From cdb7b1805ea20b89c2c9aa9a71700b1be02cd707 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Mon, 15 Jul 2013 10:26:54 +0100 Subject: lint nickserver class Change-Id: I03cdb5a6255d245cb1163a30b221b4c32dc4bef6 --- puppet/modules/site_nickserver/manifests/init.pp | 41 ++++++++++++++++-------- 1 file changed, 27 insertions(+), 14 deletions(-) (limited to 'puppet/modules/site_nickserver') diff --git a/puppet/modules/site_nickserver/manifests/init.pp b/puppet/modules/site_nickserver/manifests/init.pp index 7dfa2603..a3368771 100644 --- a/puppet/modules/site_nickserver/manifests/init.pp +++ b/puppet/modules/site_nickserver/manifests/init.pp @@ -1,10 +1,12 @@ # -# TODO: currently, this is dependent on some things that are set up in site_webapp +# TODO: currently, this is dependent on some things that are set up in +# site_webapp # # (1) HAProxy -> couchdb # (2) Apache # -# It would be good in the future to make nickserver installable independently of site_webapp. +# It would be good in the future to make nickserver installable independently of +# site_webapp. # class site_nickserver { @@ -16,14 +18,18 @@ class site_nickserver { # $nickserver = hiera('nickserver') - $nickserver_port = $nickserver['port'] # the port that public connects to (should be 6425) - $nickserver_local_port = '64250' # the port that nickserver is actually running on + # the port that public connects to (should be 6425) + $nickserver_port = $nickserver['port'] + # the port that nickserver is actually running on + $nickserver_local_port = '64250' $nickserver_domain = $nickserver['domain'] $couchdb_user = $nickserver['couchdb_user']['username'] $couchdb_password = $nickserver['couchdb_user']['password'] - $couchdb_host = 'localhost' # couchdb is available on localhost via haproxy, which is bound to 4096. - $couchdb_port = '4096' # See site_webapp/templates/haproxy_couchdb.cfg.erg + # couchdb is available on localhost via haproxy, which is bound to 4096. + $couchdb_host = 'localhost' + # See site_webapp/templates/haproxy_couchdb.cfg.erg + $couchdb_port = '4096' # temporarily for now: $domain = hiera('domain') @@ -41,6 +47,7 @@ class site_nickserver { ensure => present, allowdupe => false; } + user { 'nickserver': ensure => present, allowdupe => false, @@ -50,14 +57,14 @@ class site_nickserver { } # - # NICKSERVER CODE - # NOTE: in order to support TLS, libssl-dev must be installed before EventMachine gem - # is built/installed. + # NICKSERVER CODE NOTE: in order to support TLS, libssl-dev must be installed + # before EventMachine gem is built/installed. # package { 'libssl-dev': ensure => installed; } + vcsrepo { '/srv/leap/nickserver': ensure => present, revision => 'origin/master', @@ -68,13 +75,15 @@ class site_nickserver { require => [ User['nickserver'], Group['nickserver'] ], notify => Exec['nickserver_bundler_update']; } + exec { 'nickserver_bundler_update': cwd => '/srv/leap/nickserver', command => '/bin/bash -c "/usr/bin/bundle check || /usr/bin/bundle install --path vendor/bundle"', unless => '/usr/bin/bundle check', user => 'nickserver', timeout => 600, - require => [ Class['bundler::install'], Vcsrepo['/srv/leap/nickserver'], Package['libssl-dev'] ], + require => [ Class['bundler::install'], Vcsrepo['/srv/leap/nickserver'], + Package['libssl-dev'] ], notify => Service['nickserver']; } @@ -99,8 +108,11 @@ class site_nickserver { ensure => link, target => '/srv/leap/nickserver/bin/nickserver', require => Vcsrepo['/srv/leap/nickserver']; + '/etc/init.d/nickserver': - owner => root, group => 0, mode => '0755', + owner => root, + group => 0, + mode => '0755', source => '/srv/leap/nickserver/dist/debian-init-script', require => Vcsrepo['/srv/leap/nickserver']; } @@ -119,7 +131,7 @@ class site_nickserver { # file { '/etc/shorewall/macro.nickserver': - content => "PARAM - - tcp $nickserver_port", + content => "PARAM - - tcp ${nickserver_port}", notify => Service['shorewall'], require => Package['shorewall']; } @@ -142,7 +154,8 @@ class site_nickserver { } apache::vhost::file { - 'nickserver': content => template('site_nickserver/nickserver-proxy.conf.erb') + 'nickserver': + content => template('site_nickserver/nickserver-proxy.conf.erb') } x509::key { 'nickserver': @@ -159,4 +172,4 @@ class site_nickserver { content => $x509_ca, notify => Service[apache]; } -} \ No newline at end of file +} -- cgit v1.2.3 From 1f66ee794114d6a7096e15d0b044c17cb6d22a91 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Thu, 29 Aug 2013 15:10:55 -0400 Subject: change the name of the couch_database in the nickserver.yaml to the new one Change-Id: I5fe6912f3774ae87c595ca1dcac60a61e24de9e5 --- puppet/modules/site_nickserver/templates/nickserver.yml.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_nickserver') diff --git a/puppet/modules/site_nickserver/templates/nickserver.yml.erb b/puppet/modules/site_nickserver/templates/nickserver.yml.erb index 7aab5605..e717cbaa 100644 --- a/puppet/modules/site_nickserver/templates/nickserver.yml.erb +++ b/puppet/modules/site_nickserver/templates/nickserver.yml.erb @@ -6,7 +6,7 @@ domain: "<%= @address_domain %>" couch_host: "<%= @couchdb_host %>" couch_port: <%= @couchdb_port %> -couch_database: "users" +couch_database: "identities" couch_user: "<%= @couchdb_user %>" couch_password: "<%= @couchdb_password %>" -- cgit v1.2.3 From c8488a381071aba3ebe88f8b84185d7b6ad8a625 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Wed, 4 Sep 2013 20:14:26 -0400 Subject: change git repository clone URIs from git:// to https:// (#3732) Change-Id: Ic700fec9cfb8e8474fb65dbdd4a1a537bf586ec9 --- puppet/modules/site_nickserver/manifests/init.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_nickserver') diff --git a/puppet/modules/site_nickserver/manifests/init.pp b/puppet/modules/site_nickserver/manifests/init.pp index a3368771..153355f1 100644 --- a/puppet/modules/site_nickserver/manifests/init.pp +++ b/puppet/modules/site_nickserver/manifests/init.pp @@ -69,7 +69,7 @@ class site_nickserver { ensure => present, revision => 'origin/master', provider => git, - source => 'git://code.leap.se/nickserver', + source => 'https://leap.se/git/nickserver', owner => 'nickserver', group => 'nickserver', require => [ User['nickserver'], Group['nickserver'] ], -- cgit v1.2.3 From 3388336b57cc59617b6dc8380beeeacfdb2fb5b3 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Wed, 18 Sep 2013 12:05:10 -0400 Subject: Setup a class dependency for every tag 'leap_service' to make sure that shorewall is setup before the service is setup. This is necessary due to the strict initial firewall that stops various service setup operations from happening, but is relaxed once shorewall is setup properly (#3782) Change-Id: Ia9640c4118aa0053cdb99e7bc11860fed5527501 --- puppet/modules/site_nickserver/manifests/init.pp | 2 ++ 1 file changed, 2 insertions(+) (limited to 'puppet/modules/site_nickserver') diff --git a/puppet/modules/site_nickserver/manifests/init.pp b/puppet/modules/site_nickserver/manifests/init.pp index 153355f1..45503d8a 100644 --- a/puppet/modules/site_nickserver/manifests/init.pp +++ b/puppet/modules/site_nickserver/manifests/init.pp @@ -11,6 +11,8 @@ class site_nickserver { tag 'leap_service' + Class['site_config::default'] -> Class['site_nickserver'] + include site_config::ruby # -- cgit v1.2.3 From 1ce6cb5a30c5ee73d6474ac9c1bbd4c7819d9a73 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 19 Sep 2013 12:19:00 +0200 Subject: only deploy x509 stuff for nodes if it existes in hiera (Feature #3875) --- puppet/modules/site_nickserver/manifests/init.pp | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'puppet/modules/site_nickserver') diff --git a/puppet/modules/site_nickserver/manifests/init.pp b/puppet/modules/site_nickserver/manifests/init.pp index 45503d8a..84b07e77 