diff --git a/.rubocop.yml b/.rubocop.yml
index 5be1f9fa994085890c3fe9db117a937b8928f8cb..21b82b99b8ed1e2fb1ae4fc9a08d9aeb91054a33 100644
--- a/.rubocop.yml
+++ b/.rubocop.yml
@@ -3,6 +3,7 @@ require:
- rubocop-performance
- rubocop-rspec
AllCops:
+ NewCops: enable
DisplayCopNames: true
TargetRubyVersion: '2.6'
Include:
@@ -527,6 +528,8 @@ Lint/DuplicateBranch:
Enabled: false
Lint/DuplicateMagicComment:
Enabled: false
+Lint/DuplicateMatchPattern:
+ Enabled: false
Lint/DuplicateRegexpCharacterClassElement:
Enabled: false
Lint/EmptyBlock:
@@ -643,6 +646,8 @@ Style/ComparableClamp:
Enabled: false
Style/ConcatArrayLiterals:
Enabled: false
+Style/DataInheritance:
+ Enabled: false
Style/DirEmpty:
Enabled: false
Style/DocumentDynamicEvalDefinition:
@@ -711,6 +716,8 @@ Style/RedundantHeredocDelimiterQuotes:
Enabled: false
Style/RedundantInitialize:
Enabled: false
+Style/RedundantLineContinuation:
+ Enabled: false
Style/RedundantSelfAssignmentBranch:
Enabled: false
Style/RedundantStringEscape:
diff --git a/.vscode/extensions.json b/.vscode/extensions.json
index a5f6a2b80eb07663d44f5e705340b4e116bb0b67..902e5f8b8d95d3c0c2c4db3579ce41dd628eb230 100644
--- a/.vscode/extensions.json
+++ b/.vscode/extensions.json
@@ -5,5 +5,6 @@
"ms-vscode.powershell",
"EditorConfig.EditorConfig",
"glenbuktenica.unicode-substitutions"
+ "Shopify.ruby-lsp"
]
}
diff --git a/Gemfile b/Gemfile
index ca0e773ecda0523822c56f423572a35d57d7ed83..7a9ef2e664e8fe5846f594d2c6018c05e8e02920 100644
--- a/Gemfile
+++ b/Gemfile
@@ -20,30 +20,29 @@ group :development do
gem "json", '= 2.6.1', require: false if Gem::Requirement.create(['>= 3.1.0', '< 3.1.3']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
gem "json", '= 2.6.3', require: false if Gem::Requirement.create(['>= 3.2.0', '< 4.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
gem "racc", '~> 1.4.0', require: false if Gem::Requirement.create(['>= 2.7.0', '< 3.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
+ gem "deep_merge", '~> 1.0', require: false
gem "voxpupuli-puppet-lint-plugins", '~> 5.0', require: false
gem "facterdb", '~> 1.18', require: false
- gem "metadata-json-lint", '~> 3.0', require: false
- gem "puppetlabs_spec_helper", '~> 6.0', require: false
- gem "rspec-puppet-facts", '~> 2.0', require: false
- gem "codecov", '~> 0.2', require: false
+ gem "metadata-json-lint", '~> 4.0', require: false
+ gem "rspec-puppet-facts", '~> 3.0', require: false
gem "dependency_checker", '~> 1.0.0', require: false
gem "parallel_tests", '= 3.12.1', require: false
gem "pry", '~> 0.10', require: false
- gem "simplecov-console", '~> 0.5', require: false
+ gem "simplecov-console", '~> 0.9', require: false
gem "puppet-debugger", '~> 1.0', require: false
- gem "rubocop", '= 1.48.1', require: false
+ gem "rubocop", '~> 1.50.0', require: false
gem "rubocop-performance", '= 1.16.0', require: false
gem "rubocop-rspec", '= 2.19.0', require: false
- gem "puppet-strings", '~> 4.0', require: false
gem "rb-readline", '= 0.5.5', require: false, platforms: [:mswin, :mingw, :x64_mingw]
end
-group :system_tests do
- gem "puppet_litmus", '~> 1.0', require: false, platforms: [:ruby, :x64_mingw]
- gem "serverspec", '~> 2.41', require: false
-end
-group :release_prep do
+group :development, :release_prep do
gem "puppet-strings", '~> 4.0', require: false
- gem "puppetlabs_spec_helper", '~> 6.0', require: false
+ gem "puppetlabs_spec_helper", '~> 7.0', require: false
+end
+group :system_tests do
+ gem "puppet_litmus", '~> 1.0', require: false, platforms: [:ruby, :x64_mingw]
+ gem "CFPropertyList", '< 3.0.7', require: false, platforms: [:mswin, :mingw, :x64_mingw]
+ gem "serverspec", '~> 2.41', require: false
end
puppet_version = ENV['PUPPET_GEM_VERSION']
diff --git a/README.md b/README.md
index f7f5a68cf181804086b2946343c9398c11d5697b..0ae7226ec94b82df21d60dd585e2e73fe8cd5c54 100644
--- a/README.md
+++ b/README.md
@@ -1,10 +1,25 @@
-# folioscripts
+# ub_folio
-## Documentation ideas
+## encrypt configuration data
-For more ideas about what to document here see the [pdk template
-readme](https://github.com/puppetlabs/pdk-templates/blob/main/moduleroot_init/README.md.erb).
