opendev/system-config
Code Issues Proposed changes

Merge "Update etherpad and etherpad puppet manifests."

Browse Source
This commit is contained in:
Jenkins 2013-10-13 16:29:27 +00:00 committed by Gerrit Code Review
commit 98aff895ee
16 changed files with 260 additions and 231 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
manifests/site.pp
View File

@ -203,15 +203,19 @@ node 'etherpad.openstack.org' {
ssl_cert_file_contents => hiera('etherpad_ssl_cert_file_contents'), ssl_cert_file_contents => hiera('etherpad_ssl_cert_file_contents'),
ssl_key_file_contents => hiera('etherpad_ssl_key_file_contents'), ssl_key_file_contents => hiera('etherpad_ssl_key_file_contents'),
ssl_chain_file_contents => hiera('etherpad_ssl_chain_file_contents'), ssl_chain_file_contents => hiera('etherpad_ssl_chain_file_contents'),
database_password => hiera('etherpad_db_password'), mysql_host => hiera('etherpad_db_host'),
mysql_user => hiera('etherpad_db_user'),
mysql_password => hiera('etherpad_db_password'),
sysadmins => hiera('sysadmins'), sysadmins => hiera('sysadmins'),
} }
} }
node 'etherpad-dev.openstack.org' { node 'etherpad-dev.openstack.org' {
class { 'openstack_project::etherpad_dev': class { 'openstack_project::etherpad_dev':
database_password => hiera('etherpad-dev_db_password'), mysql_host => hiera('etherpad-dev_db_host'),
sysadmins => hiera('sysadmins'), mysql_user => hiera('etherpad-dev_db_user'),
mysql_password => hiera('etherpad-dev_db_password'),
sysadmins => hiera('sysadmins'),
} }
} }

2
modules/etherpad_lite/manifests/apache.pp
View File

@ -34,7 +34,7 @@ class etherpad_lite::apache (
file { '/etc/ssl/certs': file { '/etc/ssl/certs':
ensure => directory, ensure => directory,
owner => 'root', owner => 'root',
mode => '0700', mode => '0755',
} }
file { '/etc/ssl/private': file { '/etc/ssl/private':

31
modules/etherpad_lite/manifests/backup.pp
View File

@ -1,31 +0,0 @@
# == Class: etherpad_lite::backup
#
class etherpad_lite::backup (
$minute = '0',
$hour = '0',
$day = '*',
$dest = "${etherpad_lite::base_log_dir}/${etherpad_lite::ep_user}/db.sql.gz",
$rotation = 'daily',
$num_backups = '30'
) {
cron { 'eplitedbbackup':
ensure => present,
command => "/usr/bin/mysqldump --defaults-file=/etc/mysql/debian.cnf --opt etherpad-lite | gzip -9 > ${dest}",
minute => $minute,
hour => $hour,
weekday => $day,
require => Package['mysql-server'],
}
include logrotate
logrotate::file { 'eplitedb':
log => $dest,
options => [
'nocompress',
"rotate ${num_backups}",
$rotation,
],
require => Cron['eplitedbbackup'],
}
}

53
modules/etherpad_lite/manifests/init.pp
View File

@ -15,9 +15,8 @@ class etherpad_lite (
$ep_user = 'eplite', $ep_user = 'eplite',
$base_log_dir = '/var/log', $base_log_dir = '/var/log',
$base_install_dir = '/opt/etherpad-lite', $base_install_dir = '/opt/etherpad-lite',
$nodejs_version = 'v0.6.16', $nodejs_version = 'v0.10.20',
$eplite_version = '', $eplite_version = 'develop'
$ep_headings = false
) { ) {
# where the modules are, needed to easily install modules later # where the modules are, needed to easily install modules later
@ -85,25 +84,16 @@ class etherpad_lite (
], ],
} }
# Allow existing install to exist without modifying its git repo. vcsrepo { "${base_install_dir}/etherpad-lite":
# But give the option to specify versions for new installs. ensure => present,
if $eplite_version != '' { provider => git,
vcsrepo { "${base_install_dir}/etherpad-lite": source => 'https://github.com/ether/etherpad-lite.git',
ensure => present, owner => $ep_user,
provider => git, revision => $eplite_version,
source => 'https://github.com/ether/etherpad-lite.git', require => [
owner => $ep_user, Package['git'],
revision => $eplite_version, User[$ep_user],
require => Package['git'], ],
}
} else {
vcsrepo { "${base_install_dir}/etherpad-lite":
ensure => present,
provider => git,
source => 'https://github.com/Pita/etherpad-lite.git',
owner => $ep_user,
require => Package['git'],
}
} }
exec { 'install_etherpad_dependencies': exec { 'install_etherpad_dependencies':
@ -120,25 +110,6 @@ class etherpad_lite (
creates => "${base_install_dir}/etherpad-lite/node_modules", creates => "${base_install_dir}/etherpad-lite/node_modules",
} }
if $ep_headings == true {
# install the test install plugin
# This seesm to be needed to get
exec {'npm install ep_fintest':
cwd => $modules_dir,
path => $path,
creates => "${modules_dir}/ep_fintest",
require => Exec['install_etherpad_dependencies']
} ->
# install the headings plugin
exec {'npm install ep_headings':
cwd => $modules_dir,
path => $path,
creates => "${modules_dir}/ep_headings",
require => Exec['install_etherpad_dependencies']
}
}
file { '/etc/init/etherpad-lite.conf': file { '/etc/init/etherpad-lite.conf':
ensure => present, ensure => present,
content => template('etherpad_lite/upstart.erb'), content => template('etherpad_lite/upstart.erb'),

