From 515ca5ce0d19ac29fff6397c7b146ddabc123f05 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 20 Nov 2012 16:24:38 -0500 Subject: add initial site_webapp module --- puppet/modules/site_webapp/manifests/init.pp | 50 ++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 puppet/modules/site_webapp/manifests/init.pp (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp new file mode 100644 index 00000000..107aa617 --- /dev/null +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -0,0 +1,50 @@ +class site_webapp { + + Class[Ruby] -> Class[rubygems] -> Class[bundler::install] + + class { 'ruby': ruby_version => '1.9.3' } + + include rubygems + + class { 'bundler::install': install_method => '' } + + group { 'leap-webapp': + ensure => present, + allowdupe => false; + } + + user { 'leap-webapp': + ensure => present, + allowdupe => false, + gid => 'leap-webapp', + home => '/srv/leap-webapp', + require => [ Group['leap-webapp'] ]; + } + + file { '/srv/leap-webapp': + ensure => present, + owner => 'leap-webapp', + group => 'leap-webapp', + require => User['leap-webapp']; + } + + vcsrepo { '/srv/leap-webapp': + ensure => present, + revision => 'master', + provider => git, + source => 'git://code.leap.se/leap_web', + owner => 'leap-webapp', + group => 'leap-webapp', + require => [ User['leap-webapp'], Group['leap-webapp'] ], + notify => Exec['bundler_update'] + } + + exec { 'bundler_update': + cwd => '/srv/leap-webapp', + command => '/bin/bash -c \"/usr/bin/bundle check || /usr/bin/bundle install\"', + unless => '/usr/bin/bundle check', + require => [ Class['bundler::install'], Vcsrepo['/srv/leap-webapp'] ]; + } +} + + -- cgit v1.2.3 From 0d1ac3dc005721858623ca2e9f0a1d4bf50fff42 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Thu, 22 Nov 2012 11:06:26 -0500 Subject: remove escaping double-quotes, it turns out these are passed directly to the command causing it to fail --- puppet/modules/site_webapp/manifests/init.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index 107aa617..b44ef01a 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -41,7 +41,7 @@ class site_webapp { exec { 'bundler_update': cwd => '/srv/leap-webapp', - command => '/bin/bash -c \"/usr/bin/bundle check || /usr/bin/bundle install\"', + command => '/bin/bash -c "/usr/bin/bundle check || /usr/bin/bundle install"', unless => '/usr/bin/bundle check', require => [ Class['bundler::install'], Vcsrepo['/srv/leap-webapp'] ]; } -- cgit v1.2.3 From 2944b31e5cd4203938317076c895f0500f7bcf62 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Thu, 22 Nov 2012 11:26:50 -0500 Subject: switch to the develop branch for the webapp git repository for deployment/testing. when released, this should track a stable release --- puppet/modules/site_webapp/manifests/init.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index b44ef01a..de8c070a 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -30,7 +30,7 @@ class site_webapp { vcsrepo { '/srv/leap-webapp': ensure => present, - revision => 'master', + revision => 'develop', provider => git, source => 'git://code.leap.se/leap_web', owner => 'leap-webapp', -- cgit v1.2.3 From 74600045dacbdcfc3479f566e997320db5443908 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 22 Nov 2012 20:07:31 +0100 Subject: use origin/develop instead of develop as revision --- puppet/modules/site_webapp/manifests/init.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index de8c070a..99f6df6c 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -30,7 +30,7 @@ class site_webapp { vcsrepo { '/srv/leap-webapp': ensure => present, - revision => 'develop', + revision => 'origin/develop', provider => git, source => 'git://code.leap.se/leap_web', owner => 'leap-webapp', -- cgit v1.2.3 From da0d9f3c407ffdae0d7583ef148d7e37cbbc20ad Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 27 Nov 2012 11:12:17 -0500 Subject: add hiera keys for provider include site_webapp::apache --- puppet/modules/site_webapp/manifests/init.pp | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index 99f6df6c..08b7f92c 