summaryrefslogtreecommitdiff
path: root/global/overlay/etc/puppet/modules/sunet/manifests/flog.pp
blob: b368b45cbf058ac9c5aa5393620bbbc3cb1181d0 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
class sunet::flog {

   $postgres_password = hiera('flog_postgres_password', 'NOT_SET_IN_HIERA')

   file {'/var/docker':
       ensure => 'directory',
   } ->
   sunet::system_user {'postgres-system-user':
       username => 'postgres',
       group    => 'postgres',
   } ->
   sunet::add_user_to_group { 'postgres_ssl_cert_access':
       username => 'postgres',
       group    => 'ssl-cert',
   } ->
   sunet::system_user {'www-data-system-user':
       username => 'www-data',
       group    => 'www-data',
   } ->
   sunet::system_user {'memcache-system-user':
       username => 'memcache',
       group    => 'memcache',
   } ->
   file {'/var/docker/postgresql_data':
       ensure => 'directory',
       owner  => 'postgres',
       group  => 'root',
       mode   => '0770',
   } ->
   file {'/var/docker/postgresql_data/backup':
       ensure => 'directory',
       owner  => 'postgres',
       group  => 'root',
       mode   => '0770',
   } ->
   file {'/var/log/flog_db':
      ensure => 'directory',
      owner  => 'root',
      group  => 'postgres',
      mode   => '1775',
   } ->
   file {'/var/log/flog_app':
      ensure => 'directory',
      owner  => 'root',
      group  => 'www-data',
      mode   => '1775',
   } ->
   file {'/var/log/flog_cron':
      ensure => 'directory',
      owner  => 'root',
      group  => 'www-data',
      mode   => '1775',
   } ->
   file { "/opt/flog/nginx/certs/flog.sunet.se.key":
     ensure  => file,
     path    => "/opt/flog/nginx/certs/flog.sunet.se.key",
     mode    => '0640',
     content => hiera('server_cert_key', 'NOT_SET_IN_HIERA'),
   } ->
   file { "/opt/flog/dotenv":
       ensure  => file,
       path    => "/opt/flog/dotenv",
       mode    => '0640',
       content => template('sunet/flog/dotenv.erb'),
   } ->
   sunet::docker_run {'flog_db':
      image    => 'docker.sunet.se/flog/postgresql-9.3',
      volumes  => ['/opt/flog/postgres/ssl:/etc/ssl', '/var/docker/postgresql_data/:/var/lib/postgresql/','/var/log/flog_db/:/var/log/postgresql/'],
   } ->
   sunet::docker_run {'flog_app':
      image    => 'docker.sunet.se/flog/flog_app',
      volumes  => ['/opt/flog/dotenv:/opt/flog/.env','/var/log/flog/:/opt/flog/logs/'],
   } ->
   sunet::docker_run {'memcached':
      image    => 'docker.sunet.se/library/memcached',
   } ->
   sunet::docker_run {'flog_nginx':
      image     => 'docker.sunet.se/flog/nginx',
      ports     => ['80:80', '443:443'],
      volumes   => ['/opt/flog/nginx/sites-enabled/:/etc/nginx/sites-enabled/','/opt/flog/nginx/certs/:/etc/nginx/certs', '/var/log/flog_nginx/:/var/log/nginx'],
   }
}