From 8478e8613ded138b5d68b122cb82f5418a199764 Mon Sep 17 00:00:00 2001 From: elijah Date: Thu, 11 Jul 2013 10:04:21 -0700 Subject: changes to support restrictive permissions for /etc/leap. this is required to work with the latest leap_cli. --- puppet/modules/site_webapp/manifests/init.pp | 29 +++++++++++++++++++--------- 1 file changed, 20 insertions(+), 9 deletions(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index e743dc07..103a0faf 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -107,24 +107,35 @@ class site_webapp { try::file { '/srv/leap/webapp/public/favicon.ico': - ensure => 'link', + ensure => present, + owner => leap-webapp, + group => leap-webapp, require => Vcsrepo['/srv/leap/webapp'], - target => $webapp['favicon']; + source => $webapp['favicon']; '/srv/leap/webapp/app/assets/stylesheets/tail.scss': - ensure => 'link', + ensure => present, + owner => leap-webapp, + group => leap-webapp, require => Vcsrepo['/srv/leap/webapp'], - target => $webapp['tail_scss']; + source => $webapp['tail_scss']; '/srv/leap/webapp/app/assets/stylesheets/head.scss': - ensure => 'link', + ensure => present, + owner => leap-webapp, + group => leap-webapp, require => Vcsrepo['/srv/leap/webapp'], - target => $webapp['head_scss']; + source => $webapp['head_scss']; '/srv/leap/webapp/public/img': - ensure => 'link', - require => Vcsrepo['/srv/leap/webapp'], - target => $webapp['img_dir']; + ensure => directory, + recurse => true, + purge => true, + force => true, + owner => leap-webapp, + group => leap-webapp, + mode => '0644', + source => $webapp['img_dir']; } file { -- cgit v1.2.3 From 984a6d2e22ff3f11d9b772f9a86e6d75f5e14f4b Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 23 Jul 2013 17:29:51 +0200 Subject: /srv/leap/webapp/public/img: require => Vcsrepo['/srv/leap/webapp'] --- puppet/modules/site_webapp/manifests/init.pp | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index 103a0faf..f3c28f49 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -128,14 +128,15 @@ class site_webapp { source => $webapp['head_scss']; '/srv/leap/webapp/public/img': - ensure => directory, + ensure => directory, recurse => true, - purge => true, - force => true, - owner => leap-webapp, - group => leap-webapp, - mode => '0644', - source => $webapp['img_dir']; + purge => true, + force => true, + owner => leap-webapp, + group => leap-webapp, + mode => '0644', + require => Vcsrepo['/srv/leap/webapp'], + source => $webapp['img_dir']; } file { -- cgit v1.2.3 From 87959aa1cda7e942fd0db89857c79e09876006c0 Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 23 Jul 2013 17:59:41 +0200 Subject: not need for file { '/srv/leap/webapp': }, we have vcsrepo { '/srv/leap/webapp': } --- puppet/modules/site_webapp/manifests/init.pp | 7 ------- 1 file changed, 7 deletions(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index f3c28f49..1071ea1d 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -31,13 +31,6 @@ class site_webapp { require => [ Group['leap-webapp'] ]; } - file { '/srv/leap/webapp': - ensure => directory, - owner => 'leap-webapp', - group => 'leap-webapp', - require => User['leap-webapp']; - } - vcsrepo { '/srv/leap/webapp': ensure => present, force => true, -- cgit v1.2.3 From 3368fe07aac81e1bef8701c106234a6d67ccad6d Mon Sep 17 00:00:00 2001 From: elijah Date: Mon, 29 Jul 2013 17:13:34 -0700 Subject: site_webapp bugfix - get compile_assets to run by ensuring .scss files are created beforehand and have the correct permissions. --- puppet/modules/site_webapp/manifests/init.pp | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index 1071ea1d..4815bab4 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -55,8 +55,9 @@ class site_webapp { exec { 'compile_assets': cwd => '/srv/leap/webapp', - command => '/bin/bash -c "/usr/bin/bundle exec rake assets:precompile"', + command => '/usr/bin/bundle exec rake assets:precompile', user => 'leap-webapp', + logoutput => on_failure, require => Exec['bundler_update'], notify => Service['apache']; } @@ -103,6 +104,7 @@ class site_webapp { ensure => present, owner => leap-webapp, group => leap-webapp, + mode => '0644', require => Vcsrepo['/srv/leap/webapp'], source => $webapp['favicon']; @@ -110,15 +112,19 @@ class site_webapp { ensure => present, owner => leap-webapp, group => leap-webapp, + mode => '0644', require => Vcsrepo['/srv/leap/webapp'], - source => $webapp['tail_scss']; + source => $webapp['tail_scss'], + before => Exec['bundler_update']; '/srv/leap/webapp/app/assets/stylesheets/head.scss': ensure => present, owner => leap-webapp, group => leap-webapp, + mode => '0644', require => Vcsrepo['/srv/leap/webapp'], - source => $webapp['head_scss']; + source => $webapp['head_scss'], + before => Exec['bundler_update']; '/srv/leap/webapp/public/img': ensure => directory, -- cgit v1.2.3 From 7ac64237fcb09893ae36b1b2f278e1474df8c49b Mon Sep 17 00:00:00 2001 From: elijah Date: Tue, 30 Jul 2013 13:10:52 -0700 Subject: site_webapp - add support for haproxy weights and backup servers (resolves #3278) --- .../site_webapp/templates/haproxy_couchdb.cfg.erb | 25 ++++++++++++++-------- 1 file changed, 16 insertions(+), 9 deletions(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/templates/haproxy_couchdb.cfg.erb b/puppet/modules/site_webapp/templates/haproxy_couchdb.cfg.erb index f08161ee..914a964e 100644 --- a/puppet/modules/site_webapp/templates/haproxy_couchdb.cfg.erb +++ b/puppet/modules/site_webapp/templates/haproxy_couchdb.cfg.erb @@ -1,16 +1,23 @@ listen bigcouch-in - mode http + mode http balance roundrobin - option httplog - option dontlognull - option httpchk GET / - option http-server-close - + option httplog + option dontlognull + option httpchk GET / # health check using simple get to root + option http-server-close # use client keep-alive, but close server connection. + option allbackups # balance among all backups, not just one. + bind localhost:4096 -<% for port in @local_ports -%> - server couchdb_<%=port%> localhost:<%=port%> check inter 3000 fastinter 1000 downinter 1000 rise 2 fall 1 -<% end -%> + default-server inter 3000 fastinter 1000 downinter 1000 rise 2 fall 1 + +<%- if @haproxy['servers'] -%> +<%- @haproxy['servers'].each do |name,server| -%> +<%- backup = server['backup'] ? 'backup' : '' -%> + # <%=name%> + server couchdb_<%=server['port']%> <%=server['host']%>:<%=server['port']%> <%=backup%> weight <%=server['weight']%> check +<%- end -%> +<%- end -%> -- cgit v1.2.3 From b87bd57ad010ee6f091f77b8b1f653afafc0e4c7 Mon Sep 17 00:00:00 2001 From: elijah Date: Sun, 28 Jul 2013 18:14:01 -0700 Subject: added webapp.secure flag (turns on secure cookies and HSTS) --- puppet/modules/site_webapp/templates/config.yml.erb | 1 + 1 file changed, 1 insertion(+) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/templates/config.yml.erb b/puppet/modules/site_webapp/templates/config.yml.erb index df562cd9..8b4b3bbe 100644 --- a/puppet/modules/site_webapp/templates/config.yml.erb +++ b/puppet/modules/site_webapp/templates/config.yml.erb @@ -2,6 +2,7 @@ production: admins: [admin] domain: <%= @provider_domain %> + force_ssl: <%= @webapp['secure'] %> client_ca_key: <%= scope.lookupvar('site_webapp::client_ca::key_path') %> client_ca_cert: <%= scope.lookupvar('site_webapp::client_ca::cert_path') %> secret_token: "<%= @secret_token %>" -- cgit v1.2.3 From 95fc96fc7642e389172b02cb8ef7d4b7689cb7df Mon Sep 17 00:00:00 2001 From: elijah Date: Mon, 29 Jul 2013 01:10:33 -0700 Subject: webapp - use hiera config "webapp.admins" for the list of admin usernames, default to empty list. --- puppet/modules/site_webapp/templates/config.yml.