diff --git a/site-modules/profile/manifests/swh/deploy/counters/journal_client.pp b/site-modules/profile/manifests/swh/deploy/counters/journal_client.pp --- a/site-modules/profile/manifests/swh/deploy/counters/journal_client.pp +++ b/site-modules/profile/manifests/swh/deploy/counters/journal_client.pp @@ -16,7 +16,7 @@ ensure => present, owner => 'root', group => $group, - mode => '0644', + mode => '0640', content => inline_template("<%= @config.to_yaml %>\n"), notify => Service[$service_name], } diff --git a/site-modules/profile/manifests/swh/deploy/deposit.pp b/site-modules/profile/manifests/swh/deploy/deposit.pp --- a/site-modules/profile/manifests/swh/deploy/deposit.pp +++ b/site-modules/profile/manifests/swh/deploy/deposit.pp @@ -53,10 +53,10 @@ # Install the necessary deps ::profile::swh::deploy::install_web_deps { 'swh-deposit': + ensure => present, services => ['gunicorn-swh-deposit'], backport_list => 'swh::deploy::deposit::backported_packages', swh_packages => ['python3-swh.deposit'], - ensure => present, } file {$config_directory: @@ -83,24 +83,24 @@ mode => '2750', } - $sentry_dsn = lookup("swh::deploy::deposit::sentry_dsn", Optional[String], 'first', undef) - $sentry_environment = lookup("swh::deploy::deposit::sentry_environment", Optional[String], 'first', undef) - $sentry_swh_package = lookup("swh::deploy::deposit::sentry_swh_package", Optional[String], 'first', undef) + $sentry_dsn = lookup('swh::deploy::deposit::sentry_dsn', Optional[String], 'first', undef) + $sentry_environment = lookup('swh::deploy::deposit::sentry_environment', Optional[String], 'first', undef) + $sentry_swh_package = lookup('swh::deploy::deposit::sentry_swh_package', Optional[String], 'first', undef) ::gunicorn::instance {'swh-deposit': - ensure => enabled, - user => $user, - group => $group, - executable => 'django.core.wsgi:get_wsgi_application()', + ensure => enabled, + user => $user, + group => $group, + executable => 'django.core.wsgi:get_wsgi_application()', config_base_module => 'swh.deposit.gunicorn_config', - environment => { + environment => { 'SWH_CONFIG_FILENAME' => $config_file, 'DJANGO_SETTINGS_MODULE' => 'swh.deposit.settings.production', 'SWH_SENTRY_DSN' => $sentry_dsn, 'SWH_SENTRY_ENVIRONMENT' => $sentry_environment, 'SWH_MAIN_PACKAGE' => $sentry_swh_package, }, - settings => { + settings => { bind => $backend_listen_address, workers => $backend_workers, worker_class => 'sync', @@ -125,11 +125,11 @@ include ::apache::mod::headers ::apache::vhost {"${vhost_name}_non-ssl": - servername => $vhost_name, - serveraliases => $vhost_aliases, - port => $vhost_port, - docroot => $vhost_docroot, - proxy_pass => [ + servername => $vhost_name, + serveraliases => $vhost_aliases, + port => $vhost_port, + docroot => $vhost_docroot, + proxy_pass => [ { path => '/static', url => '!', }, @@ -143,7 +143,7 @@ url => "http://${backend_listen_address}/", }, ], - directories => [ + directories => [ { path => '/1', provider => 'location', allow => 'from all', @@ -154,7 +154,7 @@ options => ['-Indexes'], }, ] + $endpoint_directories, - aliases => [ + aliases => [ { alias => '/static', path => $static_dir, }, @@ -163,7 +163,7 @@ }, ], access_log_format => $vhost_access_log_format, - require => [ + require => [ File[$vhost_basic_auth_file], ] } diff --git a/site-modules/profile/manifests/swh/deploy/indexer_journal_client.pp b/site-modules/profile/manifests/swh/deploy/indexer_journal_client.pp --- a/site-modules/profile/manifests/swh/deploy/indexer_journal_client.pp +++ b/site-modules/profile/manifests/swh/deploy/indexer_journal_client.pp @@ -18,7 +18,7 @@ ensure => present, owner => 'root', group => 'swhdev', - mode => '0644', + mode => '0640', content => inline_template("<%= @config.to_yaml %>\n"), notify => Service[$service_name], } diff --git a/site-modules/profile/manifests/swh/deploy/journal.pp b/site-modules/profile/manifests/swh/deploy/journal.pp --- a/site-modules/profile/manifests/swh/deploy/journal.pp +++ b/site-modules/profile/manifests/swh/deploy/journal.pp @@ -26,12 +26,12 @@ priority => 990, } -> package {$swh_packages: - ensure => installed, + ensure => installed, require => Apt::Source['softwareheritage'], } } else { package {$swh_packages: - ensure => installed, + ensure => installed, require => Apt::Source['softwareheritage'], } } diff --git a/site-modules/profile/manifests/swh/deploy/journal/backfill.pp b/site-modules/profile/manifests/swh/deploy/journal/backfill.pp --- a/site-modules/profile/manifests/swh/deploy/journal/backfill.pp +++ b/site-modules/profile/manifests/swh/deploy/journal/backfill.pp @@ -16,7 +16,7 @@ ensure => present, owner => $user, group => $group, - mode => '0644', + mode => '0640', content => inline_template("<%= @config.to_yaml %>\n") } diff --git a/site-modules/profile/manifests/swh/deploy/reverse_proxy.pp b/site-modules/profile/manifests/swh/deploy/reverse_proxy.pp --- a/site-modules/profile/manifests/swh/deploy/reverse_proxy.pp +++ b/site-modules/profile/manifests/swh/deploy/reverse_proxy.pp @@ -13,8 +13,8 @@ $backend_http_host = lookup("swh::deploy::${service_name}::reverse_proxy::backend_http_host") $backend_http_port = lookup("swh::deploy::${service_name}::reverse_proxy::backend_http_port") $websocket_support = lookup({ - "name" => "swh::deploy::${service_name}::reverse_proxy::websocket_support", - "default_value" => false, + 'name' => "swh::deploy::${service_name}::reverse_proxy::websocket_support", + 'default_value' => false, }) # Retrieve the list of vhosts diff --git a/site-modules/profile/manifests/swh/deploy/scheduler/journal_client.pp b/site-modules/profile/manifests/swh/deploy/scheduler/journal_client.pp --- a/site-modules/profile/manifests/swh/deploy/scheduler/journal_client.pp +++ b/site-modules/profile/manifests/swh/deploy/scheduler/journal_client.pp @@ -16,7 +16,7 @@ ensure => present, owner => 'root', group => $group, - mode => '0644', + mode => '0640', content => inline_template("<%= @config.to_yaml %>\n"), notify => Service[$service_name], } diff --git a/site-modules/profile/manifests/swh/deploy/search/journal_client.pp b/site-modules/profile/manifests/swh/deploy/search/journal_client.pp --- a/site-modules/profile/manifests/swh/deploy/search/journal_client.pp +++ b/site-modules/profile/manifests/swh/deploy/search/journal_client.pp @@ -5,7 +5,7 @@ $service_types = lookup('swh::deploy::search::journal_client::service_types') $systemd_template_unit_name = 'swh-search-journal-client@.service' - $config_directory = lookup("swh::deploy::base_search::config_directory") + $config_directory = lookup('swh::deploy::base_search::config_directory') $user = lookup('swh::deploy::base_search::user') $group = lookup('swh::deploy::base_search::group') @@ -15,7 +15,7 @@ # - $user # - $group systemd::unit_file {$systemd_template_unit_name: - ensure => 'present', + ensure => 'present', content => template("profile/swh/deploy/journal/${systemd_template_unit_name}.erb"), } diff --git a/site-modules/profile/manifests/swh/deploy/search/journal_client_instance.pp b/site-modules/profile/manifests/swh/deploy/search/journal_client_instance.pp --- a/site-modules/profile/manifests/swh/deploy/search/journal_client_instance.pp +++ b/site-modules/profile/manifests/swh/deploy/search/journal_client_instance.pp @@ -21,7 +21,7 @@ ensure => 'present', owner => $user, group => $group, - mode => '0644', + mode => '0640', content => inline_template("<%= @config.to_yaml %>\n"), notify => Service[$service_name], } diff --git a/site-modules/profile/manifests/swh/deploy/webapp.pp b/site-modules/profile/manifests/swh/deploy/webapp.pp --- a/site-modules/profile/manifests/swh/deploy/webapp.pp +++ b/site-modules/profile/manifests/swh/deploy/webapp.pp @@ -134,11 +134,11 @@ include ::apache::mod::headers ::apache::vhost {"${vhost_name}_non-ssl": - servername => $vhost_name, - serveraliases => $vhost_aliases, - port => $vhost_port, - docroot => $vhost_docroot, - proxy_pass => [ + servername => $vhost_name, + serveraliases => $vhost_aliases, + port => $vhost_port, + docroot => $vhost_docroot, + proxy_pass => [ { path => '/static', url => '!', }, @@ -152,12 +152,12 @@ url => "http://${backend_listen_address}/", }, ], - directories => [ + directories => [ { path => $static_dir, options => ['-Indexes'], }, ] + $endpoint_directories, - aliases => [ + aliases => [ { alias => '/static', path => $static_dir, }, @@ -166,8 +166,8 @@ }, ], # work around fix for CVE-2019-0220 introduced in Apache2 2.4.25-3+deb9u7 - custom_fragment => 'MergeSlashes off', - require => [ + custom_fragment => 'MergeSlashes off', + require => [ File[$vhost_basic_auth_file], ], access_log_format => $vhost_access_log_format, @@ -214,13 +214,13 @@ }, } - $filename_refresh_status = "refresh-savecodenow-statuses" + $filename_refresh_status = 'refresh-savecodenow-statuses' $filepath_refresh_status = "/usr/local/bin/${filename_refresh_status}" file {$filepath_refresh_status: - ensure => present, - owner => 'root', - group => 'www-data', - mode => '0755', + ensure => present, + owner => 'root', + group => 'www-data', + mode => '0755', content => template("profile/swh/deploy/webapp/${filename_refresh_status}.sh.erb"), } diff --git a/site-modules/profile/manifests/swh/deploy/worker/base.pp b/site-modules/profile/manifests/swh/deploy/worker/base.pp --- a/site-modules/profile/manifests/swh/deploy/worker/base.pp +++ b/site-modules/profile/manifests/swh/deploy/worker/base.pp @@ -12,7 +12,7 @@ } ::systemd::unit_file {$systemd_template_unit_name: - ensure => 'present', + ensure => 'present', content => template("profile/swh/deploy/worker/${systemd_template_unit_name}.erb"), } diff --git a/site-modules/profile/manifests/swh/deploy/worker/checker_deposit.pp b/site-modules/profile/manifests/swh/deploy/worker/checker_deposit.pp --- a/site-modules/profile/manifests/swh/deploy/worker/checker_deposit.pp +++ b/site-modules/profile/manifests/swh/deploy/worker/checker_deposit.pp @@ -8,8 +8,8 @@ $private_tmp = lookup('swh::deploy::worker::checker_deposit::private_tmp') ::profile::swh::deploy::worker::instance {'checker_deposit': - ensure => 'present', - sentry_name => 'deposit', - private_tmp => $private_tmp, + ensure => 'present', + sentry_name => 'deposit', + private_tmp => $private_tmp, } } diff --git a/site-modules/profile/manifests/swh/deploy/worker/indexer_content_mimetype.pp b/site-modules/profile/manifests/swh/deploy/worker/indexer_content_mimetype.pp --- a/site-modules/profile/manifests/swh/deploy/worker/indexer_content_mimetype.pp +++ b/site-modules/profile/manifests/swh/deploy/worker/indexer_content_mimetype.pp @@ -4,9 +4,9 @@ include ::profile::swh::deploy::indexer Package[$::profile::swh::deploy::base_indexer::packages] ~> ::profile::swh::deploy::worker::instance {'indexer_content_mimetype': - ensure => present, - sentry_name => 'indexer', - require => [ + ensure => present, + sentry_name => 'indexer', + require => [ Class['profile::swh::deploy::indexer'] ], } diff --git a/site-modules/profile/manifests/swh/deploy/worker/indexer_fossology_license.pp b/site-modules/profile/manifests/swh/deploy/worker/indexer_fossology_license.pp --- a/site-modules/profile/manifests/swh/deploy/worker/indexer_fossology_license.pp +++ b/site-modules/profile/manifests/swh/deploy/worker/indexer_fossology_license.pp @@ -10,9 +10,9 @@ } Package[$::profile::swh::deploy::base_indexer::packages] ~> ::profile::swh::deploy::worker::instance {'indexer_fossology_license': - ensure => present, - sentry_name => 'indexer', - require => [ + ensure => present, + sentry_name => 'indexer', + require => [ Class['profile::swh::deploy::indexer'], Package[$packages], ], diff --git a/site-modules/profile/manifests/swh/deploy/worker/indexer_origin_intrinsic_metadata.pp b/site-modules/profile/manifests/swh/deploy/worker/indexer_origin_intrinsic_metadata.pp --- a/site-modules/profile/manifests/swh/deploy/worker/indexer_origin_intrinsic_metadata.pp +++ b/site-modules/profile/manifests/swh/deploy/worker/indexer_origin_intrinsic_metadata.pp @@ -4,9 +4,9 @@ include ::profile::swh::deploy::indexer Package[$::profile::swh::deploy::base_indexer::packages] ~> ::profile::swh::deploy::worker::instance {'indexer_origin_intrinsic_metadata': - ensure => present, - sentry_name => 'indexer', - require => [ + ensure => present, + sentry_name => 'indexer', + require => [ Class['profile::swh::deploy::indexer'], ], } diff --git a/site-modules/profile/manifests/swh/deploy/worker/indexer_rehash.pp b/site-modules/profile/manifests/swh/deploy/worker/indexer_rehash.pp --- a/site-modules/profile/manifests/swh/deploy/worker/indexer_rehash.pp +++ b/site-modules/profile/manifests/swh/deploy/worker/indexer_rehash.pp @@ -4,9 +4,9 @@ include ::profile::swh::deploy::indexer Package[$::profile::swh::deploy::base_indexer::packages] ~> ::profile::swh::deploy::worker::instance {'indexer_rehash': - ensure => 'stopped', - sentry_name => 'indexer', - require => [ + ensure => 'stopped', + sentry_name => 'indexer', + require => [ Class['profile::swh::deploy::indexer'] ], } diff --git a/site-modules/profile/manifests/swh/deploy/worker/instance.pp b/site-modules/profile/manifests/swh/deploy/worker/instance.pp --- a/site-modules/profile/manifests/swh/deploy/worker/instance.pp +++ b/site-modules/profile/manifests/swh/deploy/worker/instance.pp @@ -43,7 +43,7 @@ ensure => 'present', owner => 'swhworker', group => 'swhworker', - mode => '0644', + mode => '0640', content => inline_template("<%= @config.to_yaml %>\n"), } diff --git a/site-modules/profile/manifests/swh/deploy/worker/loader_archive.pp b/site-modules/profile/manifests/swh/deploy/worker/loader_archive.pp --- a/site-modules/profile/manifests/swh/deploy/worker/loader_archive.pp +++ b/site-modules/profile/manifests/swh/deploy/worker/loader_archive.pp @@ -5,10 +5,10 @@ $private_tmp = lookup('swh::deploy::worker::loader_archive::private_tmp') ::profile::swh::deploy::worker::instance {'loader_archive': - ensure => present, - private_tmp => $private_tmp, - sentry_name => 'loader_core', - require => [ + ensure => present, + private_tmp => $private_tmp, + sentry_name => 'loader_core', + require => [ Package[$packages], Package['lzip'], ], diff --git a/site-modules/profile/manifests/swh/deploy/worker/loader_cran.pp b/site-modules/profile/manifests/swh/deploy/worker/loader_cran.pp --- a/site-modules/profile/manifests/swh/deploy/worker/loader_cran.pp +++ b/site-modules/profile/manifests/swh/deploy/worker/loader_cran.pp @@ -5,10 +5,10 @@ $private_tmp = lookup('swh::deploy::worker::loader_cran::private_tmp') ::profile::swh::deploy::worker::instance {'loader_cran': - ensure => present, - private_tmp => $private_tmp, - sentry_name => 'loader_core', - require => [ + ensure => present, + private_tmp => $private_tmp, + sentry_name => 'loader_core', + require => [ Package[$packages], Package['lzip'], ], diff --git a/site-modules/profile/manifests/swh/deploy/worker/loader_debian.pp b/site-modules/profile/manifests/swh/deploy/worker/loader_debian.pp --- a/site-modules/profile/manifests/swh/deploy/worker/loader_debian.pp +++ b/site-modules/profile/manifests/swh/deploy/worker/loader_debian.pp @@ -9,10 +9,10 @@ $private_tmp = lookup('swh::deploy::worker::loader_debian::private_tmp') ::profile::swh::deploy::worker::instance {'loader_debian': - ensure => present, - sentry_name => 'loader_core', - private_tmp => $private_tmp, - require => [ + ensure => present, + sentry_name => 'loader_core', + private_tmp => $private_tmp, + require => [ Package[$packages], Package['dpkg-dev'], ], diff --git a/site-modules/profile/manifests/swh/deploy/worker/loader_deposit.pp b/site-modules/profile/manifests/swh/deploy/worker/loader_deposit.pp --- a/site-modules/profile/manifests/swh/deploy/worker/loader_deposit.pp +++ b/site-modules/profile/manifests/swh/deploy/worker/loader_deposit.pp @@ -4,8 +4,8 @@ $private_tmp = lookup('swh::deploy::worker::loader_deposit::private_tmp') ::profile::swh::deploy::worker::instance {'loader_deposit': - ensure => 'present', - sentry_name => 'loader_core', - private_tmp => $private_tmp, + ensure => 'present', + sentry_name => 'loader_core', + private_tmp => $private_tmp, } } diff --git a/site-modules/profile/manifests/swh/deploy/worker/loader_git.pp b/site-modules/profile/manifests/swh/deploy/worker/loader_git.pp --- a/site-modules/profile/manifests/swh/deploy/worker/loader_git.pp +++ b/site-modules/profile/manifests/swh/deploy/worker/loader_git.pp @@ -3,8 +3,8 @@ include ::profile::swh::deploy::base_loader_git ::profile::swh::deploy::worker::instance {'loader_git': - ensure => present, - require => [ + ensure => present, + require => [ Package[$::profile::swh::deploy::base_loader_git::packages], ], } diff --git a/site-modules/profile/manifests/swh/deploy/worker/loader_high_priority.pp b/site-modules/profile/manifests/swh/deploy/worker/loader_high_priority.pp --- a/site-modules/profile/manifests/swh/deploy/worker/loader_high_priority.pp +++ b/site-modules/profile/manifests/swh/deploy/worker/loader_high_priority.pp @@ -7,8 +7,8 @@ $packages = $::profile::swh::deploy::base_loader_git::packages + $::profile::swh::deploy::base_loader_mercurial::packages + $::profile::swh::deploy::base_loader_svn::packages ::profile::swh::deploy::worker::instance {'loader_high_priority': - ensure => present, - require => Package[$packages], + ensure => present, + require => Package[$packages], } } diff --git a/site-modules/profile/manifests/swh/deploy/worker/loader_mercurial.pp b/site-modules/profile/manifests/swh/deploy/worker/loader_mercurial.pp --- a/site-modules/profile/manifests/swh/deploy/worker/loader_mercurial.pp +++ b/site-modules/profile/manifests/swh/deploy/worker/loader_mercurial.pp @@ -4,9 +4,9 @@ $private_tmp = lookup('swh::deploy::worker::loader_mercurial::private_tmp') ::profile::swh::deploy::worker::instance {'loader_mercurial': - ensure => 'present', - private_tmp => $private_tmp, - require => [ + ensure => 'present', + private_tmp => $private_tmp, + require => [ Package[$::profile::swh::deploy::base_loader_mercurial::packages], ], } diff --git a/site-modules/profile/manifests/swh/deploy/worker/loader_nixguix.pp b/site-modules/profile/manifests/swh/deploy/worker/loader_nixguix.pp --- a/site-modules/profile/manifests/swh/deploy/worker/loader_nixguix.pp +++ b/site-modules/profile/manifests/swh/deploy/worker/loader_nixguix.pp @@ -5,8 +5,8 @@ $private_tmp = lookup('swh::deploy::worker::loader_nixguix::private_tmp') ::profile::swh::deploy::worker::instance {'loader_nixguix': - ensure => present, - private_tmp => $private_tmp, - sentry_name => 'loader_core', + ensure => present, + private_tmp => $private_tmp, + sentry_name => 'loader_core', } } diff --git a/site-modules/profile/manifests/swh/deploy/worker/loader_npm.pp b/site-modules/profile/manifests/swh/deploy/worker/loader_npm.pp --- a/site-modules/profile/manifests/swh/deploy/worker/loader_npm.pp +++ b/site-modules/profile/manifests/swh/deploy/worker/loader_npm.pp @@ -9,10 +9,10 @@ } ::profile::swh::deploy::worker::instance {'loader_npm': - ensure => present, - private_tmp => $private_tmp, - sentry_name => 'loader_core', - require => [ + ensure => present, + private_tmp => $private_tmp, + sentry_name => 'loader_core', + require => [ Package[$packages], ], } diff --git a/site-modules/profile/manifests/swh/deploy/worker/loader_pypi.pp b/site-modules/profile/manifests/swh/deploy/worker/loader_pypi.pp --- a/site-modules/profile/manifests/swh/deploy/worker/loader_pypi.pp +++ b/site-modules/profile/manifests/swh/deploy/worker/loader_pypi.pp @@ -9,10 +9,10 @@ } ::profile::swh::deploy::worker::instance {'loader_pypi': - ensure => present, - private_tmp => $private_tmp, - sentry_name => 'loader_core', - require => [ + ensure => present, + private_tmp => $private_tmp, + sentry_name => 'loader_core', + require => [ Package[$packages], ], }