Browse Source

Merge "Patches Required to Deliver Pholio"

changes/38/398538/1
Jenkins 2 years ago
parent
commit
402723d565
7 changed files with 382 additions and 188 deletions
  1. 1
    0
      .gitignore
  2. 69
    153
      manifests/init.pp
  3. 195
    0
      manifests/install.pp
  4. 35
    25
      manifests/mysql.pp
  5. 47
    0
      manifests/vars.pp
  6. 19
    0
      templates/set-auth_providerconfig.sql.erb
  7. 16
    10
      templates/vhost.erb

+ 1
- 0
.gitignore View File

@@ -1,2 +1,3 @@
1 1
 Gemfile.lock
2 2
 .bundled_gems/
3
+.vagrant

+ 69
- 153
manifests/init.pp View File

@@ -1,174 +1,90 @@
1
+# Copyright 2016 Hewlett Packard Enterprise Development Company, L.P.
2
+#
3
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
4
+# not use this file except in compliance with the License. You may obtain
5
+# a copy of the License at
6
+#
7
+#      http://www.apache.org/licenses/LICENSE-2.0
8
+#
9
+# Unless required by applicable law or agreed to in writing, software
10
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12
+# License for the specific language governing permissions and limitations
13
+# under the License.
14
+#
1 15
 # == Class: phabricator
2 16
 #
17
+# Set up a full, standalone instance of phabricator.
18
+#
3 19
 class phabricator (
4
-  $mysql_user_password,
5
-  $instance                = 'dev',
20
+  # Database Configurations.
6 21
   $mysql_database          = 'phabricator',
7 22
   $mysql_host              = 'localhost',
8 23
   $mysql_port              = 3306,
9 24
   $mysql_user              = 'phabricator',
10
-  $phab_dir                = '/phabricator',
11
-  $ssl_cert_file           = "/etc/ssl/certs/${::fqdn}.pem",
12
-  $ssl_cert_file_contents  = undef, # If left empty puppet will not create file.
13
-  $ssl_chain_file          = undef,
14
-  $ssl_chain_file_contents = undef, # If left empty puppet will not create file.
15
-  $ssl_key_file            = "/etc/ssl/private/${::fqdn}.key",
16
-  $ssl_key_file_contents   = undef,  # If left empty puppet will not create file.
17
-  $vhost_name              = $::fqdn,
18
-) {
19
-
20
-  $instances_dir = "${phab_dir}/instances"
21
-  $instance_dir = "${instances_dir}/${instance}"
22
-
23
-  $packages = [
24
-    'php5',
25
-    'php5-mysql',
26
-    'php5-gd',
27
-    'php5-dev',
28
-    'php5-curl',
29
-    'php-apc',
30
-    'php5-cli',
31
-    'python-pygmentize'
32
-  ]
33
-  package { $packages:
34
-    ensure => installed,
35
-  }
25
+  $mysql_user_password,
26
+  $mysql_root_password,
36 27
 
37
-  if !defined(Package['git']) {
38
-    package { 'git':
39
-      ensure => present
40
-    }
41
-  }
28
+  # Phabricator working directory
29
+  $phabricator_dir         = '/opt/phabricator',
42 30
 
43
-  file { $phab_dir:
44
-    ensure => directory,
45
-  }
46
-  file { $instances_dir:
47
-    ensure => directory,
48
-  }
49
-  file { $instance_dir:
50
-    ensure => directory,
51
-  }
31
+  # OpenID configuration
32
+  $auth_location = '/auth/login/RemoteUser:self/',
33
+  $authopenidsingleidp = 'https://openstackid.org/',
52 34
 
