summaryrefslogtreecommitdiff
path: root/global/overlay/etc/puppet/modules/sunet/manifests
diff options
context:
space:
mode:
Diffstat (limited to 'global/overlay/etc/puppet/modules/sunet/manifests')
-rw-r--r--global/overlay/etc/puppet/modules/sunet/manifests/add_user_to_group.pp7
-rw-r--r--global/overlay/etc/puppet/modules/sunet/manifests/cloudimage.pp38
-rw-r--r--global/overlay/etc/puppet/modules/sunet/manifests/docker_run.pp46
-rw-r--r--global/overlay/etc/puppet/modules/sunet/manifests/dockerhost.pp56
-rw-r--r--global/overlay/etc/puppet/modules/sunet/manifests/encrypted_swap.pp12
-rw-r--r--global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp44
-rw-r--r--global/overlay/etc/puppet/modules/sunet/manifests/ethernet_bonding.pp19
-rw-r--r--global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp14
-rw-r--r--global/overlay/etc/puppet/modules/sunet/manifests/flog.pp82
-rw-r--r--global/overlay/etc/puppet/modules/sunet/manifests/ici_ca.pp38
-rw-r--r--global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp49
-rw-r--r--global/overlay/etc/puppet/modules/sunet/manifests/server.pp91
-rw-r--r--global/overlay/etc/puppet/modules/sunet/manifests/system_user.pp22
-rw-r--r--global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp53
14 files changed, 0 insertions, 571 deletions
diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/add_user_to_group.pp b/global/overlay/etc/puppet/modules/sunet/manifests/add_user_to_group.pp
deleted file mode 100644
index 348d9c5..0000000
--- a/global/overlay/etc/puppet/modules/sunet/manifests/add_user_to_group.pp
+++ /dev/null
@@ -1,7 +0,0 @@
-# Add a user to a group
-define sunet::add_user_to_group($username, $group) {
- exec {"add_user_${username}_to_group_${group}_exec":
- command => "adduser --quiet $username $group",
- path => ['/usr/local/sbin', '/usr/local/bin', '/usr/sbin', '/usr/bin', '/sbin', '/bin', ],
- }
-}
diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/cloudimage.pp b/global/overlay/etc/puppet/modules/sunet/manifests/cloudimage.pp
deleted file mode 100644
index d6400d7..0000000
--- a/global/overlay/etc/puppet/modules/sunet/manifests/cloudimage.pp
+++ /dev/null
@@ -1,38 +0,0 @@
-define sunet::cloudimage (
- $image_url = "https://cloud-images.ubuntu.com/trusty/current/trusty-server-cloudimg-amd64-disk1.img",
- $dhcp = true,
- $size = "1G",
- $bridge = "br0",
- $memory = "1024",
- $cpus = "1",
- $resolver = undef,
- $ip = undef,
- $netmask = undef,
- $gateway = undef,
- $ip6 = undef,
- $netmask6 = "64",
- $gateway6 = undef,
- $tagpattern = undef,
- $repo = undef
-)
-{
- package {'mtools': ensure => latest }
- package {'libvirt-bin': ensure => latest }
- package {'uuid-runtime': ensure => latest }
- package {'virtinst': ensure => latest }
-
- $image_url_a = split($image_url,"/")
- $image_name = $image_url_a[-1]
- $image_src = "/var/lib/libvirt/images/${image_name}"
- file { "/var/lib/libvirt/images/${name}": ensure => directory } ->
- exec {"wget -O${image_src} ${image_url}":
- onlyif => "test ! -f ${image_src}"
- }
- file { "/var/lib/libvirt/images/${name}/${name}-init.sh":
- content => template("sunet/cloudimage/mk_cloud_image.erb"),
- mode => "0755"
- } ->
- exec { "/var/lib/libvirt/images/${name}/${name}-init.sh":
- onlyif => "test ! -f /var/lib/libvirt/images/${name}/${name}.img"
- }
-}
diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/docker_run.pp b/global/overlay/etc/puppet/modules/sunet/manifests/docker_run.pp
deleted file mode 100644
index 4b56a03..0000000
--- a/global/overlay/etc/puppet/modules/sunet/manifests/docker_run.pp
+++ /dev/null
@@ -1,46 +0,0 @@
-# Common use of docker::run
-define sunet::docker_run(
- $image,
- $imagetag = hiera('sunet_docker_default_tag', 'latest'),
- $volumes = [],
- $ports = [],
- $env = [],
- $net = 'bridge',
- $extra_parameters = [],
- $command = "",
- $hostname = undef,
-) {
-
- # Make container use unbound resolver on dockerhost
- # If docker was just installed, facter will not know the IP of docker0. Thus the pick.
