From ffb88e54c5e4e30fa61ea1009f3eee62f98ab17c Mon Sep 17 00:00:00 2001 From: elijah Date: Wed, 27 Feb 2013 23:46:58 -0800 Subject: openvpn -- added support for optional "free" rate-limited service via special client certificates with the FREE prefix in the common name. --- puppet/modules/site_webapp/templates/config.yml.erb | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/templates/config.yml.erb b/puppet/modules/site_webapp/templates/config.yml.erb index 9cf85f0c..cd67d1fd 100644 --- a/puppet/modules/site_webapp/templates/config.yml.erb +++ b/puppet/modules/site_webapp/templates/config.yml.erb @@ -1,5 +1,13 @@ +<%- cert_options = @webapp['client_certificates'] -%> production: admins: [admin] domain: <%= @provider_domain %> client_ca_key: <%= scope.lookupvar('site_webapp::client_ca::key_path') %> client_ca_cert: <%= scope.lookupvar('site_webapp::client_ca::cert_path') %> + +cert_options: + client_cert_lifespan: <%= cert_options['life_span'].to_i %> + client_cert_bit_size: <%= cert_options['bit_size'].to_i %> + client_cert_hash: <%= cert_options['digest'] %> + free_certs_enabled: <%= @webapp['allow_free'].inspect %> + free_cert_prefix: "<%= cert_options['free_prefix'] %>" -- cgit v1.2.3 From 90c5b205c4764351e6ea707b965c5e6daca1c0b7 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Thu, 14 Mar 2013 18:36:40 -0400 Subject: add couchdb stunnel clients --- puppet/modules/site_webapp/manifests/couchdb.pp | 9 +++++ .../site_webapp/manifests/couchdb_stunnel.pp | 42 ++++++++++++++++++++++ .../manifests/couchdb_stunnel/clients.pp | 17 +++++++++ 3 files changed, 68 insertions(+) create mode 100644 puppet/modules/site_webapp/manifests/couchdb_stunnel.pp create mode 100644 puppet/modules/site_webapp/manifests/couchdb_stunnel/clients.pp (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index 6cac666f..26de62ee 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -1,5 +1,9 @@ class site_webapp::couchdb { + $x509 = hiera('x509') + $key = $x509['key'] + $cert = $x509['cert'] + $ca = $x509['ca_cert'] $webapp = hiera('webapp') $couchdb_host = $webapp['couchdb_hosts'] $couchdb_user = $webapp['couchdb_user']['username'] @@ -13,4 +17,9 @@ class site_webapp::couchdb { mode => '0600'; } + class { 'site_webapp::couchdb_stunnel': + key => $key, + cert => $cert, + ca => $ca + } } diff --git a/puppet/modules/site_webapp/manifests/couchdb_stunnel.pp b/puppet/modules/site_webapp/manifests/couchdb_stunnel.pp new file mode 100644 index 00000000..e6657e13 --- /dev/null +++ b/puppet/modules/site_webapp/manifests/couchdb_stunnel.pp @@ -0,0 +1,42 @@ +class site_webapp::couchdb_stunnel ($key, $cert, $ca) { + + include x509::variables + include site_stunnel + + $cert_name = 'leap_couchdb' + $ca_path = "${x509::variables::certs}/leap_client_ca.crt" + $cert_path = "${x509::variables::certs}/${cert_name}.crt" + $key_path = "${x509::variables::keys}/${cert_name}.key" + + x509::key { + $cert_name: + content => $key, + notify => Service['stunnel']; + } + + x509::cert { + $cert_name: + content => $cert, + notify => Service['stunnel']; + } + + x509::ca { + $cert_name: + content => $ca, + notify => Service['stunnel']; + } + + $couchdb_stunnel_client_defaults = { + 'client' => true, + 'cafile' => $ca_path, + 'key' => $key_path, + 'cert' => $cert_path, + 'verify' => '2', + 'rndfile' => '/var/lib/stunnel4/.rnd', + 'debuglevel' => '4' + } + + create_resources(site_webapp::couchdb_stunnel::clients, hiera('stunnel'), $couchdb_stunnel_client_defaults) + +} + diff --git a/puppet/modules/site_webapp/manifests/couchdb_stunnel/clients.pp b/puppet/modules/site_webapp/manifests/couchdb_stunnel/clients.pp new file mode 100644 index 00000000..eac43b08 --- /dev/null +++ b/puppet/modules/site_webapp/manifests/couchdb_stunnel/clients.pp @@ -0,0 +1,17 @@ +define site_webapp::couchdb_stunnel::clients + ( $accept_port, $connect, $client, $cafile, $key, $cert, + $verify, $pid = $name, $rndfile, $debuglevel ) { + + stunnel::service { $name: + accept => "127.0.0.1:${accept_port}", + connect => "${connect}:6984", + client => $client, + cafile => $cafile, + key => $key, + cert => $cert, + verify => $verify, + pid => "/var/run/stunnel4/${pid}.pid", + rndfile => $rndfile, + debuglevel => $debuglevel + } + } -- cgit v1.2.3 From a275999ab39b49afa2bb0c998c58aec424b4a8c0 Mon Sep 17 00:00:00 2001 From: varac Date: Sat, 16 Mar 2013 13:57:14 +0100 Subject: pick the first couchdb host for webapp couch config Until we have a proper load balancing setup (see https://leap.se/code/issues/1994) --- puppet/modules/site_webapp/manifests/couchdb.pp | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index 6cac666f..9312cdb1 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -1,7 +1,10 @@ class site_webapp::couchdb { $webapp = hiera('webapp') - $couchdb_host = $webapp['couchdb_hosts'] + $couchdb_hosts = $webapp['couchdb_hosts'] + # for now, pick the first couchdb host before we have a working + # load balancing setup (see https://leap.se/code/issues/1994) + $couchdb_host = $couchdb_hosts[0] $couchdb_user = $webapp['couchdb_user']['username'] $couchdb_password = $webapp['couchdb_user']['password'] -- cgit v1.2.3 From ad62cfdad04c8f8ed9d6454f716c92e850ac53ba Mon Sep 17 00:00:00 2001 From: elijah Date: Sun, 17 Mar 2013 13:15:51 -0700 Subject: added support for "limited" service levels (although vpn is not yet actually rate limited). --- puppet/modules/site_webapp/templates/config.yml.erb | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/templates/config.yml.erb b/puppet/modules/site_webapp/templates/config.yml.erb index cd67d1fd..af778212 100644 --- a/puppet/modules/site_webapp/templates/config.yml.erb +++ b/puppet/modules/site_webapp/templates/config.yml.erb @@ -6,8 +6,11 @@ production: client_ca_cert: <%= scope.lookupvar('site_webapp::client_ca::cert_path') %> cert_options: - client_cert_lifespan: <%= cert_options['life_span'].to_i %> - client_cert_bit_size: <%= cert_options['bit_size'].to_i %> - client_cert_hash: <%= cert_options['digest'] %> - free_certs_enabled: <%= @webapp['allow_free'].inspect %> - free_cert_prefix: "<%= cert_options['free_prefix'] %>" + client_cert_lifespan: <%= cert_options['life_span'].to_i %> + client_cert_bit_size: <%= cert_options['bit_size'].to_i %> + client_cert_hash: <%= cert_options['digest'] %> + allow_limited_certs: <%= @webapp['allow_limited_certs'].inspect %> + allow_unlimited_certs: <%= @webapp['allow_unlimited_certs'].inspect %> + allow_anonymous_certs: <%= @webapp['allow_anonymous_certs'].inspect %> + limited_cert_prefix: "<%= cert_options['limited_prefix'] %>" + unlimited_cert_prefix: "<%= cert_options['unlimited_prefix'] %>" -- cgit v1.2.3 From 6609b3ed4125d1e46ba16b5bc7d7957bcbee6a42 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Sun, 17 Mar 2013 22:58:10 -0400 Subject: fix webapp/couchdb stunnel certificate authority --- puppet/modules/site_webapp/manifests/couchdb_stunnel.pp | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/couchdb_stunnel.pp b/puppet/modules/site_webapp/manifests/couchdb_stunnel.pp index e6657e13..325b18ee 100644 --- a/puppet/modules/site_webapp/manifests/couchdb_stunnel.pp +++ b/puppet/modules/site_webapp/manifests/couchdb_stunnel.pp @@ -4,9 +4,10 @@ class site_webapp::couchdb_stunnel ($key, $cert, $ca) { include site_stunnel $cert_name = 'leap_couchdb' - $ca_path = "${x509::variables::certs}/leap_client_ca.crt" + $ca_name = 'leap_ca' + $ca_path = "${x509::variables::local_CAs}/${ca_name}.crt" $cert_path = "${x509::variables::certs}/${cert_name}.crt" - $key_path = "${x509::variables::keys}/${cert_name}.key" + $key_path = "${x509::variables::keys}/${cert_name}.key" x509::key { $cert_name: @@ -21,7 +22,7 @@ class site_webapp::couchdb_stunnel ($key, $cert, $ca) { } x509::ca { - $cert_name: + $ca_name: content => $ca, notify => Service['stunnel']; } -- cgit v1.2.3 From fbae857865f3e2d61d9e55693c5cce411f7565ca Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 18 Mar 2013 18:24:16 +0100 Subject: Webapp: Use stunnel localhost:5000 for couchdb connection --- puppet/modules/site_webapp/manifests/couchdb.pp | 4 +++- puppet/modules/site_webapp/templates/couchdb.yml.erb | 4 ++-- 2 files changed, 5 insertions(+), 3 deletions(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index b8a4201d..f3488227 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -8,7 +8,9 @@ class site_webapp::couchdb { $couchdb_hosts = $webapp['couchdb_hosts'] # for now, pick the first couchdb host before we have a working # load balancing setup (see https://leap.se/code/issues/1994) - $couchdb_host = $couchdb_hosts[0] + # which is configured through a stunnel connection, reachable + # through localhost:5000 + $couchdb_host = 'localhost' $couchdb_user = $webapp['couchdb_user']['username'] $couchdb_password = $webapp['couchdb_user']['password'] diff --git a/puppet/modules/site_webapp/templates/couchdb.yml.erb b/puppet/modules/site_webapp/templates/couchdb.yml.erb index ee521713..d9ecb4b2 100644 --- a/puppet/modules/site_webapp/templates/couchdb.yml.erb +++ b/puppet/modules/site_webapp/templates/couchdb.yml.erb @@ -1,8 +1,8 @@ production: prefix: "" - protocol: 'https' + protocol: 'http' host: <%= @couchdb_host %> - port: 6984 + port: 5000 username: <%= @couchdb_user %> password: <%= @couchdb_password %> -- cgit v1.2.3 From 1d14c34e7f4456452d289b23eb1d2ebf00de11b2 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 19 Mar 2013 14:26:58 -0400 Subject: turn off automatic updates of couchdb design docs (#1979) --- puppet/modules/site_webapp/templates/couchdb.yml.erb | 1 + 1 file changed, 1 insertion(+) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/templates/couchdb.yml.erb b/puppet/modules/site_webapp/templates/couchdb.yml.erb index d9ecb4b2..3ae255b0 100644 --- a/puppet/modules/site_webapp/templates/couchdb.yml.erb +++ b/puppet/modules/site_webapp/templates/couchdb.yml.erb @@ -3,6 +3,7 @@ production: protocol: 'http' host: <%= @couchdb_host %> port: 5000 + auto_update_design_doc: false username: <%= @couchdb_user %> password: <%= @couchdb_password %> -- cgit v1.2.3 From 036506d757423241618774a639778fc9be1413cd Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 19 Mar 2013 14:50:14 -0400 Subject: Migrate the couchdb design documents during webapp deploy (#1976) --- puppet/modules/site_webapp/files/migrate_design_documents | 13 +++++++++++++ puppet/modules/site_webapp/manifests/couchdb.pp | 14 +++++++++++++- 2 files changed, 26 insertions(+), 1 deletion(-) create mode 100644 puppet/modules/site_webapp/files/migrate_design_documents (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/files/migrate_design_documents b/puppet/modules/site_webapp/files/migrate_design_documents new file mode 100644 index 00000000..3441e086 --- /dev/null +++ b/puppet/modules/site_webapp/files/migrate_design_documents @@ -0,0 +1,13 @@ +#!/bin/sh + +cd /srv/leap-webapp + +# use admin credentials +mv config/couchdb.yml.admin config/couchdb.yml + +# needs to be run twice +/usr/bin/bundle exec rake couchrest:migrate +/usr/bin/bundle exec rake couchrest:migrate + +# use user credentials and remove admin credentials +mv config/couchdb.yml.webapp config/couchdb.yml diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index f3488227..095cdb9d 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -20,6 +20,12 @@ class site_webapp::couchdb { owner => leap-webapp, group => leap-webapp, mode => '0600'; + + '/usr/local/sbin/migrate_design_documents': + source => 'puppet:///modules/site_webapp/migrate_design_documents', + owner => root, + group => root, + mode => '0744'; } class { 'site_webapp::couchdb_stunnel': @@ -27,4 +33,10 @@ class site_webapp::couchdb { cert => $cert, ca => $ca } -} + + exec { 'migrate_design_documents': + cwd => '/srv/leap-webapp', + commmand => '/usr/local/sbin/migrate_design_documents', + require => Exec['bundler_update'], + notify => Service['apache']; + } -- cgit v1.2.3 From f1b405b503a76526551ac0110cad8798de46dfd8 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 19 Mar 2013 16:09:34 -0400 Subject: configure site_webapp::haproxy to ship a haproxy config::fragment to setup the haproxy listener 'bigcouch-in'. This haproxy listener is configured to listen on port 4096 (arbitrarily chosen) and balance across the locally configured stunnels to the bigcouch instances It may be that we will need some additional haproxy options for handling persistence, cookies, or other HTTP headers, I'm unsure as of this moment --- puppet/modules/site_webapp/manifests/haproxy.pp | 14 ++++++++++++++ puppet/modules/site_webapp/manifests/init.pp | 1 + .../site_webapp/templates/haproxy_couchdb.cfg.erb | 16 ++++++++++++++++ 3 files changed, 31 insertions(+) create mode 100644 puppet/modules/site_webapp/manifests/haproxy.pp create mode 100644 puppet/modules/site_webapp/templates/haproxy_couchdb.cfg.erb (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/haproxy.pp b/puppet/modules/site_webapp/manifests/haproxy.pp new file mode 100644 index 00000000..4a7e3c25 --- /dev/null +++ b/puppet/modules/site_webapp/manifests/haproxy.pp @@ -0,0 +1,14 @@ +class site_webapp::haproxy { + + include site_haproxy + + $haproxy = hiera('haproxy') + $local_ports = $haproxy['local_ports'] + + # Template uses $global_options, $defaults_options + concat::fragment { 'leap_haproxy_webapp_couchdb': + target => '/etc/haproxy/haproxy.cfg', + order => '20', + content => template('site_webapp/haproxy_couchdb.cfg.erb'), + } +} diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index e8134521..ec70a68d 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -17,6 +17,7 @@ class site_webapp { include site_webapp::apache include site_webapp::couchdb include site_webapp::client_ca + include site_webapp::haproxy group { 'leap-webapp': ensure => present, diff --git a/puppet/modules/site_webapp/templates/haproxy_couchdb.cfg.erb b/puppet/modules/site_webapp/templates/haproxy_couchdb.cfg.erb new file mode 100644 index 00000000..a9bdb923 --- /dev/null +++ b/puppet/modules/site_webapp/templates/haproxy_couchdb.cfg.erb @@ -0,0 +1,16 @@ + +listen bigcouch-in + mode http + balance roundrobin + + option httplog + option dontlognull + option tcplog + + bind localhost:4096 +<% for port in @local_ports -%> + server couchdb_<%=port%> localhost:<%=port%> +<% end -%> + + + -- cgit v1.2.3 From fe8085f670eb3bca10c5bb0d9890e00a0d9c59d9 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 19 Mar 2013 16:37:56 -0400 Subject: configure webapp haproxy couchdb connection --- puppet/modules/site_webapp/manifests/couchdb.pp | 6 ++---- puppet/modules/site_webapp/templates/couchdb.yml.erb | 2 +- 2 files changed, 3 insertions(+), 5 deletions(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index 095cdb9d..820cc1d2 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -6,11 +6,9 @@ class site_webapp::couchdb { $ca = $x509['ca_cert'] $webapp = hiera('webapp') $couchdb_hosts = $webapp['couchdb_hosts'] - # for now, pick the first couchdb host before we have a working - # load balancing setup (see https://leap.se/code/issues/1994) - # which is configured through a stunnel connection, reachable - # through localhost:5000 + # haproxy listener on port localhost:4096, see site_webapp::haproxy $couchdb_host = 'localhost' + $couchdb_port = '4096' $couchdb_user = $webapp['couchdb_user']['username'] $couchdb_password = $webapp['couchdb_user']['password'] diff --git a/puppet/modules/site_webapp/templates/couchdb.yml.erb b/puppet/modules/site_webapp/templates/couchdb.yml.erb index 3ae255b0..4855abd8 100644 --- a/puppet/modules/site_webapp/templates/couchdb.yml.erb +++ b/puppet/modules/site_webapp/templates/couchdb.yml.erb @@ -2,7 +2,7 @@ production: prefix: "" protocol: 'http' host: <%= @couchdb_host %> - port: 5000 + port: <%= @couchdb_port %> auto_update_design_doc: false username: <%= @couchdb_user %> password: <%= @couchdb_password %> -- cgit v1.2.3 From b5018da40c68058ed47286e276ccfbe02b135e8d Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 19 Mar 2013 16:59:46 -0400 Subject: fix missing closing curly brace --- puppet/modules/site_webapp/manifests/couchdb.pp | 1 + 1 file changed, 1 insertion(+) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index 820cc1d2..1d847ca1 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -38,3 +38,4 @@ class site_webapp::couchdb { require => Exec['bundler_update'], notify => Service['apache']; } +} -- cgit v1.2.3 From 01434dcd78746f530f218a7ed8ed37b7b1d5ce71 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 19 Mar 2013 17:04:06 -0400 Subject: fix spelling of 'command' parameter --- puppet/modules/site_webapp/manifests/couchdb.