Migrated auth.pp to use 'vcsrepo'.

94891c98 · Filip Strömbäck · 7355b895 · 94891c98 · 94891c98 · 94891c98
Commit 94891c98 authored 1 year ago by Filip Strömbäck
--- a/files/auth/on_update.sh
+++ b/files/auth/on_update.sh
 #!/bin/bash

-run_as_broker=$(cat <<'EOF'
 cd
 # To make sure we have a decent GCC in our path.
 source /opt/rh/devtoolset-7/enable
@@ -17,12 +16,3 @@ cd
 mkdir -p bin/
 rm -f bin/auth
 cp src/auth/auth bin/
-EOF
-)
-
-# Compile as the auth user
-sudo --user auth --group auth --set-home -- bash -c "$run_as_broker"
-
-# Then, we can restart the services.
-systemctl restart aes_auth.service
-
--- a/manifests/aes_sw.pp
+++ b/manifests/aes_sw.pp
 # @summary
-#   Describe what this class do!
+#   Software for the AES system.
 #
 #   Detailed summary info if suitable
 #

--- a/manifests/auth.pp
+++ b/manifests/auth.pp
 # @summary
-#   Describe what this class do!
+#   Authentication service for the communication module.
 #
-#   Detailed summary info if suitable
+#   Sets up the authentication service for the communication module in the
+#   new exam system. Connects to the broker to authenticate users.
 #
 #
 # @param keytab_production_base64
-#   Describe keytab_production_base64
+#   Keytab contents (in base64) for the Kerberos host key used to authenticate
+#   in the production environment (aes-devel.edu.liu.se).
 #
 # @param keytab_devel_base64
-#   Describe keytab_devel_base64
+#   Keytab contents (in base64) for the Kerberos host key used to authenticate
+#   in the development environment (aes-devel.edu.liu.se).
 #
 class aes::auth (
-  # Comment out old keytab params but
-  # keep temporay for comparison
-  #
-  # # Existing keytabs
-  # Optional[String] $keytab_production = undef,
-  # Optional[String] $keytab_devel = undef
-  #
-  # new base64+pkcs7 keytabs
  Optional[String] $keytab_production_base64 = undef,
  Optional[String] $keytab_devel_base64 = undef
 ) {
@@ -131,14 +126,24 @@ class aes::auth (
    }
  }

-  exec { 'update-auth-repo' :
-    command     => "/opt/utils/update_repo.sh ${auth_home}/src https://oauth2:F-agHaRXCdyFy38q4c-N@gitlab.liu.se/upp-aes/communication.git ${server_type}",
-    environment => ["REPO_USER=${auth_user}", "REPO_GROUP=${auth_group}", "REPO_ON_UPDATE=${auth_home}/on_update.sh"],
-    # This command will need to run "on_update" as root in order to restart the service.
-    user        => root,
-    group       => root,
-    cwd         => $auth_home,
-    require     => File["${auth_home}/on_update.sh"],
+  vcsrepo { "${auth_home}/src":
+    ensure   => latest,
+    provider => git,
+    source   => 'https://oauth2:F-agHaRXCdyFy38q4c-N@gitlab.liu.se/upp-aes/communication.git',
+    revision => $server_type,
+    owner    => $auth_user,
+    group    => $auth_group,
+    notify   => Exec['compile-auth-repo'],
+  }
+
+  exec { 'compile-auth-repo':
+    user        => $auth_user,
+    group       => $auth_group,
+    path        => $auth_home,
+    command     => "$auth_home/on_update.sh",
+    refreshonly => true,
+    require     => File["${auth_home/on_update.sh"],
+    notify      => Service[$auth_service],
  }

  service { $auth_service :