+You need https://github.com/voxpupuli/hiera-eyaml
+If you have ruby installed you can do 'gem install hiera-eyaml'
-For how to do it:
-https://puppet.com/docs/puppet/latest/puppet_strings.html
-https://puppet.com/docs/puppet/latest/puppet_strings_style.html
+In the 'encrypt' director is a small script to help you.
+
+./encrypt/eyaml-encrypt.sh --stdin (ctrl-d once or twice to end the inputing)
+./encrypt/eyaml-encrypt.sh --password (for encryption of singleline data)
+
+paste the block output into a 'FQDN.yaml' in data/nodes/
+
+
+
+
+##
+utgå från .env i /opt/liu/foliofront/foliofront-node-root på någon maskin med foliofront
+ändra datat och kryptera filen, och lägg in i data/nodes/*.yaml
+add, commit and push
+kolla att puppetmodulen gick igenom CI-kedjan
+vänta ett tag
+kör puppet på folioservices01.test.it.liu.se
+se att ändringen skett i .env
diff --git a/Rakefile b/Rakefile
index 74415a96f53d00b92550f6c697bb02093faecf76..77590fe6f84e2a49cabfb16175ff7ef3706dcd74 100644
--- a/Rakefile
+++ b/Rakefile
@@ -4,85 +4,6 @@ require 'bundler'
require 'puppet_litmus/rake_tasks' if Gem.loaded_specs.key? 'puppet_litmus'
require 'puppetlabs_spec_helper/rake_tasks'
require 'puppet-syntax/tasks/puppet-syntax'
-require 'github_changelog_generator/task' if Gem.loaded_specs.key? 'github_changelog_generator'
require 'puppet-strings/tasks' if Gem.loaded_specs.key? 'puppet-strings'
-def changelog_user
- return unless Rake.application.top_level_tasks.include? "changelog"
- returnVal = nil || JSON.load(File.read('metadata.json'))['author']
- raise "unable to find the changelog_user in .sync.yml, or the author in metadata.json" if returnVal.nil?
- puts "GitHubChangelogGenerator user:#{returnVal}"
- returnVal
-end
-
-def changelog_project
- return unless Rake.application.top_level_tasks.include? "changelog"
-
- returnVal = nil
- returnVal ||= begin
- metadata_source = JSON.load(File.read('metadata.json'))['source']
- metadata_source_match = metadata_source && metadata_source.match(%r{.*\/([^\/]*?)(?:\.git)?\Z})
-
- metadata_source_match && metadata_source_match[1]
- end
-
- raise "unable to find the changelog_project in .sync.yml or calculate it from the source in metadata.json" if returnVal.nil?
-
- puts "GitHubChangelogGenerator project:#{returnVal}"
- returnVal
-end
-
-def changelog_future_release
- return unless Rake.application.top_level_tasks.include? "changelog"
- returnVal = "v%s" % JSON.load(File.read('metadata.json'))['version']
- raise "unable to find the future_release (version) in metadata.json" if returnVal.nil?
- puts "GitHubChangelogGenerator future_release:#{returnVal}"
- returnVal
-end
-
PuppetLint.configuration.send('disable_relative')
-
-
-if Gem.loaded_specs.key? 'github_changelog_generator'
- GitHubChangelogGenerator::RakeTask.new :changelog do |config|
- raise "Set CHANGELOG_GITHUB_TOKEN environment variable eg 'export CHANGELOG_GITHUB_TOKEN=valid_token_here'" if Rake.application.top_level_tasks.include? "changelog" and ENV['CHANGELOG_GITHUB_TOKEN'].nil?
- config.user = "#{changelog_user}"
- config.project = "#{changelog_project}"
- config.future_release = "#{changelog_future_release}"
- config.exclude_labels = ['maintenance']
- config.header = "# Change log\n\nAll notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org)."
