Merge pull request #2 from rwf14f/master

Improvements and bug fixes

manifests/apache.pp

@@ -31,7 +31,7 @@
       "set directive[.='SSLVerifyDepth'] 'SSLVerifyDepth'",
       "set *[.='SSLVerifyDepth']/arg ${verifydepth}",
     ],
-    notify => Service[$::perfsonar::params::httpd_service],
+    notify  => Service[$::perfsonar::params::httpd_service],
     require => Package[$::perfsonar::params::httpd_package],
   }
   $have_auth = $authdn ? {
@@ -67,19 +67,26 @@
         #"setm Directory[arg=~regexp('.*/web/root/admin(/.*)?\"?')] directive[.='Include'] 'Include'",
         #"setm Directory[arg=~regexp('.*/web/root/admin(/.*)?\"?')] *[.='Include']/arg '${perfsonar::params::httpd_dir}/ssl_auth.conf'",
       ],
-      notify => Service[$::perfsonar::params::httpd_service],
-      require => Package[$::perfsonar::params::httpd_package],
+      notify  => Service[$::perfsonar::params::httpd_service],
+      require => [
+        Package[$::perfsonar::params::httpd_package],
+        File["${perfsonar::params::httpd_dir}/ssl_auth.conf"],
+      ],
     }
     file { "${perfsonar::params::httpd_dir}/ssl_auth.conf":
       ensure  => 'present',
       owner   => 'root',
       group   => 'root',
       mode    => '0644',
       content => template("${module_name}/ssl_auth.conf.erb"),
-      notify => Service[$::perfsonar::params::httpd_service],
+      notify  => Service[$::perfsonar::params::httpd_service],
       require => Package[$::perfsonar::params::httpd_package],
     }
   } else {
+    # restore apache user auth for perfsonar admin
+    # this is problematic as it only restores the configuration file to the state that was known
+    # to the author at the time of writing
+    # it's safer to reinstall the configuration file from the rpm
     augeas { 'restore mod_ssl auth':
       incl    => "${perfsonar::params::conf_dir}/apache-toolkit_web_gui.conf",
       lens    => 'Httpd.lns',
@@ -94,8 +101,7 @@
         "set Directory[arg='\"/opt/perfsonar_ps/toolkit/web/root/admin\"']/*[.='AuthName']/arg '\"Password Required\"'",
         "set Directory[arg='\"/opt/perfsonar_ps/toolkit/web/root/admin\"']/directive[.='Require'] 'Require'",
         "set Directory[arg='\"/opt/perfsonar_ps/toolkit/web/root/admin\"']/*[.='Require']/arg[1] 'group'",
-        "set Directory[arg='\"/opt/perfsonar_ps/toolkit/web/root/admin\"']/*[.='Require']/arg[2] 'wheel'",
-        "set Directory[arg='\"/opt/perfsonar_ps/toolkit/web/root/admin\"']/*[.='Require']/arg[3] 'admin'",
+        "set Directory[arg='\"/opt/perfsonar_ps/toolkit/web/root/admin\"']/*[.='Require']/arg[2] 'psadmin'",
         "rm Directory[arg='\"/opt/perfsonar_ps/toolkit/web/root/admin/logs\"']/*[.='Include']",
         "set Directory[arg='\"/opt/perfsonar_ps/toolkit/web/root/admin/logs\"']/directive[.='AuthShadow'] 'AuthShadow'",
         "set Directory[arg='\"/opt/perfsonar_ps/toolkit/web/root/admin/logs\"']/*[.='AuthShadow']/arg 'on'",
@@ -105,8 +111,7 @@
         "set Directory[arg='\"/opt/perfsonar_ps/toolkit/web/root/admin/logs\"']/*[.='AuthName']/arg '\"Password Required\"'",
         "set Directory[arg='\"/opt/perfsonar_ps/toolkit/web/root/admin/logs\"']/directive[.='Require'] 'Require'",
         "set Directory[arg='\"/opt/perfsonar_ps/toolkit/web/root/admin/logs\"']/*[.='Require']/arg[1] 'group'",
-        "set Directory[arg='\"/opt/perfsonar_ps/toolkit/web/root/admin/logs\"']/*[.='Require']/arg[2] 'wheel'",
-        "set Directory[arg='\"/opt/perfsonar_ps/toolkit/web/root/admin/logs\"']/*[.='Require']/arg[3] 'admin'",
+        "set Directory[arg='\"/opt/perfsonar_ps/toolkit/web/root/admin/logs\"']/*[.='Require']/arg[2] 'psadmin'",
         # below should work, but the setm command suffers the same problem as the ones in the "if $have_auth > 0" block
         #"rm Directory[arg=~regexp('.*/web/root/admin(/.*)?\"?')]/*[.='Include']",
         #"setm Directory[arg=~regexp('.*/web/root/admin(/.*)?\"?')] directive[.='AuthShadow'] 'AuthShadow'",
@@ -117,15 +122,14 @@
         #"setm Directory[arg=~regexp('.*/web/root/admin(/.*)?\"?')] *[.='AuthName']/arg '\"Password Required\"'",
         #"setm Directory[arg=~regexp('.*/web/root/admin(/.*)?\"?')] directive[.='Require'] 'Require'",
         #"setm Directory[arg=~regexp('.*/web/root/admin(/.*)?\"?')] *[.='Require']/arg[1] 'group'",
-        #"setm Directory[arg=~regexp('.*/web/root/admin(/.*)?\"?')] *[.='Require']/arg[2] 'wheel'",
-        #"setm Directory[arg=~regexp('.*/web/root/admin(/.*)?\"?')] *[.='Require']/arg[3] 'admin'",
+        #"setm Directory[arg=~regexp('.*/web/root/admin(/.*)?\"?')] *[.='Require']/arg[2] 'psadmin'",
       ],
-      notify => Service[$::perfsonar::params::httpd_service],
+      notify  => Service[$::perfsonar::params::httpd_service],
       require => Package[$::perfsonar::params::httpd_package],
     }
     file { "${perfsonar::params::httpd_dir}/ssl_auth.conf":
-      ensure => 'absent',
-      notify => Service[$::perfsonar::params::httpd_service],
+      ensure  => 'absent',
+      notify  => Service[$::perfsonar::params::httpd_service],
       require => Package[$::perfsonar::params::httpd_package],
     }
   }