53
-  if $ssl_cert_file_contents != undef {
54
-    file { $ssl_cert_file:
55
-      owner   => 'root',
56
-      group   => 'root',
57
-      mode    => '0640',
58
-      content => $ssl_cert_file_contents,
59
-      before  => Httpd::Vhost[$vhost_name],
60
-    }
61
-  }
62
-
63
-  if $ssl_key_file_contents != undef {
64
-    file { $ssl_key_file:
65
-      owner   => 'root',
66
-      group   => 'ssl-cert',
67
-      mode    => '0640',
68
-      content => $ssl_key_file_contents,
69
-      before  => Httpd::Vhost[$vhost_name],
70
-    }
71
-  }
35
+  # SSL Certificates.
36
+  $ssl_cert_file           = undef,
37
+  $ssl_cert_file_contents  = undef, # If left empty puppet will not create file.
38
+  $ssl_chain_file          = undef,
39
+  $ssl_chain_file_contents = undef, # If left empty puppet will not create file.
40
+  $ssl_key_file            = undef,
41
+  $ssl_key_file_contents   = undef, # If left empty puppet will not create file.
72 42
 
73
-  if $ssl_chain_file_contents != undef {
74
-    file { $ssl_chain_file:
75
-      owner   => 'root',
76
-      group   => 'root',
77
-      mode    => '0640',
78
-      content => $ssl_chain_file_contents,
79
-      before  => Httpd::Vhost[$vhost_name],
80
-    }
81
-  }
43
+  # Httpd config.
44
+  $httpd_vhost             = $::fqdn,
45
+  $httpd_admin_email       = 'noc@openstack.org',
46
+) {
82 47
 
83
-  vcsrepo { "${instance_dir}/phabricator":
84
-    ensure   => latest,
85
-    provider => git,
86
-    source   => 'https://github.com/phacility/phabricator.git',
87
-    require  => [
88
-      File[$instance_dir],
89
-      Package['git'],
48
+  # Set up the shared configuration.
49
+  class { '::phabricator::vars':
50
+    mysql_database          => $mysql_database,
51
+    mysql_host              => $mysql_host,
52
+    mysql_port              => $mysql_port,
53
+    mysql_user              => $mysql_user,
54
+    mysql_user_password     => $mysql_user_password,
55
+    mysql_root_password     => $mysql_root_password,
56
+    phabricator_dir         => $phabricator_dir,
57
+    ssl_cert_file           => $ssl_cert_file,
58
+    ssl_cert_file_contents  => $ssl_cert_file_contents,
59
+    ssl_chain_file          => $ssl_chain_file,
60
+    ssl_chain_file_contents => $ssl_chain_file_contents,
61
+    ssl_key_file            => $ssl_key_file,
62
+    ssl_key_file_contents   => $ssl_key_file_contents,
63
+    httpd_vhost             => $httpd_vhost,
64
+    httpd_admin_email       => $httpd_admin_email,
65
+
66
+    before                  => [
67
+      Class['Phabricator::Certificates'],
68
+      Class['Phabricator::Httpd'],
69
+      Class['Phabricator::Mysql'],
70
+      Class['Phabricator::Install'],
90 71
     ]
91 72
   }
92 73
 
93
-  vcsrepo { "${instance_dir}/arcanist":
94
-    ensure   => latest,
95
-    provider => git,
96
-    source   => 'https://github.com/phacility/arcanist.git',
97
-    require  => [
98
-      File[$instance_dir],
99
-      Package['git'],
100
-    ]
101
-  }
74
+  include ::phabricator::certificates
75
+  include ::phabricator::mysql
102 76
 
103
-  vcsrepo { "${instance_dir}/libphutil":
104
-    ensure   => latest,
105
-    provider => git,
106
-    source   => 'https://github.com/phacility/libphutil.git',
107
-    require  => [
108
-      File[$instance_dir],
109
-      Package['git'],
77
+  class { '::phabricator::httpd':
78
+    require => [
79
+      Class['phabricator::install'],
80
+      Class['phabricator::mysql'],
81
+      Class['phabricator::certificates']
110 82
     ]
111 83
   }
112 84
 