- config.add_pr_wo_labels = true
- config.issues = false
- config.merge_prefix = "### UNCATEGORIZED PRS; LABEL THEM ON GITHUB"
- config.configure_sections = {
- "Changed" => {
- "prefix" => "### Changed",
- "labels" => ["backwards-incompatible"],
- },
- "Added" => {
- "prefix" => "### Added",
- "labels" => ["enhancement", "feature"],
- },
- "Fixed" => {
- "prefix" => "### Fixed",
- "labels" => ["bug", "documentation", "bugfix"],
- },
- }
- end
-else
- desc 'Generate a Changelog from GitHub'
- task :changelog do
- raise <<EOM
-The changelog tasks depends on recent features of the github_changelog_generator gem.
-Please manually add it to your .sync.yml for now, and run `pdk update`:
----
-Gemfile:
- optional:
- ':development':
- - gem: 'github_changelog_generator'
- version: '~> 1.15'
- condition: "Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.3.0')"
-EOM
- end
-end
-
diff --git a/data/nodes/folioservices01.test.it.liu.se.yaml b/data/nodes/folioservices01.test.it.liu.se.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..25419550b1a4cbd2306608608acb0cbeca1cc651
--- /dev/null
+++ b/data/nodes/folioservices01.test.it.liu.se.yaml
@@ -0,0 +1,88 @@
+---
+ub_folio::foliofront:
+ env: >
+ ENC[PKCS7,MIIO3QYJKoZIhvcNAQcDoIIOzjCCDsoCAQAxggEhMIIBHQIBAD
+ AFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAn0AsLfEkSiCNUc7UuJzKn1vcUp
+ yYItnkXrrlWQj+4FsjI4HrpOIe/NlNfqGuDJe6V5IvzX/aOmFBxvNHqZDu4V
+ jHyAXjpTE8dBwSLLkzNIMMszIbqkpjJyt3xMy3xG1aI9A8RhMl4zJhojzqkC
+ yfuTSaMHmkY5f/aJTjLK6o3hEpqa5vCo3vs1nCiGlCcUyG++Zd+IwgnoadeK
+ 82RG6R2BM+ZRQLucQUn5u1ieGufNVskoNCpsTlQZtTL2dGG+InSrj7L55Oi1
+ 672W6DhPvdrcJ/0rlred1YFL2OVJN/RRRCgsSJ/IpaiuhVKmBILWEDL5KJRo
+ foVdoWfNdTzDs/9zCCDZ4GCSqGSIb3DQEHATAdBglghkgBZQMEASoEEOCXZj
+ jE/SXhSu1Su/3Qgj6Agg1wbYrFQF0+05S7CjDIt9Ttf3Zogh2whQ7QwgXl+q
+ cW/tN+DN2RKkFlYlJo2DispO1ZWKH9K8RsTznOekgg+0iGXIq7vAf7D59XEt
+ cBif/HBZb1PdaUiuDf4H6hcf1Pvyjj7mUpIlqKpCerDw6MUQVMtX1TVkoTz7
+ /Hg3p0za29bnW2lXkxqilct3gvE5z1bPDUWuul7bDqkDWZeFCseBs6+o2u2H
+ XXHyP+OhrgKhc/UPahGvdH0AwLtI3mGEjF2y9PRWDMLwzQzAeaIqP/fg6Rhx
+ etvV050s8AbrlKWq3FDokqltOpV4NNp1XwGhb4yWPTH7MIgXOqiIwHejoP6y
+ xlJxk+zRVbfa2Rmx3eAxY0KdnHd20uupbfEsuSGfpVXiQ8H5YhApUNbttEy2
+ tzlXrrU9OWnHW1yv+gdSzF8DFE/YPUHIaHAGezIfEyVMDvn/ZQ3YzMDxkryf
