From 4fc7419598a3baf564f063b7330b9cf9115420b5 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 1 Oct 2015 12:06:02 +0200 Subject: [feat] Create-user-db: use couchdb admin rights - create soledad-admin user - deploy netrc file for userdb creation - Move soledad-server.conf from /etc/leap to /etc/soledad - make soledad-server.conf group-accessible for the soledad group, so the soledad-admin user can read it - Resolves: #7502 --- puppet/modules/soledad/manifests/init.pp | 17 ++++++++++++++--- puppet/modules/soledad/manifests/server.pp | 21 ++++++++++++++------- 2 files changed, 28 insertions(+), 10 deletions(-) (limited to 'puppet/modules/soledad/manifests') diff --git a/puppet/modules/soledad/manifests/init.pp b/puppet/modules/soledad/manifests/init.pp index 7cf0b729..6a2c328e 100644 --- a/puppet/modules/soledad/manifests/init.pp +++ b/puppet/modules/soledad/manifests/init.pp @@ -1,18 +1,29 @@ +# set up users, group and directories for soledad-server +# although the soledad users are already created by the +# soledad-server package class soledad { group { 'soledad': - ensure => present, - allowdupe => false; + ensure => present, + system => true, } user { 'soledad': ensure => present, - allowdupe => false, + system => true, gid => 'soledad', home => '/srv/leap/soledad', require => Group['soledad']; } + user { 'soledad-admin': + ensure => present, + system => true, + gid => 'soledad', + home => '/srv/leap/soledad', + require => Group['soledad']; + } + file { '/srv/leap/soledad': ensure => directory, diff --git a/puppet/modules/soledad/manifests/server.pp b/puppet/modules/soledad/manifests/server.pp index b71fab69..e437c8f2 100644 --- a/puppet/modules/soledad/manifests/server.pp +++ b/puppet/modules/soledad/manifests/server.pp @@ -1,3 +1,4 @@ +# setup soledad-server class soledad::server { tag 'leap_service' include soledad @@ -22,13 +23,19 @@ class soledad::server { # SOLEDAD CONFIG # - file { '/etc/leap/soledad-server.conf': - content => template('soledad/soledad-server.conf.erb'), - owner => 'soledad', - group => 'soledad', - mode => '0600', - notify => Service['soledad-server'], - require => Class['soledad']; + file { + '/etc/soledad': + ensure => directory, + owner => 'root', + group => 'root', + mode => '0755'; + '/etc/soledad/soledad-server.conf': + content => template('soledad/soledad-server.conf.erb'), + owner => 'soledad', + group => 'soledad', + mode => '0640', + notify => Service['soledad-server'], + require => Class['soledad']; } package { $sources['soledad']['package']: -- cgit v1.2.3 From 171a5a9a3794224a92244078574aac4b22845266 Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 26 Oct 2015 16:18:17 +0100 Subject: [bug] Add leap_mx username to soledad.conf - Tested: [unstable.pixelated-project.org] - Related: https://github.com/pixelated/pixelated-platform/issues/127 --- puppet/modules/soledad/manifests/server.pp | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'puppet/modules/soledad/manifests') diff --git a/puppet/modules/soledad/manifests/server.pp b/puppet/modules/soledad/manifests/server.pp index e437c8f2..1113bd86 100644 --- a/puppet/modules/soledad/manifests/server.pp +++ b/puppet/modules/soledad/manifests/server.pp @@ -4,9 +4,10 @@ class soledad::server { include soledad include site_apt::preferences::twisted - $soledad = hiera('soledad') - $couchdb_user = $soledad['couchdb_soledad_user']['username'] - $couchdb_password = $soledad['couchdb_soledad_user']['password'] + $soledad = hiera('soledad') + $couchdb_user = $soledad['couchdb_soledad_user']['username'] + $couchdb_password = $soledad['couchdb_soledad_user']['password'] + $couchdb_leap_mx_user = $soledad['couchdb_leap_mx_user']['username'] $couchdb_host = 'localhost' $couchdb_port = '5984' -- cgit v1.2.3 From 72bec64f52895153612b5e736274266ebc0ab554 Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 30 Oct 2015 10:31:17 +0100 Subject: [feat] Add soledad::client class for soledad-sync - Restructure