diff options
Diffstat (limited to 'global/overlay/etc/puppet/modules/catlfish/manifests')
5 files changed, 102 insertions, 0 deletions
diff --git a/global/overlay/etc/puppet/modules/catlfish/manifests/frontend.pp b/global/overlay/etc/puppet/modules/catlfish/manifests/frontend.pp new file mode 100644 index 0000000..c9ef122 --- /dev/null +++ b/global/overlay/etc/puppet/modules/catlfish/manifests/frontend.pp @@ -0,0 +1,43 @@ +define catlfish::frontend( + $logname = undef, + $image = 'docker.sunet.se/ctct/catlfish-dev', + $version = 'latest' +) +{ + $base = '/var/local/db' + $db = ""${base}/${logname}" + file {$base: ensure => directory } -> + file {$db: ensure => directory } -> + sunet::docker_run{"${name}_varnish": + image => "docker.sunet.se/varnish", + imagetag => "latest", + env => ["BACKEND_PORT=tcp://${name}_frontend.docker:8080"], + ports => ["80:80"], + } -> + sunet::docker_run{"${name}_stud": + image => "docker.sunet.se/stud", + imagetag => "latest", + volumes => ["/etc/ssl:/etc/ssl"], + env => ["BACKEND_PORT=tcp://${name}_varnish.docker:80"], + ports => ["443:443"] + } -> + sunet::docker_run {"${name}_catlfish": + image => $image, + imagetag => $version, + ports => ["8080:8080","8082:8082"], + volumes => ["/usr/local/etc/catlfish:/usr/local/etc/catlfish:ro","${db}:/var/local/db/catlfish"], + command => ["frontend ${name} ${logname}"] + } -> + ufw::allow { "${name}-allow-http": + ip => 'any', + port => 80 + } -> + ufw::allow { "${name}-allow-https": + ip => 'any', + port => 443 + } -> + ufw:allow { "${name}-allow-8082-acl0": + ip => '130.242.125.0/24', + port => 8082 + } +} diff --git a/global/overlay/etc/puppet/modules/catlfish/manifests/init.pp b/global/overlay/etc/puppet/modules/catlfish/manifests/init.pp new file mode 100644 index 0000000..bb74f74 --- /dev/null +++ b/global/overlay/etc/puppet/modules/catlfish/manifests/init.pp @@ -0,0 +1 @@ +class catlfish {} diff --git a/global/overlay/etc/puppet/modules/catlfish/manifests/merge.pp b/global/overlay/etc/puppet/modules/catlfish/manifests/merge.pp new file mode 100644 index 0000000..2a54724 --- /dev/null +++ b/global/overlay/etc/puppet/modules/catlfish/manifests/merge.pp @@ -0,0 +1,18 @@ +define catlfish::merge( + $logname = undef, + $image = 'docker.sunet.se/ctct/catlfish-dev', + $version = 'latest' +) +{ + $base = '/var/local/db' + $db = ""${base}/${logname}" + file {$base: ensure => directory } -> + file {$db: ensure => directory } -> + sunet::docker_run {"${name}_catlfish": + image => $image, + env => ["MERGE_EXTRA_ARGS=--timing","MERGE_DB_DIR=/var/local/db/catlfish"], + imagetag => $version, + volumes => ["/usr/local/etc/catlfish/${name}:/usr/local/etc/catlfish:ro","${db}:/var/local/db/catlfish"], + command => ["merge ${name} ${logname}"] + } +} diff --git a/global/overlay/etc/puppet/modules/catlfish/manifests/signing.pp b/global/overlay/etc/puppet/modules/catlfish/manifests/signing.pp new file mode 100644 index 0000000..70f1d87 --- /dev/null +++ b/global/overlay/etc/puppet/modules/catlfish/manifests/signing.pp @@ -0,0 +1,18 @@ +define catlfish::signing( + $logname = undef, + $image = 'docker.sunet.se/ctct/catlfish-dev-lunahsm', + $version = 'latest' +) +{ + sunet::docker_run {"${name}_catlfish": + image => $image, + imagetag => $version, + volumes => ["/usr/local/etc/catlfish:/usr/local/etc/catlfish:ro"], + ports => ["8188:8188"], + command => ["signing ${name} ${logname}"] + } + ufw:allow { "${name}-allow-8188-acl0": + ip => '130.242.125.0/24', + port => 8081 + } +} diff --git a/global/overlay/etc/puppet/modules/catlfish/manifests/storage.pp b/global/overlay/etc/puppet/modules/catlfish/manifests/storage.pp new file mode 100644 index 0000000..f7b7de5 --- /dev/null +++ b/global/overlay/etc/puppet/modules/catlfish/manifests/storage.pp @@ -0,0 +1,22 @@ +define catlfish::storage( + $logname = undef, + $image = 'docker.sunet.se/ctct/catlfish-dev', + $version = 'latest' +) +{ + $base = '/var/local/db' + $db = "${base}/${logname}" + file {$base: ensure => directory } -> + file {$db: ensure => directory } -> + sunet::docker_run {"${name}_catlfish": + image => $image, + imagetag => $version, + volumes => ["/usr/local/etc/catlfish:/usr/local/etc/catlfish:ro","${db}:/var/local/db/catlfish"], + ports => ["8081:8081"], + command => ["storage ${name} ${logname}"] + } + ufw:allow { "${name}-allow-8081-acl0": + ip => '130.242.125.0/24', + port => 8081 + } +} |