From 90c5b205c4764351e6ea707b965c5e6daca1c0b7 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Thu, 14 Mar 2013 18:36:40 -0400 Subject: add couchdb stunnel clients --- puppet/modules/site_webapp/manifests/couchdb.pp | 9 +++++ .../site_webapp/manifests/couchdb_stunnel.pp | 42 ++++++++++++++++++++++ .../manifests/couchdb_stunnel/clients.pp | 17 +++++++++ 3 files changed, 68 insertions(+) create mode 100644 puppet/modules/site_webapp/manifests/couchdb_stunnel.pp create mode 100644 puppet/modules/site_webapp/manifests/couchdb_stunnel/clients.pp (limited to 'puppet/modules/site_webapp/manifests') diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index 6cac666f..26de62ee 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -1,5 +1,9 @@ class site_webapp::couchdb { + $x509 = hiera('x509') + $key = $x509['key'] + $cert = $x509['cert'] + $ca = $x509['ca_cert'] $webapp = hiera('webapp') $couchdb_host = $webapp['couchdb_hosts'] $couchdb_user = $webapp['couchdb_user']['username'] @@ -13,4 +17,9 @@ class site_webapp::couchdb { mode => '0600'; } + class { 'site_webapp::couchdb_stunnel': + key => $key, + cert => $cert, + ca => $ca + } } diff --git a/puppet/modules/site_webapp/manifests/couchdb_stunnel.pp b/puppet/modules/site_webapp/manifests/couchdb_stunnel.pp new file mode 100644 index 00000000..e6657e13 --- /dev/null +++ b/puppet/modules/site_webapp/manifests/couchdb_stunnel.pp @@ -0,0 +1,42 @@ +class site_webapp::couchdb_stunnel ($key, $cert, $ca) { + + include x509::variables + include site_stunnel + + $cert_name = 'leap_couchdb' + $ca_path = "${x509::variables::certs}/leap_client_ca.crt" + $cert_path = "${x509::variables::certs}/${cert_name}.crt" + $key_path = "${x509::variables::keys}/${cert_name}.key" + + x509::key { + $cert_name: + content => $key, + notify => Service['stunnel']; + } + + x509::cert { + $cert_name: + content => $cert, + notify => Service['stunnel']; + } + + x509::ca { + $cert_name: + content => $ca, + notify => Service['stunnel']; + } + + $couchdb_stunnel_client_defaults = { + 'client' => true, + 'cafile' => $ca_path, + 'key' => $key_path, + 'cert' => $cert_path, + 'verify' => '2', + 'rndfile' => '/var/lib/stunnel4/.rnd', + 'debuglevel' => '4' + } + + create_resources(site_webapp::couchdb_stunnel::clients, hiera('stunnel'), $couchdb_stunnel_client_defaults) + +} + diff --git a/puppet/modules/site_webapp/manifests/couchdb_stunnel/clients.pp b/puppet/modules/site_webapp/manifests/couchdb_stunnel/clients.pp new file mode 100644 index 00000000..eac43b08 --- /dev/null +++ b/puppet/modules/site_webapp/manifests/couchdb_stunnel/clients.pp @@ -0,0 +1,17 @@ +define site_webapp::couchdb_stunnel::clients + ( $accept_port, $connect, $client, $cafile, $key, $cert, + $verify, $pid = $name, $rndfile, $debuglevel ) { + + stunnel::service { $name: + accept => "127.0.0.1:${accept_port}", + connect => "${connect}:6984", + client => $client, + cafile => $cafile, + key => $key, + cert => $cert, + verify => $verify, + pid => "/var/run/stunnel4/${pid}.pid", + rndfile => $rndfile, + debuglevel => $debuglevel + } + } -- cgit v1.2.3 From a275999ab39b49afa2bb0c998c58aec424b4a8c0 Mon Sep 17 00:00:00 2001 From: varac Date: Sat, 16 Mar 2013 13:57:14 +0100 Subject: pick the first couchdb host for webapp couch config Until we have a proper load balancing setup (see https://leap.se/code/issues/1994) --- puppet/modules/site_webapp/manifests/couchdb.pp | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'puppet/modules/site_webapp/manifests') diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index 6cac666f..9312cdb1 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -1,7 +1,10 @@ class site_webapp::couchdb { $webapp = hiera('webapp') - $couchdb_host = $webapp['couchdb_hosts'] + $couchdb_hosts = $webapp['couchdb_hosts'] + # for now, pick the first couchdb host before we have a working + # load balancing setup (see https://leap.se/code/issues/1994) + $couchdb_host = $couchdb_hosts[0] $couchdb_user = $webapp['couchdb_user']['username'] $couchdb_password = $webapp['couchdb_user']['password'] -- cgit v1.2.3 From 6609b3ed4125d1e46ba16b5bc7d7957bcbee6a42 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Sun, 17 Mar 2013 22:58:10 -0400 Subject: fix webapp/couchdb stunnel certificate authority --- puppet/modules/site_webapp/manifests/couchdb_stunnel.pp | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'puppet/modules/site_webapp/manifests') diff --git a/puppet/modules/site_webapp/manifests/couchdb_stunnel.pp b/puppet/modules/site_webapp/manifests/couchdb_stunnel.pp index e6657e13..325b18ee 100644 --- a/puppet/modules/site_webapp/manifests/couchdb_stunnel.pp +++ b/puppet/modules/site_webapp/manifests/couchdb_stunnel.pp @@ -4,9 +4,10 @@ class site_webapp::couchdb_stunnel ($key, $cert, $ca) { include site_stunnel $cert_name = 'leap_couchdb' - $ca_path = "${x509::variables::certs}/leap_client_ca.crt" + $ca_name = 'leap_ca' + $ca_path = "${x509::variables::local_CAs}/${ca_name}.crt" $cert_path = "${x509::variables::certs}/${cert_name}.crt" - $key_path = "${x509::variables::keys}/${cert_name}.key" + $key_path = "${x509::variables::keys}/${cert_name}.key" x509::key { $cert_name: @@ -21,7 +22,7 @@ class site_webapp::couchdb_stunnel ($key, $cert, $ca) { } x509::ca { - $cert_name: + $ca_name: content => $ca, notify => Service['stunnel']; } -- cgit v1.2.3 From fbae857865f3e2d61d9e55693c5cce411f7565ca Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 18 Mar 2013 18:24:16 +0100 Subject: Webapp: Use stunnel localhost:5000 for couchdb connection --- puppet/modules/site_webapp/manifests/couchdb.pp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'puppet/modules/site_webapp/manifests') diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index b8a4201d..f3488227 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -8,7 +8,9 @@ class site_webapp::couchdb { $couchdb_hosts = $webapp['couchdb_hosts'] # for now, pick the first couchdb host before we have a working # load balancing setup (see https://leap.se/code/issues/1994) - $couchdb_host = $couchdb_hosts[0] + # which is configured