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -1,13 +1,17 @@ class site_webapp { + $definition_files = hiera('definition_files') + $provider = $definition_files['provider'] + Class[Ruby] -> Class[rubygems] -> Class[bundler::install] class { 'ruby': ruby_version => '1.9.3' } - include rubygems - class { 'bundler::install': install_method => '' } + include rubygems + include site_webapp::apache + group { 'leap-webapp': ensure => present, allowdupe => false; @@ -46,5 +50,3 @@ class site_webapp { require => [ Class['bundler::install'], Vcsrepo['/srv/leap-webapp'] ]; } } - - -- cgit v1.2.3 From a2e2f558bcfc4b35c7d81f282d73e06f78590113 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 27 Nov 2012 11:12:43 -0500 Subject: place the provider.json and ca.crt in the webroot --- puppet/modules/site_webapp/manifests/init.pp | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index 08b7f92c..22f69e7a 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -49,4 +49,15 @@ class site_webapp { unless => '/usr/bin/bundle check', require => [ Class['bundler::install'], Vcsrepo['/srv/leap-webapp'] ]; } + + file { + '/srv/leap-webapp/public/provider.json': + content => $provider, + owner => leap-webapp, group => leap-webapp, mode => '0644'; + + '/srv/leap-webapp/public/ca.crt': + content => $cert_root, + owner => leap-webapp, group => leap-webapp, mode => '0644'; + } + } -- cgit v1.2.3 From 0876cc7c712f273991cbb1177d7416afd0a1462d Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 27 Nov 2012 11:49:08 -0500 Subject: add site_webapp class to install the certs/keys/CAs and virtual host configurations --- puppet/modules/site_webapp/manifests/apache.pp | 61 ++++++++++++++++++++++++++ 1 file changed, 61 insertions(+) create mode 100644 puppet/modules/site_webapp/manifests/apache.pp (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/apache.pp b/puppet/modules/site_webapp/manifests/apache.pp new file mode 100644 index 00000000..d6470186 --- /dev/null +++ b/puppet/modules/site_webapp/manifests/apache.pp @@ -0,0 +1,61 @@ +class site_webapp::apache { + + $api_domain = hiera('api_domain') + $x509 = hiera('x509') + $commercial_key = $x509['commercial_key'] + $commercial_cert = $x509['commercial_cert'] + $commercial_root = $x509['commercial_ca_cert'] + $api_key = $x509['key'] + $api_cert = $x509['cert'] + $api_root = $x509['ca_cert'] + + $apache_no_default_site = true + include apache::ssl + + apache::module { + 'rewrite': ensure => present; + 'headers': ensure => present; + } + + class { 'passenger': use_munin => false } + + apache::vhost::file { + 'leap_webapp': + content => template('site_apache/vhosts.d/leap_webapp.conf.erb') + } + + apache::vhost::file { + 'api': + content => template('site_apache/vhosts.d/api.conf.erb') + } + + x509::key { + 'leap_webapp': + content => $commercial_key, + notify => Service[apache]; + + 'leap_api': + content => $api_key, + notify => Service[apache]; + } + + x509::cert { + 'leap_webapp': + content => $commercial_cert, + notify => Service[apache]; + + 'leap_api': + content => $api_cert, + notify => Service[apache]; + } + + x509::ca { + 'leap_webapp': + content => $commercial_root, + notify => Service[apache]; + + 'leap_api': + content => $api_root, + notify => Service[apache]; + } +} -- cgit v1.2.3 From e49f4038b9a5c6b8b0d3f0eed8735abf5ef54c0e Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 27 Nov 2012 14:40:10 -0500 Subject: map /1 -> document root --- puppet/modules/site_webapp/manifests/apache.pp | 1 + 1 file changed, 1 insertion(+) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/apache.pp b/puppet/modules/site_webapp/manifests/apache.pp index d6470186..8532cc38 100644 --- a/puppet/modules/site_webapp/manifests/apache.pp +++ b/puppet/modules/site_webapp/manifests/apache.pp @@ -13,6 +13,7 @@ class site_webapp::apache { include apache::ssl apache::module { + 'alias': ensure => present; 'rewrite': ensure => present; 'headers': ensure => present; } -- cgit v1.2.3 From 140975a265b971b14805370dc704e5a10806cd5f Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 27 Nov 2012 15:26:58 -0500 Subject: make sure the webapp/public/config directory exists and the eip-service.json is provided there --- puppet/modules/site_webapp/manifests/init.pp | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index 22f69e7a..5eaf9dc1 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -2,6 +2,7 @@ class site_webapp { $definition_files = hiera('definition_files') $provider = $definition_files['provider'] + $eap_service = $definition_files['eap_service'] Class[Ruby] -> Class[rubygems] -> Class[bundler::install] @@ -58,6 +59,14 @@ class site_webapp { '/srv/leap-webapp/public/ca.crt': content => $cert_root, owner => leap-webapp, group => leap-webapp, mode => '0644'; + + '/srv/leap-webapp/public/config': + ensure => directory, + owner => leap-webapp, group => leap-webapp, mode => '0755'; + + '/srv/leap-webapp/public/config/eip-service.json': + content => $eap_service, + owner => leap-webapp, group => leap-webapp, mode => '0644'; } } -- cgit v1.2.3 From 6272b9f72808afc4f5b93616df313d079580fbf7 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 27 Nov 2012 15:27:43 -0500 Subject: setup the couchdb class to provide the couchdb connection parameters --- puppet/modules/site_webapp/manifests/couchdb.pp | 16 ++++++++++++++++ puppet/modules/site_webapp/manifests/init.pp | 1 + 2 files changed, 17 insertions(+) create mode 100644 puppet/modules/site_webapp/manifests/couchdb.pp (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp new file mode 100644 index 00000000..caa4f19b --- /dev/null +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -0,0 +1,16 @@ +class site_webapp::couchdb { + + $webapp = hiera_array('webapp') + $couchdb_host = $webapp['couchdb_hosts'] + $couchdb_user = $webapp['couchdb_user']['username'] + $couchdb_password = $webapp['couchdb_user']['password'] + + file { + '/srv/leap-webapp/config/couchdb.yml': + content => template('couchdb.yml.erb'), + owner => leap-webapp, + group => leap-webapp, + mode => '0600'; + } + +} diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index 5eaf9dc1..3c374d93 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -12,6 +12,7 @@ class site_webapp { include rubygems include site_webapp::apache + include site_webapp::couchdb group { 'leap-webapp': ensure => present, -- cgit v1.2.3 From e47e7fc15183a5ba4f879c2046ab29515f528903 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 27 Nov 2012 15:34:22 -0500 Subject: add the couchdb configuration template --- puppet/modules/site_webapp/templates/couchdb.yml | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 puppet/modules/site_webapp/templates/couchdb.yml (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/templates/couchdb.yml b/puppet/modules/site_webapp/templates/couchdb.yml new file mode 100644 index 00000000..f5132599 --- /dev/null +++ b/puppet/modules/site_webapp/templates/couchdb.yml @@ -0,0 +1,7 @@ +production: + protocol: 'https' + host: <%= couchdb_host %> + port: 443 + username: <%= couchdb_user %> + password: <%= couchdb_password %> + -- cgit v1.2.3 From c1bc263947c3265d4e9e5b2780765351036f756a Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 27 Nov 2012 16:01:40 -0500 Subject: fix name of couchdb.yml template --- puppet/modules/site_webapp/templates/couchdb.yml | 7 ------- puppet/modules/site_webapp/templates/couchdb.yml.erb | 7 +++++++ 2 files changed, 7 insertions(+), 7 deletions(-) delete mode 100644 puppet/modules/site_webapp/templates/couchdb.yml create mode 100644 puppet/modules/site_webapp/templates/couchdb.yml.erb (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/templates/couchdb.yml b/puppet/modules/site_webapp/templates/couchdb.yml deleted file mode 100644 index f5132599..00000000 --- a/puppet/modules/site_webapp/templates/couchdb.yml +++ /dev/null @@ -1,7 +0,0 @@ -production: - protocol: 'https' - host: <%= couchdb_host %> - port: 443 - username: <%= couchdb_user %> - password: <%= couchdb_password %> - diff --git a/puppet/modules/site_webapp/templates/couchdb.yml.erb b/puppet/modules/site_webapp/templates/couchdb.yml.erb new file mode 100644 index 00000000..f5132599 --- /dev/null +++ b/puppet/modules/site_webapp/templates/couchdb.yml.erb @@ -0,0 +1,7 @@ +production: + protocol: 'https' + host: <%= couchdb_host %> + port: 443 + username: <%= couchdb_user %> + password: <%= couchdb_password %> + -- cgit v1.2.3 From 77368affb8773cf91755f47e25c378c7472fb50b Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 27 Nov 2012 16:02:05 -0500 Subject: fix name of eip_service --- puppet/modules/site_webapp/manifests/init.