113
-  file { 'initial.db':
114
-    ensure => present,
115
-    path   => "${phab_dir}/initial.db",
116
-    source => 'puppet:///modules/phabricator/initial.db',
117
-  }
118
-
119
-  file {'local.json':
120
-    ensure  => present,
121
-    path    => "${instance_dir}/phabricator/conf/local/local.json",
122
-    content => template('phabricator/local.json.erb'),
123
-  }
124
-
125
-  file { '/etc/php5/mods-available/phabricator.ini':
126
-    ensure  => present,
127
-    owner   => 'root',
128
-    group   => 'root',
129
-    content => "; configuration for phabricator\n; priority=20\npost_max_size = 32M",
130
-
131
-  }
132
-
133
-  file { '/etc/php5/apache2/conf.d/20-phabricator.ini':
134
-    ensure => 'link',
135
-    target => '/etc/php5/mods-available/phabricator.ini',
136
-    notify => Service['httpd'],
137
-  }
138
-
139
-  exec { 'load-initial-db':
140
-    command     => "/usr/bin/mysql < ${phab_dir}/initial.db && ${instance_dir}/phabricator/bin/storage upgrade --force",
141
-    unless      => "${instance_dir}/phabricator/bin/storage status",
142
-    subscribe   => File['initial.db'],
143
-    refreshonly => true,
144
-    require     => [
145
-                    Vcsrepo["${instance_dir}/phabricator"],
146
-                    File['initial.db'],
147
-                    ]
148
-  }
149
-
150
-  exec { 'update-database':
151
-    command     => "${instance_dir}/phabricator/bin/storage upgrade --force",
152
-    refreshonly => true,
153
-    subscribe   => Vcsrepo["${instance_dir}/phabricator"],
154
-    require     => Vcsrepo["${instance_dir}/phabricator"],
155
-  }
156
-
157
-  include ::httpd
158
-  include ::httpd::ssl
159
-  include ::httpd::php
160
-
161
-  httpd_mod { 'rewrite':
162
-    ensure => present,
163
-  }
164
-
165
-  ::httpd::vhost { $vhost_name:
166
-    port     => 443,
167
-    docroot  => "${instance_dir}/phabricator/webroot/",
168
-    priority => '50',
169
-    template => 'phabricator/vhost.erb',
170
-    ssl      => true,
171
-    require  => File[$instance_dir],
85
+  class { '::phabricator::install':
86
+    require => [
87
+      Class['phabricator::mysql'],
88
+    ]
172 89
   }
173
-
174 90
 }