82
modules/etherpad_lite/manifests/mysql.pp
View File

@ -1,82 +0,0 @@
# == Class: etherpad_lite::mysql
#
class etherpad_lite::mysql(
$database_password = '',
$dbType = 'mysql',
$database_user = 'eplite',
$database_name = 'etherpad-lite'
) {
include etherpad_lite
$base = "${etherpad_lite::base_install_dir}/etherpad-lite"
package { 'mysql-server':
ensure => present,
}
package { 'mysql-client':
ensure => present,
}
service { 'mysql':
ensure => running,
enable => true,
hasrestart => true,
require => [
Package['mysql-server'],
Package['mysql-client'],
],
}
file { "${base}/create_database.sh":
ensure => present,
content => template('etherpad_lite/create_database.sh.erb'),
group => $etherpad_lite::ep_user,
mode => '0755',
owner => $etherpad_lite::ep_user,
replace => true,
require => Class['etherpad_lite'],
}
file { "${base}/create_user.sh":
ensure => present,
content => template('etherpad_lite/create_user.sh.erb'),
group => $etherpad_lite::ep_user,
mode => '0755',
owner => $etherpad_lite::ep_user,
replace => true,
require => Class['etherpad_lite'],
}
exec { 'create-etherpad-lite-db':
unless => "mysql --defaults-file=/etc/mysql/debian.cnf ${database_name}",
path => [
'/bin',
'/usr/bin',
],
command => "${base}/create_database.sh",
require => [
Service['mysql'],
File["${base}/settings.json"],
File["${base}/create_database.sh"],
],
before => Exec['grant-etherpad-lite-db'],
}
exec { 'grant-etherpad-lite-db':
unless =>
"mysql -u${database_user} -p${database_password} ${database_name}",
path => [
'/bin',
'/usr/bin'
],
command => "${base}/create_user.sh",
require => [
Service['mysql'],
File["${base}/settings.json"],
File["${base}/create_user.sh"],
],
}
}
# vim:sw=2:ts=2:expandtab:textwidth=79

13
modules/etherpad_lite/manifests/plugin.pp Normal file
View File

@ -0,0 +1,13 @@
# Define to install etherpad lite plugins
#
define etherpad_lite::plugin {
$plugin_name = $name
exec { "npm install ${plugin_name}":
cwd => $etherpad_lite::modules_dir,
path => $etherpad_lite::path,
user => $etherpad_lite::ep_user,
environment => "HOME=${etherpad_lite::base_log_dir}/${etherpad_lite::ep_user}",
creates => "${etherpad_lite::modules_dir}/${plugin_name}",
require => Class['etherpad_lite']
}
}

26
modules/etherpad_lite/manifests/site.pp
View File

@ -1,30 +1,22 @@
# == Class: etherpad_lite::site # == Class: etherpad_lite::site
# #
class etherpad_lite::site ( class etherpad_lite::site (
$database_password = '', $database_password,
$dbType = 'mysql', $sessionKey = '',
$dbType = 'mysql',
$database_user = 'eplite', $database_user = 'eplite',
$database_name = 'etherpad-lite' $database_name = 'etherpad-lite',
$database_host = 'localhost'
) { ) {
include etherpad_lite include etherpad_lite
$base = $etherpad_lite::base_install_dir $base = $etherpad_lite::base_install_dir
if $dbType == 'mysql' { service { 'etherpad-lite':
service { 'etherpad-lite': ensure => running,
ensure => running, enable => true,
enable => true, subscribe => File["${base}/etherpad-lite/settings.json"],
subscribe => File["${base}/etherpad-lite/settings.json"],
require => Class['etherpad_lite::mysql'],
}
}
else {
service { 'etherpad-lite':
ensure => running,
enable => true,
subscribe => File["${base}/etherpad-lite/settings.json"],
}
} }
file { "${base}/etherpad-lite/settings.json": file { "${base}/etherpad-lite/settings.json":