through a stunnel connection, reachable + # through localhost:5000 + $couchdb_host = 'localhost' $couchdb_user = $webapp['couchdb_user']['username'] $couchdb_password = $webapp['couchdb_user']['password'] -- cgit v1.2.3 From 036506d757423241618774a639778fc9be1413cd Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 19 Mar 2013 14:50:14 -0400 Subject: Migrate the couchdb design documents during webapp deploy (#1976) --- puppet/modules/site_webapp/manifests/couchdb.pp | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) (limited to 'puppet/modules/site_webapp/manifests') diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index f3488227..095cdb9d 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -20,6 +20,12 @@ class site_webapp::couchdb { owner => leap-webapp, group => leap-webapp, mode => '0600'; + + '/usr/local/sbin/migrate_design_documents': + source => 'puppet:///modules/site_webapp/migrate_design_documents', + owner => root, + group => root, + mode => '0744'; } class { 'site_webapp::couchdb_stunnel': @@ -27,4 +33,10 @@ class site_webapp::couchdb { cert => $cert, ca => $ca } -} + + exec { 'migrate_design_documents': + cwd => '/srv/leap-webapp', + commmand => '/usr/local/sbin/migrate_design_documents', + require => Exec['bundler_update'], + notify => Service['apache']; + } -- cgit v1.2.3 From f1b405b503a76526551ac0110cad8798de46dfd8 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 19 Mar 2013 16:09:34 -0400 Subject: configure site_webapp::haproxy to ship a haproxy config::fragment to setup the haproxy listener 'bigcouch-in'. This haproxy listener is configured to listen on port 4096 (arbitrarily chosen) and balance across the locally configured stunnels to the bigcouch instances It may be that we will need some additional haproxy options for handling persistence, cookies, or other HTTP headers, I'm unsure as of this moment --- puppet/modules/site_webapp/manifests/haproxy.pp | 14 ++++++++++++++ puppet/modules/site_webapp/manifests/init.pp | 1 + 2 files changed, 15 insertions(+) create mode 100644 puppet/modules/site_webapp/manifests/haproxy.pp (limited to 'puppet/modules/site_webapp/manifests') diff --git a/puppet/modules/site_webapp/manifests/haproxy.pp b/puppet/modules/site_webapp/manifests/haproxy.pp new file mode 100644 index 00000000..4a7e3c25 --- /dev/null +++ b/puppet/modules/site_webapp/manifests/haproxy.pp @@ -0,0 +1,14 @@ +class site_webapp::haproxy { + + include site_haproxy + + $haproxy = hiera('haproxy') + $local_ports = $haproxy['local_ports'] + + # Template uses $global_options, $defaults_options + concat::fragment { 'leap_haproxy_webapp_couchdb': + target => '/etc/haproxy/haproxy.cfg', + order => '20', + content => template('site_webapp/haproxy_couchdb.cfg.erb'), + } +} diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index e8134521..ec70a68d 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -17,6 +17,7 @@ class site_webapp { include site_webapp::apache include site_webapp::couchdb include site_webapp::client_ca + include site_webapp::haproxy group { 'leap-webapp': ensure => present, -- cgit v1.2.3 From fe8085f670eb3bca10c5bb0d9890e00a0d9c59d9 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 19 Mar 2013 16:37:56 -0400 Subject: configure webapp haproxy couchdb connection --- puppet/modules/site_webapp/manifests/couchdb.pp | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'puppet/modules/site_webapp/manifests') diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index 095cdb9d..820cc1d2 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -6,11 +6,9 @@ class site_webapp::couchdb { $ca = $x509['ca_cert'] $webapp = hiera('webapp') $couchdb_hosts = $webapp['couchdb_hosts'] - # for now, pick the first couchdb host before we have a working - # load balancing setup (see https://leap.se/code/issues/1994) - # which is configured through a stunnel connection, reachable - # through localhost:5000 + # haproxy listener on port localhost:4096, see site_webapp::haproxy $couchdb_host = 'localhost' + $couchdb_port = '4096' $couchdb_user = $webapp['couchdb_user']['username'] $couchdb_password = $webapp['couchdb_user']['password'] -- cgit v1.2.3 From b5018da40c68058ed47286e276ccfbe02b135e8d Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 19 Mar 2013 16:59:46 -0400 Subject: fix missing closing curly brace --- puppet/modules/site_webapp/manifests/couchdb.pp | 1 + 1 file changed, 1 insertion(+) (limited to 'puppet/modules/site_webapp/manifests') diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index 820cc1d2..1d847ca1 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -38,3 +38,4 @@ class site_webapp::couchdb { require => Exec['bundler_update'], notify => Service['apache']; } +} -- cgit v1.2.3 From 01434dcd78746f530f218a7ed8ed37b7b1d5ce71 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 19 Mar 2013 17:04:06 -0400 Subject: fix spelling of 'command' parameter --- puppet/modules/site_webapp/manifests/couchdb.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_webapp/manifests') diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index 1d847ca1..760706aa 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -34,7 +34,7 @@ class site_webapp::couchdb { exec { 'migrate_design_documents': cwd => '/srv/leap-webapp', - commmand => '/usr/local/sbin/migrate_design_documents', + command => '/usr/local/sbin/migrate_design_documents', require => Exec['bundler_update'], notify => Service['apache']; } -- cgit v1.2.3 From 9c1c74c359f80cf0e61b62befee0ec5cc04ab4c3 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 19 Mar 2013 17:41:37 -0400 Subject: create a separate couchdb.yml.admin that contains the couchdb admin privileges, putting the unprivileged ones in as user webapp in couchdb.yml. This allows us to migrate the couchdb design docs on deployment, but use an unprivileged user the remainder of the time --- puppet/modules/site_webapp/manifests/couchdb.pp | 30 ++++++++++++++++--------- 1 file changed, 19 insertions(+), 11 deletions(-) (limited to 'puppet/modules/site_webapp/manifests') diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index 