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index 3c374d93..c5f33b5a 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -2,7 +2,7 @@ class site_webapp { $definition_files = hiera('definition_files') $provider = $definition_files['provider'] - $eap_service = $definition_files['eap_service'] + $eip_service = $definition_files['eip_service'] Class[Ruby] -> Class[rubygems] -> Class[bundler::install] @@ -66,7 +66,7 @@ class site_webapp { owner => leap-webapp, group => leap-webapp, mode => '0755'; '/srv/leap-webapp/public/config/eip-service.json': - content => $eap_service, + content => $eip_service, owner => leap-webapp, group => leap-webapp, mode => '0644'; } -- cgit v1.2.3 From a706fff9f79d6f57eff4ec238c3f316c33ae278a Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 27 Nov 2012 16:02:44 -0500 Subject: fix location of couchdb.yml template --- puppet/modules/site_webapp/manifests/couchdb.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index caa4f19b..38057bf6 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -7,7 +7,7 @@ class site_webapp::couchdb { file { '/srv/leap-webapp/config/couchdb.yml': - content => template('couchdb.yml.erb'), + content => template('site_webapp/couchdb.yml.erb'), owner => leap-webapp, group => leap-webapp, mode => '0600'; -- cgit v1.2.3 From 6f7f760f7f17da7cb0ff362eac3f78ab042f132d Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 27 Nov 2012 16:02:56 -0500 Subject: switch from hiera_array to just hiera --- puppet/modules/site_webapp/manifests/couchdb.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index 38057bf6..6cac666f 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -1,6 +1,6 @@ class site_webapp::couchdb { - $webapp = hiera_array('webapp') + $webapp = hiera('webapp') $couchdb_host = $webapp['couchdb_hosts'] $couchdb_user = $webapp['couchdb_user']['username'] $couchdb_password = $webapp['couchdb_user']['password'] -- cgit v1.2.3 From 737d286fdfb8036e8b1078efbec4f9902bc1108e Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Thu, 29 Nov 2012 15:54:46 -0500 Subject: updated bundler module to accept 'package' to install_method to be a little more obvious how it is operating --- puppet/modules/site_webapp/manifests/init.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index c5f33b5a..644cca98 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -8,7 +8,7 @@ class site_webapp { class { 'ruby': ruby_version => '1.9.3' } - class { 'bundler::install': install_method => '' } + class { 'bundler::install': install_method => 'package' } include rubygems include site_webapp::apache -- cgit v1.2.3 From ec7c030c73ab0215bca60494ff310d8b4a5a744d Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Thu, 29 Nov 2012 15:55:29 -0500 Subject: change ensure parameter to explicit 'directory' for /srv/leap-webapp --- puppet/modules/site_webapp/manifests/init.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index 644cca98..4da6242c 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -28,7 +28,7 @@ class site_webapp { } file { '/srv/leap-webapp': - ensure => present, + ensure => directory, owner => 'leap-webapp', group => 'leap-webapp', require => User['leap-webapp']; -- cgit v1.2.3 From 2727291d734ab5f45be3905982d42192119dce86 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Thu, 29 Nov 2012 15:56:14 -0500 Subject: change api CA cert deployment to just symlink to the already deployed file --- puppet/modules/site_webapp/manifests/init.