From d6d496a7ab3d01550f25e48581ae7e53e559f42d Mon Sep 17 00:00:00 2001 From: Johan Lundberg Date: Mon, 30 Mar 2015 17:19:16 +0200 Subject: Added more docker images to sto-tug-kvm2. --- global/overlay/etc/puppet/manifests/cosmos-site.pp | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp index a519ccf..b4ea64d 100644 --- a/global/overlay/etc/puppet/manifests/cosmos-site.pp +++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp @@ -698,6 +698,8 @@ node 'cdr1.sunet.se' { node 'sto-tug-kvm2.swamid.se' { docker::image {'docker.sunet.se/flog/postgresql-9.3': } + docker::image {'docker.sunet.se/flog/nginx': } + docker::image {'docker.sunet.se/flog/flog_app': } file {'/opt/docker/postgresql_data': ensure => 'directory', } @@ -708,6 +710,19 @@ node 'sto-tug-kvm2.swamid.se' { image => 'docker.sunet.se/flog/postgresql-9.3', use_name => true, volumes => ['/opt/docker/postgresql_data/:/var/lib/postgresql/','/var/log/flog_db/:/var/log/postgresql/'], + } -> + docker::run {'flog_app': + image => 'docker.sunet.se/flog/flog_app', + use_name => true, + links => ['flog_db:flog_db'], + volumes => ['/opt/flog/dotenv:/opt/flog/.env','/var/log/flog/:/opt/flog/logs/'], + } -> + docker::run {'flog_nginx': + image => 'docker.sunet.se/flog/nginx', + use_name => true, + ports => ['80:80', '443:443'], + links => ['flog_app:flog_app'], + volumes => ['/opt/flog/nginx/sites-enabled/:/etc/nginx/sites-enabled/','/opt/flog/nginx/certs/:/etc/nginx/certs', '/var/log/flog_nginx/:/var/log/nginx'], } } -- cgit v1.1 From d3ba9e646a7f4263f00ae694a410452555d03055 Mon Sep 17 00:00:00 2001 From: Fredrik Thulin Date: Tue, 31 Mar 2015 08:45:12 +0200 Subject: certification request for -c from ca.sunet.se:infra --- .../overlay/var/lib/ca/infra/requests/-c.csr | 27 ++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 ca.sunet.se/overlay/var/lib/ca/infra/requests/-c.csr diff --git a/ca.sunet.se/overlay/var/lib/ca/infra/requests/-c.csr b/ca.sunet.se/overlay/var/lib/ca/infra/requests/-c.csr new file mode 100644 index 0000000..4ea75a7 --- /dev/null +++ b/ca.sunet.se/overlay/var/lib/ca/infra/requests/-c.csr @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEjzCCAncCAQAwKjELMAkGA1UEBhMCU0UxDjAMBgNVBAoTBVNVTkVUMQswCQYD +VQQDEwItYzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKlfTop49pE1 +XANMzZ5/vB9RoQrCoVSWY8BTT5t+s4sprq5oeumZ5utrjT/B9jMLASUKFz4OhC48 +3TKDxWTLQ/KGxptPhZDguVgxn/kxruP7rtH9HuIlT+B5TyIw3FhBPqhBV/jtXCsa +2H22k0HNVrbNLju+VNpKYZo/yrWddyBeLo3inxtK6bSUSEaAH/4WaE9r0NyAzjCq +Wd1JfKuPOEkis/87NhYcD3gAOpDSfDilb4vs/IQ3FFNHnD4VCAiH9EwPgf5E8Fxm +ZDc55HGIbx6XSaztQ52w9pKBwncCor/tjYimDuKmI9hnOHo8e8pZezlA7i6i/04r +R5WXkxWq1zCscN+Y57jTYaO1Z5yynMAtV2ZsE+AmldTW1pt7wOCah7OHvVkepaCi +2pWKBQMsBF636jREtorc9YbZABX80ai3NoWfwTB/VlqIlc0qaDwjsUJaMkEv+EJY +MNpmtdqQ9Q2om814MXZrmKv1W2AqCXaG2w2kCfcxXz0McapVmi2S6uhmOwGoJrDc +3oAiebHA5gmKvYEhrBVmAKgaA64koWOvv9t4FbKHVTE2B0VEZiQ5uFbsn5hn2w2r +Ahm/HbsjWZAK+ozxZOLcqm6KCz3brjqnn6p04mJh7Xl8of4L4MdsD3ewc+vYYhsR +o3Q3YD/iV89G4MdY8MRAALdjAMwzCwgxAgMBAAGgIDAeBgkqhkiG9w0BCQ4xETAP +MA0GA1UdEQQGMASCAi1jMA0GCSqGSIb3DQEBCwUAA4ICAQChsvCaJGYXuVgIB55w +9wdIBio1GVP76j0ZGhxTSNx1zR+lXsCYnc1Hct2Le2UoZ1VEneHTl92vzHRM+5Nf +sBcCvWKgpxWWUp0tQ6sSKyuO/ziJyfh23B3wvjMipFcBAnEgU5ika7nVh3rtKBDo +xR9zprvJ+vu18VNbLuWrs6hfGA+0gR8zWX9st/v1RAADDEqaCugjwPceXOu81Tg8 +5Mo25kdiC6MjVKmeICl1xA/TqsO5nhD3tNdvoNIgr4hroN/j7oVVFyfAIL0xGNLf +oBnShDtVKrY9tvQd89u9iQbDWyPichEIohqpdNPqsViNroeggwRdGC1D7frToSor +x0j3RZCTKlM6F7+OLYD8pxLEgiOg5tEyPYQQQBMkPeqA0qZLrm9zqvSwsHAXz4Nq +i0mmIa/L1267DEweJTQwWuKGD10oHUHTxNRsEpuDcHAYPRjs1bMqd1gyCEBtr7ps +y83S218IKGRC7JFJpqDWYvRr+qZ65XxQu/gXgUtc7DPRQ8EJjGiQ8iaxS1AKET7X +mJz/DtUw5ZNBWQxYWunv5IarVG/InPoO4eaKGD+kBSvwc/QLUUzPzlULffbaqPv3 +6pyUulOWtYz10d4WToyJSKsUK6VCYom85K0dU5Ypw8lsAAeD/7iyfnK1zpXpPtIu +Y4ioMulh2YHZcxkYRByopQLFZg== +-----END CERTIFICATE REQUEST----- -- cgit v1.1 From 9fd62e1c4294ae8c1921aefd41d55f2e70816dd6 Mon Sep 17 00:00:00 2001 From: Fredrik Thulin Date: Tue, 31 Mar 2015 08:46:21 +0200 Subject: rename --- .../overlay/var/lib/ca/infra/requests/-c.csr | 27 ---------------------- .../overlay/var/lib/ca/infra/requests/ft-c.csr | 27 ++++++++++++++++++++++ 2 files changed, 27 insertions(+), 27 deletions(-) delete mode 100644 ca.sunet.se/overlay/var/lib/ca/infra/requests/-c.csr create mode 100644 ca.sunet.se/overlay/var/lib/ca/infra/requests/ft-c.csr diff --git a/ca.sunet.se/overlay/var/lib/ca/infra/requests/-c.csr