From 528aaee2f24b2b1b57435df6db42b89af6ba76de Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 7 Dec 2012 14:49:22 +0100 Subject: added module site_ca_daemon --- puppet/modules/site_ca_daemon/manifests/apache.pp | 62 ++++++++++++++++++++++ puppet/modules/site_ca_daemon/manifests/couchdb.pp | 16 ++++++ puppet/modules/site_ca_daemon/manifests/init.pp | 55 +++++++++++++++++++ 3 files changed, 133 insertions(+) create mode 100644 puppet/modules/site_ca_daemon/manifests/apache.pp create mode 100644 puppet/modules/site_ca_daemon/manifests/couchdb.pp create mode 100644 puppet/modules/site_ca_daemon/manifests/init.pp (limited to 'puppet/modules/site_ca_daemon/manifests') diff --git a/puppet/modules/site_ca_daemon/manifests/apache.pp b/puppet/modules/site_ca_daemon/manifests/apache.pp new file mode 100644 index 00000000..ab6b08fd --- /dev/null +++ b/puppet/modules/site_ca_daemon/manifests/apache.pp @@ -0,0 +1,62 @@ +class site_ca_daemon::apache { + + $api_domain = hiera('api_domain') + $x509 = hiera('x509') + $commercial_key = $x509['commercial_key'] + $commercial_cert = $x509['commercial_cert'] + $commercial_root = $x509['commercial_ca_cert'] + $api_key = $x509['key'] + $api_cert = $x509['cert'] + $api_root = $x509['ca_cert'] + + $apache_no_default_site = true + include apache::ssl + + apache::module { + 'alias': ensure => present; + 'rewrite': ensure => present; + 'headers': ensure => present; + } + + class { 'passenger': use_munin => false } + + apache::vhost::file { + 'leap_ca_daemon': + content => template('site_apache/vhosts.d/leap_ca_daemon.conf.erb') + } + + apache::vhost::file { + 'api': + content => template('site_apache/vhosts.d/api.conf.erb') + } + + x509::key { + 'leap_ca_daemon': + content => $commercial_key, + notify => Service[apache]; + + 'leap_api': + content => $api_key, + notify => Service[apache]; + } + + x509::cert { + 'leap_ca_daemon': + content => $commercial_cert, + notify => Service[apache]; + + 'leap_api': + content => $api_cert, + notify => Service[apache]; + } + + x509::ca { + 'leap_ca_daemon': + content => $commercial_root, + notify => Service[apache]; + + 'leap_api': + content => $api_root, + notify => Service[apache]; + } +} diff --git a/puppet/modules/site_ca_daemon/manifests/couchdb.pp b/puppet/modules/site_ca_daemon/manifests/couchdb.pp new file mode 100644 index 00000000..b5a1d2d4 --- /dev/null +++ b/puppet/modules/site_ca_daemon/manifests/couchdb.pp @@ -0,0 +1,16 @@ +class site_ca_daemon::couchdb { + + $ca = hiera('ca_daemon') + $couchdb_host = $ca['couchdb_hosts'] + $couchdb_user = $ca['couchdb_user']['username'] + $couchdb_password = $ca['couchdb_user']['password'] + + file { + '/srv/leap_ca_daemon/config/couchdb.yml': + content => template('site_ca_daemon/couchdb.yml.erb'), + owner => leap_ca_daemon, + group => leap_ca_daemon, + mode => '0600'; + } + +} diff --git a/puppet/modules/site_ca_daemon/manifests/init.pp b/puppet/modules/site_ca_daemon/manifests/init.pp new file mode 100644 index 00000000..c749da12 --- /dev/null +++ b/puppet/modules/site_ca_daemon/manifests/init.pp @@ -0,0 +1,55 @@ +class site_ca_daemon { + + #$definition_files = hiera('definition_files') + #$provider = $definition_files['provider'] + #$eip_service = $definition_files['eip_service'] + + Class[Ruby] -> Class[rubygems] -> Class[bundler::install] + + class { 'ruby': ruby_version => '1.9.3' } + + class { 'bundler::install': install_method => 'package' } + + include rubygems + #include site_ca_daemon::apache + include site_ca_daemon::couchdb + + group { 'leap_ca_daemon': + ensure => present, + allowdupe => false; + } + + user { 'leap_ca_daemon': + ensure => present, + allowdupe => false, + gid => 'leap_ca_daemon', + home => '/srv/leap_ca_daemon', + require => [ Group['leap_ca_daemon'] ]; + } + + file { '/srv/leap_ca_daemon': + ensure => directory, + owner => 'leap_ca_daemon', + group => 'leap_ca_daemon', + require => User['leap_ca_daemon']; + } + + vcsrepo { '/srv/leap_ca_daemon': + ensure => present, + revision => 'origin/deploy', + provider => git, + source => 'git://code.leap.se/leap_ca', + owner => 'leap_ca_daemon', + group => 'leap_ca_daemon', + require => [ User['leap_ca_daemon'], Group['leap_ca_daemon'] ], + notify => Exec['bundler_update'] + } + + exec { 'bundler_update': + cwd => '/srv/leap_ca_daemon', + command => '/bin/bash -c "/usr/bin/bundle check || /usr/bin/bundle install"', + unless => '/usr/bin/bundle check', + require => [ Class['bundler::install'], Vcsrepo['/srv/leap_ca_daemon'] ]; + } + +} -- cgit v1.2.3 From 62381f11d920a738db6fa673ea29cf4cddd8ebe0 Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 10 Dec 2012 22:32:16 +0100 Subject: use leap_ca master branch --- puppet/modules/site_ca_daemon/manifests/init.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_ca_daemon/manifests') diff --git a/puppet/modules/site_ca_daemon/manifests/init.pp b/puppet/modules/site_ca_daemon/manifests/init.pp index c749da12..0bbc9030 100644 --- a/puppet/modules/site_ca_daemon/manifests/init.pp +++ b/puppet/modules/site_ca_daemon/manifests/init.pp @@ -36,7 +36,7 @@ class site_ca_daemon { vcsrepo { '/srv/leap_ca_daemon': ensure => present, - revision => 'origin/deploy', + revision => 'origin/master', provider => git, source => 'git://code.leap.se/leap_ca', owner => 'leap_ca_daemon', -- cgit v1.2.3 From c8dda5249aa146239dd681db98da2c273dd07d77 Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 10 Dec 2012 22:54:47 +0100 Subject: updated leap_ca_daemon config file, deploying x509 cert+key --- puppet/modules/site_ca_daemon/manifests/couchdb.pp | 4 ++-- puppet/modules/site_ca_daemon/manifests/init.pp | 16 ++++++++++++++++ 2 files changed, 18 insertions(+), 2 deletions(-) (limited to 'puppet/modules/site_ca_daemon/manifests') diff --git a/puppet/modules/site_ca_daemon/manifests/couchdb.pp b/puppet/modules/site_ca_daemon/manifests/couchdb.pp index b5a1d2d4..f446a05b 100644 --- a/puppet/modules/site_ca_daemon/manifests/couchdb.pp +++ b/puppet/modules/site_ca_daemon/manifests/couchdb.pp @@ -6,8 +6,8 @@ class site_ca_daemon::couchdb { $couchdb_password = $ca['couchdb_user']['password'] file { - '/srv/leap_ca_daemon/config/couchdb.yml': - content => template('site_ca_daemon/couchdb.yml.erb'), + '/etc/leap/leap_ca.yaml': + content => template('site_ca_daemon/leap_ca.yaml.erb'), owner => leap_ca_daemon, group => leap_ca_daemon, mode => '0600'; diff --git a/puppet/modules/site_ca_daemon/manifests/init.pp b/puppet/modules/site_ca_daemon/manifests/init.pp index 0bbc9030..aa9219c1 100644 --- a/puppet/modules/site_ca_daemon/manifests/init.pp +++ b/puppet/modules/site_ca_daemon/manifests/init.pp @@ -3,6 +3,7 @@ class site_ca_daemon { #$definition_files = hiera('definition_files') #$provider = $definition_files['provider'] #$eip_service = $definition_files['eip_service'] + $x509 = hiera('x509') Class[Ruby] -> Class[rubygems] -> Class[bundler::install] @@ -27,6 +28,19 @@ class site_ca_daemon { require => [ Group['leap_ca_daemon'] ]; } + + x509::key { + 'leap_ca_daemon': + content => $x509['cert'], + #notify => Service[apache]; + } + + x509::cert { + 'leap_ca_daemon': + content => $x509['key'], + #notify => Service[apache]; + } + file { '/srv/leap_ca_daemon': ensure => directory, owner => 'leap_ca_daemon', @@ -52,4 +66,6 @@ class site_ca_daemon { require => [ Class['bundler::install'], Vcsrepo['/srv/leap_ca_daemon'] ]; } + + } -- cgit v1.2.3 From 3c52477a6c0cb4d4cc3caee2aea350acc51a5c8a Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 