opendev/puppet-phabricator
Code Issues Proposed changes

Retire repo

Browse Source 
Depends-On: https://review.opendev.org/720892
Change-Id: Ie299fa63ab86bb04652424167f81840494473299
This commit is contained in:
Monty Taylor 2020-04-22 08:57:00 -05:00
parent b6ad571557
commit bc8279c3fa
17 changed files with 7 additions and 829 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@ -1,3 +0,0 @@
Gemfile.lock
.bundled_gems/
.vagrant

15
Gemfile
View File

@ -1,15 +0,0 @@
source 'https://rubygems.org'
if File.exists?('/home/zuul/src/git.openstack.org/openstack-infra/puppet-openstack_infra_spec_helper')
gem_checkout_method = {:path => '/home/zuul/src/git.openstack.org/openstack-infra/puppet-openstack_infra_spec_helper'}
else
gem_checkout_method = {:git => 'https://git.openstack.org/openstack-infra/puppet-openstack_infra_spec_helper'}
end
gem_checkout_method[:require] = false
group :development, :test, :system_tests do
gem 'puppet-openstack_infra_spec_helper',
gem_checkout_method
end
# vim:ft=ruby

51
README.rst
View File

@ -1,46 +1,9 @@
puppet-phabricator
=================
This project is no longer maintained.
A puppet module for installing and managing a phabricator instance. This is
derived greatly from http://github.com/bloomberg/phabricator-tools
The contents of this repository are still available in the Git
source code management system. To see the contents of this
repository before it reached its end of life, please check out the
previous commit with "git checkout HEAD^1".
some notes for now:
This module should not manage a MySQL or a mail server itself - it should
assume that those have been set up by other modules.
We want to put all config customizations into local.json and not into the
database.
The initial.db file is from bloomberg, I'm not sure it's all that useful
to folks.
We still need to do this in my.cnf ::
sql_mode=STRICT_ALL_TABLES
ft_stopword_file=/phabricator/instances/dev/phabricator/resources/sql/stopwords.txt
ft_min_word_len=3
ft_boolean_syntax=' |-><()~*:""&^'
innodb_buffer_pool_size=600M
then do::
REPAIR TABLE phabricator_search.search_documentfield;
I did not do: https://secure.phabricator.com/book/phabricator/article/configuring_file_domain/ yet, or really think about it.
I also have not made puppet do anything with::
sudo /phabricator/instances/dev/phabricator/bin/phd start
Which are the background daemons.
storyboard migration
--------------------
The data migration script assumes a storyboard schema in the same mysql server
as the phabricator schemas. It sets up users for everyone in storyboard
with a password of admin. We'll be doing openid/oauth eventually, so I didn't
spend a ton of time on that.
The apps that are disabled are disabled on purpose.
For any further questions, please email
service-discuss@lists.opendev.org or join #opendev on Freenode.

8
Rakefile
View File

@ -1,8 +0,0 @@
require 'rubygems'
require 'puppetlabs_spec_helper/rake_tasks'
require 'puppet-lint/tasks/puppet-lint'
PuppetLint.configuration.fail_on_warnings = true
PuppetLint.configuration.send('disable_80chars')
PuppetLint.configuration.send('disable_autoloader_layout')
PuppetLint.configuration.send('disable_class_inherits_from_params_class')
PuppetLint.configuration.send('disable_class_parameter_defaults')