b/ca.sunet.se/overlay/var/lib/ca/infra/requests/-c.csr deleted file mode 100644 index 4ea75a7..0000000 --- a/ca.sunet.se/overlay/var/lib/ca/infra/requests/-c.csr +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIIEjzCCAncCAQAwKjELMAkGA1UEBhMCU0UxDjAMBgNVBAoTBVNVTkVUMQswCQYD -VQQDEwItYzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKlfTop49pE1 -XANMzZ5/vB9RoQrCoVSWY8BTT5t+s4sprq5oeumZ5utrjT/B9jMLASUKFz4OhC48 -3TKDxWTLQ/KGxptPhZDguVgxn/kxruP7rtH9HuIlT+B5TyIw3FhBPqhBV/jtXCsa -2H22k0HNVrbNLju+VNpKYZo/yrWddyBeLo3inxtK6bSUSEaAH/4WaE9r0NyAzjCq -Wd1JfKuPOEkis/87NhYcD3gAOpDSfDilb4vs/IQ3FFNHnD4VCAiH9EwPgf5E8Fxm -ZDc55HGIbx6XSaztQ52w9pKBwncCor/tjYimDuKmI9hnOHo8e8pZezlA7i6i/04r -R5WXkxWq1zCscN+Y57jTYaO1Z5yynMAtV2ZsE+AmldTW1pt7wOCah7OHvVkepaCi -2pWKBQMsBF636jREtorc9YbZABX80ai3NoWfwTB/VlqIlc0qaDwjsUJaMkEv+EJY -MNpmtdqQ9Q2om814MXZrmKv1W2AqCXaG2w2kCfcxXz0McapVmi2S6uhmOwGoJrDc -3oAiebHA5gmKvYEhrBVmAKgaA64koWOvv9t4FbKHVTE2B0VEZiQ5uFbsn5hn2w2r -Ahm/HbsjWZAK+ozxZOLcqm6KCz3brjqnn6p04mJh7Xl8of4L4MdsD3ewc+vYYhsR -o3Q3YD/iV89G4MdY8MRAALdjAMwzCwgxAgMBAAGgIDAeBgkqhkiG9w0BCQ4xETAP -MA0GA1UdEQQGMASCAi1jMA0GCSqGSIb3DQEBCwUAA4ICAQChsvCaJGYXuVgIB55w -9wdIBio1GVP76j0ZGhxTSNx1zR+lXsCYnc1Hct2Le2UoZ1VEneHTl92vzHRM+5Nf -sBcCvWKgpxWWUp0tQ6sSKyuO/ziJyfh23B3wvjMipFcBAnEgU5ika7nVh3rtKBDo -xR9zprvJ+vu18VNbLuWrs6hfGA+0gR8zWX9st/v1RAADDEqaCugjwPceXOu81Tg8 -5Mo25kdiC6MjVKmeICl1xA/TqsO5nhD3tNdvoNIgr4hroN/j7oVVFyfAIL0xGNLf -oBnShDtVKrY9tvQd89u9iQbDWyPichEIohqpdNPqsViNroeggwRdGC1D7frToSor -x0j3RZCTKlM6F7+OLYD8pxLEgiOg5tEyPYQQQBMkPeqA0qZLrm9zqvSwsHAXz4Nq -i0mmIa/L1267DEweJTQwWuKGD10oHUHTxNRsEpuDcHAYPRjs1bMqd1gyCEBtr7ps -y83S218IKGRC7JFJpqDWYvRr+qZ65XxQu/gXgUtc7DPRQ8EJjGiQ8iaxS1AKET7X -mJz/DtUw5ZNBWQxYWunv5IarVG/InPoO4eaKGD+kBSvwc/QLUUzPzlULffbaqPv3 -6pyUulOWtYz10d4WToyJSKsUK6VCYom85K0dU5Ypw8lsAAeD/7iyfnK1zpXpPtIu -Y4ioMulh2YHZcxkYRByopQLFZg== ------END CERTIFICATE REQUEST----- diff --git a/ca.sunet.se/overlay/var/lib/ca/infra/requests/ft-c.csr b/ca.sunet.se/overlay/var/lib/ca/infra/requests/ft-c.csr new file mode 100644 index 0000000..4ea75a7 --- /dev/null +++ b/ca.sunet.se/overlay/var/lib/ca/infra/requests/ft-c.csr @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEjzCCAncCAQAwKjELMAkGA1UEBhMCU0UxDjAMBgNVBAoTBVNVTkVUMQswCQYD +VQQDEwItYzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKlfTop49pE1 +XANMzZ5/vB9RoQrCoVSWY8BTT5t+s4sprq5oeumZ5utrjT/B9jMLASUKFz4OhC48 +3TKDxWTLQ/KGxptPhZDguVgxn/kxruP7rtH9HuIlT+B5TyIw3FhBPqhBV/jtXCsa +2H22k0HNVrbNLju+VNpKYZo/yrWddyBeLo3inxtK6bSUSEaAH/4WaE9r0NyAzjCq +Wd1JfKuPOEkis/87NhYcD3gAOpDSfDilb4vs/IQ3FFNHnD4VCAiH9EwPgf5E8Fxm +ZDc55HGIbx6XSaztQ52w9pKBwncCor/tjYimDuKmI9hnOHo8e8pZezlA7i6i/04r +R5WXkxWq1zCscN+Y57jTYaO1Z5yynMAtV2ZsE+AmldTW1pt7wOCah7OHvVkepaCi +2pWKBQMsBF636jREtorc9YbZABX80ai3NoWfwTB/VlqIlc0qaDwjsUJaMkEv+EJY +MNpmtdqQ9Q2om814MXZrmKv1W2AqCXaG2w2kCfcxXz0McapVmi2S6uhmOwGoJrDc +3oAiebHA5gmKvYEhrBVmAKgaA64koWOvv9t4FbKHVTE2B0VEZiQ5uFbsn5hn2w2r +Ahm/HbsjWZAK+ozxZOLcqm6KCz3brjqnn6p04mJh7Xl8of4L4MdsD3ewc+vYYhsR +o3Q3YD/iV89G4MdY8MRAALdjAMwzCwgxAgMBAAGgIDAeBgkqhkiG9w0BCQ4xETAP +MA0GA1UdEQQGMASCAi1jMA0GCSqGSIb3DQEBCwUAA4ICAQChsvCaJGYXuVgIB55w +9wdIBio1GVP76j0ZGhxTSNx1zR+lXsCYnc1Hct2Le2UoZ1VEneHTl92vzHRM+5Nf +sBcCvWKgpxWWUp0tQ6sSKyuO/ziJyfh23B3wvjMipFcBAnEgU5ika7nVh3rtKBDo +xR9zprvJ+vu18VNbLuWrs6hfGA+0gR8zWX9st/v1RAADDEqaCugjwPceXOu81Tg8 +5Mo25kdiC6MjVKmeICl1xA/TqsO5nhD3tNdvoNIgr4hroN/j7oVVFyfAIL0xGNLf +oBnShDtVKrY9tvQd89u9iQbDWyPichEIohqpdNPqsViNroeggwRdGC1D7frToSor +x0j3RZCTKlM6F7+OLYD8pxLEgiOg5tEyPYQQQBMkPeqA0qZLrm9zqvSwsHAXz4Nq +i0mmIa/L1267DEweJTQwWuKGD10oHUHTxNRsEpuDcHAYPRjs1bMqd1gyCEBtr7ps +y83S218IKGRC7JFJpqDWYvRr+qZ65XxQu/gXgUtc7DPRQ8EJjGiQ8iaxS1AKET7X +mJz/DtUw5ZNBWQxYWunv5IarVG/InPoO4eaKGD+kBSvwc/QLUUzPzlULffbaqPv3 +6pyUulOWtYz10d4WToyJSKsUK6VCYom85K0dU5Ypw8lsAAeD/7iyfnK1zpXpPtIu +Y4ioMulh2YHZcxkYRByopQLFZg== +-----END CERTIFICATE REQUEST----- -- cgit v1.1 From 05b8a51e6ef6ee7e2db8af0fecfc8840bcb58652 Mon Sep 17 00:00:00 2001 From: Fredrik Thulin Date: Tue, 31 Mar 2015 09:18:06 +0200 Subject: argument parsing piff-up --- scripts/mkreq | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/scripts/mkreq b/scripts/mkreq index 4493867..c5e8e9f 100755 --- a/scripts/mkreq +++ b/scripts/mkreq @@ -1,6 +1,5 @@ #!