100644 --- a/puppet/modules/site_nickserver/manifests/init.pp +++ b/puppet/modules/site_nickserver/manifests/init.pp @@ -36,6 +36,11 @@ class site_nickserver { # temporarily for now: $domain = hiera('domain') $address_domain = $domain['full_suffix'] + + + include site_config::x509::cert_key + include site_config::x509::ca + $x509 = hiera('x509') $x509_key = $x509['key'] $x509_cert = $x509['cert'] -- cgit v1.2.3 From 43a5b322d99effa411c9fddf5f849da70a7768e8 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 19 Sep 2013 13:45:03 +0200 Subject: tidy nickserver x509 definitions (#3842) --- puppet/modules/site_nickserver/manifests/init.pp | 24 ++++------------------ .../templates/nickserver-proxy.conf.erb | 6 +++--- 2 files changed, 7 insertions(+), 23 deletions(-) (limited to 'puppet/modules/site_nickserver') diff --git a/puppet/modules/site_nickserver/manifests/init.pp b/puppet/modules/site_nickserver/manifests/init.pp index 84b07e77..a12ed3a2 100644 --- a/puppet/modules/site_nickserver/manifests/init.pp +++ b/puppet/modules/site_nickserver/manifests/init.pp @@ -41,11 +41,6 @@ class site_nickserver { include site_config::x509::cert_key include site_config::x509::ca - $x509 = hiera('x509') - $x509_key = $x509['key'] - $x509_cert = $x509['cert'] - $x509_ca = $x509['ca_cert'] - # # USER AND GROUP # @@ -129,7 +124,10 @@ class site_nickserver { enable => true, hasrestart => true, hasstatus => true, - require => File['/etc/init.d/nickserver']; + require => [ + File['/etc/init.d/nickserver'], + Class['Site_config::X509::Cert_key'], + Class['Site_config::X509::Ca'] ]; } # @@ -165,18 +163,4 @@ class site_nickserver { content => template('site_nickserver/nickserver-proxy.conf.erb') } - x509::key { 'nickserver': - content => $x509_key, - notify => Service[apache]; - } - - x509::cert { 'nickserver': - content => $x509_cert, - notify => Service[apache]; - } - - x509::ca { 'nickserver': - content => $x509_ca, - notify => Service[apache]; - } } diff --git a/puppet/modules/site_nickserver/templates/nickserver-proxy.conf.erb b/puppet/modules/site_nickserver/templates/nickserver-proxy.conf.erb index 67896cd3..478ae7f1 100644 --- a/puppet/modules/site_nickserver/templates/nickserver-proxy.conf.erb +++ b/puppet/modules/site_nickserver/templates/nickserver-proxy.conf.erb @@ -14,9 +14,9 @@ Listen 0.0.0.0:<%= @nickserver_port -%> SSLHonorCipherOrder on SSLCACertificatePath /etc/ssl/certs - SSLCertificateChainFile /etc/ssl/certs/nickserver.pem - SSLCertificateKeyFile /etc/x509/keys/nickserver.key - SSLCertificateFile /etc/x509/certs/nickserver.crt + SSLCertificateChainFile <%= scope.lookupvar('x509::variables::local_CAs') %>/<%= scope.lookupvar('site_config::params::ca_name') %>.crt + SSLCertificateKeyFile <%= scope.lookupvar('x509::variables::keys') %>/<%= scope.lookupvar('site_config::params::cert_name') %>.key + SSLCertificateFile <%= scope.lookupvar('x509::variables::certs') %>/<%= scope.lookupvar('site_config::params::cert_name') %>.crt ProxyPass / http://localhost:<%= @nickserver_local_port %>/ ProxyPreserveHost On # preserve Host header in HTTP request -- cgit v1.2.3 From 486a9cd3b7bd8d643a9623fd40db2286cdf52fc8 Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 20 Sep 2013 18:58:13 +0200 Subject: fix whitespace issues from https://review.leap.se/r/82 --- puppet/modules/site_nickserver/templates/nickserver-proxy.conf.erb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'puppet/modules/site_nickserver') diff --git a/puppet/modules/site_nickserver/templates/nickserver-proxy.conf.erb b/puppet/modules/site_nickserver/templates/nickserver-proxy.conf.erb index 478ae7f1..ae06410e 100644 --- a/puppet/modules/site_nickserver/templates/nickserver-proxy.conf.erb +++ b/puppet/modules/site_nickserver/templates/nickserver-proxy.conf.erb @@ -15,8 +15,8 @@ Listen 0.0.0.0:<%= @nickserver_port -%> SSLCACertificatePath /etc/ssl/certs SSLCertificateChainFile <%= scope.lookupvar('x509::variables::local_CAs') %>/<%= scope.lookupvar('site_config::params::ca_name') %>.crt - SSLCertificateKeyFile <%= scope.lookupvar('x509::variables::keys') %>/<%= scope.lookupvar('site_config::params::cert_name') %>.key - SSLCertificateFile <%= scope.lookupvar('x509::variables::certs') %>/<%= scope.lookupvar('site_config::params::cert_name') %>.crt + SSLCertificateKeyFile <%= scope.lookupvar('x509::variables::keys') %>/<%= scope.lookupvar('site_config::params::cert_name') %>.key + SSLCertificateFile <%= scope.lookupvar('x509::variables::certs') %>/<%= scope.lookupvar('site_config::params::cert_name') %>.crt ProxyPass / http://localhost:<%= @nickserver_local_port %>/ ProxyPreserveHost On # preserve Host header in HTTP request -- cgit v1.2.3 From ffa4504f81c0abecc62b068951ec147741028128 Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 24 Sep 2013 09:09:30 +0200 Subject: seperate cert and key deployment (#3918) --- puppet/modules/site_nickserver/manifests/init.pp | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'puppet/modules/site_nickserver') diff --git a/puppet/modules/site_nickserver/manifests/init.pp b/puppet/modules/site_nickserver/manifests/init.pp index a12ed3a2..bf0511d5 100644 --- a/puppet/modules/site_nickserver/manifests/init.pp +++ b/puppet/modules/site_nickserver/manifests/init.pp @@ -38,7 +38,8 @@ class site_nickserver { $address_domain = $domain['full_suffix'] - include site_config::x509::cert_key + include site_config::x509::cert + include site_config::x509::key include site_config::x509::ca # @@ -126,7 +127,8 @@ class site_nickserver { hasstatus => true, require => [ File['/etc/init.d/nickserver'], - Class['Site_config::X509::Cert_key'], + Class['Site_config::X509::Key'], + Class['Site_config::X509::Cert'], Class['Site_config::X509::Ca'] ]; } -- cgit v1.2.3 From 23304bbc281ef25b9ad2a607631aaa728e9c7b29 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 10 Oct 2013 15:32:26 +0200 Subject: install ruby-dev for nickserver/webapp (#4079 + #4080) --- puppet/modules/site_nickserver/manifests/init.pp | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'puppet/modules/site_nickserver') diff --git a/puppet/modules/site_nickserver/manifests/init.pp b/puppet/modules/site_nickserver/manifests/init.pp index bf0511d5..59613f7b 100644 --- a/puppet/modules/site_nickserver/manifests/init.pp +++ b/puppet/modules/site_nickserver/manifests/init.pp @@ -13,7 +13,7 @@ class site_nickserver { tag 'leap_service' Class['site_config::default'] -> Class['site_nickserver'] - include site_config::ruby + include site_config::ruby::dev # # VARIABLES @@ -65,7 +65,7 @@ class site_nickserver { # package { - 'libssl-dev': ensure => installed; + [ 'libssl-dev' ]: ensure => installed; } vcsrepo { '/srv/leap/nickserver': @@ -85,8 +85,9 @@ class site_nickserver { unless => '/usr/bin/bundle check', user => 'nickserver', timeout => 600, - require => [ Class['bundler::install'], Vcsrepo['/srv/leap/nickserver'], - Package['libssl-dev'] ], + require => [ + Class['bundler::install'], Vcsrepo['/srv/leap/nickserver'], + Package['libssl-dev'], Package['ruby-dev'] ], notify => Service['nickserver']; } -- cgit v1.2.3 From da6cb0546f91444d8c4e059eaa99f17fafe9c5a2 Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 11 Oct 2013 18:02:59 +0200 Subject: fixed issues from https://review.leap.se/r/98/ --- puppet/modules/site_nickserver/manifests/init.pp | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'puppet/modules/site_nickserver') diff --git a/puppet/modules/site_nickserver/manifests/init.pp b/puppet/modules/site_nickserver/manifests/init.pp index 59613f7b..81482a55 100644 --- a/puppet/modules/site_nickserver/manifests/init.pp +++ b/puppet/modules/site_nickserver/manifests/init.pp @@ -64,9 +64,7 @@ class site_nickserver { # before EventMachine gem is built/installed. # - package { - [ 'libssl-dev' ]: ensure => installed; - } + package { 'libssl-dev': ensure => installed } vcsrepo { '/srv/leap/nickserver': ensure => present, @@ -87,7 +85,8 @@ class site_nickserver { timeout => 600, require => [ Class['bundler::install'], Vcsrepo['/srv/leap/nickserver'], - Package['libssl-dev'], Package['ruby-dev'] ], + Package['libssl-dev'], Class['site_config::ruby::dev'] ], + notify => Service['nickserver']; } -- cgit v1.2.3 From bba78a580f7c859d3d0d726e291ad628d7e835d3 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Thu, 28 Nov 2013 10:31:49 -0500 Subject: remove admin access from nickserver Change-Id: If7fff4c2b839cef5807ee8cee1355aea4dc719a8 --- puppet/modules/site_nickserver/manifests/init.pp | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'puppet/modules/site_nickserver') diff --git a/puppet/modules/site_nickserver/manifests/init.pp b/puppet/modules/site_nickserver/manifests/init.pp index 81482a55..bedef74d 100644 --- a/puppet/modules/site_nickserver/manifests/init.pp +++ b/puppet/modules/site_nickserver/manifests/init.pp @@ -20,14 +20,18 @@ class site_nickserver { # $nickserver = hiera('nickserver') + $nickserver_domain = $nickserver['domain'] + + $couchdb = hiera('couch') + $couchdb_users = $couchdb['users'] + $couchdb_user = $couchdb_users['nickserver']['username'] + $couchdb_password = $couchdb_users['nickserver']['password'] + # the port that public connects to (should be 6425) $nickserver_port = $nickserver['port'] # the port that nickserver is actually running on $nickserver_local_port = '64250' - $nickserver_domain = $nickserver['domain'] - $couchdb_user = $nickserver['couchdb_user']['username'] - $couchdb_password = $nickserver['couchdb_user']['password'] # couchdb is available on localhost via haproxy, which is bound to 4096. $couchdb_host = 'localhost' # See site_webapp/templates/haproxy_couchdb.cfg.erg -- cgit v1.2.3 From a241d230f01ac2c89405f4ef12f5d27bdedf1543 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Thu, 28 Nov 2013 11:52:16 -0500 Subject: remove nickserver admin user, and fix nickserver couchdb hiera variables Change-Id: I5bdb6b946becdc95cadc92651c06e66b826e2698 --- puppet/modules/site_nickserver/manifests/init.pp | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) (limited to 'puppet/modules/site_nickserver') diff --git a/puppet/modules/site_nickserver/manifests/init.pp b/puppet/modules/site_nickserver/manifests/init.pp index bedef74d..e1b911c1 100644 --- a/puppet/modules/site_nickserver/manifests/init.pp +++ b/puppet/modules/site_nickserver/manifests/init.pp @@ -21,11 +21,8 @@ class site_nickserver { $nickserver = hiera('nickserver') $nickserver_domain = $nickserver['domain'] - - $couchdb = hiera('couch') - $couchdb_users = $couchdb['users'] - $couchdb_user = $couchdb_users['nickserver']['username'] - $couchdb_password = $couchdb_users['nickserver']['password'] + $couchdb_user = $nickserver['couchdb_nickserver_user']['username'] + $couchdb_password = $nickserver['couchdb_nickserver_user']['password'] # the port that public connects to (should be 6425) $nickserver_port = $nickserver['port'] -- cgit v1.2.3 From bf385beb22b7a17899604c21b764d84de55b23a8 Mon Sep 17 00:00:00 2001 From: elijah Date: Tue, 24 Dec 2013 00:53:14 -0800 Subject: move nickserver config to /etc/nickserver.yml (fixes #4843) --- puppet/modules/site_nickserver/manifests/init.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_nickserver') diff --git a/puppet/modules/site_nickserver/manifests/init.pp b/puppet/modules/site_nickserver/manifests/init.pp index e1b911c1..eaf90d55 100644 --- a/puppet/modules/site_nickserver/manifests/init.pp +++ b/puppet/modules/site_nickserver/manifests/init.pp @@ -95,7 +95,7 @@ class site_nickserver { # NICKSERVER CONFIG # - file { '/etc/leap/nickserver.yml': + file { '/etc/nickserver.yml': content => template('site_nickserver/nickserver.yml.erb'), owner => nickserver, group => nickserver, -- cgit v1.2.3