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index 4da6242c..6a60ab15 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -58,8 +58,8 @@ class site_webapp { owner => leap-webapp, group => leap-webapp, mode => '0644'; '/srv/leap-webapp/public/ca.crt': - content => $cert_root, - owner => leap-webapp, group => leap-webapp, mode => '0644'; + ensure => link, + target => '/usr/local/share/ca-certificates/leap_api.crt'; '/srv/leap-webapp/public/config': ensure => directory, -- cgit v1.2.3 From 51bbe9d6d5ce7e780c25fe31d5250047c97b05e2 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 11 Dec 2012 16:45:56 -0500 Subject: fix couchdb port --- puppet/modules/site_webapp/templates/couchdb.yml.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/templates/couchdb.yml.erb b/puppet/modules/site_webapp/templates/couchdb.yml.erb index f5132599..be33770b 100644 --- a/puppet/modules/site_webapp/templates/couchdb.yml.erb +++ b/puppet/modules/site_webapp/templates/couchdb.yml.erb @@ -1,7 +1,7 @@ production: protocol: 'https' host: <%= couchdb_host %> - port: 443 + port: 6984 username: <%= couchdb_user %> password: <%= couchdb_password %> -- cgit v1.2.3 From 063f3329cb6ff5769ea4667516d2f8c63cd236b6 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 11 Dec 2012 18:55:41 -0500 Subject: add prefix to couchdb.yaml --- puppet/modules/site_webapp/templates/couchdb.yml.erb | 1 + 1 file changed, 1 insertion(+) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/templates/couchdb.yml.erb b/puppet/modules/site_webapp/templates/couchdb.yml.erb index be33770b..e5678680 100644 --- a/puppet/modules/site_webapp/templates/couchdb.yml.erb +++ b/puppet/modules/site_webapp/templates/couchdb.yml.erb @@ -1,4 +1,5 @@ production: + prefix: "" protocol: 'https' host: <%= couchdb_host %> port: 6984 -- cgit v1.2.3 From c3c23bbc27dee3fdcdf9aec6addcc816ad7b52ba Mon Sep 17 00:00:00 2001 From: elijah Date: Wed, 19 Dec 2012 12:12:16 -0800 Subject: webapp api now uses a customizable port (so that we don't try to rely on SNI for hosting two TLS domains on one IP). --- puppet/modules/site_webapp/manifests/apache.pp | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/apache.pp b/puppet/modules/site_webapp/manifests/apache.pp index 8532cc38..554b9147 100644 --- a/puppet/modules/site_webapp/manifests/apache.pp +++ b/puppet/modules/site_webapp/manifests/apache.pp @@ -1,6 +1,9 @@ class site_webapp::apache { - $api_domain = hiera('api_domain') + $web_api = hiera('api') + $api_domain = $web_api['domain'] + $api_port = $web_api['port'] + $x509 = hiera('x509') $commercial_key = $x509['commercial_key'] $commercial_cert = $x509['commercial_cert'] -- cgit v1.2.3 From a1fae6722d541fe52d45deb690785562d0751265 Mon Sep 17 00:00:00 2001 From: Azul Date: Thu, 3 Jan 2013 11:02:10 +0100 Subject: using master branch for webapp now. develop branch is no longer used in webapp dev and will be removed. --- puppet/modules/site_webapp/manifests/init.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index 6a60ab15..ebe58c95 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -36,7 +36,7 @@ class site_webapp { vcsrepo { '/srv/leap-webapp': ensure => present, - revision => 'origin/develop', + revision => 'origin/master', provider => git, source => 'git://code.leap.se/leap_web', owner => 'leap-webapp', -- cgit v1.2.3 From 886063ca1db3a4ce8fbd72e4ead9b5f2371979a5 Mon Sep 17 00:00:00 2001 From: elijah Date: Fri, 11 Jan 2013 17:12:49 -0800 Subject: configure webapp with correct domain --- puppet/modules/site_webapp/manifests/init.pp | 10 ++++++++++ puppet/modules/site_webapp/templates/config.yml.erb | 3 +++ puppet/modules/site_webapp/templates/couchdb.yml.erb | 6 +++--- 3 files changed, 16 insertions(+), 3 deletions(-) create mode 100644 puppet/modules/site_webapp/templates/config.yml.erb (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index ebe58c95..22695966 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -3,6 +3,8 @@ class site_webapp { $definition_files = hiera('definition_files') $provider = $definition_files['provider'] $eip_service = $definition_files['eip_service'] + $node_domain = hiera('domain') + $provider_domain = $node_domain['full_suffix'] Class[Ruby] -> Class[rubygems] -> Class[bundler::install] @@ -70,4 +72,12 @@ class site_webapp { owner => leap-webapp, group => leap-webapp, mode => '0644'; } + file { + '/srv/leap-webapp/config/config.yml': + content => template('site_webapp/config.yml.erb'), + owner => leap-webapp, + group => leap-webapp, + mode => '0600'; + } + } diff --git a/puppet/modules/site_webapp/templates/config.yml.erb b/puppet/modules/site_webapp/templates/config.yml.erb new file mode 100644 index 00000000..5e223a58 --- /dev/null +++ b/puppet/modules/site_webapp/templates/config.yml.erb @@ -0,0 +1,3 @@ +production: + admins: [admin] + domain: <%= @provider_domain %> diff --git a/puppet/modules/site_webapp/templates/couchdb.yml.erb b/puppet/modules/site_webapp/templates/couchdb.yml.erb index e5678680..ee521713 100644 --- a/puppet/modules/site_webapp/templates/couchdb.yml.erb +++ b/puppet/modules/site_webapp/templates/couchdb.yml.erb @@ -1,8 +1,8 @@ production: prefix: "" protocol: 'https' - host: <%= couchdb_host %> + host: <%= @couchdb_host %> port: 6984 - username: <%= couchdb_user %> - password: <%= couchdb_password %> + username: <%= @couchdb_user %> + password: <%= @couchdb_password %> -- cgit v1.2.3 From ec6c48ab589d4174dc192a01c4b99833227c5942 Mon Sep 17 00:00:00 2001 From: elijah Date: Sun, 13 Jan 2013 20:30:24 -0800 Subject: added ability to customize the webapp appearance --- puppet/modules/site_webapp/manifests/init.pp | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index 22695966..f7c6565e 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -5,6 +5,7 @@ class site_webapp { $eip_service = $definition_files['eip_service'] $node_domain = hiera('domain') $provider_domain = $node_domain['full_suffix'] + $webapp = hiera('webapp') Class[Ruby] -> Class[rubygems] -> Class[bundler::install] @@ -70,6 +71,22 @@ class site_webapp { '/srv/leap-webapp/public/config/eip-service.json': content => $eip_service, owner => leap-webapp, group => leap-webapp, mode => '0644'; + + '/srv/leap-webapp/public/favicon.ico': + ensure => 'link', + target => $webapp['favicon']; + + '/srv/leap-webapp/app/assets/stylesheets/tail.scss': + ensure => 'link', + target => $webapp['tail_scss']; + + '/srv/leap-webapp/app/assets/stylesheets/head.scss': + ensure => 'link', + target => $webapp['head_scss']; + + '/srv/leap-webapp/public/img': + ensure => 'link', + target => $webapp['img_dir']; } file { -- cgit v1.2.3 From 306a0e6c21d0e27035ba48530392eede59537516 Mon Sep 17 00:00:00 2001 From: elijah Date: Mon, 21 Jan 2013 22:41:51 -0800 Subject: client ca -- configure the webapp with the client ca --- puppet/modules/site_webapp/manifests/client_ca.pp | 24 ++++++++++++++++++++++ puppet/modules/site_webapp/manifests/init.pp | 1 + .../modules/site_webapp/templates/config.yml.erb | 2 ++ 3 files changed, 27 insertions(+) create mode 100644 puppet/modules/site_webapp/manifests/client_ca.pp (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/client_ca.pp b/puppet/modules/site_webapp/manifests/client_ca.pp new file mode 100644 index 00000000..53c49d69 --- /dev/null +++ b/puppet/modules/site_webapp/manifests/client_ca.pp @@ -0,0 +1,24 @@ +## +## This is for the special CA that is used exclusively for generating +## client certificates by the webapp. +## + +class site_webapp::client_ca { + include x509::variables + + $x509 = hiera('x509') + $cert_path = "${x509::variables::certs}/leap_client_ca.crt" + $key_path = "${x509::variables::keys}/leap_client_ca.key" + + x509::key { + 'leap_client_ca': + source => $x509['client_ca_key'], + notify => Service[apache]; + } + + x509::cert { + 'leap_client_ca': + source => $x509['client_ca_cert'], + notify => Service[apache]; + } +} diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index f7c6565e..717a9477 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -16,6 +16,7 @@ class site_webapp { include rubygems include site_webapp::apache include site_webapp::couchdb + include site_webapp::client_ca group { 'leap-webapp': ensure => present, diff --git a/puppet/modules/site_webapp/templates/config.yml.erb b/puppet/modules/site_webapp/templates/config.yml.erb