760706aa..e89880fe 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -1,19 +1,27 @@ class site_webapp::couchdb { - $x509 = hiera('x509') - $key = $x509['key'] - $cert = $x509['cert'] - $ca = $x509['ca_cert'] - $webapp = hiera('webapp') - $couchdb_hosts = $webapp['couchdb_hosts'] + $x509 = hiera('x509') + $key = $x509['key'] + $cert = $x509['cert'] + $ca = $x509['ca_cert'] + $webapp = hiera('webapp') + $couchdb_hosts = $webapp['couchdb_hosts'] # haproxy listener on port localhost:4096, see site_webapp::haproxy - $couchdb_host = 'localhost' - $couchdb_port = '4096' - $couchdb_user = $webapp['couchdb_user']['username'] - $couchdb_password = $webapp['couchdb_user']['password'] + $couchdb_host = 'localhost' + $couchdb_port = '4096' + $couchdb_admin_user = $webapp['couchdb_admin_user']['username'] + $couchdb_admin_password = $webapp['couchdb_admin_user']['password'] + $couchdb_webapp_user = $webapp['couchdb_webapp_user']['username'] + $couchdb_webapp_password = $webapp['couchdb_webapp_user']['password'] file { - '/srv/leap-webapp/config/couchdb.yml': + '/srv/leap-webapp/config/couchdb.yml.admin': + content => template('site_webapp/couchdb.yml.admin.erb'), + owner => leap-webapp, + group => leap-webapp, + mode => '0600'; + + '/srv/leap-webapp/config/couchdb.yml.webapp': content => template('site_webapp/couchdb.yml.erb'), owner => leap-webapp, group => leap-webapp, -- cgit v1.2.3 From 92ea0355de872a502d552d89ed88729b9b4fbaa2 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 19 Mar 2013 18:20:33 -0400 Subject: add webapp secret token that pulls from hiera a 'secret' --- puppet/modules/site_webapp/manifests/init.pp | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'puppet/modules/site_webapp/manifests') diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index ec70a68d..1e6abe42 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -6,6 +6,7 @@ class site_webapp { $node_domain = hiera('domain') $provider_domain = $node_domain['full_suffix'] $webapp = hiera('webapp') + $secret_token = $webapp['secret_token'] Class[Ruby] -> Class[rubygems] -> Class[bundler::install] @@ -111,6 +112,11 @@ class site_webapp { owner => leap-webapp, group => leap-webapp, mode => '0600'; + + '/srv/leap-webapp/config/initializers/secret_token.rb': + content => "LeapWeb::Application.config.secret_token = '${secret_token}'\n", + owner => leap-webapp, group => leap-webapp, mode => '0644', + notify => Service['apache']; } include site_shorewall::webapp -- cgit v1.2.3 From ffda76a47c7f9d5766325d8cdf13d289430456eb Mon Sep 17 00:00:00 2001 From: elijah Date: Thu, 28 Mar 2013 10:01:32 -0700 Subject: added stunnel_server --- puppet/modules/site_webapp/manifests/couchdb.pp | 1 - 1 file changed, 1 deletion(-) (limited to 'puppet/modules/site_webapp/manifests') diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index e89880fe..ef61aeb6 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -5,7 +5,6 @@ class site_webapp::couchdb { $cert = $x509['cert'] $ca = $x509['ca_cert'] $webapp = hiera('webapp') - $couchdb_hosts = $webapp['couchdb_hosts'] # haproxy listener on port localhost:4096, see site_webapp::haproxy $couchdb_host = 'localhost' $couchdb_port = '4096' -- cgit v1.2.3 From cc082541980df1062cb5b2d10f4980cf8b6664c9 Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 19 Mar 2013 13:54:40 +0100 Subject: moved generic stunnel config from site_webapp to site_stunnel --- puppet/modules/site_webapp/manifests/couchdb.pp | 21 +++++++++-- .../site_webapp/manifests/couchdb_stunnel.pp | 43 ---------------------- .../manifests/couchdb_stunnel/clients.pp | 17 --------- 3 files changed, 17 insertions(+), 64 deletions(-) delete mode 100644 puppet/modules/site_webapp/manifests/couchdb_stunnel.pp delete mode 100644 puppet/modules/site_webapp/manifests/couchdb_stunnel/clients.pp (limited to 'puppet/modules/site_webapp/manifests') diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index ef61aeb6..e45691c1 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -33,10 +33,11 @@ class site_webapp::couchdb { mode => '0744'; } - class { 'site_webapp::couchdb_stunnel': - key => $key, - cert => $cert, - ca => $ca + class { 'site_stunnel::setup': + cert_name => 'leap_couchdb', + key => $key, + cert => $cert, + ca => $ca } exec { 'migrate_design_documents': @@ -45,4 +46,16 @@ class site_webapp::couchdb { require => Exec['bundler_update'], notify => Service['apache']; } + + $couchdb_stunnel_client_defaults = { + 'client' => true, + 'cafile' => $ca_path, + 'key' => $key_path, + 'cert' => $cert_path, + 'verify' => '2', + 'rndfile' => '/var/lib/stunnel4/.rnd', + 'debuglevel' => '4' + } + + create_resources(site_stunnel::clients, hiera('stunnel'), $couchdb_stunnel_client_defaults) } diff --git a/puppet/modules/site_webapp/manifests/couchdb_stunnel.pp b/puppet/modules/site_webapp/manifests/couchdb_stunnel.pp deleted file mode 100644 index 325b18ee..00000000 --- a/puppet/modules/site_webapp/manifests/couchdb_stunnel.pp +++ /dev/null @@ -1,43 +0,0 @@ -class site_webapp::couchdb_stunnel ($key, $cert, $ca) { - - include x509::variables - include site_stunnel - - $cert_name = 'leap_couchdb' - $ca_name = 'leap_ca' - $ca_path = "${x509::variables::local_CAs}/${ca_name}.crt" - $cert_path = "${x509::variables::certs}/${cert_name}.crt" - $key_path = "${x509::variables::keys}/${cert_name}.key" - - x509::key { - $cert_name: - content => $key, - notify => Service['stunnel']; - } - - x509::cert { - $cert_name: - content => $cert, - notify => Service['stunnel']; - } - - x509::ca { - $ca_name: - content => $ca, - notify => Service['stunnel']; - } - - $couchdb_stunnel_client_defaults = { - 'client' => true, - 'cafile' => $ca_path, - 'key' => $key_path, - 'cert' => $cert_path, - 'verify' => '2', - 'rndfile' => '/var/lib/stunnel4/.rnd', - 'debuglevel' => '4' - } - - create_resources(site_webapp::couchdb_stunnel::clients, hiera('stunnel'), $couchdb_stunnel_client_defaults) - -} - diff --git a/puppet/modules/site_webapp/manifests/couchdb_stunnel/clients.pp b/puppet/modules/site_webapp/manifests/couchdb_stunnel/clients.pp