soledad class - Include soledad::client class on webapp nodes - Tested: [unstable.bitmask.net] - Related: #7523 --- puppet/modules/soledad/manifests/client.pp | 18 +++++++++++++ puppet/modules/soledad/manifests/common.pp | 6 ++--- puppet/modules/soledad/manifests/init.pp | 40 ----------------------------- puppet/modules/soledad/manifests/server.pp | 41 ++++++++++++++++++++++++++---- 4 files changed, 57 insertions(+), 48 deletions(-) create mode 100644 puppet/modules/soledad/manifests/client.pp delete mode 100644 puppet/modules/soledad/manifests/init.pp (limited to 'puppet/modules/soledad/manifests') diff --git a/puppet/modules/soledad/manifests/client.pp b/puppet/modules/soledad/manifests/client.pp new file mode 100644 index 00000000..5700cb09 --- /dev/null +++ b/puppet/modules/soledad/manifests/client.pp @@ -0,0 +1,18 @@ +# setup soledad-client +# currently needed on webapp node to run the soledad-sync test +class soledad::client { + + tag 'leap_service' + include soledad::common + + package { + 'soledad-client': + ensure => latest, + require => [ + Class['site_apt::preferences::twisted'], + Class['site_apt::leap_repo'] ]; + 'python-u1db': + ensure => latest; + } + +} diff --git a/puppet/modules/soledad/manifests/common.pp b/puppet/modules/soledad/manifests/common.pp index 8a1d664a..d66e943c 100644 --- a/puppet/modules/soledad/manifests/common.pp +++ b/puppet/modules/soledad/manifests/common.pp @@ -1,10 +1,10 @@ +# install soledad-common, both needed both soledad-client and soledad-server class soledad::common { - include soledad + include site_apt::preferences::twisted package { 'soledad-common': - ensure => latest, - require => User['soledad'] + ensure => latest; } } diff --git a/puppet/modules/soledad/manifests/init.pp b/puppet/modules/soledad/manifests/init.pp deleted file mode 100644 index 6a2c328e..00000000 --- a/puppet/modules/soledad/manifests/init.pp +++ /dev/null @@ -1,40 +0,0 @@ -# set up users, group and directories for soledad-server -# although the soledad users are already created by the -# soledad-server package -class soledad { - - group { 'soledad': - ensure => present, - system => true, - } - - user { 'soledad': - ensure => present, - system => true, - gid => 'soledad', - home => '/srv/leap/soledad', - require => Group['soledad']; - } - - user { 'soledad-admin': - ensure => present, - system => true, - gid => 'soledad', - home => '/srv/leap/soledad', - require => Group['soledad']; - } - - file { - '/srv/leap/soledad': - ensure => directory, - owner => 'soledad', - group => 'soledad', - require => User['soledad']; - - '/var/lib/soledad': - ensure => directory, - owner => 'soledad', - group => 'soledad', - require => User['soledad']; - } -} diff --git a/puppet/modules/soledad/manifests/server.pp b/puppet/modules/soledad/manifests/server.pp index 1113bd86..5c5a1bb7 100644 --- a/puppet/modules/soledad/manifests/server.pp +++ b/puppet/modules/soledad/manifests/server.pp @@ -1,8 +1,7 @@ # setup soledad-server class soledad::server { tag 'leap_service' - include soledad - include site_apt::preferences::twisted + include soledad::common $soledad = hiera('soledad') $couchdb_user = $soledad['couchdb_soledad_user']['username'] @@ -36,7 +35,17 @@ class soledad::server { group => 'soledad', mode => '0640', notify => Service['soledad-server'], - require => Class['soledad']; + require => [ User['soledad'], Group['soledad'] ]; + '/srv/leap/soledad': + ensure => directory, + owner => 'soledad', + group => 'soledad', + require => [ User['soledad'], Group['soledad'] ]; + '/var/lib/soledad': + ensure => directory, + owner => 'soledad', + group => 'soledad', + require => [ User['soledad'], Group['soledad'] ]; } package { $sources['soledad']['package']: @@ -52,7 +61,7 @@ class soledad::server { group => 'soledad', mode => '0600', notify => Service['soledad-server'], - require => Class['soledad']; + require => [ User['soledad'], Group['soledad'] ]; } service { 'soledad-server': @@ -60,7 +69,7 @@ class soledad::server { enable => true, hasstatus => true, hasrestart => true, - require => Class['soledad'], + require => [ User['soledad'], Group['soledad'] ], subscribe => [ Package['soledad-server'], Class['Site_config::X509::Key'], @@ -70,4 +79,26 @@ class soledad::server { include site_shorewall::soledad include site_check_mk::agent::soledad + + # set up users, group and directories for soledad-server + # although the soledad users are already created by the + # soledad-server package + group { 'soledad': + ensure => present, + system => true, + } + user { + 'soledad': + ensure => present, + system => true, + gid => 'soledad', + home => '/srv/leap/soledad', + require => Group['soledad']; + 'soledad-admin': + ensure => present, + system => true, + gid => 'soledad', + home => '/srv/leap/soledad', + require => Group['soledad']; + } } -- cgit v1.2.3 From 150579fb14716892cc3e4d7d9c0f81b30d56f03a Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 13 Apr 2015 23:16:00 +0200 Subject: restructured site.pp, now only one class gets included in site.pp per service (Bug #6851) Also, moved global Exec{} defaults to site.pp Change-Id: I9ae91b77afde944d2f1312613b9d9030e32239dd --- puppet/modules/soledad/manifests/server.pp | 3 +++ 1 file changed, 3 insertions(+) (limited to 'puppet/modules/soledad/manifests') diff --git a/puppet/modules/soledad/manifests/server.pp b/puppet/modules/soledad/manifests/server.pp index 5c5a1bb7..f46c1eff 100644 --- a/puppet/modules/soledad/manifests/server.pp +++ b/puppet/modules/soledad/manifests/server.pp @@ -1,7 +1,10 @@ # setup soledad-server class soledad::server { tag 'leap_service' + + include site_config::default include soledad::common + include site_apt::preferences::twisted $soledad = hiera('soledad') $couchdb_user = $soledad['couchdb_soledad_user']['username'] -- cgit v1.2.3 From 65335becbf8602b65ed385090400088f56293d9b Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 10 Mar 2016 21:12:11 +0100 Subject: [jessie] Remove obsolete backports pinning --- puppet/modules/soledad/manifests/client.pp | 4 +--- puppet/modules/soledad/manifests/common.pp | 2 -- puppet/modules/soledad/manifests/server.pp | 5 +---- 3 files changed, 2 insertions(+), 9 deletions(-) (limited to 'puppet/modules/soledad/manifests') diff --git a/puppet/modules/soledad/manifests/client.pp b/puppet/modules/soledad/manifests/client.pp index 5700cb09..e470adeb 100644 --- a/puppet/modules/soledad/manifests/client.pp +++ b/puppet/modules/soledad/manifests/client.pp @@ -8,9 +8,7 @@ class soledad::client { package { 'soledad-client': ensure => latest, - require => [ - Class['site_apt::preferences::twisted'], - Class['site_apt::leap_repo'] ]; + require => Class['site_apt::leap_repo']; 'python-u1db': ensure => latest; } diff --git a/puppet/modules/soledad/manifests/common.pp b/puppet/modules/soledad/manifests/common.pp index d66e943c..8d8339d4 100644 --- a/puppet/modules/soledad/manifests/common.pp +++ b/puppet/modules/soledad/manifests/common.pp @@ -1,8 +1,6 @@ # install soledad-common, both needed both soledad-client and soledad-server class soledad::common { - include site_apt::preferences::twisted - package { 'soledad-common': ensure => latest; } diff --git a/puppet/modules/soledad/manifests/server.pp b/puppet/modules/soledad/manifests/server.pp index f46c1eff..8674f421 100644 --- a/puppet/modules/soledad/manifests/server.pp +++ b/puppet/modules/soledad/manifests/server.pp @@ -4,7 +4,6 @@ class soledad::server { include site_config::default include soledad::common - include site_apt::preferences::twisted $soledad = hiera('soledad') $couchdb_user = $soledad['couchdb_soledad_user']['username'] @@ -53,9 +52,7 @@ class soledad::server { package { $sources['soledad']['package']: ensure => $sources['soledad']['revision'], - require => [ - Class['site_apt::preferences::twisted'], - Class['site_apt::leap_repo'] ]; + require => Class['site_apt::leap_repo']; } file { '/etc/default/soledad': -- cgit v1.2.3