# @summary
# Software for the AES system.
#
# Detailed summary info if suitable
#
class aes::aes_sw {
$examadm_user = examadm
$examadm_group = $examadm_user
$examadm_home = "/home/${examadm_user}"
case fact('os.family') {
'RedHat': {
firewalld_custom_service { 'aes-server':
description => 'Authentic Examination System server',
ports => [
{ port => '23431', protocol => 'tcp' },
{ port => '23816', protocol => 'tcp' },
{ port => '23817', protocol => 'tcp' },
],
}
@firewalld_rich_rule {
default:
service => 'aes-server',
log => false;
'Accept aes-server in LiU networks without logging IPv4':
zone => 'liu',
family => 'ipv4',
action => 'accept';
'Accept aes-server in LiU networks without logging IPv6':
zone => 'liu',
family => 'ipv6',
action => 'accept';
}
}
'CentOS': {
::server_firewall::rules_file { '45-permit_aes_sw.rules':
# lint:ignore:strict_indent heredoc failing...
content => @(EOF),
service sclogin is tcp/23431
service aesmsi is tcp/23816
service aesmso is tcp/23817
policy chain INPUT is
accept service:sclogin from class:liu-nets
accept service:aesmsi from class:liu-nets
accept service:aesmso from class:liu-nets
end policy
|-EOF
# lint:endignore:strict_indent
}
}
default: {
fail("${module_name} - Not supported for family ${fact('os.family')}.")
}
}
package {
[
'enscript', # present in pars_pwd_list.py, but pars_pwd_list.py old and unused?
'cronie',
'java-11-openjdk-devel',
]:
ensure => installed,
}
user { 'examadm' :
ensure => present,
managehome => false,
membership => inclusive,
system => true,
shell => '/bin/bash',
}
file { $examadm_home:
ensure => directory,
mode => '0755',
owner => $examadm_user,
group => $examadm_group,
}
file { "${examadm_home}/.ssh":
ensure => directory,
mode => '0700',
owner => $examadm_user,
group => $examadm_group,
}
# lint:ignore:140chars
file { "${examadm_home}/.ssh/authorized_keys":
ensure => file,
mode => '0600',
owner => $examadm_user,
group => $examadm_group,
# lint:ignore:strict_indent heredoc failing...
content => @(SSHPUBKEY),
command="/home/examadm/tal-cli/source/scripts/tal-export.py --format ics --lookback 90 --lookahead 180",no-pty,no-user-rc,no-port-forwarding,no-agent-forwarding,no-X11-forwarding ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJW4LP0av20r7lPXNgsftF9oaAXK41AvHyuHwybciZC/QBfTcmYif83563cTg0OzR/p+OSobiDM0odaaFYtP/8xbuVRz87X5bGYm2m8yHHqPxobHkT5g/faMkl9Fef+Al4EsT5tiaYMOhG2lj8XRYuwAb7qjoz3FFbs8TEPE7Sv+4BUCCH94taCuNYLXSxN1EXvw7VW6Ld5QXRFP53l2QUeTqE9oSii3BVrXlqqrLvNV/7nwdwyse4uhff4QrM9o4oc9FaQr8PLlPGxdlbSfIQJMVzHGpeDu0WLw+NqtLO1hsdlvQm7GrT/v8N7GJNKlsvhwnwUuMhTrB0yPMbbub1 klaar36@upp
command="/home/examadm/tal-cli/source/scripts/tal-export.py --written --format ics --lookback 90 --lookahead 180",no-pty,no-user-rc,no-port-forwarding,no-agent-forwarding,no-X11-forwarding ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILZ8aEAXw0tRcYrk1aqldepuC6tmdUYZuM270QdDF79o tal written exams to ics
| SSHPUBKEY
# lint:endignore:strict_indent
}
# lint:endignore:140chars
file { '/etc/systemd/system/aes_login.service':
ensure => file,
owner => root,
group => root,
mode => '0644',
# lint:ignore:strict_indent heredoc failing...
content => @(LOGINSERVICE),
[Unit]
Description=AES Login server
After=network.target
[Service]
Type=simple
User=examadm
WorkingDirectory=/home/examadm/Version-3.1/exam
ExecStart=/usr/bin/python3 /home/examadm/Version-3.1/pub/bin/examiner/find_pnr_and_otp_from_liuid.py
[Install]
WantedBy=multi-user.target
| LOGINSERVICE
# lint:endignore:strict_indent
}
# todo: logrotate
service { 'aes_login' :
ensure => 'running',
enable => true,
}
file { '/etc/systemd/system/aes_ms.service':
ensure => file,
owner => root,
group => root,
mode => '0644',
# lint:ignore:strict_indent heredoc failing...
content => @(MSSERVICE),
[Unit]
Description=AES Exam server
After=network.target
[Service]
Type=simple
User=examadm
WorkingDirectory=/home/examadm/Version-3.1
ExecStart=/usr/bin/java -Xmx512M -jar /home/examadm/Version-3.1/pub/bin/examiner/ms.jar /home/examadm/Version-3.1
[Install]
WantedBy=multi-user.target
| MSSERVICE
# lint:endignore:strict_indent
}
file { '/etc/cron.daily/aes_ms':
ensure => file,
owner => root,
group => root,
mode => '0700',
# lint:ignore:strict_indent heredoc failing...
content => @(MSCRON),
#!/bin/sh
/usr/bin/systemctl restart aes_ms
| MSCRON
# lint:endignore:strict_indent
}
file { '/etc/cron.daily/aes_login':
ensure => file,
owner => root,
group => root,
mode => '0700',
# lint:ignore:strict_indent heredoc failing...
content => @(MSCRON),
#!/bin/sh
/usr/bin/systemctl restart aes_login
| MSCRON
# lint:endignore:strict_indent
}
# todo: logrotate
service { 'aes_ms' :
ensure => 'running',
enable => true,
}
# Test to replace exec for repo update //thojo16
vcsrepo { "${examadm_home}/scripts":
ensure => latest,
provider => git,
source => 'https://oauth2:iAyewr9Jq5E-tnsVrmbj@gitlab.liu.se/examadm/scripts.git',
revision => 'master',
owner => $examadm_user,
group => $examadm_group,
}
}