Added OpenID Apache configuration options

Also initial commit of default.pp Change-Id: I33dd6e36da17aa2ee89c5bae421390123cea35e3 Implements: spec maniphest migration
2015-12-08 17:33:46 +10:00 · 2015-12-08 17:33:46 +10:00 · 048cf68540
parent 3dd450ac5e
commit 048cf68540
2 changed files with 140 additions and 0 deletions
--- a/manifests/default.pp
+++ b/manifests/default.pp
@ -0,0 +1,134 @@
+# Basic Puppet Apache manifest
+
+$apache2_sites = "/etc/apache2/sites"
+$apache2_mods  = "/etc/apache2/mods"
+$phab_dir      = "/phabricator"
+$dev_dir       = "${phab_dir}/instances/dev"
+$document_root = "${dev_dir}/phabricator/webroot"
+$std_path      = "/usr/bin:/usr/sbin:/bin"
+$auth_location = "/auth/login/RemoteUser:self/"
+$AuthOpenIDSingleIdP = "https://login.launchpad.net/"
+
+file { 'apt-proxyconfig' :
+  path    => '/etc/apt/apt.conf.d/95proxies',
+  ensure  => present,
+  content => "Acquire::http::proxy \"${http_proxy}\";",
+  notify  => Exec['apt-update'],
+}
+
+exec { 'apt-update':
+    command     => 'apt-get update',
+    refreshonly => true,
+    path        => $std_path,
+}
+
+class apache2 {
+
+  package { "apache2":
+    ensure => present,
+  }
+
+   service { "apache2":
+      ensure     => running,
+      hasstatus  => true,
+      hasrestart => true,
+      require    => Package["apache2"],
+   }
+
+  file { 'vhost':
+    path    => '/etc/apache2/sites-available/phab.conf',
+    ensure  => present,
+    content => template("phabricator/vhost.erb"),
+    notify  => Service['apache2'],
+  }
+
+  file { '/etc/apache2/sites-enabled/phab.conf':
+    ensure => link,
+    target => '/etc/apache2/sites-available/phab.conf',
+  }
+
+  file { '/etc/apache2/sites-enabled/000-default.conf':
+    ensure => 'absent',
+    purge => true,
+    force => true
+  }
+
+   define module ( $requires = 'apache2' ) {
+        exec { "/usr/sbin/a2enmod ${name}":
+           unless  => "/bin/readlink -e ${apache2_mods}-enabled/${name}.load",
+           notify  => Service['apache2'],
+           require => Package[$requires],
+        }
+   }
+}
+
+class otherpackages {
+    $packages = ["git-core", "mysql-server", "php5", "dpkg-dev", "unzip"]
+    $php_packages = ["php5-mysql", "php5-gd", "php5-dev", "php5-curl", "php-apc", "php5-cli"]
+
+    package { $packages: ensure     => installed, }
+    package { $php_packages: ensure => installed, }
+}
+
+class phabricatordirs {
+    # puppet won't create parent directories and will fail if we don't
+    # manually specify each of them as separate dependencies
+    # it does automatically create them in the correct order though
+    file { "/phabricator/instances/dev":
+        ensure => directory,
+    }
+    file { "/phabricator/instances":
+        ensure => directory,
+    }
+    file { "/phabricator":
+        ensure => directory,
+    }
+}
+
+class phabricator {
+
+    define phabgithubunzip ($repo = $title, $commit) {
+        $proxy_string = "https_proxy=${https_proxy}"
+        $github_string = "https://github.com/facebook"
+        exec { "wget ${github_string}/${repo}/archive/${commit}.zip -O ${dev_dir}/${repo}.zip --no-check-certificate && unzip ${dev_dir}/${repo}.zip -d ${dev_dir} && mv ${dev_dir}/${repo}-${commit} ${dev_dir}/${repo}":
+            path        => $std_path,
+            creates     => "${dev_dir}/${repo}",
+            environment => $proxy_string,
+        }
+    }
+
+    # set 'commit' to 'master' for the latest version
+    phabgithubunzip {'phabricator': commit => 'stable'}
+    phabgithubunzip {'libphutil': commit => 'stable'}
+    phabgithubunzip {'arcanist': commit => 'stable'}
+}
+
+class phabricatordb {
+    file { "initial.db":
+	path   => "${phab_dir}/initial.db",
+	source => "puppet:///modules/phabricator/initial.db",
+	ensure => present,
+    }
+
+    exec { "mysql < ${phab_dir}/initial.db && ${dev_dir}/phabricator/bin/storage upgrade --force":
+        path    => $std_path,
+        unless  => "${dev_dir}/phabricator/bin/storage status",
+	require => File["initial.db"],
+    }
+}
+
+# declare our entities
+class {'apache2':}
+class {'otherpackages':}
+apache2::module { "rewrite": }
+class {'phabricatordirs':}
+class {'phabricator':}
+class {'phabricatordb':}
+
+# declare our dependencies
+Class['apache2']       <- File['apt-proxyconfig']
+Class['otherpackages'] <- File['apt-proxyconfig']
+Class['phabricator']   <- Class['apache2']
+Class['phabricator']   <- Class['otherpackages']
+Class['phabricator']   <- Class['phabricatordirs']
+Class['phabricatordb'] <- Class['phabricator']
--- a/templates/vhost.erb
+++ b/templates/vhost.erb
@ -55,6 +55,12 @@
        Require all granted
    </Directory>

+    <Location <%= @auth_location %> >
+      AuthType OpenID
+      require valid-user
+      AuthOpenIDSingleIdP <%= @AuthOpenIDSingleIdP %>
+    </Location>
+
    RewriteEngine on
    RewriteRule ^/rsrc/(.*)     -                       [L,QSA]
    RewriteRule ^/favicon.ico   -                       [L,QSA]