+ 195
- 0
manifests/install.pp View File

@@ -0,0 +1,195 @@
1
+# Copyright 2016 Hewlett Packard Enterprise Development Company, L.P.
2
+#
3
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
4
+# not use this file except in compliance with the License. You may obtain
5
+# a copy of the License at
6
+#
7
+#      http://www.apache.org/licenses/LICENSE-2.0
8
+#
9
+# Unless required by applicable law or agreed to in writing, software
10
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12
+# License for the specific language governing permissions and limitations
13
+# under the License.
14
+#
15
+# == Class: phabricator::install
16
+#
17
+# Installation of phabricator itself.
18
+#
19
+class phabricator::install (
20
+  $phabricator_dir         = $phabricator::vars::phabricator_dir,
21
+  $mysql_database          = $phabricator::vars::mysql_database,
22
+  $mysql_host              = $phabricator::vars::mysql_host,
23
+  $mysql_port              = $phabricator::vars::mysql_port,
24
+  $mysql_user              = $phabricator::vars::mysql_user,
25
+  $mysql_user_password     = $phabricator::vars::mysql_user_password,
26
+  $httpd_vhost             = $phabricator::vars::httpd_vhost,
27
+) {
28
+
29
+  # Dependencies
30
+  package { [
31
+    'php5',
32
+    'php5-mysql',
33
+    'php5-gd',
34
+    'php5-dev',
35
+    'php5-curl',
36
+    'php-apc',
37
+    'php5-cli',
38
+    'php5-json',
39
+    'sendmail',
40
+    'python-pygments']:
41
+    ensure => present,
42
+  }
43
+  if !defined(Package['git']) {
44
+    package { 'git':
45
+      ensure => present
46
+    }
47
+  }
48
+  if !defined(Package['libapache2-mod-auth-openid']) {
49
+    package { 'libapache2-mod-auth-openid':
50
+      ensure => present
51
+    }
52
+  }
53
+
54
+  # Set "post_max_size" in your PHP configuration to at least 32MB to support
55
+  # large file uploads.
56
+  ini_setting { 'Increase post_max_size in php.ini':
57
+    ensure  => present,
58
+    path    => '/etc/php5/apache2/php.ini',
59
+    section => 'PHP',
60
+    setting => 'post_max_size',
61
+    value   => '32M',
62
+    notify  => Service['httpd'],
63
+  }
64
+
65
+  # In production, OPcache should be configured to never revalidate code. This
66
+  # will slightly improve performance. To do this, disable
67
+  # "opcache.validate_timestamps" in your PHP configuration.
68
+  ini_setting { 'Set opcache.validate_timestamps in php.ini':
69
+    ensure  => present,
70
+    path    => '/etc/php5/apache2/php.ini',
71
+    section => 'opcache',
72
+    setting => 'opcache.validate_timestamps',
73
+    value   => '0',
74
+    notify  => Service['httpd'],
75
+  }
76
+
77
+  # PHP setting "always_populate_raw_post_data" should be set to "-1" to avoid
78
+  # deprecation warnings.
79
+  ini_setting { 'Disable PHP always_populate_raw_post_data on php.ini':
80
+    ensure  => present,
81
+    path    => '/etc/php5/apache2/php.ini',
82
+    section => 'PHP',
83
+    setting => 'always_populate_raw_post_data',
84
+    value   => '-1',
85
+    notify  => Service['httpd'],
86
+  }
87
+
88
+  file { [$phabricator_dir, "${phabricator_dir}/repo"]:
89
+    ensure => directory,
90
+  }
91
+
92
+  vcsrepo { "${phabricator_dir}/phabricator":
93
+    ensure   => latest,
94
+    provider => git,
95
+    source   => 'https://github.com/phacility/phabricator.git',
96
+    revision => 'stable',
97
+    require  => [
98
+      File[$phabricator_dir],
99
+      Package['git'],
100
+    ]
101
+  }
102
+
103
+  vcsrepo { "${phabricator_dir}/arcanist":
104
+    ensure   => latest,
105
+    provider => git,
106
+    source   => 'https://github.com/phacility/arcanist.git',
107
+    revision => 'stable',
108
+    require  => [
109
+      File[$phabricator_dir],
110
+      Package['git'],
111
+    ]
112
+  }
113
+
114
+  vcsrepo { "${phabricator_dir}/libphutil":
115
+    ensure   => latest,
116
+    provider => git,
117
+    source   => 'https://github.com/phacility/libphutil.git',
118
+    revision => 'stable',
119
+    require  => [
120
+      File[$phabricator_dir],
121
+      Package['git'],
122
+    ]
123
+  }
124
+
125
+  vcsrepo { "${phabricator_dir}/libphremoteuser":
126
+    ensure   => latest,
127
+    provider => git,
128
+    source   => 'https://github.com/psigen/libphremoteuser.git',
129
+    revision => 'master',
130
+    require  => [
131
+      File[$phabricator_dir],
132
+      Package['git', 'libapache2-mod-auth-openid'],
133
+    ]
134
+  }
135
+
136
+  exec { 'Letting Phabricator know about libphremoteuser...':
137
+    command   => "${phabricator_dir}/phabricator/bin/config set load-libraries '[\"libphremoteuser/src\"]'",
138
+    subscribe => Vcsrepo["${phabricator_dir}/libphremoteuser"],
139
+    require   => [
140
+      Vcsrepo["${phabricator_dir}/arcanist"],
141
+      Vcsrepo["${phabricator_dir}/libphremoteuser"],
142
+    ]
143
+  }
144
+
145
+  exec {'set-auth_providerconfig':
146
+    command   => "/usr/bin/mysql -u ${mysql_user} -p${mysql_user_password} < ${phabricator_dir}/set-auth_providerconfig.sql",
147
+    subscribe => File['set-auth_providerconfig.sql'],
148
+    require   => [
149
+      Vcsrepo["${phabricator_dir}/phabricator"],
150
+      File['set-auth_providerconfig.sql'],
151
+      File[$phabricator_dir],
152
+      Service['Phabricator-daemons']
153
+    ]
154
+  }
155
+
156
+  file {'set-auth_providerconfig.sql':
157
+    ensure  => present,
158
+    path    => "${phabricator_dir}/set-auth_providerconfig.sql",
159
+    content => template('phabricator/set-auth_providerconfig.sql.erb'),
160
+  }
161
+
162
+  file { 'local.json':
163
+    ensure  => present,
164
+    path    => "${phabricator_dir}/phabricator/conf/local/local.json",
165
+    content => template('phabricator/local.json.erb'),
166
+    require => Vcsrepo["${phabricator_dir}/phabricator"],
167
+    notify  => Service['httpd'],
168
+  }
169
+
170
+  exec { 'load-initial-db':
171
+    command => "${phabricator_dir}/phabricator/bin/storage upgrade --force",
172
+    unless  => "${phabricator_dir}/phabricator/bin/storage status",
173
+    require => [
174
+      Vcsrepo["${phabricator_dir}/phabricator"],
175
+      Vcsrepo["${phabricator_dir}/libphutil"],
176
+      Vcsrepo["${phabricator_dir}/arcanist"],
177
+    ]
178
+  }
179
+
180
+  service { 'Phabricator-daemons':
181
+    ensure    => running,
182
+    provider  => base,
183
+    start     => "${phabricator_dir}/phabricator/bin/phd start",
184
+    stop      => "${phabricator_dir}/phabricator/bin/phd stop",
185
+    restart   => "${phabricator_dir}/phabricator/bin/phd restart",
186
+    status    => "${phabricator_dir}/phabricator/bin/phd status",
187
+    subscribe => Vcsrepo["${phabricator_dir}/libphutil"],
188
+    require   => [
189
+      File[$phabricator_dir],
190
+      Vcsrepo["${phabricator_dir}/phabricator"],
191
+      Vcsrepo["${phabricator_dir}/libphutil"],
192
+      Vcsrepo["${phabricator_dir}/arcanist"],
193
+    ]
194
+  }
195
+}

