From 4fc7419598a3baf564f063b7330b9cf9115420b5 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 1 Oct 2015 12:06:02 +0200 Subject: [feat] Create-user-db: use couchdb admin rights - create soledad-admin user - deploy netrc file for userdb creation - Move soledad-server.conf from /etc/leap to /etc/soledad - make soledad-server.conf group-accessible for the soledad group, so the soledad-admin user can read it - Resolves: #7502 --- puppet/modules/soledad/manifests/server.pp | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) (limited to 'puppet/modules/soledad/manifests/server.pp') diff --git a/puppet/modules/soledad/manifests/server.pp b/puppet/modules/soledad/manifests/server.pp index b71fab69..e437c8f2 100644 --- a/puppet/modules/soledad/manifests/server.pp +++ b/puppet/modules/soledad/manifests/server.pp @@ -1,3 +1,4 @@ +# setup soledad-server class soledad::server { tag 'leap_service' include soledad @@ -22,13 +23,19 @@ class soledad::server { # SOLEDAD CONFIG # - file { '/etc/leap/soledad-server.conf': - content => template('soledad/soledad-server.conf.erb'), - owner => 'soledad', - group => 'soledad', - mode => '0600', - notify => Service['soledad-server'], - require => Class['soledad']; + file { + '/etc/soledad': + ensure => directory, + owner => 'root', + group => 'root', + mode => '0755'; + '/etc/soledad/soledad-server.conf': + content => template('soledad/soledad-server.conf.erb'), + owner => 'soledad', + group => 'soledad', + mode => '0640', + notify => Service['soledad-server'], + require => Class['soledad']; } package { $sources['soledad']['package']: -- cgit v1.2.3 From 171a5a9a3794224a92244078574aac4b22845266 Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 26 Oct 2015 16:18:17 +0100 Subject: [bug] Add leap_mx username to soledad.conf - Tested: [unstable.pixelated-project.org] - Related: https://github.com/pixelated/pixelated-platform/issues/127 --- puppet/modules/soledad/manifests/server.pp | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'puppet/modules/soledad/manifests/server.pp') diff --git a/puppet/modules/soledad/manifests/server.pp b/puppet/modules/soledad/manifests/server.pp index e437c8f2..1113bd86 100644 --- a/puppet/modules/soledad/manifests/server.pp +++ b/puppet/modules/soledad/manifests/server.pp @@ -4,9 +4,10 @@ class soledad::server { include soledad include site_apt::preferences::twisted - $soledad = hiera('soledad') - $couchdb_user = $soledad['couchdb_soledad_user']['username'] - $couchdb_password = $soledad['couchdb_soledad_user']['password'] + $soledad = hiera('soledad') + $couchdb_user = $soledad['couchdb_soledad_user']['username'] + $couchdb_password = $soledad['couchdb_soledad_user']['password'] + $couchdb_leap_mx_user = $soledad['couchdb_leap_mx_user']['username'] $couchdb_host = 'localhost' $couchdb_port = '5984' -- cgit v1.2.3 From 72bec64f52895153612b5e736274266ebc0ab554 Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 30 Oct 2015 10:31:17 +0100 Subject: [feat] Add soledad::client class for soledad-sync - Restructure soledad class - Include soledad::client class on webapp nodes - Tested: [unstable.bitmask.net] - Related: #7523 --- puppet/modules/soledad/manifests/server.pp | 41 ++++++++++++++++++++++++++---- 1 file changed, 36 insertions(+), 5 deletions(-) (limited to 'puppet/modules/soledad/manifests/server.pp') diff --git a/puppet/modules/soledad/manifests/server.pp b/puppet/modules/soledad/manifests/server.pp index 1113bd86..5c5a1bb7 100644 --- a/puppet/modules/soledad/manifests/server.pp +++ b/puppet/modules/soledad/manifests/server.pp @@ -1,8 +1,7 @@ # setup soledad-server class soledad::server { tag 'leap_service' - include soledad - include site_apt::preferences::twisted + include soledad::common $soledad = hiera('soledad') $couchdb_user = $soledad['couchdb_soledad_user']['username'] @@ -36,7 +35,17 @@ class soledad::server { group => 'soledad', mode => '0640', notify => Service['soledad-server'], - require => Class['soledad']; + require => [ User['soledad'], Group['soledad'] ]; + '/srv/leap/soledad': + ensure => directory, + owner => 'soledad', + group => 'soledad', + require => [ User['soledad'], Group['soledad'] ]; + '/var/lib/soledad': + ensure => directory, + owner => 'soledad', + group => 'soledad', + require => [ User['soledad'], Group['soledad'] ]; } package { $sources['soledad']['package']: @@ -52,7 +61,7 @@ class soledad::server { group => 'soledad', mode => '0600', notify => Service['soledad-server'], - require => Class['soledad']; + require => [ User['soledad'], Group['soledad'] ]; } service { 'soledad-server': @@ -60,7 +69,7 @@ class soledad::server { enable => true, hasstatus => true, hasrestart => true, - require => Class['soledad'], + require => [ User['soledad'], Group['soledad'] ], subscribe => [ Package['soledad-server'], Class['Site_config::X509::Key'], @@ -70,4 +79,26 @@ class soledad::server { include site_shorewall::soledad include site_check_mk::agent::soledad + + # set up users, group and directories for soledad-server + # although the soledad users are already created by the + # soledad-server package + group { 'soledad': + ensure => present, + system => true, + } + user { + 'soledad': + ensure => present, + system => true, + gid => 'soledad', + home => '/srv/leap/soledad', + require => Group['soledad']; + 'soledad-admin': + ensure => present, + system => true, + gid => 'soledad', + home => '/srv/leap/soledad', + require => Group['soledad']; + } } -- cgit v1.2.3 From 150579fb14716892cc3e4d7d9c0f81b30d56f03a Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 13 Apr 2015 23:16:00 +0200 Subject: restructured site.pp, now only one class gets included in site.pp per service (Bug #6851) Also, moved global Exec{} defaults to site.pp Change-Id: I9ae91b77afde944d2f1312613b9d9030e32239dd --- puppet/modules/soledad/manifests/server.pp | 3 +++ 1 file changed, 3 insertions(+) (limited to 'puppet/modules/soledad/manifests/server.pp') diff --git a/puppet/modules/soledad/manifests/server.pp b/puppet/modules/soledad/manifests/server.pp index 5c5a1bb7..f46c1eff 100644 --- a/puppet/modules/soledad/manifests/server.pp +++ b/puppet/modules/soledad/manifests/server.pp @@ -1,7 +1,10 @@ # setup soledad-server class soledad::server { tag 'leap_service' + + include site_config::default include soledad::common + include site_apt::preferences::twisted $soledad = hiera('soledad') $couchdb_user = $soledad['couchdb_soledad_user']['username'] -- cgit v1.2.3 From 65335becbf8602b65ed385090400088f56293d9b Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 10 Mar 2016 21:12:11 +0100 Subject: [jessie] Remove obsolete backports pinning --- puppet/modules/soledad/manifests/server.pp | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) (limited to 'puppet/modules/soledad/manifests/server.pp') diff --git a/puppet/modules/soledad/manifests/server.pp b/puppet/modules/soledad/manifests/server.pp index f46c1eff..8674f421 100644 --- a/puppet/modules/soledad/manifests/server.pp +++ b/puppet/modules/soledad/manifests/server.pp @@ -4,7 +4,6 @@ class soledad::server { include site_config::default include soledad::common - include site_apt::preferences::twisted $soledad = hiera('soledad') $couchdb_user = $soledad['couchdb_soledad_user']['username'] @@ -53,9 +52,7 @@ class soledad::server { package { $sources['soledad']['package']: ensure => $sources['soledad']['revision'], - require => [ - Class['site_apt::preferences::twisted'], - Class['site_apt::leap_repo'] ]; + require => Class['site_apt::leap_repo']; } file { '/etc/default/soledad': -- cgit v1.2.3