140
manifests/certificates.pp
View File

@ -1,140 +0,0 @@
# Copyright 2016 Hewlett Packard Enterprise Development Company, L.P.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: phabricator::certificates
#
# Sets up SSL certificates for the module.
#
class phabricator::certificates (
# SSL Certificates.
$ssl_cert_file = $phabricator::vars::ssl_cert_file,
$ssl_cert_file_contents = $phabricator::vars::ssl_cert_file_contents,
$ssl_chain_file = $phabricator::vars::ssl_chain_file,
$ssl_chain_file_contents = $phabricator::vars::ssl_chain_file_contents,
$ssl_key_file = $phabricator::vars::ssl_key_file,
$ssl_key_file_contents = $phabricator::vars::ssl_key_file_contents,
) {
# To use the standard ssl-certs package snakeoil certificate, leave both
# $ssl_cert_file and $ssl_cert_file_contents empty. To use an existing
# certificate, specify its path for $ssl_cert_file and leave
# $ssl_cert_file_contents empty. To manage the certificate with puppet,
# provide $ssl_cert_file_contents and optionally specify the path to use for
# it in $ssl_cert_file.
if ($ssl_cert_file == undef) and ($ssl_cert_file_contents == undef) {
$cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem'
if ! defined(Package['ssl-cert']) {
package { 'ssl-cert':
ensure => present,
}
}
} else {
if $ssl_cert_file == undef {
$cert_file = "/etc/ssl/certs/${::fqdn}.pem"
if ! defined(File['/etc/ssl/certs']) {
file { '/etc/ssl/certs':
ensure => directory,
owner => 'root',
group => 'root',
mode => '0755',
before => File[$cert_file],
}
}
} else {
$cert_file = $ssl_cert_file
}
if $ssl_cert_file_contents != undef {
file { $cert_file:
ensure => present,
owner => 'root',
group => 'root',
mode => '0644',
content => $ssl_cert_file_contents,
}
}
}
# To avoid using an intermediate certificate chain, leave both
# $ssl_chain_file and $ssl_chain_file_contents empty. To use an existing
# chain, specify its path for $ssl_chain_file and leave
# $ssl_chain_file_contents empty. To manage the chain with puppet, provide
# $ssl_chain_file_contents and optionally specify the path to use for it in
# $ssl_chain_file.
if ($ssl_chain_file == undef) and ($ssl_chain_file_contents == undef) {
$chain_file = undef
} else {
if $ssl_chain_file == undef {
$chain_file = "/etc/ssl/certs/${::fqdn}_intermediate.pem"
if ! defined(File['/etc/ssl/certs']) {
file { '/etc/ssl/certs':
ensure => directory,
owner => 'root',
group => 'root',
mode => '0755',
before => File[$chain_file],
}
}
} else {
$chain_file = $ssl_chain_file
}
if $ssl_chain_file_contents != undef {
file { $chain_file:
ensure => present,
owner => 'root',
group => 'root',
mode => '0644',
content => $ssl_chain_file_contents,
}
}
}
# To use the standard ssl-certs package snakeoil key, leave both
# $ssl_key_file and $ssl_key_file_contents empty. To use an existing key,
# specify its path for $ssl_key_file and leave $ssl_key_file_contents empty.
# To manage the key with puppet, provide $ssl_key_file_contents and
# optionally specify the path to use for it in $ssl_key_file.
if ($ssl_key_file == undef) and ($ssl_key_file_contents == undef) {
$key_file = '/etc/ssl/private/ssl-cert-snakeoil.key'
if ! defined(Package['ssl-cert']) {
package { 'ssl-cert':
ensure => present,
}
}
} else {
if $ssl_key_file == undef {
$key_file = "/etc/ssl/private/${::fqdn}.key"
if ! defined(File['/etc/ssl/private']) {
file { '/etc/ssl/private':
ensure => directory,
owner => 'root',
group => 'root',
mode => '0700',
before => File[$key_file],
}
}
} else {
$key_file = $ssl_key_file
}
if $ssl_key_file_contents != undef {
file { $key_file:
ensure => present,
owner => 'root',
group => 'root',
mode => '0600',
content => $ssl_key_file_contents,
}
}
}
}

46
manifests/httpd.pp
View File

@ -1,46 +0,0 @@
# Copyright 2016 Hewlett Packard Enterprise Development Company, L.P.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: phabricator::httpd
#
# Set up the virtual host for phabricator.
#
class phabricator::httpd (
$httpd_vhost = $phabricator::vars::httpd_vhost,
$httpd_docroot = $phabricator::vars::httpd_docroot,
) {
include ::httpd
include ::httpd::ssl
include ::httpd::php
httpd::mod { 'rewrite':
ensure => present,
}
httpd::mod { 'auth_openid':
ensure => present,
}
# Set up Phabricator as TLS.
if defined(Class['phabricator::certificates']) {
::httpd::vhost { $httpd_vhost:
port => 443, # Is required despite not being used.
docroot => $httpd_docroot,
priority => '50',
template => 'phabricator/vhost.erb',
ssl => true,
vhost_name => $httpd_vhost,
}
}
}