/bin/sh -host="$1"; shift ca_host="ca.sunet.se" ca_name="infra" type="" @@ -22,14 +21,21 @@ Usage: mkreq [-v] [-s*] [-c] [-C ] [-N ] [--] " 1>&2 } +if [ "x$1" = "x" ]; then + usage + exit 1 +fi + { while test $# -gt 0; do case "$1" in -s) type="server" + shift ;; -c) type="client" + shift ;; -C) ca_host="$2" @@ -46,11 +52,25 @@ Usage: mkreq [-v] [-s*] [-c] [-C ] [-N ] [--] --) break ;; + *) + echo $1 | grep -q '^-' || break # found the fqdn + echo "$0: Unknown option $1" + echo "" + usage + exit 1 esac - shift done } +host="$1" + +if [ "x$host" = "x" ]; then + echo "$0: No fqdn supplied" + echo "" + usage + exit 1 +fi + if [ -d $host -a -z $type ]; then type="server" fi -- cgit v1.1 From c965e38c98aacd87e0bda1d34bb1d1f53cf0322a Mon Sep 17 00:00:00 2001 From: Fredrik Thulin Date: Tue, 31 Mar 2015 09:22:54 +0200 Subject: move CSR to right directory --- .../var/lib/ca/infra/requests/client/ft-c.csr | 27 ++++++++++++++++++++++ .../overlay/var/lib/ca/infra/requests/ft-c.csr | 27 ---------------------- 2 files changed, 27 insertions(+), 27 deletions(-) create mode 100644 ca.sunet.se/overlay/var/lib/ca/infra/requests/client/ft-c.csr delete mode 100644 ca.sunet.se/overlay/var/lib/ca/infra/requests/ft-c.csr diff --git a/ca.sunet.se/overlay/var/lib/ca/infra/requests/client/ft-c.csr b/ca.sunet.se/overlay/var/lib/ca/infra/requests/client/ft-c.csr new file mode 100644 index 0000000..4ea75a7 --- /dev/null +++ b/ca.sunet.se/overlay/var/lib/ca/infra/requests/client/ft-c.csr @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEjzCCAncCAQAwKjELMAkGA1UEBhMCU0UxDjAMBgNVBAoTBVNVTkVUMQswCQYD +VQQDEwItYzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKlfTop49pE1 +XANMzZ5/vB9RoQrCoVSWY8BTT5t+s4sprq5oeumZ5utrjT/B9jMLASUKFz4OhC48 +3TKDxWTLQ/KGxptPhZDguVgxn/kxruP7rtH9HuIlT+B5TyIw3FhBPqhBV/jtXCsa +2H22k0HNVrbNLju+VNpKYZo/yrWddyBeLo3inxtK6bSUSEaAH/4WaE9r0NyAzjCq +Wd1JfKuPOEkis/87NhYcD3gAOpDSfDilb4vs/IQ3FFNHnD4VCAiH9EwPgf5E8Fxm +ZDc55HGIbx6XSaztQ52w9pKBwncCor/tjYimDuKmI9hnOHo8e8pZezlA7i6i/04r +R5WXkxWq1zCscN+Y57jTYaO1Z5yynMAtV2ZsE+AmldTW1pt7wOCah7OHvVkepaCi +2pWKBQMsBF636jREtorc9YbZABX80ai3NoWfwTB/VlqIlc0qaDwjsUJaMkEv+EJY +MNpmtdqQ9Q2om814MXZrmKv1W2AqCXaG2w2kCfcxXz0McapVmi2S6uhmOwGoJrDc +3oAiebHA5gmKvYEhrBVmAKgaA64koWOvv9t4FbKHVTE2B0VEZiQ5uFbsn5hn2w2r +Ahm/HbsjWZAK+ozxZOLcqm6KCz3brjqnn6p04mJh7Xl8of4L4MdsD3ewc+vYYhsR +o3Q3YD/iV89G4MdY8MRAALdjAMwzCwgxAgMBAAGgIDAeBgkqhkiG9w0BCQ4xETAP +MA0GA1UdEQQGMASCAi1jMA0GCSqGSIb3DQEBCwUAA4ICAQChsvCaJGYXuVgIB55w +9wdIBio1GVP76j0ZGhxTSNx1zR+lXsCYnc1Hct2Le2UoZ1VEneHTl92vzHRM+5Nf +sBcCvWKgpxWWUp0tQ6sSKyuO/ziJyfh23B3wvjMipFcBAnEgU5ika7nVh3rtKBDo +xR9zprvJ+vu18VNbLuWrs6hfGA+0gR8zWX9st/v1RAADDEqaCugjwPceXOu81Tg8 +5Mo25kdiC6MjVKmeICl1xA/TqsO5nhD3tNdvoNIgr4hroN/j7oVVFyfAIL0xGNLf +oBnShDtVKrY9tvQd89u9iQbDWyPichEIohqpdNPqsViNroeggwRdGC1D7frToSor +x0j3RZCTKlM6F7+OLYD8pxLEgiOg5tEyPYQQQBMkPeqA0qZLrm9zqvSwsHAXz4Nq +i0mmIa/L1267DEweJTQwWuKGD10oHUHTxNRsEpuDcHAYPRjs1bMqd1gyCEBtr7ps +y83S218IKGRC7JFJpqDWYvRr+qZ65XxQu/gXgUtc7DPRQ8EJjGiQ8iaxS1AKET7X +mJz/DtUw5ZNBWQxYWunv5IarVG/InPoO4eaKGD+kBSvwc/QLUUzPzlULffbaqPv3 +6pyUulOWtYz10d4WToyJSKsUK6VCYom85K0dU5Ypw8lsAAeD/7iyfnK1zpXpPtIu +Y4ioMulh2YHZcxkYRByopQLFZg== +-----END CERTIFICATE REQUEST----- diff --git a/ca.sunet.se/overlay/var/lib/ca/infra/requests/ft-c.csr b/ca.sunet.se/overlay/var/lib/ca/infra/requests/ft-c.csr deleted file mode 100644 index 4ea75a7..0000000 --- a/ca.sunet.se/overlay/var/lib/ca/infra/requests/ft-c.csr +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIIEjzCCAncCAQAwKjELMAkGA1UEBhMCU0UxDjAMBgNVBAoTBVNVTkVUMQswCQYD -VQQDEwItYzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKlfTop49pE1 -XANMzZ5/vB9RoQrCoVSWY8BTT5t+s4sprq5oeumZ5utrjT/B9jMLASUKFz4OhC48 -3TKDxWTLQ/KGxptPhZDguVgxn/kxruP7rtH9HuIlT+B5TyIw3FhBPqhBV/jtXCsa -2H22k0HNVrbNLju+VNpKYZo/yrWddyBeLo3inxtK6bSUSEaAH/4WaE9r0NyAzjCq -Wd1JfKuPOEkis/87NhYcD3gAOpDSfDilb4vs/IQ3FFNHnD4VCAiH9EwPgf5E8Fxm -ZDc55HGIbx6XSaztQ52w9pKBwncCor/tjYimDuKmI9hnOHo8e8pZezlA7i6i/04r -R5WXkxWq1zCscN+Y57jTYaO1Z5yynMAtV2ZsE+AmldTW1pt7wOCah7OHvVkepaCi -2pWKBQMsBF636jREtorc9YbZABX80ai3NoWfwTB/VlqIlc0qaDwjsUJaMkEv+EJY -MNpmtdqQ9Q2om814MXZrmKv1W2AqCXaG2w2kCfcxXz0McapVmi2S6uhmOwGoJrDc -3oAiebHA5gmKvYEhrBVmAKgaA64koWOvv9t4FbKHVTE2B0VEZiQ5uFbsn5hn2w2r -Ahm/HbsjWZAK+ozxZOLcqm6KCz3brjqnn6p04mJh7Xl8of4L4MdsD3ewc+vYYhsR -o3Q3YD/iV89G4MdY8MRAALdjAMwzCwgxAgMBAAGgIDAeBgkqhkiG9w0BCQ4xETAP -MA0GA1UdEQQGMASCAi1jMA0GCSqGSIb3DQEBCwUAA4ICAQChsvCaJGYXuVgIB55w -9wdIBio1GVP76j0ZGhxTSNx1zR+lXsCYnc1Hct2Le2UoZ1VEneHTl92vzHRM+5Nf -sBcCvWKgpxWWUp0tQ6sSKyuO/ziJyfh23B3wvjMipFcBAnEgU5ika7nVh3rtKBDo -xR9zprvJ+vu18VNbLuWrs6hfGA+0gR8zWX9st/v1RAADDEqaCugjwPceXOu81Tg8 -5Mo25kdiC6MjVKmeICl1xA/TqsO5nhD3tNdvoNIgr4hroN/j7oVVFyfAIL0xGNLf -oBnShDtVKrY9tvQd89u9iQbDWyPichEIohqpdNPqsViNroeggwRdGC1D7frToSor -x0j3RZCTKlM6F7+OLYD8pxLEgiOg5tEyPYQQQBMkPeqA0qZLrm9zqvSwsHAXz4Nq -i0mmIa/L1267DEweJTQwWuKGD10oHUHTxNRsEpuDcHAYPRjs1bMqd1gyCEBtr7ps -y83S218IKGRC7JFJpqDWYvRr+qZ65XxQu/gXgUtc7DPRQ8EJjGiQ8iaxS1AKET7X -mJz/DtUw5ZNBWQxYWunv5IarVG/InPoO4eaKGD+kBSvwc/QLUUzPzlULffbaqPv3 -6pyUulOWtYz10d4WToyJSKsUK6VCYom85K0dU5Ypw8lsAAeD/7iyfnK1zpXpPtIu -Y4ioMulh2YHZcxkYRByopQLFZg== ------END CERTIFICATE REQUEST----- -- cgit v1.1 From 0fc39fd18b57d9fe651d9a176927e5ae3eb517ed Mon Sep 17 00:00:00 2001 From: Fredrik Thulin Date: Tue, 31 Mar 2015 09:23:35 +0200 Subject: Use mktemp plain to use system default TMPDIR. Hopefully, TMPDIR points to a ramdisk. --- scripts/mkreq | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/mkreq b/scripts/mkreq index c5e8e9f..2b59f52 100755 --- a/scripts/mkreq +++ b/scripts/mkreq @@ -77,8 +77,8 @@ fi cfg=`mktemp` -key="/tmp/$host.key" -csr="/tmp/$host.csr" +key=`mktemp` +csr=`mktemp` trap 'rm -f $cfg' EXIT -- cgit v1.1 From 17d595dc4e90d6b64ed75de11c04236a2444fa0c Mon Sep 17 00:00:00 2001 From: Fredrik Thulin Date: Tue, 31 Mar 2015 09:23:50 +0200 Subject: Remove generated key from disk, after printing it. --- scripts/mkreq | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/scripts/mkreq b/scripts/mkreq index 2b59f52..44aaddc 100755 --- a/scripts/mkreq +++ b/scripts/mkreq @@ -15,7 +15,7 @@ Usage: mkreq [-v] [-s*] [-c] [-C ] [-N ] [--] -c request client cert -C ca host (ca.sunet.se) -N ca name (infra) - + fully qualified name of host " 1>&2 @@ -110,6 +110,12 @@ git add "$reqs/$host.csr" && git commit -m "certification request for $host from if [ -d $host ]; then ssh root@$host mkdir -p /etc/ssl/private && scp "$key" "root@$host:/etc/ssl/private/${host}_${ca_name}.key" && rm -f "$key" && echo "** private key given to $host" || echo "** private key left in $key - should be in root@$host:/etc/ssl/private/${host}_${ca_name}.key" +else + echo "" + echo "** Generated the following RSA key, keep it safe:" + cat $key + rm -f $key + echo "" fi echo "** successfully generated key and certification request for $host from $ca_host:$ca_name" -- cgit v1.1 From d8a536feeec9a5fcebfaa5f587dbf87dcdee76a3 Mon Sep 17 00:00:00 2001 From: Johan Lundberg Date: Tue, 31 Mar 2015 10:38:57 +0200 Subject: Trying to use dns instead of link --- global/overlay/etc/puppet/manifests/cosmos-site.pp | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp index b4ea64d..11e8287 100644 --- a/global/overlay/etc/puppet/manifests/cosmos-site.pp +++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp @@ -697,16 +697,15 @@ node 'cdr1.sunet.se' { } node 'sto-tug-kvm2.swamid.se' { - docker::image {'docker.sunet.se/flog/postgresql-9.3': } - docker::image {'docker.sunet.se/flog/nginx': } - docker::image {'docker.sunet.se/flog/flog_app': } + #class { 'fail2ban': } file {'/opt/docker/postgresql_data': - ensure => 'directory', - } + ensure => 'directory', + } -> file {'/var/log/flog_db': ensure => 'directory', - } - docker::run {'flog_db': + } -> + class { 'sunet::dockerhost': } -> + sunet::docker_run {'flog_db': image => 'docker.sunet.se/flog/postgresql-9.3', use_name => true, volumes => ['/opt/docker/postgresql_data/:/var/lib/postgresql/','/var/log/flog_db/:/var/log/postgresql/'], @@ -714,14 +713,12 @@ node 'sto-tug-kvm2.swamid.se' { docker::run {'flog_app': image => 'docker.sunet.se/flog/flog_app', use_name => true, - links => ['flog_db:flog_db'], volumes => ['/opt/flog/dotenv:/opt/flog/.env','/var/log/flog/:/opt/flog/logs/'], } -> docker::run {'flog_nginx': image => 'docker.sunet.se/flog/nginx', use_name => true, ports => ['80:80', '443:443'], - links => ['flog_app:flog_app'], volumes => ['/opt/flog/nginx/sites-enabled/:/etc/nginx/sites-enabled/','/opt/flog/nginx/certs/:/etc/nginx/certs', '/var/log/flog_nginx/:/var/log/nginx'], } } -- cgit v1.1 From 64d24f65a2efb1e81225fe289701d24bfe9aa11c Mon Sep 17 00:00:00 2001 From: Johan Lundberg Date: Tue, 31 Mar 2015 10:40:36 +0200 Subject: Invalid parameter use_name --- global/overlay/etc/puppet/manifests/cosmos-site.pp | 3 --- 1 file changed, 3 deletions(-) diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp index 11e8287..942ac77 100644 --- a/global/overlay/etc/puppet/manifests/cosmos-site.pp +++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp @@ -707,17 +707,14 @@ node 'sto-tug-kvm2.swamid.se' { class { 'sunet::dockerhost': } -> sunet::docker_run {'flog_db': image => 'docker.sunet.se/flog/postgresql-9.3', - use_name => true, volumes => ['/opt/docker/postgresql_data/:/var/lib/postgresql/','/var/log/flog_db/:/var/log/postgresql/'], } -> docker::run {'flog_app': image => 'docker.sunet.se/flog/flog_app', - use_name => true, volumes => ['/opt/flog/dotenv:/opt/flog/.env','/var/log/flog/:/opt/flog/logs/'], } -> docker::run {'flog_nginx': image => 'docker.sunet.se/flog/nginx', - use_name => true, ports => ['80:80', '443:443'], volumes => ['/opt/flog/nginx/sites-enabled/:/etc/nginx/sites-enabled/','/opt/flog/nginx/certs/:/etc/nginx/certs', '/var/log/flog_nginx/:/var/log/nginx'], } -- cgit v1.1 From 84241ebd52192666d49d0e7fceedd850a00bd018 Mon Sep 17 00:00:00 2001 From: Johan Lundberg Date: Tue, 31 Mar 2015 10:52:34 +0200 Subject: update db --- global/overlay/etc/puppet/cosmos-db.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/global/overlay/etc/puppet/cosmos-db.yaml b/global/overlay/etc/puppet/cosmos-db.yaml index d8a83ca..a84fd5f 100644 --- a/global/overlay/etc/puppet/cosmos-db.yaml +++ b/global/overlay/etc/puppet/cosmos-db.yaml @@ -89,9 +89,9 @@ classes: sunetops: null swamidops: null sto-tug-kvm2.swamid.se: - dockerhost: null mailclient: *id002 sshaccess: null + sunet::dockerhost: null sunetops: null swamidops: null webserver: null @@ -138,7 +138,7 @@ members: lobo2.lab.sunet.se] docker_signer: [mdx2.swamid.se] dockerhost: [www2.eduid.se, reep.tid.isoc.org, datasets.sunet.se, mdx1.swamid.se, - mdx2.swamid.se, sto-tug-kvm2.swamid.se, docker.sunet.se, registry.swamid.se] + mdx2.swamid.se, docker.sunet.se, registry.swamid.se] entropyserver: [random1.nordu.net, random2.nordu.net] mailclient: [ca.sunet.se, cdr1.sunet.se, web-f1.sunet.se, web-db2.sunet.se, sto-tug-kvm-lab2.swamid.se, datasets.sunet.se, mdx1.swamid.se, sto-tug-kvm-lab1.swamid.se, web-a1.sunet.se, @@ -156,7 +156,7 @@ members: lobo2.lab.sunet.se] sunet-cdr: [cdr1.sunet.se, cdr2.sunet.se] sunet::dockerhost: [web-f1.sunet.se, web-db2.sunet.se, web-a1.sunet.se, web-db1.sunet.se, - web-a2.sunet.se] + sto-tug-kvm2.swamid.se, web-a2.sunet.se] sunetops: [ca.sunet.se, cdr1.sunet.se, cdr1.sunet.se, web-f1.sunet.se, web-db2.sunet.se, sto-tug-kvm-lab2.swamid.se, datasets.sunet.se, mdx1.swamid.se, sto-tug-kvm-lab1.swamid.se, web-a1.sunet.se, wp.sunet.se, mdx2.swamid.se, samltest.swamid.se, web-db1.sunet.se, -- cgit v1.1 From e83523095a7f01d554becadf129bb4d35e1ad471 Mon Sep 17 00:00:00 2001 From: Johan Lundberg Date: Tue, 31 Mar 2015 10:53:34 +0200 Subject: Changed to sunet::dockerhost for kvm2 --- global/overlay/etc/puppet/manifests/cosmos-site.pp | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp index 942ac77..2c2eb32 100644 --- a/global/overlay/etc/puppet/manifests/cosmos-site.pp +++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp @@ -704,16 +704,15 @@ node 'sto-tug-kvm2.swamid.se' { file {'/var/log/flog_db': ensure => 'directory', } -> - class { 'sunet::dockerhost': } -> sunet::docker_run {'flog_db': image => 'docker.sunet.se/flog/postgresql-9.3', volumes => ['/opt/docker/postgresql_data/:/var/lib/postgresql/','/var/log/flog_db/:/var/log/postgresql/'], } -> - docker::run {'flog_app': + sunet::docker_run {'flog_app': image => 'docker.sunet.se/flog/flog_app', volumes => ['/opt/flog/dotenv:/opt/flog/.env','/var/log/flog/:/opt/flog/logs/'], } -> - docker::run {'flog_nginx': + sunet::docker_run {'flog_nginx': image => 'docker.sunet.se/flog/nginx', ports => ['80:80', '443:443'], volumes => ['/opt/flog/nginx/sites-enabled/:/etc/nginx/sites-enabled/','/opt/flog/nginx/certs/:/etc/nginx/certs', '/var/log/flog_nginx/:/var/log/nginx'], -- cgit v1.1 From 38e18faad7a5505f67d53c1eeb12348999294766 Mon Sep 17 00:00:00 2001 From: Johan Lundberg Date: Tue, 31 Mar 2015 12:32:12 +0200 Subject: Updated network settings --- sto-tug-kvm2.swamid.se/overlay/etc/network/interfaces | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/sto-tug-kvm2.swamid.se/overlay/etc/network/interfaces b/sto-tug-kvm2.swamid.se/overlay/etc/network/interfaces index 10cdcf5..90b56f3 100644 --- a/sto-tug-kvm2.swamid.se/overlay/etc/network/interfaces +++ b/sto-tug-kvm2.swamid.se/overlay/etc/network/interfaces @@ -18,8 +18,7 @@ iface em1 inet