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/templates/config.yml.erb b/puppet/modules/site_webapp/templates/config.yml.erb index 8b4b3bbe..05d62d41 100644 --- a/puppet/modules/site_webapp/templates/config.yml.erb +++ b/puppet/modules/site_webapp/templates/config.yml.erb @@ -1,6 +1,6 @@ <%- cert_options = @webapp['client_certificates'] -%> production: - admins: [admin] + admins: <%= @webapp['admins'].inspect %> domain: <%= @provider_domain %> force_ssl: <%= @webapp['secure'] %> client_ca_key: <%= scope.lookupvar('site_webapp::client_ca::key_path') %> -- cgit v1.2.3 From 5b52d1ed6e77416412a293be025580261284aa37 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Wed, 14 Aug 2013 10:09:46 -0400 Subject: Fix problem where webapp production.log had the wrong permissions - #3471 Change-Id: I20a6ecc43e36fc1e8416c46f7e4d14726995d2f2 --- puppet/modules/site_webapp/manifests/couchdb.pp | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index b4ef0980..ac01a5bc 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -39,7 +39,15 @@ class site_webapp::couchdb { mode => '0600', require => Vcsrepo['/srv/leap/webapp']; - '/srv/leap/webapp/logs/production.log': + '/srv/leap/webapp/log': + ensure => directory, + owner => leap-webapp, + group => leap-webapp, + mode => '0755', + require => Vcsrepo['/srv/leap/webapp']; + + '/srv/leap/webapp/log/production.log': + ensure => present, owner => leap-webapp, group => leap-webapp, mode => '0666', -- cgit v1.2.3 From c4024b72d5aeebbd814a78c741658ca50eb4dc71 Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 27 Jun 2013 11:44:31 +0200 Subject: make git forget about the changes due to symlinking files Git normally tracks the dummy files we replace with symlinks. So we tell it to ignore these changes on deploy. --- puppet/modules/site_webapp/manifests/init.pp | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index 4815bab4..ba7c7e0d 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -138,6 +138,12 @@ class site_webapp { source => $webapp['img_dir']; } + exec { 'git-assume-unchanged': + cwd => '/srv/leap/webapp', + command => '/bin/bash -c "/usr/bin/git update-index --assume-unchanged app/assets/stylesheets/head.scss app/assets/stylesheets/tail.scss public/favicon.ico"', + user => 'leap-webapp' + } + file { '/srv/leap/webapp/config/config.yml': content => template('site_webapp/config.yml.erb'), -- cgit v1.2.3 From b35146bf42bae91f1211b51dba568295f8d5b8f0 Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 26 Aug 2013 12:04:14 +0200 Subject: git:changes expect changes to certain files You can either ensure assume-unchanged or ensure those changes are tracked. Used to keep the git status clean. --- puppet/modules/site_webapp/manifests/git.pp | 30 ++++++++++++++++++++++++++++ puppet/modules/site_webapp/manifests/init.pp | 13 ++++++++---- 2 files changed, 39 insertions(+), 4 deletions(-) create mode 100644 puppet/modules/site_webapp/manifests/git.pp (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/git.pp b/puppet/modules/site_webapp/manifests/git.pp new file mode 100644 index 00000000..25862707 --- /dev/null +++ b/puppet/modules/site_webapp/manifests/git.pp @@ -0,0 +1,30 @@ +# Usage +# git::changes { name: +# user => "me", +# ensure => {*assume-unchanged*, tracked} +# } +# + +define git::changes ( $user, $ensure='assume-unchanged' ) { + + case $ensure { + default: { err ( "unknown ensure value '${ensure}'" ) } + + assume-unchanged: { + exec { "assume-unchanged ${name}": + command => "/usr/bin/git update-index --assume-unchanged ${name}", + user => $user, + unless => "/usr/bin/git ls-files -v | grep '^[ch] ${name}'", + } + } + + tracked: { + exec { "assume-unchanged ${name}": + command => "/usr/bin/git update-index --no-assume-unchanged ${name}", + user => $user, + onlyif => "/usr/bin/git ls-files -v | grep '^[ch] ${name}'", + } + } + } +} + diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index ba7c7e0d..a8807a1a 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -138,10 +138,15 @@ class site_webapp { source => $webapp['img_dir']; } - exec { 'git-assume-unchanged': - cwd => '/srv/leap/webapp', - command => '/bin/bash -c "/usr/bin/git update-index --assume-unchanged app/assets/stylesheets/head.scss app/assets/stylesheets/tail.scss public/favicon.ico"', - user => 'leap-webapp' + git:changes { + '/srv/leap/webapp/app/assets/stylesheets/head.scss': + user => 'leap-webapp'; + + '/srv/leap/webapp/app/assets/stylesheets/tail.scss': + user => 'leap-webapp'; + + '/srv/leap/webapp/public/favicon.ico': + user => 'leap-webapp'; } file { -- cgit v1.2.3 From 3aa062ecb934731aa5876e60bb7c9086bcbb5742 Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 26 Aug 2013 12:21:08 +0200 Subject: specify cwd when using git:changes --- puppet/modules/site_webapp/manifests/git.pp | 5 ++++- puppet/modules/site_webapp/manifests/init.pp | 11 +++++++---- 2 files changed, 11 insertions(+), 5 deletions(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/git.pp b/puppet/modules/site_webapp/manifests/git.pp index 25862707..908bc1a4 100644 --- a/puppet/modules/site_webapp/manifests/git.pp +++ b/puppet/modules/site_webapp/manifests/git.pp @@ -1,11 +1,12 @@ # Usage # git::changes { name: +# cwd => "/path/to/git/" # user => "me", # ensure => {*assume-unchanged*, tracked} # } # -define git::changes ( $user, $ensure='assume-unchanged' ) { +define git::changes ( $cwd, $user, $ensure='assume-unchanged' ) { case $ensure { default: { err ( "unknown ensure value '${ensure}'" ) } @@ -13,6 +14,7 @@ define git::changes ( $user, $ensure='assume-unchanged' ) { assume-unchanged: { exec { "assume-unchanged ${name}": command => "/usr/bin/git update-index --assume-unchanged ${name}", + cwd => $cwd, user => $user, unless => "/usr/bin/git ls-files -v | grep '^[ch] ${name}'", } @@ -21,6 +23,7 @@ define git::changes ( $user, $ensure='assume-unchanged' ) { tracked: { exec { "assume-unchanged ${name}": command => "/usr/bin/git update-index --no-assume-unchanged ${name}", + cwd => $cwd, user => $user, onlyif => "/usr/bin/git ls-files -v | grep '^[ch] ${name}'", } diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index a8807a1a..4bae2088 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -138,14 +138,17 @@ class site_webapp { source => $webapp['img_dir']; } - git:changes { - '/srv/leap/webapp/app/assets/stylesheets/head.scss': + git::changes { + 'app/assets/stylesheets/head.scss': + cwd => '/srv/leap/webapp', user => 'leap-webapp'; - '/srv/leap/webapp/app/assets/stylesheets/tail.scss': + 'app/assets/stylesheets/tail.scss': + cwd => '/srv/leap/webapp', user => 'leap-webapp'; - '/srv/leap/webapp/public/favicon.ico': + 'public/favicon.ico': + cwd => '/srv/leap/webapp', user => 'leap-webapp'; } -- cgit v1.2.3 From b1a8cfe5f82f2d96514fbfacff930fdd58dec5b8 Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 27 Aug 2013 14:16:00 +0200 Subject: move git::changes into git module, whitespace fix --- puppet/modules/site_webapp/manifests/git.pp | 33 ---------------------------- puppet/modules/site_webapp/manifests/init.pp | 2 +- 2 files changed, 1 insertion(+), 34 deletions(-) delete mode 100644 puppet/modules/site_webapp/manifests/git.pp (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/git.pp b/puppet/modules/site_webapp/manifests/git.pp deleted file mode 100644 index 908bc1a4..00000000 --- a/puppet/modules/site_webapp/manifests/git.pp +++ /dev/null @@ -1,33 +0,0 @@ -# Usage -# git::changes { name: -# cwd => "/path/to/git/" -# user => "me", -# ensure => {*assume-unchanged*, tracked} -# } -# - -define git::changes ( $cwd, $user, $ensure='assume-unchanged' ) { - - case $ensure { - default: { err ( "unknown ensure value '${ensure}'" ) } - - assume-unchanged: { - exec { "assume-unchanged ${name}": - command => "/usr/bin/git update-index --assume-unchanged ${name}", - cwd => $cwd, - user => $user, - unless => "/usr/bin/git ls-files -v | grep '^[ch] ${name}'", - } - } - - tracked: { - exec { "assume-unchanged ${name}": - command => "/usr/bin/git update-index --no-assume-unchanged ${name}", - cwd => $cwd, - user => $user, - onlyif => "/usr/bin/git ls-files -v | grep '^[ch] ${name}'", - } - } - } -} - diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index 4bae2088..1db52477 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -138,7 +138,7 @@ class site_webapp { source => $webapp['img_dir']; } - git::changes { + git::changes { 'app/assets/stylesheets/head.scss': cwd => '/srv/leap/webapp', user => 'leap-webapp'; -- cgit v1.2.3 From 579a9d4d2f68d020c993d1c680eb9022d8c789e3 Mon Sep 17 00:00:00 2001 From: Azul Date: Wed, 28 Aug 2013 13:00:27 +0200 Subject: require VCS repo before git assume-unchanged (feature #1608) --- puppet/modules/site_webapp/manifests/init.pp | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index 1db52477..84ec8fab 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -54,12 +54,12 @@ class site_webapp { } exec { 'compile_assets': - cwd => '/srv/leap/webapp', - command => '/usr/bin/bundle exec rake assets:precompile', - user => 'leap-webapp', + cwd => '/srv/leap/webapp', + command => '/usr/bin/bundle exec rake assets:precompile', + user => 'leap-webapp', logoutput => on_failure, - require => Exec['bundler_update'], - notify => Service['apache']; + require => Exec['bundler_update'], + notify => Service['apache']; } file { @@ -74,14 +74,14 @@ class site_webapp { target => '/usr/local/share/ca-certificates/leap_api.crt'; "/srv/leap/webapp/public/${api_version}": - ensure => directory, + ensure => directory, require => Vcsrepo['/srv/leap/webapp'], - owner => leap-webapp, group => leap-webapp, mode => '0755'; + owner => leap-webapp, group => leap-webapp, mode => '0755'; "/srv/leap/webapp/public/${api_version}/config/": - ensure => directory, + ensure => directory, require => Vcsrepo['/srv/leap/webapp'], - owner => leap-webapp, group => leap-webapp, mode => '0755'; + owner => leap-webapp, group => leap-webapp, mode => '0755'; "/srv/leap/webapp/public/${api_version}/config/eip-service.json": content => $eip_service, @@ -141,14 +141,17 @@ class site_webapp { git::changes { 'app/assets/stylesheets/head.scss': cwd => '/srv/leap/webapp', + require => Vcsrepo['/srv/leap/webapp'], user => 'leap-webapp'; 'app/assets/stylesheets/tail.scss': cwd => '/srv/leap/webapp', + require => Vcsrepo['/srv/leap/webapp'], user => 'leap-webapp'; 'public/favicon.ico': cwd => '/srv/leap/webapp', + require => Vcsrepo['/srv/leap/webapp'], user => 'leap-webapp'; } -- cgit v1.2.3 From 323ceff1ea60bd3463821fc2295ffb790d822165 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Thu, 29 Aug 2013 15:05:15 -0400 Subject: create individual classes for the apache modules so they can be included more than once in different locations, depending on what services are configured on a node (#3612) Change-Id: Iff064d3d67baa132fb5198fea741522ab4e71770 --- puppet/modules/site_webapp/manifests/apache.pp | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/apache.pp b/puppet/modules/site_webapp/manifests/apache.pp index 8b340160..4331afe4 100644 --- a/puppet/modules/site_webapp/manifests/apache.pp +++ b/puppet/modules/site_webapp/manifests/apache.pp @@ -14,11 +14,9 @@ class site_webapp::apache { class { '::apache': no_default_site => true, ssl => true } - apache::module { - 'alias': ensure => present; - 'rewrite': ensure => present; - 'headers': ensure => present; - } + include site_apache::module::headers + include site_apache::module::rewrite + include site_apache::module::alias class { 'passenger': use_munin => false } -- cgit v1.2.3 From e2782d2153e176416224fb7ed8eb37ca6ca98ff3 Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 2 Sep 2013 10:59:45 +0200 Subject: specify RAILS_ENV when calling bundle assets-precompile (fixes #3638) We currently disable the billing gem in production while it's on in development and test. Therefore bundler will not install its dependencies - in particular the braintree gem when deploying. Since the RAILS_ENV was not specified rake was called with the default of 'development'. It therefore tried to load the development gems and failed when looking for 'braintree'. Specifying the production RAILS_ENV fixes this. It looks like we'll always need to specify RAILS_ENV when calling rake or we might want to export it to the environment in a separate task or the user config files such as .bashrc --- puppet/modules/site_webapp/manifests/init.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index 84ec8fab..b3a556a6 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -55,7 +55,7 @@ class site_webapp { exec { 'compile_assets': cwd => '/srv/leap/webapp', - command => '/usr/bin/bundle exec rake assets:precompile', + command => '/bin/bash -c "RAILS_ENV=production /usr/bin/bundle exec rake assets:precompile"', user => 'leap-webapp', logoutput => on_failure, require => Exec['bundler_update'], -- cgit v1.2.3 From c8488a381071aba3ebe88f8b84185d7b6ad8a625 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Wed, 4 Sep 2013 20:14:26 -0400 Subject: change git repository clone URIs from git:// to https:// (#3732) Change-Id: Ic700fec9cfb8e8474fb65dbdd4a1a537bf586ec9 --- puppet/modules/site_webapp/manifests/init.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index b3a556a6..9c4c2693 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -36,7 +36,7 @@ class site_webapp { force => true, revision => 'origin/master', provider => git, - source => 'git://code.leap.se/leap_web', + source => 'https://leap.se/git/leap_web', owner => 'leap-webapp', group => 'leap-webapp', require => [ User['leap-webapp'], Group['leap-webapp'] ], -- cgit v1.2.3 From a6a001c4b2bb147a3ef25f9058c48658bf1ef573 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Thu, 5 Sep 2013 14:23:15 -0400 Subject: require that shorewall is up before running bundler commands, it needs to pull things from git (#3756) Change-Id: If404452c54dedb7a39a910994dc68309257d351d --- puppet/modules/site_webapp/manifests/init.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index 9c4c2693..b4d5bb14 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -49,7 +49,7 @@ class site_webapp { unless => '/usr/bin/bundle check', user => 'leap-webapp', timeout => 600, - require => [ Class['bundler::install'], Vcsrepo['/srv/leap/webapp'] ], + require => [ Class['bundler::install'], Vcsrepo['/srv/leap/webapp'], Service['shorewall'] ], notify => Service['apache']; } -- cgit v1.2.3 From fcbf7c0b4df14149269b646b5ac8e66acd63647e Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 6 Sep 2013 17:37:03 +0200 Subject: use define instead of class for site_stunnel::setup (#3817) so it can be called multiple times --- puppet/modules/site_webapp/manifests/couchdb.