From 276b77cdcc0d169b84e046afe8763e2c52ff76fb Mon Sep 17 00:00:00 2001
From: varac <varacanero@zeromail.org>
Date: Mon, 5 Oct 2015 15:22:25 +0200
Subject: [feat] remove tapicero leftovers

Soledad now creates user-dbs, which has been done by tapicero
in the past. we need to remove any leftovers from tapicero.
---
 puppet/modules/site_config/manifests/default.pp    |  7 +-
 puppet/modules/site_config/manifests/remove.pp     |  5 ++
 .../modules/site_config/manifests/remove/files.pp  | 74 ++++++++++++++++++++
 .../site_config/manifests/remove/tapicero.pp       | 57 +++++++++++++++
 .../modules/site_config/manifests/remove_files.pp  | 81 ----------------------
 5 files changed, 141 insertions(+), 83 deletions(-)
 create mode 100644 puppet/modules/site_config/manifests/remove.pp
 create mode 100644 puppet/modules/site_config/manifests/remove/files.pp
 create mode 100644 puppet/modules/site_config/manifests/remove/tapicero.pp
 delete mode 100644 puppet/modules/site_config/manifests/remove_files.pp

(limited to 'puppet/modules/site_config/manifests')

diff --git a/puppet/modules/site_config/manifests/default.pp b/puppet/modules/site_config/manifests/default.pp
index e69e4b7b..6b10dc19 100644
--- a/puppet/modules/site_config/manifests/default.pp
+++ b/puppet/modules/site_config/manifests/default.pp
@@ -1,3 +1,4 @@
+# common things to set up on every node
 class site_config::default {
   tag 'leap_base'
 
@@ -29,7 +30,7 @@ class site_config::default {
   # i.e. openstack/aws nodes, vagrant nodes
 
   # fix dhclient from changing resolver information
-   if $::dhcp_enabled == 'true' {
+  if $::dhcp_enabled == 'true' {
     include site_config::dhclient
   }
 
@@ -58,7 +59,9 @@ class site_config::default {
 
   # set up core leap files and directories
   include site_config::files
-  include site_config::remove_files
+
+  # remove leftovers from previous deploys
+  include site_config::remove
 
