diff options
| author | Hugo Hörnquist <hugo@lysator.liu.se> | 2023-06-20 22:32:35 +0200 |
|---|---|---|
| committer | Hugo Hörnquist <hugo@lysator.liu.se> | 2023-06-20 22:32:35 +0200 |
| commit | 5b100712c03c9233ec89d6a30d568d3d296eab1a (patch) | |
| tree | 9d6e7e92728e1370cade5bc5bbf97896d4e5ba58 | |
| parent | fixes (diff) | |
| download | concourse-5b100712c03c9233ec89d6a30d568d3d296eab1a.tar.gz concourse-5b100712c03c9233ec89d6a30d568d3d296eab1a.tar.xz | |
fixes
| -rw-r--r-- | files/concourse-web.service | 1 | ||||
| -rw-r--r-- | files/concourse-worker.service | 1 | ||||
| -rw-r--r-- | manifests/auth/ldap.pp | 24 | ||||
| -rw-r--r-- | manifests/auth/local.pp | 22 | ||||
| -rw-r--r-- | manifests/conf.pp | 45 | ||||
| -rw-r--r-- | manifests/conf/web.pp | 15 | ||||
| -rw-r--r-- | manifests/conf/worker.pp | 15 | ||||
| -rw-r--r-- | manifests/confdir.pp | 23 | ||||
| -rw-r--r-- | manifests/env_file.pp | 0 | ||||
| -rw-r--r-- | manifests/proxy/nginx.pp | 2 | ||||
| -rw-r--r-- | manifests/web.pp | 33 | ||||
| -rw-r--r-- | manifests/web_conf.pp | 0 |
12 files changed, 113 insertions, 68 deletions
diff --git a/files/concourse-web.service b/files/concourse-web.service index bb6182a..3a64a52 100644 --- a/files/concourse-web.service +++ b/files/concourse-web.service @@ -4,7 +4,6 @@ Description=Continous thing-doer. [Service] ExecStart=concourse web ExecReload=kill -HUP $MAINPID -EnvironmentFile=/etc/conf.d/concourse [Install] WantedBy=multi-user.target diff --git a/files/concourse-worker.service b/files/concourse-worker.service index 15d7a39..d99915b 100644 --- a/files/concourse-worker.service +++ b/files/concourse-worker.service @@ -3,7 +3,6 @@ Description=Worker for Concourse [Service] ExecStart=concourse worker --healthcheck-bind-ip="${HEALTHCHECK_BIND_IP}" --healthcheck-bind-port="${HEALTHCHECK_BIND_PORT}" --healthcheck-timeout="${HEALTHCHECK_TIMEOUT}" -EnvironmentFile=/etc/conf.d/concourse-worker [Install] WantedBy=multi-user.target diff --git a/manifests/auth/ldap.pp b/manifests/auth/ldap.pp index 028e898..9d10ceb 100644 --- a/manifests/auth/ldap.pp +++ b/manifests/auth/ldap.pp @@ -62,7 +62,7 @@ class concourse::auth::ldap ( String $user_search_username = 'uid', Optional[String] $display_name = undef, Optional[String] $user_search_filter = undef, - Optional[String] $user_search_id_attr = undef, + Optional[String] $user_search_id_attr = undef, Optional[String] $user_search_email_attr = undef, Optional[String] $user_search_name_attr = undef, Optional[Stdlib::Absolutepath] $ca_cert = undef, @@ -76,8 +76,6 @@ class concourse::auth::ldap ( Optional[Array[String]] $main_team_group = undef, Enum['absent', 'present'] $ensure = 'present', ) { - $env_file = "${concourse::web::conf_dir}/auth-ldap" - $environment = { 'CONCOURSE_LDAP_HOST' => $host, 'CONCOURSE_LDAP_BIND_DN' => $bind_dn, @@ -106,22 +104,8 @@ class concourse::auth::ldap ( }, } - file { $env_file: - ensure => $ensure, - content => epp("${module_name}/env.epp", { 'entries' => $environment }), - # To not show new password - show_diff => false, - mode => '0600', - } - - $dropin_content = @("EOF") - [Service] - EnvironmentFile=${env_file} - | EOF - - systemd::dropin_file { 'concourse-ldap-auth.conf': - ensure => $ensure, - unit => $concourse::web::service_unit, - content => $dropin_content, + concourse::conf::web { 'auth-ldap': + ensure => $ensure, + env => $environment, } } diff --git a/manifests/auth/local.pp b/manifests/auth/local.pp index 9329e30..a66fba5 100644 --- a/manifests/auth/local.pp +++ b/manifests/auth/local.pp @@ -15,8 +15,6 @@ class concourse::auth::local ( Optional[Array[String]] $main_team_group = undef, # ignored Enum['absent', 'present'] $ensure = 'present', ) { - $env_file = "${concourse::web::conf_dir}/auth-local" - $environment = { 'CONCOURSE_ADD_LOCAL_USER' => $users.map |$user| { $name = $user['name'] @@ -32,22 +30,8 @@ class concourse::auth::local ( }, } - file { $env_file: - ensure => $ensure, - content => epp("${module_name}/env.epp", { 'entries' => $environment }), - # To not show new password - show_diff => false, - mode => '0600', - } - - $dropin_content = @("EOF") - [Service] - EnvironmentFile=${env_file} - | EOF - - systemd::dropin_file { 'concourse-local-auth.conf': - ensure => $ensure, - unit => $concourse::web::service_unit, - content => $dropin_content, + concourse::conf::web { 'auth-local': + ensure => $ensure, + env => $environment, } } diff --git a/manifests/conf.pp b/manifests/conf.pp new file mode 100644 index 0000000..86802ee --- /dev/null +++ b/manifests/conf.pp @@ -0,0 +1,45 @@ +# @summary Sets up a environment file. +# +# Configures an environment file along with a systemd dropin unit for +# loading that file. +# +# @param env +# Environment to set. +# @param service +# Which service this environment belongs to. +# Also configures which service file a dropin will be created for, +# along with which service should be notified that its environment +# was updated. +# @param path +# Absolute path to the configuration file. Should generally not be +# manually set. +# @param ensure +# @api private +define concourse::conf ( + Hash[String, String] $env, + String $service, + Stdlib::Abspath $path = "${concourse::confdir::conf_dir}/${name}", + Enum['absent', 'present'] $ensure = 'present', +) { + include concourse::confdir + + file { $path: + ensure => $ensure, + content => epp("${module_name}/env.epp", { 'entries' => $env }), + show_diff => false, + mode => '0600', + notify => Service[$service], + } + + $dropin_content = @("EOF") + [Service] + EnvironmentFile=${path} + | EOF + + systemd::dropin_file { "concourse-${name}.conf": + ensure => $ensure, + unit => $concourse::web::service_unit, + content => $dropin_content, + notify_service => true, + } +} diff --git a/manifests/conf/web.pp b/manifests/conf/web.pp new file mode 100644 index 0000000..3cc0742 --- /dev/null +++ b/manifests/conf/web.pp @@ -0,0 +1,15 @@ +# @summary A environment file for a web node. +# @param env +# Contents of the configuration file. +# @param ensure +# @api private +define concourse::conf::web ( + Hash[String, String] $env, + Enum['absent', 'present'] $ensure = 'present', +) { + concourse::conf { $name: + ensure => $ensure, + env => $env, + service => $concourse::web::service, + } +} diff --git a/manifests/conf/worker.pp b/manifests/conf/worker.pp new file mode 100644 index 0000000..24eba7e --- /dev/null +++ b/manifests/conf/worker.pp @@ -0,0 +1,15 @@ +# @summary A environment file for a worker node. +# @param env +# Contents of the configuration file. +# @param ensure +# @api private +define concourse::conf::worker ( + Hash[String, String] $env, + Enum['absent', 'present'] $ensure = 'present', +) { + concourse::conf { $name: + ensure => $ensure, + env => $env, + service => $concourse::worker::service, + } +} diff --git a/manifests/confdir.pp b/manifests/confdir.pp new file mode 100644 index 0000000..70be54c --- /dev/null +++ b/manifests/confdir.pp @@ -0,0 +1,23 @@ +# @summary Sets up configuration directory +# +# As noted