From 1c9c5a5fec51919a8e9ec14f5fe9b16c538bb4fa Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 21 May 2013 17:35:20 -0400 Subject: initial soledad configuration Change-Id: I19e91887c3f8e90764b4baef8c5e29e25658e190 --- puppet/modules/soledad/manifests/server.pp | 62 ++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 puppet/modules/soledad/manifests/server.pp (limited to 'puppet/modules/soledad/manifests/server.pp') diff --git a/puppet/modules/soledad/manifests/server.pp b/puppet/modules/soledad/manifests/server.pp new file mode 100644 index 00000000..06de8642 --- /dev/null +++ b/puppet/modules/soledad/manifests/server.pp @@ -0,0 +1,62 @@ +class soledad::server { + tag 'leap_service' + include soledad + + $couchdb = hiera('couch') + $couchdb_host = 'localhost' + $couchdb_port = '4096' + $couchdb_user = $couchdb['users']['soledad']['username'] + $couchdb_password = $couchdb['users']['soledad']['password'] + + $x509 = hiera('x509') + $x509_key = $x509['key'] + $x509_cert = $x509['cert'] + $x509_ca = $x509['ca_cert'] + + x509::key { 'soledad': + content => $x509_key, + notify => Service['soledad-server']; + } + + x509::cert { 'soledad': + content => $x509_cert, + notify => Service['soledad-server']; + } + + x509::ca { 'soledad': + content => $x509_ca, + notify => Service['soledad-server']; + } + + # + # SOLEDAD CONFIG + # + + file { '/etc/leap/soledad-server.conf': + content => template('soledad/soledad-server.conf.erb'), + owner => 'soledad', + group => 'soledad', + mode => '0600', + notify => Service['soledad-server'], + require => Class['soledad']; + } + + package { 'soledad-server': + ensure => installed + } + + file { '/etc/default/soledad': + content => "CERT_PATH=/etc/x509/certs/soledad.crt\nPRIVKEY_PATH=/etc/x509/keys/soledad.key\n", + require => Package['soledad-server'] + } + + service { 'soledad-server': + ensure => running, + enable => true, + hasstatus => true, + hasrestart => true, + require => [ Class['soledad'], Package['soledad-server'] ]; + } + + include site_shorewall::soledad +} -- cgit v1.2.3 From ab668294faeeb193ccb9c202fa48ed698696f931 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Mon, 29 Jul 2013 14:23:11 -0400 Subject: fix #3291: set the soledad port properly in the json and as a temporary work-around, use the couchdb admin/passwd Change-Id: Ibb1cd8416d00552f8ca1716e42a08137a4b461aa --- puppet/modules/soledad/manifests/server.pp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'puppet/modules/soledad/manifests/server.pp') diff --git a/puppet/modules/soledad/manifests/server.pp b/puppet/modules/soledad/manifests/server.pp index 06de8642..a75b4b8a 100644 --- a/puppet/modules/soledad/manifests/server.pp +++ b/puppet/modules/soledad/manifests/server.pp @@ -2,11 +2,11 @@ class soledad::server { tag 'leap_service' include soledad - $couchdb = hiera('couch') + $couchdb = hiera('soledad') $couchdb_host = 'localhost' $couchdb_port = '4096' - $couchdb_user = $couchdb['users']['soledad']['username'] - $couchdb_password = $couchdb['users']['soledad']['password'] + $couchdb_user = $couchdb['couchdb_admin_user']['username'] + $couchdb_password = $couchdb['couchdb_admin_user']['password'] $x509 = hiera('x509') $x509_key = $x509['key'] -- cgit v1.2.3 From 39285550424853bc4ba38e447361ab77dea505d5 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Mon, 29 Jul 2013 14:55:37 -0400 Subject: For now, soledad will only exist on couchdb nodes (but not every couchdb has soledad), so fix the port to be the local couchdb port. In the future, we may want to separate them out. There is no need to do haproxy with soledad, because the client is supposed to try a different soledad node if it can't connect Change-Id: I87e2c5079ba361634336316721c4358a0917fb09 --- puppet/modules/soledad/manifests/server.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet/modules/soledad/manifests/server.pp') diff --git a/puppet/modules/soledad/manifests/server.pp b/puppet/modules/soledad/manifests/server.pp index a75b4b8a..00fee4ac 100644 --- a/puppet/modules/soledad/manifests/server.pp +++ b/puppet/modules/soledad/manifests/server.pp @@ -4,7 +4,7 @@ class soledad::server { $couchdb = hiera('soledad') $couchdb_host = 'localhost' - $couchdb_port = '4096' + $couchdb_port = '5984' $couchdb_user = $couchdb['couchdb_admin_user']['username'] $couchdb_password = $couchdb['couchdb_admin_user']['password'] -- cgit v1.2.3 From 7d6893194cf1b6b8f4b3afa407d70dc90fe25f6c Mon Sep 17 00:00:00 2001 From: elijah Date: Thu, 1 Aug 2013 12:31:57 -0700 Subject: run soledad daemon using the configured port. --- puppet/modules/soledad/manifests/server.pp | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'puppet/modules/soledad/manifests/server.pp') diff --git a/puppet/modules/soledad/manifests/server.pp b/puppet/modules/soledad/manifests/server.pp index 00fee4ac..ba482f29 100644 --- a/puppet/modules/soledad/manifests/server.pp +++ b/puppet/modules/soledad/manifests/server.pp @@ -13,6 +13,9 @@ class soledad::server { $x509_cert = $x509['cert'] $x509_ca = $x509['ca_cert'] + $soledad = hiera('soledad') + $soledad_port = $soledad['port'] + x509::key { 'soledad': content => $x509_key, notify => Service['soledad-server']; @@ -46,8 +49,12 @@ class soledad::server { } file { '/etc/default/soledad': - content => "CERT_PATH=/etc/x509/certs/soledad.crt\nPRIVKEY_PATH=/etc/x509/keys/soledad.key\n", - require => Package['soledad-server'] + content => template('soledad/default-soledad.erb'), + owner => 'soledad', + group => 'soledad', + mode => '0600', + notify => Service['soledad-server'], + require => Class['soledad']; } service { 'soledad-server': -- cgit v1.2.3 From 2eec8200a35ea71e1ea5a1a56fe3a266603284fc Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Thu, 15 Aug 2013 14:48:38 -0400 Subject: Because both soledad and leap-mx do not function with twisted 12, we had to backport twisted 13. In order to install the backported dependencies we need an apt preferences_snippet installed for the backported twisted packages Change-Id: I886bb735eeb3abe7955c7cf054b749554ab84746 --- puppet/modules/soledad/manifests/server.pp | 1 + 1 file changed, 1 insertion(+) (limited to 'puppet/modules/soledad/manifests/server.pp') diff --git a/puppet/modules/soledad/manifests/server.pp b/puppet/modules/soledad/manifests/server.pp index ba482f29..00d87a4d 100644 --- a/puppet/modules/soledad/manifests/server.pp +++ b/puppet/modules/soledad/manifests/server.pp @@ -1,6 +1,7 @@ class soledad::server { tag 'leap_service' include soledad + include site_apt::preferences::twisted $couchdb = hiera('soledad') $couchdb_host = 'localhost' -- cgit v1.2.3 From 92ad38f756f277866e6a3953dbc3e7f31b99898f Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 27 Aug 2013 15:07:02 -0400 Subject: now that soledad has been split we can better organize things (#3579) . create a soledad::common class . leap-mx now only needs to include soledad-common . move the site_apt::preferences::twisted to a preferences block inside the soledad server class . make sure that the packages are doing 'ensure => latest' instead of installed Change-Id: Ifa978e831cdc8835666b27322a6e068d67251f5d --- puppet/modules/soledad/manifests/server.pp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'puppet/modules/soledad/manifests/server.pp') diff --git a/puppet/modules/soledad/manifests/server.pp b/puppet/modules/soledad/manifests/server.pp index 00d87a4d..fcf9d461 100644 --- a/puppet/modules/soledad/manifests/server.pp +++ b/puppet/modules/soledad/manifests/server.pp @@ -46,7 +46,8 @@ class soledad::server { } package { 'soledad-server': - ensure => installed + ensure => latest, + require => Class['site_apt::preferences::twisted'] } file { '/etc/default/soledad': -- cgit v1.2.3 From ae225f1a9d478019cd22485795e7c6c916b2845c Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 3 Sep 2013 15:04:03 -0400 Subject: fix soledad-server not being available before the leap repository has been configured (#3702) Change-Id: I8a86a241c52d88b4b681a800647d7c9c7c574b8e --- puppet/modules/soledad/manifests/server.pp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'puppet/modules/soledad/manifests/server.pp') diff --git a/puppet/modules/soledad/manifests/server.pp b/puppet/modules/soledad/manifests/server.pp index fcf9d461..393d416a 100644 --- a/puppet/modules/soledad/manifests/server.pp +++ b/puppet/modules/soledad/manifests/server.pp @@ -47,7 +47,8 @@ class soledad::server { package { 'soledad-server': ensure => latest, - require => Class['site_apt::preferences::twisted'] + require => [ Class['site_apt::preferences::twisted'], + Class['site_apt::leap_repo'] ]; } file { '/etc/default/soledad': -- cgit v1.2.3 From 1ce6cb5a30c5ee73d6474ac9c1bbd4c7819d9a73 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 19 Sep 2013 12:19:00 +0200 Subject: only deploy x509 stuff for nodes if it existes in hiera (Feature #3875) --- puppet/modules/soledad/manifests/server.pp | 3 +++ 1 file changed, 3 insertions(+) (limited to 'puppet/modules/soledad/manifests/server.pp') diff --git a/puppet/modules/soledad/manifests/server.pp b/puppet/modules/soledad/manifests/server.pp index 393d416a..c0af238c 100644 --- a/puppet/modules/soledad/manifests/server.pp +++ b/puppet/modules/soledad/manifests/server.pp @@ -9,6 +9,9 @@ class soledad::server { $couchdb_user = $couchdb['couchdb_admin_user']['username'] $couchdb_password = $couchdb['couchdb_admin_user']['password'] + include site_config::x509::cert_key + include site_config::x509::ca + $x509 = hiera('x509') $x509_key = $x509['key'] $x509_cert = $x509['cert'] -- cgit v1.2.3 From 12d22a47ad529f02e0c6d27b25f7ddaa17a32727 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 19 Sep 2013 12:32:35 +0200 Subject: soledad should use default key, cert and ca (Feature #3841) --- puppet/modules/soledad/manifests/server.pp | 31 ++++++++---------------------- 1 file changed, 8 insertions(+), 23 deletions(-) (limited to 'puppet/modules/soledad/manifests/server.pp') diff --git a/puppet/modules/soledad/manifests/server.pp b/puppet/modules/soledad/manifests/server.pp index c0af238c..0c073443 100644 --- a/puppet/modules/soledad/manifests/server.pp +++ b/puppet/modules/soledad/manifests/server.pp @@ -12,29 +12,9 @@ class soledad::server { include site_config::x509::cert_key include site_config::x509::ca - $x509 = hiera('x509') - $x509_key = $x509['key'] - $x509_cert = $x509['cert'] - $x509_ca = $x509['ca_cert'] - $soledad = hiera('soledad') $soledad_port = $soledad['port'] - x509::key { 'soledad': - content => $x509_key, - notify => Service['soledad-server']; - } - - x509::cert { 'soledad': - content => $x509_cert, - notify => Service['soledad-server']; - } - - x509::ca { 'soledad': - content => $x509_ca, - notify => Service['soledad-server']; - } - # # SOLEDAD