From 7da354907e3796e2918b0b72542f90fc98f2f22f Mon Sep 17 00:00:00 2001 From: Ryan Lane Date: Mon, 30 Jul 2012 00:23:41 -0700 Subject: [PATCH] Initial commit of MediaWiki module Change-Id: I6181e0d4a717d0a11ea2d741034db99435d5e180 Reviewed-on: https://review.openstack.org/10521 Approved: Monty Taylor Reviewed-by: Monty Taylor Tested-by: Jenkins --- install_modules.sh | 1 + manifests/site.pp | 4 +- modules/mediawiki/manifests/app.pp | 8 ++ modules/mediawiki/manifests/image_scaler.pp | 14 +++ modules/mediawiki/manifests/init.pp | 35 ++++++ modules/mediawiki/manifests/php.pp | 6 + modules/mediawiki/manifests/search.pp | 3 + .../mediawiki/templates/apache/mediawiki.erb | 106 ++++++++++++++++++ modules/openssl/manifests/init.pp | 5 + modules/openstack_project/manifests/wiki.pp | 26 ++++- modules/subversion/manifests/init.pp | 5 + 11 files changed, 211 insertions(+), 2 deletions(-) create mode 100644 modules/mediawiki/manifests/app.pp create mode 100644 modules/mediawiki/manifests/image_scaler.pp create mode 100644 modules/mediawiki/manifests/init.pp create mode 100644 modules/mediawiki/manifests/php.pp create mode 100644 modules/mediawiki/manifests/search.pp create mode 100644 modules/mediawiki/templates/apache/mediawiki.erb create mode 100644 modules/openssl/manifests/init.pp create mode 100644 modules/subversion/manifests/init.pp diff --git a/install_modules.sh b/install_modules.sh index e591aadd0b..676b927f87 100644 --- a/install_modules.sh +++ b/install_modules.sh @@ -32,6 +32,7 @@ MODULES=" puppetlabs-apache puppetlabs-apt puppetlabs-mysql + saz-memcached " MODULE_LIST=`puppet module list` diff --git a/manifests/site.pp b/manifests/site.pp index be9bfdb38f..04fd9e5f07 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -86,7 +86,9 @@ node 'etherpad.openstack.org' { } node 'wiki.openstack.org' { - include openstack_project::wiki + class { 'openstack_project::wiki': + mysql_root_password => hiera('wiki_db_password'), + } } node 'puppet-dashboard.openstack.org' { diff --git a/modules/mediawiki/manifests/app.pp b/modules/mediawiki/manifests/app.pp new file mode 100644 index 0000000000..24a53946ba --- /dev/null +++ b/modules/mediawiki/manifests/app.pp @@ -0,0 +1,8 @@ +class mediawiki::app { + + vcsrepo { "/srv/mediawiki/w": + ensure => latest, + source => "https://gerrit.wikimedia.org/r/p/mediawiki/core.git", + revision => "origin/master", + } +} diff --git a/modules/mediawiki/manifests/image_scaler.pp b/modules/mediawiki/manifests/image_scaler.pp new file mode 100644 index 0000000000..ec49055871 --- /dev/null +++ b/modules/mediawiki/manifests/image_scaler.pp @@ -0,0 +1,14 @@ +class mediawiki::image_scaler { + package { ["imagemagick", "ghostscript", "ffmpeg", "ffmpeg2theora", "librsvg2-bin", "djvulibre-bin", "netpbm", "libogg0", "libvorbisenc2", "libtheora0", "oggvideotools", "libvips15", "libvips-tools"]: + ensure => present; + } + package { [ "gsfonts", "texlive-fonts-recommended", "ttf-alee", "ttf-arabeyes", "ttf-arphic-ukai", "ttf-arphic-uming", "ttf-bengali-fonts", "ttf-devanagari-fonts", "ttf-farsiweb", "ttf-gujarati-fonts", "ttf-kacst", "ttf-kannada-fonts", "ttf-khmeros", "ttf-lao", "ttf-liberation", "ttf-linux-libertine", "ttf-malayalam-fonts", "ttf-manchufont", "ttf-mgopen", "ttf-nafees", "ttf-oriya-fonts", "ttf-punjabi-fonts", "ttf-sil-abyssinica", "ttf-sil-ezra", "ttf-sil-padauk", "ttf-sil-scheherazade", "ttf-sil-yi", "ttf-takao-gothic", "ttf-takao-mincho", "ttf-tamil-fonts", "ttf-thai-tlwg", "ttf-tmuni", "ttf-ubuntu-font-family", "ttf-unfonts-extra", "ttf-wqy-zenhei", "xfonts-100dpi", "xfonts-75dpi", "xfonts-base", "xfonts-mplus", "xfonts-scalable"]: + ensure => present; + } + cron { "removetmpfiles": + command => "for dir in /tmp; do find \$dir -ignore_readdir_race -type f \\( -name 'gs_*' -o -name 'magick-*' \\) -cmin +15 -exec rm -f {} \\;; done", + user => root, + minute => '*/5', + ensure => present + } +} diff --git a/modules/mediawiki/manifests/init.pp b/modules/mediawiki/manifests/init.pp new file mode 100644 index 0000000000..991d122cdf --- /dev/null +++ b/modules/mediawiki/manifests/init.pp @@ -0,0 +1,35 @@ +class mediawiki($role, $site_hostname, $mediawiki_location='') { + if ($role == "app" or $role == "all") { + include apache + require apache::dev + include mediawiki::php, + mediawiki::app + + package { 'libapache2-mod-php5': + ensure => present + } + + apache::vhost { $site_hostname: + port => 443, + docroot => 'MEANINGLESS ARGUMENT', + priority => '50', + template => 'mediawiki/apache/mediawiki.erb', + ssl => true, + } + a2mod { 'rewrite': + ensure => present + } + a2mod { 'expires': + ensure => present + } + + } + if ($role == "image-scaler" or $role == "all") { + include mediawiki::image_scaler, + mediawiki::php, + mediawiki::app + } + if ($role == "search" or $role == "all") { + include mediawiki::search + } +} diff --git a/modules/mediawiki/manifests/php.pp b/modules/mediawiki/manifests/php.pp new file mode 100644 index 0000000000..b023d13f08 --- /dev/null +++ b/modules/mediawiki/manifests/php.pp @@ -0,0 +1,6 @@ +class mediawiki::php { + package { ["php5", "php5-cli", "php5-mysql", "php-apc", "php5-intl"]: + ensure => present; + } + # TODO: apc configuration +} diff --git a/modules/mediawiki/manifests/search.pp b/modules/mediawiki/manifests/search.pp new file mode 100644 index 0000000000..ca21aeddc1 --- /dev/null +++ b/modules/mediawiki/manifests/search.pp @@ -0,0 +1,3 @@ +class mediawiki::search { + # Not currently defined. We should add lucene. +} diff --git a/modules/mediawiki/templates/apache/mediawiki.erb b/modules/mediawiki/templates/apache/mediawiki.erb new file mode 100644 index 0000000000..4a60debc22 --- /dev/null +++ b/modules/mediawiki/templates/apache/mediawiki.erb @@ -0,0 +1,106 @@ +##################################################################### +### THIS FILE IS MANAGED BY PUPPET +### puppet:///files/apache/sites/labconsole.wikimedia.org +##################################################################### +# vim: filetype=apache + + + ServerAdmin noc@openstack.org + ServerName <%= scope.lookupvar("mediawiki::site_hostname") %> + + DocumentRoot /var/www + + Options FollowSymLinks + AllowOverride None + + + Options Indexes FollowSymLinks MultiViews + AllowOverride None + Order allow,deny + allow from all + + + RewriteEngine on + RewriteCond %{SERVER_PORT} !^443$ + RewriteRule ^/(.*)$ https://<%= scope.lookupvar("mediawiki::site_hostname") %>/$1 [L,R] + + ErrorLog /var/log/apache2/mediawiki-error.log + + # Possible values include: debug, info, notice, warn, error, crit, + # alert, emerg. + LogLevel warn + + CustomLog /var/log/apache2/mediawiki-access.log combined + ServerSignature Off + + + + ServerAdmin noc@openstack.org + ServerName <%= scope.lookupvar("mediawiki::site_hostname") %> + + SSLEngine on + SSLCertificateFile /etc/ssl/certs/<%= fqdn %>.pem + SSLCertificateKeyFile /etc/ssl/private/<%= fqdn %>.key + + RedirectMatch ^/$ http://<%= scope.lookupvar("mediawiki::site_hostname") %>/wiki/ + + DocumentRoot /var/www + + Options FollowSymLinks + AllowOverride None + + + Options Indexes FollowSymLinks MultiViews + AllowOverride None + Order allow,deny + allow from all + + /images"> + # Ignore .htaccess files + AllowOverride None + + # Serve HTML as plaintext, don't execute SHTML + AddType text/plain .html .htm .shtml .php + + # Don't run arbitrary PHP code. + php_admin_flag engine off + + + ExpiresActive On + "> + + ExpiresByType image/gif A2592000 + ExpiresByType image/png A2592000 + ExpiresByType image/jpeg A2592000 + ExpiresByType text/css A2592000 + ExpiresByType text/javascript A2592000 + ExpiresByType application/x-javascript A2592000 + ExpiresByType application/x-font-woff A2592000 + ExpiresByType image/svg+xml A2592000 + ExpiresByType application/vnd.ms-fontobject A2592000 + ExpiresByType application/x-font-ttf A2592000 + ## I think it's likely dangerous to enable this for the entire domain. + ## I'm nearly positive we only need to do so for the WebFonts. + ## For now I'm going to keep this disabled. + #Header add Access-Control-Allow-Origin "*" + + + + AddType application/x-font-woff .woff + AddType application/vnd.ms-fontobject .eot + # TTF doesn't have an official MIME type, but I really don't want to use application/octet-stream for it + AddType application/x-font-ttf .ttf + + Alias /w <%= scope.lookupvar('mediawiki::mediawiki_location') %> + Alias /wiki <%= scope.lookupvar('mediawiki::mediawiki_location') %>/index.php + + ErrorLog /var/log/apache2/error.log + + # Possible values include: debug, info, notice, warn, error, crit, + # alert, emerg. + LogLevel warn + + CustomLog /var/log/apache2/access.log combined + ServerSignature Off + + diff --git a/modules/openssl/manifests/init.pp b/modules/openssl/manifests/init.pp new file mode 100644 index 0000000000..190d71fbc7 --- /dev/null +++ b/modules/openssl/manifests/init.pp @@ -0,0 +1,5 @@ +class openssl { + package { ["openssl", "ssl-cert"]: + ensure => present; + } +} diff --git a/modules/openstack_project/manifests/wiki.pp b/modules/openstack_project/manifests/wiki.pp index 23ec09e3fb..56fad1067d 100644 --- a/modules/openstack_project/manifests/wiki.pp +++ b/modules/openstack_project/manifests/wiki.pp @@ -1,4 +1,8 @@ -class openstack_project::wiki { +class openstack_project::wiki($mysql_root_password) { + + include openssl + include subversion + class { 'openstack_project::server': iptables_public_tcp_ports => [80, 443] } @@ -6,4 +10,24 @@ class openstack_project::wiki { realize ( User::Virtual::Localuser["rlane"], ) + + class { 'mediawiki': + role => 'all', + mediawiki_location => '/srv/mediawiki/w', + site_hostname => $fqdn; + } + class { 'memcached': + max_memory => 2048, + listen_ip => '127.0.0.1', + tcp_port => 11000, + udp_port => 11000, + } + class {"mysql::server": + config_hash => { + 'root_password' => "${mysql_root_password}", + 'default_engine' => 'InnoDB', + 'bind_address' => '127.0.0.1', + } + } + include mysql::server::account_security } diff --git a/modules/subversion/manifests/init.pp b/modules/subversion/manifests/init.pp new file mode 100644 index 0000000000..c130643d80 --- /dev/null +++ b/modules/subversion/manifests/init.pp @@ -0,0 +1,5 @@ +class subversion { + package { ["subversion"]: + ensure => latest; + } +}