elsewhere, concourse wants to be configured through environment variables. +# This creates a directory to store the environment variables in. +# +# @param conf_dir +# Where additional environment files will be stored. +# @param purge_conf_dir +# Should the directory mentioned in `conf_dir` be purged. If this +# is true then decomissioning sub-configurations are done by simply +# removing that resource. +# @api private +class concourse::confdir ( + Stdlib::Absolutepath $conf_dir = '/etc/conf.d/concourse.d', + Boolean $purge_conf_dir = true, + Enum['absent', 'present'] $ensure = 'present', +) { + file { $conf_dir: + ensure => if $ensure == 'present' { 'directory' } else { 'absent' }, + purge => $purge_conf_dir, + recurse => true, + } +} diff --git a/manifests/env_file.pp b/manifests/env_file.pp new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/manifests/env_file.pp diff --git a/manifests/proxy/nginx.pp b/manifests/proxy/nginx.pp index 3f315f0..6328d3d 100644 --- a/manifests/proxy/nginx.pp +++ b/manifests/proxy/nginx.pp @@ -21,7 +21,7 @@ define concourse::proxy::nginx ( Enum['absent', 'present'] $ensure = 'present', ) { include concourse - include ::letsencrypt + include letsencrypt nginx::resource::upstream { "concourse_${cluster}": ensure => $ensure, diff --git a/manifests/web.pp b/manifests/web.pp index fd87a67..e3620f7 100644 --- a/manifests/web.pp +++ b/manifests/web.pp @@ -5,16 +5,8 @@ # This service WILL be managed by us. # @param service_unit # Exact unit name (in terms of systemd) of the service. -# @param conf_file -# Where configuration environment variables will be stored. -# Currently hard-coded in the service file. -# @param conf_dir -# Where additional environment files will be stored. Used (at -# least) by each auth resource. -# @param purge_conf_dir -# Should the directory mentioned in `conf_dir` be purged. If this -# is true then decomissioning sub-configurations are done by simply -# removing that resource. +# @param conf_name +# Local name of the main configuration file. # @param ensure # @param cluster # Which concourse this web node is part of. An @@ -83,7 +75,7 @@ class concourse::web ( String $tsa_host_key_file = "${key_dir}/tsa_host_key", String $tsa_authorized_keys_file = "${key_dir}/authorized_worker_keys", - String $peer_address = $facts['ipaddress'], + String $peer_address = $facts['networking']['ip'], Optional[String] $postgres_host = undef, Optional[String] $postgres_port = undef, @@ -98,9 +90,7 @@ class concourse::web ( String $service = 'concourse', String $service_unit = "${service}.service", - Stdlib::Absolutepath $conf_file = '/etc/conf.d/concourse', - Stdlib::Absolutepath $conf_dir = '/etc/conf.d/concourse.d', - Boolean $purge_conf_dir = true, + String $conf_name = 'web-base', Enum['absent', 'present'] $ensure = 'present', Array[String] $packages = [ @@ -136,18 +126,9 @@ class concourse::web ( 'CONCOURSE_BACKEND_MAX_CONNS' => $backend_max_conns, } + $extra_env - file { $conf_file: - ensure => $ensure, - mode => '0600', - show_diff => false, - content => epp("${module_name}/env.epp", { 'entries' => $env }), - } - - file { $conf_dir: - ensure => if $ensure == 'present' { 'directory' } else { 'absent' }, - purge => $purge_conf_dir, - recurse => true, - notify => Service[$service], + concourse::conf::web { $conf_name: + ensure => $ensure, + env => $env, } file { $key_dir: diff --git a/manifests/web_conf.pp b/manifests/web_conf.pp new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/manifests/web_conf.pp |