+ mkXM1cTTagQhnbPeGaRMGs5e3O4lZvBUMc+hZ0Yof+VSmfm/O9Y+0HZFyuzI
+ CBP6VqbtawXTVwlvDaZUlyAosj91a0GWunOJToFfPA0IcPvspiO1Y8DgpplD
+ u0O84dy4dilD28jSxLLcXyxsq1h4LC3FIOZ8FcEUZckAdHUvzx7l5aF517js
+ y9+R75Tb0xpb4NYzHtp+Ga4Pn9D+jwNcn6Wox183NMG7M036YklX2JoKqle0
+ Cuyia7QysYnB+vO9dik9gWowa1n2cP0EqziT2m4vUTFI5GiM4mpKnhROJ2Qo
+ /inCYhVf4MNGPjYvh/sSC7OFS7CkuTb0ONTtO8CkQM1qVHG/YoCs1O59rjhe
+ bad19FRKSkjlMcC/n7LhTpFLfCp/lftFUgzwD6JHK3QfsZVn114tMcck62jJ
+ D//2sqF99bYiBItYMQZKmpubA6HcRqn7Ajg9HL/aAW/fgb3XOYOOTIPC+89l
+ F5Shf5cIyoD1Cx/yerNop8Eh0SZGE4yIzCYMr5UkOJCh9I6+gpARz55fWaqJ
+ 11/8LF0HJ1gquRn3j2gyZz/V4TsBtyVuhnXEF9TW5zuFzCfdnL3lgOBm/n38
+ vBcZ9zIEkPi/L5Y2Zs0X47hR6lEykDrfYUddEMN0jMKMmrpI022OkPnMyX4U
+ KceamiHG3tx4SsVEM1rau/i6swGQJiiou9n3PFC8eU9pecAHDe1CYcp8fFxC
+ AcpIEeX1at/IGa0wqbvPeXyP7wtymd+WC4UO5FE63rLCAZxNfUTYsoEfzwhE
+ 6GkgZ6OrQwhPfq/sWdL3Q/z+6uLhLrXZkaeuXTfTEjw/YRkkWp7nwBgP87B3
+ hlm/rraVl9tUGZmIFxiiTIhMARAs3oFy6RMlkbiRo+PNC2GuuaRQCqsaV8y9
+ SUfEc8XDwfRV3y2XVSWfi7FDuRVTupKVRL1VD3kD/jV8M08YX67cPUk5USPf
+ aP4ujUnegZVJ8y+VVNDvK6u0St+Nqt1C438fklPPvon+wArbLT1irEOcHW6P
+ 2ZqJi5MR3VgEanG6spTlnjTrILjP/mAKoC/3X4IyDIhneaR7fyjjOTBwdPAw
+ L6ziapz8kbqba6c7D6sNTn7cE76CTwgS9VJBrnYIQZsnFqHca9Ggzo4CKZpV
+ vlva5NpgyN/qjCB4ytO+D/ib6Yxo7+YttGStl1B805xK8159XblLMMNITgnB
+ yOUIqCOJGvSi9j8adGmE64CHscZpeFOYrHMBjfT2JbQpgcxBOxzMYEetcHVv
+ XEbPrsi+Zy0/nDuFTPsZrCntwClYztaSxXnYiEjGkndGoiKlO52qBnZq9Trk
+ a3EduMP8C4ZluVIqF9nQ905EYKMotmga4cub3WPWQ2a7Jc6UB8Cl7nQFg0Cz
+ EIzCe2XpyHZxDcCR9jhb8ZUKsdSY/EwZUKc5ezgQTxtirpZIoqMBxEdgdtA8
+ x06Thtww0gMgpb6QngBP5PYPbTZmSxn26YE+7+KUY8X5QUf0vffCahr6V9EZ
+ 7nS+2qP8D3LXGV0xKDNUO0Zs34ZcthC4d5XK5ZFoUyEnlijpbViTp5DM3vlj
+ SeMCLWMNmxduJw4/+91p8JWKmOyUXmoRoHca0EDbnratUDR7tu+x7YbsupWy
+ PB84gkEyLhGT9dD90TCU/vUfJL1+8ORQfBVHRoIQT2BvvbsJAMevIQHj8Onh
+ yAL6sS2nUzpg9EmieF3gKWj2lUWACMWXQ4avfR98jMbVuvB9VnCZVnIsYg8z
+ 0Tu+E/pfX4xcyctB3Jr991cXdh4fsGJM7mb0wbUVSEQCO0XN2uxOy6b1MfPz
+ zqTItrB8OEimcTmhiozMZi7xUX8mzqVtMDgNdTEIgzmvWRStOc9shFyPYSP6
+ MU60pATKECr9XQ4XKzN9Y4o5JDXDlHnUOcxOaCd9G9gyoCNMmYLpsHsJAXRQ
+ EuWKwsQrjoSj2JFyaG3FW30gmVBeBHXE5cXaWJAmCwWGPjIeEIzNIQQ7Sn2W
+ zcsHriq5rXNiU2b/XNnnIzGkZbDCxG11EFEJJseWsg9TlPisEC7X5BIhfnh0
+ WLIBpTJ8MJPmN7EXXKVcOsdZk4DXbDuWIqYSvtbcJ/1o6b48dIzsO2n/9Ys4