CONFIG # @@ -50,8 +30,9 @@ class soledad::server { package { 'soledad-server': ensure => latest, - require => [ Class['site_apt::preferences::twisted'], - Class['site_apt::leap_repo'] ]; + require => [ + Class['site_apt::preferences::twisted'], + Class['site_apt::leap_repo'] ]; } file { '/etc/default/soledad': @@ -68,7 +49,11 @@ class soledad::server { enable => true, hasstatus => true, hasrestart => true, - require => [ Class['soledad'], Package['soledad-server'] ]; + require => [ + Class['soledad'], + Package['soledad-server'], + Class['Site_config::X509::Cert_key'], + Class['Site_config::X509::Ca'] ]; } include site_shorewall::soledad -- cgit v1.2.3 From ffa4504f81c0abecc62b068951ec147741028128 Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 24 Sep 2013 09:09:30 +0200 Subject: seperate cert and key deployment (#3918) --- puppet/modules/soledad/manifests/server.pp | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'puppet/modules/soledad/manifests/server.pp') diff --git a/puppet/modules/soledad/manifests/server.pp b/puppet/modules/soledad/manifests/server.pp index 0c073443..6ccd934a 100644 --- a/puppet/modules/soledad/manifests/server.pp +++ b/puppet/modules/soledad/manifests/server.pp @@ -9,7 +9,8 @@ class soledad::server { $couchdb_user = $couchdb['couchdb_admin_user']['username'] $couchdb_password = $couchdb['couchdb_admin_user']['password'] - include site_config::x509::cert_key + include site_config::x509::cert + include site_config::x509::key include site_config::x509::ca $soledad = hiera('soledad') @@ -52,7 +53,8 @@ class soledad::server { require => [ Class['soledad'], Package['soledad-server'], - Class['Site_config::X509::Cert_key'], + Class['Site_config::X509::Key'], + Class['Site_config::X509::Cert'], Class['Site_config::X509::Ca'] ]; } -- cgit v1.2.3 From 82f0c979bb91912518db3111b714f61cbe21e7df Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Thu, 28 Nov 2013 10:02:26 -0500 Subject: remove admin access from soledad Change-Id: I7c516c6a4ba26d2c5cebe19a9bff66eae3bd430f --- puppet/modules/soledad/manifests/server.pp | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) (limited to 'puppet/modules/soledad/manifests/server.pp') diff --git a/puppet/modules/soledad/manifests/server.pp b/puppet/modules/soledad/manifests/server.pp index 6ccd934a..339030fc 100644 --- a/puppet/modules/soledad/manifests/server.pp +++ b/puppet/modules/soledad/manifests/server.pp @@ -3,19 +3,21 @@ class soledad::server { include soledad include site_apt::preferences::twisted - $couchdb = hiera('soledad') - $couchdb_host = 'localhost' - $couchdb_port = '5984' - $couchdb_user = $couchdb['couchdb_admin_user']['username'] - $couchdb_password = $couchdb['couchdb_admin_user']['password'] + $couchdb = hiera('couch') + $couchdb_users = $couchdb['users'] + $couchdb_user = $couchdb_users['soledad']['username'] + $couchdb_password = $couchdb_users['soledad']['password'] - include site_config::x509::cert - include site_config::x509::key - include site_config::x509::ca + $couchdb_host = 'localhost' + $couchdb_port = '5984' $soledad = hiera('soledad') $soledad_port = $soledad['port'] + include site_config::x509::cert + include site_config::x509::key + include site_config::x509::ca + # # SOLEDAD CONFIG # -- cgit v1.2.3 From 76c3048a15719bc1dd15287fd3406e94d40684ab Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Thu, 28 Nov 2013 12:00:50 -0500 Subject: fix soledad couchdb hiera variables Change-Id: I0882fc993b407eddc40c03838050d42c0443bd3d --- puppet/modules/soledad/manifests/server.pp | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'puppet/modules/soledad/manifests/server.pp') diff --git a/puppet/modules/soledad/manifests/server.pp b/puppet/modules/soledad/manifests/server.pp index 339030fc..d4991fe6 100644 --- a/puppet/modules/soledad/manifests/server.pp +++ b/puppet/modules/soledad/manifests/server.pp @@ -3,10 +3,9 @@ class soledad::server { include soledad include site_apt::preferences::twisted - $couchdb = hiera('couch') - $couchdb_users = $couchdb['users'] - $couchdb_user = $couchdb_users['soledad']['username'] - $couchdb_password = $couchdb_users['soledad']['password'] + $soledad = hiera('soledad') + $couchdb_user = $soledad['couchdb_soledad_user']['username'] + $couchdb_password = $soledad['couchdb_soledad_password']['password'] $couchdb_host = 'localhost' $couchdb_port = '5984' -- cgit v1.2.3 From b62056da276abb8eb6ef6d6c883c5d20da2017d8 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Thu, 28 Nov 2013 12:25:36 -0500 Subject: fix soledad couchdb hiera variables, part ii Change-Id: Ie0028056767358c4fe6796edd5ba4435e86a0cb3 --- puppet/modules/soledad/manifests/server.pp | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'puppet/modules/soledad/manifests/server.pp') diff --git a/puppet/modules/soledad/manifests/server.pp b/puppet/modules/soledad/manifests/server.pp index d4991fe6..572cad44 100644 --- a/puppet/modules/soledad/manifests/server.pp +++ b/puppet/modules/soledad/manifests/server.pp @@ -5,12 +5,11 @@ class soledad::server { $soledad = hiera('soledad') $couchdb_user = $soledad['couchdb_soledad_user']['username'] - $couchdb_password = $soledad['couchdb_soledad_password']['password'] + $couchdb_password = $soledad['couchdb_soledad_user']['password'] $couchdb_host = 'localhost' $couchdb_port = '5984' - $soledad = hiera('soledad') $soledad_port = $soledad['port'] include site_config::x509::cert -- cgit v1.2.3 From 867fce7a855ceef8891b5f9bea1f71c6663cd403 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 20 Feb 2014 00:05:17 +0100 Subject: include site_check_mk::agent::soledad from soledad::server and not from soledad class (Feature #5149) cause leap_mk includes the soledad class --- puppet/modules/soledad/manifests/server.pp | 1 + 1 file changed, 1 insertion(+) (limited to 'puppet/modules/soledad/manifests/server.pp') diff --git a/puppet/modules/soledad/manifests/server.pp b/puppet/modules/soledad/manifests/server.pp index 572cad44..1137080f 100644 --- a/puppet/modules/soledad/manifests/server.pp +++ b/puppet/modules/soledad/manifests/server.pp @@ -59,4 +59,5 @@ class soledad::server { } include site_shorewall::soledad + include site_check_mk::agent::soledad } -- cgit v1.2.3 From f7d82cba6684f5c7939e0ad2e4c615bbd3660f30 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Sat, 12 Apr 2014 11:51:48 -0400 Subject: make the soledad service subscribe to package changes, cert and key changes (#5499) Change-Id: Ia0efb4c129a71504a717c20e2e260a1ed83f2223 --- puppet/modules/soledad/manifests/server.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'puppet/modules/soledad/manifests/server.pp') diff --git a/puppet/modules/soledad/manifests/server.pp b/puppet/modules/soledad/manifests/server.pp index 1137080f..394e6032 100644 --- a/puppet/modules/soledad/manifests/server.pp +++ b/puppet/modules/soledad/manifests/server.pp @@ -50,8 +50,8 @@ class soledad::server { enable => true, hasstatus => true, hasrestart => true, - require => [ - Class['soledad'], + require => Class['soledad'], + subscribe => [ Package['soledad-server'], Class['Site_config::X509::Key'], Class['Site_config::X509::Cert'], -- cgit v1.2.3