From 2e49e12c70fa9015f94ead59b98c0b18c03a06dc Mon Sep 17 00:00:00 2001 From: Patrik Lundin Date: Tue, 12 Nov 2024 10:10:27 +0100 Subject: [PATCH] Start creating sunet-cdnp unit file --- .../etc/puppet/modules/cdn/manifests/cache.pp | 14 ++++++++++++++ .../cdn/templates/cache/sunet-cdnp.service.erb | 16 ++++++++++++++++ 2 files changed, 30 insertions(+) create mode 100644 global/overlay/etc/puppet/modules/cdn/templates/cache/sunet-cdnp.service.erb diff --git a/global/overlay/etc/puppet/modules/cdn/manifests/cache.pp b/global/overlay/etc/puppet/modules/cdn/manifests/cache.pp index 96a9d40..4a0c353 100644 --- a/global/overlay/etc/puppet/modules/cdn/manifests/cache.pp +++ b/global/overlay/etc/puppet/modules/cdn/manifests/cache.pp @@ -7,6 +7,11 @@ class cdn::cache( Hash[String, String] $acme_url = { test => 'https://internal-sto3-test-ca-1.cdn.sunet.se:9000/acme/acme/directory' } + Hash[String, Hash[String, String]] $mqtt_url = { + sto3 => { + test => 'tls://internal-sto3-test-mqtt-1.cdn.sunet.se:8883', + }, + } ) { include sunet::packages::certbot @@ -135,6 +140,7 @@ class cdn::cache( $dot_split = split($my_fqdn, '[.]') $my_hostname = $dot_split[0] $dash_split = split($my_hostname,'[-]') + $location = $dash_split[1] $environment = $dash_split[2] sunet::nftables::allow { 'allow-step-ca-acme': @@ -182,6 +188,14 @@ class cdn::cache( target => "${sunet_cdnp_dir}/sunet-cdnp", } + file { '/etc/systemd/system/sunet-cdnp.service': + ensure => file, + owner => 'root', + group => 'root', + mode => '0644', + content => template('cdn/cache/sunet-cdnp.service.erb'), + } + if $cache_secrets { $customers.each |String $customer, Integer $customer_uid| { if $cache_secrets['customers'][$customer] { diff --git a/global/overlay/etc/puppet/modules/cdn/templates/cache/sunet-cdnp.service.erb b/global/overlay/etc/puppet/modules/cdn/templates/cache/sunet-cdnp.service.erb new file mode 100644 index 0000000..96c5eee --- /dev/null +++ b/global/overlay/etc/puppet/modules/cdn/templates/cache/sunet-cdnp.service.erb @@ -0,0 +1,16 @@ +# This service file is generated by Puppet. Do not edit. +[Unit] +Description=SUNET CDN Purger +Wants=docker.service +After=docker.service + +[Service] +Type=simple +ExecStart=/usr/local/bin/sunet-cdnp \ + -mqtt-ca-file /usr/local/share/ca-certificates/step_ca_root.crt \ + -mqtt-client-key-file /etc/letsencrypt/live/<%= @networking['fqdn'] %>/privkey.pem \ + -mqtt-client-cert-file /etc/letsencrypt/live/<%= @networking['fqdn'] %>/fullchain.pem \ + -mqtt-server <%= @mqtt_url[@location][@environment] %> + +[Install] +WantedBy=multi-user.target