Compare commits
No commits in common. "98158e1be5418b9260a86ba5caeda5a2048dc19b" and "6cfa2b3da7d2d4ced0531fe0f99390289362bdec" have entirely different histories.
98158e1be5
...
6cfa2b3da7
9 changed files with 28 additions and 68 deletions
|
|
@ -1,9 +1,5 @@
|
|||
#!/bin/bash
|
||||
|
||||
if ! [[ $(hostname) =~ monitor ]]; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
repo="/var/cache/cosmos/repo"
|
||||
common="${repo}/global/overlay/etc/hiera/data/common.yaml"
|
||||
|
||||
|
|
|
|||
|
|
@ -33,7 +33,6 @@ define sunetdrive::app_type (
|
|||
$dbhost = 'proxysql_proxysql_1'
|
||||
$dbname = 'nextcloud'
|
||||
$dbuser = 'nextcloud'
|
||||
$full_backup_retention = hiera('full_backup_retention')
|
||||
$instanceid = safe_hiera('instanceid')
|
||||
$mysql_user_password = safe_hiera('mysql_user_password')
|
||||
$passwordsalt = safe_hiera('passwordsalt')
|
||||
|
|
@ -92,11 +91,6 @@ define sunetdrive::app_type (
|
|||
$lb_servers = hiera_hash($environment)['lb_servers']
|
||||
$document_servers = hiera_hash($environment)['document_servers']
|
||||
|
||||
# Calculate some values
|
||||
$expiration_months = max(12, $full_backup_retention)
|
||||
$expiration_days_min = $expiration_months * 31
|
||||
$expiration_days_max = $expiration_months * 31 + 93
|
||||
|
||||
unless $is_multinode{
|
||||
user { 'www-data': ensure => present, system => true }
|
||||
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ define sunetdrive::db_type(
|
|||
$mariadb_dir = '/etc/mariadb'
|
||||
$mycnf_path = 'sunetdrive/mariadb/my.cnf.erb'
|
||||
$server_id = 1000 + Integer($facts['networking']['hostname'][-1])
|
||||
ensure_resource('file',$mariadb_dir, { ensure => directory } )
|
||||
ensure_resource('file',$mariadb_dir, { ensure => directory, recurse => true } )
|
||||
$dirs = ['datadir', 'init', 'conf', 'backups', 'scripts' ]
|
||||
$dirs.each |$dir| {
|
||||
ensure_resource('file',"${mariadb_dir}/${dir}", { ensure => directory, recurse => true } )
|
||||
|
|
|
|||
|
|
@ -291,15 +291,6 @@ MACAddressPolicy=none'
|
|||
if $customer_config['twofactor_enforced_excluded_groups'] {
|
||||
$twofactor_enforced_excluded_groups = $customer_config['twofactor_enforced_excluded_groups']
|
||||
}
|
||||
if $customer_config['full_backup_retention'] {
|
||||
$full_backup_retention = $customer_config['full_backup_retention']
|
||||
} else {
|
||||
$full_backup_retention = hiera('full_backup_retention')
|
||||
}
|
||||
# Calculate some values
|
||||
$expiration_months = max(12, $full_backup_retention)
|
||||
$expiration_days_min = $expiration_months * 31
|
||||
$expiration_days_max = $expiration_months * 31 + 93
|
||||
|
||||
# Secrets from local.eyaml
|
||||
$admin_password = safe_hiera("${customer}_admin_password")
|
||||
|
|
|
|||
|
|
@ -12,8 +12,6 @@ class sunetdrive::proxysql (
|
|||
$config = hiera_hash($environment)
|
||||
$db_ip = $config['db']
|
||||
$nextcloud_ip = $config['app']
|
||||
$nextcloud_ipv6 = $config['app_v6']
|
||||
$nextcloud_ip_all = $nextcloud_ip + $nextcloud_ipv6
|
||||
$proxysql_ok_num = length($nextcloud_ip)
|
||||
$proxysql_warn_num = $proxysql_ok_num - 1
|
||||
|
||||
|
|
@ -81,7 +79,7 @@ class sunetdrive::proxysql (
|
|||
iif => 'ens3',
|
||||
}
|
||||
sunet::nftables::docker_expose { 'proxysql':
|
||||
allow_clients => $nextcloud_ip_all,
|
||||
allow_clients => ['any'],
|
||||
port => 6032,
|
||||
iif => 'ens3',
|
||||
}
|
||||
|
|
|
|||
|
|
@ -29,23 +29,17 @@ class sunetdrive::satosa($dehydrated_name=undef,$image='docker.sunet.se/satosa',
|
|||
}
|
||||
}
|
||||
}
|
||||
$dehydrated_status = $dehydrated_name ? {
|
||||
undef => 'absent',
|
||||
default => 'present'
|
||||
}
|
||||
file {'/opt/docker_run':
|
||||
ensure => 'absent',
|
||||
}
|
||||
sunet::docker_compose { 'satosa':
|
||||
content => template('sunetdrive/satosa/docker-compose.yml.erb'),
|
||||
