2023-02-13 10:44:56 +01:00
# This class uses all the other classes to create a multinode server
class sunetdrive::multinode (
$bootstrap = undef,
$location = undef
2023-04-24 11:20:02 +02:00
include sunet::packages::yq
2024-10-09 14:25:34 +02:00
$myname = $facts['networking']['hostname']
2023-02-13 10:44:56 +01:00
$is_multinode = true;
$environment = sunetdrive::get_environment()
$lb_servers = hiera_hash($environment)['lb_servers']
$document_servers = hiera_hash($environment)['document_servers']
2023-02-28 10:31:33 +01:00
$nextcloud_ip = hiera_hash($environment)['app']
$db_ip = hiera_hash($environment)['db']
2023-02-28 11:50:16 +01:00
$admin_password = hiera('admin_password')
$cluster_admin_password = hiera('cluster_admin_password')
2023-06-28 15:51:43 +02:00
# This is a global value from common.yaml but overridden in the gss-servers local.yaml
$gss_mode = hiera('gss_mode')
2023-02-13 10:44:56 +01:00
$twofactor_enforced_groups = []
$twofactor_enforced_excluded_groups = []
$allcustomers = hiera_hash('multinode_mapping')
$allnames = $allcustomers.keys
$tempcustomers = $allnames.map | $index, $potential | {
if $myname =~ $allcustomers[$potential]['server'] {
else {
2023-02-25 08:30:43 +01:00
$php_memory_limit_mb = 512
2023-02-13 10:44:56 +01:00
$nodenumber = $::fqdn[9,1]
$customers = $tempcustomers - nil
2023-03-21 18:28:52 +01:00
$passwords = $allnames.map | $index, $customer | {
2023-02-28 10:50:09 +01:00
2023-02-28 13:12:33 +01:00
$transaction_persistent = 1
2023-02-28 13:30:18 +01:00
$monitor_password = hiera('proxysql_password')
2023-02-13 10:44:56 +01:00
user { 'www-data': ensure => present, system => true }
sunet::system_user {'mysql': username => 'mysql', group => 'mysql' }
ensure_resource('file', '/opt/nextcloud' , { ensure => directory, recurse => true } )
file { '/usr/local/bin/occ':
ensure => present,
force => true,
owner => 'root',
group => 'root',
content => template('sunetdrive/application/occ.erb'),
mode => '0740',
file { '/etc/sudoers.d/99-occ':
ensure => file,
content => "script ALL=(root) NOPASSWD: /usr/local/bin/occ\n",
mode => '0440',
owner => 'root',
group => 'root',
file { '/usr/local/bin/upgrade23-25.sh':
2023-04-24 10:47:36 +02:00
ensure => absent,
file { '/usr/local/bin/get_paying_customers':
ensure => present,
force => true,
owner => 'root',
group => 'root',
content => template('sunetdrive/multinode/get_paying_customers.erb.sh'),
mode => '0744',
file { '/usr/local/bin/get_non_paying_customers':
2023-02-13 10:44:56 +01:00
ensure => present,
force => true,
owner => 'root',
group => 'root',
2023-04-24 10:47:36 +02:00
content => template('sunetdrive/multinode/get_non_paying_customers.erb.sh'),
2023-02-13 10:44:56 +01:00
mode => '0744',
file { '/usr/local/bin/get_containers':
ensure => present,
force => true,
owner => 'root',
group => 'root',
content => template('sunetdrive/multinode/get_containers'),
mode => '0744',
2023-04-24 10:47:36 +02:00
file { '/usr/local/bin/restart_and_prune':
ensure => present,
force => true,
owner => 'root',
group => 'root',
content => template('sunetdrive/multinode/restart_and_prune.erb.sh'),
mode => '0744',
2023-02-13 10:44:56 +01:00
file { '/usr/local/bin/add_admin_user':
ensure => present,
force => true,
owner => 'root',
group => 'root',
content => template('sunetdrive/application/add_admin_user.erb'),
mode => '0744',
file { '/opt/nextcloud/prune.sh':
ensure => file,
force => true,
owner => 'root',
group => 'root',
content => template('sunetdrive/multinode/prune.erb.sh'),
mode => '0744',
2023-03-13 18:54:36 +01:00