deleted file mode 100644 index eac43b08..00000000 --- a/puppet/modules/site_webapp/manifests/couchdb_stunnel/clients.pp +++ /dev/null @@ -1,17 +0,0 @@ -define site_webapp::couchdb_stunnel::clients - ( $accept_port, $connect, $client, $cafile, $key, $cert, - $verify, $pid = $name, $rndfile, $debuglevel ) { - - stunnel::service { $name: - accept => "127.0.0.1:${accept_port}", - connect => "${connect}:6984", - client => $client, - cafile => $cafile, - key => $key, - cert => $cert, - verify => $verify, - pid => "/var/run/stunnel4/${pid}.pid", - rndfile => $rndfile, - debuglevel => $debuglevel - } - } -- cgit v1.2.3 From 4669a64cb8e63a67825a35513b51b4e1f2a4ec5d Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 19 Mar 2013 15:14:35 +0100 Subject: moving generic stunnel config from site_webapp to site_stunnel now working --- puppet/modules/site_webapp/manifests/couchdb.pp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'puppet/modules/site_webapp/manifests') diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index e45691c1..48a95c8d 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -34,7 +34,7 @@ class site_webapp::couchdb { } class { 'site_stunnel::setup': - cert_name => 'leap_couchdb', + cert_name => $cert_name, key => $key, cert => $cert, ca => $ca @@ -49,9 +49,9 @@ class site_webapp::couchdb { $couchdb_stunnel_client_defaults = { 'client' => true, - 'cafile' => $ca_path, - 'key' => $key_path, - 'cert' => $cert_path, + 'cafile' => "${x509::variables::local_CAs}/${ca_name}.crt", + 'key' => "${x509::variables::keys}/${cert_name}.key", + 'cert' => "${x509::variables::certs}/${cert_name}.crt", 'verify' => '2', 'rndfile' => '/var/lib/stunnel4/.rnd', 'debuglevel' => '4' -- cgit v1.2.3 From 63e6b8633e07045751011c0218f9e6891e25cca5 Mon Sep 17 00:00:00 2001 From: varac Date: Wed, 20 Mar 2013 22:17:55 +0100 Subject: provide stunnel connect_port to site_webapp:couchdb --- puppet/modules/site_webapp/manifests/couchdb.pp | 1 + 1 file changed, 1 insertion(+) (limited to 'puppet/modules/site_webapp/manifests') diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index 48a95c8d..ffc4454b 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -48,6 +48,7 @@ class site_webapp::couchdb { } $couchdb_stunnel_client_defaults = { + 'connect_port' => '6984', 'client' => true, 'cafile' => "${x509::variables::local_CAs}/${ca_name}.crt", 'key' => "${x509::variables::keys}/${cert_name}.key", -- cgit v1.2.3 From 6714ff4ae1a53b6b3eda66f13c2212c3ba285bf3 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Sun, 31 Mar 2013 12:19:46 -0400 Subject: refactor couch_client stunnel to use new stunnel_client leap_cli macro re-order variables to be more consistant --- puppet/modules/site_webapp/manifests/couchdb.pp | 32 +++++++++++++++---------- 1 file changed, 20 insertions(+), 12 deletions(-) (limited to 'puppet/modules/site_webapp/manifests') diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index ffc4454b..e956fd54 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -1,9 +1,5 @@ class site_webapp::couchdb { - $x509 = hiera('x509') - $key = $x509['key'] - $cert = $x509['cert'] - $ca = $x509['ca_cert'] $webapp = hiera('webapp') # haproxy listener on port localhost:4096, see site_webapp::haproxy $couchdb_host = 'localhost' @@ -13,6 +9,21 @@ class site_webapp::couchdb { $couchdb_webapp_user = $webapp['couchdb_webapp_user']['username'] $couchdb_webapp_password = $webapp['couchdb_webapp_user']['password'] + $stunnel = hiera('stunnel') + $couch_client = $stunnel['couch_client'] + $couch_client_connect = $couch_client['connect'] + + include x509::variable + $x509 = hiera('x509') + $key = $x509['key'] + $cert = $x509['cert'] + $ca = $x509['ca_cert'] + $cert_name = 'leap_couchdb' + $ca_name = 'leap_ca' + $ca_path = "${x509::variables::local_CAs}/${ca_name}.crt" + $cert_path = "${x509::variables::certs}/${cert_name}.crt" + $key_path = "${x509::variables::keys}/${cert_name}.key" + file { '/srv/leap-webapp/config/couchdb.yml.admin': content => template('site_webapp/couchdb.yml.admin.erb'), @@ -48,15 +59,12 @@ class site_webapp::couchdb { } $couchdb_stunnel_client_defaults = { - 'connect_port' => '6984', + 'connect_port' => $couch_client_connect, 'client' => true, - 'cafile' => "${x509::variables::local_CAs}/${ca_name}.crt", - 'key' => "${x509::variables::keys}/${cert_name}.key", - 'cert' => "${x509::variables::certs}/${cert_name}.crt", - 'verify' => '2', - 'rndfile' => '/var/lib/stunnel4/.rnd', - 'debuglevel' => '4' + 'cafile' => $ca_path, + 'key' => $key_path, + 'cert' => $cert_path, } - create_resources(site_stunnel::clients, hiera('stunnel'), $couchdb_stunnel_client_defaults) + create_resources(site_stunnel::clients, $couch_client, $couchdb_stunnel_client_defaults) } -- cgit v1.2.3 From c4397077adb35cf5ec05976e2918bacdd3960703 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Thu, 4 Apr 2013 15:31:04 -0400 Subject: pass $ca_name to stunnel::setup - this eliminates a dynamic scoped variable lookup, and warning --- puppet/modules/site_webapp/manifests/couchdb.pp | 1 + 1 file changed, 1 insertion(+) (limited to 'puppet/modules/site_webapp/manifests') diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index e956fd54..8dfe6e12 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -48,6 +48,7 @@ class site_webapp::couchdb { cert_name => $cert_name, key => $key, cert => $cert, + ca_name => $ca_name ca => $ca } -- cgit v1.2.3 From 78cd7a3a6e098448efa9e8623d1bc5c81d7a393a Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Thu, 4 Apr 2013 15:40:04 -0400 Subject: fix missing comma --- puppet/modules/site_webapp/manifests/couchdb.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_webapp/manifests') diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index 8dfe6e12..50c6f9d7 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -48,7 +48,7 @@ class site_webapp::couchdb { cert_name => $cert_name, key => $key, cert => $cert, - ca_name => $ca_name + ca_name => $ca_name, ca => $ca } -- cgit v1.2.3 From 61ee35e9210bc771f059ebf227512668c21b62b5 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Thu, 4 Apr 2013 16:42:17 -0400 Subject: make sure the couchdb.yml permissions are set properly --- puppet/modules/site_webapp/manifests/couchdb.