   if ! member($services, 'mx') {
     include site_postfix::satellite
diff --git a/puppet/modules/site_config/manifests/remove.pp b/puppet/modules/site_config/manifests/remove.pp
new file mode 100644
index 00000000..00502c0a
--- /dev/null
+++ b/puppet/modules/site_config/manifests/remove.pp
@@ -0,0 +1,5 @@
+# remove leftovers from previous deploys
+class site_config::remove {
+  include site_config::remove::files
+  include site_config::remove::tapicero
+}
diff --git a/puppet/modules/site_config/manifests/remove/files.pp b/puppet/modules/site_config/manifests/remove/files.pp
new file mode 100644
index 00000000..feff7c05
--- /dev/null
+++ b/puppet/modules/site_config/manifests/remove/files.pp
@@ -0,0 +1,74 @@
+#
+# Sometimes when we upgrade the platform, we need to ensure that files that
+# the platform previously created will get removed.
+#
+# These file removals don't need to be kept forever: we only need to remove
+# files that are present in the prior platform release.
+#
+# We can assume that the every node is upgraded from the previous platform
+# release.
+#
+
+class site_config::remove::files {
+
+  #
+  # Platform 0.8 removals
+  #
+
+  tidy {
+    '/etc/apache/sites-enabled/leap_webapp.conf':
+      notify => Service['apache'];
+  }
+
+
+  #
+  # Platform 0.7 removals
+  #
+
+  tidy {
+    '/etc/rsyslog.d/99-tapicero.conf':;
+    '/etc/rsyslog.d/99-leap-mx.conf':;
+    '/etc/rsyslog.d/01-webapp.conf':;
+    '/etc/rsyslog.d/50-stunnel.conf':;
+    '/etc/logrotate.d/mx':;
+    '/etc/logrotate.d/stunnel':;
+    '/var/log/stunnel4/stunnel.log':;
+    'leap_mx':
+      path => '/var/log/',
+      recurse => true,
+      matches => 'leap_mx*';
+    '/srv/leap/webapp/public/provider.json':;
+    '/srv/leap/couchdb/designs/tmp_users':
+      recurse => true,
+      rmdirs => true;
+    '/etc/leap/soledad-server.conf':;
+  }
+
+  # leax-mx logged to /var/log/leap_mx.log in the past
+  # we need to use a dumb exec here because file_line doesn't
+  # allow removing lines that match a regex in the current version
+  # of stdlib, see https://tickets.puppetlabs.com/browse/MODULES-1903
+  exec { 'rm_old_leap_mx_log_destination':
+      command => "/bin/sed -i '/leap_mx.log/d' /etc/check_mk/logwatch.state",
+      onlyif  => "/bin/grep -qe 'leap_mx.log' /etc/check_mk/logwatch.state"
+  }
+
+  # Don't use check_mk logwatch to watch bigcouch logs anymore
+  # see https://leap.se/code/issues/7375 for more details
+  file { '/etc/check_mk/logwatch.d/bigcouch.cfg':
+    ensure => absent,
+    notify => [
+      Exec['remove_bigcouch_logwatch_spoolfiles'],
+      Exec['remove_bigcouch_logwatch_stateline']
+    ]
+  }
+  # remove leftover bigcouch logwatch spool files
+  exec { 'remove_bigcouch_logwatch_spoolfiles':
+    command     => 'find /var/lib/check_mk/logwatch -name \'\\opt\\bigcouch\\var\\log\\bigcouch.log\' -exec rm {} \;',
+    refreshonly => true,
+  }
+  exec { 'remove_bigcouch_logwatch_stateline':
+    command     => "sed -i '/bigcouch.log/d' /etc/check_mk/logwatch.state",
+    refreshonly => true,
+  }
+}
diff --git a/puppet/modules/site_config/manifests/remove/tapicero.pp b/puppet/modules/site_config/manifests/remove/tapicero.pp
new file mode 100644
index 00000000..765f7428
--- /dev/null
+++ b/puppet/modules/site_config/manifests/remove/tapicero.pp
@@ -0,0 +1,57 @@
+# remove tapicero leftovers from previous deploys
+class site_config::remove::tapicero {
+
+  exec { 'kill_tapicero':
+    onlyif  => '/usr/bin/test -s /var/run/tapicero.pid',
+    command => '/usr/bin/pkill --pidfile /var/run/tapicero.pid'
+  }
+
+  user { 'tapicero':
+    ensure  => absent;
+  }
+
+  group { 'tapicero':
+    ensure => absent,
+    require => User['tapicero'];
+  }
+
+  tidy {
+    '/srv/leap/tapicero':
+      recurse => true,
+      require   => [ Exec['kill_tapicero'] ];
+    '/var/lib/leap/tapicero':
+      require   => [ Exec['kill_tapicero'] ];
