broker.pp

class aes::broker {

  $broker_user = broker
  $broker_group = "${broker_user}"
  $broker_home = "/srv/${broker_user}"
  $broker_service = "aes_broker"

  # Sadly, it does not seem like we can not only install asio, so we need
  # to install the Boost as a whole.
  package {
    [
	'boost169',
	'boost169-devel',
    ]:
      ensure => installed,
  }

  # Figure out which certificate to use based on the hostname.
  if $facts[fqdn] == 'aes.edu.liu.se' {
    $server_type = "production"
  } elsif $facts[fqdn] == 'aes-devel.edu.liu.se' {
    $server_type = "devel"
  } else {
    $server_type = undef
  }

  user { "${broker_user}" :
    ensure => present,
    home => "${broker_home}",
    comment => 'Message broker for AES',
    managehome => false,
    membership => inclusive,
    system => true,
    shell => '/sbin/nologin',
  }

  file { "${broker_home}" :
    ensure => directory,
    owner => "${broker_user}",
    group => "${broker_group}",
    mode => '0755',
  }

  file { "/etc/systemd/system/${broker_service}.service" :
    ensure => present,
    owner  => root,
    group  => root,
    mode   => '0644',
    source => "puppet:///modules/${module_name}/broker/broker.service",
  }

  file { "${broker_home}/on_update.sh" :
    ensure => present,
    owner  => root,
    group  => root,
    mode   => '0700',
    source => "puppet:///modules/${module_name}/broker/on_update.sh",
  }

  file { "${broker_home}/ssl" :
    ensure => directory,
    owner => "${broker_user}",
    group => "${broker_group}",
    mode => '0700'
  }

  file { "${broker_home}/ssl/cert.pem" :
    ensure => present,
    owner => "${broker_user}",
    group => "${broker_group}",
    mode => '0700',
    source => "puppet:///modules/${module_name}/broker/cert/${server_type}_cert.pem"
  }

  file { "${broker_home}/ssl/key.pem" :
    ensure => present,
    owner => "${broker_user}",
    group => "${broker_group}",
    mode => '0700',
    source => "puppet:///modules/${module_name}/broker/cert/${server_type}_key.pem"
  }

  file { "${broker_home}/ssl/password" :
    ensure => present,
    owner => "${broker_user}",
    group => "${broker_group}",
    mode => '0700',
    source => "puppet:///modules/${module_name}/broker/cert/${server_type}_password"
  }

  exec { 'update-broker-repo' :
    command => "/opt/utils/update_repo.sh ${broker_home}/src https://oauth2:F-agHaRXCdyFy38q4c-N@gitlab.liu.se/upp-aes/communication.git ${server_type}",
    environment => [ "REPO_USER=${broker_user}", "REPO_GROUP=${broker_group}", "REPO_ON_UPDATE=${broker_home}/on_update.sh" ],
    # This command will need to run "on_update" as root in order to restart the service.
    user => root,
    group => root,
    cwd => "${broker_home}",
    require => File["${broker_home}/on_update.sh"],
  }

  service { "${broker_service}" : 
    ensure => "running",
  }

}