- $dns = $net ? {
- 'host' => [], # docker refuses --dns with --net host
- default => [pick($::ipaddress_docker0, '172.17.42.1')],
- }
-
- $image_tag = "${image}:${imagetag}"
- docker::image { $image_tag : } ->
-
- docker::run {$name :
- use_name => true,
- image => $image_tag,
- volumes => flatten([$volumes,
- '/etc/passwd:/etc/passwd:ro', # uid consistency
- '/etc/group:/etc/group:ro', # gid consistency
- ]),
- hostname => $hostname,
- ports => $ports,
- env => $env,
- net => $net,
- extra_parameters => flatten([$extra_parameters,
- '--rm',
- ]),
- dns => $dns,
- verify_checksum => false, # Rely on registry security for now. eduID risk #31.
- command => $command,
- pre_start => 'run-parts /usr/local/etc/docker.d',
- post_start => 'run-parts /usr/local/etc/docker.d',
- pre_stop => 'run-parts /usr/local/etc/docker.d',
- }
-
-}
diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/dockerhost.pp b/global/overlay/etc/puppet/modules/sunet/manifests/dockerhost.pp
deleted file mode 100644
index 67f75f9..0000000
--- a/global/overlay/etc/puppet/modules/sunet/manifests/dockerhost.pp
+++ /dev/null
@@ -1,56 +0,0 @@
-# Install docker from https://get.docker.com/ubuntu
-class sunet::dockerhost {
- apt::source {'docker_official':
- location => 'https://get.docker.com/ubuntu',
- release => 'docker',
- repos => 'main',
- key => 'A88D21E9',
- include_src => false
- }
- package {'lxc-docker':
- ensure => latest,
- }
-
- class {'docker':
- manage_package => false,
- }
-
- package { 'unbound': ensure => 'latest' }
- service { 'unbound': ensure => 'running' }
-
- file { '/usr/local/etc/docker.d/20unbound':
- ensure => file,
- path => '/usr/local/etc/docker.d/20unbound',
- mode => '0755',
- content => template('sunet/dockerhost/20unbound.erb'),
- }
-
- file { '/etc/logrotate.d/docker-containers':
- ensure => file,
- path => '/etc/logrotate.d/docker-containers',
- mode => '0644',
- content => template('sunet/dockerhost/logrotate_docker-containers.erb'),
- }
-
- file { '/etc/unbound/unbound.conf.d/docker.conf':
- ensure => file,
- path => '/etc/unbound/unbound.conf.d/docker.conf',
- mode => '0644',
- content => template('sunet/dockerhost/unbound_docker.conf.erb'),
- notify => Service['unbound'],
- }
-
- ufw::allow { 'allow-docker-resolving_udp':
- port => '53',
- ip => $::ipaddress_docker0, # both IPv4 and IPv6
- from => '172.16.0.0/12',
- proto => 'udp',
- }
- ufw::allow { 'allow-docker-resolving_tcp':
- port => '53',
- ip => $::ipaddress_docker0, # both IPv4 and IPv6
- from => '172.16.0.0/12',
- proto => 'tcp',
- }
-
-}
diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/encrypted_swap.pp b/global/overlay/etc/puppet/modules/sunet/manifests/encrypted_swap.pp
deleted file mode 100644
index 9956e00..0000000
--- a/global/overlay/etc/puppet/modules/sunet/manifests/encrypted_swap.pp
+++ /dev/null
@@ -1,12 +0,0 @@
-define sunet::encrypted_swap() {
-
- package { 'ecryptfs-utils':
- ensure => 'installed'
- } ->
-
- exec {'sunet_ecryptfs_setup_swap':
- command => '/usr/bin/ecryptfs-setup-swap -f',
- onlyif => 'grep swap /etc/fstab | grep -ve ^# -e cryptswap | grep -q swap',
- }
-
-}
diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
deleted file mode 100644
index a80d355..0000000
--- a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
+++ /dev/null
@@ -1,44 +0,0 @@
-define sunet::etcd_node(
- $disco_url = undef,
- $etcd_version = 'v2.0.8',
- $proxy = true
-)
-{