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'puppet/modules/site_webapp/manifests') diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index 50c6f9d7..6fe144a4 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -27,8 +27,8 @@ class site_webapp::couchdb { file { '/srv/leap-webapp/config/couchdb.yml.admin': content => template('site_webapp/couchdb.yml.admin.erb'), - owner => leap-webapp, - group => leap-webapp, + owner => root, + group => root, mode => '0600'; '/srv/leap-webapp/config/couchdb.yml.webapp': -- cgit v1.2.3 From a115e1c2e48adaa5f53777b63c25814e536e1e5a Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Thu, 4 Apr 2013 16:42:33 -0400 Subject: fix typo in x509::variables --- puppet/modules/site_webapp/manifests/couchdb.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_webapp/manifests') diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index 6fe144a4..ebb0d72a 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -13,7 +13,7 @@ class site_webapp::couchdb { $couch_client = $stunnel['couch_client'] $couch_client_connect = $couch_client['connect'] - include x509::variable + include x509::variables $x509 = hiera('x509') $key = $x509['key'] $cert = $x509['cert'] -- cgit v1.2.3 From dc6cd0ecd31a03e5093cdd9bb6dd1cad576199a2 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Thu, 4 Apr 2013 16:43:04 -0400 Subject: set permissions on the rails production.log, otherwise passenger complains about this in the apache log file --- puppet/modules/site_webapp/manifests/couchdb.pp | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'puppet/modules/site_webapp/manifests') diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index ebb0d72a..f6203552 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -37,6 +37,11 @@ class site_webapp::couchdb { group => leap-webapp, mode => '0600'; + '/srv/leap-webapp/logs/production.log': + owner => leap-webapp, + group => leap-webapp, + mode => '0660'; + '/usr/local/sbin/migrate_design_documents': source => 'puppet:///modules/site_webapp/migrate_design_documents', owner => root, -- cgit v1.2.3 From 7b6882212da16b7f3e778919f6c8c018c6d1111b Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 16 Apr 2013 13:58:43 -0400 Subject: move secret token into the config.yaml --- puppet/modules/site_webapp/manifests/init.pp | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) (limited to 'puppet/modules/site_webapp/manifests') diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index 1e6abe42..636a156d 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -111,12 +111,8 @@ class site_webapp { content => template('site_webapp/config.yml.erb'), owner => leap-webapp, group => leap-webapp, - mode => '0600'; - - '/srv/leap-webapp/config/initializers/secret_token.rb': - content => "LeapWeb::Application.config.secret_token = '${secret_token}'\n", - owner => leap-webapp, group => leap-webapp, mode => '0644', - notify => Service['apache']; + mode => '0600', + notify => Service['apache']; } include site_shorewall::webapp -- cgit v1.2.3 From 0ad85d0afa39817b07e0f774c7437d1ca9fd5fd6 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Wed, 17 Apr 2013 18:08:02 -0400 Subject: update apache module to new 2.7 style --- puppet/modules/site_webapp/manifests/apache.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_webapp/manifests') diff --git a/puppet/modules/site_webapp/manifests/apache.pp b/puppet/modules/site_webapp/manifests/apache.pp index 554b9147..103e4f35 100644 --- a/puppet/modules/site_webapp/manifests/apache.pp +++ b/puppet/modules/site_webapp/manifests/apache.pp @@ -12,7 +12,7 @@ class site_webapp::apache { $api_cert = $x509['cert'] $api_root = $x509['ca_cert'] - $apache_no_default_site = true + class { '::apache': no_default_site => true } include apache::ssl apache::module { -- cgit v1.2.3 From aa9d9d8516981d08b0b6e230d290c22834dee8d0 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Thu, 18 Apr 2013 17:19:32 -0400 Subject: update apache module to take the 'ssl' parameter, and pass it to the class, this eliminates a potential variable lookup ordering problem (#2273) --- puppet/modules/site_webapp/manifests/apache.pp | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'puppet/modules/site_webapp/manifests') diff --git a/puppet/modules/site_webapp/manifests/apache.pp b/puppet/modules/site_webapp/manifests/apache.pp index 103e4f35..8b340160 100644 --- a/puppet/modules/site_webapp/manifests/apache.pp +++ b/puppet/modules/site_webapp/manifests/apache.pp @@ -12,8 +12,7 @@ class site_webapp::apache { $api_cert = $x509['cert'] $api_root = $x509['ca_cert'] - class { '::apache': no_default_site => true } - include apache::ssl + class { '::apache': no_default_site => true, ssl => true } apache::module { 'alias': ensure => present; -- cgit v1.2.3 From 5323c8c48df57dae61cb73a1b8df5b39736f5a89 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 23 Apr 2013 11:52:16 -0400 Subject: fix mode for webapp production.log (#2300) --- puppet/modules/site_webapp/manifests/couchdb.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_webapp/manifests') diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index f6203552..840bb12e 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -40,7 +40,7 @@ class site_webapp::couchdb { '/srv/leap-webapp/logs/production.log': owner => leap-webapp, group => leap-webapp, - mode => '0660'; + mode => '0666'; '/usr/local/sbin/migrate_design_documents': source => 'puppet:///modules/site_webapp/migrate_design_documents', -- cgit v1.2.3 From 037d002bc3e29e8c88018b1a80a96bab0cc354b7 Mon Sep 17 00:00:00 2001 From: varac Date: Wed, 24 Apr 2013 17:15:36 +0200 Subject: couchdb.yml.admin is changed on every puppetrun from leap-webapp to root --- puppet/modules/site_webapp/manifests/couchdb.