opendev/puppet-storyboard
Code Issues Proposed changes
0940bd1e42
puppet-storyboard/README.md
Jeremy Stanley 8cb968cea0 Allow overriding the cert/key file paths 
* manifests/cert.pp: This adds the flexibility to depend on
existing files even if they're created as part of the storyboard
dependency chain, though with the loss of some error handling if a
deployer neglects to ensure the file itself exists before starting
the apache daemon.

Change-Id: I62d0bc7899703d7cc17f402cf34bd92357f44b58
2015-01-05 19:02:05 +00:00

206 lines
7.2 KiB
Markdown
Raw Blame History

# OpenStack StoryBoard Module
Michael Krotscheck <krotscheck@gmail.com>
This module manages and installs OpenStack StoryBoard. It can be installed
either as a standalone instance with all dependencies included, or
buffet-style per component.
# Quick Start
To install StoryBoard and configure it with sane defaults, include the
following in your site.pp file:
node default {
class { 'storyboard':
mysql_user_password => 'changeme',
rabbitmq_user_password => 'changemetoo'
}
}
# Configuration
The StoryBoard puppet module is separated into individual components which
StoryBoard needs to run. These can either be installed independently with
their own configurations, or with the centralized configuration provided by
the storyboard module. For specific configuration options, please see the
appropriate section.
## ::storyboard
A module that installs a standalone instance of StoryBoard.
The standalone StoryBoard module will install a fully functional, independent
instance of StoryBoard on your node. It includes a local instance of mysql,
RabbitMQ, an HTTPS vhost using the apache snakeoil certificates, and an
automatic redirect from http://$hostname to https://$hostname/.
node default {
class { 'storyboard':
mysql_database => 'storyboard',
mysql_user => 'storyboard',
mysql_user_password => 'changeme',
rabbitmq_user => 'storyboard',
rabbitmq_user_password => 'changemetoo',
hostname => ::fqdn,
openid_url => 'https://login.launchpad.net/+openid',
ssl_cert_content => undef,
ssl_cert => '/etc/ssl/certs/ssl-cert-snakeoil.pem',
ssl_key_content => undef,
ssl_key => '/etc/ssl/private/ssl-cert-snakeoil.key',
ssl_ca_content => undef
ssl_ca => undef,
}
}
NOTE: If you don't want an SSL host, set all of the ssl_* parameters to
undef.
## ::storyboard::mysql
A module that installs a local mysql database for StoryBoard
This module installs a standalone mysql instance with a StoryBoard database
and a user that is able to access. It is used by the
<code>::storyboard</code> to provide the database, and may be used for minor
customizations of a standalone-like install.
node default {
class { 'storyboard::mysql':
mysql_database => 'storyboard',
mysql_user => 'storyboard',
mysql_user_password => 'changeme'
}
}
## ::storyboard::cert
A module that installs an ssl certificate chain for StoryBoard
This module can be used if you want to add SSL/TLS support to the apache
instance that is hosting StoryBoard. Simply tell it where it should read
the contents of the various certificates and keys from, and it will move
them into the correct place for StoryBoard.
Note that this module supports both string content certificates or file
references. To pick one over the other, make sure that the undesired method
is set to <code>undef</code>. You can also customize where the certificate
will be saved, however that's not strictly necessary.
node default {
class { 'storyboard::cert':
$ssl_cert_content = undef,
$ssl_cert = '/etc/ssl/certs/storyboard.openstack.org.pem',
$ssl_key_content = undef,
$ssl_key = '/etc/ssl/private/storyboard.openstack.org.key',
$ssl_ca_content = undef,
$ssl_ca = '/etc/ssl/certs/ca.pem'
}
}
## ::storyboard::application
A module that installs the storyboard webclient and API.
This module can be used if you want to provide your own database, and only
want the API, webclient, and storyboard configuration managed on your node.
It will automatically detect the existence of <code>storyboard::cert</code>,
and adjust the apache vhost accordingly.
node default {
class { 'storyboard::application':
# Installation parameters
www_root => '/var/lib/storyboard/www',
server_admin => undef,
hostname => ::fqdn,
# storyboard.conf parameters
access_token_ttl => 3600,
refresh_token_ttl => 604800,
openid_url => 'https://login.launchpad.net/+openid',
mysql_host => 'localhost',
mysql_port => 3306,
mysql_database => 'storyboard',
mysql_user => 'storyboard',
mysql_user_password => 'changeme',
rabbitmq_host => 'localhost',
rabbitmq_port => 5672,
rabbitmq_vhost => '/',
rabbitmq_user => 'storyboard',
rabbitmq_user_password => 'changemetoo'
}
}
## ::storyboard::rabbit
This module installs StoryBoard's RabbitMQ instance.
In order to handle subscriptions, emails, and reporting, storyboard uses
rabbitmq for deferred processing. This module installs a standalone, local
instance of rabbit.
node default {
class { 'storyboard::rabbit':
rabbitmq_user => 'storyboard',
rabbitmq_user_password => 'changeme'
}
}
## ::storyboard::workers
This module installs StoryBoard's deferred processing threads.
In order to process deferred requests within StoryBoard, you may run a
configurable number of threads that process tasks from the deferred
worker queue configured in <code>storyboard::rabbit</code>.
node default {
class { '::storyboard::workers':
worker_count => 5
}
}
## ::storyboard::load_projects
A module that seeds the database with a predefined list of projects.
This module will maintain the list of projects in the storyboard database,
and keep it up to date with the content of the provided configuration file.
Projects not found in the file will be deleted, projects not found in the
database will be added. Note that the 'use-storyboard' flag MUST be set.
node default {
class { 'storyboard::load_projects':
source => 'puppet:///modules/openstack_project/projects.yaml'
}
}
File content format:
- project: openstack/storyboard
description: The StoryBoard API
use-storyboard: true
- project: openstack/storyboard-webclient
description: The StoryBoard HTTP client
use-storyboard: true
## ::storyboard::load_superusers
A module that maintains the list of superusers.
This module will maintain the list of superusers (administrators) in the
storyboard database, and keep it up to date with the content of the provided
configuration file. Users are referenced by openID and keyed by email
address, however all other information will be persisted from the
OpenID provider.
node default {
class { 'storyboard::load_superusers':
source => 'puppet:///modules/openstack_project/superusers.yaml'
}
}
File content format:
- openid: https://login.launchpad.net/+id/some_openid
email: your_email@some_email_host.com
- openid: https://login.launchpad.net/+id/some_other_id
email: admin_email@some_email_host.com
View Git Blame Copy Permalink