file { '/opt/proxysql/proxysql.cnf':
ensure => file,
force => true,
owner => 'root',
group => 'root',
content => template('sunetdrive/multinode/proxysql.cnf.erb'),
mode => '0644',
2023-04-24 10:47:36 +02:00
sunet::scriptherder::cronjob { 'prune_non_paying':
cmd => '/usr/local/bin/restart_and_prune',
2023-04-24 10:53:37 +02:00
weekday => '1-6',
2023-04-24 10:47:36 +02:00
hour => '2',
minute => '45',
ok_criteria => ['exit_status=0','max_age=3d'],
warn_criteria => ['exit_status=1','max_age=5d'],
sunet::scriptherder::cronjob { 'prune_all_paying':
cmd => '/usr/local/bin/restart_and_prune include_paying',
2023-04-24 10:53:37 +02:00
weekday => '0',
2023-04-24 10:47:36 +02:00
hour => '2',
minute => '45',
ok_criteria => ['exit_status=0','max_age=7d'],
warn_criteria => ['exit_status=1','max_age=9d'],
2023-02-13 10:44:56 +01:00
file { '/opt/nextcloud/apache.php.ini':
ensure => file,
force => true,
owner => 'www-data',
group => 'root',
content => template('sunetdrive/application/apache.php.ini.erb'),
mode => '0644',
file { '/opt/nextcloud/apcu.ini':
ensure => file,
force => true,
owner => 'www-data',
group => 'root',
content => template('sunetdrive/application/apcu.ini.erb'),
mode => '0644',
file { '/opt/nextcloud/cli.php.ini':
ensure => file,
force => true,
owner => 'www-data',
group => 'root',
content => template('sunetdrive/application/cli.php.ini.erb'),
mode => '0644',
file { '/opt/nextcloud/cron.sh':
ensure => file,
owner => 'root',
group => 'root',
mode => '0700',
content => template('sunetdrive/application/cron.erb.sh'),
file { '/opt/nextcloud/000-default.conf':
ensure => file,
force => true,
owner => 'www-data',
group => 'root',
content => template('sunetdrive/application/000-default.conf.erb'),
mode => '0644',
file { '/opt/nextcloud/404.html':
ensure => file,
force => true,
owner => 'www-data',
group => 'root',
content => template('sunetdrive/application/404.html.erb'),
mode => '0644',
$link_content = '[Match]
Driver=bridge veth
file { '/etc/systemd/network/98-default.link':
ensure => file,
force => true,
owner => 'root',
group => 'root',
content => $link_content,
mode => '0744',
file { '/opt/nextcloud/compress-logs.sh':
ensure => file,
force => true,
owner => 'root',
group => 'root',
content => template('sunetdrive/multinode/compress-logs.erb.sh'),
mode => '0744',
cron { 'multinode_compress_logs':
command => '/opt/nextcloud/compress-logs.sh',
require => File['/opt/nextcloud/compress-logs.sh'],
user => 'root',
minute => '10',
hour => '0',
weekday => '0',
2024-08-26 13:03:04 +02:00
# if $nodenumber == '2' {
# cron { 'add_back_bucket_for_karin_nordgren':
# command => '(/usr/local/bin/occ nextcloud-kmh_app_1 files_external:list karin_nordgren@kmh.se && /home/script/bin/create_bucket.sh nextcloud-kmh_app_1 karin_nordgren@kmh.se karin-nordgren-drive-sunet-se) || /bin/true',
# user => 'root',
# minute => '*/10',
# }
# }
2023-02-13 10:44:56 +01:00
$customers.each | $index, $customer | {
2024-04-29 16:39:23 +02:00
$customer_config_full = hiera_hash($customer)
$customer_config = $customer_config_full[$environment]
2023-02-28 18:50:13 +01:00
cron { "multinode_cron_${customer}":
command => "/opt/nextcloud/cron.sh nextcloud-${customer}_app_1",
require => File['/opt/nextcloud/cron.sh'],
user => 'root',
minute => '*/10',
2023-02-13 10:44:56 +01:00
if $environment == 'prod' {
2024-04-29 16:39:23 +02:00
if 'primary_bucket' in $customer_config.keys() {
$s3_bucket = $customer_config['primary_bucket']
} else {
$s3_bucket = "primary-${customer}-drive.sunet.se"
2023-02-13 10:44:56 +01:00