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index 1d847ca1..760706aa 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -34,7 +34,7 @@ class site_webapp::couchdb { exec { 'migrate_design_documents': cwd => '/srv/leap-webapp', - commmand => '/usr/local/sbin/migrate_design_documents', + command => '/usr/local/sbin/migrate_design_documents', require => Exec['bundler_update'], notify => Service['apache']; } -- cgit v1.2.3 From 9c1c74c359f80cf0e61b62befee0ec5cc04ab4c3 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 19 Mar 2013 17:41:37 -0400 Subject: create a separate couchdb.yml.admin that contains the couchdb admin privileges, putting the unprivileged ones in as user webapp in couchdb.yml. This allows us to migrate the couchdb design docs on deployment, but use an unprivileged user the remainder of the time --- puppet/modules/site_webapp/manifests/couchdb.pp | 30 ++++++++++++++-------- .../site_webapp/templates/couchdb.yml.admin.erb | 9 +++++++ .../modules/site_webapp/templates/couchdb.yml.erb | 4 +-- 3 files changed, 30 insertions(+), 13 deletions(-) create mode 100644 puppet/modules/site_webapp/templates/couchdb.yml.admin.erb (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index 760706aa..e89880fe 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -1,19 +1,27 @@ class site_webapp::couchdb { - $x509 = hiera('x509') - $key = $x509['key'] - $cert = $x509['cert'] - $ca = $x509['ca_cert'] - $webapp = hiera('webapp') - $couchdb_hosts = $webapp['couchdb_hosts'] + $x509 = hiera('x509') + $key = $x509['key'] + $cert = $x509['cert'] + $ca = $x509['ca_cert'] + $webapp = hiera('webapp') + $couchdb_hosts = $webapp['couchdb_hosts'] # haproxy listener on port localhost:4096, see site_webapp::haproxy - $couchdb_host = 'localhost' - $couchdb_port = '4096' - $couchdb_user = $webapp['couchdb_user']['username'] - $couchdb_password = $webapp['couchdb_user']['password'] + $couchdb_host = 'localhost' + $couchdb_port = '4096' + $couchdb_admin_user = $webapp['couchdb_admin_user']['username'] + $couchdb_admin_password = $webapp['couchdb_admin_user']['password'] + $couchdb_webapp_user = $webapp['couchdb_webapp_user']['username'] + $couchdb_webapp_password = $webapp['couchdb_webapp_user']['password'] file { - '/srv/leap-webapp/config/couchdb.yml': + '/srv/leap-webapp/config/couchdb.yml.admin': + content => template('site_webapp/couchdb.yml.admin.erb'), + owner => leap-webapp, + group => leap-webapp, + mode => '0600'; + + '/srv/leap-webapp/config/couchdb.yml.webapp': content => template('site_webapp/couchdb.yml.erb'), owner => leap-webapp, group => leap-webapp, diff --git a/puppet/modules/site_webapp/templates/couchdb.yml.admin.erb b/puppet/modules/site_webapp/templates/couchdb.yml.admin.erb new file mode 100644 index 00000000..a0921add --- /dev/null +++ b/puppet/modules/site_webapp/templates/couchdb.yml.admin.erb @@ -0,0 +1,9 @@ +production: + prefix: "" + protocol: 'http' + host: <%= @couchdb_host %> + port: <%= @couchdb_port %> + auto_update_design_doc: false + username: <%= @couchdb_admin_user %> + password: <%= @couchdb_admin_password %> + diff --git a/puppet/modules/site_webapp/templates/couchdb.yml.erb b/puppet/modules/site_webapp/templates/couchdb.yml.erb index 4855abd8..2bef0af5 100644 --- a/puppet/modules/site_webapp/templates/couchdb.yml.erb +++ b/puppet/modules/site_webapp/templates/couchdb.yml.erb @@ -4,6 +4,6 @@ production: host: <%= @couchdb_host %> port: <%= @couchdb_port %> auto_update_design_doc: false - username: <%= @couchdb_user %> - password: <%= @couchdb_password %> + username: <%= @couchdb_webapp_user %> + password: <%= @couchdb_webapp_password %> -- cgit v1.2.3 From e69e40e55abcd3d86e1a12ce214bb64851961e13 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 19 Mar 2013 17:57:03 -0400 Subject: cp instead of mv for the couchdb configuration file if we move, then we need to re-create the file on the next deploy --- puppet/modules/site_webapp/files/migrate_design_documents | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/files/migrate_design_documents b/puppet/modules/site_webapp/files/migrate_design_documents index 3441e086..88d4b8d9 100644 --- a/puppet/modules/site_webapp/files/migrate_design_documents +++ b/puppet/modules/site_webapp/files/migrate_design_documents @@ -3,11 +3,11 @@ cd /srv/leap-webapp # use admin credentials -mv config/couchdb.yml.admin config/couchdb.yml +cp config/couchdb.yml.admin config/couchdb.yml # needs to be run twice /usr/bin/bundle exec rake couchrest:migrate /usr/bin/bundle exec rake couchrest:migrate # use user credentials and remove admin credentials -mv config/couchdb.yml.webapp config/couchdb.yml +cp config/couchdb.yml.webapp config/couchdb.yml -- cgit v1.2.3 From 92ea0355de872a502d552d89ed88729b9b4fbaa2 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 19 Mar 2013 18:20:33 -0400 Subject: add webapp secret token that pulls from hiera a 'secret' --- puppet/modules/site_webapp/manifests/init.pp | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index ec70a68d..1e6abe42 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -6,6 +6,7 @@ class site_webapp { $node_domain = hiera('domain') $provider_domain = $node_domain['full_suffix'] $webapp = hiera('webapp') + $secret_token = $webapp['secret_token'] Class[Ruby] -> Class[rubygems] -> Class[bundler::install] @@ -111,6 +112,11 @@ class site_webapp { owner => leap-webapp, group => leap-webapp, mode => '0600'; + + '/srv/leap-webapp/config/initializers/secret_token.rb': + content => "LeapWeb::Application.config.secret_token = '${secret_token}'\n", + owner => leap-webapp, group => leap-webapp, mode => '0644', + notify => Service['apache']; } include site_shorewall::webapp -- cgit v1.2.3 From ffda76a47c7f9d5766325d8cdf13d289430456eb Mon Sep 17 00:00:00 2001 From: elijah Date: Thu, 28 Mar 2013 10:01:32 -0700 Subject: added stunnel_server --- puppet/modules/site_webapp/manifests/couchdb.pp | 1 - 1 file changed, 1 deletion(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index e89880fe..ef61aeb6 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -5,7 +5,6 @@ class site_webapp::couchdb { $cert = $x509['cert'] $ca = $x509['ca_cert'] $webapp = hiera('webapp') - $couchdb_hosts = $webapp['couchdb_hosts'] # haproxy listener on port localhost:4096, see site_webapp::haproxy $couchdb_host = 'localhost' $couchdb_port = '4096' -- cgit v1.2.3 From cc082541980df1062cb5b2d10f4980cf8b6664c9 Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 19 Mar 2013 13:54:40 +0100 Subject: moved generic stunnel config from site_webapp to site_stunnel --- puppet/modules/site_webapp/manifests/couchdb.pp | 21 +++++++++-- .../site_webapp/manifests/couchdb_stunnel.pp | 43 ---------------------- .../manifests/couchdb_stunnel/clients.pp | 17 --------- 3 files changed, 17 insertions(+), 64 deletions(-) delete mode 100644 puppet/modules/site_webapp/manifests/couchdb_stunnel.pp delete mode 100644 puppet/modules/site_webapp/manifests/couchdb_stunnel/clients.pp (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index ef61aeb6..e45691c1 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -33,10 +33,11 @@ class site_webapp::couchdb { mode => '0744'; } - class { 'site_webapp::couchdb_stunnel': - key => $key, - cert => $cert, - ca => $ca + class { 'site_stunnel::setup': + cert_name => 'leap_couchdb', + key => $key, + cert => $cert, + ca => $ca } exec { 'migrate_design_documents': @@ -45,4 +46,16 @@ class site_webapp::couchdb { require => Exec['bundler_update'], notify => Service['apache']; } + + $couchdb_stunnel_client_defaults = { + 'client' => true, + 'cafile' => $ca_path, + 'key' => $key_path, + 'cert' => $cert_path, + 'verify' => '2', + 'rndfile' => '/var/lib/stunnel4/.rnd', + 'debuglevel' => '4' + } + + create_resources(site_stunnel::clients, hiera('stunnel'), $couchdb_stunnel_client_defaults) } diff --git a/puppet/modules/site_webapp/manifests/couchdb_stunnel.pp b/puppet/modules/site_webapp/manifests/couchdb_stunnel.pp deleted file mode 100644 index 325b18ee..00000000 --- a/puppet/modules/site_webapp/manifests/couchdb_stunnel.pp +++ /dev/null @@ -1,43 +0,0 @@ -class site_webapp::couchdb_stunnel ($key, $cert, $ca) { - - include x509::variables - include site_stunnel - - $cert_name = 'leap_couchdb' - $ca_name = 'leap_ca' - $ca_path = "${x509::variables::local_CAs}/${ca_name}.crt" - $cert_path = "${x509::variables::certs}/${cert_name}.crt" - $key_path = "${x509::variables::keys}/${cert_name}.key" - - x509::key { - $cert_name: - content => $key, - notify => Service['stunnel']; - } - - x509::cert { - $cert_name: - content => $cert, - notify => Service['stunnel']; - } - - x509::ca { - $ca_name: - content => $ca, - notify => Service['stunnel']; - } - - $couchdb_stunnel_client_defaults = { - 'client' => true, - 'cafile' => $ca_path, - 'key' => $key_path, - 'cert' => $cert_path, - 'verify' => '2', - 'rndfile' => '/var/lib/stunnel4/.rnd', - 'debuglevel' => '4' - } - - create_resources(site_webapp::couchdb_stunnel::clients, hiera('stunnel'), $couchdb_stunnel_client_defaults) - -} - diff --git a/puppet/modules/site_webapp/manifests/couchdb_stunnel/clients.pp b/puppet/modules/site_webapp/manifests/couchdb_stunnel/clients.pp deleted file mode 100644 index eac43b08..00000000 --- a/puppet/modules/site_webapp/manifests/couchdb_stunnel/clients.pp +++ /dev/null @@ -1,17 +0,0 @@ -define site_webapp::couchdb_stunnel::clients - ( $accept_port, $connect, $client, $cafile, $key, $cert, - $verify, $pid = $name, $rndfile, $debuglevel ) { - - stunnel::service { $name: - accept => "127.0.0.1:${accept_port}", - connect => "${connect}:6984", - client => $client, - cafile => $cafile, - key => $key, - cert => $cert, - verify => $verify, - pid => "/var/run/stunnel4/${pid}.pid", - rndfile => $rndfile, - debuglevel => $debuglevel - } - } -- cgit v1.2.3 From 4669a64cb8e63a67825a35513b51b4e1f2a4ec5d Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 19 Mar 2013 15:14:35 +0100 Subject: moving generic stunnel config from site_webapp to site_stunnel now working --- puppet/modules/site_webapp/manifests/couchdb.pp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index e45691c1..48a95c8d 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -34,7 +34,7 @@ class site_webapp::couchdb { } class { 'site_stunnel::setup': - cert_name => 'leap_couchdb', + cert_name => $cert_name, key => $key, cert => $cert, ca => $ca @@ -49,9 +49,9 @@ class site_webapp::couchdb { $couchdb_stunnel_client_defaults = { 'client' => true, - 'cafile' => $ca_path, - 'key' => $key_path, - 'cert' => $cert_path, + 'cafile' => "${x509::variables::local_CAs}/${ca_name}.crt", + 'key' => "${x509::variables::keys}/${cert_name}.key", + 'cert' => "${x509::variables::certs}/${cert_name}.crt", 'verify' => '2', 'rndfile' => '/var/lib/stunnel4/.rnd', 'debuglevel' => '4' -- cgit v1.2.3 From 63e6b8633e07045751011c0218f9e6891e25cca5 Mon Sep 17 00:00:00 2001 From: varac Date: Wed, 20 Mar 2013 22:17:55 +0100 Subject: provide stunnel connect_port to site_webapp:couchdb --- puppet/modules/site_webapp/manifests/couchdb.pp | 1 + 1 file changed, 1 insertion(+) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index 48a95c8d..ffc4454b 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -48,6 +48,7 @@ class site_webapp::couchdb { } $couchdb_stunnel_client_defaults = { + 'connect_port' => '6984', 'client' => true, 'cafile' => "${x509::variables::local_CAs}/${ca_name}.crt", 'key' => "${x509::variables::keys}/${cert_name}.key", -- cgit v1.2.3 From 6714ff4ae1a53b6b3eda66f13c2212c3ba285bf3 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Sun, 31 Mar 2013 12:19:46 -0400 Subject: refactor couch_client stunnel to use new stunnel_client leap_cli macro re-order variables to be more consistant --- puppet/modules/site_webapp/manifests/couchdb.pp | 32 +++++++++++++++---------- 1 file changed, 20 insertions(+), 12 deletions(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index ffc4454b..e956fd54 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -1,9 +1,5 @@ class site_webapp::couchdb { - $x509 = hiera('x509') - $key = $x509['key'] - $cert = $x509['cert'] - $ca = $x509['ca_cert'] $webapp = hiera('webapp') # haproxy listener on port localhost:4096, see site_webapp::haproxy $couchdb_host = 'localhost' @@ -13,6 +9,21 @@ class site_webapp::couchdb { $couchdb_webapp_user = $webapp['couchdb_webapp_user']['username'] $couchdb_webapp_password = $webapp['couchdb_webapp_user']['password'] + $stunnel = hiera('stunnel') + $couch_client = $stunnel['couch_client'] + $couch_client_connect = $couch_client['connect'] + + include x509::variable + $x509 = hiera('x509') + $key = $x509['key'] + $cert = $x509['cert'] + $ca = $x509['ca_cert'] + $cert_name = 'leap_couchdb' + $ca_name = 'leap_ca' + $ca_path = "${x509::variables::local_CAs}/${ca_name}.crt" + $cert_path = "${x509::variables::certs}/${cert_name}.crt" + $key_path = "${x509::variables::keys}/${cert_name}.key" + file { '/srv/leap-webapp/config/couchdb.yml.admin': content => template('site_webapp/couchdb.yml.admin.erb'), @@ -48,15 +59,12 @@ class site_webapp::couchdb { } $couchdb_stunnel_client_defaults = { - 'connect_port' => '6984', + 'connect_port' => $couch_client_connect, 'client' => true, - 'cafile' => "${x509::variables::local_CAs}/${ca_name}.crt", - 'key' => "${x509::variables::keys}/${cert_name}.key", - 'cert' => "${x509::variables::certs}/${cert_name}.crt", - 'verify' => '2', - 'rndfile' => '/var/lib/stunnel4/.rnd', - 'debuglevel' => '4' + 'cafile' => $ca_path, + 'key' => $key_path, + 'cert' => $cert_path, } - create_resources(site_stunnel::clients, hiera('stunnel'), $couchdb_stunnel_client_defaults) + create_resources(site_stunnel::clients, $couch_client, $couchdb_stunnel_client_defaults) } -- cgit v1.2.3 From c4397077adb35cf5ec05976e2918bacdd3960703 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Thu, 4 Apr 2013 15:31:04 -0400 Subject: pass $ca_name to stunnel::setup - this eliminates a dynamic scoped variable lookup, and warning --- puppet/modules/site_webapp/manifests/couchdb.pp | 1 + 1 file changed, 1 insertion(+) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index e956fd54..8dfe6e12 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -48,6 +48,7 @@ class site_webapp::couchdb { cert_name => $cert_name, key => $key, cert => $cert, + ca_name => $ca_name ca => $ca } -- cgit v1.2.3 From 78cd7a3a6e098448efa9e8623d1bc5c81d7a393a Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Thu, 4 Apr 2013 15:40:04 -0400 Subject: fix missing comma --- puppet/modules/site_webapp/manifests/couchdb.