From bda22dea464eddeb9a8be4e8513a8e4d1d3cbe8d Mon Sep 17 00:00:00 2001 From: varac Date: Sat, 9 Feb 2013 14:10:35 +0100 Subject: re-enabling futon (see #1121) --- puppet/modules/site_couchdb/files/local.ini | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/puppet/modules/site_couchdb/files/local.ini b/puppet/modules/site_couchdb/files/local.ini index 4003bfcd..b3376cbb 100644 --- a/puppet/modules/site_couchdb/files/local.ini +++ b/puppet/modules/site_couchdb/files/local.ini @@ -27,7 +27,11 @@ [httpd_global_handlers] ;_google = {couch_httpd_proxy, handle_proxy_req, <<"http://www.google.com">>} -_utils = {couch_httpd_misc_handlers, handle_welcome_req, <<"Welcome, Futon is disabled!">>} + +# enable futon +_utils = {couch_httpd_misc_handlers, handle_utils_dir_req, "/usr/share/couchdb/www"} +# disable futon +#_utils = {couch_httpd_misc_handlers, handle_welcome_req, <<"Welcome, Futon is disabled!">>} [couch_httpd_auth] ; If you set this to true, you should also uncomment the WWW-Authenticate line -- cgit v1.2.3 From 5c0d817778b57b253c7443145fa928547f48e9f5 Mon Sep 17 00:00:00 2001 From: varac Date: Sat, 9 Feb 2013 15:05:16 +0100 Subject: site_shorewall::monitor: allow port 80 + 443 --- puppet/modules/site_nagios/manifests/server.pp | 1 + puppet/modules/site_shorewall/manifests/monitor.pp | 18 ++++++++++++++++++ 2 files changed, 19 insertions(+) create mode 100644 puppet/modules/site_shorewall/manifests/monitor.pp diff --git a/puppet/modules/site_nagios/manifests/server.pp b/puppet/modules/site_nagios/manifests/server.pp index 5e2f832b..c98a8a1f 100644 --- a/puppet/modules/site_nagios/manifests/server.pp +++ b/puppet/modules/site_nagios/manifests/server.pp @@ -34,4 +34,5 @@ class site_nagios::server inherits nagios::base { } site_nagios::add_host {$hosts:} + include site_shorewall::monitor } diff --git a/puppet/modules/site_shorewall/manifests/monitor.pp b/puppet/modules/site_shorewall/manifests/monitor.pp new file mode 100644 index 00000000..af9f8bfe --- /dev/null +++ b/puppet/modules/site_shorewall/manifests/monitor.pp @@ -0,0 +1,18 @@ +class site_shorewall::monitor { + + include site_shorewall::defaults + + shorewall::rule { + 'net2fw-https': + source => 'net', + destination => '$FW', + action => 'HTTPS(ACCEPT)', + order => 200; + 'net2fw-http': + source => 'net', + destination => '$FW', + action => 'HTTP(ACCEPT)', + order => 200; + } + +} -- cgit v1.2.3 From 3cdd7f5f02c237da0f8a3f3eb898982883fd9b97 Mon Sep 17 00:00:00 2001 From: elijah Date: Sun, 10 Feb 2013 12:28:26 -0800 Subject: vagrant configuration move to Leapfile --- provider_base/provider.json | 3 --- 1 file changed, 3 deletions(-) diff --git a/provider_base/provider.json b/provider_base/provider.json index 0eae1f87..8ce848f3 100644 --- a/provider_base/provider.json +++ b/provider_base/provider.json @@ -26,8 +26,5 @@ "life_span": "1y" } }, - "vagrant":{ - "network":"10.5.5.0/24" - }, "hiera_sync_destination": "/etc/leap" } -- cgit v1.2.3 From 7680ed13b47561ab0bf96bdb63c3aff3f022ee0d Mon Sep 17 00:00:00 2001 From: elijah Date: Sun, 10 Feb 2013 23:39:04 -0800 Subject: added 'try' module --- puppet/modules/try/README.md | 13 +++++++++ puppet/modules/try/manifests/file.pp | 51 ++++++++++++++++++++++++++++++++++++ puppet/modules/try/manifests/init.pp | 3 +++ 3 files changed, 67 insertions(+) create mode 100644 puppet/modules/try/README.md create mode 100644 puppet/modules/try/manifests/file.pp create mode 100644 puppet/modules/try/manifests/init.pp diff --git a/puppet/modules/try/README.md b/puppet/modules/try/README.md new file mode 100644 index 00000000..3888661e --- /dev/null +++ b/puppet/modules/try/README.md @@ -0,0 +1,13 @@ +This module provides a "try" wrapper around common resource types. + +For example: + + try::file { + '/path/to/file': + ensure => 'link', + target => $target; + } + +This will work just like `file`, but will silently fail if `$target` is undefined