Monitor websites from master

[perso/Immae/Projets/Puppet.git] / modules / role / manifests / etherpad.pp

diff --git a/modules/role/manifests/etherpad.pp b/modules/role/manifests/etherpad.pp
index a43f146e31998f431609de6d17e89f38f45f3eea..119af5653d808284e8d0f81763404ede9d691e9b 100644 (file)
--- a/modules/role/manifests/etherpad.pp
+++ b/modules/role/manifests/etherpad.pp
@@ -1,12 +1,28 @@
 class role::etherpad (
+  String $web_host,
 ) {
   $password_seed = lookup("base_installation::puppet_pass_seed")
+  $real_host   = lookup("base_installation::real_hostname")
+  $web_listen  = "127.0.0.1"
+  $web_port    = 18000
+  $pg_db       = "etherpad-lite"
+  $pg_user     = "etherpad-lite"
+  $pg_password = generate_password(24, $password_seed, "postgres_etherpad")
+
+  $ldap_server = lookup("base_installation::ldap_server")
+  $ldap_base   = lookup("base_installation::ldap_base")
+  $ldap_dn     = lookup("base_installation::ldap_dn")
+  $ldap_account_pattern = "(&(memberOf=cn=users,cn=etherpad,ou=services,dc=immae,dc=eu)(uid={{username}}))"
+  $ldap_group_pattern = "(memberOf=cn=groups,cn=etherpad,ou=services,dc=immae,dc=eu)"
+  $ldap_password = generate_password(24, $password_seed, "ldap")
+
 
   include "base_installation"
 
   include "profile::tools"
   include "profile::postgresql"
   include "profile::apache"
+  include "profile::monitoring"
 
   ensure_packages(["npm"])
   ensure_packages(["abiword"])
@@ -16,6 +32,13 @@ class role::etherpad (
   -> patch::file { "/usr/share/etherpad-lite/src/node/utils/LibreOffice.js":
     diff_source => "puppet:///modules/role/etherpad/libreoffice_patch.diff",
   }
+  -> file { "/etc/etherpad-lite/settings.json":
+    ensure  => present,
+    owner   => "etherpad-lite",
+    group   => "etherpad-lite",
+    notify  => Service["etherpad-lite"],
+    content => template("role/etherpad/settings.json.erb"),
+  }
 
   $modules = [
     "ep_aa_file_menu_toolbar",
@@ -62,17 +85,12 @@ class role::etherpad (
   service { "etherpad-lite":
     enable    => true,
     ensure    => "running",
-    require   => Aur::Package["etherpad-lite"],
+    require   => [Aur::Package["etherpad-lite"], Service["postgresql"]],
     subscribe => Aur::Package["etherpad-lite"],
   }
 
-  $web_host    = "outils-1.v.immae.eu"
-  $pg_db       = "etherpad-lite"
-  $pg_user     = "etherpad-lite"
-  $pg_password = generate_password(24, $password_seed, "postgres_etherpad")
-
-  profile::postgresql_master { "postgresql master for etherpad":
-    letsencrypt_host => $web_host,
+  profile::postgresql::master { "postgresql master for etherpad":
+    letsencrypt_host => $real_host,
     backup_hosts     => ["backup-1"],
   }
 
@@ -89,4 +107,32 @@ class role::etherpad (
     order       => "05-01",
   }
 
+  class { 'apache::mod::headers': }
+  apache::vhost { $web_host:
+    port                => '443',
+    docroot             => false,
+    manage_docroot      => false,
+    proxy_dest          => "http://localhost:18000",
+    request_headers     => 'set X-Forwarded-Proto "https"',
+    ssl                 => true,
+    ssl_cert            => "/etc/letsencrypt/live/$web_host/cert.pem",
+    ssl_key             => "/etc/letsencrypt/live/$web_host/privkey.pem",
+    ssl_chain           => "/etc/letsencrypt/live/$web_host/chain.pem",
+    require             => Letsencrypt::Certonly[$web_host],
+    proxy_preserve_host => true;
+    default: *          => $::profile::apache::apache_vhost_default;
+  }
+
+  @profile::monitoring::external_service { "Etherpad service is running on $web_host":
+    type   => "web",
+    master => {
+      check_command => "check_https!$web_host!/!<title>Etherpad"
+    }
+  }
+  @profile::monitoring::external_service { "$web_host ssl certificate is up to date":
+    type   => "web",
+    master => {
+      check_command => "check_https_certificate!$web_host"
+    }
+  }
 }