Skip to content
Snippets Groups Projects
Commit b6172701 authored by Magnus Toneby's avatar Magnus Toneby
Browse files

Merge branch 'test' into 'production'

Test->production

See merge request !4
parents dacbd3eb 642f00fb
No related branches found
No related tags found
1 merge request!4Test->production
Pipeline #130362 passed
...@@ -3,6 +3,7 @@ require: ...@@ -3,6 +3,7 @@ require:
- rubocop-performance - rubocop-performance
- rubocop-rspec - rubocop-rspec
AllCops: AllCops:
NewCops: enable
DisplayCopNames: true DisplayCopNames: true
TargetRubyVersion: '2.6' TargetRubyVersion: '2.6'
Include: Include:
...@@ -527,6 +528,8 @@ Lint/DuplicateBranch: ...@@ -527,6 +528,8 @@ Lint/DuplicateBranch:
Enabled: false Enabled: false
Lint/DuplicateMagicComment: Lint/DuplicateMagicComment:
Enabled: false Enabled: false
Lint/DuplicateMatchPattern:
Enabled: false
Lint/DuplicateRegexpCharacterClassElement: Lint/DuplicateRegexpCharacterClassElement:
Enabled: false Enabled: false
Lint/EmptyBlock: Lint/EmptyBlock:
...@@ -643,6 +646,8 @@ Style/ComparableClamp: ...@@ -643,6 +646,8 @@ Style/ComparableClamp:
Enabled: false Enabled: false
Style/ConcatArrayLiterals: Style/ConcatArrayLiterals:
Enabled: false Enabled: false
Style/DataInheritance:
Enabled: false
Style/DirEmpty: Style/DirEmpty:
Enabled: false Enabled: false
Style/DocumentDynamicEvalDefinition: Style/DocumentDynamicEvalDefinition:
...@@ -711,6 +716,8 @@ Style/RedundantHeredocDelimiterQuotes: ...@@ -711,6 +716,8 @@ Style/RedundantHeredocDelimiterQuotes:
Enabled: false Enabled: false
Style/RedundantInitialize: Style/RedundantInitialize:
Enabled: false Enabled: false
Style/RedundantLineContinuation:
Enabled: false
Style/RedundantSelfAssignmentBranch: Style/RedundantSelfAssignmentBranch:
Enabled: false Enabled: false
Style/RedundantStringEscape: Style/RedundantStringEscape:
......
...@@ -5,5 +5,6 @@ ...@@ -5,5 +5,6 @@
"ms-vscode.powershell", "ms-vscode.powershell",
"EditorConfig.EditorConfig", "EditorConfig.EditorConfig",
"glenbuktenica.unicode-substitutions" "glenbuktenica.unicode-substitutions"
"Shopify.ruby-lsp"
] ]
} }
...@@ -20,30 +20,29 @@ group :development do ...@@ -20,30 +20,29 @@ group :development do
gem "json", '= 2.6.1', require: false if Gem::Requirement.create(['>= 3.1.0', '< 3.1.3']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) gem "json", '= 2.6.1', require: false if Gem::Requirement.create(['>= 3.1.0', '< 3.1.3']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
gem "json", '= 2.6.3', require: false if Gem::Requirement.create(['>= 3.2.0', '< 4.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) gem "json", '= 2.6.3', require: false if Gem::Requirement.create(['>= 3.2.0', '< 4.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
gem "racc", '~> 1.4.0', require: false if Gem::Requirement.create(['>= 2.7.0', '< 3.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) gem "racc", '~> 1.4.0', require: false if Gem::Requirement.create(['>= 2.7.0', '< 3.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
gem "deep_merge", '~> 1.0', require: false
gem "voxpupuli-puppet-lint-plugins", '~> 5.0', require: false gem "voxpupuli-puppet-lint-plugins", '~> 5.0', require: false
gem "facterdb", '~> 1.18', require: false gem "facterdb", '~> 1.18', require: false
gem "metadata-json-lint", '~> 3.0', require: false gem "metadata-json-lint", '~> 4.0', require: false
gem "puppetlabs_spec_helper", '~> 6.0', require: false gem "rspec-puppet-facts", '~> 3.0', require: false
gem "rspec-puppet-facts", '~> 2.0', require: false
gem "codecov", '~> 0.2', require: false
gem "dependency_checker", '~> 1.0.0', require: false gem "dependency_checker", '~> 1.0.0', require: false
gem "parallel_tests", '= 3.12.1', require: false gem "parallel_tests", '= 3.12.1', require: false
gem "pry", '~> 0.10', require: false gem "pry", '~> 0.10', require: false
gem "simplecov-console", '~> 0.5', require: false gem "simplecov-console", '~> 0.9', require: false