3
modules/etherpad_lite/templates/create_database.sh.erb
View File

@ -1,3 +0,0 @@
#!/bin/bash
mysql --defaults-file=/etc/mysql/debian.cnf -e 'create database `<%= database_name %>` CHARACTER SET utf8 COLLATE utf8_bin'

3
modules/etherpad_lite/templates/create_user.sh.erb
View File

@ -1,3 +0,0 @@
#!/bin/bash
mysql --defaults-file=/etc/mysql/debian.cnf -e 'grant all on `<%= database_name %>`.* to "<%= database_user %>"@"localhost" identified by "<%= database_password %>";'

81
modules/etherpad_lite/templates/etherpad-lite_settings.json.erb
View File

@ -4,17 +4,27 @@
Please edit settings.json, not settings.json.template Please edit settings.json, not settings.json.template
*/ */
{ {
// Name your instance!
"title": "OpenStack Etherpad",
//Ip and port which etherpad should bind at //Ip and port which etherpad should bind at
"ip": "127.0.0.1", "ip": "127.0.0.1",
"port" : 9001, "port" : 9001,
// favicon default name
"favicon": "favicon.ico",
// Session Key, used for reconnecting user sessions
// Set this to a secure string at least 10 characters long. Do not share this value.
"sessionKey" : "<%= sessionKey %>",
//The Type of the database. You can choose between dirty, sqlite and mysql //The Type of the database. You can choose between dirty, sqlite and mysql
//You should use mysql or sqlite for anything else than testing or development //You should use mysql or sqlite for anything else than testing or development
"dbType" : "<%= dbType %>", "dbType" : "<%= dbType %>",
//the database specific settings //the database specific settings
"dbSettings" : { "dbSettings" : {
"user" : "<%= database_user %>", "user" : "<%= database_user %>",
"host" : "localhost", "host" : "<%= database_host %>",
"password": "<%= database_password %>", "password": "<%= database_password %>",
"database": "<%= database_name %>" "database": "<%= database_name %>"
}, },
@ -39,9 +49,72 @@
Abiword is needed to enable the import/export of pads*/ Abiword is needed to enable the import/export of pads*/
"abiword" : "/usr/bin/abiword", "abiword" : "/usr/bin/abiword",
/* This setting is used if you need http basic auth */ /* This setting is used if you require authentication of all users.
// "httpAuth" : "user:pass", Note: /admin always requires authentication. */
"requireAuthentication": false,
/* Require authorization by a module, or a user with is_admin set, see below. */
"requireAuthorization": false,
/* Users for basic authentication. is_admin = true gives access to /admin.
If you do not uncomment this, /admin will not be available! */
/*
"users": {
"admin": {
"password": "changeme1",
"is_admin": true
},
"user": {
"password": "changeme1",
"is_admin": false
}
},
*/
// restrict socket.io transport methods
"socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],
/* The log level we are using, can be: DEBUG, INFO, WARN, ERROR */ /* The log level we are using, can be: DEBUG, INFO, WARN, ERROR */
"loglevel": "INFO" "loglevel": "INFO",
//Logging configuration. See log4js documentation for further information
// https://github.com/nomiddlename/log4js-node
// You can add as many appenders as you want here:
"logconfig" :
{ "appenders": [
{ "type": "console"
//, "category": "access"// only logs pad access
}
/*
, { "type": "file"
, "filename": "/var/log/eplite/etherpad-lite.log"
, "maxLogSize": 1024
, "backups": 30 // how many log files there're gonna be at max
//, "category": "test" // only log a specific category
}*/
/*
, { "type": "logLevelFilter"
, "level": "warn" // filters out all log messages that have a lower level than "error"
, "appender":
{ Use whatever appender you want here }
}*/
/*
, { "type": "logLevelFilter"
, "level": "error" // filters out all log messages that have a lower level than "error"
, "appender":
{ "type": "smtp"
, "subject": "An error occured in your EPL instance!"
, "recipients": "bar@blurdybloop.com, baz@blurdybloop.com"
, "sendInterval": 60*5 // in secs -- will buffer log messages; set to 0 to send a mail for every message
, "transport": "SMTP", "SMTP": { // see https://github.com/andris9/Nodemailer#possible-transport-methods
"host": "smtp.example.com", "port": 465,
"secureConnection": true,
"auth": {
"user": "foo@example.com",
"pass": "bar_foo"
}
}
}
}*/
] }
} }

