Commit 92c8a872 authored by Scotty Logan's avatar Scotty Logan
Browse files

initial commit

parents
source ENV['GEM_SOURCE'] || 'https://rubygems.org'
puppetversion = ENV.key?('PUPPET_VERSION') ? ENV['PUPPET_VERSION'] : ['>= 3.3']
gem 'metadata-json-lint'
gem 'puppet', puppetversion
gem 'puppetlabs_spec_helper', '>= 1.0.0'
gem 'puppet-lint', '>= 1.0.0'
gem 'facter', '>= 1.7.0'
gem 'rspec-puppet'
# rspec must be v2 for ruby 1.8.7
if RUBY_VERSION >= '1.8.7' && RUBY_VERSION < '1.9'
gem 'rspec', '~> 2.0'
gem 'rake', '~> 10.0'
else
# rubocop requires ruby >= 1.9
gem 'rubocop'
end
# webauth
#### Table of Contents
1. [Description](#description)
1. [Setup - The basics of getting started with webauth](#setup)
* [What webauth affects](#what-webauth-affects)
* [Setup requirements](#setup-requirements)
* [Beginning with webauth](#beginning-with-webauth)
1. [Usage - Configuration options and additional functionality](#usage)
1. [Reference - An under-the-hood peek at what the module is doing and how](#reference)
1. [Limitations - OS compatibility, etc.](#limitations)
1. [Development - Guide for contributing to the module](#development)
## Description
Start with a one- or two-sentence summary of what the module does and/or what
problem it solves. This is your 30-second elevator pitch for your module.
Consider including OS/Puppet version it works with.
You can give more descriptive information in a second paragraph. This paragraph
should answer the questions: "What does this module *do*?" and "Why would I use
it?" If your module has a range of functionality (installation, configuration,
management, etc.), this is the time to mention it.
## Setup
### What webauth affects **OPTIONAL**
If it's obvious what your module touches, you can skip this section. For
example, folks can probably figure out that your mysql_instance module affects
their MySQL instances.
If there's more that they should know about, though, this is the place to mention:
* A list of files, packages, services, or operations that the module will alter,
impact, or execute.
* Dependencies that your module automatically installs.
* Warnings or other important notices.
### Setup Requirements **OPTIONAL**
If your module requires anything extra before setting up (pluginsync enabled,
etc.), mention it here.
If your most recent release breaks compatibility or requires particular steps
for upgrading, you might want to include an additional "Upgrading" section
here.
### Beginning with webauth
The very basic steps needed for a user to get the module up and running. This
can include setup steps, if necessary, or it can be an example of the most
basic use of the module.
## Usage
This section is where you describe how to customize, configure, and do the
fancy stuff with your module here. It's especially helpful if you include usage
examples and code samples for doing things with your module.
## Reference
Here, include a complete list of your module's classes, types, providers,
facts, along with the parameters for each. Users refer to this section (thus
the name "Reference") to find specific details; most users don't read it per
se.
## Limitations
This is where you list OS compatibility, version compatibility, etc. If there
are Known Issues, you might want to include them under their own heading here.
## Development
Since your module is awesome, other users will want to play with it. Let them
know what the ground rules for contributing are.
## Release Notes/Contributors/Etc. **Optional**
If you aren't using changelog, put your release notes here (though you should
consider using changelog). You can also add any additional sections you feel
are necessary or important to include here. Please use the `## ` header.
require 'puppetlabs_spec_helper/rake_tasks'
require 'puppet-lint/tasks/puppet-lint'
require 'metadata-json-lint/rake_task'
if RUBY_VERSION >= '1.9'
require 'rubocop/rake_task'
RuboCop::RakeTask.new
end
PuppetLint.configuration.send('disable_80chars')
PuppetLint.configuration.relative = true
PuppetLint.configuration.ignore_paths = ['spec/**/*.pp', 'pkg/**/*.pp']
desc 'Validate manifests, templates, and ruby files'
task :validate do
Dir['manifests/**/*.pp'].each do |manifest|
sh "puppet parser validate --noop #{manifest}"
end
Dir['spec/**/*.rb', 'lib/**/*.rb'].each do |ruby_file|
sh "ruby -c #{ruby_file}" unless ruby_file =~ %r{spec/fixtures}
end
Dir['templates/**/*.erb'].each do |template|
sh "erb -P -x -T '-' #{template} | ruby -c"
end
end
desc 'Run metadata_lint, lint, validate, and spec tests.'
task :test do
[:metadata_lint, :lint, :validate, :spec].each do |test|
Rake::Task[test].invoke
end
end
PassEnv REQUESTER_MAIL
PassEnv REQUESTER_NAME
PassEnv REQUESTER_SUNETID
PassEnv ADMIN_MAIL
PassEnv ADMIN_USER
PassEnv ADMIN_PASSWORD
PassEnv PLATFORM_GROUP
PassEnv PLATFORM_IDP
PassEnv PLATFORM_IDP
PassEnv PLATFORM_IDP
PassEnv SITE_NAME
PassEnv SITE_DESC
PassEnv SITE_APP
PassEnv SITE_TYPE
PassEnv SITE_URL
PassEnv SITE_DOMAIN
PassEnv SITE_ADMIN_GROUP
PassEnv SITE_OWNER_GROUP
PassEnv SITE_EDITOR_GROUP
PassEnv ENV_ID
PassEnv ENV_PORT
PassEnv ENV_IMAGE
PassEnv ENV_ELB
PassEnv ENV_IDP
PassEnv ENV_NAME
PassEnv ENV_DOMAIN
PassEnv ENV_URL
PassEnv ENV_ENTITY_ID
PassEnv RDS_DB_NAME
PassEnv RDS_USERNAME
PassEnv RDS_PASSWORD
PassEnv RDS_HOSTNAME
PassEnv AWS_ACCESS_KEY
PassEnv AWS_SECRET_KEY
PassEnv S3_FILE_BUCKET
PassEnv S3_LOG_BUCKET
PassEnv S3_BUCKET
#! /bin/bash
exec /usr/sbin/apache2ctl -D FOREGROUND -k start
# suet-webauth/hiera.yaml
#
#
---
version: 4
datadir: data
hierarchy:
- name: "Virtual"
backend: yaml
path: "%{virtual}"
- name: "Common"
backend: yaml
path: "common"
