opendev
/
puppet-openstackid
Code Issues Proposed changes

Set up openstackid module 

Refactor the openstack_project::openstackid_dev module out into a
top-level openstackid module in preparation for multiple servers,
set up Apache to serve content out of /srv/openstackid, add an
/etc/openstackid/database.php file with connection details injected
from hiera and keep an updated clone of openstack-infra/openstackid
in /opt/openstackid.

Change-Id: Icdde594384e3af27c8dd185a51b9e5a71619fb7b
This commit is contained in:
Jeremy Stanley 2013-12-20 04:59:12 +00:00
commit e7e07ad1f5
3 changed files with 353 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

207
manifests/init.pp Normal file
View File

@ -0,0 +1,207 @@
# Copyright 2013 OpenStack Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# openstackid idp(sso-openid)
#
# == Class: openstackid
#
class openstackid (
$git_source_repo = 'https://git.openstack.org/openstack-infra/openstackid',
$site_admin_password = '',
$mysql_host = '',
$mysql_user = '',
$mysql_password = '',
$id_db_name = '',
$ss_db_name = '',
$redis_port = '',
$redis_host = '',
$vhost_name = $::fqdn,
$robots_txt_source = '',
$serveradmin = "webmaster@${::fqdn}",
$canonicalweburl = "https://${::fqdn}/",
$ssl_cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem',
$ssl_key_file = '/etc/ssl/private/ssl-cert-snakeoil.key',
$ssl_chain_file = '',
$ssl_cert_file_contents = '', # If left empty puppet will not create file.
$ssl_key_file_contents = '', # If left empty puppet will not create file.
$ssl_chain_file_contents = '', # If left empty puppet will not create file.
$httpd_acceptorthreads = '',
) {
vcsrepo { '/opt/openstackid':
ensure => latest,
provider => git,
revision => 'master',
source => $git_source_repo,
}
# we need PHP 5.4 or greather
include apt
apt::ppa { 'ppa:ondrej/php5-oldstable': }
# php packages needed for openid server
package {
[
'php5-common',
'php5-curl',
'php5-cli',
'php5-json',
'php5-mcrypt',
'php5-mysql',
]:
require => Exec[apt_update],
}
group { 'openstackid':
ensure => present,
}
user { 'openstackid':
ensure => present,
managehome => true,
comment => 'OpenStackID User',
shell => '/bin/bash',
gid => 'openstackid',
require => Group['openstackid'],
}
file { '/etc/openstackid':
ensure => directory,
owner => 'root',
group => 'root',
mode => '0755',
}
file { '/etc/openstackid/database.php':
ensure => present,
content => template('openstackid/database.php.erb'),
owner => 'root',
group => 'openstackid',
mode => '0640',
require => [
File['/etc/openstackid'],
Group['openstackid'],
]
}
file { '/srv/openstackid':
ensure => directory,
owner => 'root',
group => 'root',
mode => '0755',
}
file { '/srv/openstackid/app':
ensure => directory,
owner => 'root',
group => 'root',
mode => '0755',
require => File['/srv/openstackid'],
}
file { '/srv/openstackid/app/config':
ensure => directory,
owner => 'root',
group => 'root',
mode => '0755',
require => File['/srv/openstackid/app'],
}
file { '/srv/openstackid/app/config/dev':
ensure => directory,
owner => 'root',
group => 'root',
mode => '0755',
require => File['/srv/openstackid/app/config'],
}
file { '/srv/openstackid/app/config/dev/database.php':
ensure => link,
target => '/etc/openstackid/database.php',
require => [
File['/srv/openstackid/app/config/dev'],
File['/etc/openstackid/database.php'],
],
}
file { '/srv/openstackid/public':
ensure => directory,
owner => 'root',
group => 'root',
mode => '0755',
require => File['/srv/openstackid'],
}
include apache
include apache::ssl
include apache::php
apache::vhost { $vhost_name:
port => 443,
docroot => '/srv/openstackid/public',
priority => '50',
template => 'openstackid/vhost.erb',
ssl => true,
require => File['/srv/openstackid/public'],
}
a2mod { 'rewrite':
ensure => present,
}
a2mod { 'proxy':
ensure => present,
}
a2mod { 'proxy_http':
ensure => present,
}
if $ssl_cert_file_contents != '' {
file { $ssl_cert_file:
owner => 'root',
group => 'root',
mode => '0640',
content => $ssl_cert_file_contents,
before => Apache::Vhost[$vhost_name],
}
}
if $ssl_key_file_contents != '' {
file { $ssl_key_file:
owner => 'root',
group => 'ssl-cert',
mode => '0640',
content => $ssl_key_file_contents,
before => Apache::Vhost[$vhost_name],
}
}
if $ssl_chain_file_contents != '' {
file { $ssl_chain_file:
owner => 'root',
group => 'root',
mode => '0640',
content => $ssl_chain_file_contents,
before => Apache::Vhost[$vhost_name],
}
}
if $robots_txt_source != '' {
file { '/srv/openstackid/public/robots.txt':
owner => 'root',
group => 'root',
mode => '0644',
source => $robots_txt_source,
require => File['/srv/openstackid/public'],
}
}
}

