Browse Source

Set up openstackid module

Refactor the openstack_project::openstackid_dev module out into a
top-level openstackid module in preparation for multiple servers,
set up Apache to serve content out of /srv/openstackid, add an
/etc/openstackid/database.php file with connection details injected
from hiera and keep an updated clone of openstack-infra/openstackid
in /opt/openstackid.

Change-Id: Icdde594384e3af27c8dd185a51b9e5a71619fb7b
Jeremy Stanley 5 years ago
commit
e7e07ad1f5
3 changed files with 353 additions and 0 deletions
  1. 207
    0
      manifests/init.pp
  2. 107
    0
      templates/database.php.erb
  3. 39
    0
      templates/vhost.erb

+ 207
- 0
manifests/init.pp View File

@@ -0,0 +1,207 @@
1
+# Copyright 2013  OpenStack Foundation
2
+#
3
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
4
+# not use this file except in compliance with the License. You may obtain
5
+# a copy of the License at
6
+#
7
+#      http://www.apache.org/licenses/LICENSE-2.0
8
+#
9
+# Unless required by applicable law or agreed to in writing, software
10
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12
+# License for the specific language governing permissions and limitations
13
+# under the License.
14
+#
15
+# openstackid idp(sso-openid)
16
+#
17
+# == Class: openstackid
18
+#
19
+class openstackid (
20
+  $git_source_repo = 'https://git.openstack.org/openstack-infra/openstackid',
21
+  $site_admin_password = '',
22
+  $mysql_host = '',
23
+  $mysql_user = '',
24
+  $mysql_password = '',
25
+  $id_db_name = '',
26
+  $ss_db_name = '',
27
+  $redis_port = '',
28
+  $redis_host = '',
29
+  $vhost_name = $::fqdn,
30
+  $robots_txt_source = '',
31
+  $serveradmin = "webmaster@${::fqdn}",
32
+  $canonicalweburl = "https://${::fqdn}/",
33
+  $ssl_cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem',
34
+  $ssl_key_file = '/etc/ssl/private/ssl-cert-snakeoil.key',
35
+  $ssl_chain_file = '',
36
+  $ssl_cert_file_contents = '', # If left empty puppet will not create file.
37
+  $ssl_key_file_contents = '', # If left empty puppet will not create file.
38
+  $ssl_chain_file_contents = '', # If left empty puppet will not create file.
39
+  $httpd_acceptorthreads = '',
40
+) {
41
+
42
+  vcsrepo { '/opt/openstackid':
43
+    ensure   => latest,
44
+    provider => git,
45
+    revision => 'master',
46
+    source   => $git_source_repo,
47
+  }
48
+
49
+  # we need PHP 5.4 or greather
50
+  include apt
51
+  apt::ppa { 'ppa:ondrej/php5-oldstable': }
52
+
53
+  # php packages needed for openid server
54
+  package {
55
+    [
56
+      'php5-common',
57
+      'php5-curl',
58
+      'php5-cli',
59
+      'php5-json',
60
+      'php5-mcrypt',
61
+      'php5-mysql',
62
+    ]:
63
+    require => Exec[apt_update],
64
+  }
65
+
66
+  group { 'openstackid':
67
+    ensure => present,
68
+  }
69
+
70
+  user { 'openstackid':
71
+    ensure     => present,
72
+    managehome => true,
73
+    comment    => 'OpenStackID User',
74
+    shell      => '/bin/bash',
75
+    gid        => 'openstackid',
76
+    require    => Group['openstackid'],
77
+  }
78
+
79
+  file { '/etc/openstackid':
80
+    ensure => directory,
81
+    owner  => 'root',
82
+    group  => 'root',
83
+    mode   => '0755',
84
+  }
85
+
86
+  file { '/etc/openstackid/database.php':
87
+    ensure  => present,