gem "puppet-debugger", '~> 1.0', require: false gem "puppet-debugger", '~> 1.0', require: false
gem "rubocop", '= 1.48.1', require: false gem "rubocop", '~> 1.50.0', require: false
gem "rubocop-performance", '= 1.16.0', require: false gem "rubocop-performance", '= 1.16.0', require: false
gem "rubocop-rspec", '= 2.19.0', require: false gem "rubocop-rspec", '= 2.19.0', require: false
gem "puppet-strings", '~> 4.0', require: false
gem "rb-readline", '= 0.5.5', require: false, platforms: [:mswin, :mingw, :x64_mingw] gem "rb-readline", '= 0.5.5', require: false, platforms: [:mswin, :mingw, :x64_mingw]
end end
group :system_tests do group :development, :release_prep do
gem "puppet_litmus", '~> 1.0', require: false, platforms: [:ruby, :x64_mingw]
gem "serverspec", '~> 2.41', require: false
end
group :release_prep do
gem "puppet-strings", '~> 4.0', require: false gem "puppet-strings", '~> 4.0', require: false
gem "puppetlabs_spec_helper", '~> 6.0', require: false gem "puppetlabs_spec_helper", '~> 7.0', require: false
end
group :system_tests do
gem "puppet_litmus", '~> 1.0', require: false, platforms: [:ruby, :x64_mingw]
gem "CFPropertyList", '< 3.0.7', require: false, platforms: [:mswin, :mingw, :x64_mingw]
gem "serverspec", '~> 2.41', require: false
end end
puppet_version = ENV['PUPPET_GEM_VERSION'] puppet_version = ENV['PUPPET_GEM_VERSION']
......
# folioscripts # ub_folio
## Documentation ideas ## encrypt configuration data
For more ideas about what to document here see the [pdk template You need https://github.com/voxpupuli/hiera-eyaml
readme](https://github.com/puppetlabs/pdk-templates/blob/main/moduleroot_init/README.md.erb). If you have ruby installed you can do 'gem install hiera-eyaml'
For how to do it: In the 'encrypt' director is a small script to help you.
https://puppet.com/docs/puppet/latest/puppet_strings.html
https://puppet.com/docs/puppet/latest/puppet_strings_style.html ./encrypt/eyaml-encrypt.sh --stdin (ctrl-d once or twice to end the inputing)
./encrypt/eyaml-encrypt.sh --password (for encryption of singleline data)
paste the block output into a 'FQDN.yaml' in data/nodes/
##
utgå från .env i /opt/liu/foliofront/foliofront-node-root på någon maskin med foliofront
ändra datat och kryptera filen, och lägg in i data/nodes/*.yaml
add, commit and push
kolla att puppetmodulen gick igenom CI-kedjan
vänta ett tag
kör puppet på folioservices01.test.it.liu.se
se att ändringen skett i .env
...@@ -4,85 +4,6 @@ require 'bundler' ...@@ -4,85 +4,6 @@ require 'bundler'
require 'puppet_litmus/rake_tasks' if Gem.loaded_specs.key? 'puppet_litmus' require 'puppet_litmus/rake_tasks' if Gem.loaded_specs.key? 'puppet_litmus'
require 'puppetlabs_spec_helper/rake_tasks' require 'puppetlabs_spec_helper/rake_tasks'
require 'puppet-syntax/tasks/puppet-syntax' require 'puppet-syntax/tasks/puppet-syntax'
require 'github_changelog_generator/task' if Gem.loaded_specs.key? 'github_changelog_generator'
require 'puppet-strings/tasks' if Gem.loaded_specs.key? 'puppet-strings' require 'puppet-strings/tasks' if Gem.loaded_specs.key? 'puppet-strings'
def changelog_user
return unless Rake.application.top_level_tasks.include? "changelog"
returnVal = nil || JSON.load(File.read('metadata.json'))['author']
raise "unable to find the changelog_user in .sync.yml, or the author in metadata.json" if returnVal.nil?
puts "GitHubChangelogGenerator user:#{returnVal}"
returnVal
end
def changelog_project
return unless Rake.application.top_level_tasks.include? "changelog"
returnVal = nil
returnVal ||= begin
metadata_source = JSON.load(File.read('metadata.json'))['source']
metadata_source_match = metadata_source && metadata_source.match(%r{.*\/([^\/]*?)(?:\.git)?\Z})
metadata_source_match && metadata_source_match[1]
end
raise "unable to find the changelog_project in .sync.yml or calculate it from the source in metadata.json" if returnVal.nil?