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index 8dfe6e12..50c6f9d7 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -48,7 +48,7 @@ class site_webapp::couchdb { cert_name => $cert_name, key => $key, cert => $cert, - ca_name => $ca_name + ca_name => $ca_name, ca => $ca } -- cgit v1.2.3 From 61ee35e9210bc771f059ebf227512668c21b62b5 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Thu, 4 Apr 2013 16:42:17 -0400 Subject: make sure the couchdb.yml permissions are set properly --- puppet/modules/site_webapp/files/migrate_design_documents | 3 +++ puppet/modules/site_webapp/manifests/couchdb.pp | 4 ++-- 2 files changed, 5 insertions(+), 2 deletions(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/files/migrate_design_documents b/puppet/modules/site_webapp/files/migrate_design_documents index 88d4b8d9..fa28e5ee 100644 --- a/puppet/modules/site_webapp/files/migrate_design_documents +++ b/puppet/modules/site_webapp/files/migrate_design_documents @@ -4,6 +4,7 @@ cd /srv/leap-webapp # use admin credentials cp config/couchdb.yml.admin config/couchdb.yml +chown leap-webapp:leap-webapp config/couchdb.yml # needs to be run twice /usr/bin/bundle exec rake couchrest:migrate @@ -11,3 +12,5 @@ cp config/couchdb.yml.admin config/couchdb.yml # use user credentials and remove admin credentials cp config/couchdb.yml.webapp config/couchdb.yml +chown leap-webapp:leap-webapp config/couchdb.yml + diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index 50c6f9d7..6fe144a4 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -27,8 +27,8 @@ class site_webapp::couchdb { file { '/srv/leap-webapp/config/couchdb.yml.admin': content => template('site_webapp/couchdb.yml.admin.erb'), - owner => leap-webapp, - group => leap-webapp, + owner => root, + group => root, mode => '0600'; '/srv/leap-webapp/config/couchdb.yml.webapp': -- cgit v1.2.3 From a115e1c2e48adaa5f53777b63c25814e536e1e5a Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Thu, 4 Apr 2013 16:42:33 -0400 Subject: fix typo in x509::variables --- puppet/modules/site_webapp/manifests/couchdb.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index 6fe144a4..ebb0d72a 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -13,7 +13,7 @@ class site_webapp::couchdb { $couch_client = $stunnel['couch_client'] $couch_client_connect = $couch_client['connect'] - include x509::variable + include x509::variables $x509 = hiera('x509') $key = $x509['key'] $cert = $x509['cert'] -- cgit v1.2.3 From dc6cd0ecd31a03e5093cdd9bb6dd1cad576199a2 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Thu, 4 Apr 2013 16:43:04 -0400 Subject: set permissions on the rails production.log, otherwise passenger complains about this in the apache log file --- puppet/modules/site_webapp/manifests/couchdb.pp | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index ebb0d72a..f6203552 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -37,6 +37,11 @@ class site_webapp::couchdb { group => leap-webapp, mode => '0600'; + '/srv/leap-webapp/logs/production.log': + owner => leap-webapp, + group => leap-webapp, + mode => '0660'; + '/usr/local/sbin/migrate_design_documents': source => 'puppet:///modules/site_webapp/migrate_design_documents', owner => root, -- cgit v1.2.3 From 994c0212e86c60fa0f83c379308618b901d240c1 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 9 Apr 2013 14:04:25 -0400 Subject: add a httpchk line to haproxy to properly test if the couchdb is available add the useful http-server-close option set check option on the servers, with a 3 second interval, a one second fastinter (for flapping) and a one second downinter. Set the number of checks for failure to be one (so it will take 3 seconds for a node to fail out) and 2 checks to come back --- puppet/modules/site_webapp/templates/haproxy_couchdb.cfg.erb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/templates/haproxy_couchdb.cfg.erb b/puppet/modules/site_webapp/templates/haproxy_couchdb.cfg.erb index a9bdb923..f08161ee 100644 --- a/puppet/modules/site_webapp/templates/haproxy_couchdb.cfg.erb +++ b/puppet/modules/site_webapp/templates/haproxy_couchdb.cfg.erb @@ -2,14 +2,14 @@ listen bigcouch-in mode http balance roundrobin - option httplog option dontlognull - option tcplog - + option httpchk GET / + option http-server-close + bind localhost:4096 <% for port in @local_ports -%> - server couchdb_<%=port%> localhost:<%=port%> + server couchdb_<%=port%> localhost:<%=port%> check inter 3000 fastinter 1000 downinter 1000 rise 2 fall 1 <% end -%> -- cgit v1.2.3 From 7cb8deafbb02d42c6cd4af4b19d9d269e3d4bf42 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 9 Apr 2013 14:53:44 -0400 Subject: make sure the production environment is used for the migrations --- puppet/modules/site_webapp/files/migrate_design_documents | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/files/migrate_design_documents b/puppet/modules/site_webapp/files/migrate_design_documents index fa28e5ee..88eb2e25 100644 --- a/puppet/modules/site_webapp/files/migrate_design_documents +++ b/puppet/modules/site_webapp/files/migrate_design_documents @@ -7,8 +7,8 @@ cp config/couchdb.yml.admin config/couchdb.yml chown leap-webapp:leap-webapp config/couchdb.yml # needs to be run twice -/usr/bin/bundle exec rake couchrest:migrate -/usr/bin/bundle exec rake couchrest:migrate +RAILS_ENV=production /usr/bin/bundle exec rake couchrest:migrate +RAILS_ENV=production /usr/bin/bundle exec rake couchrest:migrate # use user credentials and remove admin credentials cp config/couchdb.yml.webapp config/couchdb.yml -- cgit v1.2.3 From 830f2408fa210016fdef855da8b3fd28421bff32 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 11 Apr 2013 17:45:57 +0200 Subject: webapp: use admin creds for now, until we fixed couchdb user permissions --- puppet/modules/site_webapp/files/migrate_design_documents | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/files/migrate_design_documents b/puppet/modules/site_webapp/files/migrate_design_documents index 88eb2e25..4a818950 100644 --- a/puppet/modules/site_webapp/files/migrate_design_documents +++ b/puppet/modules/site_webapp/files/migrate_design_documents @@ -10,7 +10,7 @@ chown leap-webapp:leap-webapp config/couchdb.yml RAILS_ENV=production /usr/bin/bundle exec rake couchrest:migrate RAILS_ENV=production /usr/bin/bundle exec rake couchrest:migrate -# use user credentials and remove admin credentials -cp config/couchdb.yml.webapp config/couchdb.yml +# use admin creds for now, until we fixed couchdb user permissions +cp config/couchdb.yml.admin config/couchdb.yml chown leap-webapp:leap-webapp config/couchdb.yml -- cgit v1.2.3 From 7b6882212da16b7f3e778919f6c8c018c6d1111b Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 16 Apr 2013 13:58:43 -0400 Subject: move secret token into the config.yaml --- puppet/modules/site_webapp/manifests/init.pp | 8 ++------ puppet/modules/site_webapp/templates/config.yml.erb | 1 + 2 files changed, 3 insertions(+), 6 deletions(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index 1e6abe42..636a156d 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -111,12 +111,8 @@ class site_webapp { content => template('site_webapp/config.yml.erb'), owner => leap-webapp, group => leap-webapp, - mode => '0600'; - - '/srv/leap-webapp/config/initializers/secret_token.rb': - content => "LeapWeb::Application.config.secret_token = '${secret_token}'\n", - owner => leap-webapp, group => leap-webapp, mode => '0644', - notify => Service['apache']; + mode => '0600', + notify => Service['apache']; } include site_shorewall::webapp diff --git a/puppet/modules/site_webapp/templates/config.yml.erb b/puppet/modules/site_webapp/templates/config.yml.erb index af778212..83348d94 100644 --- a/puppet/modules/site_webapp/templates/config.yml.erb +++ b/puppet/modules/site_webapp/templates/config.yml.erb @@ -4,6 +4,7 @@ production: domain: <%= @provider_domain %> client_ca_key: <%= scope.lookupvar('site_webapp::client_ca::key_path') %> client_ca_cert: <%= scope.lookupvar('site_webapp::client_ca::cert_path') %> + secret_token: "<%= @secret_token %>" cert_options: client_cert_lifespan: <%= cert_options['life_span'].to_i %> -- cgit v1.2.3 From 0ad85d0afa39817b07e0f774c7437d1ca9fd5fd6 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Wed, 17 Apr 2013 18:08:02 -0400 Subject: update apache module to new 2.7 style --- puppet/modules/site_webapp/manifests/apache.