From 5a4ed134fea123837772ba5d1911716f198bc6f6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Hugo=20H=C3=B6rnquist?= <hugo@lysator.liu.se>
Date: Tue, 20 Jun 2023 02:01:46 +0200
Subject: fixes

---
 manifests/init.pp        |  4 ++++
 manifests/proxy/nginx.pp | 10 +++++++---
 manifests/web.pp         | 19 +++++++++----------
 manifests/worker.pp      |  2 +-
 4 files changed, 21 insertions(+), 14 deletions(-)

(limited to 'manifests')

diff --git a/manifests/init.pp b/manifests/init.pp
index 368b558..e6f988c 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -6,6 +6,9 @@
 #   Cluster used by all resources if no specific cluster is specified.
 # @param worker_service
 #   Name of the the system service for workers.
+# @param key_dir
+#   Directory in which keys should be stored.
+#   Used by other resources.
 # @param clusters
 #   Hash from cluster name to default values for each cluster.
 #   Each key should be the name of a cluster, and the options are as follows:
@@ -20,6 +23,7 @@ class concourse (
   String $default_cluster,
   String $worker_work_dir = '/opt/concourse/worker',
   String $worker_service = 'concourse-worker',
+  String $key_dir = '/usr/lib/concourse/keys',
   Hash[String, Hash[String, Any]] $clusters = {},
 ) {
   # Merge all configured clusters we find in hiera, and append those
diff --git a/manifests/proxy/nginx.pp b/manifests/proxy/nginx.pp
index 7965d4b..ad4fa17 100644
--- a/manifests/proxy/nginx.pp
+++ b/manifests/proxy/nginx.pp
@@ -7,18 +7,22 @@
 #   Name of the nginx server, will also be used for rev-proxy routing.
 # @param cluster
 #   Name of the concourse cluster.
+# @param upstream_members
+#   Members of this cluster. If puppetdb is available then these are
+#   collected automatically from each instance of `concourse::web`.
+#   But if that is not an option then they can be specified manually.
 # @param ensure
 define concourse::proxy::nginx (
   String $server_name = $name,
   String $cluster = $concourse::default_cluster,
+  Optional[Nginx::UpstreamMembers] $upstream_members = undef,
   Enum['absent', 'present'] $ensure = 'present',
 ) {
   include concourse
 
-  # Members are collected through the puppet database.
-  # TODO optionally allow manually specifying them.
   nginx::resource::upstream { $cluster:
-    ensure => $ensure,
+    ensure  => $ensure,
+    members => $upstream_members,
   }
 
   nginx::resource::server { $server_name:
diff --git a/manifests/web.pp b/manifests/web.pp
index e61ff12..fce84cc 100644
--- a/manifests/web.pp
+++ b/manifests/web.pp
@@ -75,7 +75,7 @@ class concourse::web (
   Variant[String, Sensitive[String]] $tsa_private_key     = $concourse::configured_clusters[$cluster]['tsa_private_key'],
   Array[String] $worker_public_keys                       = [],
 
-  String $key_dir                                         = '/usr/lib/concourse',
+  String $key_dir                                         = $concourse::key_dir,
   String $session_signing_key_file                        = "${key_dir}/session_signing_key",
   String $tsa_host_key_file                               = "${key_dir}/tsa_host_key",
   String $tsa_authorized_keys_file                        = "${key_dir}/authorized_worker_keys",
@@ -147,6 +147,7 @@ class concourse::web (
 
   file { $key_dir:
     ensure  => if $ensure == 'present' { 'directory' } else { 'absent' },
+    # TODO this also chmod's all children...
     mode    => '0700',
     recurse => true,
     force   => true,
@@ -165,7 +166,7 @@ class concourse::web (
       ;
   }
 
-  concat { "authorized_workers_key - ${cluster}":
+  concat { "authorized_worker_key - ${cluster}":
     path           => $tsa_authorized_keys_file,
     warn           => '# File managed by puppet, local changes WILL be overwritten',
     ensure_newline => true,
@@ -188,13 +189,11 @@ class concourse::web (
     enable => true,
   }
 
-  notify { $peer_address:
-  }
-
   # Exported resource
-  # @@nginx::resource::upstream::member { $trusted['certname']:
-  #   ensure   => $ensure,
-  #   upstream => $cluster,
-  #   server   => "${peer_address}:8080",
-  # }
+  @@nginx::resource::upstream::member { $trusted['certname']:
+    ensure   => $ensure,
+    upstream => $cluster,
+    server   => $peer_address,
+    port     => 8080,
+  }
 }
diff --git a/manifests/worker.pp b/manifests/worker.pp
index 2d25395..b45a3fe 100644
--- a/manifests/worker.pp
+++ b/manifests/worker.pp
@@ -64,7 +64,7 @@
 #   to the worker process.
 class concourse::worker (
   String $cluster                               = $concourse::default_cluster,
-  Stdlib::Absolutepath $key_dir                 = '/usr/lib/concourse',
+  Stdlib::Absolutepath $key_dir                 = $concourse::key_dir,
   Stdlib::Absolutepath $worker_private_key_file = "${key_dir}/worker_key",
   Stdlib::Absolutepath $worker_public_key_file  = "${worker_private_key_file}.pub",
   String $service                               = $concourse::worker_service,
-- 
cgit v1.2.3