90
manifests/init.pp
View File

@ -1,90 +0,0 @@
# Copyright 2016 Hewlett Packard Enterprise Development Company, L.P.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: phabricator
#
# Set up a full, standalone instance of phabricator.
#
class phabricator (
# Database Configurations.
$mysql_user_password,
$mysql_root_password,
$mysql_database = 'phabricator',
$mysql_host = 'localhost',
$mysql_port = 3306,
$mysql_user = 'phabricator',
# Phabricator working directory
$phabricator_dir = '/opt/phabricator',
# OpenID configuration
$auth_location = '/auth/login/RemoteUser:self/',
$authopenidsingleidp = 'https://openstackid.org/',
# SSL Certificates.
$ssl_cert_file = undef,
$ssl_cert_file_contents = undef, # If left empty puppet will not create file.
$ssl_chain_file = undef,
$ssl_chain_file_contents = undef, # If left empty puppet will not create file.
$ssl_key_file = undef,
$ssl_key_file_contents = undef, # If left empty puppet will not create file.
# Httpd config.
$httpd_vhost = $::fqdn,
$httpd_admin_email = "webmaster@${::fqdn}",
) {
# Set up the shared configuration.
class { '::phabricator::vars':
mysql_database => $mysql_database,
mysql_host => $mysql_host,
mysql_port => $mysql_port,
mysql_user => $mysql_user,
mysql_user_password => $mysql_user_password,
mysql_root_password => $mysql_root_password,
phabricator_dir => $phabricator_dir,
ssl_cert_file => $ssl_cert_file,
ssl_cert_file_contents => $ssl_cert_file_contents,
ssl_chain_file => $ssl_chain_file,
ssl_chain_file_contents => $ssl_chain_file_contents,
ssl_key_file => $ssl_key_file,
ssl_key_file_contents => $ssl_key_file_contents,
httpd_vhost => $httpd_vhost,
httpd_admin_email => $httpd_admin_email,
before => [
Class['Phabricator::Certificates'],
Class['Phabricator::Httpd'],
Class['Phabricator::Mysql'],
Class['Phabricator::Install'],
]
}
include ::phabricator::certificates
include ::phabricator::mysql
class { '::phabricator::httpd':
require => [
Class['phabricator::install'],
Class['phabricator::mysql'],
Class['phabricator::certificates']
]
}
class { '::phabricator::install':
require => [
Class['phabricator::mysql'],
]
}
}

