X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=environments%2Fproduction%2Fmanifests%2Fgigi.pp;h=a1431aac9de528b86e14703fc46b116f5f5f371e;hb=95266f6237df2334741f3ce60050618259452ed4;hp=d90c73abf3a6952626f87b65c37f301defe0cace;hpb=5eaccabb5c60e0a94b4ddf119e0433d7192adc5c;p=infra.git diff --git a/environments/production/manifests/gigi.pp b/environments/production/manifests/gigi.pp index d90c73a..a1431aa 100644 --- a/environments/production/manifests/gigi.pp +++ b/environments/production/manifests/gigi.pp @@ -5,19 +5,22 @@ node gigi { file { "${::puppet_vardir}/debconf/": ensure => 'directory' } + $gigi_pkg = $testServer ? { + 'true' => 'wpia-gigi-testing', + default => 'wpia-gigi' + } file { "${::puppet_vardir}/debconf/gigi-lang.debconf": ensure => 'present', - content => "wpia-gigi-testing wpia-gigi-testing/fetch-locales-command string gigi fetch-locales $gigi_translation" + content => "$gigi_pkg $gigi_pkg/fetch-locales-command string gigi fetch-locales $gigi_translation" } -> - exec { 'debconf-gigi-testing': + exec { 'debconf-gigi': path => "/usr/bin", command => "/usr/bin/debconf-set-selections < ${::puppet_vardir}/debconf/gigi-lang.debconf", - unless => "/usr/bin/debconf-get-selections | /bin/grep -F '$gigi_translation'" + unless => "/usr/bin/debconf-get-selections | /bin/grep -F '$gigi_translation' | /bin/grep -F '$gigi_pkg/fetch-locales'" } - class{'apt':} apt_key{ 'E643C483A426BB5311D26520A631B6AF9FD3DF94': - source => 'http://deb.dogcraft.de/signer.gpg', + source => 'http://deb2.dogcraft.de/signer.gpg', ensure => 'present' } -> file { '/etc/apt/sources.list.d/dogcraft.list': @@ -25,14 +28,25 @@ node gigi { ensure => 'present', notify => Exec['apt_update'] } - package { 'wpia-gigi-testing': - require => [Exec['debconf-gigi-testing'],Exec['apt_update']], + package { $gigi_pkg: + require => [Exec['debconf-gigi'],Exec['apt_update']], ensure => 'installed', } $gigi_pg_ip = $ips[postgres]; $gigi_pg_password = $passwords[postgres][gigi]; file { '/var/lib/wpia-gigi': - ensure => 'directory' + ensure => 'directory', + require => Package[$gigi_pkg] + } + file {'/var/lib/wpia-gigi/ocsp': + ensure => 'link', + target => '/var/lib/cassiopeia/ca', + before => Exec['/gigi-ready'], + } + file {'/var/lib/wpia-gigi/ocsp.pkcs12': + ensure => 'file', + owner => 'gigi', + before => Exec['/gigi-ready'], } file { '/var/lib/wpia-gigi/config': ensure => 'directory' @@ -57,7 +71,7 @@ node gigi { exec {'keytool for /var/lib/wpia-gigi/config/cacerts.jks': cwd => '/var/lib/wpia-gigi/config/ca', refreshonly => true, - require => Package['wpia-gigi-testing'], + require => Package[$gigi_pkg], command => '/bin/rm -f ../cacerts.jks && /usr/bin/keytool -importcert -keystore ../cacerts.jks -noprompt -storepass changeit -file root.crt -alias root && for i in assured.crt codesign.crt env.crt orga.crt orgaSign.crt unassured.crt *_*.crt; do /usr/bin/keytool -importcert -keystore ../cacerts.jks -storepass changeit -file "$i" -alias "${i%.crt}"; done', } file {'/var/lib/wpia-gigi/config/truststorepw': @@ -88,12 +102,14 @@ node gigi { file {'/var/lib/wpia-gigi/keys/crt': ensure => 'directory', owner => 'gigi', - require => Package['wpia-gigi-testing'] + require => Package[$gigi_pkg], + before => Exec['/gigi-ready'], } file {'/var/lib/wpia-gigi/keys/csr': ensure => 'directory', owner => 'gigi', - require => Package['wpia-gigi-testing'] + require => Package[$gigi_pkg], + before => Exec['/gigi-ready'], } exec {'/gigi-ready': creates => '/gigi-ready', @@ -103,14 +119,15 @@ node gigi { exec{'alexa': command => '/usr/bin/gigi fetch-alexa /var/lib/wpia-gigi/blacklist.dat 100', creates => '/var/lib/wpia-gigi/blacklist.dat', - require => [File['/var/lib/wpia-gigi'],Package['wpia-gigi-testing']] + require => [File['/var/lib/wpia-gigi'],Package[$gigi_pkg]] } -> service{'gigi-proxy.socket': ensure => 'running', + enable => true, provider => 'systemd', subscribe => [Exec['tar for gigi-conf'],File['/var/lib/wpia-gigi/config/profiles']], - require => [Package['wpia-gigi-testing'], File['/var/lib/wpia-gigi/keys/crt'], File['/var/lib/wpia-gigi/keys/csr'], Exec['/gigi-ready']] + require => [Package[$gigi_pkg], File['/var/lib/wpia-gigi/keys/crt'], File['/var/lib/wpia-gigi/keys/csr'], Exec['/gigi-ready']] } - package{'cacert-cassiopeia': + package{'wpia-cassiopeia': ensure => 'installed', require => Exec['apt_update'] } @@ -120,13 +137,14 @@ if $signerLocation == 'self' { require => Exec['apt_update'] } $cass_ip = $ips[cassiopeia] - file {'/etc/systemd/system/tcpserial.service': + systemd::unit_file {'tcpserial.service': ensure => 'file', content => epp('gigi/tcpserial'), require => Package['tcpserial'] }-> service{'tcpserial.service': ensure => 'running', + enable => true, provider => 'systemd', before => Service['cassiopeia-client.service'] } @@ -139,7 +157,7 @@ if $signerLocation == 'self' { file {'/var/lib/cassiopeia/': ensure => 'directory', - require => Package['cacert-cassiopeia'] + require => Package['wpia-cassiopeia'] } file {'/var/lib/cassiopeia/config.txt': ensure => 'file', @@ -158,6 +176,7 @@ if $signerLocation == 'self' { } file {'/var/lib/cassiopeia/ca': ensure => 'directory', + owner => 'gigi', source => 'puppet:///modules/cassiopeia_client/ca', recurse => true, } @@ -179,7 +198,7 @@ if $signerLocation == 'self' { source => 'puppet:///modules/cassiopeia/signer_client.key' } - file { '/etc/systemd/system/cassiopeia-client.service': + systemd::unit_file { 'cassiopeia-client.service': source => 'puppet:///modules/gigi/cassiopeia-client.service', ensure => 'present' } -> @@ -193,7 +212,8 @@ if $signerLocation == 'self' { File['/var/lib/cassiopeia/keys/signer_client.crt'], File['/var/lib/cassiopeia/keys/signer_client.key'], Exec['/gigi-ready']], - ensure => 'running' + ensure => 'running', + enable => true, } }