puts "GitHubChangelogGenerator project:#{returnVal}"
returnVal
end
def changelog_future_release
return unless Rake.application.top_level_tasks.include? "changelog"
returnVal = "v%s" % JSON.load(File.read('metadata.json'))['version']
raise "unable to find the future_release (version) in metadata.json" if returnVal.nil?
puts "GitHubChangelogGenerator future_release:#{returnVal}"
returnVal
end
PuppetLint.configuration.send('disable_relative') PuppetLint.configuration.send('disable_relative')
if Gem.loaded_specs.key? 'github_changelog_generator'
GitHubChangelogGenerator::RakeTask.new :changelog do |config|
raise "Set CHANGELOG_GITHUB_TOKEN environment variable eg 'export CHANGELOG_GITHUB_TOKEN=valid_token_here'" if Rake.application.top_level_tasks.include? "changelog" and ENV['CHANGELOG_GITHUB_TOKEN'].nil?
config.user = "#{changelog_user}"
config.project = "#{changelog_project}"
config.future_release = "#{changelog_future_release}"
config.exclude_labels = ['maintenance']
config.header = "# Change log\n\nAll notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org)."
config.add_pr_wo_labels = true
config.issues = false
config.merge_prefix = "### UNCATEGORIZED PRS; LABEL THEM ON GITHUB"
config.configure_sections = {
"Changed" => {
"prefix" => "### Changed",
"labels" => ["backwards-incompatible"],
},
"Added" => {
"prefix" => "### Added",
"labels" => ["enhancement", "feature"],
},
"Fixed" => {
"prefix" => "### Fixed",
"labels" => ["bug", "documentation", "bugfix"],
},
}
end
else
desc 'Generate a Changelog from GitHub'
task :changelog do
raise <<EOM
The changelog tasks depends on recent features of the github_changelog_generator gem.
Please manually add it to your .sync.yml for now, and run `pdk update`:
---
Gemfile:
optional:
':development':
- gem: 'github_changelog_generator'
version: '~> 1.15'
condition: "Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.3.0')"
EOM
end
end
---
ub_folio::foliofront:
env: >
ENC[PKCS7,MIIO3QYJKoZIhvcNAQcDoIIOzjCCDsoCAQAxggEhMIIBHQIBAD
AFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAn0AsLfEkSiCNUc7UuJzKn1vcUp
yYItnkXrrlWQj+4FsjI4HrpOIe/NlNfqGuDJe6V5IvzX/aOmFBxvNHqZDu4V
jHyAXjpTE8dBwSLLkzNIMMszIbqkpjJyt3xMy3xG1aI9A8RhMl4zJhojzqkC
yfuTSaMHmkY5f/aJTjLK6o3hEpqa5vCo3vs1nCiGlCcUyG++Zd+IwgnoadeK
