From e7e07ad1f58daa410e135db171b6cc3a7f3d728d Mon Sep 17 00:00:00 2001 From: Jeremy Stanley Date: Fri, 20 Dec 2013 04:59:12 +0000 Subject: [PATCH] Set up openstackid module Refactor the openstack_project::openstackid_dev module out into a top-level openstackid module in preparation for multiple servers, set up Apache to serve content out of /srv/openstackid, add an /etc/openstackid/database.php file with connection details injected from hiera and keep an updated clone of openstack-infra/openstackid in /opt/openstackid. Change-Id: Icdde594384e3af27c8dd185a51b9e5a71619fb7b --- manifests/init.pp | 207 +++++++++++++++++++++++++++++++++++++ templates/database.php.erb | 107 +++++++++++++++++++ templates/vhost.erb | 39 +++++++ 3 files changed, 353 insertions(+) create mode 100644 manifests/init.pp create mode 100644 templates/database.php.erb create mode 100644 templates/vhost.erb diff --git a/manifests/init.pp b/manifests/init.pp new file mode 100644 index 0000000..5e0f595 --- /dev/null +++ b/manifests/init.pp @@ -0,0 +1,207 @@ +# Copyright 2013 OpenStack Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# openstackid idp(sso-openid) +# +# == Class: openstackid +# +class openstackid ( + $git_source_repo = 'https://git.openstack.org/openstack-infra/openstackid', + $site_admin_password = '', + $mysql_host = '', + $mysql_user = '', + $mysql_password = '', + $id_db_name = '', + $ss_db_name = '', + $redis_port = '', + $redis_host = '', + $vhost_name = $::fqdn, + $robots_txt_source = '', + $serveradmin = "webmaster@${::fqdn}", + $canonicalweburl = "https://${::fqdn}/", + $ssl_cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem', + $ssl_key_file = '/etc/ssl/private/ssl-cert-snakeoil.key', + $ssl_chain_file = '', + $ssl_cert_file_contents = '', # If left empty puppet will not create file. + $ssl_key_file_contents = '', # If left empty puppet will not create file. + $ssl_chain_file_contents = '', # If left empty puppet will not create file. + $httpd_acceptorthreads = '', +) { + + vcsrepo { '/opt/openstackid': + ensure => latest, + provider => git, + revision => 'master', + source => $git_source_repo, + } + + # we need PHP 5.4 or greather + include apt + apt::ppa { 'ppa:ondrej/php5-oldstable': } + + # php packages needed for openid server + package { + [ + 'php5-common', + 'php5-curl', + 'php5-cli', + 'php5-json', + 'php5-mcrypt', + 'php5-mysql', + ]: + require => Exec[apt_update], + } + + group { 'openstackid': + ensure => present, + } + + user { 'openstackid': + ensure => present, + managehome => true, + comment => 'OpenStackID User', + shell => '/bin/bash', + gid => 'openstackid', + require => Group['openstackid'], + } + + file { '/etc/openstackid': + ensure => directory, + owner => 'root', + group => 'root', + mode => '0755', + } + + file { '/etc/openstackid/database.php': + ensure => present, + content => template('openstackid/database.php.erb'), + owner => 'root', + group => 'openstackid', + mode => '0640', + require => [ + File['/etc/openstackid'], + Group['openstackid'], + ] + } + + file { '/srv/openstackid': + ensure => directory, + owner => 'root', + group => 'root', + mode => '0755', + } + + file { '/srv/openstackid/app': + ensure => directory, + owner => 'root', + group => 'root', + mode => '0755', + require => File['/srv/openstackid'], + } + + file { '/srv/openstackid/app/config': + ensure => directory, + owner => 'root', + group => 'root', + mode => '0755', + require => File['/srv/openstackid/app'], + } + + file { '/srv/openstackid/app/config/dev': + ensure => directory, + owner => 'root', + group => 'root', + mode => '0755', + require => File['/srv/openstackid/app/config'], + } + + file { '/srv/openstackid/app/config/dev/database.php': + ensure => link, + target => '/etc/openstackid/database.php', + require => [ + File['/srv/openstackid/app/config/dev'], + File['/etc/openstackid/database.php'], + ], + } + + file { '/srv/openstackid/public': + ensure => directory, + owner => 'root', + group => 'root', + mode => '0755', + require => File['/srv/openstackid'], + } + + include apache + include apache::ssl + include apache::php + apache::vhost { $vhost_name: + port => 443, + docroot => '/srv/openstackid/public', + priority => '50', + template => 'openstackid/vhost.erb', + ssl => true, + require => File['/srv/openstackid/public'], + } + a2mod { 'rewrite': + ensure => present, + } + a2mod { 'proxy': + ensure => present, + } + a2mod { 'proxy_http': + ensure => present, + } + + if $ssl_cert_file_contents != '' { + file { $ssl_cert_file: + owner => 'root', + group => 'root', + mode => '0640', + content => $ssl_cert_file_contents, + before => Apache::Vhost[$vhost_name], + } + } + + if $ssl_key_file_contents != '' { + file { $ssl_key_file: + owner => 'root', + group => 'ssl-cert', + mode => '0640', + content => $ssl_key_file_contents, + before => Apache::Vhost[$vhost_name], + } + } + + if $ssl_chain_file_contents != '' { + file { $ssl_chain_file: + owner => 'root', + group => 'root', + mode => '0640', + content => $ssl_chain_file_contents, + before => Apache::Vhost[$vhost_name], + } + } + + if $robots_txt_source != '' { + file { '/srv/openstackid/public/robots.txt': + owner => 'root', + group => 'root', + mode => '0644', + source => $robots_txt_source, + require => File['/srv/openstackid/public'], + } + } + +} diff --git a/templates/database.php.erb b/templates/database.php.erb new file mode 100644 index 0000000..e7b6c6a --- /dev/null +++ b/templates/database.php.erb @@ -0,0 +1,107 @@ + PDO::FETCH_CLASS, + + /* + |-------------------------------------------------------------------------- + | Default Database Connection Name + |-------------------------------------------------------------------------- + | + | Here you may specify which of the database connections below you wish + | to use as your default connection for all database work. Of course + | you may use many connections at once using the Database library. + | + */ + + 'default' => 'mysql', + + /* + |-------------------------------------------------------------------------- + | Database Connections + |-------------------------------------------------------------------------- + | + | Here are each of the database connections setup for your application. + | Of course, examples of configuring each database platform that is + | supported by Laravel is shown below to make development simple. + | + | + | All database work in Laravel is done through the PHP PDO facilities + | so make sure you have the driver for your particular database of + | choice installed on your machine before you begin development. + | + */ + + 'connections' => array( + /* OpenID IDP database */ + 'mysql' => array( + 'driver' => 'mysql', + 'host' => '<%= mysql_host %>', + 'database' => '<%= id_db_name %>', + 'username' => '<%= mysql_user %>', + 'password' => '<%= mysql_password %>', + 'charset' => 'utf8', + 'collation' => 'utf8_unicode_ci', + 'prefix' => '', + ), + /* Silverstripe database */ + 'mysql_external' => array( + 'driver' => 'mysql', + 'host' => '<%= mysql_host %>', + 'database' => '<%= ss_db_name %>', + 'username' => '<%= mysql_user %>', + 'password' => '<%= mysql_password %>', + 'charset' => 'utf8', + 'collation' => 'utf8_unicode_ci', + 'prefix' => '', + ), + ), + + /* + |-------------------------------------------------------------------------- + | Migration Repository Table + |-------------------------------------------------------------------------- + | + | This table keeps track of all the migrations that have already run for + | your application. Using this information, we can determine which of + | the migrations on disk have not actually be run in the databases. + | + */ + + 'migrations' => 'migrations', + + /* + |-------------------------------------------------------------------------- + | Redis Databases + |-------------------------------------------------------------------------- + | + | Redis is an open source, fast, and advanced key-value store that also + | provides a richer set of commands than a typical key-value systems + | such as APC or Memcached. Laravel makes it easy to dig right in. + | + */ + + 'redis' => array( + + 'cluster' => true, + + 'default' => array( + 'host' => '<%= redis_host %>', + 'port' => <%= redis_port %>, + ), + + ), + +); diff --git a/templates/vhost.erb b/templates/vhost.erb new file mode 100644 index 0000000..5594b52 --- /dev/null +++ b/templates/vhost.erb @@ -0,0 +1,39 @@ +:80> + ServerAdmin <%= scope.lookupvar("openstackid::serveradmin") %> + + ErrorLog ${APACHE_LOG_DIR}/openstackid-error.log + LogLevel warn + CustomLog ${APACHE_LOG_DIR}/openstackid-access.log combined + + Redirect / https://<%= scope.lookupvar("openstackid::vhost_name") %>/ + + + + +:443> + ServerName <%= scope.lookupvar("openstackid::vhost_name") %> + ServerAdmin <%= scope.lookupvar("openstackid::serveradmin") %> + + ErrorLog ${APACHE_LOG_DIR}/openstackid-ssl-error.log + LogLevel warn + CustomLog ${APACHE_LOG_DIR}/openstackid-ssl-access.log combined + + SSLEngine on + SSLCertificateFile <%= scope.lookupvar("openstackid::ssl_cert_file") %> + SSLCertificateKeyFile <%= scope.lookupvar("openstackid::ssl_key_file") %> +<% if scope.lookupvar("openstackid::ssl_chain_file") != "" %> + SSLCertificateChainFile <%= scope.lookupvar("openstackid::ssl_chain_file") %> +<% end %> + + RewriteEngine on + RewriteCond %{HTTP_HOST} !<%= scope.lookupvar("openstackid::vhost_name") %> + RewriteRule ^.*$ <%= scope.lookupvar("openstackid::canonicalweburl") %> + + DocumentRoot <%= docroot %> + /> + Order allow,deny + Allow from all + + + +