diff options
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/base_installation/manifests/init.pp | 1 | ||||
| -rw-r--r-- | modules/base_installation/manifests/params.pp | 1 | ||||
| -rw-r--r-- | modules/base_installation/manifests/system_config.pp | 34 | ||||
| -rw-r--r-- | modules/base_installation/templates/puppet/host_ldap.info.erb | 4 | ||||
| -rw-r--r-- | modules/base_installation/templates/puppet/puppet.conf.erb | 4 | ||||
| -rw-r--r-- | modules/profile/manifests/apache.pp | 8 | ||||
| -rw-r--r-- | modules/role/manifests/cryptoportfolio.pp | 2 |
7 files changed, 35 insertions, 19 deletions
diff --git a/modules/base_installation/manifests/init.pp b/modules/base_installation/manifests/init.pp index f9fdcd4..998f8ff 100644 --- a/modules/base_installation/manifests/init.pp +++ b/modules/base_installation/manifests/init.pp | |||
| @@ -10,6 +10,7 @@ class base_installation ( | |||
| 10 | Optional[String] $puppet_conf_path = $base_installation::params::puppet_conf_path, | 10 | Optional[String] $puppet_conf_path = $base_installation::params::puppet_conf_path, |
| 11 | Optional[String] $puppet_pass_seed = $base_installation::params::puppet_pass_seed, | 11 | Optional[String] $puppet_pass_seed = $base_installation::params::puppet_pass_seed, |
| 12 | Optional[String] $puppet_ssl_path = $base_installation::params::puppet_ssl_path, | 12 | Optional[String] $puppet_ssl_path = $base_installation::params::puppet_ssl_path, |
| 13 | Optional[String] $real_hostname = $base_installation::params::real_hostname, | ||
| 13 | Optional[String] $system_hostname = $base_installation::params::system_hostname, | 14 | Optional[String] $system_hostname = $base_installation::params::system_hostname, |
| 14 | Optional[Array[String]] $system_locales = $base_installation::params::system_locales, | 15 | Optional[Array[String]] $system_locales = $base_installation::params::system_locales, |
| 15 | Optional[String] $system_timezone = $base_installation::params::system_timezone, | 16 | Optional[String] $system_timezone = $base_installation::params::system_timezone, |
diff --git a/modules/base_installation/manifests/params.pp b/modules/base_installation/manifests/params.pp index c03eb1e..5ade838 100644 --- a/modules/base_installation/manifests/params.pp +++ b/modules/base_installation/manifests/params.pp | |||
| @@ -10,6 +10,7 @@ class base_installation::params { | |||
| 10 | $ldap_cert_path = "/etc/ssl/certs/ca-certificates.crt" | 10 | $ldap_cert_path = "/etc/ssl/certs/ca-certificates.crt" |
| 11 | $ldap_uri = "ldaps://ldap.example.com" | 11 | $ldap_uri = "ldaps://ldap.example.com" |
| 12 | $ldap_server = "ldap.example.com" | 12 | $ldap_server = "ldap.example.com" |
| 13 | $real_hostname = "example.com" | ||
| 13 | $system_hostname = "example.com" | 14 | $system_hostname = "example.com" |
| 14 | $system_locales = ["en_US.UTF-8"] | 15 | $system_locales = ["en_US.UTF-8"] |
| 15 | $system_timezone = "UTC" | 16 | $system_timezone = "UTC" |
diff --git a/modules/base_installation/manifests/system_config.pp b/modules/base_installation/manifests/system_config.pp index 25bfe0f..ccc5dcc 100644 --- a/modules/base_installation/manifests/system_config.pp +++ b/modules/base_installation/manifests/system_config.pp | |||
| @@ -6,23 +6,27 @@ class base_installation::system_config inherits base_installation { | |||
| 6 | } | 6 | } |
| 7 | } | 7 | } |
| 8 | 8 | ||