+ 35
- 25
manifests/mysql.pp View File

@@ -1,4 +1,4 @@
1
-# Copyright 2014 Hewlett-Packard Development Company, L.P.
1
+# Copyright 2016 Hewlett Packard Enterprise Development Company, L.P.
2 2
 #
3 3
 # Licensed under the Apache License, Version 2.0 (the "License"); you may
4 4
 # not use this file except in compliance with the License. You may obtain
@@ -14,31 +14,41 @@
14 14
 #
15 15
 # == Class: phabricator::mysql
16 16
 #
17
+# Set up a mysql host for phabricator.
18
+#
17 19
 class phabricator::mysql(
18
-  $mysql_root_password,
19
-  $mysql_bind_address = '127.0.0.1',
20
-  $mysql_port         = '3306'
21
-  ) {
22
-
23
-    class { '::mysql::server':
24
-      config_hash => {
25
-        'root_password'  => $mysql_root_password,
26
-        'default_engine' => 'InnoDB',
27
-        'bind_address'   => $mysql_bind_address,
28
-        'port'           => $mysql_port,
29
-        }
30
-    }
20
+  $mysql_host              = $phabricator::vars::mysql_host,
21
+  $mysql_port              = $phabricator::vars::mysql_port,
22
+  $mysql_user              = $phabricator::vars::mysql_user,
23
+  $mysql_user_password     = $phabricator::vars::mysql_user_password,
24
+  $mysql_root_password     = $phabricator::vars::mysql_root_password,
25
+) {
31 26
 