195
manifests/install.pp
View File

@ -1,195 +0,0 @@
# Copyright 2016 Hewlett Packard Enterprise Development Company, L.P.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: phabricator::install
#
# Installation of phabricator itself.
#
class phabricator::install (
$phabricator_dir = $phabricator::vars::phabricator_dir,
$mysql_database = $phabricator::vars::mysql_database,
$mysql_host = $phabricator::vars::mysql_host,
$mysql_port = $phabricator::vars::mysql_port,
$mysql_user = $phabricator::vars::mysql_user,
$mysql_user_password = $phabricator::vars::mysql_user_password,
$httpd_vhost = $phabricator::vars::httpd_vhost,
) {
# Dependencies
package { [
'php5',
'php5-mysql',
'php5-gd',
'php5-dev',
'php5-curl',
'php-apc',
'php5-cli',
'php5-json',
'sendmail',
'python-pygments']:
ensure => present,
}
if !defined(Package['git']) {
package { 'git':
ensure => present
}
}
if !defined(Package['libapache2-mod-auth-openid']) {
package { 'libapache2-mod-auth-openid':
ensure => present
}
}
# Set "post_max_size" in your PHP configuration to at least 32MB to support
# large file uploads.
ini_setting { 'Increase post_max_size in php.ini':
ensure => present,
path => '/etc/php5/apache2/php.ini',
section => 'PHP',
setting => 'post_max_size',
value => '32M',
notify => Service['httpd'],
}
# In production, OPcache should be configured to never revalidate code. This
# will slightly improve performance. To do this, disable
# "opcache.validate_timestamps" in your PHP configuration.
ini_setting { 'Set opcache.validate_timestamps in php.ini':
ensure => present,
path => '/etc/php5/apache2/php.ini',
section => 'opcache',
setting => 'opcache.validate_timestamps',
value => '0',
notify => Service['httpd'],
}
# PHP setting "always_populate_raw_post_data" should be set to "-1" to avoid
# deprecation warnings.
ini_setting { 'Disable PHP always_populate_raw_post_data on php.ini':
ensure => present,
path => '/etc/php5/apache2/php.ini',
section => 'PHP',
setting => 'always_populate_raw_post_data',
value => '-1',
notify => Service['httpd'],
}
file { [$phabricator_dir, "${phabricator_dir}/repo"]:
ensure => directory,
}
vcsrepo { "${phabricator_dir}/phabricator":
ensure => latest,
provider => git,
source => 'https://github.com/phacility/phabricator.git',
revision => 'stable',
require => [
File[$phabricator_dir],
Package['git'],
]
}
vcsrepo { "${phabricator_dir}/arcanist":
ensure => latest,
provider => git,
source => 'https://github.com/phacility/arcanist.git',
revision => 'stable',
require => [
File[$phabricator_dir],
Package['git'],
]
}
vcsrepo { "${phabricator_dir}/libphutil":
ensure => latest,
provider => git,
source => 'https://github.com/phacility/libphutil.git',
revision => 'stable',
require => [
File[$phabricator_dir],
Package['git'],
]
}
vcsrepo { "${phabricator_dir}/libphremoteuser":
ensure => latest,
provider => git,
source => 'https://github.com/psigen/libphremoteuser.git',
revision => 'master',
require => [
File[$phabricator_dir],
Package['git', 'libapache2-mod-auth-openid'],
]
}
exec { 'Letting Phabricator know about libphremoteuser...':
command => "${phabricator_dir}/phabricator/bin/config set load-libraries '[\"libphremoteuser/src\"]'",
subscribe => Vcsrepo["${phabricator_dir}/libphremoteuser"],
require => [
Vcsrepo["${phabricator_dir}/arcanist"],
Vcsrepo["${phabricator_dir}/libphremoteuser"],
]
}
exec {'set-auth_providerconfig':
command => "/usr/bin/mysql -u ${mysql_user} -p${mysql_user_password} < ${phabricator_dir}/set-auth_providerconfig.sql",
subscribe => File['set-auth_providerconfig.sql'],
require => [
Vcsrepo["${phabricator_dir}/phabricator"],
File['set-auth_providerconfig.sql'],
File[$phabricator_dir],
Service['Phabricator-daemons']
]
}
file {'set-auth_providerconfig.sql':
ensure => present,
path => "${phabricator_dir}/set-auth_providerconfig.sql",
content => template('phabricator/set-auth_providerconfig.sql.erb'),
}
file { 'local.json':
ensure => present,
path => "${phabricator_dir}/phabricator/conf/local/local.json",
content => template('phabricator/local.json.erb'),
require => Vcsrepo["${phabricator_dir}/phabricator"],
notify => Service['httpd'],
}
exec { 'load-initial-db':
command => "${phabricator_dir}/phabricator/bin/storage upgrade --force",
onlyif => "${phabricator_dir}/phabricator/bin/storage status | grep -q 'Not Applied'",
require => [
Vcsrepo["${phabricator_dir}/phabricator"],
Vcsrepo["${phabricator_dir}/libphutil"],
Vcsrepo["${phabricator_dir}/arcanist"],
]
}
service { 'Phabricator-daemons':
ensure => running,
provider => base,
start => "${phabricator_dir}/phabricator/bin/phd start",
stop => "${phabricator_dir}/phabricator/bin/phd stop",
restart => "${phabricator_dir}/phabricator/bin/phd restart",
status => "${phabricator_dir}/phabricator/bin/phd status",
subscribe => Vcsrepo["${phabricator_dir}/libphutil"],
require => [
File[$phabricator_dir],
Vcsrepo["${phabricator_dir}/phabricator"],
Vcsrepo["${phabricator_dir}/libphutil"],
Vcsrepo["${phabricator_dir}/arcanist"],
]
}
}