| 9 | unless empty($base_installation::system_hostname) { | 9 | if empty($base_installation::system_hostname) { |
| 10 | file { '/etc/hostname': | 10 | $hostname = $base_installation::real_hostname |
| 11 | content => "$base_installation::system_hostname\n", | 11 | } else { |
| 12 | } | 12 | $hostname = $base_installation::system_hostname |
| 13 | } | ||
| 13 | 14 | ||
| 14 | exec { "set_hostname": | 15 | file { '/etc/hostname': |
| 15 | command => "/usr/bin/hostnamectl set-hostname $base_installation::system_hostname", | 16 | content => "$base_installation::system_hostname\n", |
| 16 | refreshonly => true, | 17 | } |
| 17 | subscribe => File["/etc/hostname"], | ||
| 18 | returns => [0, 1], | ||
| 19 | } | ||
| 20 | 18 | ||
| 21 | # TODO: find a way to ensure that /etc/hostname doesn't change | 19 | exec { "set_hostname": |
| 22 | # exec { "set_hostname_firstboot": | 20 | command => "/usr/bin/hostnamectl set-hostname $base_installation::system_hostname", |
| 23 | # command => "/usr/bin/systemd-firstboot --hostname=$base_installation::system_hostname", | 21 | refreshonly => true, |
| 24 | # creates => "/etc/hostname", | 22 | subscribe => File["/etc/hostname"], |
| 25 | # } | 23 | returns => [0, 1], |
| 26 | } | 24 | } |
| 27 | 25 | ||
| 26 | # TODO: find a way to ensure that /etc/hostname doesn't change | ||
| 27 | # exec { "set_hostname_firstboot": | ||
| 28 | # command => "/usr/bin/systemd-firstboot --hostname=$base_installation::system_hostname", | ||
| 29 | # creates => "/etc/hostname", | ||
| 30 | # } | ||
| 31 | |||
| 28 | } | 32 | } |
diff --git a/modules/base_installation/templates/puppet/host_ldap.info.erb b/modules/base_installation/templates/puppet/host_ldap.info.erb index 525739b..a71c6f3 100644 --- a/modules/base_installation/templates/puppet/host_ldap.info.erb +++ b/modules/base_installation/templates/puppet/host_ldap.info.erb | |||
| @@ -2,7 +2,6 @@ | |||
| 2 | ldapadd -D "cn=root,<%= @ldap_base %>" -W << 'EOF' | 2 | ldapadd -D "cn=root,<%= @ldap_base %>" -W << 'EOF' |
| 3 | dn: <%= @ldap_dn %> | 3 | dn: <%= @ldap_dn %> |
| 4 | cn: <%= @ldap_cn %> | 4 | cn: <%= @ldap_cn %> |
| 5 | cn: <%= @system_hostname %> | ||
| 6 | objectclass: device | 5 | objectclass: device |
| 7 | objectclass: top | 6 | objectclass: top |
| 8 | objectclass: simpleSecurityObject | 7 | objectclass: simpleSecurityObject |
| @@ -12,6 +11,7 @@ objectclass: ipHost | |||
| 12 | <% unless @ips["v4"].nil? -%>ipHostNumber: <%= @ips["v4"]["ipAddress"] %><%- end %> | 11 | <% unless @ips["v4"].nil? -%>ipHostNumber: <%= @ips["v4"]["ipAddress"] %><%- end %> |
| 13 | <% unless @ips["v6"].nil? -%>ipHostNumber: <%= @ips["v6"]["ipAddress"] %>/<%= @ips["v6"]["mask"] %><%- end %> | 12 | <% unless @ips["v6"].nil? -%>ipHostNumber: <%= @ips["v6"]["ipAddress"] %>/<%= @ips["v6"]["mask"] %><%- end %> |
| 14 | <%- end -%> | 13 | <%- end -%> |
| 14 | environment: <%= @environment %> | ||
| 15 | userpassword: {SSHA}<%= Base64.encode64(Digest::SHA1.digest(@ldap_password+@ssha_ldap_seed)+@ssha_ldap_seed).chomp! %> | 15 | userpassword: {SSHA}<%= Base64.encode64(Digest::SHA1.digest(@ldap_password+@ssha_ldap_seed)+@ssha_ldap_seed).chomp! %> |
| 16 | EOF | 16 | EOF |
| 17 | #### Or modify an existing entry: | 17 | #### Or modify an existing entry: |
| @@ -20,6 +20,8 @@ dn: <%= @ldap_dn %> | |||
| 20 | changetype: modify | 20 | changetype: modify |
| 21 | replace: userPassword | 21 | replace: userPassword |