32
-    mysql::server::config { 'phab_config':
33
-      settings => {
34
-        'mysqld' => {
35
-          'max_allowed_packet'      => '32M',
36
-          'sql_mode'                => 'STRICT_ALL_TABLES',
37
-          'ft_stopword_file'        => '/phabricator/instances/dev/phabricator/resources/sql/stopwords.txt',
38
-          'ft_min_word_len'         => '3',
39
-          'ft_boolean_syntax'       => '\' |-><()~*:""&^\'',
40
-          'innodb_buffer_pool_size' => '1600M',
41
-        }
27
+  class { '::mysql::server':
28
+    root_password           => $mysql_root_password,
29
+    remove_default_accounts => true,
30
+    override_options        => {
31
+      mysqld => {
32
+        max_allowed_packet      => '32M',
33
+        sql_mode                => 'STRICT_ALL_TABLES',
34
+        ft_stopword_file        => '/opt/phabricator/phabricator/resources/sql/stopwords.txt',
35
+        ft_min_word_len         => 3,
36
+        ft_boolean_syntax       => '\' |-><()~*:""&^\'',
37
+        innodb_buffer_pool_size => '1600M',
42 38
       }
43
-    }
39
+    },
40
+  }
41
+
42
+  mysql_user { "${mysql_user}@${mysql_host}":
43
+    provider      => 'mysql',
44
+    password_hash => mysql_password($mysql_user_password),
45
+  }
46
+
47
+  # Phabricator creates a mess of tables. This ensures that we don't have
48
+  # to create ACL's for all of them.
49
+  mysql_grant { "${mysql_user}@${mysql_host}/phabricator%.*":
50
+    privileges => ['ALL'],
51
+    table      => 'phabricator%.*',
52
+    user       => "${mysql_user}@${mysql_host}",
44 53
   }
54
+}

+ 47
- 0
manifests/vars.pp View File

@@ -0,0 +1,47 @@
1
+# Copyright 2016 Hewlett Packard Enterprise Development Company, L.P.
2
+#
3
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
4
+# not use this file except in compliance with the License. You may obtain
5
+# a copy of the License at
6
+#
7
+#      http://www.apache.org/licenses/LICENSE-2.0
8
+#
9
+# Unless required by applicable law or agreed to in writing, software
10
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12
+# License for the specific language governing permissions and limitations
13
+# under the License.
14
+#
15
+# == Class: phabricator::vars
16
+#
17
+# Variables, and their defaults, shared between all the submodules. This
18
+# module is used as the source of all the shared default values.
19
+#
20
+class phabricator::vars (
21
+  # Database Configurations.
22
+  $mysql_database          = 'phabricator',
23
+  $mysql_host              = 'localhost',
24
+  $mysql_port              = 3306,
25
+  $mysql_user              = 'phabricator',
26
+  $mysql_user_password,
27
+  $mysql_root_password,
28
+
29
+  # Phabricator working directory
30
+  $phabricator_dir        = '/opt/phabricator',
31
+
32
+  # SSL Certificates.
33
+  $ssl_cert_file           = undef,
34
+  $ssl_cert_file_contents  = undef, # If left empty puppet will not create file.
35
+  $ssl_chain_file          = undef,
36
+  $ssl_chain_file_contents = undef, # If left empty puppet will not create file.
37
+  $ssl_key_file            = undef,
38
+  $ssl_key_file_contents   = undef, # If left empty puppet will not create file.
39
+
40
+  # Virtual host config.
41
+  $httpd_vhost             = $::fqdn,
42
+  $httpd_admin_email       = 'noc@openstack.org',
43
+) {
44
+
45
+  # Non-configurable-options (derived)
46
+  $httpd_docroot           = "${phabricator_dir}/phabricator/webroot"
47
+}