82RG6R2BM+ZRQLucQUn5u1ieGufNVskoNCpsTlQZtTL2dGG+InSrj7L55Oi1
672W6DhPvdrcJ/0rlred1YFL2OVJN/RRRCgsSJ/IpaiuhVKmBILWEDL5KJRo
foVdoWfNdTzDs/9zCCDZ4GCSqGSIb3DQEHATAdBglghkgBZQMEASoEEOCXZj
jE/SXhSu1Su/3Qgj6Agg1wbYrFQF0+05S7CjDIt9Ttf3Zogh2whQ7QwgXl+q
cW/tN+DN2RKkFlYlJo2DispO1ZWKH9K8RsTznOekgg+0iGXIq7vAf7D59XEt
cBif/HBZb1PdaUiuDf4H6hcf1Pvyjj7mUpIlqKpCerDw6MUQVMtX1TVkoTz7
/Hg3p0za29bnW2lXkxqilct3gvE5z1bPDUWuul7bDqkDWZeFCseBs6+o2u2H
XXHyP+OhrgKhc/UPahGvdH0AwLtI3mGEjF2y9PRWDMLwzQzAeaIqP/fg6Rhx
etvV050s8AbrlKWq3FDokqltOpV4NNp1XwGhb4yWPTH7MIgXOqiIwHejoP6y
xlJxk+zRVbfa2Rmx3eAxY0KdnHd20uupbfEsuSGfpVXiQ8H5YhApUNbttEy2
tzlXrrU9OWnHW1yv+gdSzF8DFE/YPUHIaHAGezIfEyVMDvn/ZQ3YzMDxkryf
mkXM1cTTagQhnbPeGaRMGs5e3O4lZvBUMc+hZ0Yof+VSmfm/O9Y+0HZFyuzI
CBP6VqbtawXTVwlvDaZUlyAosj91a0GWunOJToFfPA0IcPvspiO1Y8DgpplD
u0O84dy4dilD28jSxLLcXyxsq1h4LC3FIOZ8FcEUZckAdHUvzx7l5aF517js
y9+R75Tb0xpb4NYzHtp+Ga4Pn9D+jwNcn6Wox183NMG7M036YklX2JoKqle0
Cuyia7QysYnB+vO9dik9gWowa1n2cP0EqziT2m4vUTFI5GiM4mpKnhROJ2Qo
/inCYhVf4MNGPjYvh/sSC7OFS7CkuTb0ONTtO8CkQM1qVHG/YoCs1O59rjhe
bad19FRKSkjlMcC/n7LhTpFLfCp/lftFUgzwD6JHK3QfsZVn114tMcck62jJ
D//2sqF99bYiBItYMQZKmpubA6HcRqn7Ajg9HL/aAW/fgb3XOYOOTIPC+89l
F5Shf5cIyoD1Cx/yerNop8Eh0SZGE4yIzCYMr5UkOJCh9I6+gpARz55fWaqJ
11/8LF0HJ1gquRn3j2gyZz/V4TsBtyVuhnXEF9TW5zuFzCfdnL3lgOBm/n38
vBcZ9zIEkPi/L5Y2Zs0X47hR6lEykDrfYUddEMN0jMKMmrpI022OkPnMyX4U
KceamiHG3tx4SsVEM1rau/i6swGQJiiou9n3PFC8eU9pecAHDe1CYcp8fFxC
AcpIEeX1at/IGa0wqbvPeXyP7wtymd+WC4UO5FE63rLCAZxNfUTYsoEfzwhE
6GkgZ6OrQwhPfq/sWdL3Q/z+6uLhLrXZkaeuXTfTEjw/YRkkWp7nwBgP87B3
hlm/rraVl9tUGZmIFxiiTIhMARAs3oFy6RMlkbiRo+PNC2GuuaRQCqsaV8y9
SUfEc8XDwfRV3y2XVSWfi7FDuRVTupKVRL1VD3kD/jV8M08YX67cPUk5USPf
aP4ujUnegZVJ8y+VVNDvK6u0St+Nqt1C438fklPPvon+wArbLT1irEOcHW6P
2ZqJi5MR3VgEanG6spTlnjTrILjP/mAKoC/3X4IyDIhneaR7fyjjOTBwdPAw
L6ziapz8kbqba6c7D6sNTn7cE76CTwgS9VJBrnYIQZsnFqHca9Ggzo4CKZpV
vlva5NpgyN/qjCB4ytO+D/ib6Yxo7+YttGStl1B805xK8159XblLMMNITgnB
yOUIqCOJGvSi9j8adGmE64CHscZpeFOYrHMBjfT2JbQpgcxBOxzMYEetcHVv
XEbPrsi+Zy0/nDuFTPsZrCntwClYztaSxXnYiEjGkndGoiKlO52qBnZq9Trk
a3EduMP8C4ZluVIqF9nQ905EYKMotmga4cub3WPWQ2a7Jc6UB8Cl7nQFg0Cz
EIzCe2XpyHZxDcCR9jhb8ZUKsdSY/EwZUKc5ezgQTxtirpZIoqMBxEdgdtA8
x06Thtww0gMgpb6QngBP5PYPbTZmSxn26YE+7+KUY8X5QUf0vffCahr6V9EZ
7nS+2qP8D3LXGV0xKDNUO0Zs34ZcthC4d5XK5ZFoUyEnlijpbViTp5DM3vlj
