"Welcome, Futon is disabled!">>}
+
+# enable futon
+_utils = {couch_httpd_misc_handlers, handle_utils_dir_req, "/usr/share/couchdb/www"}
+# disable futon
+#_utils = {couch_httpd_misc_handlers, handle_welcome_req, <<"Welcome, Futon is disabled!">>}
[couch_httpd_auth]
; If you set this to true, you should also uncomment the WWW-Authenticate line
diff --git a/puppet/modules/site_nagios/manifests/server.pp b/puppet/modules/site_nagios/manifests/server.pp
index 5e2f832b..c98a8a1f 100644
--- a/puppet/modules/site_nagios/manifests/server.pp
+++ b/puppet/modules/site_nagios/manifests/server.pp
@@ -34,4 +34,5 @@ class site_nagios::server inherits nagios::base {
}
site_nagios::add_host {$hosts:}
+ include site_shorewall::monitor
}
diff --git a/puppet/modules/site_shorewall/manifests/monitor.pp b/puppet/modules/site_shorewall/manifests/monitor.pp
new file mode 100644
index 00000000..f4ed4f7c
--- /dev/null
+++ b/puppet/modules/site_shorewall/manifests/monitor.pp
@@ -0,0 +1,8 @@
+class site_shorewall::monitor {
+
+ include site_shorewall::defaults
+ include site_shorewall::service::http
+ include site_shorewall::service::https
+
+
+}
diff --git a/puppet/modules/site_shorewall/manifests/service/http.pp b/puppet/modules/site_shorewall/manifests/service/http.pp
new file mode 100644
index 00000000..74b874d5
--- /dev/null
+++ b/puppet/modules/site_shorewall/manifests/service/http.pp
@@ -0,0 +1,13 @@
+class site_shorewall::service::http {
+
+ include site_shorewall::defaults
+
+ shorewall::rule {
+ 'net2fw-http':
+ source => 'net',
+ destination => '$FW',
+ action => 'HTTP(ACCEPT)',
+ order => 200;
+ }
+
+}
diff --git a/puppet/modules/site_shorewall/manifests/service/https.pp b/puppet/modules/site_shorewall/manifests/service/https.pp
new file mode 100644
index 00000000..4a8b119c
--- /dev/null
+++ b/puppet/modules/site_shorewall/manifests/service/https.pp
@@ -0,0 +1,12 @@
+class site_shorewall::service::https {
+
+ include site_shorewall::defaults
+
+ shorewall::rule {
+ 'net2fw-https':
+ source => 'net',
+ destination => '$FW',
+ action => 'HTTPS(ACCEPT)',
+ order => 200;
+ }
+}
diff --git a/puppet/modules/site_shorewall/manifests/service/webapp_api.pp b/puppet/modules/site_shorewall/manifests/service/webapp_api.pp
new file mode 100644
index 00000000..9d4296e5
--- /dev/null
+++ b/puppet/modules/site_shorewall/manifests/service/webapp_api.pp
@@ -0,0 +1,21 @@
+class site_shorewall::service::webapp_api {
+
+ $api = hiera('api')
+ $api_port = $api['port']
+
+ # define macro for incoming services
+ file { '/etc/shorewall/macro.leap_webapp_api':
+ content => "PARAM - - tcp $api_port ",
+ notify => Service['shorewall']
+ }
+
+
+ shorewall::rule {
+ 'net2fw-webapp_api':
+ source => 'net',
+ destination => '$FW',
+ action => 'leap_webapp_api(ACCEPT)',
+ order => 200;
+ }
+
+}
diff --git a/puppet/modules/site_shorewall/manifests/tor.pp b/puppet/modules/site_shorewall/manifests/tor.pp
index a72d9dfc..8fe21ee6 100644
--- a/puppet/modules/site_shorewall/manifests/tor.pp
+++ b/puppet/modules/site_shorewall/manifests/tor.pp
@@ -18,11 +18,7 @@ class site_shorewall::tor {
destination => '$FW',
action => 'leap_tor(ACCEPT)',
order => 200;
- 'net2fw-http':
- source => 'net',
- destination => '$FW',
- action => 'HTTP(ACCEPT)',
- order => 200;
}
+ include site_shorewall::service::http
}
diff --git a/puppet/modules/site_shorewall/manifests/webapp.pp b/puppet/modules/site_shorewall/manifests/webapp.pp
index ff9b7646..d12bbc8f 100644
