From d6d496a7ab3d01550f25e48581ae7e53e559f42d Mon Sep 17 00:00:00 2001 From: Johan Lundberg Date: Mon, 30 Mar 2015 17:19:16 +0200 Subject: Added more docker images to sto-tug-kvm2. --- global/overlay/etc/puppet/manifests/cosmos-site.pp | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'global') diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp index a519ccf..b4ea64d 100644 --- a/global/overlay/etc/puppet/manifests/cosmos-site.pp +++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp @@ -698,6 +698,8 @@ node 'cdr1.sunet.se' { node 'sto-tug-kvm2.swamid.se' { docker::image {'docker.sunet.se/flog/postgresql-9.3': } + docker::image {'docker.sunet.se/flog/nginx': } + docker::image {'docker.sunet.se/flog/flog_app': } file {'/opt/docker/postgresql_data': ensure => 'directory', } @@ -708,6 +710,19 @@ node 'sto-tug-kvm2.swamid.se' { image => 'docker.sunet.se/flog/postgresql-9.3', use_name => true, volumes => ['/opt/docker/postgresql_data/:/var/lib/postgresql/','/var/log/flog_db/:/var/log/postgresql/'], + } -> + docker::run {'flog_app': + image => 'docker.sunet.se/flog/flog_app', + use_name => true, + links => ['flog_db:flog_db'], + volumes => ['/opt/flog/dotenv:/opt/flog/.env','/var/log/flog/:/opt/flog/logs/'], + } -> + docker::run {'flog_nginx': + image => 'docker.sunet.se/flog/nginx', + use_name => true, + ports => ['80:80', '443:443'], + links => ['flog_app:flog_app'], + volumes => ['/opt/flog/nginx/sites-enabled/:/etc/nginx/sites-enabled/','/opt/flog/nginx/certs/:/etc/nginx/certs', '/var/log/flog_nginx/:/var/log/nginx'], } } -- cgit v1.1 From d8a536feeec9a5fcebfaa5f587dbf87dcdee76a3 Mon Sep 17 00:00:00 2001 From: Johan Lundberg Date: Tue, 31 Mar 2015 10:38:57 +0200 Subject: Trying to use dns instead of link --- global/overlay/etc/puppet/manifests/cosmos-site.pp | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) (limited to 'global') diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp index b4ea64d..11e8287 100644 --- a/global/overlay/etc/puppet/manifests/cosmos-site.pp +++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp @@ -697,16 +697,15 @@ node 'cdr1.sunet.se' { } node 'sto-tug-kvm2.swamid.se' { - docker::image {'docker.sunet.se/flog/postgresql-9.3': } - docker::image {'docker.sunet.se/flog/nginx': } - docker::image {'docker.sunet.se/flog/flog_app': } + #class { 'fail2ban': } file {'/opt/docker/postgresql_data': - ensure => 'directory', - } + ensure => 'directory', + } -> file {'/var/log/flog_db': ensure => 'directory', - } - docker::run {'flog_db': + } -> + class { 'sunet::dockerhost': } -> + sunet::docker_run {'flog_db': image => 'docker.sunet.se/flog/postgresql-9.3', use_name => true, volumes => ['/opt/docker/postgresql_data/:/var/lib/postgresql/','/var/log/flog_db/:/var/log/postgresql/'], @@ -714,14 +713,12 @@ node 'sto-tug-kvm2.swamid.se' { docker::run {'flog_app': image => 'docker.sunet.se/flog/flog_app', use_name => true, - links => ['flog_db:flog_db'], volumes => ['/opt/flog/dotenv:/opt/flog/.env','/var/log/flog/:/opt/flog/logs/'], } -> docker::run {'flog_nginx': image => 'docker.sunet.se/flog/nginx', use_name => true, ports => ['80:80', '443:443'], - links => ['flog_app:flog_app'], volumes => ['/opt/flog/nginx/sites-enabled/:/etc/nginx/sites-enabled/','/opt/flog/nginx/certs/:/etc/nginx/certs', '/var/log/flog_nginx/:/var/log/nginx'], } } -- cgit v1.1 From 64d24f65a2efb1e81225fe289701d24bfe9aa11c Mon Sep 17 00:00:00 2001 From: Johan Lundberg Date: Tue, 31 Mar 2015 10:40:36 +0200 Subject: Invalid parameter use_name --- global/overlay/etc/puppet/manifests/cosmos-site.pp | 3 --- 1 file changed, 3 deletions(-) (limited to 'global') diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp index 11e8287..942ac77 100644 --- a/global/overlay/etc/puppet/manifests/cosmos-site.pp +++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp @@ -707,17 +707,14 @@ node 'sto-tug-kvm2.swamid.se' { class { 'sunet::dockerhost': } -> sunet::docker_run {'flog_db': image => 'docker.sunet.se/flog/postgresql-9.3', - use_name => true, volumes => ['/opt/docker/postgresql_data/:/var/lib/postgresql/','/var/log/flog_db/:/var/log/postgresql/'], } -> docker::run {'flog_app': image => 'docker.sunet.se/flog/flog_app', - use_name => true, volumes => ['/opt/flog/dotenv:/opt/flog/.env','/var/log/flog/:/opt/flog/logs/'], } -> docker::run {'flog_nginx': image => 'docker.sunet.se/flog/nginx', - use_name => true, ports => ['80:80', '443:443'], volumes => ['/opt/flog/nginx/sites-enabled/:/etc/nginx/sites-enabled/','/opt/flog/nginx/certs/:/etc/nginx/certs', '/var/log/flog_nginx/:/var/log/nginx'], } -- cgit v1.1 From 84241ebd52192666d49d0e7fceedd850a00bd018 Mon Sep 17 00:00:00 2001 From: Johan Lundberg Date: Tue, 31 Mar 2015 10:52:34 +0200 Subject: update db --- global/overlay/etc/puppet/cosmos-db.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'global') diff --git a/global/overlay/etc/puppet/cosmos-db.yaml b/global/overlay/etc/puppet/cosmos-db.yaml index d8a83ca..a84fd5f 100644 --- a/global/overlay/etc/puppet/cosmos-db.yaml +++ b/global/overlay/etc/puppet/cosmos-db.yaml @@ -89,9 +89,9 @@ classes: sunetops: null swamidops: null sto-tug-kvm2.swamid.se: - dockerhost: null mailclient: *id002 sshaccess: null + sunet::dockerhost: null sunetops: null swamidops: null webserver: null @@ -138,7 +138,7 @@ members: lobo2.lab.sunet.se] docker_signer: [mdx2.swamid.se] dockerhost: [www2.eduid.se, reep.tid.isoc.org, datasets.sunet.se, mdx1.swamid.se, - mdx2.swamid.se, sto-tug-kvm2.swamid.se, docker.sunet.se, registry.swamid.se] + mdx2.swamid.se, docker.sunet.se, registry.swamid.se] entropyserver: [random1.nordu.net, random2.nordu.net] mailclient: [ca.sunet.se, cdr1.sunet.se, web-f1.sunet.se, web-db2.sunet.se, sto-tug-kvm-lab2.swamid.se, datasets.sunet.se, mdx1.swamid.se, sto-tug-kvm-lab1.swamid.se, web-a1.sunet.se, @@ -156,7 +156,7 @@ members: lobo2.lab.sunet.se] sunet-cdr: [cdr1.sunet.se, cdr2.sunet.se] sunet::dockerhost: [web-f1.sunet.se, web-db2.sunet.se, web-a1.sunet.se, web-db1.sunet.se, - web-a2.sunet.se] + sto-tug-kvm2.swamid.se, web-a2.sunet.se] sunetops: [ca.sunet.se, cdr1.sunet.se, cdr1.sunet.se, web-f1.sunet.se, web-db2.sunet.se, sto-tug-kvm-lab2.swamid.se, datasets.sunet.se, mdx1.swamid.se, sto-tug-kvm-lab1.swamid.se, web-a1.sunet.se, wp.sunet.se, mdx2.swamid.se, samltest.swamid.se, web-db1.sunet.se, -- cgit v1.1 From e83523095a7f01d554becadf129bb4d35e1ad471 Mon Sep 17 00:00:00 2001 From: Johan Lundberg Date: Tue, 31 Mar 2015 10:53:34 +0200 Subject: Changed to sunet::dockerhost for kvm2 --- global/overlay/etc/puppet/manifests/cosmos-site.pp | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'global') diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp index 942ac77..2c2eb32 100644 --- a/global/overlay/etc/puppet/manifests/cosmos-site.pp +++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp @@ -704,16 +704,15 @@ node 'sto-tug-kvm2.swamid.se' { file {'/var/log/flog_db': ensure => 'directory', } -> - class { 'sunet::dockerhost': } -> sunet::docker_run {'flog_db': image => 'docker.sunet.se/flog/postgresql-9.3', volumes => ['/opt/docker/postgresql_data/:/var/lib/postgresql/','/var/log/flog_db/:/var/log/postgresql/'], } -> - docker::run {'flog_app': + sunet::docker_run {'flog_app': image => 'docker.sunet.se/flog/flog_app', volumes => ['/opt/flog/dotenv:/opt/flog/.env','/var/log/flog/:/opt/flog/logs/'], } -> - docker::run {'flog_nginx': + sunet::docker_run {'flog_nginx': image => 'docker.sunet.se/flog/nginx', ports => ['80:80', '443:443'], volumes => ['/opt/flog/nginx/sites-enabled/:/etc/nginx/sites-enabled/','/opt/flog/nginx/certs/:/etc/nginx/certs', '/var/log/flog_nginx/:/var/log/nginx'], -- cgit v1.1 From 1b9540600fe30425d878dc0461d01975931b63f1 Mon Sep 17 00:00:00 2001 From: Johan Lundberg Date: Tue, 31 Mar 2015 13:32:08 +0200 Subject: Adding helper functions from eduid. --- .../modules/sunet/manifests/add_user_to_group.pp | 7 +++++++ .../puppet/modules/sunet/manifests/system_user.pp | 22 ++++++++++++++++++++++ 2 files changed, 29 insertions(+) create mode 100644 global/overlay/etc/puppet/modules/sunet/manifests/add_user_to_group.pp create mode 100644 global/overlay/etc/puppet/modules/sunet/manifests/system_user.pp (limited to 'global') diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/add_user_to_group.pp b/global/overlay/etc/puppet/modules/sunet/manifests/add_user_to_group.pp new file mode 100644 index 0000000..348d9c5 --- /dev/null +++ b/global/overlay/etc/puppet/modules/sunet/manifests/add_user_to_group.pp @@ -0,0 +1,7 @@ +# Add a user to a group +define sunet::add_user_to_group($username, $group) { + exec {"add_user_${username}_to_group_${group}_exec": + command => "adduser --quiet $username $group", + path => ['/usr/local/sbin', '/usr/local/bin', '/usr/sbin', '/usr/bin', '/sbin', '/bin', ], + } +} diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/system_user.pp b/global/overlay/etc/puppet/modules/sunet/manifests/system_user.pp new file mode 100644 index 0000000..819ef4a --- /dev/null +++ b/global/overlay/etc/puppet/modules/sunet/manifests/system_user.pp @@ -0,0 +1,22 @@ +define sunet::system_user( + $username, + $group, + $system = true, + $shell = '/bin/false' + ) { + + user { $username : + ensure => present, + name => $username, + membership => minimum, + system => $system, + require => Group[ $group ], + shell => $shell, + } + + group { $group : + ensure => present, + name => $group, + } + +} -- cgit v1.1 From 4f19a30761313393ee3c624beb854e68011fd7d1 Mon Sep 17 00:00:00 2001 From: Johan Lundberg Date: Tue, 31 Mar 2015 13:32:29 +0200 Subject: sto-tug-kvm2 is now a sunet::dockerhost. --- global/overlay/etc/puppet/cosmos-rules.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'global') diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml index dc2b9c0..5035639 100644 --- a/global/overlay/etc/puppet/cosmos-rules.yaml +++ b/global/overlay/etc/puppet/cosmos-rules.yaml @@ -31,7 +31,7 @@ mdx2.swamid.se: sto-tug-kvm2.swamid.se: sshaccess: webserver: - dockerhost: + sunet::dockerhost: reep.tid.isoc.org: sshaccess: swamidops: -- cgit v1.1 From 68251025dd8c8c10b81978e41a069afd7b49bfd5 Mon Sep 17 00:00:00 2001 From: Johan Lundberg Date: Tue, 31 Mar 2015 13:32:52 +0200 Subject: Adding postgres user to sto-tug-kvm2. --- global/overlay/etc/puppet/manifests/cosmos-site.pp | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) (limited to 'global') diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp index 2c2eb32..3f2c9af 100644 --- a/global/overlay/etc/puppet/manifests/cosmos-site.pp +++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp @@ -697,12 +697,24 @@ node 'cdr1.sunet.se' { } node 'sto-tug-kvm2.swamid.se' { - #class { 'fail2ban': } + #class { 'fail2ban': } + sunet::system_user {'postgres-system-user': + username => 'postgres', + group => 'postgres', + } -> + sunet::add_user_to_group { 'postgres_ssl_cert_access': + username => 'postgres', + group => 'ssl-cert', + } -> file {'/opt/docker/postgresql_data': ensure => 'directory', + owner => 'postgres', + group => 'postgres', } -> file {'/var/log/flog_db': ensure => 'directory', + owner => 'postgres', + group => 'postgres', } -> sunet::docker_run {'flog_db': image => 'docker.sunet.se/flog/postgresql-9.3', -- cgit v1.1 From 183ad5993ec59d0125917df77ab170f8ed5e5b09 Mon Sep 17 00:00:00 2001 From: Johan Lundberg Date: Tue, 31 Mar 2015 13:49:14 +0200 Subject: Changed permissions for postgres data dir --- global/overlay/etc/puppet/manifests/cosmos-site.pp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'global') diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp index 3f2c9af..54c8efa 100644 --- a/global/overlay/etc/puppet/manifests/cosmos-site.pp +++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp @@ -710,11 +710,13 @@ node 'sto-tug-kvm2.swamid.se' { ensure => 'directory', owner => 'postgres', group => 'postgres', + mode => '0700', } -> file {'/var/log/flog_db': ensure => 'directory', - owner => 'postgres', + owner => 'root', group => 'postgres', + mode => '1775', } -> sunet::docker_run {'flog_db': image => 'docker.sunet.se/flog/postgresql-9.3', -- cgit v1.1 From 3c9f29b23f3bf1dd01aa97ad1950b00aa4f6f255 Mon Sep 17 00:00:00 2001 From: Johan Lundberg Date: Tue, 31 Mar 2015 14:03:46 +0200 Subject: Added missing docker dir. --- global/overlay/etc/puppet/manifests/cosmos-site.pp | 3 +++ 1 file changed, 3 insertions(+) (limited to 'global') diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp index 54c8efa..c196c1e 100644 --- a/global/overlay/etc/puppet/manifests/cosmos-site.pp +++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp @@ -698,6 +698,9 @@ node 'cdr1.sunet.se' { node 'sto-tug-kvm2.swamid.se' { #class { 'fail2ban': } + file {'/opt/docker': + ensure => 'directory', + } -> sunet::system_user {'postgres-system-user': username => 'postgres', group => 'postgres', -- cgit v1.1 From 2a0d8e2d857eababf821581c829633e0acb03474 Mon Sep 17 00:00:00 2001 From: Johan Lundberg Date: Tue, 31 Mar 2015 14:56:49 +0200 Subject: Mixed up opt and var. --- global/overlay/etc/puppet/manifests/cosmos-site.pp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'global') diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp index c196c1e..e37fbb0 100644 --- a/global/overlay/etc/puppet/manifests/cosmos-site.pp +++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp @@ -698,7 +698,7 @@ node 'cdr1.sunet.se' { node 'sto-tug-kvm2.swamid.se' { #class { 'fail2ban': } - file {'/opt/docker': + file {'/var/docker': ensure => 'directory', } -> sunet::system_user {'postgres-system-user': @@ -709,7 +709,7 @@ node 'sto-tug-kvm2.swamid.se' { username => 'postgres', group => 'ssl-cert', } -> - file {'/opt/docker/postgresql_data': + file {'/var/docker/postgresql_data': ensure => 'directory', owner => 'postgres', group => 'postgres', @@ -723,7 +723,7 @@ node 'sto-tug-kvm2.swamid.se' { } -> sunet::docker_run {'flog_db': image => 'docker.sunet.se/flog/postgresql-9.3', - volumes => ['/opt/docker/postgresql_data/:/var/lib/postgresql/','/var/log/flog_db/:/var/log/postgresql/'], + volumes => ['/var/docker/postgresql_data/:/var/lib/postgresql/','/var/log/flog_db/:/var/log/postgresql/'], } -> sunet::docker_run {'flog_app': image => 'docker.sunet.se/flog/flog_app', -- cgit v1.1 From 587c21016484d3f6cb1a4792238937908de120b7 Mon Sep 17 00:00:00 2001 From: Johan Lundberg Date: Tue, 31 Mar 2015 15:48:37 +0200 Subject: Changed location of ssl certs for postgres --- global/overlay/etc/puppet/manifests/cosmos-site.