static dns-search swamid.se iface em1 inet6 static - address 2001:6b0:7::9 - netmask 64 + address 2001:6b0:7::9/64 gateway 2001:6b0:7::1 dns-nameservers 2001:6b0:1e:14 2001:6b0:1e:99 @@ -35,7 +34,6 @@ iface em1:0 inet static dns-search sunet.se iface em1:0 inet6 static - address 2001:6b0:7::10 - netmask 64 + address 2001:6b0:7::10/64 gateway 2001:6b0:7::1 dns-nameservers 2001:6b0:1e:14 2001:6b0:1e:99 -- cgit v1.1 From b0b86ef7ac3a3f7ff358cfecbad0139cbbf20bb2 Mon Sep 17 00:00:00 2001 From: Johan Lundberg Date: Tue, 31 Mar 2015 12:49:57 +0200 Subject: Updated network settings --- sto-tug-kvm2.swamid.se/overlay/etc/network/interfaces | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/sto-tug-kvm2.swamid.se/overlay/etc/network/interfaces b/sto-tug-kvm2.swamid.se/overlay/etc/network/interfaces index 90b56f3..ca8f454 100644 --- a/sto-tug-kvm2.swamid.se/overlay/etc/network/interfaces +++ b/sto-tug-kvm2.swamid.se/overlay/etc/network/interfaces @@ -32,8 +32,5 @@ iface em1:0 inet static # dns-* options are implemented by the resolvconf package, if installed dns-nameservers 130.242.80.14 130.242.80.99 dns-search sunet.se - -iface em1:0 inet6 static - address 2001:6b0:7::10/64 - gateway 2001:6b0:7::1 - dns-nameservers 2001:6b0:1e:14 2001:6b0:1e:99 + up ip addr add 2001:6b0:7::10/64 flog em1:0 + down ip addr del 2001:6b0:7::10/64 flog em1:0 -- cgit v1.1 From 8960793d16aaf4bd7a94e6bf152dd4049ea0212c Mon Sep 17 00:00:00 2001 From: Johan Lundberg Date: Tue, 31 Mar 2015 13:04:53 +0200 Subject: Updated network settings --- sto-tug-kvm2.swamid.se/overlay/etc/network/interfaces | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sto-tug-kvm2.swamid.se/overlay/etc/network/interfaces b/sto-tug-kvm2.swamid.se/overlay/etc/network/interfaces index ca8f454..8d4bf0b 100644 --- a/sto-tug-kvm2.swamid.se/overlay/etc/network/interfaces +++ b/sto-tug-kvm2.swamid.se/overlay/etc/network/interfaces @@ -32,5 +32,5 @@ iface em1:0 inet static # dns-* options are implemented by the resolvconf package, if installed dns-nameservers 130.242.80.14 130.242.80.99 dns-search sunet.se - up ip addr add 2001:6b0:7::10/64 flog em1:0 - down ip addr del 2001:6b0:7::10/64 flog em1:0 + up ip addr add 2001:6b0:7::10/64 dev em1:0 + down ip addr del 2001:6b0:7::10/64 dev em1:0 -- cgit v1.1 From 1b9540600fe30425d878dc0461d01975931b63f1 Mon Sep 17 00:00:00 2001 From: Johan Lundberg Date: Tue, 31 Mar 2015 13:32:08 +0200 Subject: Adding helper functions from eduid. --- .../modules/sunet/manifests/add_user_to_group.pp | 7 +++++++ .../puppet/modules/sunet/manifests/system_user.pp | 22 ++++++++++++++++++++++ 2 files changed, 29 insertions(+) create mode 100644 global/overlay/etc/puppet/modules/sunet/manifests/add_user_to_group.pp create mode 100644 global/overlay/etc/puppet/modules/sunet/manifests/system_user.pp diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/add_user_to_group.pp b/global/overlay/etc/puppet/modules/sunet/manifests/add_user_to_group.pp new file mode 100644 index 0000000..348d9c5 --- /dev/null +++ b/global/overlay/etc/puppet/modules/sunet/manifests/add_user_to_group.pp @@ -0,0 +1,7 @@ +# Add a user to a group +define sunet::add_user_to_group($username, $group) { + exec {"add_user_${username}_to_group_${group}_exec": + command => "adduser --quiet $username $group", + path => ['/usr/local/sbin', '/usr/local/bin', '/usr/sbin', '/usr/bin', '/sbin', '/bin', ], + } +} diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/system_user.pp b/global/overlay/etc/puppet/modules/sunet/manifests/system_user.pp new file mode 100644 index 0000000..819ef4a --- /dev/null +++ b/global/overlay/etc/puppet/modules/sunet/manifests/system_user.pp @@ -0,0 +1,22 @@ +define sunet::system_user( + $username, + $group, + $system = true, + $shell = '/bin/false' + ) { + + user { $username : + ensure => present, + name => $username, + membership => minimum, + system => $system, + require => Group[ $group ], + shell => $shell, + } + + group { $group : + ensure => present, + name => $group, + } + +} -- cgit v1.1 From 4f19a30761313393ee3c624beb854e68011fd7d1 Mon Sep 17 00:00:00 2001 From: Johan Lundberg Date: Tue, 31 Mar 2015 13:32:29 +0200 Subject: sto-tug-kvm2 is now a sunet::dockerhost. --- global/overlay/etc/puppet/cosmos-rules.