- include stdlib
-
- file { ["/data/${name}","/data/${name}/${::hostname}"]: ensure => 'directory' }
- $common_args = ["--discovery ${disco_url}",
- "--name ${::hostname}",
- "--data-dir /data",
- "--key-file /etc/ssl/private/${::fqdn}_infra.key",
- "--ca-file /etc/ssl/certs/infra.crt",
- "--cert-file /etc/ssl/certs/${::fqdn}_infra.crt"]
- if $proxy {
- $args = concat($common_args,["--proxy on","--listen-client-urls http://0.0.0.0:4001,http://0.0.0.0:2379"])
- } else {
- $args = concat($common_args,["--initial-advertise-peer-urls http://${::ipaddress_eth1}:2380",
- "--advertise-client-urls http://${::ipaddress_eth1}:2379",
- "--listen-peer-urls http://0.0.0.0:2380",
- "--listen-client-urls http://0.0.0.0:4001,http://0.0.0.0:2379",
- "--peer-key-file /etc/ssl/private/${::fqdn}_infra.key",
- "--peer-ca-file /etc/ssl/certs/infra.crt",
- "--peer-cert-file /etc/ssl/certs/${::fqdn}_infra.crt"])
- }
- sunet::docker_run { "etcd_${name}":
- image => 'quay.io/coreos/etcd',
- imagetag => $etcd_version,
- volumes => ["/data/${name}:/data","/etc/ssl:/etc/ssl"],
- command => join($args," "),
- ports => ["${::ipaddress_eth1}:2380:2380","${::ipaddress_eth1}:2379:2379","${::ipaddress_docker0}:4001:2379"]
- }
- if !$proxy {
- ufw::allow { "allow-etcd-peer":
- ip => "${::ipaddress_eth1}",
- port => 2380
- }
- ufw::allow { "allow-etcd-client":
- ip => "${::ipaddress_eth1}",
- port => 2379
- }
- }
-}
diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/ethernet_bonding.pp b/global/overlay/etc/puppet/modules/sunet/manifests/ethernet_bonding.pp
deleted file mode 100644
index 8ff7325..0000000
--- a/global/overlay/etc/puppet/modules/sunet/manifests/ethernet_bonding.pp
+++ /dev/null
@@ -1,19 +0,0 @@
-define sunet::ethernet_bonding() {
- # Set up prerequisites for Ethernet LACP bonding of eth0 and eth1,
- # for all physical hosts that are running Ubuntu.
- #
- # Bonding requires setup in /etc/network/interfaces as well.
- #
- if $::is_virtual == 'false' and $::operatingsystem == 'Ubuntu' {
- if $::operatingsystemrelease <= '12.04' {
- package {'ifenslave': ensure => 'present' }
- } else {
- package {'ifenslave-2.6': ensure => 'present' }
- }
-
- file_line { 'load_module_at_boot':
- path => '/etc/modules',
- line => 'bonding',
- }
- }
-}
diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp b/global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp
deleted file mode 100644
index 01a9662..0000000
--- a/global/overlay/etc/puppet/modules/sunet/manifests/fail2ban.pp
+++ /dev/null
@@ -1,14 +0,0 @@
-class sunet::fail2ban {
-
- package {'fail2ban':
- ensure => 'latest'
- } ->
- service {'fail2ban':
- ensure => 'running'
- }
- exec {"fail2ban_defaults":
- refreshonly => true,
- subscribe => Service['fail2ban'],
- command => "sleep 5; /usr/bin/fail2ban-client set ssh bantime 600800"
- }
-}
diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/flog.pp b/global/overlay/etc/puppet/modules/sunet/manifests/flog.pp
deleted file mode 100644
index 553e83b..0000000
--- a/global/overlay/etc/puppet/modules/sunet/manifests/flog.pp
+++ /dev/null
@@ -1,82 +0,0 @@
-class sunet::flog {
-
- $postgres_password = hiera('flog_postgres_password', 'NOT_SET_IN_HIERA')
-
- file {'/var/docker':
- ensure => 'directory',
- } ->
- sunet::system_user {'postgres-system-user':
- username => 'postgres',
- group => 'postgres',
- } ->
- sunet::add_user_to_group { 'postgres_ssl_cert_access':