10 Dec 2012 23:16:27 +0100 Subject: also deploy ca_cert --- puppet/modules/site_ca_daemon/manifests/init.pp | 33 ++++++++++++++----------- 1 file changed, 19 insertions(+), 14 deletions(-) (limited to 'puppet/modules/site_ca_daemon/manifests') diff --git a/puppet/modules/site_ca_daemon/manifests/init.pp b/puppet/modules/site_ca_daemon/manifests/init.pp index aa9219c1..db76e0fb 100644 --- a/puppet/modules/site_ca_daemon/manifests/init.pp +++ b/puppet/modules/site_ca_daemon/manifests/init.pp @@ -3,7 +3,7 @@ class site_ca_daemon { #$definition_files = hiera('definition_files') #$provider = $definition_files['provider'] #$eip_service = $definition_files['eip_service'] - $x509 = hiera('x509') + $x509 = hiera('x509') Class[Ruby] -> Class[rubygems] -> Class[bundler::install] @@ -29,17 +29,24 @@ class site_ca_daemon { } - x509::key { - 'leap_ca_daemon': - content => $x509['cert'], - #notify => Service[apache]; - } - - x509::cert { - 'leap_ca_daemon': - content => $x509['key'], - #notify => Service[apache]; - } + x509::key { + 'leap_ca_daemon': + content => $x509['key'], + #notify => Service[apache]; + } + + x509::cert { + 'leap_ca_daemon': + content => $x509['cert'], + #notify => Service[apache]; + } + + x509::ca { + 'leap_ca_daemon': + content => $x509['ca_cert'], + #notify => Service[apache]; + } + file { '/srv/leap_ca_daemon': ensure => directory, @@ -66,6 +73,4 @@ class site_ca_daemon { require => [ Class['bundler::install'], Vcsrepo['/srv/leap_ca_daemon'] ]; } - - } -- cgit v1.2.3 From c32c92e18d98ed936e55d2aff29afebe49d58d7d Mon Sep 17 00:00:00 2001 From: varac Date: Sun, 16 Dec 2012 14:11:18 +0100 Subject: /usr/local/bin/leap_ca_daemon symlink --- puppet/modules/site_ca_daemon/manifests/init.pp | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'puppet/modules/site_ca_daemon/manifests') diff --git a/puppet/modules/site_ca_daemon/manifests/init.pp b/puppet/modules/site_ca_daemon/manifests/init.pp index db76e0fb..34b2c522 100644 --- a/puppet/modules/site_ca_daemon/manifests/init.pp +++ b/puppet/modules/site_ca_daemon/manifests/init.pp @@ -73,4 +73,8 @@ class site_ca_daemon { require => [ Class['bundler::install'], Vcsrepo['/srv/leap_ca_daemon'] ]; } + file { '/usr/local/bin/leap_ca_daemon': + ensure => link, + target => '/srv/leap_ca_daemon/bin/leap_ca', + } } -- cgit v1.2.3 From cded90f839871cf6258d7dc28d3ce81cf7f9cf6c Mon Sep 17 00:00:00 2001 From: elijah Date: Tue, 18 Dec 2012 10:26:57 -0800 Subject: ca daemon -- ca daemon needs the x509 cert/key for the CA, not for the server. --- puppet/modules/site_ca_daemon/manifests/init.pp | 30 +++++++++++++++++-------- 1 file changed, 21 insertions(+), 9 deletions(-) (limited to 'puppet/modules/site_ca_daemon/manifests') diff --git a/puppet/modules/site_ca_daemon/manifests/init.pp b/puppet/modules/site_ca_daemon/manifests/init.pp index 34b2c522..29a70df8 100644 --- a/puppet/modules/site_ca_daemon/manifests/init.pp +++ b/puppet/modules/site_ca_daemon/manifests/init.pp @@ -31,21 +31,33 @@ class site_ca_daemon { x509::key { 'leap_ca_daemon': - content => $x509['key'], - #notify => Service[apache]; + content => $x509['ca_key']; + #notify => Service['leap_ca_daemon']; <== no service yet for leap_ca_daemon } x509::cert { 'leap_ca_daemon': - content => $x509['cert'], - #notify => Service[apache]; + content => $x509['ca_cert']; + #notify => Service['leap_ca_daemon']; <== no service yet for leap_ca_daemon } - x509::ca { - 'leap_ca_daemon': - content => $x509['ca_cert'], - #notify => Service[apache]; - } + # + # Does CA need a server key/cert? I think not now. + # + # x509::key { + # 'server': + # content => $x509['key']; + # } + # + # x509::cert { + # 'server': + # content => $x509['cert']; + # } + + # x509::ca { + # 'leap_ca_daemon': + # content => $x509['ca_cert']; + # } file { '/srv/leap_ca_daemon': -- cgit v1.2.3 From b81891c036f4573a8bc314e11d3be61fbbbd9aff Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 18 Jan 2013 16:37:39 +0100 Subject: create cronjob for leap_ca --- puppet/modules/site_ca_daemon/manifests/init.pp | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) (limited to 'puppet/modules/site_ca_daemon/manifests') diff --git a/puppet/modules/site_ca_daemon/manifests/init.pp b/puppet/modules/site_ca_daemon/manifests/init.pp index 29a70df8..4ec5b00b 100644 --- a/puppet/modules/site_ca_daemon/manifests/init.pp +++ b/puppet/modules/site_ca_daemon/manifests/init.pp @@ -87,6 +87,16 @@ class site_ca_daemon { file { '/usr/local/bin/leap_ca_daemon': ensure => link, - target => '/srv/leap_ca_daemon/bin/leap_ca', + target => '/srv/leap_ca_daemon/bin/leap_ca_daemon', } + + file { '/etc/cron.hourly/leap_ca': + ensure => present, + content => "#/bin/sh\n/srv/leap_ca_daemon/bin/leap_ca_daemon --run-once > /dev/null", + owner => 'root', + group => 0, + mode => '0755', + } + + } -- cgit v1.2.3 From dda36946d405301d9123bb455753650920d0756a Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 31 Jan 2013 11:52:32 +0100 Subject: tag 'service' for all service classes --- puppet/modules/site_ca_daemon/manifests/init.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_ca_daemon/manifests') diff --git a/puppet/modules/site_ca_daemon/manifests/init.pp b/puppet/modules/site_ca_daemon/manifests/init.pp index 4ec5b00b..c00a22c8 100644 --- a/puppet/modules/site_ca_daemon/manifests/init.pp +++ b/puppet/modules/site_ca_daemon/manifests/init.pp @@ -1,5 +1,5 @@ class site_ca_daemon { - + tag 'service' #$definition_files = hiera('definition_files') #$provider = $definition_files['provider'] #$eip_service = $definition_files['eip_service'] -- cgit v1.2.3 From e6fe80f9460b8bc013068e1dda8be6230b8d60a4 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 31 Jan 2013 19:09:19 +0100 Subject: tag 'base' is a bad idea because it invokes apache::base as well --- puppet/modules/site_ca_daemon/manifests/init.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_ca_daemon/manifests') diff --git a/puppet/modules/site_ca_daemon/manifests/init.pp b/puppet/modules/site_ca_daemon/manifests/init.pp index c00a22c8..86e186bb 100644 --- a/puppet/modules/site_ca_daemon/manifests/init.pp +++ b/puppet/modules/site_ca_daemon/manifests/init.pp @@ -1,5 +1,5 @@ class site_ca_daemon { - tag 'service' + tag 'leap_service' #$definition_files = hiera('definition_files') #$provider = $definition_files['provider'] #$eip_service = $definition_files['eip_service'] -- cgit v1.2.3 From 3b32d321b131723bbd830945ef4176d7d37b6e3c Mon Sep 17 00:00:00 2001 From: varac Date: Sun, 3 Feb 2013 17:47:02 +0100 Subject: Increase Exec[bundler_update] timeout Exec[bundler_update] can take a really long time, increasing timeout from 300s (default) to 600s fixes Increase command timeout for Exec[bundler_update] (Feature #1643) --- puppet/modules/site_ca_daemon/manifests/init.pp | 1 + 1 file changed, 1 insertion(+) (limited to 'puppet/modules/site_ca_daemon/manifests') diff --git a/puppet/modules/site_ca_daemon/manifests/init.pp b/puppet/modules/site_ca_daemon/manifests/init.pp index 86e186bb..8ba9c506 100644 --- a/puppet/modules/site_ca_daemon/manifests/init.pp +++ b/puppet/modules/site_ca_daemon/manifests/init.pp @@ -82,6 +82,7 @@ class site_ca_daemon { cwd => '/srv/leap_ca_daemon', command => '/bin/bash -c "/usr/bin/bundle check || /usr/bin/bundle install"', unless => '/usr/bin/bundle check', + timeout => 600, require => [ Class['bundler::install'], Vcsrepo['/srv/leap_ca_daemon'] ]; } -- cgit v1.2.3