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index ac01a5bc..4bafc7f3 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -60,7 +60,7 @@ class site_webapp::couchdb { mode => '0744'; } - class { 'site_stunnel::setup': + site_stunnel::setup { 'webapp_couchdb': cert_name => $cert_name, key => $key, cert => $cert, -- cgit v1.2.3 From 3e5e685200e9b5c3ac8567100e552929ea55d8e8 Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 13 Sep 2013 16:20:07 +0200 Subject: setup stunnel config to use default x509 cert,key+ca (#3837) * fix stunnel setups for couchdb, mx, webapp services --- puppet/modules/site_webapp/manifests/couchdb.pp | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index 4bafc7f3..f9a4eb6b 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -60,13 +60,7 @@ class site_webapp::couchdb { mode => '0744'; } - site_stunnel::setup { 'webapp_couchdb': - cert_name => $cert_name, - key => $key, - cert => $cert, - ca_name => $ca_name, - ca => $ca - } + include site_stunnel exec { 'migrate_design_documents': cwd => '/srv/leap/webapp', -- cgit v1.2.3 From 3388336b57cc59617b6dc8380beeeacfdb2fb5b3 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Wed, 18 Sep 2013 12:05:10 -0400 Subject: Setup a class dependency for every tag 'leap_service' to make sure that shorewall is setup before the service is setup. This is necessary due to the strict initial firewall that stops various service setup operations from happening, but is relaxed once shorewall is setup properly (#3782) Change-Id: Ia9640c4118aa0053cdb99e7bc11860fed5527501 --- puppet/modules/site_webapp/manifests/init.pp | 2 ++ 1 file changed, 2 insertions(+) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index b4d5bb14..97a75010 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -11,6 +11,8 @@ class site_webapp { $api_version = $webapp['api_version'] $secret_token = $webapp['secret_token'] + Class['site_config::default'] -> Class['site_webapp'] + include site_config::ruby include site_webapp::apache include site_webapp::couchdb -- cgit v1.2.3 From 1ce6cb5a30c5ee73d6474ac9c1bbd4c7819d9a73 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 19 Sep 2013 12:19:00 +0200 Subject: only deploy x509 stuff for nodes if it existes in hiera (Feature #3875) --- puppet/modules/site_webapp/manifests/couchdb.pp | 2 ++ 1 file changed, 2 insertions(+) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index f9a4eb6b..24f9279d 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -13,6 +13,8 @@ class site_webapp::couchdb { $couch_client = $stunnel['couch_client'] $couch_client_connect = $couch_client['connect'] + include site_config::x509::cert_key + include site_config::x509::ca include x509::variables $x509 = hiera('x509') $key = $x509['key'] -- cgit v1.2.3 From b798d716e5219d00b5b94ce8b80566e4b3bf0899 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 19 Sep 2013 13:11:24 +0200 Subject: webapp: Depend services on deployment of default key, cert and ca (Feature #3838) --- puppet/modules/site_webapp/manifests/apache.pp | 24 ++++++++-------------- puppet/modules/site_webapp/manifests/client_ca.pp | 25 ----------------------- puppet/modules/site_webapp/manifests/couchdb.pp | 19 ++++------------- puppet/modules/site_webapp/manifests/init.pp | 3 ++- 4 files changed, 15 insertions(+), 56 deletions(-) delete mode 100644 puppet/modules/site_webapp/manifests/client_ca.pp (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/apache.pp b/puppet/modules/site_webapp/manifests/apache.pp index 4331afe4..3dd1c4c7 100644 --- a/puppet/modules/site_webapp/manifests/apache.pp +++ b/puppet/modules/site_webapp/manifests/apache.pp @@ -8,9 +8,15 @@ class site_webapp::apache { $commercial_key = $x509['commercial_key'] $commercial_cert = $x509['commercial_cert'] $commercial_root = $x509['commercial_ca_cert'] - $api_key = $x509['key'] - $api_cert = $x509['cert'] - $api_root = $x509['ca_cert'] + + include site_config::x509::cert_key + include site_config::x509::ca + + include x509::variables + + X509::Cert[$site_config::params::cert_name] ~> Service[apache] + X509::Key[$site_config::params::cert_name] ~> Service[apache] + X509::Ca[$site_config::params::ca_name] ~> Service[apache] class { '::apache': no_default_site => true, ssl => true } @@ -34,29 +40,17 @@ class site_webapp::apache { 'leap_webapp': content => $commercial_key, notify => Service[apache]; - - 'leap_api': - content => $api_key, - notify => Service[apache]; } x509::cert { 'leap_webapp': content => $commercial_cert, notify => Service[apache]; - - 'leap_api': - content => $api_cert, - notify => Service[apache]; } x509::ca { 'leap_webapp': content => $commercial_root, notify => Service[apache]; - - 'leap_api': - content => $api_root, - notify => Service[apache]; } } diff --git a/puppet/modules/site_webapp/manifests/client_ca.pp b/puppet/modules/site_webapp/manifests/client_ca.pp deleted file mode 100644 index 0d9b15d6..00000000 --- a/puppet/modules/site_webapp/manifests/client_ca.pp +++ /dev/null @@ -1,25 +0,0 @@ -## -## This is for the special CA that is used exclusively for generating -## client certificates by the webapp. -## - -class site_webapp::client_ca { - include x509::variables - - $x509 = hiera('x509') - $cert_path = "${x509::variables::certs}/leap_client_ca.crt" - $key_path = "${x509::variables::keys}/leap_client_ca.key" - - x509::key { - 'leap_client_ca': - source => $x509['client_ca_key'], - group => 'leap-webapp', - notify => Service[apache]; - } - - x509::cert { - 'leap_client_ca': - source => $x509['client_ca_cert'], - notify => Service[apache]; - } -} diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index 24f9279d..5a5cccad 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -13,18 +13,7 @@ class site_webapp::couchdb { $couch_client = $stunnel['couch_client'] $couch_client_connect = $couch_client['connect'] - include site_config::x509::cert_key - include site_config::x509::ca include x509::variables - $x509 = hiera('x509') - $key = $x509['key'] - $cert = $x509['cert'] - $ca = $x509['ca_cert'] - $cert_name = 'leap_couchdb' - $ca_name = 'leap_ca' - $ca_path = "${x509::variables::local_CAs}/${ca_name}.crt" - $cert_path = "${x509::variables::certs}/${cert_name}.crt" - $key_path = "${x509::variables::keys}/${cert_name}.key" file { '/srv/leap/webapp/config/couchdb.yml.admin': @@ -73,10 +62,10 @@ class site_webapp::couchdb { $couchdb_stunnel_client_defaults = { 'connect_port' => $couch_client_connect, - 'client' => true, - 'cafile' => $ca_path, - 'key' => $key_path, - 'cert' => $cert_path, + 'client' => true, + 'cafile' => "${x509::variables::local_CAs}/${site_config::params::ca_name}.crt", + 'key' => "${x509::variables::keys}/${site_config::params::cert_name}.key", + 'cert' => "${x509::variables::certs}/${site_config::params::cert_name}.crt", } create_resources(site_stunnel::clients, $couch_client, $couchdb_stunnel_client_defaults) diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index 97a75010..4b06cea6 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -16,8 +16,9 @@ class site_webapp { include site_config::ruby include site_webapp::apache include site_webapp::couchdb - include site_webapp::client_ca include site_webapp::haproxy + include site_config::x509::cert_key + include site_config::x509::ca group { 'leap-webapp': ensure => present, -- cgit v1.2.3 From 0397643c8c10de21fb67e0de9cd86c323bbbc3da Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 19 Sep 2013 16:49:53 +0200 Subject: fix x509 path in webapp config.yml.erb (#3894) --- puppet/modules/site_webapp/templates/config.yml.erb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/templates/config.yml.erb b/puppet/modules/site_webapp/templates/config.yml.erb index 05d62d41..57e4ccb6 100644 --- a/puppet/modules/site_webapp/templates/config.yml.erb +++ b/puppet/modules/site_webapp/templates/config.yml.erb @@ -3,8 +3,8 @@ production: admins: <%= @webapp['admins'].inspect %> domain: <%= @provider_domain %> force_ssl: <%= @webapp['secure'] %> - client_ca_key: <%= scope.lookupvar('site_webapp::client_ca::key_path') %> - client_ca_cert: <%= scope.lookupvar('site_webapp::client_ca::cert_path') %> + client_ca_key: <%= scope.lookupvar('x509::variables::keys') %>/<%= scope.lookupvar('site_config::params::cert_name') %>.key + client_ca_cert: <%= scope.lookupvar('x509::variables::certs') %>/<%= scope.lookupvar('site_config::params::cert_name') %>.crt secret_token: "<%= @secret_token %>" client_cert_lifespan: <%= cert_options['life_span'].to_i %> client_cert_bit_size: <%= cert_options['bit_size'].to_i %> -- cgit v1.2.3 From 486a9cd3b7bd8d643a9623fd40db2286cdf52fc8 Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 20 Sep 2013 18:58:13 +0200 Subject: fix whitespace issues from https://review.leap.se/r/82 --- puppet/modules/site_webapp/templates/config.yml.