85 lines
2.2 KiB
Puppet
85 lines
2.2 KiB
Puppet
# Configure a SUNET CDN CA server
|
|
class cdn::cache(
|
|
Hash[String, Integer] $customers = {
|
|
customer1 => 1000000000,
|
|
}
|
|
)
|
|
{
|
|
include sunet::packages::certbot
|
|
include cdn::ca_trust
|
|
|
|
$cache_secrets = lookup({ 'name' => 'cdn::cache-secrets', 'default_value' => undef })
|
|
|
|
file { '/opt/sunet-cdn':
|
|
ensure => directory,
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => '0755',
|
|
}
|
|
|
|
file { '/opt/sunet-cdn/customers':
|
|
ensure => directory,
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => '0755',
|
|
}
|
|
|
|
file { '/opt/sunet-cdn/conf':
|
|
ensure => directory,
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => '0755',
|
|
}
|
|
|
|
file { "/opt/sunet-cdn/conf/varnish-slash-seccomp.json":
|
|
ensure => file,
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => '0644',
|
|
content => template('cdn/cache/varnish-slash-seccomp.json.erb'),
|
|
}
|
|
|
|
if $cache_secrets {
|
|
customers.each |String $customer, Integer $customer_uid| {
|
|
if $cache_secrets['customers'][$customer] {
|
|
file { "/opt/sunet-cdn/customers/$customer":
|
|
ensure => directory,
|
|
owner => $customer_uid,
|
|
group => $customer_uid,
|
|
mode => '0750',
|
|
}
|
|
|
|
file { "/opt/sunet-cdn/customers/$customer/shared":
|
|
ensure => directory,
|
|
owner => $customer_uid,
|
|
group => $customer_uid,
|
|
mode => '0750',
|
|
}
|
|
|
|
file { "/opt/sunet-cdn/customers/$customer/cache":
|
|
ensure => directory,
|
|
owner => $customer_uid,
|
|
group => $customer_uid,
|
|
mode => '0750',
|
|
}
|
|
|
|
file { "/opt/sunet-cdn/customers/$customer/conf/haproxy.cfg":
|
|
ensure => file,
|
|
owner => $customer_uid,
|
|
group => $customer_uid,
|
|
mode => '0440',
|
|
content => template('cdn/cache/haproxy.cfg.erb'),
|
|
}
|
|
|
|
sunet::docker_compose { "sunet-cdn-cache-$customer":
|
|
content => template('cdn/cache/docker-compose.yml.erb'),
|
|
service_name => "cdn-cache-$customer",
|
|
compose_dir => "/opt/sunet-cdn/compose/$customer",
|
|
compose_filename => 'docker-compose.yml',
|
|
description => "SUNET CDN CA $customer",
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|