SeMCLWMNmxduJw4/+91p8JWKmOyUXmoRoHca0EDbnratUDR7tu+x7YbsupWy
PB84gkEyLhGT9dD90TCU/vUfJL1+8ORQfBVHRoIQT2BvvbsJAMevIQHj8Onh
yAL6sS2nUzpg9EmieF3gKWj2lUWACMWXQ4avfR98jMbVuvB9VnCZVnIsYg8z
0Tu+E/pfX4xcyctB3Jr991cXdh4fsGJM7mb0wbUVSEQCO0XN2uxOy6b1MfPz
zqTItrB8OEimcTmhiozMZi7xUX8mzqVtMDgNdTEIgzmvWRStOc9shFyPYSP6
MU60pATKECr9XQ4XKzN9Y4o5JDXDlHnUOcxOaCd9G9gyoCNMmYLpsHsJAXRQ
EuWKwsQrjoSj2JFyaG3FW30gmVBeBHXE5cXaWJAmCwWGPjIeEIzNIQQ7Sn2W
zcsHriq5rXNiU2b/XNnnIzGkZbDCxG11EFEJJseWsg9TlPisEC7X5BIhfnh0
WLIBpTJ8MJPmN7EXXKVcOsdZk4DXbDuWIqYSvtbcJ/1o6b48dIzsO2n/9Ys4
HRTuVUb7/zC0WGVVB6Kj27g7iLtdLOd1zP5/HEPMfyZT4uUCzejgF7wZkQK1
Ioh49+5bc+ygfz3fV32MKa0xdEE7qFb0u698fpp49OCYXZNvDeiw72hKYg0L
Mijo9o9IGNf2myv82uyYBMuJI9RJapqNDuECZ84JRztDNgDDJCdRVg4O9wRd
CbTC9COik7L+/UXBew5Djf2BAXgf2cvqmYU3p/tpJY+hyhvfSOVXEXPOeVF6
T0sVKO0q598JWEnkRFaSw/SddcyHe4VRfVotM/gvB8dPYqnkSb6OYMbSN9uU
ky11pUT+okCmBRC7qf372aoP6zZ3x9o0n1xmkLy8/s0LSVeh4694VfcKaWtc
mU8sxBFROaLv76DpBEPe0PM5pNoy1Z40y7E/dgQ37lA5ZM+VvIugSkYMxQVN
a83gAP23DzUGaVshZlPPkRY0Kz7CZqG5DYH3nmE73T1ICvOQVF4G/osRZ4Sn
KKn0iovlaWcuFsxDZHMK30zRxDOjFUOXXfTQKcrXaaZmosbPYGyzkVfLQaFK
E846BXvpx1D9eGjqJ/Q8BMPn6RFS4OxmC8cdCGxohWL0TlX8HRdZalQYTBWA
kdVbqVZpbhWDjSPbNFbPkFBApAzo/JFlGjViztNLkXs84Kme7rVJlwMwowYx
/AMlThEzfEWe2r915Q0EKJ9xIkqORHAK0zvprIAc4QlRXDH9ktcjtwNVwxcy
MlcHTwdaCo+vAK7zKaFPfXaI+YTxLZUPNedgmMQhUY1woLp51b5CrL8mop0N
DYKwdWkQ868g+5i1T5iZmEC7N2S5FpWkB9KVcIEPkQBFf/q29VD8EEEadiLS
pLmiOTI9LLvnBKaML+p0NH6hlaIi90wrY0ez894aD16g1bOH+MRGvV6PZcdU
oApoHudVmodUlZ+6nsnDD55xO8EM2dVTO0fxucP+aIYjcTNDEAEVTwk1Z9/g
PubWsB2hCXBb+LIl4fDgsdE/4R6qS0Hk3TTl9GTBuO6NJSxi508FzsUPExhy
1d0p3iB7w4NfQiobfWq1r3Js8Wb3b8ad9c+X1fyzOkWKWp94nKZLWuD5IhNW
IUMvtxcfwEtEx2dzbJD4ehIdYGdeNqIcgEKAPMt4wZX01JmxetuHo0+1Spg1
pLrgKqWvh/IbwBRfLBdJhB0wb+7hd6H28vY9wVgoFRoOeg1ZNeAjmG3EotB8
+LzbNmwWSKFmwVwqoN+izyoC75+z7qsnmy4Ws7CSMcTWljwGebDntc59tNLc
pHHxdTnzHV7CjnEyQkHf7Zi4HAzCImdmUBq4hy2A+37IUZTXw4eVOCePPUQb
tt20HuT5wrDYYup74eCaZtFl2QsW7jfcdCm+UlDZEyvOCR+WtTH5QGnSgyht
BaOILixO44B84gDh5NowokdtqV2GMxON49dxpMiMn0rrpBeDR3k8UXXamwH5
4mtiE++CIY1szj84XIX+9j5G7bLBwxYuiNiearex6j+lc4hbb9ACjK2fVqqJ
j4VMP9i4vX8JbRlyzmL1lpNu9+yedL/a9m8fTfG7MRCo6GjwWErsDdHTSlu1
N7OPeugzwM7zYwIeSanDlob7B+XlnSheKbL+NSb286ayH9aO6VNZixVwLZ+M
cN0hBbvipvc9kVS2+CI/jtsHhEYOR7U/5G7sPiE4X2biVOxMSD+6bkW6Hew5