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/templates/config.yml.erb b/puppet/modules/site_webapp/templates/config.yml.erb index 57e4ccb6..0ce623fc 100644 --- a/puppet/modules/site_webapp/templates/config.yml.erb +++ b/puppet/modules/site_webapp/templates/config.yml.erb @@ -4,7 +4,7 @@ production: domain: <%= @provider_domain %> force_ssl: <%= @webapp['secure'] %> client_ca_key: <%= scope.lookupvar('x509::variables::keys') %>/<%= scope.lookupvar('site_config::params::cert_name') %>.key - client_ca_cert: <%= scope.lookupvar('x509::variables::certs') %>/<%= scope.lookupvar('site_config::params::cert_name') %>.crt + client_ca_cert: <%= scope.lookupvar('x509::variables::certs') %>/<%= scope.lookupvar('site_config::params::cert_name') %>.crt secret_token: "<%= @secret_token %>" client_cert_lifespan: <%= cert_options['life_span'].to_i %> client_cert_bit_size: <%= cert_options['bit_size'].to_i %> -- cgit v1.2.3 From d7f5b368547f37cfa53cd606f3d72fab44b6bd7f Mon Sep 17 00:00:00 2001 From: elijah Date: Fri, 20 Sep 2013 12:15:36 -0700 Subject: use newer haproxy_servers macro in order to allow couchdb and webapp to be on the same node (requires latest leap_cli) --- puppet/modules/site_webapp/manifests/haproxy.pp | 1 - 1 file changed, 1 deletion(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/haproxy.pp b/puppet/modules/site_webapp/manifests/haproxy.pp index 4a7e3c25..b69c69da 100644 --- a/puppet/modules/site_webapp/manifests/haproxy.pp +++ b/puppet/modules/site_webapp/manifests/haproxy.pp @@ -3,7 +3,6 @@ class site_webapp::haproxy { include site_haproxy $haproxy = hiera('haproxy') - $local_ports = $haproxy['local_ports'] # Template uses $global_options, $defaults_options concat::fragment { 'leap_haproxy_webapp_couchdb': -- cgit v1.2.3 From a95e00f78e07d515b49de563ca5fbcd83be0d015 Mon Sep 17 00:00:00 2001 From: kwadronaut Date: Tue, 17 Sep 2013 20:09:10 +0200 Subject: adding fqdn as default servername and moving service.domain to ServerAlias (fixing #3384) node name and dns fqdn could be different Also note that on local deploys that warning from #3384 will continue to exist (because of dns) --- puppet/modules/site_webapp/manifests/apache.pp | 3 +++ 1 file changed, 3 insertions(+) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/apache.pp b/puppet/modules/site_webapp/manifests/apache.pp index 4331afe4..3d28ec83 100644 --- a/puppet/modules/site_webapp/manifests/apache.pp +++ b/puppet/modules/site_webapp/manifests/apache.pp @@ -4,6 +4,9 @@ class site_webapp::apache { $api_domain = $web_api['domain'] $api_port = $web_api['port'] + $web_domain = hiera('domain') + $domain_name = $web_domain['name'] + $x509 = hiera('x509') $commercial_key = $x509['commercial_key'] $commercial_cert = $x509['commercial_cert'] -- cgit v1.2.3 From ffa4504f81c0abecc62b068951ec147741028128 Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 24 Sep 2013 09:09:30 +0200 Subject: seperate cert and key deployment (#3918) --- puppet/modules/site_webapp/manifests/apache.pp | 3 ++- puppet/modules/site_webapp/manifests/init.pp | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/apache.pp b/puppet/modules/site_webapp/manifests/apache.pp index d604b00f..062344d7 100644 --- a/puppet/modules/site_webapp/manifests/apache.pp +++ b/puppet/modules/site_webapp/manifests/apache.pp @@ -12,7 +12,8 @@ class site_webapp::apache { $commercial_cert = $x509['commercial_cert'] $commercial_root = $x509['commercial_ca_cert'] - include site_config::x509::cert_key + include site_config::x509::cert + include site_config::x509::key include site_config::x509::ca include x509::variables diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index 4b06cea6..ff230417 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -17,7 +17,8 @@ class site_webapp { include site_webapp::apache include site_webapp::couchdb include site_webapp::haproxy - include site_config::x509::cert_key + include site_config::x509::cert + include site_config::x509::key include site_config::x509::ca group { 'leap-webapp': -- cgit v1.2.3 From 9fae612bd8d147321e0cb553610fcaf0140e84eb Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 24 Sep 2013 09:23:54 +0200 Subject: move commercial x509 deployment to site_x509 (Feature #3889) --- puppet/modules/site_webapp/manifests/apache.pp | 35 +++++--------------------- 1 file changed, 6 insertions(+), 29 deletions(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/apache.pp b/puppet/modules/site_webapp/manifests/apache.pp index 062344d7..6a199b9e 100644 --- a/puppet/modules/site_webapp/manifests/apache.pp +++ b/puppet/modules/site_webapp/manifests/apache.pp @@ -7,20 +7,14 @@ class site_webapp::apache { $web_domain = hiera('domain') $domain_name = $web_domain['name'] - $x509 = hiera('x509') - $commercial_key = $x509['commercial_key'] - $commercial_cert = $x509['commercial_cert'] - $commercial_root = $x509['commercial_ca_cert'] - - include site_config::x509::cert - include site_config::x509::key - include site_config::x509::ca - include x509::variables + include site_config::x509::commercial::cert + include site_config::x509::commercial::key + include site_config::x509::commercial::ca - X509::Cert[$site_config::params::cert_name] ~> Service[apache] - X509::Key[$site_config::params::cert_name] ~> Service[apache] - X509::Ca[$site_config::params::ca_name] ~> Service[apache] + Class['Site_config::X509::Commercial::Key'] ~> Service[apache] + Class['Site_config::X509::Commercial::Cert'] ~> Service[apache] + Class['Site_config::X509::Commercial::Ca'] ~> Service[apache] class { '::apache': no_default_site => true, ssl => true } @@ -40,21 +34,4 @@ class site_webapp::apache { content => template('site_apache/vhosts.d/api.conf.erb') } - x509::key { - 'leap_webapp': - content => $commercial_key, - notify => Service[apache]; - } - - x509::cert { - 'leap_webapp': - content => $commercial_cert, - notify => Service[apache]; - } - - x509::ca { - 'leap_webapp': - content => $commercial_root, - notify => Service[apache]; - } } -- cgit v1.2.3 From abb03cd19389188c38ccaeb96e3136cac5397563 Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 24 Sep 2013 17:15:35 +0200 Subject: https://bitmask.net/ca.crt gives 403 Forbidden (Bug #3919) --- puppet/modules/site_webapp/manifests/init.pp | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index ff230417..e630875c 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -17,8 +17,7 @@ class site_webapp { include site_webapp::apache include site_webapp::couchdb include site_webapp::haproxy - include site_config::x509::cert - include site_config::x509::key + include site_config::x509::cert_key include site_config::x509::ca group { 'leap-webapp': @@ -75,7 +74,7 @@ class site_webapp { '/srv/leap/webapp/public/ca.crt': ensure => link, require => Vcsrepo['/srv/leap/webapp'], - target => '/usr/local/share/ca-certificates/leap_api.crt'; + target => "${x509::variables::local_CAs}/${site_config::params::ca_name}.crt"; "/srv/leap/webapp/public/${api_version}": ensure => directory, -- cgit v1.2.3 From 0447e92ab5dcc3d8a07613a765c60db23252f278 Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 24 Sep 2013 17:55:22 +0200 Subject: added site_config::x509::client_ca::cert and site_config::x509::client_ca::key for client_ca deployment (#3917) --- puppet/modules/site_webapp/templates/config.yml.erb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/templates/config.yml.erb b/puppet/modules/site_webapp/templates/config.yml.erb index 0ce623fc..6b45abc2 100644 --- a/puppet/modules/site_webapp/templates/config.yml.erb +++ b/puppet/modules/site_webapp/templates/config.yml.erb @@ -3,8 +3,8 @@ production: admins: <%= @webapp['admins'].inspect %> domain: <%= @provider_domain %> force_ssl: <%= @webapp['secure'] %> - client_ca_key: <%= scope.lookupvar('x509::variables::keys') %>/<%= scope.lookupvar('site_config::params::cert_name') %>.key - client_ca_cert: <%= scope.lookupvar('x509::variables::certs') %>/<%= scope.lookupvar('site_config::params::cert_name') %>.crt + client_ca_key: <%= scope.lookupvar('x509::variables::keys') %>/<%= scope.lookupvar('site_config::params::client_ca_name') %>.key + client_ca_cert: <%= scope.lookupvar('x509::variables::local_CAs') %>/<%= scope.lookupvar('site_config::params::client_ca_name') %>.crt secret_token: "<%= @secret_token %>" client_cert_lifespan: <%= cert_options['life_span'].to_i %> client_cert_bit_size: <%= cert_options['bit_size'].to_i %> -- cgit v1.2.3 From 2a60f275d2ee5c0b93b8737fa80396817853ae83 Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 24 Sep 2013 19:15:16 +0200 Subject: webapp leftover for seperate cert and key deployment (Feature #3918) --- puppet/modules/site_webapp/manifests/init.pp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index e630875c..07d2b942 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -17,7 +17,8 @@ class site_webapp { include site_webapp::apache include site_webapp::couchdb include site_webapp::haproxy - include site_config::x509::cert_key + include site_config::x509::cert + include site_config::x509::key include site_config::x509::ca group { 'leap-webapp': -- cgit v1.2.3 From 2aa2ab27860166b2846abbfd4ed2afc76576f714 Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 24 Sep 2013 19:20:34 +0200 Subject: deploy client_ca on webapp node --- puppet/modules/site_webapp/manifests/init.pp | 2 ++ 1 file changed, 2 insertions(+) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index 07d2b942..c85a5ddc 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -20,6 +20,8 @@ class site_webapp { include site_config::x509::cert include site_config::x509::key include site_config::x509::ca + include site_config::x509::client_ca::ca + include site_config::x509::client_ca::key group { 'leap-webapp': ensure => present, -- cgit v1.2.3 From 23304bbc281ef25b9ad2a607631aaa728e9c7b29 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 10 Oct 2013 15:32:26 +0200 Subject: install ruby-dev for nickserver/webapp (#4079 + #4080) --- puppet/modules/site_webapp/manifests/init.pp | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index c85a5ddc..f305f1a9 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -13,7 +13,7 @@ class site_webapp { Class['site_config::default'] -> Class['site_webapp'] - include site_config::ruby + include site_config::ruby::dev include site_webapp::apache include site_webapp::couchdb include site_webapp::haproxy @@ -55,7 +55,11 @@ class site_webapp { unless => '/usr/bin/bundle check', user => 'leap-webapp', timeout => 600, - require => [ Class['bundler::install'], Vcsrepo['/srv/leap/webapp'], Service['shorewall'] ], + require => [ + Class['bundler::install'], + Vcsrepo['/srv/leap/webapp'], + Package['ruby-dev'], + Service['shorewall'] ], notify => Service['apache']; } -- cgit v1.2.3 From da6cb0546f91444d8c4e059eaa99f17fafe9c5a2 Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 11 Oct 2013 18:02:59 +0200 Subject: fixed issues from https://review.leap.se/r/98/ --- puppet/modules/site_webapp/manifests/init.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index f305f1a9..6c5bda4c 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -58,7 +58,7 @@ class site_webapp { require => [ Class['bundler::install'], Vcsrepo['/srv/leap/webapp'], - Package['ruby-dev'], + Class['site_config::ruby::dev'], Service['shorewall'] ], notify => Service['apache']; } -- cgit v1.2.3 From 4a75cd70b50969023c507b5c9ec2e8c36142f706 Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 11 Oct 2013 22:32:01 +0200 Subject: /etc/haproxy/haproxy.cfg changed randomly (Feature #4111) --- puppet/modules/site_webapp/templates/haproxy_couchdb.cfg.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/templates/haproxy_couchdb.cfg.erb b/puppet/modules/site_webapp/templates/haproxy_couchdb.cfg.erb index 914a964e..1fa01b96 100644 --- a/puppet/modules/site_webapp/templates/haproxy_couchdb.cfg.erb +++ b/puppet/modules/site_webapp/templates/haproxy_couchdb.cfg.erb @@ -13,7 +13,7 @@ listen bigcouch-in default-server inter 3000 fastinter 1000 downinter 1000 rise 2 fall 1 <%- if @haproxy['servers'] -%> -<%- @haproxy['servers'].each do |name,server| -%> +<%- @haproxy['servers'].sort.each do |name,server| -%> <%- backup = server['backup'] ? 'backup' : '' -%> # <%=name%> server couchdb_<%=server['port']%> <%=server['host']%>:<%=server['port']%> <%=backup%> weight <%=server['weight']%> check -- cgit v1.2.3 From 970fcd5d3262735c8ae7979a462cd77bf270b108 Mon Sep 17 00:00:00 2001 From: elijah Date: Wed, 13 Nov 2013 10:13:53 -0800 Subject: added custom index.html --- puppet/modules/site_webapp/manifests/init.pp | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index 6c5bda4c..d5687804 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -146,6 +146,14 @@ class site_webapp { mode => '0644', require => Vcsrepo['/srv/leap/webapp'], source => $webapp['img_dir']; + + '/srv/leap/webapp/app/views/home/index.html.haml': + ensure => present, + owner => leap-webapp, + group => leap-webapp, + mode => '0644', + require => Vcsrepo['/srv/leap/webapp'], + source => $webapp['home_page']; } git::changes { @@ -163,6 +171,11 @@ class site_webapp { cwd => '/srv/leap/webapp', require => Vcsrepo['/srv/leap/webapp'], user => 'leap-webapp'; + + 'app/views/home/index.html.haml': + cwd => '/srv/leap/webapp', + require => Vcsrepo['/srv/leap/webapp'], + user => 'leap-webapp'; } file { -- cgit v1.2.3 From 289a00a149ac08d01b8ee638620d8c2928966fa3 Mon Sep 17 00:00:00 2001 From: elijah Date: Fri, 15 Nov 2013 01:02:25 -0800 Subject: improvements to webapp deployment: allow for greater customization, allow for custom git source, improve apache config. --- puppet/modules/site_webapp/manifests/apache.pp | 1 + puppet/modules/site_webapp/manifests/init.pp | 64 ++++---------------------- 2 files changed, 11 insertions(+), 54 deletions(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/apache.pp b/puppet/modules/site_webapp/manifests/apache.pp index 6a199b9e..581922cb 100644 --- a/puppet/modules/site_webapp/manifests/apache.pp +++ b/puppet/modules/site_webapp/manifests/apache.pp @@ -21,6 +21,7 @@ class site_webapp::apache { include site_apache::module::headers include site_apache::module::rewrite include site_apache::module::alias + include