49
modules/etherpad_lite/templates/etherpadlite.vhost.erb
View File

@ -36,28 +36,37 @@
# MSIE 7 and newer should be able to use keepalive # MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
RewriteEngine on <IfModule mod_proxy.c>
RewriteCond %{HTTP_HOST} !<%= scope.lookupvar("etherpad_lite::apache::vhost_name") %> # The following redirects "nice" urls such as https://etherpad.example.org/padname
RewriteRule ^.*$ https://<%= scope.lookupvar("etherpad_lite::apache::vhost_name") %> [L,R=301] # to https://etherpad.example.org/p/padname. It was problematic directly
# supporting "nice" urls as etherpad hardcodes /p/ in many places.
# Adapted from https://github.com/ether/etherpad-lite/wiki/How-to-put-Etherpad-Lite-behind-a-reverse-Proxy
RewriteEngine on
RewriteCond %{HTTP_HOST} !<%= scope.lookupvar("etherpad_lite::apache::vhost_name") %>
RewriteRule ^.*$ https://<%= scope.lookupvar("etherpad_lite::apache::vhost_name") %> [L,R=301]
RewriteRule ^/p/(.*)$ https://<%= scope.lookupvar("etherpad_lite::apache::vhost_name") %>/$1 [NC,L,R=301] RewriteCond %{REQUEST_URI} !^/p/
RewriteCond %{REQUEST_URI} !^/p/ RewriteCond %{REQUEST_URI} !^/locales/
RewriteCond %{REQUEST_URI} !^/static/ RewriteCond %{REQUEST_URI} !^/locales.json
RewriteCond %{REQUEST_URI} !^/pluginfw/ RewriteCond %{REQUEST_URI} !^/admin
RewriteCond %{REQUEST_URI} !^/javascripts/ RewriteCond %{REQUEST_URI} !^/p/
RewriteCond %{REQUEST_URI} !^/socket.io/ RewriteCond %{REQUEST_URI} !^/static/
RewriteCond %{REQUEST_URI} !^/ep/ RewriteCond %{REQUEST_URI} !^/pluginfw/
RewriteCond %{REQUEST_URI} !^/minified/ RewriteCond %{REQUEST_URI} !^/javascripts/
RewriteCond %{REQUEST_URI} !^/api/ RewriteCond %{REQUEST_URI} !^/socket.io/
RewriteCond %{REQUEST_URI} !^/ro/ RewriteCond %{REQUEST_URI} !^/ep/
RewriteCond %{REQUEST_URI} !^/error/ RewriteCond %{REQUEST_URI} !^/minified/
RewriteCond %{REQUEST_URI} !^/jserror RewriteCond %{REQUEST_URI} !^/api/
RewriteCond %{REQUEST_URI} !/favicon.ico RewriteCond %{REQUEST_URI} !^/ro/
RewriteCond %{REQUEST_URI} !/robots.txt RewriteCond %{REQUEST_URI} !^/error/
RewriteRule ^/+(.+)$ https://<%= scope.lookupvar("etherpad_lite::apache::vhost_name") %>/p/$1 RewriteCond %{REQUEST_URI} !^/jserror
RewriteCond %{REQUEST_URI} !/favicon.ico
RewriteCond %{REQUEST_URI} !/robots.txt
RewriteRule ^/+(.+)$ https://<%= scope.lookupvar("etherpad_lite::apache::vhost_name") %>/p/$1 [NC,L,R=301]
RewriteRule ^/(.*)$ http://localhost:9001/$1 [P] RewriteRule ^/(.*)$ http://localhost:9001/$1 [P]
ProxyPassReverse / http://localhost:9001/ ProxyPassReverse / http://localhost:9001/
</IfModule>
</VirtualHost> </VirtualHost>
</IfModule> </IfModule>

6
modules/mysql_backup/manifests/backup.pp
View File

@ -26,6 +26,12 @@ define mysql_backup::backup (
} }
} }
if ! defined(Package['mysql-client']) {
package { 'mysql-client':
ensure => present,
}
}
cron { "${name}-backup": cron { "${name}-backup":
ensure => present, ensure => present,
command => "/usr/bin/mysqldump --defaults-file=${defaults_file} --opt --ignore-table mysql.event --all-databases | gzip -9 > ${dest_dir}/${name}.sql.gz", command => "/usr/bin/mysqldump --defaults-file=${defaults_file} --opt --ignore-table mysql.event --all-databases | gzip -9 > ${dest_dir}/${name}.sql.gz",