mwaBbJtcv6M0RAOYMLPKknamk5bs3E7m1WQ6e9uIwu53XGwGUCEr0nfXssL/
0EQBvF9nyp8wKuFG5ZBPD74hz5OrPfyZ56asRi9euXqgRl752NDwHUhuC849
dxuujXzDz8V6OrZUdp90hjQwtEsELlfuz6f3U53yd5UZgMlMmFN1SpEnz0DO
XiRcXZ40pUzIV862TflUechJhOBXuwSkPuKeHcfK6C5gfG6z8rP1is6IrM7S
0AIoxTL94Q7FUxNm2JgkeTD3a6ukZbp1+v5QkYYIMPUwboTyM5Hoh/6trkA3
fZpTbqrXglwAe/HexCRdvs4O64ATi+Yn3zBL5Qpqyj9NrNtFA=]
#! /bin/sh -eu
encryptdir="$(dirname "$0")"
encryptdir="$(cd "${encryptdir}"&& pwd)"
exec eyaml encrypt --pkcs7-public-key "${encryptdir}/public-key.pkcs7.pem" "$@"
-----BEGIN CERTIFICATE-----
MIIC2TCCAcGgAwIBAgIBATANBgkqhkiG9w0BAQUFADAAMCAXDTE1MDYwMzA5MDUx
MloYDzIwNjUwNTIxMDkwNTEyWjAAMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAwh8REuonjpax1B3egJEHQ6FnrVPEhS8P1PftDVFlYrlpiualq2RX8ynz
ZRigwRYqrFFpPJNooK1gXaFttpAMffUM7mFVPdXC3Tg4nihYncOOxGT3GqrbC7Oa
GfXeUoEI7PIbRJhmcH/fJLLcsYrdIYyqferTgBGlVKbK2dSpqL9FGQCigcrmbalh
3ZpIKKfmejZELNHY/7Mun1Gseoin5yuYMTGzI9xEmxBIEQzKpIJWrgvyfPs80ch3
WTjufePl0PqlaVLKR8qk6H23LQMw0DcBjN+Dm1wG7kWIBK4CxHN7TSHPebiEwutH
UG56w+2HKuf0J/loYRSQklcmlogNJQIDAQABo1wwWjAPBgNVHRMBAf8EBTADAQH/
MB0GA1UdDgQWBBTvBDJEU5YW0kgqu2YI0HVwNchshDAoBgNVHSMEITAfgBTvBDJE
U5YW0kgqu2YI0HVwNchshKEEpAIwAIIBATANBgkqhkiG9w0BAQUFAAOCAQEAdA8j
RGF2rFXrGeOzurP6/1G1Yvi3adN9Adxnhe0ZKCYfsCzd+Ttuli11IGUWDeOsxTgf
QkezGo6FPsyhv79yGMP5IOkToIXVyOeeGjQRDytRVAq2Q3dQa3/9xhabA88NfzdR
S+VChWUWLgIKKtrrShiusGdvewpmo5lKvYNGTvmJchXPED9kXNJC8nmxBwcqk9fJ
eUVmXyiMdvEcwHzzjZN8n0F9vRNAA9r0w2GeP5Bg5Ggxqldfnyt4TpBbcacdJLLt
DWKsYYuI7wLPTTmXvMdAm/eC7zvrCLP9wMw1wN6Sh/SpG+CLiStJNTFigqu9vkmO
4qJa9Cmm6QrZ6aGieQ==
-----END CERTIFICATE-----
magto94 ALL=(folio-cron) ALL
andfa93 ALL=(folio-cron) ALL
thotr29 ALL=(folio-cron) ALL
hakan95 ALL=(folio-cron) ALL
hakjo91 ALL=(folio-cron) ALL
\ No newline at end of file
...@@ -9,6 +9,9 @@ defaults: # Used for any hierarchy level that omits these keys. ...@@ -9,6 +9,9 @@ defaults: # Used for any hierarchy level that omits these keys.
pkcs7_public_key: /etc/puppetlabs/puppet/keys/public_key.pkcs7.pem pkcs7_public_key: /etc/puppetlabs/puppet/keys/public_key.pkcs7.pem
hierarchy: hierarchy:
- name: "Node data"
path: "nodes/%{trusted.certname}.yaml"
- name: "Environment" - name: "Environment"
path: "environment/%{::environment}.yaml" path: "environment/%{::environment}.yaml"
......