+ 19
- 0
templates/set-auth_providerconfig.sql.erb View File

@@ -0,0 +1,19 @@
1
+DELETE FROM phabricator_auth.auth_providerconfig;
2
+
3
+INSERT INTO phabricator_auth.auth_providerconfig
4
+  SELECT
5
+    1 as id,
6
+    "PHID-AUTH-7nztvra7ehvmx2xnmjgc" as phid,
7
+    "PhabricatorAuthProviderRemoteUser" as providerClass,
8
+    "RemoteUser" as providerType,
9
+    "self" as providerDomain,
10
+    1 as isEnabled,
11
+    1 as shouldAllowLogin,
12
+    1 as shouldAllowRegistration,
13
+    1 as shouldAllowLink,
14
+    1 as shouldAllowUnlink,
15
+    1 as shouldTrustEmails,
16
+    "[]" as properties,
17
+    1469712430 as dateCreated,
18
+    1469712430 as dateModified,
19
+    0 as shouldAutoLogin;

+ 16
- 10
templates/vhost.erb View File

@@ -1,6 +1,6 @@
1 1
 <VirtualHost *:80>
2
-    ServerAdmin noc@openstack.org
3
-    ServerName <%= scope.lookupvar("phabricator::vhost_name") %>
2
+    ServerAdmin <%= @httpd_admin_email %>
3
+    ServerName <%= @httpd_vhost %>
4 4
 
5 5
     DocumentRoot /var/www
6 6
     <Directory />
@@ -16,7 +16,7 @@
16 16
 
17 17
     RewriteEngine on
18 18
     RewriteCond %{SERVER_PORT} !^443$
19
-    RewriteRule ^/(.*)$ https://<%= scope.lookupvar("phabricator::vhost_name") %>/$1 [L,R]
19
+    RewriteRule ^/(.*)$ https://<%= @httpd_vhost %>/$1 [L,R]
20 20
 
21 21
     ErrorLog /var/log/apache2/phabricator-error.log
22 22
 
@@ -30,24 +30,24 @@
30 30
 </VirtualHost>
31 31
 <VirtualHost *:443>
32 32
     ServerAdmin noc@openstack.org
33
-    ServerName <%= scope.lookupvar("phabricator::vhost_name") %>
33
+    ServerName <%= @httpd_vhost %>
34 34
 
35 35
     SSLEngine on
36 36
     SSLProtocol All -SSLv2 -SSLv3
37
-    SSLCertificateFile      <%= scope.lookupvar("phabricator::ssl_cert_file") %>
38
-    SSLCertificateKeyFile   <%= scope.lookupvar("phabricator::ssl_key_file") %>
37
+    SSLCertificateFile      <%= @ssl_cert_file %>
38
+    SSLCertificateKeyFile   <%= @ssl_key_file %>
39 39
     <%# scope.lookupvar returns nil for an undefined variable in puppet 4 -%>
40 40
     <%# scope.lookupvar returns :undef for an undefined variable in puppet 3 -%>
41
-    <% unless ['', nil, :undef].include?(scope.lookupvar("phabricator::ssl_chain_file")) %>
42
-    SSLCertificateChainFile <%= scope.lookupvar("phabricator::ssl_chain_file") %>
41
+    <% unless ['', nil, :undef].include?(scope.lookupvar("ssl_chain_file")) %>
42
+    SSLCertificateChainFile <%= @ssl_chain_file %>
43 43
     <% end %>
44 44
 
45
-    DocumentRoot <%= @docroot %>
45
+    DocumentRoot <%= @httpd_docroot %>
46 46
     <Directory />
47 47
         Options FollowSymLinks
48 48
         AllowOverride None
49 49
     </Directory>
50
-    <Directory <%= @docroot %>>
50
+    <Directory <%= @httpd_docroot %>>
51 51
         Options Indexes FollowSymLinks MultiViews
52 52
         AllowOverride None
53 53
         Order allow,deny
@@ -55,6 +55,12 @@
55 55
         Require all granted
56 56
     </Directory>
57 57
 
58
+    <Location <%= @auth_location %> >
59
+        AuthType OpenID
60
+        require valid-user
61
+        AuthOpenIDSingleIdP <%= @authopenidsingleidp %>
62
+    </Location>
63
+
58 64
     RewriteEngine on
59 65
     RewriteRule ^/rsrc/(.*)     -                       [L,QSA]
60 66
     RewriteRule ^/favicon.ico   -                       [L,QSA]

Loading…
Cancel
Save