From 8b69bebad7fe00886705f0402d542c1f11fba7b0 Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 27 Jun 2016 13:32:21 +0200 Subject: Lint and Document site_webapp::hidden_service --- puppet/modules/site_webapp/manifests/hidden_service.pp | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'puppet/modules/site_webapp/manifests') diff --git a/puppet/modules/site_webapp/manifests/hidden_service.pp b/puppet/modules/site_webapp/manifests/hidden_service.pp index 72a2ce95..da2a5607 100644 --- a/puppet/modules/site_webapp/manifests/hidden_service.pp +++ b/puppet/modules/site_webapp/manifests/hidden_service.pp @@ -1,3 +1,4 @@ +# Configure tor hidden service for webapp class site_webapp::hidden_service { $tor = hiera('tor') $hidden_service = $tor['hidden_service'] @@ -8,7 +9,7 @@ class site_webapp::hidden_service { include apache::module::alias include apache::module::expires include apache::module::removeip - + include tor::daemon tor::daemon::hidden_service { 'webapp': ports => [ '80 127.0.0.1:80'] } @@ -40,7 +41,7 @@ class site_webapp::hidden_service { apache::module { 'status': ensure => present, conf_content => ' ' } # the access_compat module is required to enable Allow directives apache::module { 'access_compat': ensure => present } - + apache::vhost::file { 'hidden_service': content => template('site_apache/vhosts.d/hidden_service.conf.erb'); -- cgit v1.2.3 From 9f2a4f859f42895969d96c25ac9941ff95a28d1f Mon Sep 17 00:00:00 2001 From: Micah Date: Thu, 23 Jun 2016 11:36:00 -0400 Subject: Reload tor if config or key is changed (#8210). Change-Id: I3d733b6645c804a5fb337ad4b8edc59a66ad50b5 --- puppet/modules/site_webapp/manifests/hidden_service.pp | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'puppet/modules/site_webapp/manifests') diff --git a/puppet/modules/site_webapp/manifests/hidden_service.pp b/puppet/modules/site_webapp/manifests/hidden_service.pp index da2a5607..ffc9888d 100644 --- a/puppet/modules/site_webapp/manifests/hidden_service.pp +++ b/puppet/modules/site_webapp/manifests/hidden_service.pp @@ -25,14 +25,16 @@ class site_webapp::hidden_service { source => "/srv/leap/files/nodes/${::hostname}/tor.key", owner => 'debian-tor', group => 'debian-tor', - mode => '0600'; + mode => '0600', + notify => Service['tor']; '/var/lib/tor/webapp/hostname': ensure => present, content => $tor_domain, owner => 'debian-tor', group => 'debian-tor', - mode => '0600'; + mode => '0600', + notify => Service['tor']; } # it is necessary to zero out the config of the status module -- cgit v1.2.3 From 4cf9b7d34fce1c37d3b4bb16e62f078df642263b Mon Sep 17 00:00:00 2001 From: Micah Date: Thu, 23 Jun 2016 12:05:29 -0400 Subject: Stop tor from restarting on every deploy (#8211). We were creating the hidden service name without a newline, and then tor would be restarted and change the hidden service hostname file to have a newline, which would then require that the next deploy would change that file to not have a newline again. This fixes that problem by making the hostname have a newline so it matches what tor wants. Change-Id: I38f450684d557cf943ec94f2f8e19cda3aefdf66 --- puppet/modules/site_webapp/manifests/hidden_service.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_webapp/manifests') diff --git a/puppet/modules/site_webapp/manifests/hidden_service.pp b/puppet/modules/site_webapp/manifests/hidden_service.pp index ffc9888d..d2662b65 100644 --- a/puppet/modules/site_webapp/manifests/hidden_service.pp +++ b/puppet/modules/site_webapp/manifests/hidden_service.pp @@ -30,7 +30,7 @@ class site_webapp::hidden_service { '/var/lib/tor/webapp/hostname': ensure => present, - content => $tor_domain, + content => "${tor_domain}\n", owner => 'debian-tor', group => 'debian-tor', mode => '0600', -- cgit v1.2.3 From 50d30b2aa77efc304f0cc5e4f6f561a8e770986b Mon Sep 17 00:00:00 2001 From: varac Date: Sat, 11 Jun 2016 22:58:26 +0200 Subject: Newest passenger module dont manage munin by default --- puppet/modules/site_webapp/manifests/apache.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_webapp/manifests') diff --git a/puppet/modules/site_webapp/manifests/apache.pp b/puppet/modules/site_webapp/manifests/apache.pp index 80c7b29b..e559217d 100644 --- a/puppet/modules/site_webapp/manifests/apache.pp +++ b/puppet/modules/site_webapp/manifests/apache.pp @@ -18,7 +18,7 @@ class site_webapp::apache { include apache::module::removeip include site_webapp::common_vhost - class { 'passenger': use_munin => false } + class { 'passenger': } apache::vhost::file { 'api': -- cgit v1.2.3 From dadac49e55f19e7ac814ae798dcfb87fddbef0ba Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 29 Aug 2016 18:31:42 +0200 Subject: [feat] Use twisted 16.2 from jessie-backports New soledad packages now depend on Twisted 16.2.0 (see https://leap.se/code/issues/8412), so we need to pin twisted to get installed from jessie-backports. - Resolves: #8418 --- puppet/modules/site_webapp/manifests/init.pp | 35 ++++++++++++++-------------- 1 file changed, 18 insertions(+), 17 deletions(-) (limited to 'puppet/modules/site_webapp/manifests') diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index 15925aba..cdad206a 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -16,21 +16,22 @@ class site_webapp { Class['site_config::default'] -> Class['site_webapp'] - include site_config::ruby::dev - include site_webapp::apache - include site_webapp::couchdb - include site_haproxy - include site_webapp::cron - include site_config::default - include site_config::x509::cert - include site_config::x509::key - include site_config::x509::ca - include site_config::x509::client_ca::ca - include site_config::x509::client_ca::key - include site_nickserver + include ::site_config::ruby::dev + include ::site_webapp::apache + include ::site_webapp::couchdb + include ::site_haproxy + include ::site_webapp::cron + include ::site_config::default + include ::site_config::x509::cert + include ::site_config::x509::key + include ::site_config::x509::ca + include ::site_config::x509::client_ca::ca + include ::site_config::x509::client_ca::key + include ::site_nickserver + include ::site_apt::preferences::twisted # remove leftovers from previous installations on webapp nodes - include site_config::remove::webapp + include ::site_config::remove::webapp group { 'leap-webapp': ensure => present, @@ -163,17 +164,17 @@ class site_webapp { if $tor { $hidden_service = $tor['hidden_service'] if $hidden_service['active'] { - include site_webapp::hidden_service + include ::site_webapp::hidden_service } } # needed for the soledad-sync check which is run on the # webapp node - include soledad::client + include ::soledad::client leap::logfile { 'webapp': } - include site_shorewall::webapp - include site_check_mk::agent::webapp + include ::site_shorewall::webapp + include ::site_check_mk::agent::webapp } -- cgit v1.2.3 From d3bde1463bd31121a0015a93ad29f4db69fd77c7 Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 29 Aug 2016 18:35:31 +0200 Subject: lint site_webapp/manifests/init.pp --- puppet/modules/site_webapp/manifests/init.pp | 36 +++++++++++++++++++--------- 1 file changed, 25 insertions(+), 11 deletions(-) (limited to 'puppet/modules/site_webapp/manifests') diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index cdad206a..83cf99a9 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -92,12 +92,16 @@ class site_webapp { '/srv/leap/webapp/config/provider': ensure => directory, require => Vcsrepo['/srv/leap/webapp'], - owner => leap-webapp, group => leap-webapp, mode => '0755'; + owner => 'leap-webapp', + group => 'leap-webapp', + mode => '0755'; '/srv/leap/webapp/config/provider/provider.json': content => $provider, require => Vcsrepo['/srv/leap/webapp'], - owner => leap-webapp, group => leap-webapp, mode => '0644'; + owner => 'leap-webapp', + group => 'leap-webapp', + mode => '0644'; '/srv/leap/webapp/public/ca.crt': ensure => link, @@ -107,27 +111,37 @@ class site_webapp { "/srv/leap/webapp/public/${api_version}": ensure => directory, require => Vcsrepo['/srv/leap/webapp'], - owner => leap-webapp, group => leap-webapp, mode => '0755'; + owner => 'leap-webapp', + group => 'leap-webapp', + mode => '0755'; "/srv/leap/webapp/public/${api_version}/config/": ensure => directory, require => Vcsrepo['/srv/leap/webapp'], - owner => leap-webapp, group => leap-webapp, mode => '0755'; + owner => 'leap-webapp', + group => 'leap-webapp', + mode => '0755'; "/srv/leap/webapp/public/${api_version}/config/eip-service.json": content => $eip_service, require => Vcsrepo['/srv/leap/webapp'], - owner => leap-webapp, group => leap-webapp, mode => '0644'; + owner => 'leap-webapp', + group => 'leap-webapp', + mode => '0644'; "/srv/leap/webapp/public/${api_version}/config/soledad-service.json": content => $soledad_service, require => Vcsrepo['/srv/leap/webapp'], - owner => leap-webapp, group => leap-webapp, mode => '0644'; + owner => 'leap-webapp', + group => 'leap-webapp', + mode => '0644'; "/srv/leap/webapp/public/${api_version}/config/smtp-service.json": content => $smtp_service, require => Vcsrepo['/srv/leap/webapp'], - owner => leap-webapp, group => leap-webapp, mode => '0644'; + owner => 'leap-webapp', + group => 'leap-webapp', + mode => '0644'; } try::file { @@ -136,8 +150,8 @@ class site_webapp { recurse => true, purge => true, force => true, - owner => leap-webapp, - group => leap-webapp, + owner => 'leap-webapp', + group => 'leap-webapp', mode => 'u=rwX,go=rX', require => Vcsrepo['/srv/leap/webapp'], notify => Exec['compile_assets'], @@ -154,8 +168,8 @@ class site_webapp { file { '/srv/leap/webapp/config/config.yml': content => template('site_webapp/config.yml.erb'), - owner => leap-webapp, - group => leap-webapp, + owner => 'leap-webapp', + group => 'leap-webapp', mode => '0600', require => Vcsrepo['/srv/leap/webapp'], notify => Service['apache']; -- cgit v1.2.3