# @summary Setup a front facing node for folio # @summary Setup a front facing node for folio
class folioscripts::foliofront { class ub_folio::foliofront {
include profiles::letsencrypt include profiles::letsencrypt
include apache include apache
include apache::mod::proxy include apache::mod::proxy
package { 'nodejs': $basedir='/opt/liu/foliofront'
exec { 'create private key for':
creates => "${$basedir}/privatekey.pem",
command => "/bin/openssl genrsa -out ${$basedir}/privatekey.pem 2048",
}
exec { 'create cert for':
creates => "${$basedir}/saml-cert.pem",
command => "/bin/openssl req -new -x509 -key ${$basedir}/privatekey.pem -out ${$basedir}/saml-cert.pem -days 3650 -subj '/C=SE/ST=Östergotland/L=Linköping/O=library.liu/OU=library/CN=saml.${$trusted['certname']}'",
require => [Exec['create private key for'],],
}
package { ['nodejs','nano']:
ensure => 'installed', ensure => 'installed',
} }
...@@ -20,12 +33,6 @@ class folioscripts::foliofront { ...@@ -20,12 +33,6 @@ class folioscripts::foliofront {
require => Exec['n-from-npm']; require => Exec['n-from-npm'];
} }
file { '/usr/bin/node':
ensure => 'link',
source => '/usr/local/bin/node', # lint:ignore:source_without_rights
require => Exec['nodejs-lts'],
}
exec { 'install pm2': exec { 'install pm2':
command => '/bin/npm install pm2 -g', command => '/bin/npm install pm2 -g',
unless => '/bin/test -d /usr/local/lib/node_modules/pm2', unless => '/bin/test -d /usr/local/lib/node_modules/pm2',
...@@ -33,10 +40,12 @@ class folioscripts::foliofront { ...@@ -33,10 +40,12 @@ class folioscripts::foliofront {
} }
user { 'pm2runner': user { 'pm2runner':
ensure => 'present', ensure => 'present',
comment => 'pm2 owner', comment => 'pm2 owner',
system => 'yes', system => 'yes',
managehome => 'yes',
} }
group { group {
default: default:
ensure => 'present'; ensure => 'present';
...@@ -48,17 +57,24 @@ class folioscripts::foliofront { ...@@ -48,17 +57,24 @@ class folioscripts::foliofront {
Group <| title == 'ssl-cert' |> { members +> ['andfa93', 'pm2runner', 'hakan95', 'hakjo91'] } Group <| title == 'ssl-cert' |> { members +> ['andfa93', 'pm2runner', 'hakan95', 'hakjo91'] }
file { '/opt/liu/foliofront': file {
ensure => directory, [
owner => 'andfa93', $basedir,
group => 'api', "${$basedir}/data",
mode => '0775', "${$basedir}/data/logs",
"${$basedir}/data/resetpintokens",
]:
ensure => directory,
owner => 'andfa93',
group => 'api',
mode => '0775',
} }
vcsrepo { '/opt/liu/foliofront/foliofront-node-root': vcsrepo { '/opt/liu/foliofront/foliofront-node-root':
ensure => latest, ensure => latest,
provider => git, provider => git,
source => 'https://git:glpat-F5y74GSXSm6FrQBD5wM5@gitlab.liu.se/ub-utveckling/webb/folio-projekt/foliofront-node-root.git', source => 'https://git:glpat-F5y74GSXSm6FrQBD5wM5@gitlab.liu.se/ub-utveckling/webb/folio-projekt/foliofront-node-root.git',
revision => 'develop',
notify => [Exec['do npm install of foliofront'],], notify => [Exec['do npm install of foliofront'],],
} }
...@@ -75,15 +91,36 @@ class folioscripts::foliofront { ...@@ -75,15 +91,36 @@ class folioscripts::foliofront {
require => [Vcsrepo['/opt/liu/foliofront/foliofront-node-root'],], require => [Vcsrepo['/opt/liu/foliofront/foliofront-node-root'],],
} }
file { '/opt/liu/foliofront/foliofront-node-root/.env':
ensure => file,
group => 'api',
mode => '0750',
content => lookup('ub_folio::foliofront.env',undef,undef,'"env" key not found in hiera data'),
require => [Vcsrepo['/opt/liu/foliofront/foliofront-node-root'],],
}
systemd::manage_unit { 'foliofront.service': systemd::manage_unit { 'foliofront.service':
unit_entry => { unit_entry => {
'Description' => 'Run the foliofront node application', 'Description' => 'Run the foliofront node application',
}, },
service_entry => { service_entry => {
'Type' => 'simple', 'Type' => 'simple',
'ExecStart' => '', 'User' => 'pm2runner',
'User' => 'postgres', 'ExecStart' => 'npm run start development',
'WorkingDirectory' => '/opt/liu/foliofront/foliofront-node-root',
}, },
install_entry => {
'WantedBy' => 'multi-user.target',
},
enable => true,
active => true,
require => [Vcsrepo['/opt/liu/foliofront/foliofront-node-root'],],
}
service { 'foliofront':
ensure => 'running',
enable => true,