54
manifests/mysql.pp
View File

@ -1,54 +0,0 @@
# Copyright 2016 Hewlett Packard Enterprise Development Company, L.P.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: phabricator::mysql
#
# Set up a mysql host for phabricator.
#
class phabricator::mysql(
$mysql_host = $phabricator::vars::mysql_host,
$mysql_port = $phabricator::vars::mysql_port,
$mysql_user = $phabricator::vars::mysql_user,
$mysql_user_password = $phabricator::vars::mysql_user_password,
$mysql_root_password = $phabricator::vars::mysql_root_password,
) {
class { '::mysql::server':
root_password => $mysql_root_password,
remove_default_accounts => true,
override_options => {
mysqld => {
max_allowed_packet => '32M',
sql_mode => 'STRICT_ALL_TABLES',
ft_stopword_file => '/opt/phabricator/phabricator/resources/sql/stopwords.txt',
ft_min_word_len => 3,
ft_boolean_syntax => '\' |-><()~*:""&^\'',
innodb_buffer_pool_size => '1600M',
}
},
}
mysql_user { "${mysql_user}@${mysql_host}":
provider => 'mysql',
password_hash => mysql_password($mysql_user_password),
}
# Phabricator creates a mess of tables. This ensures that we don't have
# to create ACL's for all of them.
mysql_grant { "${mysql_user}@${mysql_host}/phabricator%.*":
privileges => ['ALL'],
table => 'phabricator%.*',
user => "${mysql_user}@${mysql_host}",
}
}

47
manifests/vars.pp
View File

@ -1,47 +0,0 @@
# Copyright 2016 Hewlett Packard Enterprise Development Company, L.P.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: phabricator::vars
#
# Variables, and their defaults, shared between all the submodules. This
# module is used as the source of all the shared default values.
#
class phabricator::vars (
# Database Configurations.
$mysql_user_password,
$mysql_root_password,
$mysql_database = 'phabricator',
$mysql_host = 'localhost',
$mysql_port = 3306,
$mysql_user = 'phabricator',
# Phabricator working directory
$phabricator_dir = '/opt/phabricator',
# SSL Certificates.
$ssl_cert_file = undef,
$ssl_cert_file_contents = undef, # If left empty puppet will not create file.
$ssl_chain_file = undef,
$ssl_chain_file_contents = undef, # If left empty puppet will not create file.
$ssl_key_file = undef,
$ssl_key_file_contents = undef, # If left empty puppet will not create file.
# Virtual host config.
$httpd_vhost = $::fqdn,
$httpd_admin_email = "webmaster@${::fqdn}",
) {
# Non-configurable-options (derived)
$httpd_docroot = "${phabricator_dir}/phabricator/webroot"
}

11
spec/acceptance/nodesets/default.yml
View File

@ -1,11 +0,0 @@
HOSTS:
ubuntu-server-1404-x64:
roles:
- master
platform: ubuntu-14.04-amd64
box: puppetlabs/ubuntu-14.04-64-nocm
box_url: https://vagrantcloud.com/puppetlabs/ubuntu-14.04-64-nocm
hypervisor: vagrant
CONFIG:
log_level: debug
type: git

10
spec/acceptance/nodesets/nodepool-centos7.yml
View File

@ -1,10 +0,0 @@
HOSTS:
centos-70-x64:
roles:
- master
platform: el-7-x86_64
hypervisor: none
ip: 127.0.0.1
CONFIG:
type: foss
set_env: false

10
spec/acceptance/nodesets/nodepool-trusty.yml
View File

@ -1,10 +0,0 @@
HOSTS:
ubuntu-14.04-amd64:
roles:
- master
platform: ubuntu-14.04-amd64
hypervisor: none
ip: 127.0.0.1
CONFIG:
type: foss
set_env: false

10
spec/acceptance/nodesets/nodepool-xenial.yml
View File

@ -1,10 +0,0 @@
HOSTS:
ubuntu-16.04-amd64:
roles:
- master
platform: ubuntu-16.04-amd64
hypervisor: none
ip: 127.0.0.1
CONFIG:
type: foss
set_env: false