index 5e223a58..9cf85f0c 100644 --- a/puppet/modules/site_webapp/templates/config.yml.erb +++ b/puppet/modules/site_webapp/templates/config.yml.erb @@ -1,3 +1,5 @@ production: admins: [admin] domain: <%= @provider_domain %> + client_ca_key: <%= scope.lookupvar('site_webapp::client_ca::key_path') %> + client_ca_cert: <%= scope.lookupvar('site_webapp::client_ca::cert_path') %> -- cgit v1.2.3 From b3f1d297973694f9aef9a7ab3d87799fc644f464 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 29 Jan 2013 16:38:39 -0500 Subject: test the $webapp['img_dir'] variable to see if it is undef or not, the default in the json is ~ (nil), which ends up being undef in puppet (closes #1575) --- puppet/modules/site_webapp/manifests/init.pp | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index 717a9477..c7d918ae 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -84,10 +84,14 @@ class site_webapp { '/srv/leap-webapp/app/assets/stylesheets/head.scss': ensure => 'link', target => $webapp['head_scss']; + } - '/srv/leap-webapp/public/img': - ensure => 'link', - target => $webapp['img_dir']; + if $webapp['img_dir'] != undef { + file { + '/srv/leap-webapp/public/img': + ensure => 'link', + target => $webapp['img_dir']; + } } file { -- cgit v1.2.3 From dda36946d405301d9123bb455753650920d0756a Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 31 Jan 2013 11:52:32 +0100 Subject: tag 'service' for all service classes --- puppet/modules/site_webapp/manifests/init.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index c7d918ae..d1951dcd 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -1,5 +1,5 @@ class site_webapp { - + tag 'service' $definition_files = hiera('definition_files') $provider = $definition_files['provider'] $eip_service = $definition_files['eip_service'] -- cgit v1.2.3 From e6fe80f9460b8bc013068e1dda8be6230b8d60a4 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 31 Jan 2013 19:09:19 +0100 Subject: tag 'base' is a bad idea because it invokes apache::base as well --- puppet/modules/site_webapp/manifests/init.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index d1951dcd..592241c1 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -1,5 +1,5 @@ class site_webapp { - tag 'service' + tag 'leap_service' $definition_files = hiera('definition_files') $provider = $definition_files['provider'] $eip_service = $definition_files['eip_service'] -- cgit v1.2.3 From 5a825f7f6045cea00d94bcebf339c8e2dff5b067 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Thu, 31 Jan 2013 18:31:02 -0500 Subject: update the x509 submodule to get non-root application access to key file enhancement put the leap-webapp user in the 'ssl-cert' group pass group => 'leap-webapp' to the leap_client_ca.key so the application can access it --- puppet/modules/site_webapp/manifests/client_ca.pp | 1 + puppet/modules/site_webapp/manifests/init.pp | 1 + 2 files changed, 2 insertions(+) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/client_ca.pp b/puppet/modules/site_webapp/manifests/client_ca.pp index 53c49d69..0d9b15d6 100644 --- a/puppet/modules/site_webapp/manifests/client_ca.pp +++ b/puppet/modules/site_webapp/manifests/client_ca.pp @@ -13,6 +13,7 @@ class site_webapp::client_ca { x509::key { 'leap_client_ca': source => $x509['client_ca_key'], + group => 'leap-webapp', notify => Service[apache]; } diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index 592241c1..d59cebba 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -27,6 +27,7 @@ class site_webapp { ensure => present, allowdupe => false, gid => 'leap-webapp', + groups => 'ssl-cert', home => '/srv/leap-webapp', require => [ Group['leap-webapp'] ]; } -- cgit v1.2.3 From 3b32d321b131723bbd830945ef4176d7d37b6e3c Mon Sep 17 00:00:00 2001 From: varac Date: Sun, 3 Feb 2013 17:47:02 +0100 Subject: Increase Exec[bundler_update] timeout Exec[bundler_update] can take a really long time, increasing timeout from 300s (default) to 600s fixes Increase command timeout for Exec[bundler_update] (Feature #1643) --- puppet/modules/site_webapp/manifests/init.pp | 1 + 1 