sip -> rtc rename + monit

diff --git a/hieradata/common.yaml b/hieradata/common.yaml
index 3e1847d..10d791f 100644 (file)
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@@ -70,7 +70,7 @@ roles:
     - chopin.debian.org
   security_tracker:
     - soler.debian.org
-  sip:
+  rtc:
     - vogler.debian.org
   sso:
     - diabelli.debian.org

diff --git a/modules/roles/files/rtc/monit b/modules/roles/files/rtc/monit
new file mode 100644 (file)
index 0000000..20c703b
--- /dev/null
+++ b/modules/roles/files/rtc/monit
@@ -0,0 +1,7 @@
+check process repro with pidfile /var/run/repro/repro.pid
+  start program = "/usr/sbin/service repro start"
+  stop  program = "/usr/sbin/service repro stop"
+
+check process reTurnServer with pidfile /var/run/reTurnServer/reTurnServer.pid
+  start program = "/usr/sbin/service resiprocate-turn-server start"
+  stop  program = "/usr/sbin/service resiprocate-turn-server stop"

diff --git a/modules/roles/manifests/init.pp b/modules/roles/manifests/init.pp
index 8159e8c..5f106c3 100644 (file)
--- a/modules/roles/manifests/init.pp
+++ b/modules/roles/manifests/init.pp
@@ -160,7 +160,7 @@ class roles {
                include roles::release
        }
 
-       if has_role('sip') {
-               include roles::sip
+       if has_role('rtc') {
+               include roles::rtc
        }
 }

diff --git a/modules/roles/manifests/rtc.pp b/modules/roles/manifests/rtc.pp
new file mode 100644 (file)
index 0000000..2609e5d
--- /dev/null
+++ b/modules/roles/manifests/rtc.pp
@@ -0,0 +1,95 @@
+class roles::rtc {
+       include concat::setup
+
+       ssl::service { 'www.debian.org':
+       }
+
+       ssl::service { 'sip-ws.debian.org':
+       }
+
+       concat { '/etc/repro/www.debian.org-chained.crt':
+       }
+       concat::fragment { '/etc/ssl/debian/certs/www.debian.org.crt':
+               target      => '/etc/repro/www.debian.org-chained.crt',
+               source      => 'file:///etc/ssl/debian/certs/www.debian.org.crt',
+               order       => 00,
+               require     => File['/etc/ssl/debian/certs/www.debian.org.crt'],
+       }
+       concat::fragment { '/etc/ssl/debian/certs/www.debian.org.crt-chain':
+               target      => '/etc/repro/www.debian.org-chained.crt',
+               source      => 'file:///etc/ssl/debian/certs/www.debian.org.crt-chain',
+               order       => 99,
+               require     => File['/etc/ssl/debian/certs/www.debian.org.crt-chain'],
+       }
+
+       concat { '/etc/repro/sip-ws.debian.org-chained.crt':
+       }
+       concat::fragment { '/etc/ssl/debian/certs/sip-ws.debian.org.crt':
+               target      => '/etc/repro/sip-ws.debian.org-chained.crt',
+               source      => 'file:///etc/ssl/debian/certs/sip-ws.debian.org.crt',
+               order       => 00,
+               require     => File['/etc/ssl/debian/certs/sip-ws.debian.org.crt'],
+       }
+       concat::fragment { '/etc/ssl/debian/certs/sip-ws.debian.org.crt-chain':
+               target      => '/etc/repro/sip-ws.debian.org-chained.crt',
+               source      => 'file:///etc/ssl/debian/certs/sip-ws.debian.org.crt-chain',
+               order       => 99,
+               require     => File['/etc/ssl/debian/certs/sip-ws.debian.org.crt-chain'],
+       }
+
+       @ferm::rule { 'dsa-sip-ws-ip4':
+               domain      => 'ip',
+               description => 'SIP connections (WebSocket; for WebRTC)',
+               rule        => 'proto tcp dport (443) ACCEPT'
+       }
+       @ferm::rule { 'dsa-sip-ws-ip6':
+               domain      => 'ip6',
+               description => 'SIP connections (WebSocket; for WebRTC)',
+               rule        => 'proto tcp dport (443) ACCEPT'
+       }
+       @ferm::rule { 'dsa-sip-tls-ip4':
+               domain      => 'ip',
+               description => 'SIP connections (TLS)',
+               rule        => 'proto tcp dport (5061) ACCEPT'
+       }
+       @ferm::rule { 'dsa-sip-tls-ip6':
+               domain      => 'ip6',
+               description => 'SIP connections (TLS)',
+               rule        => 'proto tcp dport (5061) ACCEPT'
+       }
+       @ferm::rule { 'dsa-turn-ip4':
+               domain      => 'ip',
+               description => 'TURN connections',
+               rule        => 'proto udp dport (3478) ACCEPT'
+       }
+       @ferm::rule { 'dsa-turn-ip6':
+               domain      => 'ip6',
+               description => 'TURN connections',
+               rule        => 'proto udp dport (3478) ACCEPT'
+       }
+       @ferm::rule { 'dsa-turn-tls-ip4':
+               domain      => 'ip',
+               description => 'TURN connections (TLS)',
+               rule        => 'proto tcp dport (5349) ACCEPT'
+       }
+       @ferm::rule { 'dsa-turn-tls-ip6':
+               domain      => 'ip6',
+               description => 'TURN connections (TLS)',
+               rule        => 'proto tcp dport (5349) ACCEPT'
+       }
+       @ferm::rule { 'dsa-rtp-ip4':
+               domain      => 'ip',
+               description => 'RTP streams',
+               rule        => 'proto udp dport (49152:65535) ACCEPT'
+       }
+       @ferm::rule { 'dsa-rtp-ip6':
+               domain      => 'ip6',
+               description => 'RTP streams',
+               rule        => 'proto udp dport (49152:65535) ACCEPT'
+       }
+
+       file { '/etc/monit/monit.d/50rtc':
+               source  => 'puppet:///modules/roles/rtc/monit',
+               mode    => '0440'
+       }
+}