manifests/bwctl/service.pp

@@ -7,5 +7,6 @@
     enable     => $enable,
     hasstatus  => false,
     hasrestart => true,
+    require    => Package['bwctl-server'],
   }
 }

manifests/esmond.pp

@@ -1,5 +1,5 @@
 class perfsonar::esmond (
-  $use_db_module = true,
+  $use_db_module = $::perfsonar::params::esmond_use_db_module,
   $dbname        = $::perfsonar::params::esmond_dbname,
   $dbuser        = $::perfsonar::params::esmond_dbuser,
   $dbpassword    = $::perfsonar::params::esmond_dbpass,
@@ -26,6 +26,18 @@
       before      => Exec['run esmond configuration script'],
     }
   }
+  else
+  {
+    # the sudo rule is only required if postgresql is configured by the script
+    file { '/etc/sudoers.d/perfsonar_esmond':
+      ensure  => 'file',
+      owner   => 'root',
+      group   => 'root',
+      mode    => '0440',
+      content => "Defaults!/usr/bin/psql !requiretty\n",
+      before  => Exec['run esmond configuration script'],
+    }
+  }
 
   file { '/opt/esmond/esmond.conf':
     ensure  => 'file',
@@ -46,8 +58,11 @@
   }
   exec { 'run esmond configuration script':
     command   => '/usr/local/sbin/puppet_perfsonar_configure_esmond',
-    logoutput => 'on_failure',
+    logoutput => true, #'on_failure',
     creates   => '/var/lib/esmond/.configured.puppet',
-    require   => File['/usr/local/sbin/puppet_perfsonar_configure_esmond'],
+    require   => [
+      File['/usr/local/sbin/puppet_perfsonar_configure_esmond'],
+      File['/opt/esmond/esmond.conf'],
+    ],
   }
 }

manifests/init.pp

@@ -8,4 +8,6 @@
   include 'perfsonar::mesh_config'
   include 'perfsonar::owamp'
   include 'perfsonar::bwctl'
+  include 'perfsonar::ls_registration_daemon'
+  include 'perfsonar::ls_cache_daemon'
 }

