From 6f6d29c43da75b1bd8d2068f8c7cf3ffd0064580 Mon Sep 17 00:00:00 2001 From: varac Date: Tue, 4 Dec 2012 14:18:24 +0100 Subject: use site_ca --- puppet/manifests/site.pp | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'puppet') diff --git a/puppet/manifests/site.pp b/puppet/manifests/site.pp index 9da2174c..304e989d 100644 --- a/puppet/manifests/site.pp +++ b/puppet/manifests/site.pp @@ -22,4 +22,8 @@ node 'default' { if 'webapp' in $services { include site_webapp } + + if 'ca' in $services { + include site_ca + } } -- cgit v1.2.3 From 51f37d8132a44e25350db66b7156892980d3e4fa Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 7 Dec 2012 14:48:55 +0100 Subject: ca -> ca_daemon in site.pp and services/ca.json --- puppet/manifests/site.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'puppet') diff --git a/puppet/manifests/site.pp b/puppet/manifests/site.pp index 304e989d..c8502bc7 100644 --- a/puppet/manifests/site.pp +++ b/puppet/manifests/site.pp @@ -24,6 +24,6 @@ node 'default' { } if 'ca' in $services { - include site_ca + include site_ca_daemon } } -- cgit v1.2.3 From 528aaee2f24b2b1b57435df6db42b89af6ba76de Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 7 Dec 2012 14:49:22 +0100 Subject: added module site_ca_daemon --- puppet/modules/site_ca_daemon/manifests/apache.pp | 62 ++++++++++++++++++++++ puppet/modules/site_ca_daemon/manifests/couchdb.pp | 16 ++++++ puppet/modules/site_ca_daemon/manifests/init.pp | 55 +++++++++++++++++++ .../site_ca_daemon/templates/couchdb.yml.erb | 7 +++ 4 files changed, 140 insertions(+) create mode 100644 puppet/modules/site_ca_daemon/manifests/apache.pp create mode 100644 puppet/modules/site_ca_daemon/manifests/couchdb.pp create mode 100644 puppet/modules/site_ca_daemon/manifests/init.pp create mode 100644 puppet/modules/site_ca_daemon/templates/couchdb.yml.erb (limited to 'puppet') diff --git a/puppet/modules/site_ca_daemon/manifests/apache.pp b/puppet/modules/site_ca_daemon/manifests/apache.pp new file mode 100644 index 00000000..ab6b08fd --- /dev/null +++ b/puppet/modules/site_ca_daemon/manifests/apache.pp @@ -0,0 +1,62 @@ +class site_ca_daemon::apache { + + $api_domain = hiera('api_domain') + $x509 = hiera('x509') + $commercial_key = $x509['commercial_key'] + $commercial_cert = $x509['commercial_cert'] + $commercial_root = $x509['commercial_ca_cert'] + $api_key = $x509['key'] + $api_cert = $x509['cert'] + $api_root = $x509['ca_cert'] + + $apache_no_default_site = true + include apache::ssl + + apache::module { + 'alias': ensure => present; + 'rewrite': ensure => present; + 'headers': ensure => present; + } + + class { 'passenger': use_munin => false } + + apache::vhost::file { + 'leap_ca_daemon': + content => template('site_apache/vhosts.d/leap_ca_daemon.conf.erb') + } + + apache::vhost::file { + 'api': + content => template('site_apache/vhosts.d/api.conf.erb') + } + + x509::key { + 'leap_ca_daemon': + content => $commercial_key, + notify => Service[apache]; + + 'leap_api': + content => $api_key, + notify => Service[apache]; + } + + x509::cert { + 'leap_ca_daemon': + content => $commercial_cert, + notify => Service[apache]; + + 'leap_api': + content => $api_cert, + notify => Service[apache]; + } + + x509::ca { + 'leap_ca_daemon': + content => $commercial_root, + notify => Service[apache]; + + 'leap_api': + content => $api_root, + notify => Service[apache]; + } +} diff --git a/puppet/modules/site_ca_daemon/manifests/couchdb.pp b/puppet/modules/site_ca_daemon/manifests/couchdb.pp new file mode 100644 index 00000000..b5a1d2d4 --- /dev/null +++ b/puppet/modules/site_ca_daemon/manifests/couchdb.pp @@ -0,0 +1,16 @@ +class site_ca_daemon::couchdb { + + $ca = hiera('ca_daemon') + $couchdb_host = $ca['couchdb_hosts'] + $couchdb_user = $ca['couchdb_user']['username'] + $couchdb_password = $ca['couchdb_user']['password'] + + file { + '/srv/leap_ca_daemon/config/couchdb.yml': + content => template('site_ca_daemon/couchdb.yml.erb'), + owner => leap_ca_daemon, + group => leap_ca_daemon, + mode => '0600'; + } + +} diff --git a/puppet/modules/site_ca_daemon/manifests/init.pp b/puppet/modules/site_ca_daemon/manifests/init.pp new file mode 100644 index 00000000..c749da12 --- /dev/null +++ b/puppet/modules/site_ca_daemon/manifests/init.pp @@ -0,0 +1,55 @@ +class site_ca_daemon { + + #$definition_files = hiera('definition_files') + #$provider = $definition_files['provider'] + #$eip_service = $definition_files['eip_service'] + + Class[Ruby] -> Class[rubygems] -> Class[bundler::install] + + class { 'ruby': ruby_version => '1.9.3' } + + class { 'bundler::install': install_method => 'package' } + + include rubygems + #include site_ca_daemon::apache + include site_ca_daemon::couchdb + + group { 'leap_ca_daemon': + ensure => present, + allowdupe => false; + } + + user { 'leap_ca_daemon': + ensure => present, + allowdupe => false, + gid => 'leap_ca_daemon', + home => '/srv/leap_ca_daemon', + require => [ Group['leap_ca_daemon'] ]; + } + + file { '/srv/leap_ca_daemon': + ensure => directory, + owner => 'leap_ca_daemon', + group => 'leap_ca_daemon', + require => User['leap_ca_daemon']; + } + + vcsrepo { '/srv/leap_ca_daemon': + ensure => present, + revision => 'origin/deploy', + provider => git, + source => 'git://code.leap.se/leap_ca', + owner => 'leap_ca_daemon', + group => 'leap_ca_daemon', + require => [ User['leap_ca_daemon'], Group['leap_ca_daemon'] ], + notify => Exec['bundler_update'] + } + + exec { 'bundler_update': + cwd => '/srv/leap_ca_daemon', + command => '/bin/bash -c "/usr/bin/bundle check || /usr/bin/bundle install"', + unless => '/usr/bin/bundle check', + require => [ Class['bundler::install'], Vcsrepo['/srv/leap_ca_daemon'] ]; + } + +} diff --git a/puppet/modules/site_ca_daemon/templates/couchdb.yml.erb b/puppet/modules/site_ca_daemon/templates/couchdb.yml.erb new file mode 100644 index 00000000..f5132599 --- /dev/null +++ b/puppet/modules/site_ca_daemon/templates/couchdb.yml.erb @@ -0,0 +1,7 @@ +production: + protocol: 'https' + host: <%= couchdb_host %> + port: 443 + username: <%= couchdb_user %> + password: <%= couchdb_password %> + -- cgit v1.2.3