$site_name = "${customer}.drive.sunet.se"
$trusted_proxies = ['lb1.drive.sunet.se','lb2.drive.sunet.se', 'lb3.drive.sunet.se', 'lb4.drive.sunet.se']
} else {
2024-04-29 16:39:23 +02:00
if 'primary_bucket' in $customer_config.keys() {
$s3_bucket = $customer_config['primary_bucket']
2024-04-29 16:34:38 +02:00
} else {
$s3_bucket = "primary-${customer}-${environment}.sunet.se"
2023-02-13 10:44:56 +01:00
$site_name = "${customer}.drive.${environment}.sunet.se"
$trusted_proxies = ["lb1.drive.${environment}.sunet.se","lb2.drive.${environment}.sunet.se",
$apache_default_path = "/opt/multinode/${customer}/000-default.conf"
$apache_error_path = "/opt/multinode/${customer}/404.html"
$config_php_path = "/opt/multinode/${customer}/config.php"
$cron_log_path ="/opt/multinode/${customer}/cron.log"
2023-03-10 12:50:55 +01:00
2023-03-21 17:08:54 +01:00
$dbhost = 'proxysql_proxysql_1'
$dbname = "nextcloud_${customer}"
$dbuser = "nextcloud_${customer}"
2023-02-13 10:44:56 +01:00
$gs_enabled = hiera('gs_enabled')
$gs_federation = hiera('gs_federation')
$gss_master_admin = hiera_array('gss_master_admin')
$gss_master_url = hiera("gss_master_url_${environment}")
$https_port = hiera_hash('multinode_mapping')[$customer]['port']
$lookup_server = hiera("lookup_server_${environment}")
$mail_domain = hiera("mail_domain_${environment}")
$mail_from_address = hiera("mail_from_address_${environment}")
$mail_smtphost = hiera("mail_smtphost_${environment}")
$nextcloud_log_path ="/opt/multinode/${customer}/nextcloud.log"
2024-09-24 15:36:06 +02:00
$audit_log_path ="/opt/multinode/${customer}/audit.log"
2024-03-04 10:57:42 +01:00
if $customer_config['nextcloud_version'] {
$nextcloud_version = $customer_config['nextcloud_version']
} else {
$nextcloud_version = hiera("nextcloud_version_${environment}")
2023-02-13 10:44:56 +01:00
$nextcloud_version_string = split($nextcloud_version, '[-]')[0]
$rclone_conf_path = "/opt/multinode/${customer}/rclone.conf"
$redis_conf_dir = "/opt/multinode/${customer}/server"
$redis_conf_path = "${redis_conf_dir}/redis.conf"
2023-02-28 08:50:39 +01:00
$redis_host= "redis-${customer}_redis-server_1"
2023-02-13 10:44:56 +01:00
$s3_host = $customer_config['s3_host']
$s3_usepath = hiera('s3_usepath')
$smtpuser = hiera("smtp_user_${environment}")
2024-10-09 14:25:34 +02:00
$trusted_domains = [$site_name, $facts['networking']['fqdn'], 'localhost']
2023-02-13 10:44:56 +01:00
$tug_office = hiera_array('tug_office')
2023-11-30 10:58:04 +01:00
if $customer_config['twofactor_enforced_groups'] {
$twofactor_enforced_groups = $customer_config['twofactor_enforced_groups']
if $customer_config['twofactor_enforced_excluded_groups'] {
$twofactor_enforced_excluded_groups = $customer_config['twofactor_enforced_excluded_groups']
2023-02-13 10:44:56 +01:00
# Secrets from local.eyaml
$admin_password = safe_hiera("${customer}_admin_password")
$instanceid = safe_hiera("${customer}_instanceid")
$mysql_root_password = safe_hiera("${customer}_mysql_root_password")
$backup_password = safe_hiera("${customer}_backup_password")
$mysql_user_password = safe_hiera("${customer}_mysql_user_password")
$s3_key = safe_hiera("${customer}_s3_key")
$s3_secret = safe_hiera("${customer}_s3_secret")
$secret = safe_hiera("${customer}_secret")
$passwordsalt= safe_hiera("${customer}_passwordsalt")
$redis_host_password = safe_hiera("${customer}_redis_host_password")
$gss_jwt_key = safe_hiera('gss_jwt_key')
$smtppassword = safe_hiera('smtp_password')
$extra_config = {
admin_password => $admin_password,
backup_password => $backup_password,
