144 lines
3.6 KiB
Puppet
144 lines
3.6 KiB
Puppet
class soc::intelmq(
|
|
Optional[String] $tls_cert = undef,
|
|
Optional[String] $tls_chain = undef,
|
|
Optional[String] $tls_key = undef,
|
|
String $servername = $facts['networking']['fqdn'],
|
|
Boolean $use_snakeoil = false,
|
|
) {
|
|
include sunet::systemd_reload
|
|
|
|
group { 'intelmq':
|
|
ensure => present,
|
|
}
|
|
|
|
user { 'intelmq':
|
|
ensure => present,
|
|
gid => 'intelmq',
|
|
groups => 'www-data',
|
|
home => '/opt/intelmq',
|
|
managehome => true,
|
|
shell => '/bin/bash',
|
|
}
|
|
|
|
file { '/etc/intelmq':
|
|
ensure => directory,
|
|
owner => 'intelmq',
|
|
group => 'intelmq',
|
|
}
|
|
|
|
# file { '/opt/sso/apache/groups.txt':
|
|
# ensure => file,
|
|
# content => template('soc/sso/apache-groups.txt.erb')
|
|
# }
|
|
|
|
package { 'apache2':
|
|
ensure => 'latest',
|
|
}
|
|
|
|
package { 'libapache2-mod-wsgi-py3':
|
|
ensure => 'latest',
|
|
}
|
|
|
|
package { ['postgresql', 'python3-venv', 'python3-pip', 'python3-gpg', 'python3-psycopg2', 'redict', ]:
|
|
ensure => 'latest',
|
|
}
|
|
|
|
exec { 'Install IntelMQ venv':
|
|
command => 'sudo -u intelmq /usr/bin/python3 -m venv --system-site-packages /opt/intelmq/venv',
|
|
creates => '/opt/intelmq/venv',
|
|
}
|
|
|
|
file { '/opt/intelmq/install-intelmq.sh':
|
|
ensure => file,
|
|
content => file('soc/intelmq/install-intelmq.sh'),
|
|
mode => '0555',
|
|
}
|
|
|
|
exec { 'Install IntelMQ':
|
|
command => 'sudo -u intelmq /opt/intelmq/install-intelmq.sh',
|
|
creates => '/opt/intelmq/.installed'
|
|
}
|
|
|
|
exec { 'Run IntelMQ setup script':
|
|
command => '/opt/intelmq/venv/bin/intelmqsetup --state-file /opt/intelmq/.setup_state',
|
|
creates => '/opt/intelmq/.setup_state',
|
|
returns => ['0', '1',],
|
|
}
|
|
|
|
file { '/etc/sudoers.d/01_intelmq-api':
|
|
ensure => file,
|
|
content => file('soc/intelmq/sudoers-01-intelmq-api'),
|
|
mode => '0440',
|
|
}
|
|
|
|
service { 'apache2':
|
|
ensure => 'running',
|
|
enable => true,
|
|
require => Package['apache2'],
|
|
}
|
|
|
|
exec { 'Enable Apache2 modules':
|
|
command => 'a2enmod ssl wsgi proxy proxy_http headers rewrite',
|
|
require => Package['libapache2-mod-wsgi-py3'],
|
|
notify => Service['apache2'],
|
|
}
|
|
|
|
file { '/etc/apache2/conf-available/wsgi-venv.conf':
|
|
ensure => file,
|
|
content => file('soc/intelmq/apache/wsgi-venv.conf'),
|
|
}
|
|
|
|
exec { 'Enable wsgi-venv conf':
|
|
command => 'a2enconf wsgi-venv',
|
|
creates => '/etc/apache2/conf-enabled/wsgi-venv.conf',
|
|
notify => Service['apache2'],
|
|
}
|
|
|
|
file { '/etc/apache2/sites-available/intelmq-vhost.conf':
|
|
ensure => file,
|
|
content => template('soc/intelmq/intelmq-vhost.conf.erb'),
|
|
}
|
|
|
|
file { '/etc/intelmq/api-config.json':
|
|
ensure => file,
|
|
owner => 'intelmq',
|
|
group => 'intelmq',
|
|
mode => '0444',
|
|
content => 'soc/intelmq/api-config.json',
|
|
}
|
|
|
|
file { 'api-session.sqlite':
|
|
ensure => 'present',
|
|
replace => 'no',
|
|
owner => 'intelmq',
|
|
group => 'www-data',
|
|
mode => '0660'
|
|
}
|
|
|
|
file { '/etc/systemd/system/intelmq-api.service':
|
|
ensure => file,
|
|
content => 'soc/intelmq/intelmq-api.service',
|
|
notify => [Class['sunet::systemd_reload'], Service['intelmq-api.service'],],
|
|
}
|
|
|
|
file { '/etc/systemd/system/intelmq-api.socket':
|
|
ensure => file,
|
|
content => 'soc/intelmq/intelmq-api.socket',
|
|
notify => [Class['sunet::systemd_reload'], Service['intelmq-api.socket'],],
|
|
}
|
|
|
|
service { 'intelmq-api.service':
|
|
ensure => running,
|
|
name => 'intelmq-api.service',
|
|
enable => true,
|
|
hasrestart => true,
|
|
}
|
|
|
|
service { 'intelmq-api.socket':
|
|
ensure => running,
|
|
name => 'intelmq-api.socket',
|
|
enable => true,
|
|
hasrestart => true,
|
|
}
|
|
|
|
}
|