107
templates/database.php.erb Normal file
View File

@ -0,0 +1,107 @@
<?php
return array(
/*
|--------------------------------------------------------------------------
| PDO Fetch Style
|--------------------------------------------------------------------------
|
| By default, database results will be returned as instances of the PHP
| stdClass object; however, you may desire to retrieve records in an
| array format for simplicity. Here you can tweak the fetch style.
|
*/
'fetch' => PDO::FETCH_CLASS,
/*
|--------------------------------------------------------------------------
| Default Database Connection Name
|--------------------------------------------------------------------------
|
| Here you may specify which of the database connections below you wish
| to use as your default connection for all database work. Of course
| you may use many connections at once using the Database library.
|
*/
'default' => 'mysql',
/*
|--------------------------------------------------------------------------
| Database Connections
|--------------------------------------------------------------------------
|
| Here are each of the database connections setup for your application.
| Of course, examples of configuring each database platform that is
| supported by Laravel is shown below to make development simple.
|
|
| All database work in Laravel is done through the PHP PDO facilities
| so make sure you have the driver for your particular database of
| choice installed on your machine before you begin development.
|
*/
'connections' => array(
/* OpenID IDP database */
'mysql' => array(
'driver' => 'mysql',
'host' => '<%= mysql_host %>',
'database' => '<%= id_db_name %>',
'username' => '<%= mysql_user %>',
'password' => '<%= mysql_password %>',
'charset' => 'utf8',
'collation' => 'utf8_unicode_ci',
'prefix' => '',
),
/* Silverstripe database */
'mysql_external' => array(
'driver' => 'mysql',
'host' => '<%= mysql_host %>',
'database' => '<%= ss_db_name %>',
'username' => '<%= mysql_user %>',
'password' => '<%= mysql_password %>',
'charset' => 'utf8',
'collation' => 'utf8_unicode_ci',
'prefix' => '',
),
),
/*
|--------------------------------------------------------------------------
| Migration Repository Table
|--------------------------------------------------------------------------
|
| This table keeps track of all the migrations that have already run for
| your application. Using this information, we can determine which of
| the migrations on disk have not actually be run in the databases.
|
*/
'migrations' => 'migrations',
/*
|--------------------------------------------------------------------------
| Redis Databases
|--------------------------------------------------------------------------
|
| Redis is an open source, fast, and advanced key-value store that also
| provides a richer set of commands than a typical key-value systems
| such as APC or Memcached. Laravel makes it easy to dig right in.
|
*/
'redis' => array(
'cluster' => true,
'default' => array(
'host' => '<%= redis_host %>',
'port' => <%= redis_port %>,
),
),
);

39
templates/vhost.erb Normal file
View File

@ -0,0 +1,39 @@
<VirtualHost <%= scope.lookupvar("openstackid::vhost_name") %>:80>
ServerAdmin <%= scope.lookupvar("openstackid::serveradmin") %>
ErrorLog ${APACHE_LOG_DIR}/openstackid-error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/openstackid-access.log combined
Redirect / https://<%= scope.lookupvar("openstackid::vhost_name") %>/
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost <%= scope.lookupvar("openstackid::vhost_name") %>:443>
ServerName <%= scope.lookupvar("openstackid::vhost_name") %>
ServerAdmin <%= scope.lookupvar("openstackid::serveradmin") %>
ErrorLog ${APACHE_LOG_DIR}/openstackid-ssl-error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/openstackid-ssl-access.log combined
SSLEngine on
SSLCertificateFile <%= scope.lookupvar("openstackid::ssl_cert_file") %>
SSLCertificateKeyFile <%= scope.lookupvar("openstackid::ssl_key_file") %>
<% if scope.lookupvar("openstackid::ssl_chain_file") != "" %>
SSLCertificateChainFile <%= scope.lookupvar("openstackid::ssl_chain_file") %>
<% end %>
RewriteEngine on
RewriteCond %{HTTP_HOST} !<%= scope.lookupvar("openstackid::vhost_name") %>
RewriteRule ^.*$ <%= scope.lookupvar("openstackid::canonicalweburl") %>
DocumentRoot <%= docroot %>
<Directory <%= docroot %>/>
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
</IfModule>