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/apache.pp b/puppet/modules/site_webapp/manifests/apache.pp index 554b9147..103e4f35 100644 --- a/puppet/modules/site_webapp/manifests/apache.pp +++ b/puppet/modules/site_webapp/manifests/apache.pp @@ -12,7 +12,7 @@ class site_webapp::apache { $api_cert = $x509['cert'] $api_root = $x509['ca_cert'] - $apache_no_default_site = true + class { '::apache': no_default_site => true } include apache::ssl apache::module { -- cgit v1.2.3 From aa9d9d8516981d08b0b6e230d290c22834dee8d0 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Thu, 18 Apr 2013 17:19:32 -0400 Subject: update apache module to take the 'ssl' parameter, and pass it to the class, this eliminates a potential variable lookup ordering problem (#2273) --- puppet/modules/site_webapp/manifests/apache.pp | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/apache.pp b/puppet/modules/site_webapp/manifests/apache.pp index 103e4f35..8b340160 100644 --- a/puppet/modules/site_webapp/manifests/apache.pp +++ b/puppet/modules/site_webapp/manifests/apache.pp @@ -12,8 +12,7 @@ class site_webapp::apache { $api_cert = $x509['cert'] $api_root = $x509['ca_cert'] - class { '::apache': no_default_site => true } - include apache::ssl + class { '::apache': no_default_site => true, ssl => true } apache::module { 'alias': ensure => present; -- cgit v1.2.3 From 14dae1c1f5e2f12a37c6a4e71a89ef2f6a784712 Mon Sep 17 00:00:00 2001 From: elijah Date: Mon, 22 Apr 2013 15:36:45 -0700 Subject: webapp -- fixed bug in configuration --- puppet/modules/site_webapp/templates/config.yml.erb | 2 -- 1 file changed, 2 deletions(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/templates/config.yml.erb b/puppet/modules/site_webapp/templates/config.yml.erb index 83348d94..df562cd9 100644 --- a/puppet/modules/site_webapp/templates/config.yml.erb +++ b/puppet/modules/site_webapp/templates/config.yml.erb @@ -5,8 +5,6 @@ production: client_ca_key: <%= scope.lookupvar('site_webapp::client_ca::key_path') %> client_ca_cert: <%= scope.lookupvar('site_webapp::client_ca::cert_path') %> secret_token: "<%= @secret_token %>" - -cert_options: client_cert_lifespan: <%= cert_options['life_span'].to_i %> client_cert_bit_size: <%= cert_options['bit_size'].to_i %> client_cert_hash: <%= cert_options['digest'] %> -- cgit v1.2.3 From 5323c8c48df57dae61cb73a1b8df5b39736f5a89 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 23 Apr 2013 11:52:16 -0400 Subject: fix mode for webapp production.log (#2300) --- puppet/modules/site_webapp/manifests/couchdb.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index f6203552..840bb12e 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -40,7 +40,7 @@ class site_webapp::couchdb { '/srv/leap-webapp/logs/production.log': owner => leap-webapp, group => leap-webapp, - mode => '0660'; + mode => '0666'; '/usr/local/sbin/migrate_design_documents': source => 'puppet:///modules/site_webapp/migrate_design_documents', -- cgit v1.2.3 From 037d002bc3e29e8c88018b1a80a96bab0cc354b7 Mon Sep 17 00:00:00 2001 From: varac Date: Wed, 24 Apr 2013 17:15:36 +0200 Subject: couchdb.yml.admin is changed on every puppetrun from leap-webapp to root --- puppet/modules/site_webapp/manifests/couchdb.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index 840bb12e..2062a267 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -27,8 +27,8 @@ class site_webapp::couchdb { file { '/srv/leap-webapp/config/couchdb.yml.admin': content => template('site_webapp/couchdb.yml.admin.erb'), - owner => root, - group => root, + owner => leap_webapp, + group => leap_webapp, mode => '0600'; '/srv/leap-webapp/config/couchdb.yml.webapp': -- cgit v1.2.3 From ae7b1d3b68c2e2e295967cb638413627bfbe0734 Mon Sep 17 00:00:00 2001 From: varac Date: Wed, 24 Apr 2013 17:22:17 +0200 Subject: user leap-webapp instead of leap_webapp --- puppet/modules/site_webapp/manifests/couchdb.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index 2062a267..1dd346fd 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -27,8 +27,8 @@ class site_webapp::couchdb { file { '/srv/leap-webapp/config/couchdb.yml.admin': content => template('site_webapp/couchdb.yml.admin.erb'), - owner => leap_webapp, - group => leap_webapp, + owner => leap-webapp, + group => leap-webapp, mode => '0600'; '/srv/leap-webapp/config/couchdb.yml.webapp': -- cgit v1.2.3 From 4ed2bb37ea8283f79aecca8b78e80b141e9eff50 Mon Sep 17 00:00:00 2001 From: elijah Date: Wed, 24 Apr 2013 18:04:48 -0700 Subject: provider base - service definitions are now versioned (requires new leap_cli) --- puppet/modules/site_webapp/manifests/init.pp | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index 636a156d..8b5bb0e3 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -6,6 +6,7 @@ class site_webapp { $node_domain = hiera('domain') $provider_domain = $node_domain['full_suffix'] $webapp = hiera('webapp') + $api_version = $webapp['api_version'] $secret_token = $webapp['secret_token'] Class[Ruby] -> Class[rubygems] -> Class[bundler::install] @@ -83,7 +84,11 @@ class site_webapp { ensure => directory, owner => leap-webapp, group => leap-webapp, mode => '0755'; - '/srv/leap-webapp/public/config/eip-service.json': + "/srv/leap-webapp/public/config/${api_version}": + ensure => directory, + owner => leap-webapp, group => leap-webapp, mode => '0755'; + + "/srv/leap-webapp/public/config/${api_version}/eip-service.json": content => $eip_service, owner => leap-webapp, group => leap-webapp, mode => '0644'; } -- cgit v1.2.3 From 1c61472a0c0c14351993574f2673a6a3a3c75371 Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 26 Apr 2013 12:28:19 +0200 Subject: Revert "webapp: use admin creds for now, until we fixed couchdb user permissions" This reverts commit 830f2408fa210016fdef855da8b3fd28421bff32. --- puppet/modules/site_webapp/files/migrate_design_documents | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/files/migrate_design_documents b/puppet/modules/site_webapp/files/migrate_design_documents index 4a818950..88eb2e25 100644 --- a/puppet/modules/site_webapp/files/migrate_design_documents +++ b/puppet/modules/site_webapp/files/migrate_design_documents @@ -10,7 +10,7 @@ chown leap-webapp:leap-webapp config/couchdb.yml RAILS_ENV=production /usr/bin/bundle exec rake couchrest:migrate RAILS_ENV=production /usr/bin/bundle exec rake couchrest:migrate -# use admin creds for now, until we fixed couchdb user permissions -cp config/couchdb.yml.admin config/couchdb.yml +# use user credentials and remove admin credentials +cp config/couchdb.yml.webapp config/couchdb.yml chown leap-webapp:leap-webapp config/couchdb.yml -- cgit v1.2.3 From c8e427c39285a0ac8750c1b9bbf247533bbce519 Mon Sep 17 00:00:00 2001 From: elijah Date: Tue, 30 Apr 2013 14:25:45 -0700 Subject: added soledad-service.json --- puppet/modules/site_webapp/manifests/init.pp | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index 