Skip to content
Snippets Groups Projects
Select Git revision
  • production default protected
  • devel protected
  • test protected
  • klaar36-production-patch-51565
  • klaar36-production-patch-83549
  • cherry-pick-7a0e7bf7
  • cherry-pick-3fdaab52
  • cherry-pick-b940cfc1
  • cert
9 results
Blame Permalink
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
broker.pp 2.89 KiB 
# @summary
#   Describe what this class do!
#
#   Detailed summary info if suitable
#
#
class aes::broker {
  $broker_user = broker
  $broker_group = $broker_user
  $broker_home = "/srv/${broker_user}"
  $broker_service = 'aes_broker'

  # Sadly, it does not seem like we can not only install asio, so we need
  # to install the Boost as a whole.
  package {
    [
      'boost169',
      'boost169-devel',
    ]:
      ensure => installed,
  }

  # Figure out which certificate to use based on the hostname.
  if $facts[fqdn] == 'aes.edu.liu.se' {
    $server_type = 'production'
  } elsif $facts[fqdn] == 'aes-devel.edu.liu.se' {
    $server_type = 'devel'
  } else {
    $server_type = undef
  }

  user { $broker_user :
    ensure     => present,
    home       => $broker_home,
    comment    => 'Message broker for AES',
    managehome => false,
    membership => inclusive,
    system     => true,
    shell      => '/sbin/nologin',
  }

  file { $broker_home :
    ensure => directory,
    owner  => $broker_user,
    group  => $broker_group,
    mode   => '0755',
  }

  file { "/etc/systemd/system/${broker_service}.service" :
    ensure => file,
    owner  => root,
    group  => root,
    mode   => '0644',
    source => "puppet:///modules/${module_name}/broker/broker.service",
  }

  file { "${broker_home}/on_update.sh" :
    ensure => file,
    owner  => root,
    group  => root,
    mode   => '0700',
    source => "puppet:///modules/${module_name}/broker/on_update.sh",
  }

  file { "${broker_home}/ssl" :
    ensure => directory,
    owner  => $broker_user,
    group  => $broker_group,
    mode   => '0700',
  }

  file { "${broker_home}/ssl/cert.pem" :
    ensure => file,
    owner  => $broker_user,
    group  => $broker_group,
    mode   => '0700',
    source => "puppet:///modules/${module_name}/broker/cert/${server_type}_cert.pem",
  }

  file { "${broker_home}/ssl/key.pem" :
    ensure => file,
    owner  => $broker_user,
    group  => $broker_group,
    mode   => '0700',
    source => "puppet:///modules/${module_name}/broker/cert/${server_type}_key.pem",
  }

  file { "${broker_home}/ssl/password" :
    ensure => file,
    owner  => $broker_user,
    group  => $broker_group,
    mode   => '0700',
    source => "puppet:///modules/${module_name}/broker/cert/${server_type}_password",
  }

  exec { 'update-broker-repo' :
    command     => "/opt/utils/update_repo.sh ${broker_home}/src https://oauth2:F-agHaRXCdyFy38q4c-N@gitlab.liu.se/upp-aes/communication.git ${server_type}",
    environment => ["REPO_USER=${broker_user}", "REPO_GROUP=${broker_group}", "REPO_ON_UPDATE=${broker_home}/on_update.sh"],
    # This command will need to run "on_update" as root in order to restart the service.
    user        => root,
    group       => root,
    cwd         => $broker_home,
    require     => File["${broker_home}/on_update.sh"],
  }

  service { $broker_service :
    ensure => 'running',
    enable => true,
  }
}