summaryrefslogtreecommitdiff
path: root/puppet
diff options
context:
space:
mode:
Diffstat (limited to 'puppet')
-rw-r--r--puppet/manifests/site.pp4
-rw-r--r--puppet/modules/site_ca_daemon/manifests/apache.pp62
-rw-r--r--puppet/modules/site_ca_daemon/manifests/couchdb.pp16
-rw-r--r--puppet/modules/site_ca_daemon/manifests/init.pp55
-rw-r--r--puppet/modules/site_ca_daemon/templates/couchdb.yml.erb7
5 files changed, 144 insertions, 0 deletions
diff --git a/puppet/manifests/site.pp b/puppet/manifests/site.pp
index 9da2174c..c8502bc7 100644
--- a/puppet/manifests/site.pp
+++ b/puppet/manifests/site.pp
@@ -22,4 +22,8 @@ node 'default' {
if 'webapp' in $services {
include site_webapp
}
+
+ if 'ca' in $services {
+ include site_ca_daemon
+ }
}
diff --git a/puppet/modules/site_ca_daemon/manifests/apache.pp b/puppet/modules/site_ca_daemon/manifests/apache.pp
new file mode 100644
index 00000000..ab6b08fd
--- /dev/null
+++ b/puppet/modules/site_ca_daemon/manifests/apache.pp
@@ -0,0 +1,62 @@
+class site_ca_daemon::apache {
+
+ $api_domain = hiera('api_domain')
+ $x509 = hiera('x509')
+ $commercial_key = $x509['commercial_key']
+ $commercial_cert = $x509['commercial_cert']
+ $commercial_root = $x509['commercial_ca_cert']
+ $api_key = $x509['key']
+ $api_cert = $x509['cert']
+ $api_root = $x509['ca_cert']
+
+ $apache_no_default_site = true
+ include apache::ssl
+
+ apache::module {
+ 'alias': ensure => present;
+ 'rewrite': ensure => present;
+ 'headers': ensure => present;
+ }
+
+ class { 'passenger': use_munin => false }
+
+ apache::vhost::file {
+ 'leap_ca_daemon':
+ content => template('site_apache/vhosts.d/leap_ca_daemon.conf.erb')
+ }
+
+ apache::vhost::file {
+ 'api':
+ content => template('site_apache/vhosts.d/api.conf.erb')
+ }
+
+ x509::key {
+ 'leap_ca_daemon':
+ content => $commercial_key,
+ notify => Service[apache];
+
+ 'leap_api':
+ content => $api_key,
+ notify => Service[apache];
+ }
+
+ x509::cert {
+ 'leap_ca_daemon':
+ content => $commercial_cert,
+ notify => Service[apache];
+
+ 'leap_api':
+ content => $api_cert,
+ notify => Service[apache];
+ }
+
+ x509::ca {
+ 'leap_ca_daemon':
+ content => $commercial_root,
+ notify => Service[apache];
+
+ 'leap_api':
+ content => $api_root,
+ notify => Service[apache];
+ }
+}
diff --git a/puppet/modules/site_ca_daemon/manifests/couchdb.pp b/puppet/modules/site_ca_daemon/manifests/couchdb.pp
new file mode 100644
index 00000000..b5a1d2d4
--- /dev/null
+++ b/puppet/modules/site_ca_daemon/manifests/couchdb.pp
@@ -0,0 +1,16 @@
+class site_ca_daemon::couchdb {
+
+ $ca = hiera('ca_daemon')
+ $couchdb_host = $ca['couchdb_hosts']
+ $couchdb_user = $ca['couchdb_user']['username']
+ $couchdb_password = $ca['couchdb_user']['password']
+
+ file {
+ '/srv/leap_ca_daemon/config/couchdb.yml':
+ content => template('site_ca_daemon/couchdb.yml.erb'),
+ owner => leap_ca_daemon,
+ group => leap_ca_daemon,
+ mode => '0600';
+ }
+
+}
diff --git a/puppet/modules/site_ca_daemon/manifests/init.pp b/puppet/modules/site_ca_daemon/manifests/init.pp
new file mode 100644
index 00000000..c749da12
--- /dev/null
+++ b/puppet/modules/site_ca_daemon/manifests/init.pp
@@ -0,0 +1,55 @@
+class site_ca_daemon {
+
+ #$definition_files = hiera('definition_files')
+ #$provider = $definition_files['provider']
+ #$eip_service = $definition_files['eip_service']
+
+ Class[Ruby] -> Class[rubygems] -> Class[bundler::install]
+
+ class { 'ruby': ruby_version => '1.9.3' }
+
+ class { 'bundler::install': install_method => 'package' }
+
+ include rubygems
+ #include site_ca_daemon::apache
+ include site_ca_daemon::couchdb
+
+ group { 'leap_ca_daemon':
+ ensure => present,
+ allowdupe => false;
+ }
+
+ user { 'leap_ca_daemon':
+ ensure => present,
+ allowdupe => false,
+ gid => 'leap_ca_daemon',
+ home => '/srv/leap_ca_daemon',
+ require => [ Group['leap_ca_daemon'] ];
+ }
+
+ file { '/srv/leap_ca_daemon':
+ ensure => directory,
+ owner => 'leap_ca_daemon',
+ group => 'leap_ca_daemon',
+ require => User['leap_ca_daemon'];
+ }
+
+ vcsrepo { '/srv/leap_ca_daemon':
+ ensure => present,
+ revision => 'origin/deploy',
+ provider => git,
+ source => 'git://code.leap.se/leap_ca',
+ owner => 'leap_ca_daemon',
+ group => 'leap_ca_daemon',
+ require => [ User['leap_ca_daemon'], Group['leap_ca_daemon'] ],
+ notify => Exec['bundler_update']
+ }
+
+ exec { 'bundler_update':
+ cwd => '/srv/leap_ca_daemon',
+ command => '/bin/bash -c "/usr/bin/bundle check || /usr/bin/bundle install"',
+ unless => '/usr/bin/bundle check',
+ require => [ Class['bundler::install'], Vcsrepo['/srv/leap_ca_daemon'] ];
+ }
+
+}
diff --git a/puppet/modules/site_ca_daemon/templates/couchdb.yml.erb b/puppet/modules/site_ca_daemon/templates/couchdb.yml.erb
new file mode 100644
index 00000000..f5132599
--- /dev/null
+++ b/puppet/modules/site_ca_daemon/templates/couchdb.yml.erb
@@ -0,0 +1,7 @@
+production:
+ protocol: 'https'
+ host: <%= couchdb_host %>
+ port: 443
+ username: <%= couchdb_user %>
+ password: <%= couchdb_password %>
+