8b5bb0e3..8e0aa11c 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -3,6 +3,7 @@ class site_webapp { $definition_files = hiera('definition_files') $provider = $definition_files['provider'] $eip_service = $definition_files['eip_service'] + $soledad_service = $definition_files['soledad_service'] $node_domain = hiera('domain') $provider_domain = $node_domain['full_suffix'] $webapp = hiera('webapp') @@ -80,17 +81,21 @@ class site_webapp { ensure => link, target => '/usr/local/share/ca-certificates/leap_api.crt'; - '/srv/leap-webapp/public/config': + "/srv/leap-webapp/public/${api_version}": ensure => directory, owner => leap-webapp, group => leap-webapp, mode => '0755'; - "/srv/leap-webapp/public/config/${api_version}": + "/srv/leap-webapp/public/${api_version}/config/": ensure => directory, owner => leap-webapp, group => leap-webapp, mode => '0755'; - "/srv/leap-webapp/public/config/${api_version}/eip-service.json": + "/srv/leap-webapp/public/${api_version}/config/eip-service.json": content => $eip_service, owner => leap-webapp, group => leap-webapp, mode => '0644'; + + "/srv/leap-webapp/public/${api_version}/config/soledad-service.json": + content => $soledad_service, + owner => leap-webapp, group => leap-webapp, mode => '0644'; } try::file { -- cgit v1.2.3 From b3d1c6c58838b0c4f368bc42493ac3bae280b5af Mon Sep 17 00:00:00 2001 From: elijah Date: Tue, 14 May 2013 12:23:20 -0700 Subject: added smtp-service.json, requires latest leap_cli --- puppet/modules/site_webapp/manifests/init.pp | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index 8e0aa11c..5c084a0c 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -4,6 +4,7 @@ class site_webapp { $provider = $definition_files['provider'] $eip_service = $definition_files['eip_service'] $soledad_service = $definition_files['soledad_service'] + $smtp_service = $definition_files['smtp_service'] $node_domain = hiera('domain') $provider_domain = $node_domain['full_suffix'] $webapp = hiera('webapp') @@ -96,6 +97,10 @@ class site_webapp { "/srv/leap-webapp/public/${api_version}/config/soledad-service.json": content => $soledad_service, owner => leap-webapp, group => leap-webapp, mode => '0644'; + + "/srv/leap-webapp/public/${api_version}/config/smtp-service.json": + content => $smtp_service, + owner => leap-webapp, group => leap-webapp, mode => '0644'; } try::file { -- cgit v1.2.3 From 450fb19a4df8f4740dcf077b585dbd77c096d133 Mon Sep 17 00:00:00 2001 From: elijah Date: Sat, 18 May 2013 17:13:05 -0700 Subject: added module site_nickserver --- puppet/modules/site_webapp/manifests/init.pp | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index 5c084a0c..80b7c271 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -11,13 +11,7 @@ class site_webapp { $api_version = $webapp['api_version'] $secret_token = $webapp['secret_token'] - Class[Ruby] -> Class[rubygems] -> Class[bundler::install] - - class { 'ruby': ruby_version => '1.9.3' } - - class { 'bundler::install': install_method => 'package' } - - include rubygems + include site_config::ruby include site_webapp::apache include site_webapp::couchdb include site_webapp::client_ca -- cgit v1.2.3 From 264fa32a719d77b15e623cc3fc4574fd04837716 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 21 May 2013 17:42:40 -0400 Subject: change paths for leap webapp to be under /srv/leap/webapp from /srv/leap-webapp --- .../site_webapp/files/migrate_design_documents | 2 +- puppet/modules/site_webapp/manifests/couchdb.pp | 8 ++--- puppet/modules/site_webapp/manifests/init.pp | 36 +++++++++++----------- 3 files changed, 23 insertions(+), 23 deletions(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/files/migrate_design_documents b/puppet/modules/site_webapp/files/migrate_design_documents index 88eb2e25..6e24aa5b 100644 --- a/puppet/modules/site_webapp/files/migrate_design_documents +++ b/puppet/modules/site_webapp/files/migrate_design_documents @@ -1,6 +1,6 @@ #!/bin/sh -cd /srv/leap-webapp +cd /srv/leap/webapp # use admin credentials cp config/couchdb.yml.admin config/couchdb.yml diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index 1dd346fd..7a3839c8 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -25,19 +25,19 @@ class site_webapp::couchdb { $key_path = "${x509::variables::keys}/${cert_name}.key" file { - '/srv/leap-webapp/config/couchdb.yml.admin': + '/srv/leap/webapp/config/couchdb.yml.admin': content => template('site_webapp/couchdb.yml.admin.erb'), owner => leap-webapp, group => leap-webapp, mode => '0600'; - '/srv/leap-webapp/config/couchdb.yml.webapp': + '/srv/leap/webapp/config/couchdb.yml.webapp': content => template('site_webapp/couchdb.yml.erb'), owner => leap-webapp, group => leap-webapp, mode => '0600'; - '/srv/leap-webapp/logs/production.log': + '/srv/leap/webapp/logs/production.log': owner => leap-webapp, group => leap-webapp, mode => '0666'; @@ -58,7 +58,7 @@ class site_webapp::couchdb { } exec { 'migrate_design_documents': - cwd => '/srv/leap-webapp', + cwd => '/srv/leap/webapp', command => '/usr/local/sbin/migrate_design_documents', require => Exec['bundler_update'], notify => Service['apache']; diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index 5c084a0c..f7a4b598 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -33,18 +33,18 @@ class site_webapp { allowdupe => false, gid => 'leap-webapp', groups => 'ssl-cert', - home => '/srv/leap-webapp', + home => '/srv/leap/webapp', require => [ Group['leap-webapp'] ]; } - file { '/srv/leap-webapp': + file { '/srv/leap/webapp': ensure => directory, owner => 'leap-webapp', group => 'leap-webapp', require => User['leap-webapp']; } - vcsrepo { '/srv/leap-webapp': + vcsrepo { '/srv/leap/webapp': ensure => present, revision => 'origin/master', provider => git, @@ -56,17 +56,17 @@ class site_webapp { } exec { 'bundler_update': - cwd => '/srv/leap-webapp', + cwd => '/srv/leap/webapp', command => '/bin/bash -c "/usr/bin/bundle check || /usr/bin/bundle install --path vendor/bundle"', unless => '/usr/bin/bundle check', user => 'leap-webapp', timeout => 600, - require => [ Class['bundler::install'], Vcsrepo['/srv/leap-webapp'] ], + require => [ Class['bundler::install'], Vcsrepo['/srv/leap/webapp'] ], notify => Service['apache']; } exec { 'compile_assets': - cwd => '/srv/leap-webapp', + cwd => '/srv/leap/webapp', command => '/bin/bash -c "/usr/bin/bundle exec rake assets:precompile"', user => 'leap-webapp', require => Exec['bundler_update'], @@ -74,55 +74,55 @@ class site_webapp { } file { - '/srv/leap-webapp/public/provider.json': + '/srv/leap/webapp/public/provider.json': content => $provider, owner => leap-webapp, group => leap-webapp, mode => '0644'; - '/srv/leap-webapp/public/ca.crt': + '/srv/leap/webapp/public/ca.crt': ensure => link, target => '/usr/local/share/ca-certificates/leap_api.crt'; - "/srv/leap-webapp/public/${api_version}": + "/srv/leap/webapp/public/${api_version}": ensure => directory, owner => leap-webapp, group => leap-webapp, mode => '0755'; - "/srv/leap-webapp/public/${api_version}/config/": + "/srv/leap/webapp/public/${api_version}/config/": ensure => directory, owner => leap-webapp, group => leap-webapp, mode => '0755'; - "/srv/leap-webapp/public/${api_version}/config/eip-service.json": + "/srv/leap/webapp/public/${api_version}/config/eip-service.json": content => $eip_service, owner => leap-webapp, group => leap-webapp, mode => '0644'; - "/srv/leap-webapp/public/${api_version}/config/soledad-service.json": + "/srv/leap/webapp/public/${api_version}/config/soledad-service.json": content => $soledad_service, owner => leap-webapp, group => leap-webapp, mode => '0644'; - "/srv/leap-webapp/public/${api_version}/config/smtp-service.json": + "/srv/leap/webapp/public/${api_version}/config/smtp-service.json": content => $smtp_service, owner => leap-webapp, group => leap-webapp, mode => '0644'; } try::file { - '/srv/leap-webapp/public/favicon.ico': + '/srv/leap/webapp/public/favicon.ico': ensure => 'link', target => $webapp['favicon']; - '/srv/leap-webapp/app/assets/stylesheets/tail.scss': + '/srv/leap/webapp/app/assets/stylesheets/tail.scss': ensure => 'link', target => $webapp['tail_scss']; - '/srv/leap-webapp/app/assets/stylesheets/head.scss': + '/srv/leap/webapp/app/assets/stylesheets/head.scss': ensure => 'link', target => $webapp['head_scss']; - '/srv/leap-webapp/public/img': + '/srv/leap/webapp/public/img': ensure => 'link', target => $webapp['img_dir']; } file { - '/srv/leap-webapp/config/config.yml': + '/srv/leap/webapp/config/config.yml': content => template('site_webapp/config.yml.erb'), owner => leap-webapp, group => leap-webapp, -- cgit v1.2.3 From 92b90bc4507f412497c3128f0817bd24e2628b1b Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Wed, 22 May 2013 12:53:47 -0400 Subject: add force => true parameter to webapp vcsrepo checkout this should have been added to d669a5fb56acf9101cf677ecbd30bcc47b092cd3 resolve #1722 after the vcsrepo module was updated to handle this, but it wasn't. --- puppet/modules/site_webapp/manifests/init.pp | 1 + 1 file changed, 1 insertion(+) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index f7a4b598..aac48188 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -46,6 +46,7 @@ class site_webapp { vcsrepo { '/srv/leap/webapp': ensure => present, + force => true, revision => 'origin/master', provider => git, source => 'git://code.leap.se/leap_web', -- cgit v1.2.3 From e0b591b063d3c49012a4266ee837737758f58dc2 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Wed, 22 May 2013 12:56:43 -0400 Subject: add requirements to the try::file resources normally a file resource would automatically require the parent directory first, but try::file doesn't do this so it has errors if /srv/leap/webapp doesn't exist yet: for example: - [web1] err: /Stage[main]/Site_webapp/Try::File[/srv/leap/webapp/public/img]/Exec[restore_/srv/leap/webapp/public/img]/returns: change from notrun to 0 failed: Working directory '/srv/leap/webapp/public' does not exist that was 'tried' before the vcsrepo was done which would have resolved that problem. This makes sure that the vcsrepo is done first --- puppet/modules/site_webapp/manifests/init.pp | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index aac48188..b01141ae 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -106,19 +106,23 @@ class site_webapp { try::file { '/srv/leap/webapp/public/favicon.ico': - ensure => 'link', - target => $webapp['favicon']; + ensure => 'link', + require => Vcsrepo['/srv/leap/webapp'], + target => $webapp['favicon']; '/srv/leap/webapp/app/assets/stylesheets/tail.scss': ensure => 'link', + require => Vcsrepo['/srv/leap/webapp'], target => $webapp['tail_scss']; '/srv/leap/webapp/app/assets/stylesheets/head.scss': ensure => 'link', + require => Vcsrepo['/srv/leap/webapp'], target => $webapp['head_scss']; '/srv/leap/webapp/public/img': ensure => 'link', + require => Vcsrepo['/srv/leap/webapp'], target => $webapp['img_dir']; } -- cgit v1.2.3 From a386d3862a581d502b9611bc9af0e144ac29e4f9 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Wed, 22 May 2013 15:07:08 -0400 Subject: add missing require => on the vcsrepo which could cause these resources to fail --- puppet/modules/site_webapp/manifests/couchdb.pp | 9 +++++--- puppet/modules/site_webapp/manifests/init.pp | 29 +++++++++++++++++-------- 2 files changed, 26 insertions(+), 12 deletions(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index 1dd346fd..7858dbfd 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -29,18 +29,21 @@ class site_webapp::couchdb { content => template('site_webapp/couchdb.yml.admin.erb'), owner => leap-webapp, group => leap-webapp, - mode => '0600'; + mode => '0600', + require => Vcsrepo['/srv/leap/webapp']; '/srv/leap-webapp/config/couchdb.yml.webapp': content => template('site_webapp/couchdb.yml.erb'), owner => leap-webapp, group => leap-webapp, - mode => '0600'; + mode => '0600', + require => Vcsrepo['/srv/leap/webapp']; '/srv/leap-webapp/logs/production.log': owner => leap-webapp, group => leap-webapp, - mode => '0666'; + mode => '0666', + require => Vcsrepo['/srv/leap/webapp']; '/usr/local/sbin/migrate_design_documents': source => 'puppet:///modules/site_webapp/migrate_design_documents', diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index 80b7c271..92cf4b25 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -70,30 +70,37 @@ class site_webapp { file { '/srv/leap-webapp/public/provider.json': content => $provider, + require => Vcsrepo['/srv/leap/webapp'], owner => leap-webapp, group => leap-webapp, mode => '0644'; '/srv/leap-webapp/public/ca.crt': ensure => link, + require => Vcsrepo['/srv/leap/webapp'], target => '/usr/local/share/ca-certificates/leap_api.crt'; "/srv/leap-webapp/public/${api_version}": ensure => directory, + require => Vcsrepo['/srv/leap/webapp'], owner => leap-webapp, group => leap-webapp, mode => '0755'; "/srv/leap-webapp/public/${api_version}/config/": ensure => directory, + require => Vcsrepo['/srv/leap/webapp'], owner => leap-webapp, group => leap-webapp, mode => '0755'; "/srv/leap-webapp/public/${api_version}/config/eip-service.json": content => $eip_service, + require => Vcsrepo['/srv/leap/webapp'], owner => leap-webapp, group => leap-webapp, mode => '0644'; "/srv/leap-webapp/public/${api_version}/config/soledad-service.json": content => $soledad_service, + require => Vcsrepo['/srv/leap/webapp'], owner => leap-webapp, group => leap-webapp, mode => '0644'; "/srv/leap-webapp/public/${api_version}/config/smtp-service.json": content => $smtp_service, + require => Vcsrepo['/srv/leap/webapp'], owner => leap-webapp, group => leap-webapp, mode => '0644'; } @@ -102,17 +109,20 @@ class site_webapp { ensure => 'link', target => $webapp['favicon']; - '/srv/leap-webapp/app/assets/stylesheets/tail.scss': - ensure => 'link', - target => $webapp['tail_scss']; + '/srv/leap/webapp/app/assets/stylesheets/tail.scss': + ensure => 'link', + require => Vcsrepo['/srv/leap/webapp'], + target => $webapp['tail_scss']; - '/srv/leap-webapp/app/assets/stylesheets/head.scss': - ensure => 'link', - target => $webapp['head_scss']; + '/srv/leap/webapp/app/assets/stylesheets/head.scss': + ensure => 'link', + require => Vcsrepo['/srv/leap/webapp'], + target => $webapp['head_scss']; - '/srv/leap-webapp/public/img': - ensure => 'link', - target => $webapp['img_dir']; + '/srv/leap/webapp/public/img': + ensure => 'link', + require => Vcsrepo['/srv/leap/webapp'], + target => $webapp['img_dir']; } file { @@ -121,6 +131,7 @@ class site_webapp { owner => leap-webapp, group => leap-webapp, mode => '0600', + require => Vcsrepo['/srv/leap/webapp'], notify => Service['apache']; } -- cgit v1.2.3 From 672154a8322901b86c9882854234eae53221a38e Mon Sep 17 00:00:00 2001 From: elijah Date: Sat, 6 Jul 2013 22:59:50 -0700 Subject: site_webapp -- make bundler not install test-only or development-only gems. --- puppet/modules/site_webapp/manifests/init.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index 1dfe6936..e743dc07 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -52,7 +52,7 @@ class site_webapp { exec { 'bundler_update': cwd => '/srv/leap/webapp', - command => '/bin/bash -c "/usr/bin/bundle check || /usr/bin/bundle install --path vendor/bundle"', + command => '/bin/bash -c "/usr/bin/bundle check || /usr/bin/bundle install --path vendor/bundle --without test development"', unless => '/usr/bin/bundle check', user => 'leap-webapp', timeout => 600, -- cgit v1.2.3