From 53b87cc2b283df665a46a5781974f9ffd047c72c Mon Sep 17 00:00:00 2001 From: guido Date: Mon, 12 Jan 2015 12:43:35 -0300 Subject: Adds apache support for webapp.domain if defined. Fixes #6632 Change-Id: If63aac60e44c4a68f030f93e20e8dc071f9df610 --- puppet/modules/site_webapp/manifests/apache.pp | 3 +++ 1 file changed, 3 insertions(+) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/apache.pp b/puppet/modules/site_webapp/manifests/apache.pp index 21243d34..93e172a0 100644 --- a/puppet/modules/site_webapp/manifests/apache.pp +++ b/puppet/modules/site_webapp/manifests/apache.pp @@ -7,6 +7,9 @@ class site_webapp::apache { $web_domain = hiera('domain') $domain_name = $web_domain['name'] + $webapp = hiera('webapp') + $webapp_domain = $webapp['domain'] + include site_apache::common include site_apache::module::headers include site_apache::module::alias -- cgit v1.2.3 From 50d1839a5776dbb1c672e0c6083f709da67dc3b3 Mon Sep 17 00:00:00 2001 From: elijah Date: Wed, 28 Jan 2015 22:22:31 -0800 Subject: update default provider.json to use the (now) correct expiration time format. requires new leap_cli. --- puppet/modules/site_webapp/templates/config.yml.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/templates/config.yml.erb b/puppet/modules/site_webapp/templates/config.yml.erb index 0c75f3ca..5c05fc62 100644 --- a/puppet/modules/site_webapp/templates/config.yml.erb +++ b/puppet/modules/site_webapp/templates/config.yml.erb @@ -7,7 +7,7 @@ production: client_ca_key: <%= scope.lookupvar('x509::variables::keys') %>/<%= scope.lookupvar('site_config::params::client_ca_name') %>.key client_ca_cert: <%= scope.lookupvar('x509::variables::local_CAs') %>/<%= scope.lookupvar('site_config::params::client_ca_name') %>.crt secret_token: "<%= @secret_token %>" - client_cert_lifespan: <%= cert_options['life_span'].to_i %> + client_cert_lifespan: <%= cert_options['life_span'] %> client_cert_bit_size: <%= cert_options['bit_size'].to_i %> client_cert_hash: <%= cert_options['digest'] %> allow_limited_certs: <%= @webapp['allow_limited_certs'].inspect %> -- cgit v1.2.3 From 5df867fbd3a78ca4160eb54d708d55a7d047bdb2 Mon Sep 17 00:00:00 2001 From: elijah Date: Mon, 2 Feb 2015 22:53:14 -0800 Subject: added custom puppet function sorted_json(). closes #6389 --- puppet/modules/site_webapp/templates/config.yml.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/templates/config.yml.erb b/puppet/modules/site_webapp/templates/config.yml.erb index 0c75f3ca..c6895256 100644 --- a/puppet/modules/site_webapp/templates/config.yml.erb +++ b/puppet/modules/site_webapp/templates/config.yml.erb @@ -17,7 +17,7 @@ production: unlimited_cert_prefix: "<%= cert_options['unlimited_prefix'] %>" minimum_client_version: "<%= @webapp['client_version']['min'] %>" default_service_level: "<%= @webapp['default_service_level'] %>" - service_levels: <%= @webapp['service_levels'].to_json %> + service_levels: <%= scope.function_sorted_json([@webapp['service_levels']]) %> allow_registration: <%= @webapp['allow_registration'].inspect %> handle_blacklist: <%= @webapp['forbidden_usernames'].inspect %> <%- if @webapp['engines'] && @webapp['engines'].any? -%> -- cgit v1.2.3 From aed223ad42635370bdbc1b239ed43a1330698c5e Mon Sep 17 00:00:00 2001 From: elijah Date: Wed, 4 Feb 2015 14:03:31 -0800 Subject: consolidate sources into common.json --- puppet/modules/site_webapp/manifests/init.pp | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index 9f97d2c5..ea64048b 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -11,6 +11,7 @@ class site_webapp { $api_version = $webapp['api_version'] $secret_token = $webapp['secret_token'] $tor = hiera('tor', false) + $sources = hiera('sources') Class['site_config::default'] -> Class['site_webapp'] @@ -43,9 +44,9 @@ class site_webapp { vcsrepo { '/srv/leap/webapp': ensure => present, force => true, - revision => $webapp['git']['revision'], - provider => git, - source => $webapp['git']['source'], + revision => $sources['webapp']['revision'], + provider => $sources['webapp']['type'], + source => $sources['webapp']['source'], owner => 'leap-webapp', group => 'leap-webapp', require => [ User['leap-webapp'], Group['leap-webapp'] ], -- cgit v1.2.3 From b64940c1de7cf42acef018ca2fbf5beff4f48e80 Mon Sep 17 00:00:00 2001 From: elijah Date: Mon, 30 Mar 2015 22:33:05 -0700 