- username => 'postgres',
- group => 'ssl-cert',
- } ->
- sunet::system_user {'www-data-system-user':
- username => 'www-data',
- group => 'www-data',
- } ->
- sunet::system_user {'memcache-system-user':
- username => 'memcache',
- group => 'memcache',
- } ->
- file {'/var/docker/postgresql_data':
- ensure => 'directory',
- owner => 'postgres',
- group => 'root',
- mode => '0770',
- } ->
- file {'/var/docker/postgresql_data/backup':
- ensure => 'directory',
- owner => 'postgres',
- group => 'root',
- mode => '0770',
- } ->
- file {'/var/log/flog_db':
- ensure => 'directory',
- owner => 'root',
- group => 'postgres',
- mode => '1775',
- } ->
- file {'/var/log/flog_app':
- ensure => 'directory',
- owner => 'root',
- group => 'www-data',
- mode => '1775',
- } ->
- file {'/var/log/flog_cron':
- ensure => 'directory',
- owner => 'root',
- group => 'www-data',
- mode => '1775',
- } ->
- file { "/opt/flog/nginx/certs/flog.sunet.se.key":
- ensure => file,
- path => "/opt/flog/nginx/certs/flog.sunet.se.key",
- mode => '0640',
- content => hiera('server_cert_key', 'NOT_SET_IN_HIERA'),
- } ->
- file { "/opt/flog/dotenv":
- ensure => file,
- path => "/opt/flog/dotenv",
- mode => '0640',
- content => template('sunet/flog/dotenv.erb'),
- } ->
- sunet::docker_run {'flog_db':
- image => 'docker.sunet.se/flog/postgresql-9.3',
- volumes => ['/etc/ssl:/etc/ssl', '/var/docker/postgresql_data/:/var/lib/postgresql/','/var/log/flog_db/:/var/log/postgresql/'],
- } ->
- sunet::docker_run {'flog_app':
- image => 'docker.sunet.se/flog/flog_app',
- volumes => ['/opt/flog/dotenv:/opt/flog/.env','/var/log/flog/:/opt/flog/logs/'],
- } ->
- sunet::docker_run {'memcached':
- image => 'docker.sunet.se/library/memcached',
- } ->
- sunet::docker_run {'flog_nginx':
- image => 'docker.sunet.se/flog/nginx',
- ports => ['80:80', '443:443'],
- volumes => ['/opt/flog/nginx/sites-enabled/:/etc/nginx/sites-enabled/','/opt/flog/nginx/certs/:/etc/nginx/certs', '/var/log/flog_nginx/:/var/log/nginx'],
- }
-}
diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/ici_ca.pp b/global/overlay/etc/puppet/modules/sunet/manifests/ici_ca.pp
deleted file mode 100644
index 3658142..0000000
--- a/global/overlay/etc/puppet/modules/sunet/manifests/ici_ca.pp
+++ /dev/null
@@ -1,38 +0,0 @@
-define sunet::ici_ca($pkcs11_module="/usr/lib/softhsm/libsofthsm.so",
- $pkcs11_pin=undef,
- $pkcs11_key_slot="0",
- $pkcs11_key_id="abcd",
- $autosign_dir=undef,
- $autosign_type="peer",
- $public_repo_url=undef,
- $public_repo_dir=undef)
-{
- apt::ppa {'ppa:leifj/ici': } ->
- package { 'ici': ensure => latest } ->
- exec { '${name}_setup_ca':
- command => "/usr/bin/ici ${name} init",
- creates => "/var/lib/ici/${name}"
- } ->
- file { '${name}_ca_config':
- path => "/var/lib/ici/${name}/ca.config",
- content => template("sunet/ici_ca/ca.config.erb")
- }
- if $public_repo_dir and $public_repo_url {
- cron {'ici_publish':
- command => "test -f /var/lib/ici/${name}/ca.crt && /usr/bin/ici ${name} gencrl && /usr/bin/ici ${name} publish ${public_repo_dir}",
- user => "root",
- minute => "*/5"
- }
- }
-}
-
-define sunet::ici_ca::autosign($ca=undef,
- $autosign_dir=undef,
- $autosign_type="client")
-{
- cron {"ici_autosign_${name}":
- command => "test -f /var/lib/ici/${ca}/ca.crt && /usr/bin/ici ${ca} issue -t ${autosign_type} -d 365 --copy-extensions ${autosign_dir}",
- user => "root",
- minute => "*/5"
- }
-}
diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp b/global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp
deleted file mode 100644
index 91ccf6c..0000000
--- a/global/overlay/etc/puppet/modules/sunet/manifests/nagios.pp
+++ /dev/null
@@ -1,49 +0,0 @@
-class sunet::nagios {
-
- $nagios_ip_v4 = hiera('nagios_ip_v4', '109.105.111.111')
- $nagios_ip_v6 = hiera('nagios_ip_v6', '2001:948:4:6::111')
- $allowed_hosts = "${nagios_ip_v4},${nagios_ip_v6}"
-
- package {'nagios-nrpe-server':
- ensure => 'installed',
- }
- service {'nagios-nrpe-server':
- ensure => 'running',
- enable => 'true',
- require => Package['nagios-nrpe-server'],
- }
- file { "/etc/nagios/nrpe.cfg" :
- notify => Service['nagios-nrpe-server'],
- ensure => 'file',
- mode => '0640',
- group => 'nagios',
- require => Package['nagios-nrpe-server'],
- content => template('sunet/nagioshost/nrpe.cfg.erb'),
- }
- file { "/usr/lib/nagios/plugins/check_uptime.pl" :
- ensure => 'file',
- mode => '0751',
- group => 'nagios',
- require => Package['nagios-nrpe-server'],
- content => template('sunet/nagioshost/check_uptime.pl.erb'),
- }
- file { "/usr/lib/nagios/plugins/check_reboot" :
- ensure => 'file',
- mode => '0751',
- group => 'nagios',
- require => Package['nagios-nrpe-server'],
- content => template('sunet/nagioshost/check_reboot.erb'),
- }
- ufw::allow { "allow-nrpe-v4":
- from => "${nagios_ip_v4}",
- ip => 'any',
- proto => 'tcp',
- port => 5666
- }
- ufw::allow { "allow-nrpe-v6":
- from => "${nagios_ip_v6}",
- ip => 'any',
- proto => 'tcp',
- port => 5666
- }
-}
diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/server.pp b/global/overlay/etc/puppet/modules/sunet/manifests/server.pp
deleted file mode 100644
index d89302f..0000000
--- a/global/overlay/etc/puppet/modules/sunet/manifests/server.pp
+++ /dev/null
@@ -1,91 +0,0 @@
-define sunet::server() {
-
- # fail2ban
- class { 'sunet::fail2ban': }
-
- # Set up encrypted swap
- sunet::encrypted_swap { 'sunet_encrypted_swap': }
-
- # Add prerequisites for ethernet bonding, if physical server
- sunet::ethernet_bonding { 'sunet_ethernet_bonding': }
-
-# Removed until SWAMID hosts can have their ufw module updated / ft
-# # Ignore IPv6 multicast
-# ufw::deny { 'ignore_v6_multicast':
-# ip => 'ff02::1',
-# proto => 'any' # 'ufw' has a hard-coded list of protocols, which does not include 'ipv6-icmp' :(
-# }
-
-# # Ignore IPv6 multicast PIM router talk
-# ufw::deny { 'ignore_v6_multicast_PIM':
-# ip => 'ff02::d',
-# proto => 'any' # 'ufw' has a hard-coded list of protocols, which does not include 'ipv6-icmp' :(
-# }
-
- include augeas
- augeas { "sshd_config":
- context => "/files/etc/ssh/sshd_config",
- changes => [
- "set PasswordAuthentication no",
- "set X11Forwarding no",
- "set LogLevel VERBOSE", # log pubkey used for root login
- ],
- notify => Service['ssh'],
- } ->
- file_line {
- 'no_sftp_subsystem':
- path => '/etc/ssh/sshd_config',
- match => 'Subsystem sftp /usr/lib/openssh/sftp-server',
- line => '#Subsystem sftp /usr/lib/openssh/sftp-server',
- notify => Service['ssh'],
- }
-
- # already declared in puppet-cosmos/manifests/ntp.pp
- #service { 'ntp':
- # ensure => 'running',
- #}
-
- # Don't use pool.ntp.org servers, but rather DHCP provided NTP servers
- line { 'no_pool_ntp_org_servers':
- file => '/etc/ntp.conf',
- line => '^server .*\.pool\.ntp\.org',
- ensure => 'comment',
- notify => Service['ntp'],
- }
-
- file { '/var/cache/scriptherder':