dbhost => $dbhost,
2023-03-10 12:50:55 +01:00
dbname => $dbname,
dbuser => $dbuser,
2023-02-13 10:44:56 +01:00
drive_email_template_plain_text_left => hiera($environment)['drive_email_template_plain_text_left'],
drive_email_template_text_left => hiera($environment)['drive_email_template_text_left'],
drive_email_template_url_left => hiera($environment)['drive_email_template_url_left'],
mariadb_dir => "/opt/multinode/${customer}/mariadb-${customer}",
mycnf_path => 'sunetdrive/multinode/my.cnf.erb',
mysql_root_password => $mysql_root_password,
mysql_user_password => $mysql_user_password,
trusted_domains => $trusted_domains,
trusted_proxies => $trusted_proxies,
$config = deep_merge($customer_config, $extra_config)
ensure_resource('file', "/opt/multinode/${customer}" , { ensure => directory, recurse => true } )
# Use the other sunetdrive classes with overridden config
$db_ip = ['']
$app_compose = sunet::docker_compose { "drive_${customer}_app_docker_compose":
content => template('sunetdrive/multinode/docker-compose_nextcloud.yml.erb'),
service_name => "nextcloud-${customer}",
compose_dir => "/opt/multinode/${customer}",
compose_filename => 'docker-compose.yml',
description => "Nextcloud application for ${customer}",
require => File[$config_php_path,
$cache_compose = sunet::docker_compose { "drive_${customer}_redis_docker_compose":
content => template('sunetdrive/multinode/docker-compose_cache.yml.erb'),
service_name => "redis-${customer}",
compose_dir => "/opt/multinode/${customer}",
compose_filename => 'docker-compose.yml',
description => "Redis cache server for ${customer}",
require => File[$redis_conf_path],
sunetdrive::app_type { "app_${customer}":
location => $location,
override_config => $config,
override_compose => $app_compose,
file { $redis_conf_dir:
ensure => directory,
recurse => true,
$redis_config = file { $redis_conf_path:
ensure => present,
content => template('sunetdrive/multinode/redis.conf.erb'),
mode => '0666',
require => [ File[$redis_conf_dir]]
sunetdrive::cache_type { "cache_${customer}":
location => $location,
override_config => $config,
override_compose => $cache_compose,
override_redis_conf => $redis_config,
require => File[$redis_conf_path],
file { $config_php_path:
ensure => present,
owner => 'www-data',
group => 'root',
content => template('sunetdrive/application/config.php.erb'),
mode => '0644',
file { $cron_log_path:
ensure => file,
force => true,
owner => 'www-data',
group => 'root',
mode => '0644',
file { $nextcloud_log_path:
ensure => file,
force => true,
owner => 'www-data',
group => 'root',
mode => '0644',
2024-09-24 15:36:06 +02:00
file { $audit_log_path:
ensure => file,
force => true,
owner => 'www-data',
group => 'root',
mode => '0644',
2023-02-13 10:44:56 +01:00
file { $rclone_conf_path:
ensure => present,
owner => 'www-data',
group => 'root',
content => template('sunetdrive/multinode/rclone.conf.erb'),
mode => '0644',
file { "/opt/multinode/${customer}/complete_reinstall.sh":
ensure => file,
force => true,
owner => 'root',
group => 'root',
content => template('sunetdrive/multinode/complete_reinstall.erb.sh'),
mode => '0744',
2024-12-24 09:51:57 +01:00
if $::facts['sunet_nftables_enabled'] == 'yes' {
2024-12-24 11:03:46 +01:00
$name = "https_port_${customer}"
ensure_resource('sunet::nftables::ufw_allow_compat', $name, {
from => ['', '::/0'],
port => $https_port,
2024-12-24 09:51:57 +01:00
} else {
# Open ports
sunet::misc::ufw_allow { "https_port_${customer}":
from => '',
port => $https_port,
2023-02-13 10:44:56 +01:00