diff --git a/modules/roles/manifests/sip.pp b/modules/roles/manifests/sip.pp
deleted file mode 100644 (file)
index 3b1973a..0000000
--- a/modules/roles/manifests/sip.pp
+++ /dev/null
@@ -1,90 +0,0 @@
-class roles::sip {
-       include concat::setup
-
-       ssl::service { 'www.debian.org':
-       }
-
-       ssl::service { 'sip-ws.debian.org':
-       }
-
-       concat { '/etc/repro/www.debian.org-chained.crt':
-       }
-       concat::fragment { '/etc/ssl/debian/certs/www.debian.org.crt':
-               target      => '/etc/repro/www.debian.org-chained.crt',
-               source      => 'file:///etc/ssl/debian/certs/www.debian.org.crt',
-               order       => 00,
-               require     => File['/etc/ssl/debian/certs/www.debian.org.crt'],
-       }
-       concat::fragment { '/etc/ssl/debian/certs/www.debian.org.crt-chain':
-               target      => '/etc/repro/www.debian.org-chained.crt',
-               source      => 'file:///etc/ssl/debian/certs/www.debian.org.crt-chain',
-               order       => 99,
-               require     => File['/etc/ssl/debian/certs/www.debian.org.crt-chain'],
-       }
-
-       concat { '/etc/repro/sip-ws.debian.org-chained.crt':
-       }
-       concat::fragment { '/etc/ssl/debian/certs/sip-ws.debian.org.crt':
-               target      => '/etc/repro/sip-ws.debian.org-chained.crt',
-               source      => 'file:///etc/ssl/debian/certs/sip-ws.debian.org.crt',
-               order       => 00,
-               require     => File['/etc/ssl/debian/certs/sip-ws.debian.org.crt'],
-       }
-       concat::fragment { '/etc/ssl/debian/certs/sip-ws.debian.org.crt-chain':
-               target      => '/etc/repro/sip-ws.debian.org-chained.crt',
-               source      => 'file:///etc/ssl/debian/certs/sip-ws.debian.org.crt-chain',
-               order       => 99,
-               require     => File['/etc/ssl/debian/certs/sip-ws.debian.org.crt-chain'],
-       }
-
-       @ferm::rule { 'dsa-sip-ws-ip4':
-               domain      => 'ip',
-               description => 'SIP connections (WebSocket; for WebRTC)',
-               rule        => 'proto tcp dport (443) ACCEPT'
-       }
-       @ferm::rule { 'dsa-sip-ws-ip6':
-               domain      => 'ip6',
-               description => 'SIP connections (WebSocket; for WebRTC)',
-               rule        => 'proto tcp dport (443) ACCEPT'
-       }
-       @ferm::rule { 'dsa-sip-tls-ip4':
-               domain      => 'ip',
-               description => 'SIP connections (TLS)',
-               rule        => 'proto tcp dport (5061) ACCEPT'
-       }
-       @ferm::rule { 'dsa-sip-tls-ip6':
-               domain      => 'ip6',
-               description => 'SIP connections (TLS)',
-               rule        => 'proto tcp dport (5061) ACCEPT'
-       }
-       @ferm::rule { 'dsa-turn-ip4':
-               domain      => 'ip',
-               description => 'TURN connections',
-               rule        => 'proto udp dport (3478) ACCEPT'
-       }
-       @ferm::rule { 'dsa-turn-ip6':
-               domain      => 'ip6',
-               description => 'TURN connections',
-               rule        => 'proto udp dport (3478) ACCEPT'
-       }
-       @ferm::rule { 'dsa-turn-tls-ip4':
-               domain      => 'ip',
-               description => 'TURN connections (TLS)',
-               rule        => 'proto tcp dport (5349) ACCEPT'
-       }
-       @ferm::rule { 'dsa-turn-tls-ip6':
-               domain      => 'ip6',
-               description => 'TURN connections (TLS)',
-               rule        => 'proto tcp dport (5349) ACCEPT'
-       }
-       @ferm::rule { 'dsa-rtp-ip4':
-               domain      => 'ip',
-               description => 'RTP streams',
-               rule        => 'proto udp dport (49152:65535) ACCEPT'
-       }
-       @ferm::rule { 'dsa-rtp-ip6':
-               domain      => 'ip6',
-               description => 'RTP streams',
-               rule        => 'proto udp dport (49152:65535) ACCEPT'
-       }
-}