| 22 | userpassword: {SSHA}<%= Base64.encode64(Digest::SHA1.digest(@ldap_password+@ssha_ldap_seed)+@ssha_ldap_seed).chomp! %> | 22 | userpassword: {SSHA}<%= Base64.encode64(Digest::SHA1.digest(@ldap_password+@ssha_ldap_seed)+@ssha_ldap_seed).chomp! %> |
| 23 | replace: environment | ||
| 24 | environment: <%= @environment %> | ||
| 23 | <%- unless @ips.empty? -%> | 25 | <%- unless @ips.empty? -%> |
| 24 | - | 26 | - |
| 25 | delete: ipHostNumber | 27 | delete: ipHostNumber |
diff --git a/modules/base_installation/templates/puppet/puppet.conf.erb b/modules/base_installation/templates/puppet/puppet.conf.erb index 3748039..24e67c8 100644 --- a/modules/base_installation/templates/puppet/puppet.conf.erb +++ b/modules/base_installation/templates/puppet/puppet.conf.erb | |||
| @@ -1,8 +1,10 @@ | |||
| 1 | [main] | 1 | [main] |
| 2 | ssldir = <%= @puppet_ssl_path %> | 2 | ssldir = <%= @puppet_ssl_path %> |
| 3 | 3 | ||
| 4 | environment = <%= @environment %> | ||
| 5 | |||
| 4 | node_terminus = ldap | 6 | node_terminus = ldap |
| 5 | certname = <%= @system_hostname %> | 7 | certname = <%= @real_hostname %> |
| 6 | ldapserver = <%= @ldap_server %> | 8 | ldapserver = <%= @ldap_server %> |
| 7 | ldaptls = true | 9 | ldaptls = true |
| 8 | ldapbase = <%= @ldap_base %> | 10 | ldapbase = <%= @ldap_base %> |
diff --git a/modules/profile/manifests/apache.pp b/modules/profile/manifests/apache.pp index 605b701..8db58da 100644 --- a/modules/profile/manifests/apache.pp +++ b/modules/profile/manifests/apache.pp | |||
| @@ -49,11 +49,17 @@ class profile::apache { | |||
| 49 | ] | 49 | ] |
| 50 | } | 50 | } |
| 51 | 51 | ||
| 52 | exec { 'Start-apache': | ||
| 53 | command => "/usr/bin/systemctl start httpd", | ||
| 54 | before => Class["::letsencrypt"], | ||
| 55 | unless => "/usr/bin/systemctl is-active httpd", | ||
| 56 | } | ||
| 57 | |||
| 52 | $letsencrypt_certonly_default = { | 58 | $letsencrypt_certonly_default = { |
| 53 | plugin => "webroot", | 59 | plugin => "webroot", |
| 54 | webroot_paths => ["/srv/http/"], | 60 | webroot_paths => ["/srv/http/"], |
| 55 | notify => Class['Apache::Service'], | 61 | notify => Class['Apache::Service'], |
| 56 | require => [Apache::Vhost["redirect_no_ssl"],Apache::Custom_config["letsencrypt.conf"]], | 62 | require => [Exec['Start-apache'],Apache::Vhost["redirect_no_ssl"],Apache::Custom_config["letsencrypt.conf"]], |
| 57 | manage_cron => true, | 63 | manage_cron => true, |
| 58 | } | 64 | } |
| 59 | 65 | ||
diff --git a/modules/role/manifests/cryptoportfolio.pp b/modules/role/manifests/cryptoportfolio.pp index 32b6ac7..1e39479 100644 --- a/modules/role/manifests/cryptoportfolio.pp +++ b/modules/role/manifests/cryptoportfolio.pp | |||
| @@ -26,7 +26,7 @@ class role::cryptoportfolio { | |||
| 26 | $cf_group = "cryptoportfolio" | 26 | $cf_group = "cryptoportfolio" |
| 27 | $cf_home = "/opt/cryptoportfolio" | 27 | $cf_home = "/opt/cryptoportfolio" |
| 28 | $cf_env = "prod" | 28 | $cf_env = "prod" |
| 29 | $cf_front_app_host = "cryptoportfolio.immae.eu" | 29 | $cf_front_app_host = lookup("base_installation::system_hostname") |$key| { "example.com" } |
| 30 | $cf_front_app_port = "" | 30 | $cf_front_app_port = "" |
| 31 | $cf_front_app_ssl = "true" | 31 | $cf_front_app_ssl = "true" |
| 32 | $cf_front_app = "${cf_home}/go/src/immae.eu/Immae/Projets/Cryptomonnaies/Cryptoportfolio/Front" | 32 | $cf_front_app = "${cf_home}/go/src/immae.eu/Immae/Projets/Cryptomonnaies/Cryptoportfolio/Front" |