+ HRTuVUb7/zC0WGVVB6Kj27g7iLtdLOd1zP5/HEPMfyZT4uUCzejgF7wZkQK1
+ Ioh49+5bc+ygfz3fV32MKa0xdEE7qFb0u698fpp49OCYXZNvDeiw72hKYg0L
+ Mijo9o9IGNf2myv82uyYBMuJI9RJapqNDuECZ84JRztDNgDDJCdRVg4O9wRd
+ CbTC9COik7L+/UXBew5Djf2BAXgf2cvqmYU3p/tpJY+hyhvfSOVXEXPOeVF6
+ T0sVKO0q598JWEnkRFaSw/SddcyHe4VRfVotM/gvB8dPYqnkSb6OYMbSN9uU
+ ky11pUT+okCmBRC7qf372aoP6zZ3x9o0n1xmkLy8/s0LSVeh4694VfcKaWtc
+ mU8sxBFROaLv76DpBEPe0PM5pNoy1Z40y7E/dgQ37lA5ZM+VvIugSkYMxQVN
+ a83gAP23DzUGaVshZlPPkRY0Kz7CZqG5DYH3nmE73T1ICvOQVF4G/osRZ4Sn
+ KKn0iovlaWcuFsxDZHMK30zRxDOjFUOXXfTQKcrXaaZmosbPYGyzkVfLQaFK
+ E846BXvpx1D9eGjqJ/Q8BMPn6RFS4OxmC8cdCGxohWL0TlX8HRdZalQYTBWA
+ kdVbqVZpbhWDjSPbNFbPkFBApAzo/JFlGjViztNLkXs84Kme7rVJlwMwowYx
+ /AMlThEzfEWe2r915Q0EKJ9xIkqORHAK0zvprIAc4QlRXDH9ktcjtwNVwxcy
+ MlcHTwdaCo+vAK7zKaFPfXaI+YTxLZUPNedgmMQhUY1woLp51b5CrL8mop0N
+ DYKwdWkQ868g+5i1T5iZmEC7N2S5FpWkB9KVcIEPkQBFf/q29VD8EEEadiLS
+ pLmiOTI9LLvnBKaML+p0NH6hlaIi90wrY0ez894aD16g1bOH+MRGvV6PZcdU
+ oApoHudVmodUlZ+6nsnDD55xO8EM2dVTO0fxucP+aIYjcTNDEAEVTwk1Z9/g
+ PubWsB2hCXBb+LIl4fDgsdE/4R6qS0Hk3TTl9GTBuO6NJSxi508FzsUPExhy
+ 1d0p3iB7w4NfQiobfWq1r3Js8Wb3b8ad9c+X1fyzOkWKWp94nKZLWuD5IhNW
+ IUMvtxcfwEtEx2dzbJD4ehIdYGdeNqIcgEKAPMt4wZX01JmxetuHo0+1Spg1
+ pLrgKqWvh/IbwBRfLBdJhB0wb+7hd6H28vY9wVgoFRoOeg1ZNeAjmG3EotB8
+ +LzbNmwWSKFmwVwqoN+izyoC75+z7qsnmy4Ws7CSMcTWljwGebDntc59tNLc
+ pHHxdTnzHV7CjnEyQkHf7Zi4HAzCImdmUBq4hy2A+37IUZTXw4eVOCePPUQb
+ tt20HuT5wrDYYup74eCaZtFl2QsW7jfcdCm+UlDZEyvOCR+WtTH5QGnSgyht
+ BaOILixO44B84gDh5NowokdtqV2GMxON49dxpMiMn0rrpBeDR3k8UXXamwH5
+ 4mtiE++CIY1szj84XIX+9j5G7bLBwxYuiNiearex6j+lc4hbb9ACjK2fVqqJ
+ j4VMP9i4vX8JbRlyzmL1lpNu9+yedL/a9m8fTfG7MRCo6GjwWErsDdHTSlu1
+ N7OPeugzwM7zYwIeSanDlob7B+XlnSheKbL+NSb286ayH9aO6VNZixVwLZ+M
+ cN0hBbvipvc9kVS2+CI/jtsHhEYOR7U/5G7sPiE4X2biVOxMSD+6bkW6Hew5
+ mwaBbJtcv6M0RAOYMLPKknamk5bs3E7m1WQ6e9uIwu53XGwGUCEr0nfXssL/
+ 0EQBvF9nyp8wKuFG5ZBPD74hz5OrPfyZ56asRi9euXqgRl752NDwHUhuC849
+ dxuujXzDz8V6OrZUdp90hjQwtEsELlfuz6f3U53yd5UZgMlMmFN1SpEnz0DO
+ XiRcXZ40pUzIV862TflUechJhOBXuwSkPuKeHcfK6C5gfG6z8rP1is6IrM7S
+ 0AIoxTL94Q7FUxNm2JgkeTD3a6ukZbp1+v5QkYYIMPUwboTyM5Hoh/6trkA3
+ fZpTbqrXglwAe/HexCRdvs4O64ATi+Yn3zBL5Qpqyj9NrNtFA=]
diff --git a/encrypt/eyaml-encrypt.sh b/encrypt/eyaml-encrypt.sh
new file mode 100755
index 0000000000000000000000000000000000000000..29234cca011dd55b78736a87c4ab991e83cbb0e3
