enable systemd unit files, mirror download site, build location

CHANGELOG.md

@@ -3,6 +3,10 @@
 * Added support for Ubuntu 18.04
 * Replaced deprecated stankevich-python dependency a with puppet-python
 * Updated pdk version
+* Parameterize download location for closed environements
+* Prevent puppet timeout during make process
+* parameterize packages download directory
+* Set option to have authproxy service be a systemd unit file
 
 ## Release 0.1.0
 

README.md

@@ -49,7 +49,10 @@ include duo_authproxy
 ```yaml
 ---
 duo_authproxy::version: 2.7.0
+duo_authproxy::use_systemd: true
 duo_authproxy::install_dir: /opt/duoauthproxy
+duo_authproxy::download_loc: /var/tmp/duoauthproxy
+profile::authproxy::url: http://internal-server.com/rpms
 
 duo_authproxy::settings:
   main:

data/common.yaml

@@ -1,3 +1,6 @@
 ---
 duo_authproxy::version: 2.7.0
+duo_authproxy::use_systemd: true
+duo_authproxy::mirror_url: https://dl.duosecurity.com
 duo_authproxy::install_dir: /opt/duoauthproxy
+duo_authproxy::download_loc: /tmp

manifests/init.pp

@@ -10,7 +10,10 @@
   Array[String] $dep_packages,
   String $version,
   Stdlib::Absolutepath $install_dir,
+  Stdlib::Httpsurl $mirror_url,
+  Stdlib::Absolutepath $download_loc,
   Hash $settings = {},
+  Boolean $use_systemd,
   $proxy_server = undef,
   $proxy_type = undef,
 ) {
@@ -29,12 +32,12 @@
   contain 'duo_authproxy::config'
   contain 'duo_authproxy::service'
 
-  Class['::duo_authproxy::install']
-  -> Class['::duo_authproxy::config']
+  Class['duo_authproxy::install']
+  -> Class['duo_authproxy::config']
 
-  Class['::duo_authproxy::install']
-  ~> Class['::duo_authproxy::service']
+  Class['duo_authproxy::install']
+  ~> Class['duo_authproxy::service']
 
-  Class['::duo_authproxy::config']
-  ~> Class['::duo_authproxy::service']
+  Class['duo_authproxy::config']
+  ~> Class['duo_authproxy::service']
 }

manifests/install.pp

@@ -13,10 +13,10 @@
   $inst_cmd = "duoauthproxy-build/install --install-dir ${duo_authproxy::install_dir} --service-user duo_authproxy_svc --log-group duo_authproxy_grp --create-init-script yes"
   $creates_path = "${duo_authproxy::install_dir}/${duo_authproxy::version}"
 
-  archive { "/tmp/duoauthproxy-${duo_authproxy::version}-src.tgz":
-    source       => "https://dl.duosecurity.com/duoauthproxy-${duo_authproxy::version}-src.tgz",
+  archive { "${duo_authproxy::download_loc}/duoauthproxy-${duo_authproxy::version}-src.tgz":
+    source       => "${duo_authproxy::mirror_url}/duoauthproxy-${duo_authproxy::version}-src.tgz",
     extract      => true,
-    extract_path => '/tmp',
+    extract_path => $duo_authproxy::download_loc,
     cleanup      => true,
     creates      => $creates_path,
     proxy_server => $duo_authproxy::proxy_server,
@@ -25,23 +25,24 @@
 
   -> exec { 'duoauthproxy-move':
     command => "mv duoauthproxy-${duo_authproxy::version}*-src duoauthproxy-${duo_authproxy::version}-src",
-    cwd     => '/tmp',
+    cwd     => $duo_authproxy::download_loc,
     path    => '/bin',
     creates => $creates_path,
   }
 
   -> exec { 'duoauthproxy-make':
     command     => 'make > duoauthproxy-make.log',
-    cwd         => "/tmp/duoauthproxy-${duo_authproxy::version}-src",
+    cwd         => "${duo_authproxy::download_loc}/duoauthproxy-${duo_authproxy::version}-src",
     environment => ['PYTHON=python'],
     path        => $facts['path'],
     creates     => $creates_path,
     require     => Package[$duo_authproxy::dep_packages],
+    timeout     => 3600,
   }
 
   -> exec { 'duoauthproxy-install':
-    command     => "/tmp/duoauthproxy-${duo_authproxy::version}-src/${inst_cmd} > duoauthproxy-install.log",
-    cwd         => "/tmp/duoauthproxy-${duo_authproxy::version}-src",
+    command     => "${duo_authproxy::download_loc}/duoauthproxy-${duo_authproxy::version}-src/${inst_cmd} > duoauthproxy-install.log",
+    cwd         => "${duo_authproxy::download_loc}/duoauthproxy-${duo_authproxy::version}-src",
     environment => ['PYTHON=python'],
     path        => $facts['path'],
     creates     => $creates_path,

manifests/service.pp

@@ -8,11 +8,28 @@
 #   don't use this class directly
 class duo_authproxy::service {
 
-  service { 'duoauthproxy':
-    ensure     => running,
-    enable     => true,
-    hasrestart => true,
-    hasstatus  => false, # the status on the init scrip does not return correct codes
-    status     => "${duo_authproxy::install_dir}/bin/authproxyctl status",
+  if $duo_authproxy::use_systemd {
+    file { '/etc/systemd/system/duoauthproxy.service':
+      ensure  => file,
+      path    => '/etc/systemd/system/duoauthproxy.service',
+      owner   => 'root',
+      group   => 'root',
+      mode    => '0644',
+      content => Sensitive(template("${module_name}/duoauthproxy.service")),
+    }
+    service { 'duoauthproxy':
+      ensure     => running,
+      enable     => true,
+      hasrestart => true,
+      provider   => systemd,
+    }
+  } else {
+    service { 'duoauthproxy':
+      ensure     => running,
+      enable     => true,
+      hasrestart => true,
+      hasstatus  => false, # the status on the init scrip does not return correct codes
+      status     => "${duo_authproxy::install_dir}/bin/authproxyctl status",
+    }
   }
 }

metadata.json

@@ -1,6 +1,6 @@
 {
   "name": "MiamiOH-duo_authproxy",
-  "version": "1.0.0",
+  "version": "1.1.0",
   "author": "Chris Edester",
   "summary": "Installs and configures Duo Authentication Proxy",
   "license": "GPL-3.0+",

pdk.yaml

@@ -0,0 +1,2 @@
+---
+ignore: []

templates/duoauthproxy.service

@@ -0,0 +1,13 @@
+[Unit]
+Description=Duo Security Authentication Proxy
+After=network.target
+
+[Service]
+Type=forking
+ExecStart=<%= scope['duo_authproxy::install_dir'] -%>/bin/authproxyctl start
+ExecStop=<%= scope['duo_authproxy::install_dir'] -%>/bin/authproxyctl stop
+StandardOutput=journal
+RemainAfterExit=true
+
+[Install]
+WantedBy=multi-user.target