diff --git a/CHANGELOG.md b/CHANGELOG.md index 37b9f37..e9da520 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,10 @@ * Added support for Ubuntu 18.04 * Replaced deprecated stankevich-python dependency a with puppet-python * Updated pdk version +* Parameterize download location for closed environements +* Prevent puppet timeout during make process +* parameterize packages download directory +* Set option to have authproxy service be a systemd unit file ## Release 0.1.0 diff --git a/README.md b/README.md index 63f7af4..2699bc5 100644 --- a/README.md +++ b/README.md @@ -49,7 +49,10 @@ include duo_authproxy ```yaml --- duo_authproxy::version: 2.7.0 +duo_authproxy::use_systemd: true duo_authproxy::install_dir: /opt/duoauthproxy +duo_authproxy::download_loc: /var/tmp/duoauthproxy +profile::authproxy::url: http://internal-server.com/rpms duo_authproxy::settings: main: diff --git a/data/common.yaml b/data/common.yaml index c849ab0..c39fcf6 100644 --- a/data/common.yaml +++ b/data/common.yaml @@ -1,3 +1,6 @@ --- duo_authproxy::version: 2.7.0 +duo_authproxy::use_systemd: true +duo_authproxy::mirror_url: https://dl.duosecurity.com duo_authproxy::install_dir: /opt/duoauthproxy +duo_authproxy::download_loc: /tmp diff --git a/manifests/init.pp b/manifests/init.pp index 5950c94..399e156 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -10,7 +10,10 @@ Array[String] $dep_packages, String $version, Stdlib::Absolutepath $install_dir, + Stdlib::Httpsurl $mirror_url, + Stdlib::Absolutepath $download_loc, Hash $settings = {}, + Boolean $use_systemd, $proxy_server = undef, $proxy_type = undef, ) { @@ -29,12 +32,12 @@ contain 'duo_authproxy::config' contain 'duo_authproxy::service' - Class['::duo_authproxy::install'] - -> Class['::duo_authproxy::config'] + Class['duo_authproxy::install'] + -> Class['duo_authproxy::config'] - Class['::duo_authproxy::install'] - ~> Class['::duo_authproxy::service'] + Class['duo_authproxy::install'] + ~> Class['duo_authproxy::service'] - Class['::duo_authproxy::config'] - ~> Class['::duo_authproxy::service'] + Class['duo_authproxy::config'] + ~> Class['duo_authproxy::service'] } diff --git a/manifests/install.pp b/manifests/install.pp index ee889f9..9d63c72 100644 --- a/manifests/install.pp +++ b/manifests/install.pp @@ -13,10 +13,10 @@ $inst_cmd = "duoauthproxy-build/install --install-dir ${duo_authproxy::install_dir} --service-user duo_authproxy_svc --log-group duo_authproxy_grp --create-init-script yes" $creates_path = "${duo_authproxy::install_dir}/${duo_authproxy::version}" - archive { "/tmp/duoauthproxy-${duo_authproxy::version}-src.tgz": - source => "https://dl.duosecurity.com/duoauthproxy-${duo_authproxy::version}-src.tgz", + archive { "${duo_authproxy::download_loc}/duoauthproxy-${duo_authproxy::version}-src.tgz": + source => "${duo_authproxy::mirror_url}/duoauthproxy-${duo_authproxy::version}-src.tgz", extract => true, - extract_path => '/tmp', + extract_path => $duo_authproxy::download_loc, cleanup => true, creates => $creates_path, proxy_server => $duo_authproxy::proxy_server, @@ -25,23 +25,24 @@ -> exec { 'duoauthproxy-move': command => "mv duoauthproxy-${duo_authproxy::version}*-src duoauthproxy-${duo_authproxy::version}-src", - cwd => '/tmp', + cwd => $duo_authproxy::download_loc, path => '/bin', creates => $creates_path, } -> exec { 'duoauthproxy-make': command => 'make > duoauthproxy-make.log', - cwd => "/tmp/duoauthproxy-${duo_authproxy::version}-src", + cwd => "${duo_authproxy::download_loc}/duoauthproxy-${duo_authproxy::version}-src", environment => ['PYTHON=python'], path => $facts['path'], creates => $creates_path, require => Package[$duo_authproxy::dep_packages], + timeout => 3600, } -> exec { 'duoauthproxy-install': - command => "/tmp/duoauthproxy-${duo_authproxy::version}-src/${inst_cmd} > duoauthproxy-install.log", - cwd => "/tmp/duoauthproxy-${duo_authproxy::version}-src", + command => "${duo_authproxy::download_loc}/duoauthproxy-${duo_authproxy::version}-src/${inst_cmd} > duoauthproxy-install.log", + cwd => "${duo_authproxy::download_loc}/duoauthproxy-${duo_authproxy::version}-src", environment => ['PYTHON=python'], path => $facts['path'], creates => $creates_path, diff --git a/manifests/service.pp b/manifests/service.pp index 5185962..5461243 100644 --- a/manifests/service.pp +++ b/manifests/service.pp @@ -8,11 +8,28 @@ # don't use this class directly class duo_authproxy::service { - service { 'duoauthproxy': - ensure => running, - enable => true, - hasrestart => true, - hasstatus => false, # the status on the init scrip does not return correct codes - status => "${duo_authproxy::install_dir}/bin/authproxyctl status", + if $duo_authproxy::use_systemd { + file { '/etc/systemd/system/duoauthproxy.service': + ensure => file, + path => '/etc/systemd/system/duoauthproxy.service', + owner => 'root', + group => 'root', + mode => '0644', + content => Sensitive(template("${module_name}/duoauthproxy.service")), + } + service { 'duoauthproxy': + ensure => running, + enable => true, + hasrestart => true, + provider => systemd, + } + } else { + service { 'duoauthproxy': + ensure => running, + enable => true, + hasrestart => true, + hasstatus => false, # the status on the init scrip does not return correct codes + status => "${duo_authproxy::install_dir}/bin/authproxyctl status", + } } } diff --git a/metadata.json b/metadata.json index 85540bf..b33b1a0 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "MiamiOH-duo_authproxy", - "version": "1.0.0", + "version": "1.1.0", "author": "Chris Edester", "summary": "Installs and configures Duo Authentication Proxy", "license": "GPL-3.0+", diff --git a/pdk.yaml b/pdk.yaml new file mode 100644 index 0000000..4bef4bd --- /dev/null +++ b/pdk.yaml @@ -0,0 +1,2 @@ +--- +ignore: [] diff --git a/templates/duoauthproxy.service b/templates/duoauthproxy.service new file mode 100644 index 0000000..8e35d58 --- /dev/null +++ b/templates/duoauthproxy.service @@ -0,0 +1,13 @@ +[Unit] +Description=Duo Security Authentication Proxy +After=network.target + +[Service] +Type=forking +ExecStart=<%= scope['duo_authproxy::install_dir'] -%>/bin/authproxyctl start +ExecStop=<%= scope['duo_authproxy::install_dir'] -%>/bin/authproxyctl stop +StandardOutput=journal +RemainAfterExit=true + +[Install] +WantedBy=multi-user.target