--- a/puppet/modules/site_shorewall/manifests/webapp.pp
+++ b/puppet/modules/site_shorewall/manifests/webapp.pp
@@ -1,13 +1,6 @@
class site_shorewall::webapp {
include site_shorewall::defaults
-
- shorewall::rule {
- 'net2fw-https':
- source => 'net',
- destination => '$FW',
- action => 'HTTPS(ACCEPT)',
- order => 200;
- }
-
+ include site_shorewall::service::https
+ include site_shorewall::service::webapp_api
}
diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp
index 46cc0ed6..e8134521 100644
--- a/puppet/modules/site_webapp/manifests/init.pp
+++ b/puppet/modules/site_webapp/manifests/init.pp
@@ -84,7 +84,9 @@ class site_webapp {
'/srv/leap-webapp/public/config/eip-service.json':
content => $eip_service,
owner => leap-webapp, group => leap-webapp, mode => '0644';
+ }
+ try::file {
'/srv/leap-webapp/public/favicon.ico':
ensure => 'link',
target => $webapp['favicon'];
@@ -96,14 +98,10 @@ class site_webapp {
'/srv/leap-webapp/app/assets/stylesheets/head.scss':
ensure => 'link',
target => $webapp['head_scss'];
- }
- if $webapp['img_dir'] != undef {
- file {
- '/srv/leap-webapp/public/img':
- ensure => 'link',
- target => $webapp['img_dir'];
- }
+ '/srv/leap-webapp/public/img':
+ ensure => 'link',
+ target => $webapp['img_dir'];
}
file {
diff --git a/puppet/modules/try/README.md b/puppet/modules/try/README.md
new file mode 100644
index 00000000..3888661e
--- /dev/null
+++ b/puppet/modules/try/README.md
@@ -0,0 +1,13 @@
+This module provides a "try" wrapper around common resource types.
+
+For example:
+
+ try::file {
+ '/path/to/file':
+ ensure => 'link',
+ target => $target;
+ }
+
+This will work just like `file`, but will silently fail if `$target` is undefined or the file does not exist.
+
+So far, only `file` type with symlinks works.
diff --git a/puppet/modules/try/manifests/file.pp b/puppet/modules/try/manifests/file.pp
new file mode 100644
index 00000000..406c0b7a
--- /dev/null
+++ b/puppet/modules/try/manifests/file.pp
@@ -0,0 +1,51 @@
+#
+# like built-in type "file", but gets gracefully ignored if the target does not exist or is undefined.
+#
+# /bin/true and /usr/bin/test are hardcoded to their paths in debian.
+#
+
+define try::file (
+ $ensure = undef,
+ $target = undef,
+ $restore = true) {
+
+ if $target != undef {
+ exec { "check_${name}":
+ command => "/bin/true",
+ onlyif => "/usr/bin/test -e '${target}'",
+ loglevel => info;
+ }
+ file { "$name":
+ ensure => $ensure,
+ target => $target,
+ require => Exec["check_${name}"],
+ loglevel => info;
+ }
+ }
+
+ #
+ # if the target does not exist (or is undef), and the file happens to be in a git repo,
+ # then restore the file to its original state.
+ #
+ if $target == undef or $restore {
+ $file_basename = basename($name)
+ $file_dirname = dirname($name)
+ $command = "git rev-parse && unlink '${name}'; git checkout -- '${file_basename}' && chown --reference='${file_dirname}' '${name}'; true"
+ debug($command)
+
+ if $target == undef {
+ exec { "restore_${name}":
+ command => $command,
+ cwd => $file_dirname,
+ loglevel => info;
+ }
+ } else {
+ exec { "restore_${name}":
+ unless => "/usr/bin/test -e '${target}'",
+ command => $command,
+ cwd => $file_dirname,
+ loglevel => info;
+ }
+ }
+ }
+}
diff --git a/puppet/modules/try/manifests/init.pp b/puppet/modules/try/manifests/init.pp
new file mode 100644
index 00000000..1d2108c9
--- /dev/null
+++ b/puppet/modules/try/manifests/init.pp
@@ -0,0 +1,3 @@
+class try {
+
+}