add: virtual resource collectors for nginx+pg

[infra.git] / environments / production / manifests / gigi.pp

diff --git a/environments/production/manifests/gigi.pp b/environments/production/manifests/gigi.pp
index 99ce28b0735d1fabb13e6c2210b52309e397e68b..a1431aac9de528b86e14703fc46b116f5f5f371e 100644 (file)
--- a/environments/production/manifests/gigi.pp
+++ b/environments/production/manifests/gigi.pp
@@ -19,9 +19,8 @@ node gigi {
     unless => "/usr/bin/debconf-get-selections | /bin/grep -F '$gigi_translation' | /bin/grep -F '$gigi_pkg/fetch-locales'"
   }
 
-  class{'apt':}
   apt_key{ 'E643C483A426BB5311D26520A631B6AF9FD3DF94':
-    source => 'http://deb.dogcraft.de/signer.gpg',
+    source => 'http://deb2.dogcraft.de/signer.gpg',
     ensure => 'present'
   } ->
   file { '/etc/apt/sources.list.d/dogcraft.list':
@@ -36,7 +35,18 @@ node gigi {
   $gigi_pg_ip = $ips[postgres];
   $gigi_pg_password = $passwords[postgres][gigi];
   file { '/var/lib/wpia-gigi':
-    ensure => 'directory'
+    ensure => 'directory',
+    require => Package[$gigi_pkg]
+  }
+  file {'/var/lib/wpia-gigi/ocsp':
+    ensure => 'link',
+    target => '/var/lib/cassiopeia/ca',
+    before => Exec['/gigi-ready'],
+  }
+  file {'/var/lib/wpia-gigi/ocsp.pkcs12':
+    ensure => 'file',
+    owner => 'gigi',
+    before => Exec['/gigi-ready'],
   }
   file { '/var/lib/wpia-gigi/config':
     ensure => 'directory'
@@ -92,12 +102,14 @@ node gigi {
   file {'/var/lib/wpia-gigi/keys/crt':
     ensure => 'directory',
     owner => 'gigi',
-    require => Package[$gigi_pkg]
+    require => Package[$gigi_pkg],
+    before => Exec['/gigi-ready'],
   }
   file {'/var/lib/wpia-gigi/keys/csr':
     ensure => 'directory',
     owner => 'gigi',
-    require => Package[$gigi_pkg]
+    require => Package[$gigi_pkg],
+    before => Exec['/gigi-ready'],
   }
   exec {'/gigi-ready':
     creates => '/gigi-ready',
@@ -110,11 +122,12 @@ node gigi {
     require => [File['/var/lib/wpia-gigi'],Package[$gigi_pkg]]
   } -> service{'gigi-proxy.socket':
     ensure => 'running',
+    enable => true,
     provider => 'systemd',
     subscribe => [Exec['tar for gigi-conf'],File['/var/lib/wpia-gigi/config/profiles']],
     require => [Package[$gigi_pkg], File['/var/lib/wpia-gigi/keys/crt'], File['/var/lib/wpia-gigi/keys/csr'], Exec['/gigi-ready']]
   }
-  package{'cacert-cassiopeia':
+  package{'wpia-cassiopeia':
     ensure => 'installed',
     require => Exec['apt_update']
   }
@@ -124,13 +137,14 @@ if $signerLocation == 'self' {
     require => Exec['apt_update']
   }
   $cass_ip = $ips[cassiopeia]
-  file {'/etc/systemd/system/tcpserial.service':
+  systemd::unit_file {'tcpserial.service':
     ensure => 'file',
     content => epp('gigi/tcpserial'),
     require => Package['tcpserial']
   }->
   service{'tcpserial.service':
     ensure => 'running',
+    enable => true,
     provider => 'systemd',
     before => Service['cassiopeia-client.service']
   }
@@ -143,7 +157,7 @@ if $signerLocation == 'self' {
 
   file {'/var/lib/cassiopeia/':
     ensure => 'directory',
-    require => Package['cacert-cassiopeia']
+    require => Package['wpia-cassiopeia']
   }
   file {'/var/lib/cassiopeia/config.txt':
     ensure => 'file',
@@ -162,6 +176,7 @@ if $signerLocation == 'self' {
   }
   file {'/var/lib/cassiopeia/ca':
     ensure => 'directory',
+    owner => 'gigi',
     source => 'puppet:///modules/cassiopeia_client/ca',
     recurse => true,
   }
@@ -183,7 +198,7 @@ if $signerLocation == 'self' {
     source => 'puppet:///modules/cassiopeia/signer_client.key'
   }
 
-  file { '/etc/systemd/system/cassiopeia-client.service':
+  systemd::unit_file { 'cassiopeia-client.service':
     source => 'puppet:///modules/gigi/cassiopeia-client.service',
     ensure => 'present'
   } ->
@@ -197,7 +212,8 @@ if $signerLocation == 'self' {
             File['/var/lib/cassiopeia/keys/signer_client.crt'],
             File['/var/lib/cassiopeia/keys/signer_client.key'],
             Exec['/gigi-ready']],
-    ensure => 'running'
+    ensure => 'running',
+    enable => true,
   }
 
 }