- ensure => 'directory',
- path => '/var/cache/scriptherder',
- mode => '1777', # like /tmp, so user-cronjobs can also use scriptherder
- }
-
-
-}
-
-# from http://projects.puppetlabs.com/projects/puppet/wiki/Simple_Text_Patterns/5
-define line($file, $line, $ensure = 'present') {
- case $ensure {
- default : { err ( "unknown ensure value ${ensure}" ) }
- present: {
- exec { "/bin/echo '${line}' >> '${file}'":
- unless => "/bin/grep -qFx '${line}' '${file}'"
- }
- }
- absent: {
- exec { "/usr/bin/perl -ni -e 'print unless /^\\Q${line}\\E\$/' '${file}'":
- onlyif => "/bin/grep -qFx '${line}' '${file}'"
- }
- }
- uncomment: {
- exec { "/bin/sed -i -e'/${line}/s/^#\\+//' '${file}'":
- onlyif => "/bin/grep '${line}' '${file}' | /bin/grep '^#' | /usr/bin/wc -l"
- }
- }
- comment: {
- exec { "/bin/sed -i -e'/${line}/s/^\\(.\\+\\)$/#\\1/' '${file}'":
- onlyif => "/usr/bin/test `/bin/grep '${line}' '${file}' | /bin/grep -v '^#' | /usr/bin/wc -l` -ne 0"
- }
- }
- }
-
-}
diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/system_user.pp b/global/overlay/etc/puppet/modules/sunet/manifests/system_user.pp
deleted file mode 100644
index 819ef4a..0000000
--- a/global/overlay/etc/puppet/modules/sunet/manifests/system_user.pp
+++ /dev/null
@@ -1,22 +0,0 @@
-define sunet::system_user(
- $username,
- $group,
- $system = true,
- $shell = '/bin/false'
- ) {
-
- user { $username :
- ensure => present,
- name => $username,
- membership => minimum,
- system => $system,
- require => Group[ $group ],
- shell => $shell,
- }
-
- group { $group :
- ensure => present,
- name => $group,
- }
-
-}
diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp b/global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp
deleted file mode 100644
index 6f6abed..0000000
--- a/global/overlay/etc/puppet/modules/sunet/manifests/wordpress.pp
+++ /dev/null
@@ -1,53 +0,0 @@
-# a basic wp setup using docker
-
-define sunet::wordpress (
-$db_host = undef,
-$wordpress_version = "4.1.1",
-$myqsl_version = "5.7")
-{
- include augeas
- $db_hostname = $db_host ? {
- undef => "${name}_mysql.docker",
- default => $db_host
- }
- $pwd = hiera("${name}_db_password",'NOT_SET_IN_HIERA')
- file {"/data/${name}": ensure => directory } ->
- file {"/data/${name}/html": ensure => directory } ->
- sunet::docker_run { "${name}_wordpress":
- image => "wordpress",
- imagetag => $wordpress_version,
- volumes => ["/data/${name}/html:/var/www/html"],
- ports => ["8080:80"],
- env => [ "SERVICE_NAME=${name}",
- "WORDPRESS_DB_HOST=${db_hostname}",
- "WORDPRESS_DB_USER=${name}",
- "WORDPRESS_DB_NAME=${name}",
- "WORDPRESS_DB_PASSWORD=${pwd}" ]
- }
-
- if (!$db_host) {
- file {"/data/${name}/db": ensure => directory }
- group { 'mysql': ensure => 'present', system => true } ->
- user { 'mysql': ensure => 'present', groups => 'mysql', system => true } ->
- sunet::docker_run { "${name}_mysql":
- image => "mysql",
- imagetag => $mysql_version,
- volumes => ["/data/${name}/db:/var/lib/mysql"],
- env => ["MYSQL_USER=${name}",
- "MYSQL_PASSWORD=${pwd}",
- "MYSQL_ROOT_PASSWORD=${pwd}",
- "MYSQL_DATABASE=${name}"]
- }
- package {'automysqlbackup': ensure => latest } ->
- augeas { 'automysqlbackup_settings':
- incl => "/etc/default/automysqlbackup",
- lens => "Shellvars.lns",
- changes => [
- "set USERNAME ${name}",
- "set PASSWORD ${pwd}",
- "set DBHOST ${db_hostname}",
- "set DBNAMES ${name}"
- ]
- }
- }
-}