+    '/var/run/tapicero':
+      require   => [ Exec['kill_tapicero'] ];
+    '/etc/leap/tapicero.yaml':
+      require   => [ Exec['kill_tapicero'] ];
+    '/etc/init.d/tapicero':
+      require   => [ Exec['kill_tapicero'] ];
+    'tapicero_logs':
+      path    => '/var/log/leap',
+      recurse => true,
+      matches => 'tapicero*',
+      require   => [ Exec['kill_tapicero'] ];
+    '/etc/check_mk/logwatch.d/tapicero.cfg':;
+    'checkmk_logwatch_spool':
+      path    => '/var/lib/check_mk/logwatch',
+      recurse => true,
+      matches => '*tapicero.log',
+      require   => [ Exec['kill_tapicero'] ];
+  }
+
+  # remove local nagios plugin checks via mrpe
+  augeas {
+    'Tapicero_Procs':
+      incl    => '/etc/check_mk/mrpe.cfg',
+      lens    => 'Spacevars.lns',
+      changes => 'rm /files/etc/check_mk/mrpe.cfg/Tapicero_Procs',
+      require => File['/etc/check_mk/mrpe.cfg'];
+    'Tapicero_Heartbeat':
+      incl    => '/etc/check_mk/mrpe.cfg',
+      lens    => 'Spacevars.lns',
+      changes => 'rm Tapicero_Heartbeat',
+      require => File['/etc/check_mk/mrpe.cfg'];
+  }
+
+}
diff --git a/puppet/modules/site_config/manifests/remove_files.pp b/puppet/modules/site_config/manifests/remove_files.pp
deleted file mode 100644
index 07487d6a..00000000
--- a/puppet/modules/site_config/manifests/remove_files.pp
+++ /dev/null
@@ -1,81 +0,0 @@
-#
-# Sometimes when we upgrade the platform, we need to ensure that files that
-# the platform previously created will get removed.
-#
-# These file removals don't need to be kept forever: we only need to remove
-# files that are present in the prior platform release.
-#
-# We can assume that the every node is upgraded from the previous platform
-# release.
-#
-
-class site_config::remove_files {
-
-  #
-  # Platform 0.8 removals
-  #
-
-  tidy {
-    '/etc/apache/sites-enabled/leap_webapp.conf':
-      notify => Service['apache'];
-  }
-
-
-  #
-  # Platform 0.7 removals
-  #
-
-  tidy {
-    '/etc/rsyslog.d/99-tapicero.conf':;
-    '/etc/rsyslog.d/99-leap-mx.conf':;
-    '/etc/rsyslog.d/01-webapp.conf':;
-    '/etc/rsyslog.d/50-stunnel.conf':;
-    '/etc/logrotate.d/mx':;
-    '/etc/logrotate.d/stunnel':;
-    '/var/log/stunnel4/stunnel.log':;
-    'leap_mx':
-      path => '/var/log/',
-      recurse => true,
-      matches => 'leap_mx*';
-    '/srv/leap/webapp/public/provider.json':;
-    '/srv/leap/couchdb/designs/tmp_users':
-      recurse => true,
-      rmdirs => true;
-    '/etc/leap/soledad-server.conf':;
-  }
-
-  if member($::services, 'webapp') {
-    tidy {
-      '/etc/apache/sites-enabled/leap_webapp.conf':
-        notify => Service['apache'];
-    }
-  }
-
-  # leax-mx logged to /var/log/leap_mx.log in the past
-  # we need to use a dumb exec here because file_line doesn't
-  # allow removing lines that match a regex in the current version
-  # of stdlib, see https://tickets.puppetlabs.com/browse/MODULES-1903
-  exec { 'rm_old_leap_mx_log_destination':
-      command => "/bin/sed -i '/leap_mx.log/d' /etc/check_mk/logwatch.state",
-      onlyif  => "/bin/grep -qe 'leap_mx.log' /etc/check_mk/logwatch.state"
-  }
-
-  # Don't use check_mk logwatch to watch bigcouch logs anymore
-  # see https://leap.se/code/issues/7375 for more details
-  file { '/etc/check_mk/logwatch.d/bigcouch.cfg':
-    ensure => absent,
-    notify => [
-      Exec['remove_bigcouch_logwatch_spoolfiles'],
-      Exec['remove_bigcouch_logwatch_stateline']
-    ]
-  }
-  # remove leftover bigcouch logwatch spool files
-  exec { 'remove_bigcouch_logwatch_spoolfiles':
-    command     => 'find /var/lib/check_mk/logwatch -name \'\\opt\\bigcouch\\var\\log\\bigcouch.log\' -exec rm {} \;',
-    refreshonly => true,
-  }
-  exec { 'remove_bigcouch_logwatch_stateline':
-    command     => "sed -i '/bigcouch.log/d' /etc/check_mk/logwatch.state",
-    refreshonly => true,
-  }
-}
-- 
cgit v1.2.3