57
templates/local.json.erb
View File

@ -1,57 +0,0 @@
{
"mysql.pass": "<%= @mysql_user_password %>",
"mysql.user": "<%= @mysql_user %>",
"mysql.host": "<%= @mysql_host %>",
"mysql.port": "<%= @mysql_port %>",
"config.ignore-issues": {
"security.security.alternate-file-domain": true
},
"pygments.enabled": true,
"repository.default-local-path": "/opt/phabricator/repo",
"phabricator.serious-business": true,
"phabricator.base-uri": "https://<%= @httpd_vhost %>/",
"phabricator.uninstalled-applications": {
"PhabricatorDifferentialApplication": true,
"PhabricatorPhrictionApplication": true,
"PhabricatorDiffusionApplication": true,
"PhabricatorConpherenceApplication": true,
"PhabricatorAuditApplication": true,
"PhabricatorTokensApplication": true,
"PhabricatorLegalpadApplication": true
},
"maniphest.statuses": {
"open": {
"name": "Open",
"special": "default"
},
"inprogress": {
"name": "In Progress"
},
"review": {
"name": "In Review"
},
"merged": {
"name": "Merged",
"name.full": "Closed, Merged",
"closed": true,
"special": "closed"
},
"invalid": {
"name": "Invalid",
"name.full": "Closed, Invalid",
"closed": true
},
"duplicate": {
"name": "Duplicate",
"name.full": "Closed, Duplicate",
"transaction.icon": "fa-times",
"special": "duplicate",
"closed": true
}
},
"phabricator.timezone": "UTC",
"auth.require-email-verification": false,
"auth.require-approval": false,
"policy.allow-public": true,
"security.require-https": true
}

19
templates/set-auth_providerconfig.sql.erb
View File

@ -1,19 +0,0 @@
DELETE FROM phabricator_auth.auth_providerconfig;
INSERT INTO phabricator_auth.auth_providerconfig
SELECT
1 as id,
"PHID-AUTH-7nztvra7ehvmx2xnmjgc" as phid,
"PhabricatorAuthProviderRemoteUser" as providerClass,
"RemoteUser" as providerType,
"self" as providerDomain,
1 as isEnabled,
1 as shouldAllowLogin,
1 as shouldAllowRegistration,
1 as shouldAllowLink,
1 as shouldAllowUnlink,
1 as shouldTrustEmails,
"[]" as properties,
1469712430 as dateCreated,
1469712430 as dateModified,
0 as shouldAutoLogin;

70
templates/vhost.erb
View File

@ -1,70 +0,0 @@
# ************************************
# Managed by Puppet
# ************************************
# Unconditionally redirect all HTTP traffic for this vhost to HTTPS
<VirtualHost *:80>
ServerName <%= @vhost_name %>
ServerAdmin <%= scope['phabricator::vars::httpd_admin_email'] %>
RewriteEngine On
RewriteRule ^/(.*) https://<%= @vhost_name %>/$1 [last,redirect=permanent]
LogLevel warn
ErrorLog /var/log/apache2/<%= @vhost_name %>_error.log
CustomLog /var/log/apache2/<%= @vhost_name %>_access.log combined
ServerSignature Off
</VirtualHost>
<VirtualHost *:443>
ServerName <%= @vhost_name %>
ServerAdmin <%= scope['phabricator::vars::httpd_admin_email'] %>
SSLEngine on
SSLProtocol All -SSLv2 -SSLv3
# Once the machine is using something to terminate TLS that supports ECDHE
# then this should be edited to remove the RSA+AESGCM:RSA+AES so that PFS
# only is guaranteed.
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
SSLHonorCipherOrder on
SSLCertificateFile <%= scope['phabricator::certificates::cert_file'] %>
SSLCertificateKeyFile <%= scope['phabricator::certificates::key_file'] %>
<% unless [nil, :undef].include?(scope['phabricator::certificates::chain_file']) %>
SSLCertificateChainFile <%= scope['phabricator::certificates::chain_file'] %>
<% end %>
DocumentRoot <%= @docroot %>
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory <%= @docroot %>>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
Allow from all
Require all granted
</Directory>
<Location <%= scope['phabricator::auth_location'] %> >
AuthType OpenID
require valid-user
AuthOpenIDSingleIdP <%= scope['phabricator::authopenidsingleidp'] %>
</Location>
RewriteEngine On
RewriteRule ^/rsrc/(.*) - [last,qsappend]
RewriteRule ^/favicon.ico - [last,qsappend]
RewriteRule ^(.*) /index.php?__path__=$1 [B,last,qsappend]
SetEnv PHABRICATOR_ENV production
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
ErrorLog /var/log/apache2/<%= @vhost_name %>_error.log
CustomLog /var/log/apache2/<%= @vhost_name %>_access.log combined
ServerSignature Off
</VirtualHost>