46 lines
1.6 KiB
Puppet
46 lines
1.6 KiB
Puppet
# idm_app
|
|
class eid::idm_app (
|
|
) {
|
|
|
|
$redises = lookup('redis_cluster_nodes', undef, undef, [])
|
|
$dbs = lookup('mariadb_cluster_nodes', undef, undef, [])
|
|
$dbs_string = join($dbs,',')
|
|
|
|
$sql_password = lookup('sql_password', undef, undef, undef)
|
|
|
|
ensure_resource('sunet::misc::create_dir', '/opt/idm_app/config/', { owner => 'root', group => 'root', mode => '0750'})
|
|
file { '/opt/idm_app/config/idm.yml':
|
|
content => template('eid/idm/idm.yml.erb'),
|
|
mode => '0755',
|
|
}
|
|
|
|
|
|
sunet::nftables::allow { 'expose-allow-https':
|
|
from => ['94.176.224.38', '94.176.224.166', '130.242.126.195','130.242.126.197'],
|
|
port => 443,
|
|
}
|
|
|
|
|
|
package {'openjdk-17-jre-headless':
|
|
ensure => latest
|
|
}
|
|
|
|
$pass = 'qwerty123'
|
|
exec { 'infra.p12':
|
|
command => "keytool -import -noprompt -deststorepass ${pass} -file /etc/ssl/certs/infra.crt -keystore /etc/ssl/certs/infra.p12",
|
|
onlyif => 'test ! -f /etc/ssl/certs/infra.p12'
|
|
}
|
|
# Unwanted password - but hey Java!
|
|
exec { "${facts['networking']['fqdn']}_infra.p12":
|
|
command => "openssl pkcs12 -export -in /etc/ssl/certs/${facts['networking']['fqdn']}_infra.crt -inkey /etc/ssl/private/${facts['networking']['fqdn']}_infra.pem -name 'infra' -out /etc/ssl/private/${facts['networking']['fqdn']}_infra.p12 -passout pass:${pass}",
|
|
onlyif => "test ! -f /etc/ssl/private/${facts['networking']['fqdn']}_infra.p12"
|
|
}
|
|
|
|
sunet::docker_compose { 'idm_app':
|
|
content => template('eid/idm/docker-compose.yml.erb'),
|
|
service_name => 'idm_app',
|
|
compose_dir => '/opt/',
|
|
compose_filename => 'docker-compose.yml',
|
|
description => 'Identity matching'
|
|
}
|
|
}
|