site_apache::module::expires class { 'passenger': use_munin => false } diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index d5687804..c090c6a0 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -40,9 +40,9 @@ class site_webapp { vcsrepo { '/srv/leap/webapp': ensure => present, force => true, - revision => 'origin/master', + revision => $webapp['git']['revision'], provider => git, - source => 'https://leap.se/git/leap_web', + source => $webapp['git']['source'], owner => 'leap-webapp', group => 'leap-webapp', require => [ User['leap-webapp'], Group['leap-webapp'] ], @@ -63,6 +63,10 @@ class site_webapp { notify => Service['apache']; } + # + # NOTE: in order to support a webapp that is running on a subpath and not the root of the domain + # assets:precompile needs to be run with RAILS_RELATIVE_URL_ROOT=/application-root + # exec { 'compile_assets': cwd => '/srv/leap/webapp', command => '/bin/bash -c "RAILS_ENV=production /usr/bin/bundle exec rake assets:precompile"', @@ -110,72 +114,24 @@ class site_webapp { } try::file { - '/srv/leap/webapp/public/favicon.ico': - ensure => present, - owner => leap-webapp, - group => leap-webapp, - mode => '0644', - require => Vcsrepo['/srv/leap/webapp'], - source => $webapp['favicon']; - - '/srv/leap/webapp/app/assets/stylesheets/tail.scss': - ensure => present, - owner => leap-webapp, - group => leap-webapp, - mode => '0644', - require => Vcsrepo['/srv/leap/webapp'], - source => $webapp['tail_scss'], - before => Exec['bundler_update']; - - '/srv/leap/webapp/app/assets/stylesheets/head.scss': - ensure => present, - owner => leap-webapp, - group => leap-webapp, - mode => '0644', - require => Vcsrepo['/srv/leap/webapp'], - source => $webapp['head_scss'], - before => Exec['bundler_update']; - - '/srv/leap/webapp/public/img': + '/srv/leap/webapp/config/customization': ensure => directory, recurse => true, purge => true, force => true, owner => leap-webapp, group => leap-webapp, - mode => '0644', - require => Vcsrepo['/srv/leap/webapp'], - source => $webapp['img_dir']; - - '/srv/leap/webapp/app/views/home/index.html.haml': - ensure => present, - owner => leap-webapp, - group => leap-webapp, - mode => '0644', + mode => 'u=rwX,go=rX', require => Vcsrepo['/srv/leap/webapp'], - source => $webapp['home_page']; + notify => Exec['compile_assets'], + source => $webapp['customization_dir']; } git::changes { - 'app/assets/stylesheets/head.scss': - cwd => '/srv/leap/webapp', - require => Vcsrepo['/srv/leap/webapp'], - user => 'leap-webapp'; - - 'app/assets/stylesheets/tail.scss': - cwd => '/srv/leap/webapp', - require => Vcsrepo['/srv/leap/webapp'], - user => 'leap-webapp'; - 'public/favicon.ico': cwd => '/srv/leap/webapp', require => Vcsrepo['/srv/leap/webapp'], user => 'leap-webapp'; - - 'app/views/home/index.html.haml': - cwd => '/srv/leap/webapp', - require => Vcsrepo['/srv/leap/webapp'], - user => 'leap-webapp'; } file { -- cgit v1.2.3 From 4aedafa09dd40673ae654f685cbad1b01c72f84c Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 26 Nov 2013 20:37:55 -0500 Subject: add webapp cron entries to cleanup sessions and tokens (#4572) Change-Id: Ic1ef7e25f07cbbbcea9bcc90248479009904303e --- puppet/modules/site_webapp/manifests/cron.pp | 19 +++++++++++++++++++ puppet/modules/site_webapp/manifests/init.pp | 1 + 2 files changed, 20 insertions(+) create mode 100644 puppet/modules/site_webapp/manifests/cron.pp (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/cron.pp b/puppet/modules/site_webapp/manifests/cron.pp new file mode 100644 index 00000000..be997103 --- /dev/null +++ b/puppet/modules/site_webapp/manifests/cron.pp @@ -0,0 +1,19 @@ +class site_webapp::cron { + + # cron tasks that need to be performed to cleanup the database + cron { + 'remove_expired_sessions': + command => 'bundle exec rake cleanup:sessions', + cwd => '/srv/leap/webapp', + environment => 'RAILS_ENV=production', + hour => 2, + minute => 30; + + 'remove_expired_tokens': + command => 'bundle exec rake cleanup:tokens', + cwd => '/srv/leap/webapp', + environment => 'RAILS_ENV=production', + hour => 3, + minute => 0; + } +} diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index c090c6a0..cb94d328 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -17,6 +17,7 @@ class site_webapp { include site_webapp::apache include site_webapp::couchdb include site_webapp::haproxy + include site_webapp::cron include site_config::x509::cert include site_config::x509::key include site_config::x509::ca -- cgit v1.2.3 From 7f59d8c7f5a41125c17271b1cd55118dafa52151 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Thu, 28 Nov 2013 09:54:37 -0500 Subject: remove admin access from webapp Change-Id: Ib2ce0d38a8e4dd30ae6842bfb5579d9c3dd10f18 --- .../site_webapp/files/migrate_design_documents | 16 ---------------- puppet/modules/site_webapp/manifests/couchdb.pp | 22 ---------------------- puppet/modules/site_webapp/manifests/init.pp | 6 ++++-- .../site_webapp/templates/couchdb.yml.admin.erb | 9 --------- 4 files changed, 4 insertions(+), 49 deletions(-) delete mode 100644 puppet/modules/site_webapp/files/migrate_design_documents delete mode 100644 puppet/modules/site_webapp/templates/couchdb.yml.admin.erb (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/files/migrate_design_documents b/puppet/modules/site_webapp/files/migrate_design_documents deleted file mode 100644 index 6e24aa5b..00000000 --- a/puppet/modules/site_webapp/files/migrate_design_documents +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/sh - -cd /srv/leap/webapp - -# use admin credentials -cp config/couchdb.yml.admin config/couchdb.yml -chown leap-webapp:leap-webapp config/couchdb.yml - -# needs to be run twice -RAILS_ENV=production /usr/bin/bundle exec rake couchrest:migrate -RAILS_ENV=production /usr/bin/bundle exec rake couchrest:migrate - -# use user credentials and remove admin credentials -cp config/couchdb.yml.webapp config/couchdb.yml -chown leap-webapp:leap-webapp config/couchdb.yml - diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index 5a5cccad..7f6ebbc6 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -4,8 +4,6 @@ class site_webapp::couchdb { # haproxy listener on port localhost:4096, see site_webapp::haproxy $couchdb_host = 'localhost' $couchdb_port = '4096' - $couchdb_admin_user = $webapp['couchdb_admin_user']['username'] - $couchdb_admin_password = $webapp['couchdb_admin_user']['password'] $couchdb_webapp_user = $webapp['couchdb_webapp_user']['username'] $couchdb_webapp_password = $webapp['couchdb_webapp_user']['password'] @@ -16,13 +14,6 @@ class site_webapp::couchdb { include x509::variables file { - '/srv/leap/webapp/config/couchdb.yml.admin': - content => template('site_webapp/couchdb.yml.admin.erb'), - owner => leap-webapp, - group => leap-webapp, - mode => '0600', - require => Vcsrepo['/srv/leap/webapp']; - '/srv/leap/webapp/config/couchdb.yml.webapp': content => template('site_webapp/couchdb.yml.erb'), owner => leap-webapp, @@ -43,23 +34,10 @@ class site_webapp::couchdb { group => leap-webapp, mode => '0666', require => Vcsrepo['/srv/leap/webapp']; - - '/usr/local/sbin/migrate_design_documents': - source => 'puppet:///modules/site_webapp/migrate_design_documents', - owner => root, - group => root, - mode => '0744'; } include site_stunnel - exec { 'migrate_design_documents': - cwd => '/srv/leap/webapp', - command => '/usr/local/sbin/migrate_design_documents', - require => Exec['bundler_update'], - notify => Service['apache']; - } - $couchdb_stunnel_client_defaults = { 'connect_port' => $couch_client_connect, 