Skip to content
Snippets Groups Projects
Normal view Permalink
auth.pp 2.22 KiB
Newer Older
  • Learn to ignore specific revisions
    • Filip Strömbäck's avatar
    Download, compile and install the broker and the auth server.
    Filip Strömbäck committed
    1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 
    class aes::auth {

  $auth_user = auth
  $auth_group = "${auth_user}"
  $auth_home = "/srv/${auth_user}"
  $auth_service = "aes_auth"

  # Sadly, it does not seem like we can only install asio, so we need
  # to install the Boost as a whole.
  # It is easiest to install just "boost", even if that is a bit older
  # than what is available (others require modifying the include path).
  # It is still enough for the auth server.
  package {
    [
	'boost',
	'boost-devel',
	'krb5-libs',
	'krb5-devel',
    ]:
      ensure => installed,
  }

  user { "${auth_user}" :
    ensure => present,
    home => "${auth_home}",
    comment => 'Authentication server for AES',
    managehome => false,
    membership => inclusive,
    system => true,
    shell => '/sbin/nologin',
  }

  file { "${auth_home}" :
    ensure => directory,
    owner => "${auth_user}",
    group => "${auth_group}",
    mode => '0755',
  }

  file { "/etc/systemd/system/${auth_service}.service" :
    ensure => present,
    owner  => root,
    group  => root,
    mode   => '0644',
    source => "puppet:///modules/${module_name}/auth/auth.service",
  }

  file { "${auth_home}/on_update.sh" :
    ensure => present,
    owner  => root,
    group  => root,
    mode   => '0700',
    source => "puppet:///modules/${module_name}/auth/on_update.sh",
  }

  file { "${auth_home}/config.json" :
    ensure => present,
    owner  => auth,
    group  => auth,
    mode   => '0644',
    source => "puppet:///modules/${module_name}/auth/config.json",
  }

  file { "${auth_home}/start.sh" :
    ensure => present,
    owner  => auth,
    group  => auth,
    mode   => '0755',
    source => "puppet:///modules/${module_name}/auth/start.sh",
  }

  exec { 'update-auth-repo' :
    command => "/opt/utils/update_repo.sh ${auth_home}/src https://oauth2:F-agHaRXCdyFy38q4c-N@gitlab.liu.se/upp-aes/communication.git production",
    environment => [ "REPO_USER=${auth_user}", "REPO_GROUP=${auth_group}", "REPO_ON_UPDATE=${auth_home}/on_update.sh" ],
    # This command will need to run "on_update" as root in order to restart the service.
    user => root,
    group => root,
    cwd => "${auth_home}",
    require => File["${auth_home}/on_update.sh"],
  }

  service { "${auth_service}" : 
    ensure => "running",
  }

}