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'global') diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp index e37fbb0..5aa1fe7 100644 --- a/global/overlay/etc/puppet/manifests/cosmos-site.pp +++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp @@ -723,7 +723,7 @@ node 'sto-tug-kvm2.swamid.se' { } -> sunet::docker_run {'flog_db': image => 'docker.sunet.se/flog/postgresql-9.3', - volumes => ['/var/docker/postgresql_data/:/var/lib/postgresql/','/var/log/flog_db/:/var/log/postgresql/'], + volumes => ['/opt/flog/postgres/ssl/ssl-cert-snakeoil.pem:/etc/ssl/cert.pem', '/opt/flog/postgres/ssl/ssl-cert-snakeoil.key:/etc/ssl/cert.key', '/var/docker/postgresql_data/:/var/lib/postgresql/','/var/log/flog_db/:/var/log/postgresql/'], } -> sunet::docker_run {'flog_app': image => 'docker.sunet.se/flog/flog_app', -- cgit v1.1 From 614f6719f6fb9570dfc38411d4b6bd2ade947ffc Mon Sep 17 00:00:00 2001 From: Johan Lundberg Date: Tue, 31 Mar 2015 17:05:47 +0200 Subject: Fix log and cert permissions. --- global/overlay/etc/puppet/manifests/cosmos-site.pp | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) (limited to 'global') diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp index 5aa1fe7..f6d3ba8 100644 --- a/global/overlay/etc/puppet/manifests/cosmos-site.pp +++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp @@ -709,6 +709,10 @@ node 'sto-tug-kvm2.swamid.se' { username => 'postgres', group => 'ssl-cert', } -> + sunet::system_user {'www-data-system-user': + username => 'www-data', + group => 'www-data', + } -> file {'/var/docker/postgresql_data': ensure => 'directory', owner => 'postgres', @@ -721,9 +725,21 @@ node 'sto-tug-kvm2.swamid.se' { group => 'postgres', mode => '1775', } -> + file {'/var/log/flog_app': + ensure => 'directory', + owner => 'root', + group => 'www-data', + mode => '1775', + } -> + file {'/var/log/flog_cron': + ensure => 'directory', + owner => 'root', + group => 'www-data', + mode => '1775', + } -> sunet::docker_run {'flog_db': image => 'docker.sunet.se/flog/postgresql-9.3', - volumes => ['/opt/flog/postgres/ssl/ssl-cert-snakeoil.pem:/etc/ssl/cert.pem', '/opt/flog/postgres/ssl/ssl-cert-snakeoil.key:/etc/ssl/cert.key', '/var/docker/postgresql_data/:/var/lib/postgresql/','/var/log/flog_db/:/var/log/postgresql/'], + volumes => ['/opt/flog/postgres/ssl:/etc/ssl', '/var/docker/postgresql_data/:/var/lib/postgresql/','/var/log/flog_db/:/var/log/postgresql/'], } -> sunet::docker_run {'flog_app': image => 'docker.sunet.se/flog/flog_app', -- cgit v1.1 From 5cb9279fd0472bec59f5430786a6c684854bcf6f Mon Sep 17 00:00:00 2001 From: Johan Lundberg Date: Tue, 31 Mar 2015 18:23:49 +0200 Subject: Add postgres backup dir. --- global/overlay/etc/puppet/manifests/cosmos-site.pp | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'global') diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp index f6d3ba8..92e3804 100644 --- a/global/overlay/etc/puppet/manifests/cosmos-site.pp +++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp @@ -725,6 +725,12 @@ node 'sto-tug-kvm2.swamid.se' { group => 'postgres', mode => '1775', } -> + file {'/var/postgresbackup': + ensure => 'directory', + owner => 'root', + group => 'postgres', + mode => '1775', + } -> file {'/var/log/flog_app': ensure => 'directory', owner => 'root', -- cgit v1.1