--- /dev/null
+++ b/encrypt/eyaml-encrypt.sh
@@ -0,0 +1,6 @@
+#! /bin/sh -eu
+
+encryptdir="$(dirname "$0")"
+encryptdir="$(cd "${encryptdir}"&& pwd)"
+
+exec eyaml encrypt --pkcs7-public-key "${encryptdir}/public-key.pkcs7.pem" "$@"
diff --git a/encrypt/public-key.pkcs7.pem b/encrypt/public-key.pkcs7.pem
new file mode 100644
index 0000000000000000000000000000000000000000..48e5ee496c78f2b6eb2b56c999578d5129f42041
--- /dev/null
+++ b/encrypt/public-key.pkcs7.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC2TCCAcGgAwIBAgIBATANBgkqhkiG9w0BAQUFADAAMCAXDTE1MDYwMzA5MDUx
+MloYDzIwNjUwNTIxMDkwNTEyWjAAMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAwh8REuonjpax1B3egJEHQ6FnrVPEhS8P1PftDVFlYrlpiualq2RX8ynz
+ZRigwRYqrFFpPJNooK1gXaFttpAMffUM7mFVPdXC3Tg4nihYncOOxGT3GqrbC7Oa
+GfXeUoEI7PIbRJhmcH/fJLLcsYrdIYyqferTgBGlVKbK2dSpqL9FGQCigcrmbalh
+3ZpIKKfmejZELNHY/7Mun1Gseoin5yuYMTGzI9xEmxBIEQzKpIJWrgvyfPs80ch3
+WTjufePl0PqlaVLKR8qk6H23LQMw0DcBjN+Dm1wG7kWIBK4CxHN7TSHPebiEwutH
+UG56w+2HKuf0J/loYRSQklcmlogNJQIDAQABo1wwWjAPBgNVHRMBAf8EBTADAQH/
+MB0GA1UdDgQWBBTvBDJEU5YW0kgqu2YI0HVwNchshDAoBgNVHSMEITAfgBTvBDJE
+U5YW0kgqu2YI0HVwNchshKEEpAIwAIIBATANBgkqhkiG9w0BAQUFAAOCAQEAdA8j
+RGF2rFXrGeOzurP6/1G1Yvi3adN9Adxnhe0ZKCYfsCzd+Ttuli11IGUWDeOsxTgf
+QkezGo6FPsyhv79yGMP5IOkToIXVyOeeGjQRDytRVAq2Q3dQa3/9xhabA88NfzdR
+S+VChWUWLgIKKtrrShiusGdvewpmo5lKvYNGTvmJchXPED9kXNJC8nmxBwcqk9fJ
+eUVmXyiMdvEcwHzzjZN8n0F9vRNAA9r0w2GeP5Bg5Ggxqldfnyt4TpBbcacdJLLt
+DWKsYYuI7wLPTTmXvMdAm/eC7zvrCLP9wMw1wN6Sh/SpG+CLiStJNTFigqu9vkmO
+4qJa9Cmm6QrZ6aGieQ==
+-----END CERTIFICATE-----
diff --git a/files/folio-cron b/files/folio-cron
new file mode 100644
index 0000000000000000000000000000000000000000..b3372e3574d05108a39a9b11657b4ac7950a20de
--- /dev/null
+++ b/files/folio-cron
@@ -0,0 +1,5 @@
+magto94 ALL=(folio-cron) ALL
+andfa93 ALL=(folio-cron) ALL
+thotr29 ALL=(folio-cron) ALL
+hakan95 ALL=(folio-cron) ALL
+hakjo91 ALL=(folio-cron) ALL
\ No newline at end of file
diff --git a/hiera.yaml b/hiera.yaml
index 93930acac3d62152f6b9fb621a2dca41adeab5c9..8871b87af854dadf00f4da58e78e8081ab457bd1 100644
--- a/hiera.yaml
+++ b/hiera.yaml
@@ -9,6 +9,9 @@ defaults: # Used for any hierarchy level that omits these keys.