require => [Systemd::Manage_unit['foliofront.service'],],
} }
user { 'folio-cron': user { 'folio-cron':
...@@ -143,50 +180,38 @@ class folioscripts::foliofront { ...@@ -143,50 +180,38 @@ class folioscripts::foliofront {
# lint:endignore # lint:endignore
} }
if fact('server_firewall_provider') == 'firewalld' { server_firewall::address_set { 'vpn':
server_firewall::address_set { 'vpn': addresses => [
addresses => [ '130.236.110.0/24',
'130.236.110.0/24', '10.240.0.0/12',
'10.240.0.0/12', ],
], }
}
firewalld_rich_rule { 'Access ssh from VPN':
firewalld_rich_rule { 'Access ssh from VPN': service => 'ssh',
service => 'ssh', family => 'ipv4',
family => 'ipv4', zone => 'liu',
zone => 'liu', action => 'accept',
action => 'accept', source => { 'ipset' => 'vpn_v4', },
source => { 'ipset' => 'vpn_v4', }, }
}
firewalld_service {
firewalld_service { default:
default: ensure => present,
ensure => present, zone => 'public';
zone => 'public'; 'Apache web http public access':
'Apache web http public access': service => 'http';
service => 'http'; 'Apache web https public access':
'Apache web https public access': service => 'https';
service => 'https'; }
}
firewalld_service {
firewalld_service { default:
default: ensure => present,
ensure => present, zone => 'liu';
zone => 'liu'; 'Apache web http liu access':
'Apache web http liu access': service => 'http';
service => 'http'; 'Apache web https liu access':
'Apache web https liu access': service => 'https';
service => 'https';
}
} else {
server_firewall::rules_file { '59-permit_vpn_ssh.rules':
content => file("${module_name}/permit_vpn_ssh.rules"),
}
server_firewall::rules_file { '58-permit_api.rules':
content => file("${module_name}/permit_api.rules"),
}
server_firewall::rules_file { '57-permit_www.rules':
content => file("${module_name}/permit_www.rules"),
}
} }
} }
{ {
"name": "liuit-folioscripts", "name": "liuit-ub_folio",
"version": "0.1.0", "version": "0.1.0",
"author": "LiU-IT", "author": "LiU-IT",
"summary": "", "summary": "",
...@@ -47,7 +47,7 @@ ...@@ -47,7 +47,7 @@
"version_requirement": ">= 7.24 < 9.0.0" "version_requirement": ">= 7.24 < 9.0.0"
} }
], ],
"pdk-version": "3.0.1", "pdk-version": "3.2.0",
"template-url": "https://gitlab.it.liu.se/puppet-infra/pdk-templates.git#liu", "template-url": "https://gitlab.it.liu.se/puppet-infra/pdk-templates.git#liu",
"template-ref": "heads/liu-0-g522eb00" "template-ref": "heads/liu-0-g4d4e981"
} }
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
require 'spec_helper' require 'spec_helper'
describe 'folioscripts::foliofront' do describe 'ub_folio::foliofront' do
on_supported_os.each do |os, os_facts| on_supported_os.each do |os, os_facts|
context "on #{os}" do context "on #{os}" do
let(:facts) { os_facts } let(:facts) { os_facts }
......
...@@ -28,7 +28,8 @@ default_fact_files.each do |f| ...@@ -28,7 +28,8 @@ default_fact_files.each do |f|
next unless File.exist?(f) && File.readable?(f) && File.size?(f) next unless File.exist?(f) && File.readable?(f) && File.size?(f)
begin begin
default_facts.merge!(YAML.safe_load(File.read(f), permitted_classes: [], permitted_symbols: [], aliases: true)) require 'deep_merge'
default_facts.deep_merge!(YAML.safe_load(File.read(f), permitted_classes: [], permitted_symbols: [], aliases: true))
rescue StandardError => e rescue StandardError => e
RSpec.configuration.reporter.message "WARNING: Unable to load #{f}: #{e}" RSpec.configuration.reporter.message "WARNING: Unable to load #{f}: #{e}"
end end
...@@ -36,7 +37,7 @@ end ...@@ -36,7 +37,7 @@ end
# read default_facts and merge them over what is provided by facterdb # read default_facts and merge them over what is provided by facterdb
default_facts.each do |fact, value| default_facts.each do |fact, value|
add_custom_fact fact, value add_custom_fact fact, value, merge_facts: true
end end
RSpec.configure do |c| RSpec.configure do |c|
......
<%- |
Stdlib::Absolutepath $basedirectory,
String[1] $username,
Sensitive[String[1]] $password,
| -%>
X_OKAPI_TENANT=liuaf
SESSION_SECRET=session_secret
admin_user=<%= $username %>
admin_pwd=<%= $password %>
ROOT_FOLDER="<%= $basedirectory %>"
LOGS_FOLDER="data/logs/"
TOKEN_FOLDER="data/resetpintokens/"
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment