From 5700271dd5a8d8c747b56e8cf1fb467d65843a96 Mon Sep 17 00:00:00 2001 From: Clark Boylan Date: Tue, 24 Jan 2017 11:00:31 -0800 Subject: [PATCH] Deploy simple ethercalc server This is a simple first deployment of an ethercalc service. It does not come with authenticated redis or redis backups. It will however have working ssl. Change-Id: I8c434a6bff42bce75e67fb37665d213f3cc018c8 Depends-On: Id10247211d9643e81bb1b6e8fb67377ba6de873a --- manifests/site.pp | 16 +++++++++++++ modules.env | 1 + .../files/puppetmaster/groups.txt | 1 + .../files/ssl_cert_check/ssldomains | 1 + .../openstack_project/manifests/ethercalc.pp | 24 +++++++++++++++++++ 5 files changed, 43 insertions(+) create mode 100644 modules/openstack_project/manifests/ethercalc.pp diff --git a/manifests/site.pp b/manifests/site.pp index 2f83fd8a2b..cdc4f51ade 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -355,6 +355,22 @@ node 'eavesdrop.openstack.org' { } } +# Node-OS: trusty +node /^ethercalc\d+\.openstack\.org$/ { + $group = "ethercalc" + class { 'openstack_project::server': + iptables_public_tcp_ports => [22, 80, 443], + sysadmins => hiera('sysadmins', []), + } + + class { 'openstack_project::ethercalc': + vhost_name => 'ethercalc.openstack.org', + ssl_cert_file_contents => hiera('ssl_cert_file_contents'), + ssl_key_file_contents => hiera('ssl_key_file_contents'), + ssl_chain_file_contents => hiera('ssl_chain_file_contents'), + } +} + # Node-OS: trusty node 'etherpad.openstack.org' { class { 'openstack_project::server': diff --git a/modules.env b/modules.env index 081db2177a..a2d8ea0fe2 100644 --- a/modules.env +++ b/modules.env @@ -100,6 +100,7 @@ INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-diskimage_builde INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-drupal"]="origin/master" INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-elastic_recheck"]="origin/master" INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-elasticsearch"]="origin/master" +INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-ethercalc"]="origin/master" INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-etherpad_lite"]="origin/master" INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-exim"]="origin/master" INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-germqtt"]="origin/master" diff --git a/modules/openstack_project/files/puppetmaster/groups.txt b/modules/openstack_project/files/puppetmaster/groups.txt index a5abb70d5d..fcc8e1f063 100644 --- a/modules/openstack_project/files/puppetmaster/groups.txt +++ b/modules/openstack_project/files/puppetmaster/groups.txt @@ -5,6 +5,7 @@ cacti ~cacti\d+\.openstack\.org ci-backup ci-backup-*.openstack.org disabled ci-backup-rs-ord.openstack.org:db368fcd-e61a-4294-a5cb-851c16650f7a:wiki.openstack.org elasticsearch ~elasticsearch0[1-7]\.openstack\.org +ethercalc ~ethercalc\d+\.openstack\.org git-loadbalancer ~git(-fe\d+)?\.openstack\.org git-server ~git\d+\.openstack\.org logstash-worker ~logstash-worker\d+\.openstack\.org diff --git a/modules/openstack_project/files/ssl_cert_check/ssldomains b/modules/openstack_project/files/ssl_cert_check/ssldomains index 1da1f73a89..13482654ca 100644 --- a/modules/openstack_project/files/ssl_cert_check/ssldomains +++ b/modules/openstack_project/files/ssl_cert_check/ssldomains @@ -1,4 +1,5 @@ ask.openstack.org 443 +ethercalc.openstack.org 443 etherpad.openstack.org 443 git.openstack.org 443 groups.openstack.org 443 diff --git a/modules/openstack_project/manifests/ethercalc.pp b/modules/openstack_project/manifests/ethercalc.pp new file mode 100644 index 0000000000..226559c026 --- /dev/null +++ b/modules/openstack_project/manifests/ethercalc.pp @@ -0,0 +1,24 @@ +class openstack_project::ethercalc ( + $vhost_name = $::fqdn, + $ssl_cert_file = '/etc/ssl/certs/ethercalc.openstack.org.pem', + $ssl_key_file = '/etc/ssl/private/ethercalc.openstack.org.key', + $ssl_chain_file = '/etc/ssl/certs/intermediate.pem', + $ssl_cert_file_contents = '', + $ssl_key_file_contents = '', + $ssl_chain_file_contents = '', +) { + include ethercalc + + class { 'ethercalc::apache': + vhost_name => $vhost_name, + ssl_cert_file => $ssl_cert_file, + ssl_key_file => $ssl_key_file, + ssl_chain_file => $ssl_chain_file, + ssl_cert_file_contents => $ssl_cert_file_contents, + ssl_key_file_contents => $ssl_key_file_contents, + ssl_chain_file_contents => $ssl_chain_file_contents, + } + + # TODO(clarkb) Redis backups + include ethercalc::redis +}