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml index dc2b9c0..5035639 100644 --- a/global/overlay/etc/puppet/cosmos-rules.yaml +++ b/global/overlay/etc/puppet/cosmos-rules.yaml @@ -31,7 +31,7 @@ mdx2.swamid.se: sto-tug-kvm2.swamid.se: sshaccess: webserver: - dockerhost: + sunet::dockerhost: reep.tid.isoc.org: sshaccess: swamidops: -- cgit v1.1 From 68251025dd8c8c10b81978e41a069afd7b49bfd5 Mon Sep 17 00:00:00 2001 From: Johan Lundberg Date: Tue, 31 Mar 2015 13:32:52 +0200 Subject: Adding postgres user to sto-tug-kvm2. --- global/overlay/etc/puppet/manifests/cosmos-site.pp | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp index 2c2eb32..3f2c9af 100644 --- a/global/overlay/etc/puppet/manifests/cosmos-site.pp +++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp @@ -697,12 +697,24 @@ node 'cdr1.sunet.se' { } node 'sto-tug-kvm2.swamid.se' { - #class { 'fail2ban': } + #class { 'fail2ban': } + sunet::system_user {'postgres-system-user': + username => 'postgres', + group => 'postgres', + } -> + sunet::add_user_to_group { 'postgres_ssl_cert_access': + username => 'postgres', + group => 'ssl-cert', + } -> file {'/opt/docker/postgresql_data': ensure => 'directory', + owner => 'postgres', + group => 'postgres', } -> file {'/var/log/flog_db': ensure => 'directory', + owner => 'postgres', + group => 'postgres', } -> sunet::docker_run {'flog_db': image => 'docker.sunet.se/flog/postgresql-9.3', -- cgit v1.1 From 183ad5993ec59d0125917df77ab170f8ed5e5b09 Mon Sep 17 00:00:00 2001 From: Johan Lundberg Date: Tue, 31 Mar 2015 13:49:14 +0200 Subject: Changed permissions for postgres data dir --- global/overlay/etc/puppet/manifests/cosmos-site.pp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp index 3f2c9af..54c8efa 100644 --- a/global/overlay/etc/puppet/manifests/cosmos-site.pp +++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp @@ -710,11 +710,13 @@ node 'sto-tug-kvm2.swamid.se' { ensure => 'directory', owner => 'postgres', group => 'postgres', + mode => '0700', } -> file {'/var/log/flog_db': ensure => 'directory', - owner => 'postgres', + owner => 'root', group => 'postgres', + mode => '1775', } -> sunet::docker_run {'flog_db': image => 'docker.sunet.se/flog/postgresql-9.3', -- cgit v1.1 From 7a48cefa4b30499cc1ed0ad646dab72b5f996da6 Mon Sep 17 00:00:00 2001 From: Johan Lundberg Date: Tue, 31 Mar 2015 13:58:34 +0200 Subject: Do not create directories with rsync. --- sto-tug-kvm2.swamid.se/overlay/opt/docker/README | 1 - 1 file changed, 1 deletion(-) delete mode 100644 sto-tug-kvm2.swamid.se/overlay/opt/docker/README diff --git a/sto-tug-kvm2.swamid.se/overlay/opt/docker/README b/sto-tug-kvm2.swamid.se/overlay/opt/docker/README deleted file mode 100644 index 9a5cb2a..0000000 --- a/sto-tug-kvm2.swamid.se/overlay/opt/docker/README +++ /dev/null @@ -1 +0,0 @@ -This is a directory to mount persistent Docker volumes to/from. -- cgit v1.1 From 3c9f29b23f3bf1dd01aa97ad1950b00aa4f6f255 Mon Sep 17 00:00:00 2001 From: Johan Lundberg Date: Tue, 31 Mar 2015 14:03:46 +0200 Subject: Added missing docker dir. --- global/overlay/etc/puppet/manifests/cosmos-site.pp | 3 +++ 1 file changed, 3 insertions(+) diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp index 54c8efa..c196c1e 100644 --- a/global/overlay/etc/puppet/manifests/cosmos-site.pp +++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp @@ -698,6 +698,9 @@ node 'cdr1.sunet.se' { node 'sto-tug-kvm2.swamid.se' { #class { 'fail2ban': } + file {'/opt/docker': + ensure => 'directory', + } -> sunet::system_user {'postgres-system-user': username => 'postgres', group => 'postgres', -- cgit v1.1 From 2a0d8e2d857eababf821581c829633e0acb03474 Mon Sep 17 00:00:00 2001 From: Johan Lundberg Date: Tue, 31 Mar 2015 14:56:49 +0200 Subject: Mixed up opt and var. --- global/overlay/etc/puppet/manifests/cosmos-site.pp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp index c196c1e..e37fbb0 100644 --- a/global/overlay/etc/puppet/manifests/cosmos-site.pp +++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp @@ -698,7 +698,7 @@ node 'cdr1.sunet.se' { node 'sto-tug-kvm2.swamid.se' { #class { 'fail2ban': } - file {'/opt/docker': + file {'/var/docker': ensure => 'directory', } -> sunet::system_user {'postgres-system-user': @@ -709,7 +709,7 @@ node 'sto-tug-kvm2.swamid.se' { username => 'postgres', group => 'ssl-cert', } -> - file {'/opt/docker/postgresql_data': + file {'/var/docker/postgresql_data': ensure => 'directory', owner => 'postgres', group => 'postgres', @@ -723,7 +723,7 @@ node 'sto-tug-kvm2.swamid.se' { } -> sunet::docker_run {'flog_db': image => 'docker.sunet.se/flog/postgresql-9.3', - volumes => ['/opt/docker/postgresql_data/:/var/lib/postgresql/','/var/log/flog_db/:/var/log/postgresql/'], + volumes => ['/var/docker/postgresql_data/:/var/lib/postgresql/','/var/log/flog_db/:/var/log/postgresql/'], } -> sunet::docker_run {'flog_app': image => 'docker.sunet.se/flog/flog_app', -- cgit v1.1 From 587c21016484d3f6cb1a4792238937908de120b7 Mon Sep 17 00:00:00 2001 From: Johan Lundberg Date: Tue, 31 Mar 2015 15:48:37 +0200 Subject: Changed location of ssl certs for postgres --- global/overlay/etc/puppet/manifests/cosmos-site.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp index e37fbb0..5aa1fe7 100644 --- a/global/overlay/etc/puppet/manifests/cosmos-site.pp +++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp @@ -723,7 +723,7 @@ node 'sto-tug-kvm2.swamid.se' { } -> sunet::docker_run {'flog_db': image => 'docker.sunet.se/flog/postgresql-9.3', - volumes => ['/var/docker/postgresql_data/:/var/lib/postgresql/','/var/log/flog_db/:/var/log/postgresql/'], + volumes => ['/opt/flog/postgres/ssl/ssl-cert-snakeoil.pem:/etc/ssl/cert.pem', '/opt/flog/postgres/ssl/ssl-cert-snakeoil.key:/etc/ssl/cert.key', '/var/docker/postgresql_data/:/var/lib/postgresql/','/var/log/flog_db/:/var/log/postgresql/'], } -> sunet::docker_run {'flog_app': image => 'docker.sunet.se/flog/flog_app', -- cgit v1.1 From 614f6719f6fb9570dfc38411d4b6bd2ade947ffc Mon Sep 17 00:00:00 2001 From: Johan Lundberg Date: Tue, 31 Mar 2015 17:05:47 +0200 Subject: Fix log and cert permissions. --- global/overlay/etc/puppet/manifests/cosmos-site.pp | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp index 5aa1fe7..f6d3ba8 100644 --- a/global/overlay/etc/puppet/manifests/cosmos-site.pp +++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp @@ -709,6 +709,10 @@ node 'sto-tug-kvm2.swamid.se' { username => 'postgres', group => 'ssl-cert', } -> + sunet::system_user {'www-data-system-user': + username => 'www-data', + group => 'www-data', + } -> file {'/var/docker/postgresql_data': ensure => 'directory', owner => 'postgres', @@ -721,9 +725,21 @@ node 'sto-tug-kvm2.swamid.se' { group => 'postgres', mode => '1775', } -> + file {'/var/log/flog_app': + ensure => 'directory', + owner => 'root', + group => 'www-data', + mode => '1775', + } -> + file {'/var/log/flog_cron': + ensure => 'directory', + owner => 'root', + group => 'www-data', + mode => '1775', + } -> sunet::docker_run {'flog_db': image => 'docker.sunet.se/flog/postgresql-9.3', - volumes => ['/opt/flog/postgres/ssl/ssl-cert-snakeoil.pem:/etc/ssl/cert.pem', '/opt/flog/postgres/ssl/ssl-cert-snakeoil.key:/etc/ssl/cert.key', '/var/docker/postgresql_data/:/var/lib/postgresql/','/var/log/flog_db/:/var/log/postgresql/'], + volumes => ['/opt/flog/postgres/ssl:/etc/ssl', '/var/docker/postgresql_data/:/var/lib/postgresql/','/var/log/flog_db/:/var/log/postgresql/'], } -> sunet::docker_run {'flog_app': image => 'docker.sunet.se/flog/flog_app', -- cgit v1.1 From 5cb9279fd0472bec59f5430786a6c684854bcf6f Mon Sep 17 00:00:00 2001 From: Johan Lundberg Date: Tue, 31 Mar 2015 18:23:49 +0200 Subject: Add postgres backup dir. --- global/overlay/etc/puppet/manifests/cosmos-site.pp | 6 ++++++ sto-tug-kvm2.swamid.se/overlay/etc/cron.d/update_eduroam_realm_data | 1 - 2 files changed, 6 insertions(+), 1 deletion(-) delete mode 100644 sto-tug-kvm2.swamid.se/overlay/etc/cron.d/update_eduroam_realm_data diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp index f6d3ba8..92e3804 100644 --- a/global/overlay/etc/puppet/manifests/cosmos-site.pp +++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp @@ -725,6 +725,12 @@ node 'sto-tug-kvm2.swamid.se' { group => 'postgres', mode => '1775', } -> + file {'/var/postgresbackup': + ensure => 'directory', + owner => 'root', + group => 'postgres', + mode => '1775', + } -> file {'/var/log/flog_app': ensure => 'directory', owner => 'root', diff --git a/sto-tug-kvm2.swamid.se/overlay/etc/cron.d/update_eduroam_realm_data b/sto-tug-kvm2.swamid.se/overlay/etc/cron.d/update_eduroam_realm_data deleted file mode 100644 index f1dd8e1..0000000 --- a/sto-tug-kvm2.swamid.se/overlay/etc/cron.d/update_eduroam_realm_data +++ /dev/null @@ -1 +0,0 @@ -0 23 * * * root curl https://meta.eduroam.se/institution.xml -so /opt/flog/institution.xml -- cgit v1.1