summaryrefslogtreecommitdiff
path: root/platform.rb
blob: 8433416ea7c55df137eb3e63b288166b7f7733b7 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
# encoding: utf-8
#
# These are variables defined by this leap_platform and used by leap_cli.
#

Leap::Platform.define do
  self.version = "0.8"
  self.compatible_cli = "1.8".."1.99"

  #
  # the facter facts that should be gathered
  #
  self.facts = ["ec2_local_ipv4", "ec2_public_ipv4"]

  #
  # absolute paths on the destination server
  #
  self.hiera_dir  = '/etc/leap' if self.respond_to?(:hiera_dir)
  self.hiera_path = '/etc/leap/hiera.yaml'
  self.leap_dir   = '/srv/leap'
  self.files_dir  = '/srv/leap/files'
  self.init_path  = '/srv/leap/initialized'

  #
  # the named paths for this platform
  # (relative to the provider directory)
  #
  self.paths = {
    # directories
    :hiera_dir        => 'hiera',
    :files_dir        => 'files',
    :nodes_dir        => 'nodes',
    :services_dir     => 'services',
    :tags_dir         => 'tags',
    :node_files_dir   => 'files/nodes/#{arg}',

    # input config files
    :common_config    => 'common.json',
    :provider_config  => 'provider.json',
    :secrets_config   => 'secrets.json',
    :node_config      => 'nodes/#{arg}.json',
    :service_config   => 'services/#{arg}.json',
    :tag_config       => 'tags/#{arg}.json',

    # input config files, environmentally scoped
    :provider_env_config  => 'provider.#{arg}.json',
    :service_env_config   => 'services/#{arg[0]}.#{arg[1]}.json',
    :tag_env_config       => 'tags/#{arg[0]}.#{arg[1]}.json',

    # input templates
    :provider_json_template        => 'files/service-definitions/provider.json.erb',
    :eip_service_json_template     => 'files/service-definitions/#{arg}/eip-service.json.erb',
    :soledad_service_json_template => 'files/service-definitions/#{arg}/soledad-service.json.erb',
    :smtp_service_json_template    => 'files/service-definitions/#{arg}/smtp-service.json.erb',

    # custom files
    :custom_puppet_dir => 'files/puppet',
    :custom_puppet_modules_dir => 'files/puppet/modules',
    :custom_puppet_manifests_dir => 'files/puppet/manifests',
    :custom_tests => 'files/tests',
    :custom_bin => 'files/bin',

    # output files
    :facts            => 'facts.json',
    :user_ssh         => 'users/#{arg}/#{arg}_ssh.pub',
    :user_pgp         => 'users/#{arg}/#{arg}_pgp.pub',
    :known_hosts      => 'files/ssh/known_hosts',
    :authorized_keys  => 'files/ssh/authorized_keys',
    :monitor_pub_key  => 'files/ssh/monitor_ssh.pub',
    :monitor_priv_key => 'files/ssh/monitor_ssh',
    :ca_key           => 'files/ca/ca.key',
    :ca_cert          => 'files/ca/ca.crt',
    :client_ca_key    => 'files/ca/client_ca.key',
    :client_ca_cert   => 'files/ca/client_ca.crt',
    :dh_params        => 'files/ca/dh.pem',
    :commercial_key   => 'files/cert/#{arg}.key',
    :commercial_csr   => 'files/cert/#{arg}.csr',
    :commercial_cert  => 'files/cert/#{arg}.crt',
    :dkim_priv_key    => 'files/mx/dkim.key',
    :dkim_pub_key     => 'files/mx/dkim.pub',

    :commercial_ca_cert       => 'files/cert/commercial_ca.crt',
    :vagrantfile              => 'test/Vagrantfile',
    :static_web_provider_json => 'files/web/bootstrap/#{arg}/provider.json',
    :static_web_htaccess      => 'files/web/bootstrap/#{arg}/htaccess',
    :static_web_readme        => 'files/web/bootstrap/README',

    # node output files
    :hiera             => 'hiera/#{arg}.yaml',
    :node_ssh_pub_key  => 'files/nodes/#{arg}/#{arg}_ssh.pub',
    :node_x509_key     => 'files/nodes/#{arg}/#{arg}.key',
    :node_x509_cert    => 'files/nodes/#{arg}/#{arg}.crt',
    :node_tor_priv_key => 'files/nodes/#{arg}/tor.key',
    :node_tor_pub_key  => 'files/nodes/#{arg}/tor.pub',

    # testing files
    :test_client_key     => 'test/cert/client.key',
    :test_client_cert    => 'test/cert/client.crt',
    :test_openvpn_config => 'test/openvpn/#{arg}.ovpn',
    :test_client_openvpn_template => 'test/openvpn/client.ovpn.erb'
  }

  #
  # the files that need to get renamed when a node is renamed
  #
  self.node_files = [
    :node_config, :hiera, :node_x509_cert, :node_x509_key, :node_ssh_pub_key
  ]

  self.monitor_username = 'monitor'

  self.reserved_usernames = ['monitor', 'root']

  self.default_puppet_tags = ['leap_base','leap_service']
end