summaryrefslogtreecommitdiff
path: root/global/overlay/etc/puppet/manifests/cosmos-site.pp
diff options
context:
space:
mode:
authorLeif Johansson <leifj@sunet.se>2015-04-01 08:58:59 +0200
committerLeif Johansson <leifj@sunet.se>2015-04-01 08:58:59 +0200
commit8b5d4875013efe18cffcd91a38fd201e82a92246 (patch)
treeb16355ad6e1ea14043daa5cde889741e9ddcc9f3 /global/overlay/etc/puppet/manifests/cosmos-site.pp
parent82194de4656c118f28365db83f22d50f286fbd18 (diff)
parent5cb9279fd0472bec59f5430786a6c684854bcf6f (diff)
Merge branch 'master' of git.nordu.net:sunet-ops
Diffstat (limited to 'global/overlay/etc/puppet/manifests/cosmos-site.pp')
-rw-r--r--global/overlay/etc/puppet/manifests/cosmos-site.pp63
1 files changed, 55 insertions, 8 deletions
diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index a519ccf..92e3804 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -697,17 +697,64 @@ node 'cdr1.sunet.se' {
}
node 'sto-tug-kvm2.swamid.se' {
- docker::image {'docker.sunet.se/flog/postgresql-9.3': }
- file {'/opt/docker/postgresql_data':
- ensure => 'directory',
- }
+ #class { 'fail2ban': }
+ file {'/var/docker':
+ ensure => 'directory',
+ } ->
+ sunet::system_user {'postgres-system-user':
+ username => 'postgres',
+ group => 'postgres',
+ } ->
+ sunet::add_user_to_group { 'postgres_ssl_cert_access':
+ username => 'postgres',
+ group => 'ssl-cert',
+ } ->
+ sunet::system_user {'www-data-system-user':
+ username => 'www-data',
+ group => 'www-data',
+ } ->
+ file {'/var/docker/postgresql_data':
+ ensure => 'directory',
+ owner => 'postgres',
+ group => 'postgres',
+ mode => '0700',
+ } ->
file {'/var/log/flog_db':
ensure => 'directory',
- }
- docker::run {'flog_db':
+ owner => 'root',
+ group => 'postgres',
+ mode => '1775',
+ } ->
+ file {'/var/postgresbackup':
+ ensure => 'directory',
+ owner => 'root',
+ group => 'postgres',
+ mode => '1775',
+ } ->
+ file {'/var/log/flog_app':
+ ensure => 'directory',
+ owner => 'root',
+ group => 'www-data',
+ mode => '1775',
+ } ->
+ file {'/var/log/flog_cron':
+ ensure => 'directory',
+ owner => 'root',
+ group => 'www-data',
+ mode => '1775',
+ } ->
+ sunet::docker_run {'flog_db':
image => 'docker.sunet.se/flog/postgresql-9.3',
- use_name => true,
- volumes => ['/opt/docker/postgresql_data/:/var/lib/postgresql/','/var/log/flog_db/:/var/log/postgresql/'],
+ volumes => ['/opt/flog/postgres/ssl:/etc/ssl', '/var/docker/postgresql_data/:/var/lib/postgresql/','/var/log/flog_db/:/var/log/postgresql/'],
+ } ->
+ sunet::docker_run {'flog_app':
+ image => 'docker.sunet.se/flog/flog_app',
+ volumes => ['/opt/flog/dotenv:/opt/flog/.env','/var/log/flog/:/opt/flog/logs/'],
+ } ->
+ sunet::docker_run {'flog_nginx':
+ image => 'docker.sunet.se/flog/nginx',
+ ports => ['80:80', '443:443'],
+ volumes => ['/opt/flog/nginx/sites-enabled/:/etc/nginx/sites-enabled/','/opt/flog/nginx/certs/:/etc/nginx/certs', '/var/log/flog_nginx/:/var/log/nginx'],
}
}