manifests/logrotate.pp

@@ -0,0 +1,13 @@
+# warning: the perfsonar tools' own logrotation should be disabled before using this class
+class perfsonar::logrotate inherits perfsonar::params {
+  concat { $::perfsonar::params::logrotate_cf:
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0644',
+  }
+  concat::fragment { 'ps_logrotate_header':
+    target  => $::perfsonar::params::logrotate_cf,
+    content => "# Managed by Puppet\n",
+    order   => $::perfsonar::params::lr_header_order,
+  }
+}

manifests/logrotate_all.pp

@@ -0,0 +1,6 @@
+class perfsonar::logrotate_all {
+  include 'perfsonar::logrotate'
+  include 'perfsonar::regular_testing::logrotate'
+  include 'perfsonar::ls_registration_daemon::logrotate'
+  include 'perfsonar::ls_cache_daemon::logrotate'
+}

manifests/ls_cache_daemon.pp

@@ -0,0 +1,5 @@
+class perfsonar::ls_cache_daemon {
+  include 'perfsonar::ls_cache_daemon::install'
+  include 'perfsonar::ls_cache_daemon::config'
+  include 'perfsonar::ls_cache_daemon::service'
+}

manifests/ls_cache_daemon/config.pp

@@ -0,0 +1,19 @@
+class perfsonar::ls_cache_daemon::config(
+  $snotify = $::perfsonar::params::ls_cache_daemon_snotify,
+  $loglvl  = $::perfsonar::params::ls_cache_daemon_loglvl,
+  $logger  = $::perfsonar::params::ls_cache_daemon_logger,
+  $logfile = $::perfsonar::params::ls_cache_daemon_logfile,
+) inherits perfsonar::params {
+  $tn = $snotify ? {
+    false   => undef,
+    default => Service['ls_cache_daemon'],
+  }
+  file { '/opt/perfsonar_ps/ls_cache_daemon/etc/ls_cache_daemon-logger.conf':
+    ensure  => 'file',
+    owner   => 'perfsonar',
+    group   => 'perfsonar',
+    mode    => '0644',
+    content => template("${module_name}/log4perl-logger.conf.erb"),
+    notify  => $tn,
+  }
+}

manifests/ls_cache_daemon/install.pp

@@ -0,0 +1,7 @@
+class perfsonar::ls_cache_daemon::install(
+  $ensure = $::perfsonar::params::ls_cache_daemon_install_ensure,
+) inherits perfsonar::params {
+  package { $::perfsonar::params::ls_cache_daemon_packages:
+    ensure => $ensure,
+  }
+}

manifests/ls_cache_daemon/logrotate.pp

@@ -0,0 +1,15 @@
+class perfsonar::ls_cache_daemon::logrotate(
+  $logfiles = $::perfsonar::ls_cache_daemon::config::logfile,
+  $options  = $::perfsonar::params::ls_cache_daemon_lr_options,
+  $order    = $::perfsonar::params::ls_cache_daemon_lr_order
+) inherits perfsonar::params {
+  if $::perfsonar::ls_cache_daemon::config::logger == 'Log::Dispatch::FileRotate' {
+    warning("configuring logrotate, but ls_cache_daemon's own logger is configured to do log rotation as well, I hope you know what you're doing")
+  }
+  concat::fragment { 'ps_logrotate_ls_cache_daemon':
+    target  => $::perfsonar::params::logrotate_cf,
+    content => template("${module_name}/logrotate_fragment.erb"),
+    order   => $order,
+    require => Class['perfsonar::ls_cache_daemon::config']
+  }
+}

manifests/ls_cache_daemon/service.pp

@@ -0,0 +1,13 @@
+class perfsonar::ls_cache_daemon::service(
+  $ensure = $::perfsonar::params::ls_cache_daemon_ensure,
+  $enable = $::perfsonar::params::ls_cache_daemon_enable,
+) inherits perfsonar::params {
+  # start stop restart
+  service { 'ls_cache_daemon':
+    ensure     => $ensure,
+    enable     => $enable,
+    hasstatus  => false,
+    hasrestart => true,
+    require    => Package['perl-perfSONAR_PS-LSCacheDaemon'],
+  }
+}

manifests/ls_registration_daemon.pp

@@ -0,0 +1,5 @@
+class perfsonar::ls_registration_daemon {
+  include 'perfsonar::ls_registration_daemon::install'
+  include 'perfsonar::ls_registration_daemon::config'
+  include 'perfsonar::ls_registration_daemon::service'
+}

