1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
|
class sunet::flog {
$postgres_password = hiera('flog_postgres_password', 'NOT_SET_IN_HIERA')
file {'/var/docker':
ensure => 'directory',
} ->
sunet::system_user {'postgres-system-user':
username => 'postgres',
group => 'postgres',
} ->
sunet::add_user_to_group { 'postgres_ssl_cert_access':
username => 'postgres',
group => 'ssl-cert',
} ->
sunet::system_user {'www-data-system-user':
username => 'www-data',
group => 'www-data',
} ->
sunet::system_user {'memcache-system-user':
username => 'memcache',
group => 'memcache',
} ->
file {'/var/docker/postgresql_data':
ensure => 'directory',
owner => 'postgres',
group => 'root',
mode => '0770',
} ->
file {'/var/docker/postgresql_data/backup':
ensure => 'directory',
owner => 'postgres',
group => 'root',
mode => '0770',
} ->
file {'/var/log/flog_db':
ensure => 'directory',
owner => 'root',
group => 'postgres',
mode => '1775',
} ->
file {'/var/log/flog_app':
ensure => 'directory',
owner => 'root',
group => 'www-data',
mode => '1775',
} ->
file {'/var/log/flog_cron':
ensure => 'directory',
owner => 'root',
group => 'www-data',
mode => '1775',
} ->
file { "/opt/flog/nginx/certs/flog.sunet.se.key":
ensure => file,
path => "/opt/flog/nginx/certs/flog.sunet.se.key",
mode => '0640',
content => hiera('server_cert_key', 'NOT_SET_IN_HIERA'),
} ->
file { "/opt/flog/dotenv":
ensure => file,
path => "/opt/flog/dotenv",
mode => '0640',
content => template('sunet/flog/dotenv.erb'),
} ->
sunet::docker_run {'flog_db':
image => 'docker.sunet.se/flog/postgresql-9.3',
volumes => ['/opt/flog/postgres/ssl:/etc/ssl', '/var/docker/postgresql_data/:/var/lib/postgresql/','/var/log/flog_db/:/var/log/postgresql/'],
} ->
sunet::docker_run {'flog_app':
image => 'docker.sunet.se/flog/flog_app',
volumes => ['/opt/flog/dotenv:/opt/flog/.env','/var/log/flog/:/opt/flog/logs/'],
} ->
sunet::docker_run {'memcached':
image => 'docker.sunet.se/library/memcached',
} ->
sunet::docker_run {'flog_nginx':
image => 'docker.sunet.se/flog/nginx',
ports => ['80:80', '443:443'],
volumes => ['/opt/flog/nginx/sites-enabled/:/etc/nginx/sites-enabled/','/opt/flog/nginx/certs/:/etc/nginx/certs', '/var/log/flog_nginx/:/var/log/nginx'],
}
}
|