'client' => true, diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index cb94d328..ae644287 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -65,9 +65,11 @@ class site_webapp { } # - # NOTE: in order to support a webapp that is running on a subpath and not the root of the domain - # assets:precompile needs to be run with RAILS_RELATIVE_URL_ROOT=/application-root + # NOTE: in order to support a webapp that is running on a subpath and not the + # root of the domain assets:precompile needs to be run with + # RAILS_RELATIVE_URL_ROOT=/application-root # + exec { 'compile_assets': cwd => '/srv/leap/webapp', command => '/bin/bash -c "RAILS_ENV=production /usr/bin/bundle exec rake assets:precompile"', diff --git a/puppet/modules/site_webapp/templates/couchdb.yml.admin.erb b/puppet/modules/site_webapp/templates/couchdb.yml.admin.erb deleted file mode 100644 index a0921add..00000000 --- a/puppet/modules/site_webapp/templates/couchdb.yml.admin.erb +++ /dev/null @@ -1,9 +0,0 @@ -production: - prefix: "" - protocol: 'http' - host: <%= @couchdb_host %> - port: <%= @couchdb_port %> - auto_update_design_doc: false - username: <%= @couchdb_admin_user %> - password: <%= @couchdb_admin_password %> - -- cgit v1.2.3 From 81ff8e2b6aaebae35098357146958a8011af85fe Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Thu, 28 Nov 2013 11:56:38 -0500 Subject: fix cwd in webapp cronjobs Change-Id: I2e189bf5e209c731077539a57f9b334ac66cd25b --- puppet/modules/site_webapp/manifests/cron.pp | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/cron.pp b/puppet/modules/site_webapp/manifests/cron.pp index be997103..811ad11d 100644 --- a/puppet/modules/site_webapp/manifests/cron.pp +++ b/puppet/modules/site_webapp/manifests/cron.pp @@ -3,15 +3,13 @@ class site_webapp::cron { # cron tasks that need to be performed to cleanup the database cron { 'remove_expired_sessions': - command => 'bundle exec rake cleanup:sessions', - cwd => '/srv/leap/webapp', + command => 'cd /srv/leap/webapp && bundle exec rake cleanup:sessions', environment => 'RAILS_ENV=production', hour => 2, minute => 30; 'remove_expired_tokens': - command => 'bundle exec rake cleanup:tokens', - cwd => '/srv/leap/webapp', + command => 'cd /srv/leap/webapp && bundle exec rake cleanup:tokens', environment => 'RAILS_ENV=production', hour => 3, minute => 0; -- cgit v1.2.3 From fefab2386f0fbd9f218dc0b361eb833875c27f56 Mon Sep 17 00:00:00 2001 From: elijah Date: Sun, 29 Dec 2013 22:16:03 -0800 Subject: added support for minimum client version checking --- puppet/modules/site_webapp/manifests/init.pp | 11 ++++++++++- puppet/modules/site_webapp/templates/config.yml.erb | 1 + 2 files changed, 11 insertions(+), 1 deletion(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index ae644287..f8216aa4 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -80,11 +80,20 @@ class site_webapp { } file { - '/srv/leap/webapp/public/provider.json': + '/srv/leap/webapp/config/provider': + ensure => directory, + require => Vcsrepo['/srv/leap/webapp'], + owner => leap-webapp, group => leap-webapp, mode => '0755'; + + '/srv/leap/webapp/config/provider/provider.json': content => $provider, require => Vcsrepo['/srv/leap/webapp'], owner => leap-webapp, group => leap-webapp, mode => '0644'; + # old provider.json location. this can be removed after everyone upgrades. + '/srv/leap/webapp/public/provider.json': + ensure => absent; + '/srv/leap/webapp/public/ca.crt': ensure => link, require => Vcsrepo['/srv/leap/webapp'], diff --git a/puppet/modules/site_webapp/templates/config.yml.erb b/puppet/modules/site_webapp/templates/config.yml.erb index 6b45abc2..98f8564e 100644 --- a/puppet/modules/site_webapp/templates/config.yml.erb +++ b/puppet/modules/site_webapp/templates/config.yml.erb @@ -14,3 +14,4 @@ production: allow_anonymous_certs: <%= @webapp['allow_anonymous_certs'].inspect %> limited_cert_prefix: "<%= cert_options['limited_prefix'] %>" unlimited_cert_prefix: "<%= cert_options['unlimited_prefix'] %>" + minimum_client_version: "<%= @webapp['client_version']['min'] %>" -- cgit v1.2.3 From fe1561855cd7be38190d54913f84bae5ab3c9a4a Mon Sep 17 00:00:00 2001 From: elijah Date: Wed, 8 Jan 2014 14:21:38 -0800 Subject: fix webapp couchdb.yml to be couchdb.yml not couchdb.yml.webapp --- puppet/modules/site_webapp/manifests/couchdb.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index 7f6ebbc6..ff743fba 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -14,7 +14,7 @@ class site_webapp::couchdb { include x509::variables file { - '/srv/leap/webapp/config/couchdb.yml.webapp': + '/srv/leap/webapp/config/couchdb.yml': content => template('site_webapp/couchdb.yml.erb'), owner => leap-webapp, group => leap-webapp, -- cgit v1.2.3 From e7fe6d504565b7e0234681ed500059a54739f2e3 Mon Sep 17 00:00:00 2001 From: varac Date: Wed, 22 Jan 2014 16:47:59 +0100 Subject: anonymize webapp ips (Bug #4896) --- puppet/modules/site_webapp/manifests/apache.pp | 1 + 1 file changed, 1 insertion(+) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/apache.pp b/puppet/modules/site_webapp/manifests/apache.pp index 581922cb..d327877a 100644 --- a/puppet/modules/site_webapp/manifests/apache.pp +++ b/puppet/modules/site_webapp/manifests/apache.pp @@ -22,6 +22,7 @@ class site_webapp::apache { include site_apache::module::rewrite include site_apache::module::alias include site_apache::module::expires + include site_apache::module::removeip class { 'passenger': use_munin => false } -- cgit v1.2.3 From 6255e58bf9ff3489bf2707bc2be9759ec5c7db68 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 6 Feb 2014 15:36:12 +0100 Subject: move leap_webapp.conf template to common.conf which is included by the nagios and webapp node (#5096) --- puppet/modules/site_webapp/manifests/apache.pp | 18 +----------------- 1 file changed, 1 insertion(+), 17 deletions(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/apache.pp b/puppet/modules/site_webapp/manifests/apache.pp index d327877a..21243d34 100644 --- a/puppet/modules/site_webapp/manifests/apache.pp +++ b/puppet/modules/site_webapp/manifests/apache.pp @@ -7,30 +7,14 @@ class site_webapp::apache { $web_domain = hiera('domain') $domain_name = $web_domain['name'] - include x509::variables - include site_config::x509::commercial::cert - include site_config::x509::commercial::key - include site_config::x509::commercial::ca - - Class['Site_config::X509::Commercial::Key'] ~> Service[apache] - Class['Site_config::X509::Commercial::Cert'] ~> Service[apache] - Class['Site_config::X509::Commercial::Ca'] ~> Service[apache] - - class { '::apache': no_default_site => true, ssl => true } - + include site_apache::common include site_apache::module::headers - include site_apache::module::rewrite include site_apache::module::alias include site_apache::module::expires include site_apache::module::removeip class { 'passenger': use_munin => false } - apache::vhost::file { - 'leap_webapp': - content => template('site_apache/vhosts.d/leap_webapp.conf.erb') - } - apache::vhost::file { 'api': content => template('site_apache/vhosts.d/api.conf.erb') -- cgit v1.2.3 From 5b15447055de66f30bc7f036a588dec4638b9a7d Mon Sep 17 00:00:00 2001 From: varac Date: Wed, 26 Feb 2014 14:52:04 +0100 Subject: check syslog for webapp errors --- puppet/modules/site_webapp/manifests/init.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index f8216aa4..d02a7261 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -157,5 +157,5 @@ class site_webapp { } include site_shorewall::webapp - + include site_check_mk::agent::webapp } -- cgit v1.2.3