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'puppet/modules/site_webapp/manifests') diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index 840bb12e..2062a267 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -27,8 +27,8 @@ class site_webapp::couchdb { file { '/srv/leap-webapp/config/couchdb.yml.admin': content => template('site_webapp/couchdb.yml.admin.erb'), - owner => root, - group => root, + owner => leap_webapp, + group => leap_webapp, mode => '0600'; '/srv/leap-webapp/config/couchdb.yml.webapp': -- cgit v1.2.3 From ae7b1d3b68c2e2e295967cb638413627bfbe0734 Mon Sep 17 00:00:00 2001 From: varac Date: Wed, 24 Apr 2013 17:22:17 +0200 Subject: user leap-webapp instead of leap_webapp --- puppet/modules/site_webapp/manifests/couchdb.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'puppet/modules/site_webapp/manifests') diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index 2062a267..1dd346fd 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -27,8 +27,8 @@ class site_webapp::couchdb { file { '/srv/leap-webapp/config/couchdb.yml.admin': content => template('site_webapp/couchdb.yml.admin.erb'), - owner => leap_webapp, - group => leap_webapp, + owner => leap-webapp, + group => leap-webapp, mode => '0600'; '/srv/leap-webapp/config/couchdb.yml.webapp': -- cgit v1.2.3 From 4ed2bb37ea8283f79aecca8b78e80b141e9eff50 Mon Sep 17 00:00:00 2001 From: elijah Date: Wed, 24 Apr 2013 18:04:48 -0700 Subject: provider base - service definitions are now versioned (requires new leap_cli) --- puppet/modules/site_webapp/manifests/init.pp | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'puppet/modules/site_webapp/manifests') diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index 636a156d..8b5bb0e3 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -6,6 +6,7 @@ class site_webapp { $node_domain = hiera('domain') $provider_domain = $node_domain['full_suffix'] $webapp = hiera('webapp') + $api_version = $webapp['api_version'] $secret_token = $webapp['secret_token'] Class[Ruby] -> Class[rubygems] -> Class[bundler::install] @@ -83,7 +84,11 @@ class site_webapp { ensure => directory, owner => leap-webapp, group => leap-webapp, mode => '0755'; - '/srv/leap-webapp/public/config/eip-service.json': + "/srv/leap-webapp/public/config/${api_version}": + ensure => directory, + owner => leap-webapp, group => leap-webapp, mode => '0755'; + + "/srv/leap-webapp/public/config/${api_version}/eip-service.json": content => $eip_service, owner => leap-webapp, group => leap-webapp, mode => '0644'; } -- cgit v1.2.3 From c8e427c39285a0ac8750c1b9bbf247533bbce519 Mon Sep 17 00:00:00 2001 From: elijah Date: Tue, 30 Apr 2013 14:25:45 -0700 Subject: added soledad-service.json --- puppet/modules/site_webapp/manifests/init.pp | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'puppet/modules/site_webapp/manifests') diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index 8b5bb0e3..8e0aa11c 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -3,6 +3,7 @@ class site_webapp { $definition_files = hiera('definition_files') $provider = $definition_files['provider'] $eip_service = $definition_files['eip_service'] + $soledad_service = $definition_files['soledad_service'] $node_domain = hiera('domain') $provider_domain = $node_domain['full_suffix'] $webapp = hiera('webapp') @@ -80,17 +81,21 @@ class site_webapp { ensure => link, target => '/usr/local/share/ca-certificates/leap_api.crt'; - '/srv/leap-webapp/public/config': + "/srv/leap-webapp/public/${api_version}": ensure => directory, owner => leap-webapp, group => leap-webapp, mode => '0755'; - "/srv/leap-webapp/public/config/${api_version}": + "/srv/leap-webapp/public/${api_version}/config/": ensure => directory, owner => leap-webapp, group => leap-webapp, mode => '0755'; - "/srv/leap-webapp/public/config/${api_version}/eip-service.json": + "/srv/leap-webapp/public/${api_version}/config/eip-service.json": content => $eip_service, owner => leap-webapp, group => leap-webapp, mode => '0644'; + + "/srv/leap-webapp/public/${api_version}/config/soledad-service.json": + content => $soledad_service, + owner => leap-webapp, group => leap-webapp, mode => '0644'; } try::file { -- cgit v1.2.3 From b3d1c6c58838b0c4f368bc42493ac3bae280b5af Mon Sep 17 00:00:00 2001 From: elijah Date: Tue, 14 May 2013 12:23:20 -0700 Subject: added smtp-service.json, requires latest leap_cli --- puppet/modules/site_webapp/manifests/init.pp | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'puppet/modules/site_webapp/manifests') diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index 8e0aa11c..5c084a0c 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -4,6 +4,7 @@ class site_webapp { $provider = $definition_files['provider'] $eip_service = $definition_files['eip_service'] $soledad_service = $definition_files['soledad_service'] + $smtp_service = $definition_files['smtp_service'] $node_domain = hiera('domain') $provider_domain = $node_domain['full_suffix'] $webapp = hiera('webapp') @@ -96,6 +97,10 @@ class site_webapp { "/srv/leap-webapp/public/${api_version}/config/soledad-service.json": content => $soledad_service, owner => leap-webapp, group => leap-webapp, mode => '0644'; + + "/srv/leap-webapp/public/${api_version}/config/smtp-service.json": + content => $smtp_service, + owner => leap-webapp, group => leap-webapp, mode => '0644'; } try::file { -- cgit v1.2.3 From 450fb19a4df8f4740dcf077b585dbd77c096d133 Mon Sep 17 00:00:00 2001 From: elijah Date: Sat, 18 May 2013 17:13:05 -0700 Subject: added module site_nickserver --- puppet/modules/site_webapp/manifests/init.pp | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) (limited to 'puppet/modules/site_webapp/manifests') diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index 5c084a0c..80b7c271 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -11,13 +11,7 @@ class site_webapp { $api_version = $webapp['api_version'] $secret_token = $webapp['secret_token'] - Class[Ruby] -> Class[rubygems] -> Class[bundler::install] - - class { 'ruby': ruby_version => '1.9.3' } - - class { 'bundler::install': install_method => 'package' } - - include rubygems + include site_config::ruby include site_webapp::apache include site_webapp::couchdb include