88
+    content => template('openstackid/database.php.erb'),
89
+    owner   => 'root',
90
+    group   => 'openstackid',
91
+    mode    => '0640',
92
+    require => [
93
+      File['/etc/openstackid'],
94
+      Group['openstackid'],
95
+    ]
96
+  }
97
+
98
+  file { '/srv/openstackid':
99
+    ensure => directory,
100
+    owner  => 'root',
101
+    group  => 'root',
102
+    mode   => '0755',
103
+  }
104
+
105
+  file { '/srv/openstackid/app':
106
+    ensure  => directory,
107
+    owner   => 'root',
108
+    group   => 'root',
109
+    mode    => '0755',
110
+    require => File['/srv/openstackid'],
111
+  }
112
+
113
+  file { '/srv/openstackid/app/config':
114
+    ensure  => directory,
115
+    owner   => 'root',
116
+    group   => 'root',
117
+    mode    => '0755',
118
+    require => File['/srv/openstackid/app'],
119
+  }
120
+
121
+  file { '/srv/openstackid/app/config/dev':
122
+    ensure  => directory,
123
+    owner   => 'root',
124
+    group   => 'root',
125
+    mode    => '0755',
126
+    require => File['/srv/openstackid/app/config'],
127
+  }
128
+
129
+  file { '/srv/openstackid/app/config/dev/database.php':
130
+    ensure  => link,
131
+    target  => '/etc/openstackid/database.php',
132
+    require => [
133
+      File['/srv/openstackid/app/config/dev'],
134
+      File['/etc/openstackid/database.php'],
135
+    ],
136
+  }
137
+
138
+  file { '/srv/openstackid/public':
139
+    ensure  => directory,
140
+    owner   => 'root',
141
+    group   => 'root',
142
+    mode    => '0755',
143
+    require => File['/srv/openstackid'],
144
+  }
145
+
146
+  include apache
147
+  include apache::ssl
148
+  include apache::php
149
+  apache::vhost { $vhost_name:
150
+    port     => 443,
151
+    docroot  => '/srv/openstackid/public',
152
+    priority => '50',
153
+    template => 'openstackid/vhost.erb',
154
+    ssl      => true,
155
+    require  => File['/srv/openstackid/public'],
156
+  }
157
+  a2mod { 'rewrite':
158
+    ensure => present,
159
+  }
160
+  a2mod { 'proxy':
161
+    ensure => present,
162
+  }
163
+  a2mod { 'proxy_http':
164
+    ensure => present,
165
+  }
166
+
167
+  if $ssl_cert_file_contents != '' {
168
+    file { $ssl_cert_file:
169
+      owner   => 'root',
170
+      group   => 'root',
171
+      mode    => '0640',
172
+      content => $ssl_cert_file_contents,
173
+      before  => Apache::Vhost[$vhost_name],
174
+    }
175
+  }
176
+
177
+  if $ssl_key_file_contents != '' {
178
+    file { $ssl_key_file:
179
+      owner   => 'root',
180
+      group   => 'ssl-cert',
181
+      mode    => '0640',
182
+      content => $ssl_key_file_contents,
183
+      before  => Apache::Vhost[$vhost_name],
184
+    }
185
+  }
186
+
187
+  if $ssl_chain_file_contents != '' {
188
+    file { $ssl_chain_file:
189
+      owner   => 'root',
190
+      group   => 'root',
191
+      mode    => '0640',
192
+      content => $ssl_chain_file_contents,
193
+      before  => Apache::Vhost[$vhost_name],
194
+    }
195
+  }
196
+
197
+  if $robots_txt_source != '' {
198
+    file { '/srv/openstackid/public/robots.txt':
199
+      owner   => 'root',
200
+      group   => 'root',
201
+      mode    => '0644',
202
+      source  => $robots_txt_source,
203
+      require => File['/srv/openstackid/public'],
204
+    }
205
+  }
206
+
207
+}