service_name => 'satosa',
|
||||
compose_dir => '/opt/',
|
||||
compose_filename => 'docker-compose.yml',
|
||||
description => 'Satosa',
|
||||
sunet::docker_run {'satosa':
|
||||
image => $image,
|
||||
imagetag => $tag,
|
||||
dns => ['89.32.32.32'],
|
||||
volumes => ['/etc/satosa:/etc/satosa','/etc/dehydrated:/etc/dehydrated'],
|
||||
ports => ['443:8000'],
|
||||
env => ['METADATA_DIR=/etc/satosa/metadata', 'WORKER_TIMEOUT=120']
|
||||
}
|
||||
file {'/etc/satosa/proxy_conf.yaml':
|
||||
content => inline_template("<%= @merged_conf.to_yaml %>\n"),
|
||||
notify => Sunet::Docker_compose['satosa']
|
||||
notify => Sunet::Docker_run['satosa']
|
||||
}
|
||||
$plugins = hiera('satosa_config')
|
||||
sort(keys($plugins)).each |$n| {
|
||||
|
|
@ -53,13 +47,23 @@ class sunetdrive::satosa($dehydrated_name=undef,$image='docker.sunet.se/satosa',
|
|||
$fn = $plugins[$n]
|
||||
file { $fn:
|
||||
content => inline_template("<%= @conf.to_yaml %>\n"),
|
||||
notify => Sunet::Docker_compose['satosa']
|
||||
notify => Sunet::Docker_run['satosa']
|
||||
}
|
||||
}
|
||||
sunet::misc::ufw_allow { 'satosa-allow-https':
|
||||
from => 'any',
|
||||
port => '443'
|
||||
}
|
||||
$dehydrated_status = $dehydrated_name ? {
|
||||
undef => 'absent',
|
||||
default => 'present'
|
||||
}
|
||||
sunet::docker_run {'alwayshttps':
|
||||
ensure => $dehydrated_status,
|
||||
image => 'docker.sunet.se/always-https',
|
||||
ports => ['80:80'],
|
||||
env => ['ACME_URL=http://acme-c.sunet.se']
|
||||
}
|
||||
sunet::misc::ufw_allow { 'satosa-allow-http':
|
||||
ensure => $dehydrated_status,
|
||||
from => 'any',
|
||||
|
|
@ -74,6 +78,12 @@ class sunetdrive::satosa($dehydrated_name=undef,$image='docker.sunet.se/satosa',
|
|||
cert_file => '/etc/satosa/https.crt'
|
||||
}
|
||||
}
|
||||
file { '/opt/satosa':
|
||||
ensure => directory,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0755',
|
||||
}
|
||||
-> file { '/opt/satosa/restart.sh':
|
||||
ensure => file,
|
||||
owner => 'root',
|
||||
|
|
|
|||
|
|
@ -192,9 +192,6 @@ $CONFIG = array (
|
|||
'secret' => '<%= @secret %>',
|
||||
'skeletondirectory' => '<%= @skeletondirectory %>',
|
||||
'templatedirectory' => '',
|
||||
<% if @environment == 'test' -%>
|
||||
'trashbin_retention_obligation' => 'auto, 30',
|
||||
<% end -%>
|
||||
'trusted_domains' =>
|
||||
array (
|
||||
<%- index = 0 -%>
|
||||
|
|
@ -237,7 +234,4 @@ $CONFIG = array (
|
|||
),
|
||||
'updatechecker' => false,
|
||||
'version' => '<%= @nextcloud_version_string %>',
|
||||
<% if @environment == 'test' -%>
|
||||
'versions_retention_obligation' => '<%= @expiration_days_min %>, <%= @expiration_days_max %>',
|
||||
<% end -%>
|
||||
);
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ dexec="docker exec ${container}"
|
|||
|
||||
password=$(${dexec} env | grep MYSQL_ROOT_PASSWORD | awk -F '=' '{print $2}')
|
||||
|
||||
mysql="${dexec} mysql -p${password} -u root"
|
||||
mysql="${dexec} mysql -p${password}"
|
||||
|
||||
if [[ "$(${mysql} -NB -e 'select exists(select * from information_schema.TABLES where TABLE_SCHEMA = "nextcloud" and TABLE_NAME = "oc_global_scale_users")')" == "1" ]]
|
||||
then
|
||||
|
|
|
|||
|
|
@ -1,23 +0,0 @@
|
|||
services:
|
||||
satosa:
|
||||
environment:
|
||||
- "METADATA_DIR=/etc/satosa/metadata"
|
||||
- "WORKER_TIMEOUT=120"
|
||||
dns:
|
||||
- "89.32.32.32"
|
||||
image: "<%= @image %><% if @tag %>:<%= @tag %><% end %>"
|
||||
pull_policy: "always"
|
||||
ports:
|
||||
- "443:8000"
|
||||
volumes:
|
||||
- "/etc/satosa:/etc/satosa"
|
||||
- "/etc/dehydrated:/etc/dehydrated"
|
||||
alwayshttps:
|
||||
environment:
|
||||
- "ACME_URL=http://acme-c.sunet.se"
|
||||
dns:
|
||||
- "89.32.32.32"
|
||||
image: "docker.sunet.se/always-https"
|
||||
pull_policy: "always"
|
||||
ports:
|
||||
- "80:80"
|
||||
Loading…
Add table
Reference in a new issue