site_webapp::client_ca -- cgit v1.2.3 From 264fa32a719d77b15e623cc3fc4574fd04837716 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 21 May 2013 17:42:40 -0400 Subject: change paths for leap webapp to be under /srv/leap/webapp from /srv/leap-webapp --- puppet/modules/site_webapp/manifests/couchdb.pp | 8 +++--- puppet/modules/site_webapp/manifests/init.pp | 36 ++++++++++++------------- 2 files changed, 22 insertions(+), 22 deletions(-) (limited to 'puppet/modules/site_webapp/manifests') diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index 1dd346fd..7a3839c8 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -25,19 +25,19 @@ class site_webapp::couchdb { $key_path = "${x509::variables::keys}/${cert_name}.key" file { - '/srv/leap-webapp/config/couchdb.yml.admin': + '/srv/leap/webapp/config/couchdb.yml.admin': content => template('site_webapp/couchdb.yml.admin.erb'), owner => leap-webapp, group => leap-webapp, mode => '0600'; - '/srv/leap-webapp/config/couchdb.yml.webapp': + '/srv/leap/webapp/config/couchdb.yml.webapp': content => template('site_webapp/couchdb.yml.erb'), owner => leap-webapp, group => leap-webapp, mode => '0600'; - '/srv/leap-webapp/logs/production.log': + '/srv/leap/webapp/logs/production.log': owner => leap-webapp, group => leap-webapp, mode => '0666'; @@ -58,7 +58,7 @@ class site_webapp::couchdb { } exec { 'migrate_design_documents': - cwd => '/srv/leap-webapp', + cwd => '/srv/leap/webapp', command => '/usr/local/sbin/migrate_design_documents', require => Exec['bundler_update'], notify => Service['apache']; diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index 5c084a0c..f7a4b598 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -33,18 +33,18 @@ class site_webapp { allowdupe => false, gid => 'leap-webapp', groups => 'ssl-cert', - home => '/srv/leap-webapp', + home => '/srv/leap/webapp', require => [ Group['leap-webapp'] ]; } - file { '/srv/leap-webapp': + file { '/srv/leap/webapp': ensure => directory, owner => 'leap-webapp', group => 'leap-webapp', require => User['leap-webapp']; } - vcsrepo { '/srv/leap-webapp': + vcsrepo { '/srv/leap/webapp': ensure => present, revision => 'origin/master', provider => git, @@ -56,17 +56,17 @@ class site_webapp { } exec { 'bundler_update': - cwd => '/srv/leap-webapp', + cwd => '/srv/leap/webapp', command => '/bin/bash -c "/usr/bin/bundle check || /usr/bin/bundle install --path vendor/bundle"', unless => '/usr/bin/bundle check', user => 'leap-webapp', timeout => 600, - require => [ Class['bundler::install'], Vcsrepo['/srv/leap-webapp'] ], + require => [ Class['bundler::install'], Vcsrepo['/srv/leap/webapp'] ], notify => Service['apache']; } exec { 'compile_assets': - cwd => '/srv/leap-webapp', + cwd => '/srv/leap/webapp', command => '/bin/bash -c "/usr/bin/bundle exec rake assets:precompile"', user => 'leap-webapp', require => Exec['bundler_update'], @@ -74,55 +74,55 @@ class site_webapp { } file { - '/srv/leap-webapp/public/provider.json': + '/srv/leap/webapp/public/provider.json': content => $provider, owner => leap-webapp, group => leap-webapp, mode => '0644'; - '/srv/leap-webapp/public/ca.crt': + '/srv/leap/webapp/public/ca.crt': ensure => link, target => '/usr/local/share/ca-certificates/leap_api.crt'; - "/srv/leap-webapp/public/${api_version}": + "/srv/leap/webapp/public/${api_version}": ensure => directory, owner => leap-webapp, group => leap-webapp, mode => '0755'; - "/srv/leap-webapp/public/${api_version}/config/": + "/srv/leap/webapp/public/${api_version}/config/": ensure => directory, owner => leap-webapp, group => leap-webapp, mode => '0755'; - "/srv/leap-webapp/public/${api_version}/config/eip-service.json": + "/srv/leap/webapp/public/${api_version}/config/eip-service.json": content => $eip_service, owner => leap-webapp, group => leap-webapp, mode => '0644'; - "/srv/leap-webapp/public/${api_version}/config/soledad-service.json": + "/srv/leap/webapp/public/${api_version}/config/soledad-service.json": content => $soledad_service, owner => leap-webapp, group => leap-webapp, mode => '0644'; - "/srv/leap-webapp/public/${api_version}/config/smtp-service.json": + "/srv/leap/webapp/public/${api_version}/config/smtp-service.json": content => $smtp_service, owner => leap-webapp, group => leap-webapp, mode => '0644'; } try::file { - '/srv/leap-webapp/public/favicon.ico': + '/srv/leap/webapp/public/favicon.ico': ensure => 'link', target => $webapp['favicon']; - '/srv/leap-webapp/app/assets/stylesheets/tail.scss': + '/srv/leap/webapp/app/assets/stylesheets/tail.scss': ensure => 'link', target => $webapp['tail_scss']; - '/srv/leap-webapp/app/assets/stylesheets/head.scss': + '/srv/leap/webapp/app/assets/stylesheets/head.scss': ensure => 'link', target => $webapp['head_scss']; - '/srv/leap-webapp/public/img': + '/srv/leap/webapp/public/img': ensure => 'link', target => $webapp['img_dir']; } file { - '/srv/leap-webapp/config/config.yml': + '/srv/leap/webapp/config/config.yml': content => template('site_webapp/config.yml.erb'), owner => leap-webapp, group => leap-webapp, -- cgit v1.2.3 From 92b90bc4507f412497c3128f0817bd24e2628b1b Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Wed, 22 May 2013 12:53:47 -0400 Subject: add force => true parameter to webapp vcsrepo checkout this should have been added to d669a5fb56acf9101cf677ecbd30bcc47b092cd3 resolve #1722 after the vcsrepo module was updated to handle this, but it wasn't. --- puppet/modules/site_webapp/manifests/init.pp | 1 + 1 file changed, 1 insertion(+) (limited to 'puppet/modules/site_webapp/manifests') diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index f7a4b598..aac48188 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -46,6 +46,7 @@ class site_webapp { vcsrepo { '/srv/leap/webapp': ensure => present, + force => true, revision => 'origin/master', provider => git, source => 'git://code.leap.se/leap_web', -- cgit v1.2.3 From e0b591b063d3c49012a4266ee837737758f58dc2 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Wed, 22 May 2013 12:56:43 -0400 Subject: add requirements to the try::file resources normally a file resource would automatically require the parent directory first, but try::file doesn't do this so it has errors if /srv/leap/webapp doesn't exist yet: for example: - [web1] err: /Stage[main]/Site_webapp/Try::File[/srv/leap/webapp/public/img]/Exec[restore_/srv/leap/webapp/public/img]/returns: change from notrun to 0 failed: Working directory '/srv/leap/webapp/public' does not exist that was 'tried' before the vcsrepo was done which would have resolved that problem. This makes sure that the vcsrepo is done first --- puppet/modules/site_webapp/manifests/init.pp | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'puppet/modules/site_webapp/manifests') diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index aac48188..b01141ae 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -106,19 +106,23 @@ class site_webapp { try::file { '/srv/leap/webapp/public/favicon.ico': - ensure => 'link', - target => $webapp['favicon']; + ensure => 'link', + require => Vcsrepo['/srv/leap/webapp'], + target => $webapp['favicon']; '/srv/leap/webapp/app/assets/stylesheets/tail.scss': ensure => 'link', + require => Vcsrepo['/srv/leap/webapp'], target => $webapp['tail_scss']; '/srv/leap/webapp/app/assets/stylesheets/head.scss': ensure => 'link', + require => Vcsrepo['/srv/leap/webapp'], target => $webapp['head_scss']; '/srv/leap/webapp/public/img': ensure => 'link', + require => Vcsrepo['/srv/leap/webapp'], target => $webapp['img_dir']; } -- cgit v1.2.3 From a386d3862a581d502b9611bc9af0e144ac29e4f9 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Wed, 22 May 2013 15:07:08 -0400 Subject: add missing require => on the vcsrepo which could cause these resources to fail --- puppet/modules/site_webapp/manifests/couchdb.pp | 9 +++++--- puppet/modules/site_webapp/manifests/init.pp | 29 +++++++++++++++++-------- 2 files changed, 26 insertions(+), 12 deletions(-) (limited to 'puppet/modules/site_webapp/manifests') diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index 1dd346fd..7858dbfd 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -29,18 +29,21 @@ class site_webapp::couchdb { content => template('site_webapp/couchdb.yml.admin.erb'), owner => leap-webapp, group => leap-webapp, - mode => '0600'; + mode => '0600', + require => Vcsrepo['/srv/leap/webapp']; '/srv/leap-webapp/config/couchdb.yml.webapp': content => template('site_webapp/couchdb.yml.erb'), owner => leap-webapp, group => leap-webapp, - mode => '0600'; + mode => '0600', + require => Vcsrepo['/srv/leap/webapp']; '/srv/leap-webapp/logs/production.log': owner => leap-webapp, group => leap-webapp, - mode => '0666'; + mode => '0666', + require => Vcsrepo['/srv/leap/webapp']; '/usr/local/sbin/migrate_design_documents': source => 'puppet:///modules/site_webapp/migrate_design_documents', diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index 80b7c271..92cf4b25 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -70,30 +70,37 @@ class site_webapp { file { '/srv/leap-webapp/public/provider.json': content => $provider, + require => Vcsrepo['/srv/leap/webapp'], owner => leap-webapp, group => leap-webapp, mode => '0644'; '/srv/leap-webapp/public/ca.crt': ensure => link, + require => Vcsrepo['/srv/leap/webapp'], target => '/usr/local/share/ca-certificates/leap_api.crt'; "/srv/leap-webapp/public/${api_version}": ensure => directory, + require => Vcsrepo['/srv/leap/webapp'], owner => leap-webapp, group => leap-webapp, mode => '0755'; "/srv/leap-webapp/public/${api_version}/config/": ensure => directory, + require => Vcsrepo['/srv/leap/webapp'], owner => leap-webapp, group => leap-webapp, mode => '0755'; "/srv/leap-webapp/public/${api_version}/config/eip-service.json": content => $eip_service, + require => Vcsrepo['/srv/leap/webapp'], owner => leap-webapp, group => leap-webapp, mode => '0644'; "/srv/leap-webapp/public/${api_version}/config/soledad-service.json": content => $soledad_service, + require => Vcsrepo['/srv/leap/webapp'], owner => leap-webapp, group => leap-webapp, mode => '0644'; "/srv/leap-webapp/public/${api_version}/config/smtp-service.json": content => $smtp_service, + require => Vcsrepo['/srv/leap/webapp'], owner => leap-webapp, group => leap-webapp, mode => '0644'; } @@ -102,17 +109,20 @@ class site_webapp { ensure => 'link', target => $webapp['favicon']; - '/srv/leap-webapp/app/assets/stylesheets/tail.scss': - ensure => 'link', - target => $webapp['tail_scss']; + '/srv/leap/webapp/app/assets/stylesheets/tail.scss': + ensure => 'link', + require => Vcsrepo['/srv/leap/webapp'], + target => $webapp['tail_scss']; - '/srv/leap-webapp/app/assets/stylesheets/head.scss': - ensure => 'link', - target => $webapp['head_scss']; + '/srv/leap/webapp/app/assets/stylesheets/head.scss': + ensure => 'link', + require => Vcsrepo['/srv/leap/webapp'], + target => $webapp['head_scss']; - '/srv/leap-webapp/public/img': - ensure => 'link', - target => $webapp['img_dir']; + '/srv/leap/webapp/public/img': + ensure => 'link', + require => Vcsrepo['/srv/leap/webapp'], + target => $webapp['img_dir']; } file { @@ -121,6 +131,7 @@ class site_webapp { owner => leap-webapp, group => leap-webapp, mode => '0600', + require => Vcsrepo['/srv/leap/webapp'], notify => Service['apache']; } -- cgit v1.2.3 From 672154a8322901b86c9882854234eae53221a38e Mon Sep 17 00:00:00 2001 From: elijah Date: Sat, 6 Jul 2013 22:59:50 -0700 Subject: site_webapp -- make bundler not install test-only or development-only gems. --- puppet/modules/site_webapp/manifests/init.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_webapp/manifests') diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index 1dfe6936..e743dc07 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -52,7 +52,7 @@ class site_webapp { exec { 'bundler_update': cwd => '/srv/leap/webapp', - command => '/bin/bash -c "/usr/bin/bundle check || /usr/bin/bundle install --path vendor/bundle"', + command => '/bin/bash -c "/usr/bin/bundle check || /usr/bin/bundle install --path vendor/bundle --without test development"', unless => '/usr/bin/bundle check', user => 'leap-webapp', timeout => 600, -- cgit v1.2.3