or the file does not exist. + +So far, only `file` type with symlinks works. diff --git a/puppet/modules/try/manifests/file.pp b/puppet/modules/try/manifests/file.pp new file mode 100644 index 00000000..406c0b7a --- /dev/null +++ b/puppet/modules/try/manifests/file.pp @@ -0,0 +1,51 @@ +# +# like built-in type "file", but gets gracefully ignored if the target does not exist or is undefined. +# +# /bin/true and /usr/bin/test are hardcoded to their paths in debian. +# + +define try::file ( + $ensure = undef, + $target = undef, + $restore = true) { + + if $target != undef { + exec { "check_${name}": + command => "/bin/true", + onlyif => "/usr/bin/test -e '${target}'", + loglevel => info; + } + file { "$name": + ensure => $ensure, + target => $target, + require => Exec["check_${name}"], + loglevel => info; + } + } + + # + # if the target does not exist (or is undef), and the file happens to be in a git repo, + # then restore the file to its original state. + # + if $target == undef or $restore { + $file_basename = basename($name) + $file_dirname = dirname($name) + $command = "git rev-parse && unlink '${name}'; git checkout -- '${file_basename}' && chown --reference='${file_dirname}' '${name}'; true" + debug($command) + + if $target == undef { + exec { "restore_${name}": + command => $command, + cwd => $file_dirname, + loglevel => info; + } + } else { + exec { "restore_${name}": + unless => "/usr/bin/test -e '${target}'", + command => $command, + cwd => $file_dirname, + loglevel => info; + } + } + } +} diff --git a/puppet/modules/try/manifests/init.pp b/puppet/modules/try/manifests/init.pp new file mode 100644 index 00000000..1d2108c9 --- /dev/null +++ b/puppet/modules/try/manifests/init.pp @@ -0,0 +1,3 @@ +class try { + +} -- cgit v1.2.3 From 708a7e39af9a337ae38f491e7ca1892dd70002c1 Mon Sep 17 00:00:00 2001 From: elijah Date: Sun, 10 Feb 2013 23:39:27 -0800 Subject: set webapp module to use try::file where appropriate --- puppet/modules/site_webapp/manifests/init.pp | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index f0d6c90a..cdec1b6a 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -82,7 +82,9 @@ class site_webapp { '/srv/leap-webapp/public/config/eip-service.json': content => $eip_service, owner => leap-webapp, group => leap-webapp, mode => '0644'; + } + try::file { '/srv/leap-webapp/public/favicon.ico': ensure => 'link', target => $webapp['favicon']; @@ -94,14 +96,10 @@ class site_webapp { '/srv/leap-webapp/app/assets/stylesheets/head.scss': ensure => 'link', target => $webapp['head_scss']; - } - if $webapp['img_dir'] != undef { - file { - '/srv/leap-webapp/public/img': - ensure => 'link', - target => $webapp['img_dir']; - } + '/srv/leap-webapp/public/img': + ensure => 'link', + target => $webapp['img_dir']; } file { -- cgit v1.2.3 From b754c9f3412441c58e90fa57dc236fab74cee167 Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 11 Feb 2013 15:20:05 +0100 Subject: duplicate shortwall service definitions now inclduded from services/* --- puppet/modules/site_shorewall/manifests/monitor.pp | 14 ++------------ puppet/modules/site_shorewall/manifests/service/http.pp | 13 +++++++++++++ puppet/modules/site_shorewall/manifests/service/https.pp | 12 ++++++++++++ puppet/modules/site_shorewall/manifests/tor.pp | 6 +----- puppet/modules/site_shorewall/manifests/webapp.pp | 10 +--------- 5 files changed, 29 insertions(+), 26 deletions(-) create mode 100644 puppet/modules/site_shorewall/manifests/service/http.pp create mode 100644 puppet/modules/site_shorewall/manifests/service/https.pp diff --git a/puppet/modules/site_shorewall/manifests/monitor.pp b/puppet/modules/site_shorewall/manifests/monitor.pp index af9f8bfe..f4ed4f7c 100644 --- a/puppet/modules/site_shorewall/manifests/monitor.pp +++ b/puppet/modules/site_shorewall/manifests/monitor.pp @@ -1,18 +1,8 @@ class site_shorewall::monitor { include site_shorewall::defaults + include site_shorewall::service::http + include site_shorewall::service::https - shorewall::rule { - 'net2fw-https': - source => 'net', - destination => '$FW', - action => 'HTTPS(ACCEPT)', - order => 200; - 'net2fw-http': - source => 'net', - destination => '$FW', - action => 'HTTP(ACCEPT)', - order => 200; - } } diff --git a/puppet/modules/site_shorewall/manifests/service/http.pp b/puppet/modules/site_shorewall/manifests/service/http.pp new file mode 100644 index 00000000..74b874d5 --- /dev/null +++ b/puppet/modules/site_shorewall/manifests/service/http.pp @@ -0,0 +1,13 @@ +class site_shorewall::service::http { + + include site_shorewall::defaults + + shorewall::rule { + 'net2fw-http': + source => 'net', + destination => '$FW', + action => 'HTTP(ACCEPT)', + order => 200; + } + +} diff --git a/puppet/modules/site_shorewall/manifests/service/https.pp b/puppet/modules/site_shorewall/manifests/service/https.pp new file mode 100644 index 00000000..4a8b119c --- /dev/null +++ b/puppet/modules/site_shorewall/manifests/service/https.pp @@ -0,0 +1,12 @@ +class site_shorewall::service::https { + + include site_shorewall::defaults + + shorewall::rule { + 'net2fw-https': + source => 'net', + destination => '$FW', + action => 'HTTPS(ACCEPT)', + order => 200; + } +} diff --git a/puppet/modules/site_shorewall/manifests/tor.pp b/puppet/modules/site_shorewall/manifests/tor.pp index a72d9dfc..8fe21ee6 100644 --- a/puppet/modules/site_shorewall/manifests/tor.pp +++ b/puppet/modules/site_shorewall/manifests/tor.pp @@ -18,11 +18,7 @@ class site_shorewall::tor { destination => '$FW', action => 'leap_tor(ACCEPT)', order => 200; - 'net2fw-http': - source => 'net', - destination => '$FW', - action => 'HTTP(ACCEPT)', - order => 200; } + include site_shorewall::service::http } diff --git a/puppet/modules/site_shorewall/manifests/webapp.pp b/puppet/modules/site_shorewall/manifests/webapp.pp index ff9b7646..31a65b1b 100644 --- a/puppet/modules/site_shorewall/manifests/webapp.pp +++ b/puppet/modules/site_shorewall/manifests/webapp.pp @@ -1,13 +1,5 @@ class site_shorewall::webapp { include site_shorewall::defaults - - shorewall::rule { - 'net2fw-https': - source => 'net', - destination => '$FW', - action => 'HTTPS(ACCEPT)', - order => 200; - } - + include site_shorewall::service::https } -- cgit v1.2.3 From 102af94df02decef888bac09748dbac6773dedd6 Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 12 Feb 2013 13:26:42 +0100 Subject: fixed shorewall is blocking api port (Bug #1735) --- .../site_shorewall/manifests/service/webapp_api.pp | 21 +++++++++++++++++++++ puppet/modules/site_shorewall/manifests/webapp.pp | 1 + 2 files changed, 22 insertions(+) create mode 100644 puppet/modules/site_shorewall/manifests/service/webapp_api.pp diff --git a/puppet/modules/site_shorewall/manifests/service/webapp_api.pp b/puppet/modules/site_shorewall/manifests/service/webapp_api.pp new file mode 100644 index 00000000..9d4296e5 --- /dev/null +++ b/puppet/modules/site_shorewall/manifests/service/webapp_api.pp @@ -0,0 +1,21 @@ +class site_shorewall::service::webapp_api { + + $api = hiera('api') + $api_port = $api['port'] + + # define macro for incoming services + file { '/etc/shorewall/macro.leap_webapp_api': + content => "PARAM - - tcp $api_port ", + notify => Service['shorewall'] + } + + + shorewall::rule { + 'net2fw-webapp_api': + source => 'net', + destination => '$FW', + action => 'leap_webapp_api(ACCEPT)', + order => 200; + } + +} diff --git a/puppet/modules/site_shorewall/manifests/webapp.pp b/puppet/modules/site_shorewall/manifests/webapp.pp index 31a65b1b..d12bbc8f 100644 --- a/puppet/modules/site_shorewall/manifests/webapp.pp +++ b/puppet/modules/site_shorewall/manifests/webapp.pp @@ -2,4 +2,5 @@ class site_shorewall::webapp { include site_shorewall::defaults include site_shorewall::service::https + include site_shorewall::service::webapp_api } -- cgit v1.2.3