Subject: added support for rotating couchdb databases. --- puppet/modules/site_webapp/manifests/couchdb.pp | 9 +++++++++ puppet/modules/site_webapp/manifests/cron.pp | 12 ++++++++++++ puppet/modules/site_webapp/manifests/init.pp | 15 ++++++++++++++- .../modules/site_webapp/templates/couchdb.admin.yml.erb | 9 +++++++++ 4 files changed, 44 insertions(+), 1 deletion(-) create mode 100644 puppet/modules/site_webapp/templates/couchdb.admin.yml.erb (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index 3ae4d266..1dbc745d 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -6,6 +6,8 @@ class site_webapp::couchdb { $couchdb_port = '4096' $couchdb_webapp_user = $webapp['couchdb_webapp_user']['username'] $couchdb_webapp_password = $webapp['couchdb_webapp_user']['password'] + $couchdb_admin_user = $webapp['couchdb_admin_user']['username'] + $couchdb_admin_password = $webapp['couchdb_admin_user']['password'] include x509::variables @@ -17,6 +19,13 @@ class site_webapp::couchdb { mode => '0600', require => Vcsrepo['/srv/leap/webapp']; + '/srv/leap/webapp/config/couchdb.admin.yml': + content => template('site_webapp/couchdb.admin.yml.erb'), + owner => leap-webapp, + group => leap-webapp, + mode => '0600', + require => Vcsrepo['/srv/leap/webapp']; + '/srv/leap/webapp/log': ensure => directory, owner => leap-webapp, diff --git a/puppet/modules/site_webapp/manifests/cron.pp b/puppet/modules/site_webapp/manifests/cron.pp index 811ad11d..bdf0fb74 100644 --- a/puppet/modules/site_webapp/manifests/cron.pp +++ b/puppet/modules/site_webapp/manifests/cron.pp @@ -2,6 +2,18 @@ class site_webapp::cron { # cron tasks that need to be performed to cleanup the database cron { + 'rotate_databases': + command => 'cd /srv/leap/webapp && bundle exec rake db:rotate', + environment => 'RAILS_ENV=production', + hour => [0,6,12,18], + minute => 0; + + 'delete_tmp_databases': + command => 'cd /srv/leap/webapp && bundle exec rake db:deletetmp', + environment => 'RAILS_ENV=production', + hour => 1, + minute => 1; + 'remove_expired_sessions': command => 'cd /srv/leap/webapp && bundle exec rake cleanup:sessions', environment => 'RAILS_ENV=production', diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index ea64048b..5071d9bc 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -50,7 +50,7 @@ class site_webapp { owner => 'leap-webapp', group => 'leap-webapp', require => [ User['leap-webapp'], Group['leap-webapp'] ], - notify => Exec['bundler_update'] + notify => [ Exec['bundler_update'], Exec['rotate_dbs'] ] } exec { 'bundler_update': @@ -67,6 +67,19 @@ class site_webapp { notify => Service['apache']; } + # this only needs to be called before the first time the web app is run. + # after that, the cron job will take care of running db:rotate regularly. + exec { 'rotate_dbs': + cwd => '/srv/leap/webapp', + command => '/bin/bash -c "RAILS_ENV=production /usr/bin/bundle exec rake db:rotate"', + user => 'leap-webapp', + timeout => 600, + refreshonly => true, + require => [ + Vcsrepo['/srv/leap/webapp'], + Class['site_config::ruby::dev']]; + } + # # NOTE: in order to support a webapp that is running on a subpath and not the # root of the domain assets:precompile needs to be run with diff --git a/puppet/modules/site_webapp/templates/couchdb.admin.yml.erb b/puppet/modules/site_webapp/templates/couchdb.admin.yml.erb new file mode 100644 index 00000000..a0921add --- /dev/null +++ b/puppet/modules/site_webapp/templates/couchdb.admin.yml.erb @@ -0,0 +1,9 @@ +production: + prefix: "" + protocol: 'http' + host: <%= @couchdb_host %> + port: <%= @couchdb_port %> + auto_update_design_doc: false + username: <%= @couchdb_admin_user %> + password: <%= @couchdb_admin_password %> + -- cgit v1.2.3 From e3cfc2e1e7055ce2640fcce5bf810d6bd7930d2f Mon Sep 17 00:00:00 2001 From: elijah Date: Wed, 8 Apr 2015 13:58:41 -0700 Subject: move rotated db creation to site_couchdb and fix rotated db tests --- puppet/modules/site_webapp/manifests/init.pp | 15 +-------------- 1 file changed, 1 insertion(+), 14 deletions(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index 5071d9bc..ea64048b 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -50,7 +50,7 @@ class site_webapp { owner => 'leap-webapp', group => 'leap-webapp', require => [ User['leap-webapp'], Group['leap-webapp'] ], - notify => [ Exec['bundler_update'], Exec['rotate_dbs'] ] + notify => Exec['bundler_update'] } exec { 'bundler_update': @@ -67,19 +67,6 @@ class site_webapp { notify => Service['apache']; } - # this only needs to be called before the first time the web app is run. - # after that, the cron job will take care of running db:rotate regularly. - exec { 'rotate_dbs': - cwd => '/srv/leap/webapp', - command => '/bin/bash -c "RAILS_ENV=production /usr/bin/bundle exec rake db:rotate"', - user => 'leap-webapp', - timeout => 600, - refreshonly => true, - require => [ - Vcsrepo['/srv/leap/webapp'], - Class['site_config::ruby::dev']]; - } - # # NOTE: in order to support a webapp that is running on a subpath and not the # root of the domain assets:precompile needs to be run with -- cgit v1.2.3 From 00ff465519e2ac6d6c1b9beddbe5e51937d4825a Mon Sep 17 00:00:00 2001 From: elijah Date: Wed, 15 Apr 2015 03:16:59 -0700 Subject: disable 'rake cleanup:sessions' cron job. --- puppet/modules/site_webapp/manifests/cron.pp | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/cron.pp b/puppet/modules/site_webapp/manifests/cron.pp index bdf0fb74..d26ee312 100644 --- a/puppet/modules/site_webapp/manifests/cron.pp +++ b/puppet/modules/site_webapp/manifests/cron.pp @@ -14,11 +14,14 @@ class site_webapp::cron { hour => 1, minute => 1; + # there is no longer a need to remove expired sessions, since the database + # will get destroyed. 'remove_expired_sessions': command => 'cd /srv/leap/webapp && bundle exec rake cleanup:sessions', environment => 'RAILS_ENV=production', hour => 2, - minute => 30; + minute => 30, + ensure => absent; 'remove_expired_tokens': command => 'cd /srv/leap/webapp && bundle exec rake cleanup:tokens', -- cgit v1.2.3 From bb07407485ed1626221a1190cc2fb2789f95ed22 Mon Sep 17 00:00:00 2001 From: elijah Date: Wed, 15 Apr 2015 16:12:11 -0700 Subject: clean up logging mess: add 'logfile' define, mv openvpn and stunnel logs to their own files, fix mx logwatch path. --- puppet/modules/site_webapp/manifests/init.pp | 3 ++- puppet/modules/site_webapp/manifests/logging.pp | 16 ---------------- 2 files changed, 2 insertions(+), 17 deletions(-) delete mode 100644 puppet/modules/site_webapp/manifests/logging.pp (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index ea64048b..f10ef00d 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -18,7 +18,6 @@ class site_webapp { include site_config::ruby::dev include site_webapp::apache include site_webapp::couchdb - include site_webapp::logging include site_haproxy include site_webapp::cron include site_config::x509::cert @@ -173,6 +172,8 @@ class site_webapp { ensure => latest, } + leap::logfile { 'webapp': } + include site_shorewall::webapp include site_check_mk::agent::webapp } diff --git a/puppet/modules/site_webapp/manifests/logging.pp b/puppet/modules/site_webapp/manifests/logging.pp deleted file mode 100644 index b414b82c..00000000 --- a/puppet/modules/site_webapp/manifests/logging.pp +++ /dev/null @@ -1,16 +0,0 @@ -class site_webapp::logging { - - rsyslog::snippet { '01-webapp': - content => 'if $programname == "webapp" then /var/log/leap/webapp.log -&~' - } - - augeas { - 'logrotate_webapp': - context => '/files/etc/logrotate.d/webapp/rule', - changes => [ 'set file /var/log/leap/webapp.log', 'set rotate 7', - 'set schedule daily', 'set compress compress', - 'set missingok missingok', 'set ifempty notifempty', - 'set copytruncate copytruncate' ] - } -} -- cgit v1.2.3 From 1530a85da3415bc000635d62882d9ba7082a793b Mon Sep 17 00:00:00 2001 From: elijah Date: Thu, 16 Apr 2015 20:42:09 -0700 Subject: properly clean up unused files --- puppet/modules/site_webapp/manifests/init.pp | 4 ---- 1 file changed, 4 deletions(-) (limited to 'puppet/modules/site_webapp') diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp index f10ef00d..ec94c090 100644 --- a/puppet/modules/site_webapp/manifests/init.pp +++ b/puppet/modules/site_webapp/manifests/init.pp @@ -92,10 +92,6 @@ class site_webapp { require => Vcsrepo['/srv/leap/webapp'], owner => leap-webapp, group => leap-webapp, mode => '0644'; - # old provider.json location. this can be removed after everyone upgrades. - '/srv/leap/webapp/public/provider.json': - ensure => absent; - '/srv/leap/webapp/public/ca.crt': ensure => link, require => Vcsrepo['/srv/leap/webapp'], -- cgit v1.2.3