pkcs7_public_key: /etc/puppetlabs/puppet/keys/public_key.pkcs7.pem
hierarchy:
+ - name: "Node data"
+ path: "nodes/%{trusted.certname}.yaml"
+
- name: "Environment"
path: "environment/%{::environment}.yaml"
diff --git a/manifests/foliofront.pp b/manifests/foliofront.pp
index a3aecff6e68e7a7c1668cfa5a62316e6d6c31b3d..e5881714ecb39d81812c1b7f93cdfe52cbc28e1e 100644
--- a/manifests/foliofront.pp
+++ b/manifests/foliofront.pp
@@ -1,10 +1,23 @@
# @summary Setup a front facing node for folio
-class folioscripts::foliofront {
+class ub_folio::foliofront {
include profiles::letsencrypt
include apache
include apache::mod::proxy
- package { 'nodejs':
+ $basedir='/opt/liu/foliofront'
+
+ exec { 'create private key for':
+ creates => "${$basedir}/privatekey.pem",
+ command => "/bin/openssl genrsa -out ${$basedir}/privatekey.pem 2048",
+ }
+
+ exec { 'create cert for':
+ creates => "${$basedir}/saml-cert.pem",
+ command => "/bin/openssl req -new -x509 -key ${$basedir}/privatekey.pem -out ${$basedir}/saml-cert.pem -days 3650 -subj '/C=SE/ST=Östergotland/L=Linköping/O=library.liu/OU=library/CN=saml.${$trusted['certname']}'",
+ require => [Exec['create private key for'],],
+ }
+
+ package { ['nodejs','nano']:
ensure => 'installed',
}
@@ -20,12 +33,6 @@ class folioscripts::foliofront {
require => Exec['n-from-npm'];
}
- file { '/usr/bin/node':
- ensure => 'link',
- source => '/usr/local/bin/node', # lint:ignore:source_without_rights
- require => Exec['nodejs-lts'],
- }
-
exec { 'install pm2':
command => '/bin/npm install pm2 -g',
unless => '/bin/test -d /usr/local/lib/node_modules/pm2',
@@ -33,10 +40,12 @@ class folioscripts::foliofront {
}
user { 'pm2runner':
- ensure => 'present',
- comment => 'pm2 owner',
- system => 'yes',
+ ensure => 'present',
+ comment => 'pm2 owner',
+ system => 'yes',
+ managehome => 'yes',
}
+
group {
default:
ensure => 'present';
@@ -48,17 +57,24 @@ class folioscripts::foliofront {
Group <| title == 'ssl-cert' |> { members +> ['andfa93', 'pm2runner', 'hakan95', 'hakjo91'] }
- file { '/opt/liu/foliofront':
- ensure => directory,
- owner => 'andfa93',
- group => 'api',
- mode => '0775',
+ file {
+ [
+ $basedir,
+ "${$basedir}/data",
+ "${$basedir}/data/logs",
+ "${$basedir}/data/resetpintokens",
+ ]:
+ ensure => directory,
+ owner => 'andfa93',
+ group => 'api',
+ mode => '0775',
}
vcsrepo { '/opt/liu/foliofront/foliofront-node-root':
ensure => latest,
provider => git,
source => 'https://git:glpat-F5y74GSXSm6FrQBD5wM5@gitlab.liu.se/ub-utveckling/webb/folio-projekt/foliofront-node-root.git',
+ revision => 'develop',
notify => [Exec['do npm install of foliofront'],],
}
@@ -75,15 +91,36 @@ class folioscripts::foliofront {
require => [Vcsrepo['/opt/liu/foliofront/foliofront-node-root'],],
}
+ file { '/opt/liu/foliofront/foliofront-node-root/.env':
+ ensure => file,
+ group => 'api',
+ mode => '0750',
+ content => lookup('ub_folio::foliofront.env',undef,undef,'"env" key not found in hiera data'),
+ require => [Vcsrepo['/opt/liu/foliofront/foliofront-node-root'],],
+ }
+
systemd::manage_unit { 'foliofront.service':
unit_entry => {
'Description' => 'Run the foliofront node application',
},
service_entry => {
- 'Type' => 'simple',
- 'ExecStart' => '',
- 'User' => 'postgres',
+ 'Type' => 'simple',
+ 'User' => 'pm2runner',
+ 'ExecStart' => 'npm run start development',
+ 'WorkingDirectory' => '/opt/liu/foliofront/foliofront-node-root',
},
+ install_entry => {
+ 'WantedBy' => 'multi-user.target',
+ },
+ enable => true,
+ active => true,
+ require => [Vcsrepo['/opt/liu/foliofront/foliofront-node-root'],],
+ }
+
+ service { 'foliofront':
+ ensure => 'running',
+ enable => true,
+ require => [Systemd::Manage_unit['foliofront.service'],],
}
user { 'folio-cron':
@@ -143,50 +180,38 @@ class folioscripts::foliofront {
# lint:endignore
}
- if fact('server_firewall_provider') == 'firewalld' {
- server_firewall::address_set { 'vpn':
- addresses => [
- '130.236.110.0/24',
- '10.240.0.0/12',
- ],
- }
-
- firewalld_rich_rule { 'Access ssh from VPN':
