Puppet Class: appserver::potentials

Defined in:
manifests/potentials.pp

Overview

Parameters:

  • deploykey (Any)
  • sp_entity_id (Any)
  • sp_cert (Any)
  • sp_key (Any) 


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
 
# File 'manifests/potentials.pp', line 1

class appserver::potentials (
  $deploykey,
  $sp_entity_id,
  $sp_cert,
  $sp_key,
) {

  @file { '/etc/environment':
    ensure => file,
    owner  => 'root',
    group  => 'root',
    mode   => '0644',
  }

  @file { '/etc/ssh/ssh_known_hosts':
    ensure => present,
    owner  => 'root',
    group  => 'root',
    mode   => '0644',
  }

  @file { $appserver::params::dir_conf_http:
    ensure  => directory,
    owner   => 'root',
    group   => 'root',
    mode    => '0700',
  }

  @file { $appserver::params::dir_conf_http_ssl:
    ensure  => directory,
    owner   => 'root',
    group   => 'root',
    mode    => '0700',
  }

  @group { $appserver::params::group_app_stewards:
    ensure => present,
  }

  @file { "/etc/sudoers.d/${appserver::params::group_app_stewards}":
    ensure  => file,
    content => "%${appserver::params::group_app_stewards} ALL = (root) NOPASSWD: /sbin/start nodejs_*, /sbin/stop nodejs_*, /usr/bin/forever, /usr/bin/grunt, /usr/bin/bower, /usr/bin/npm\n",
    owner   => 'root',
    group   => 'root',
    mode    => '0600',
  }

  @file { $appserver::params::basedir_apps:
    ensure => directory,
    owner  => 'root',
    group  => $appserver::params::group_app_stewards,
    mode   => '0775',
  }

  @file { $appserver::params::basedir_apps_logs:
    ensure => directory,
    owner  => 'root',
    group  => $appserver::params::group_app_stewards,
    mode   => '0775',
  }

  @file { $appserver::params::basedir_asset_deposits:
    ensure => directory,
    owner  => $appserver::params::reverseproxy_default_engine,
    group  => $appserver::params::reverseproxy_default_engine,
    mode   => '0700',
  }

  @file { "${appserver::params::automation_user_home}/.ssh/":
    ensure => directory,
    owner  => $appserver::params::automation_user,
    group  => $appserver::params::automation_user,
    mode   => '0700',
  }

  @concat { "${appserver::params::automation_user_home}/.ssh/config":
    owner  => $appserver::params::automation_user,
    group  => $appserver::params::automation_user,
    mode   => '0600',
  }


  @appserver::appsource::vcs::engine { 'git': }
  @appserver::appsource::vcs::engine { 'mercurial': }

  #TODO: Add virtual github resource. ----- @@rhbecker
  @appserver::appsource::vcs::origin { 'bitbucket.org':
    deploykey    => $deploykey,
    sshkey       => 'AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw==',
    host_aliases => ['131.103.20.167', '131.103.20.168', '131.103.20.169', '131.103.20.170', ],
  }

  @package { 'upstart':
    ensure => installed,
  }

  @appserver::appsource::deploytool { 'npm': }
  @appserver::appsource::deploytool { 'grunt-cli': }
  @appserver::appsource::deploytool { 'bower': }
  @appserver::appsource::deploytool { 'composer': }
  @appserver::appsource::deploytool { 'sass': }

  @appserver::persistence::relationaldb { 'mysql':
    rootpw => '&1<m&1v7-=5<S(*',
  }

  @appserver::authentication::shibboleth { 'uw':
    idp_entity_id             => 'urn:mace:incommon:washington.edu',
    idp_metadata_uri          => 'http://md.incommon.org/InCommon/InCommon-metadata.xml',
    idp_metadata_backing      => 'InCommon-metadata.xml',
    sp_entity_id              => $sp_entity_id,
    sp_cert                   => $sp_cert,
    sp_key                    => $sp_key,
    sp_remote_user_attributes => 'uwnetid eppn persistent-id targeted-id',
    sp_support_contact        => 'oris@uw.edu',
    sp_mapped_attributes      => ['uwnetid', 'eppn', 'unscoped-affiliation', 'scoped-affiliation', 'gws_groups', ],
    sp_force_authn            => true,
    idp_sig_cert_name         => 'inc-md-cert.pem',
    logout_redirect_uri       => 'https://idp.u.washington.edu/idp/logout',
  }

  @nginx::resource::logformat { 'canonical':
    format => '$remote_addr "$http_remote_user" [$time_local] "$request" $status $bytes_sent "$http_referer" "$http_user_agent" $request_time $upstream_response_time',
  }

  @nginx::resource::logformat { 'noncanonical':
    format => '$remote_addr "$http_remote_user" [$time_local] "$request" $status $bytes_sent "$http_referer" "$http_user_agent" $request_time $upstream_response_time $scheme $server_name',
  }

  Group<| name == $appserver::params::group_app_stewards |> -> File<| group == $appserver::params::group_app_stewards |>

}