# Configure a SUNET CDN CA server class cdn::ca( Hash[String, Integer] $customers = { customer1 => 1000000000, } ) { include sunet::packages::certbot include cdn::ca_trust $cache_secrets = lookup({ 'name' => 'cdn::cache-secrets', 'default_value' => undef }) file { '/opt/sunet-cdn': ensure => directory, owner => 'root', group => 'root', mode => '0755', } file { '/opt/sunet-cdn/customers': ensure => directory, owner => 'root', group => 'root', mode => '0755', } file { '/opt/sunet-cdn/conf': ensure => directory, owner => 'root', group => 'root', mode => '0755', } file { "/opt/sunet-cdn/conf/varnish-slash-seccomp.json": ensure => file, owner => 'root', group => 'root', mode => '0644', content => template('cdn/cache/varnish-slash-seccomp.json.erb'), } if $cache_secrets { customers.each |String $customer, Integer $customer_uid| { if $cache_secrets['customers'][$customer] { file { "/opt/sunet-cdn/customers/$customer": ensure => directory, owner => $customer_uid, group => $customer_uid, mode => '0750', } file { "/opt/sunet-cdn/customers/$customer/shared": ensure => directory, owner => $customer_uid, group => $customer_uid, mode => '0750', } file { "/opt/sunet-cdn/customers/$customer/cache": ensure => directory, owner => $customer_uid, group => $customer_uid, mode => '0750', } file { "/opt/sunet-cdn/customers/$customer/conf/haproxy.cfg": ensure => file, owner => $customer_uid, group => $customer_uid, mode => '0440', content => template('cdn/cache/haproxy.cfg.erb'), } sunet::docker_compose { "sunet-cdn-cache-$customer": content => template('cdn/cache/docker-compose.yml.erb'), service_name => "cdn-cache-$customer", compose_dir => "/opt/sunet-cdn/compose/$customer", compose_filename => 'docker-compose.yml', description => "SUNET CDN CA $customer", } } } } }