file changed, 1 insertion(+) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index d59cebba..24c258dc 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -54,6 +54,7 @@ class site_webapp { cwd => '/srv/leap-webapp', command => '/bin/bash -c "/usr/bin/bundle check || /usr/bin/bundle install"', unless => '/usr/bin/bundle check', + timeout => 600, require => [ Class['bundler::install'], Vcsrepo['/srv/leap-webapp'] ]; } -- cgit v1.2.3 From 07cc737f655c9fc0afe50e9850963120114ee18e Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 4 Feb 2013 17:26:56 +0100 Subject: compile assets for webapp, fixes #1628 --- puppet/modules/site_webapp/manifests/init.pp | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index 24c258dc..ff5a3611 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -55,7 +55,15 @@ class site_webapp { command => '/bin/bash -c "/usr/bin/bundle check || /usr/bin/bundle install"', unless => '/usr/bin/bundle check', timeout => 600, - require => [ Class['bundler::install'], Vcsrepo['/srv/leap-webapp'] ]; + require => [ Class['bundler::install'], Vcsrepo['/srv/leap-webapp'] ], + notify => Service['apache']; + } + + exec { 'compile_assets': + cwd => '/srv/leap-webapp', + command => '/bin/bash -c "/usr/bin/bundle exec rake assets:precompile"', + require => Exec['bundler_update'], + notify => Service['apache']; } file { -- cgit v1.2.3 From 68b6e843aa852cdb71fdec4f741150e4daddaac9 Mon Sep 17 00:00:00 2001 From: varac Date: Wed, 6 Feb 2013 23:36:24 +0100 Subject: include shorewall config for webapp and couchdb --- puppet/modules/site_webapp/manifests/init.pp | 2 ++ 1 file changed, 2 insertions(+) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index ff5a3611..f0d6c90a 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -112,4 +112,6 @@ class site_webapp { mode => '0600'; } + include site_shorewall::webapp + } -- cgit v1.2.3 From 1a2789d084c3c2beccb97726b8799cb194a634fd Mon Sep 17 00:00:00 2001 From: Azul Date: Sat, 9 Feb 2013 20:17:48 +0100 Subject: run bundler and rake assets:precompile as normal user otherwise the generated files will be owned by root and the bundle will be inside roots /home/max --- puppet/modules/site_webapp/manifests/init.pp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index f0d6c90a..46cc0ed6 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -52,8 +52,9 @@ class site_webapp { exec { 'bundler_update': cwd => '/srv/leap-webapp', - command => '/bin/bash -c "/usr/bin/bundle check || /usr/bin/bundle install"', + command => '/bin/bash -c "/usr/bin/bundle check || /usr/bin/bundle install --path vendor/bundle"', unless => '/usr/bin/bundle check', + user => 'leap-webapp', timeout => 600, require => [ Class['bundler::install'], Vcsrepo['/srv/leap-webapp'] ], notify => Service['apache']; @@ -62,6 +63,7 @@ class site_webapp { exec { 'compile_assets': cwd => '/srv/leap-webapp', command => '/bin/bash -c "/usr/bin/bundle exec rake assets:precompile"', + user => 'leap-webapp', require => Exec['bundler_update'], notify => Service['apache']; } -- cgit v1.2.3 From 708a7e39af9a337ae38f491e7ca1892dd70002c1 Mon Sep 17 00:00:00 2001 From: elijah Date: Sun, 10 Feb 2013 23:39:27 -0800 Subject: set webapp module to use try::file where appropriate --- puppet/modules/site_webapp/manifests/init.pp | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index f0d6c90a..cdec1b6a 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -82,7 +82,9 @@ class site_webapp { '/srv/leap-webapp/public/config/eip-service.json': content => $eip_service, owner => leap-webapp, group => leap-webapp, mode => '0644'; + } + try::file { '/srv/leap-webapp/public/favicon.ico': ensure => 'link', target => $webapp['favicon']; @@ -94,14 +96,10 @@ class site_webapp { '/srv/leap-webapp/app/assets/stylesheets/head.scss': ensure => 'link', target => $webapp['head_scss']; - } - if $webapp['img_dir'] != undef { - file { - '/srv/leap-webapp/public/img': - ensure => 'link', - target => $webapp['img_dir']; - } + '/srv/leap-webapp/public/img': + ensure => 'link', + target => $webapp['img_dir']; } file { -- cgit v1.2.3