# Class: webauth
# ===========================
#
# Full description of class webauth here.
#
# Examples
# --------
#
# @example
# class { 'webauth': }
#
# === Authors
#
# Xueshan Feng <sfeng@stanford.edu>
# Scotty Logan <swl@stanford.edu>
#
# === Copyright
#
# Copyright (c) 2016 The Board of Trustees of the Leland Stanford Junior
# University
#
class webauth {
if ($::packer_builder_type == 'docker' or $::virtual == 'docker') {
$apache_enable = false
$apache_ensure = 'stopped'
$apache_logroot = '/dev'
$apache_access = 'stdout'
$apache_error = 'stdout'
} else {
$apache_enable = true
$apache_ensure = 'running'
$apache_logroot = '/var/log/apache2'
$apache_access = 'access.log'
$apache_error = 'error.log'
}
class { 'apache':
service_enable => $apache_enable,
service_ensure => $apache_ensure,
default_mods => false,
default_confd_files => false,
default_vhost => false,
log_formats => {
vhost_common => '%v %h %l %u %t \"%r\" %>s %b',
combined_elb => '%v:%p %{X-Forwarded-For}i %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"'
},
logroot => $apache_logroot,
}
apache::vhost { 'webauth':
port => 8080,
docroot => '/var/www',
docroot_owner => 'root',
docroot_group => 'www-data',
docroot_mode => '0755',
servername => '${ENV_DOMAIN}', # lint:ignore:single_quote_string_with_variables
serveradmin => '${ADMIN_MAIL}', # lint:ignore:single_quote_string_with_variables
access_log_format => 'combined_elb',
access_log_file => $apache_access,
error_log_file => $apache_error,
request_headers => [
'unset Proxy early',
],
redirect_source => '/',
redirect_dest => 'https://${ENV_DOMAIN}', # lint:ignore:single_quote_string_with_variables
redirect_status => 'permanent',
}
apache::vhost { 'webauth-ssl':
port => 8443,
ssl => true,
ssl_honorcipherorder => true,
ssl_protocol => [ 'all', '-SSLv2', '-SSLv3' ],
ssl_cipher => 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA',
ssl_options => [ '+FakeBasicAuth', '+StrictRequire', '+StdEnvVars' ],
ssl_cert => '/etc/ssl/certs/server.pem',
ssl_chain => '/etc/ssl/certs/server-chain.pem',
ssl_key => '/etc/ssl/private/server.key',
docroot => '/var/www',
docroot_owner => 'root',
docroot_group => 'www-data',
docroot_mode => '0755',
servername => '${ENV_DOMAIN}', # lint:ignore:single_quote_string_with_variables
serveradmin => '${ADMIN_MAIL}', # lint:ignore:single_quote_string_with_variables
access_log_format => 'combined_elb',
access_log_file => $apache_access,
error_log_file => $apache_error,
request_headers => [
'unset Proxy early',
],
directories => [
{
path => '/var/www',
allow_override => ['All'],
}
],
additional_includes => [
'/etc/apache2/conf.d/webauth_extra.conf',
],
}
apache::mod {
[
'env',
'rewrite',
'authn_core',
'access_compat',
'proxy',
'proxy_http',
'proxy_ajp',
]:
}
apache::mod { 'webauth':
package => 'libapache2-mod-webauth',
package_ensure => 'latest',
}
file {
[
'/var/log/apache2',
'/var/lock/apache2',
'/var/run/apache2',
]:
ensure => directory,
owner => 'www-data',
group => 'www-data',
mode => '0755',
require => Package['httpd'],
}
file { '/etc/apache2/conf.d/platform_env.conf':
ensure => file,
owner => '0',
group => '0',
mode => '0644',
source => "puppet:///modules/${module_name}/apache2/platform_env.conf",
}
file { '/start.sh':
ensure => file,
owner => 'root',
group => 'root',
mode => '0755',
source => "puppet:///modules/${module_name}/start.sh",
}
}
{
"name": "suet-webauth",
"version": "0.1.0",
"author": "Scotty Logan <swl@stanford.edu>",
"summary": "WebAuth module for Stanford servers",
"license": "MIT",
"source": "https://code.stanford.edu/et/puppet-webauth.git",
"project_page": "https://code.stanford.edu/et/puppet-webauth",
"issues_url": "https://code.stanford.edu/et/puppet-webauth/issues",
"dependencies": [
{"name":"puppetlabs-stdlib","version_requirement":">= 1.0.0"},
{"name":"puppetlabs-apache","version_requirement":">= 1.0.0"}
],
"data_provider": "hiera"
}
require 'spec_helper'
describe 'webauth' do
context 'with default values for all parameters' do
it { should contain_class('webauth') }
end
end
require 'puppetlabs_spec_helper/module_spec_helper'
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment