4fdd12b7f5
In order to get the puppet module for storyboard up to a level where we can publish it to puppetforge, I did some work on it to create separate modules which can be used by anyone to install storyboard. - API and Webclient are now installed via storyboard::application, which assumes that you can provide the DB connection criteria. - storyboard::cert is now a separate class, which accepts either files or strings, which generates the SSL certificate and chain files for storyboard. - storyboard::params is our dependency checker. - storyboard::init will install a standalone, entirely self-contained instance of storyboard. - Added various puppet module files necessary for eventual deployment to puppetforge. - Added README.md documentation for later puppetforge addition. This patch also includes a new module: example42-puppi, which is a series of convenience utilities useful for deployment. For example, puppi::netinstall (used here) will fetch tarballs and zip files and extract them into a provided directory. It also contains changes to the storyboard configuration for the new refresh token support patch in #94363 Change-Id: I6ab8c24b308df38774fc0694d218dcb5022cd899
112 lines
3.4 KiB
Puppet
112 lines
3.4 KiB
Puppet
# Copyright (c) 2014 Hewlett-Packard Development Company, L.P.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
# == Class: storyboard::cert
|
|
#
|
|
# This module sets up the SSL certificate for storyboard, sourcing the content of the
|
|
# certificates either from a file or from a string. If included,
|
|
# it will be automatically detected within storyboard::application and the
|
|
# application will be hosted over https rather than http.
|
|
#
|
|
class storyboard::cert (
|
|
$ssl_cert_file = undef,
|
|
$ssl_cert_content = undef,
|
|
$ssl_cert = '/etc/ssl/certs/storyboard.pem',
|
|
|
|
$ssl_key_file = undef,
|
|
$ssl_key_content = undef,
|
|
$ssl_key = '/etc/ssl/private/storyboard.key',
|
|
|
|
$ssl_ca_file = undef,
|
|
$ssl_ca_content = undef,
|
|
$ssl_ca = undef, # '/etc/ssl/certs/ca.pem'
|
|
) {
|
|
|
|
if $ssl_cert_file != undef {
|
|
file { $ssl_cert:
|
|
owner => 'root',
|
|
group => 'ssl-cert',
|
|
mode => '0640',
|
|
source => $ssl_cert_file,
|
|
before => Class['storyboard::application'],
|
|
notify => Class['storyboard::application'],
|
|
}
|
|
}
|
|
elsif $ssl_cert_content != undef {
|
|
file { $ssl_cert:
|
|
owner => 'root',
|
|
group => 'ssl-cert',
|
|
mode => '0640',
|
|
content => $ssl_cert_content,
|
|
before => Class['storyboard::application'],
|
|
notify => Class['storyboard::application'],
|
|
}
|
|
}
|
|
else {
|
|
fail('When including storyboard::cert, you must define either $ssl_cert_file or $ssl_cert_content')
|
|
}
|
|
|
|
if $ssl_key_file != undef {
|
|
file { $ssl_key:
|
|
owner => 'root',
|
|
group => 'ssl-cert',
|
|
mode => '0640',
|
|
source => $ssl_key_file,
|
|
before => Class['storyboard::application'],
|
|
notify => Class['storyboard::application'],
|
|
}
|
|
}
|
|
elsif $ssl_key_content != undef {
|
|
file { $ssl_key:
|
|
owner => 'root',
|
|
group => 'ssl-cert',
|
|
mode => '0640',
|
|
content => $ssl_key_content,
|
|
before => Class['storyboard::application'],
|
|
notify => Class['storyboard::application'],
|
|
}
|
|
}
|
|
else {
|
|
fail('When including storyboard::cert, you must define either $ssl_key_file or $ssl_key_content')
|
|
}
|
|
|
|
# CA file needs special treatment, since we want the path variable
|
|
# to be undef in some cases.
|
|
if ($ssl_ca_file != undef or $ssl_ca_content != undef) and $ssl_ca == undef {
|
|
$resolved_ssl_ca = '/etc/ssl/certs/storyboard.ca.pem'
|
|
} else {
|
|
$resolved_ssl_ca = $ssl_ca
|
|
}
|
|
|
|
if $ssl_ca_file != undef {
|
|
file { $resolved_ssl_ca:
|
|
owner => 'root',
|
|
group => 'ssl-cert',
|
|
mode => '0640',
|
|
source => $ssl_ca_file,
|
|
before => Class['storyboard::application'],
|
|
notify => Class['storyboard::application'],
|
|
}
|
|
}
|
|
elsif $ssl_ca_content != undef {
|
|
file { $resolved_ssl_ca:
|
|
owner => 'root',
|
|
group => 'ssl-cert',
|
|
mode => '0640',
|
|
content => $ssl_ca_content,
|
|
before => Class['storyboard::application'],
|
|
notify => Class['storyboard::application'],
|
|
}
|
|
}
|
|
} |