manifests/ls_registration_daemon/config.pp

@@ -0,0 +1,19 @@
+class perfsonar::ls_registration_daemon::config(
+  $snotify = $::perfsonar::params::ls_registration_daemon_snotify,
+  $loglvl  = $::perfsonar::params::ls_registration_daemon_loglvl,
+  $logger  = $::perfsonar::params::ls_registration_daemon_logger,
+  $logfile = $::perfsonar::params::ls_registration_daemon_logfile,
+) inherits perfsonar::params {
+  $tn = $snotify ? {
+    false   => undef,
+    default => Service['ls_registration_daemon'],
+  }
+  file { '/opt/perfsonar_ps/ls_registration_daemon/etc/ls_registration_daemon-logger.conf':
+    ensure  => 'file',
+    owner   => 'perfsonar',
+    group   => 'perfsonar',
+    mode    => '0644',
+    content => template("${module_name}/log4perl-logger.conf.erb"),
+    notify  => $tn,
+  }
+}

manifests/ls_registration_daemon/install.pp

@@ -0,0 +1,7 @@
+class perfsonar::ls_registration_daemon::install(
+  $ensure = $::perfsonar::params::ls_registration_daemon_install_ensure,
+) inherits perfsonar::params {
+  package { $::perfsonar::params::ls_registration_daemon_packages:
+    ensure => $ensure,
+  }
+}

manifests/ls_registration_daemon/logrotate.pp

@@ -0,0 +1,15 @@
+class perfsonar::ls_registration_daemon::logrotate(
+  $logfiles = $::perfsonar::ls_registration_daemon::config::logfile,
+  $options  = $::perfsonar::params::ls_registration_daemon_lr_options,
+  $order    = $::perfsonar::params::ls_registration_daemon_lr_order,
+) inherits perfsonar::params {
+  if $::perfsonar::ls_registration_daemon::config::logger == 'Log::Dispatch::FileRotate' {
+    warning("configuring logrotate, but ls_registration_daemon's own logger is configured to do log rotation as well, I hope you know what you're doing")
+  }
+  concat::fragment { 'ps_logrotate_ls_registration_daemon':
+    target  => $::perfsonar::params::logrotate_cf,
+    content => template("${module_name}/logrotate_fragment.erb"),
+    order   => $order,
+    require => Class['perfsonar::ls_registration_daemon::config']
+  }
+}

manifests/ls_registration_daemon/service.pp

@@ -0,0 +1,13 @@
+class perfsonar::ls_registration_daemon::service(
+  $ensure = $::perfsonar::params::ls_registration_daemon_ensure,
+  $enable = $::perfsonar::params::ls_registration_daemon_enable,
+) inherits perfsonar::params {
+  # start stop restart
+  service { 'ls_registration_daemon':
+    ensure     => $ensure,
+    enable     => $enable,
+    hasstatus  => false,
+    hasrestart => true,
+    require    => Package['perl-perfSONAR_PS-LSRegistrationDaemon'],
+  }
+}

manifests/mesh_config/config.pp

@@ -8,7 +8,7 @@
     group   => 'perfsonar',
     mode    => '0644',
     content => template("${module_name}/agent_configuration.conf.erb"),
-    require => Package['perl-perfSONAR_PS-MeshConfig-Agent']
+    require => Package['perl-perfSONAR_PS-MeshConfig-Agent'],
   }
   # needs notty in sudoers
   exec { 'generate mesh configuration':
@@ -17,12 +17,12 @@
     subscribe   => File['/opt/perfsonar_ps/mesh_config/etc/agent_configuration.conf'],
     require     => [
       Exec['run regular testing configuration script'],
-      File['/etc/sudoers.d/perfsonar'],
+      File['/etc/sudoers.d/perfsonar_mesh_config'],
     ],
     refreshonly => true,
     notify      => Service['regular_testing'],
   }
-  file { '/etc/sudoers.d/perfsonar':
+  file { '/etc/sudoers.d/perfsonar_mesh_config':
     ensure => 'file',
     owner  => 'root',
     group  => 'root',

manifests/owamp/service.pp

@@ -7,5 +7,6 @@
     enable     => $enable,
     hasstatus  => false,
     hasrestart => true,
+    require    => Package['owamp-server'],
   }
 }