- service => 'ssh',
- family => 'ipv4',
- zone => 'liu',
- action => 'accept',
- source => { 'ipset' => 'vpn_v4', },
- }
-
- firewalld_service {
- default:
- ensure => present,
- zone => 'public';
- 'Apache web http public access':
- service => 'http';
- 'Apache web https public access':
- service => 'https';
- }
-
- firewalld_service {
- default:
- ensure => present,
- zone => 'liu';
- 'Apache web http liu access':
- service => 'http';
- 'Apache web https liu access':
- service => 'https';
- }
- } else {
- server_firewall::rules_file { '59-permit_vpn_ssh.rules':
- content => file("${module_name}/permit_vpn_ssh.rules"),
- }
- server_firewall::rules_file { '58-permit_api.rules':
- content => file("${module_name}/permit_api.rules"),
- }
- server_firewall::rules_file { '57-permit_www.rules':
- content => file("${module_name}/permit_www.rules"),
- }
+ server_firewall::address_set { 'vpn':
+ addresses => [
+ '130.236.110.0/24',
+ '10.240.0.0/12',
+ ],
+ }
+
+ firewalld_rich_rule { 'Access ssh from VPN':
+ service => 'ssh',
+ family => 'ipv4',
+ zone => 'liu',
+ action => 'accept',
+ source => { 'ipset' => 'vpn_v4', },
+ }
+
+ firewalld_service {
+ default:
+ ensure => present,
+ zone => 'public';
+ 'Apache web http public access':
+ service => 'http';
+ 'Apache web https public access':
+ service => 'https';
+ }
+
+ firewalld_service {
+ default:
+ ensure => present,
+ zone => 'liu';
+ 'Apache web http liu access':
+ service => 'http';
+ 'Apache web https liu access':
+ service => 'https';
}
}
diff --git a/metadata.json b/metadata.json
index 7eef7b3e52fed3ce871163f7f7fa2bf0d26f8d49..1edebc2a7cb9cee9910066ae0c45a09cbd37922a 100644
--- a/metadata.json
+++ b/metadata.json
@@ -1,5 +1,5 @@
{
- "name": "liuit-folioscripts",
+ "name": "liuit-ub_folio",
"version": "0.1.0",
"author": "LiU-IT",
"summary": "",
@@ -47,7 +47,7 @@
"version_requirement": ">= 7.24 < 9.0.0"
}
],
- "pdk-version": "3.0.1",
+ "pdk-version": "3.2.0",
"template-url": "https://gitlab.it.liu.se/puppet-infra/pdk-templates.git#liu",
- "template-ref": "heads/liu-0-g522eb00"
+ "template-ref": "heads/liu-0-g4d4e981"
}
diff --git a/spec/classes/foliofront_spec.rb b/spec/classes/foliofront_spec.rb
index ecf888ca133a3943ddf9e1e8fa9a0be92df31858..705baffe10e23e0a39cde5db8eadd91831db06c1 100644
--- a/spec/classes/foliofront_spec.rb
+++ b/spec/classes/foliofront_spec.rb
@@ -2,7 +2,7 @@
require 'spec_helper'
-describe 'folioscripts::foliofront' do
+describe 'ub_folio::foliofront' do
on_supported_os.each do |os, os_facts|
context "on #{os}" do
let(:facts) { os_facts }
diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
index 3f9a6c717863bd2eb4bdd13cf9c6b0399fe09129..85b88af530645da8727b70e7687ed73088309393 100644
--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@@ -28,7 +28,8 @@ default_fact_files.each do |f|
next unless File.exist?(f) && File.readable?(f) && File.size?(f)
begin
- default_facts.merge!(YAML.safe_load(File.read(f), permitted_classes: [], permitted_symbols: [], aliases: true))
+ require 'deep_merge'
+ default_facts.deep_merge!(YAML.safe_load(File.read(f), permitted_classes: [], permitted_symbols: [], aliases: true))
rescue StandardError => e
RSpec.configuration.reporter.message "WARNING: Unable to load #{f}: #{e}"
end
@@ -36,7 +37,7 @@ end
# read default_facts and merge them over what is provided by facterdb
default_facts.each do |fact, value|
- add_custom_fact fact, value
+ add_custom_fact fact, value, merge_facts: true
end
RSpec.configure do |c|
diff --git a/templates/env.epp b/templates/env.epp
new file mode 100644
index 0000000000000000000000000000000000000000..de7ed483792375951cbccce7eecea93e1d4ec18f
--- /dev/null
+++ b/templates/env.epp
@@ -0,0 +1,12 @@
+<%- |
+ Stdlib::Absolutepath $basedirectory,
+ String[1] $username,
+ Sensitive[String[1]] $password,
+ | -%>
+X_OKAPI_TENANT=liuaf
+SESSION_SECRET=session_secret
+admin_user=<%= $username %>
+admin_pwd=<%= $password %>
+ROOT_FOLDER="<%= $basedirectory %>"
+LOGS_FOLDER="data/logs/"
+TOKEN_FOLDER="data/resetpintokens/"