file { "${::puppet_vardir}/debconf/":
ensure => 'directory'
}
+ $gigi_pkg = $testServer ? {
+ 'true' => 'wpia-gigi-testing',
+ default => 'wpia-gigi'
+ }
file { "${::puppet_vardir}/debconf/gigi-lang.debconf":
ensure => 'present',
- content => "wpia-gigi-testing wpia-gigi-testing/fetch-locales-command string gigi fetch-locales $gigi_translation"
+ content => "$gigi_pkg $gigi_pkg/fetch-locales-command string gigi fetch-locales $gigi_translation"
} ->
- exec { 'debconf-gigi-testing':
+ exec { 'debconf-gigi':
path => "/usr/bin",
command => "/usr/bin/debconf-set-selections < ${::puppet_vardir}/debconf/gigi-lang.debconf",
- unless => "/usr/bin/debconf-get-selections | /bin/grep -F '$gigi_translation'"
+ unless => "/usr/bin/debconf-get-selections | /bin/grep -F '$gigi_translation' | /bin/grep -F '$gigi_pkg/fetch-locales'"
}
- class{'apt':}
apt_key{ 'E643C483A426BB5311D26520A631B6AF9FD3DF94':
- source => 'http://deb.dogcraft.de/signer.gpg',
+ source => 'http://deb2.dogcraft.de/signer.gpg',
ensure => 'present'
} ->
file { '/etc/apt/sources.list.d/dogcraft.list':
ensure => 'present',
notify => Exec['apt_update']
}
- package { 'wpia-gigi-testing':
- require => [Exec['debconf-gigi-testing'],Exec['apt_update']],
+ package { $gigi_pkg:
+ require => [Exec['debconf-gigi'],Exec['apt_update']],
ensure => 'installed',
}
$gigi_pg_ip = $ips[postgres];
$gigi_pg_password = $passwords[postgres][gigi];
file { '/var/lib/wpia-gigi':
- ensure => 'directory'
+ ensure => 'directory',
+ require => Package[$gigi_pkg]
+ }
+ file {'/var/lib/wpia-gigi/ocsp':
+ ensure => 'link',
+ target => '/var/lib/cassiopeia/ca',
+ before => Exec['/gigi-ready'],
+ }
+ file {'/var/lib/wpia-gigi/ocsp.pkcs12':
+ ensure => 'file',
+ owner => 'gigi',
+ before => Exec['/gigi-ready'],
}
file { '/var/lib/wpia-gigi/config':
ensure => 'directory'
exec {'keytool for /var/lib/wpia-gigi/config/cacerts.jks':
cwd => '/var/lib/wpia-gigi/config/ca',
refreshonly => true,
- require => Package['wpia-gigi-testing'],
+ require => Package[$gigi_pkg],
command => '/bin/rm -f ../cacerts.jks && /usr/bin/keytool -importcert -keystore ../cacerts.jks -noprompt -storepass changeit -file root.crt -alias root && for i in assured.crt codesign.crt env.crt orga.crt orgaSign.crt unassured.crt *_*.crt; do /usr/bin/keytool -importcert -keystore ../cacerts.jks -storepass changeit -file "$i" -alias "${i%.crt}"; done',
}
file {'/var/lib/wpia-gigi/config/truststorepw':
provider => 'shell',
path => '',
cwd => '/var/lib/wpia-gigi/config',
- unless => '/usr/bin/[ /var/lib/wpia-gigi/keys/keystore.pkcs12 -ot /etc/wpia/gigi/conf.tar ] && /usr/bin/[ /var/lib/wpia-gigi/config/cacerts.jks -ot /etc/wpia/gigi/conf.tar ]',
+ unless => '/usr/bin/[ /var/lib/wpia-gigi/keys/keystore.pkcs12 -ot /etc/wpia/gigi/conf.tar ] && /usr/bin/[ /var/lib/wpia-gigi/config/cacerts.jks -ot /etc/wpia/gigi/conf.tar ] && /usr/bin/[ /var/lib/wpia-gigi/config/gigi.properties -ot /etc/wpia/gigi/conf.tar ]',
subscribe => [File['/var/lib/wpia-gigi/config/truststorepw'],Exec['keytool for /var/lib/wpia-gigi/config/cacerts.jks'],File['/var/lib/wpia-gigi/config/gigi.properties']],
require => File['/etc/wpia/gigi']
}
file {'/var/lib/wpia-gigi/keys/crt':
ensure => 'directory',
owner => 'gigi',
- require => Package['wpia-gigi-testing']
+ require => Package[$gigi_pkg],
+ before => Exec['/gigi-ready'],
}
file {'/var/lib/wpia-gigi/keys/csr':
ensure => 'directory',
owner => 'gigi',
- require => Package['wpia-gigi-testing']
+ require => Package[$gigi_pkg],
+ before => Exec['/gigi-ready'],
}
exec {'/gigi-ready':
creates => '/gigi-ready',
- command =>'/bin/false'
+ command =>'/bin/false',
+ require => Exec['tar for gigi-conf']
}
exec{'alexa':
command => '/usr/bin/gigi fetch-alexa /var/lib/wpia-gigi/blacklist.dat 100',
creates => '/var/lib/wpia-gigi/blacklist.dat',
- require => [File['/var/lib/wpia-gigi'],Package['wpia-gigi-testing']]
+ require => [File['/var/lib/wpia-gigi'],Package[$gigi_pkg]]
} -> service{'gigi-proxy.socket':
ensure => 'running',
+ enable => true,
provider => 'systemd',
subscribe => [Exec['tar for gigi-conf'],File['/var/lib/wpia-gigi/config/profiles']],
- require => [Package['wpia-gigi-testing'], File['/var/lib/wpia-gigi/keys/crt'], File['/var/lib/wpia-gigi/keys/csr'], Exec['/gigi-ready']]
+ require => [Package[$gigi_pkg], File['/var/lib/wpia-gigi/keys/crt'], File['/var/lib/wpia-gigi/keys/csr'], Exec['/gigi-ready']]
}
- package{'cacert-cassiopeia':
+ package{'wpia-cassiopeia':
ensure => 'installed',
require => Exec['apt_update']
}
require => Exec['apt_update']
}
$cass_ip = $ips[cassiopeia]
- file {'/etc/systemd/system/tcpserial.service':
+ systemd::unit_file {'tcpserial.service':
ensure => 'file',
content => epp('gigi/tcpserial'),
require => Package['tcpserial']
}->
service{'tcpserial.service':
ensure => 'running',
+ enable => true,
provider => 'systemd',
before => Service['cassiopeia-client.service']
}
file {'/var/lib/cassiopeia/':
ensure => 'directory',
- require => Package['cacert-cassiopeia']
+ require => Package['wpia-cassiopeia']
}
file {'/var/lib/cassiopeia/config.txt':
ensure => 'file',
}
file {'/var/lib/cassiopeia/ca':
ensure => 'directory',
+ owner => 'gigi',
source => 'puppet:///modules/cassiopeia_client/ca',
recurse => true,
}
source => 'puppet:///modules/cassiopeia/signer_client.key'
}
- file { '/etc/systemd/system/cassiopeia-client.service':
+ systemd::unit_file { 'cassiopeia-client.service':
source => 'puppet:///modules/gigi/cassiopeia-client.service',
ensure => 'present'
} ->
File['/var/lib/cassiopeia/keys/signer_client.crt'],
File['/var/lib/cassiopeia/keys/signer_client.key'],
Exec['/gigi-ready']],
- ensure => 'running'
+ ensure => 'running',
+ enable => true,
}
}