+ 107
- 0
templates/database.php.erb View File

@@ -0,0 +1,107 @@
1
+<?php
2
+
3
+return array(
4
+
5
+    /*
6
+    |--------------------------------------------------------------------------
7
+    | PDO Fetch Style
8
+    |--------------------------------------------------------------------------
9
+    |
10
+    | By default, database results will be returned as instances of the PHP
11
+    | stdClass object; however, you may desire to retrieve records in an
12
+    | array format for simplicity. Here you can tweak the fetch style.
13
+    |
14
+    */
15
+
16
+    'fetch' => PDO::FETCH_CLASS,
17
+
18
+    /*
19
+    |--------------------------------------------------------------------------
20
+    | Default Database Connection Name
21
+    |--------------------------------------------------------------------------
22
+    |
23
+    | Here you may specify which of the database connections below you wish
24
+    | to use as your default connection for all database work. Of course
25
+    | you may use many connections at once using the Database library.
26
+    |
27
+    */
28
+
29
+    'default' => 'mysql',
30
+
31
+    /*
32
+    |--------------------------------------------------------------------------
33
+    | Database Connections
34
+    |--------------------------------------------------------------------------
35
+    |
36
+    | Here are each of the database connections setup for your application.
37
+    | Of course, examples of configuring each database platform that is
38
+    | supported by Laravel is shown below to make development simple.
39
+    |
40
+    |
41
+    | All database work in Laravel is done through the PHP PDO facilities
42
+    | so make sure you have the driver for your particular database of
43
+    | choice installed on your machine before you begin development.
44
+    |
45
+    */
46
+
47
+    'connections' => array(
48
+        /* OpenID IDP database */
49
+        'mysql' => array(
50
+            'driver'    => 'mysql',
51
+            'host'      => '<%= mysql_host %>',
52
+            'database'  => '<%= id_db_name %>',
53
+            'username'  => '<%= mysql_user %>',
54
+            'password'  => '<%= mysql_password %>',
55
+            'charset'   => 'utf8',
56
+            'collation' => 'utf8_unicode_ci',
57
+            'prefix'    => '',
58
+        ),
59
+        /* Silverstripe database */
60
+        'mysql_external' => array(
61
+            'driver'    => 'mysql',
62
+            'host'      => '<%= mysql_host %>',
63
+            'database'  => '<%= ss_db_name %>',
64
+            'username'  => '<%= mysql_user %>',
65
+            'password'  => '<%= mysql_password %>',
66
+            'charset'   => 'utf8',
67
+            'collation' => 'utf8_unicode_ci',
68
+            'prefix'    => '',
69
+        ),
70
+    ),
71
+
72
+    /*
73
+    |--------------------------------------------------------------------------
74
+    | Migration Repository Table
75
+    |--------------------------------------------------------------------------
76
+    |
77
+    | This table keeps track of all the migrations that have already run for
78
+    | your application. Using this information, we can determine which of
79
+    | the migrations on disk have not actually be run in the databases.
80
+    |
81
+    */
82
+
83
+    'migrations' => 'migrations',
84
+
85
+    /*
86
+    |--------------------------------------------------------------------------
87
+    | Redis Databases
88
+    |--------------------------------------------------------------------------
89
+    |
90
+    | Redis is an open source, fast, and advanced key-value store that also
91
+    | provides a richer set of commands than a typical key-value systems
92
+    | such as APC or Memcached. Laravel makes it easy to dig right in.
93
+    |
94
+    */
95
+
96
+    'redis' => array(
97
+
98
+        'cluster' => true,
99
+
100
+        'default' => array(
101
+            'host'     => '<%= redis_host %>',
102
+            'port'     => <%= redis_port %>,
103
+        ),
104
+
105
+    ),
106
+
107
+);

+ 39
- 0
templates/vhost.erb View File

@@ -0,0 +1,39 @@
1
+<VirtualHost <%= scope.lookupvar("openstackid::vhost_name") %>:80>
2
+  ServerAdmin <%= scope.lookupvar("openstackid::serveradmin") %>
3
+
4
+  ErrorLog ${APACHE_LOG_DIR}/openstackid-error.log
5
+  LogLevel warn
6
+  CustomLog ${APACHE_LOG_DIR}/openstackid-access.log combined
7
+
8
+  Redirect / https://<%= scope.lookupvar("openstackid::vhost_name") %>/
9
+
10
+</VirtualHost>
11
+
12
+<IfModule mod_ssl.c>
13
+<VirtualHost <%= scope.lookupvar("openstackid::vhost_name") %>:443>
14
+  ServerName <%= scope.lookupvar("openstackid::vhost_name") %>
15
+  ServerAdmin <%= scope.lookupvar("openstackid::serveradmin") %>
16
+
17
+  ErrorLog ${APACHE_LOG_DIR}/openstackid-ssl-error.log
18
+  LogLevel warn
19
+  CustomLog ${APACHE_LOG_DIR}/openstackid-ssl-access.log combined
20
+
21
+  SSLEngine on
22
+  SSLCertificateFile      <%= scope.lookupvar("openstackid::ssl_cert_file") %>
23
+  SSLCertificateKeyFile   <%= scope.lookupvar("openstackid::ssl_key_file") %>
24
+<% if scope.lookupvar("openstackid::ssl_chain_file") != "" %>
25
+  SSLCertificateChainFile <%= scope.lookupvar("openstackid::ssl_chain_file") %>
26
+<% end %>
27
+
28
+  RewriteEngine on
29
+  RewriteCond %{HTTP_HOST} !<%= scope.lookupvar("openstackid::vhost_name") %>
30
+  RewriteRule ^.*$ <%= scope.lookupvar("openstackid::canonicalweburl") %>
31
+
32
+  DocumentRoot <%= docroot %>
33
+  <Directory <%= docroot %>/>
34
+    Order allow,deny
35
+    Allow from all
36
+  </Directory>
37
+
38
+</VirtualHost>
39
+</IfModule>

Loading…
Cancel
Save