67
modules/mysql_backup/manifests/backup_remote.pp Normal file
View File

@ -0,0 +1,67 @@
# == Define: mysql_backup::backup_remote
#
# Arguments determine when backups should be taken, where they should
# be located, and how often they shouled be rotated. Additionally
# provide remote DB authentication details for that DB to be backed up.
# This define assumes that the mysqldump command is installed under
# /usr/bin. All reachable DBs and tables will be backed up.
#
define mysql_backup::backup_remote (
$database_host,
$database_user,
$database_password,
$minute = '0',
$hour = '0',
$day = '*',
$dest_dir = '/var/backups/mysql_backups',
$rotation = 'daily',
$num_backups = '30'
) {
# Wrap in check as there may be mutliple backup defines backing
# up to the same dir.
if ! defined(File[$dest_dir]) {
file { $dest_dir:
ensure => directory,
mode => '0755',
owner => 'root',
group => 'root',
}
}
$defaults_file = "/root/.${name}_db.cnf"
file { $defaults_file:
ensure => present,
mode => '0400',
owner => 'root',
group => 'root',
content => template('mysql_backup/my.cnf.erb'),
}
if ! defined(Package['mysql-client']) {
package { 'mysql-client':
ensure => present,
}
}
cron { "${name}-backup":
ensure => present,
command => "/usr/bin/mysqldump --defaults-file=${defaults_file} --opt --ignore-table mysql.event --all-databases | gzip -9 > ${dest_dir}/${name}.sql.gz",
minute => $minute,
hour => $hour,
weekday => $day,
require => [
File[$dest_dir],
File[$defaults_file],
],
}
include logrotate
logrotate::file { "${name}-rotate":
log => "${dest_dir}/${name}.sql.gz",
options => [
'nocompress',
"rotate ${num_backups}",
$rotation,
],
require => Cron["${name}-backup"],
}
}

4
modules/mysql_backup/templates/my.cnf.erb Normal file
View File

@ -0,0 +1,4 @@
[client]
host=<%= database_host %>
user=<%= database_user %>
password=<%= database_password %>

24
modules/openstack_project/manifests/etherpad.pp
View File

@ -1,8 +1,11 @@
class openstack_project::etherpad ( class openstack_project::etherpad (
$mysql_password,
$ssl_cert_file_contents = '', $ssl_cert_file_contents = '',
$ssl_key_file_contents = '', $ssl_key_file_contents = '',
$ssl_chain_file_contents = '', $ssl_chain_file_contents = '',
$database_password = '', $mysql_host = 'localhost',
$mysql_user = 'eplite',
$mysql_db_name = 'etherpad-lite',
$sysadmins = [] $sysadmins = []
) { ) {
class { 'openstack_project::server': class { 'openstack_project::server':
@ -11,9 +14,6 @@ class openstack_project::etherpad (
} }
include etherpad_lite include etherpad_lite
mysql_backup::backup { 'etherpad-lite':
require => Class['etherpad_lite'],
}
class { 'etherpad_lite::apache': class { 'etherpad_lite::apache':
ssl_cert_file => '/etc/ssl/certs/etherpad.openstack.org.pem', ssl_cert_file => '/etc/ssl/certs/etherpad.openstack.org.pem',
@ -25,11 +25,21 @@ class openstack_project::etherpad (
} }
class { 'etherpad_lite::site': class { 'etherpad_lite::site':
database_password => $database_password, database_host => $mysql_host,
database_user => $mysql_user,
database_name => $mysql_db_name,
database_password => $mysql_password,
} }
class { 'etherpad_lite::mysql': etherpad_lite::plugin { 'ep_headings':
database_password => $database_password, require => Class['etherpad_lite'],
}
mysql_backup::backup_remote { 'etherpad-lite':
database_host => $mysql_host,
database_user => $mysql_user,
database_password => $mysql_password,
require => Class['etherpad_lite'],
} }
} }

37
modules/openstack_project/manifests/etherpad_dev.pp
View File

@ -1,5 +1,8 @@
class openstack_project::etherpad_dev ( class openstack_project::etherpad_dev (
$database_password = '', $mysql_password,
$mysql_host = 'localhost',
$mysql_user = 'eplite',
$mysql_db_name = 'etherpad-lite',
$sysadmins = [] $sysadmins = []
) { ) {
class { 'openstack_project::server': class { 'openstack_project::server':
@ -7,21 +10,7 @@ class openstack_project::etherpad_dev (
sysadmins => $sysadmins sysadmins => $sysadmins
} }
class { 'etherpad_lite': include etherpad_lite
# Use the version running on the prod server.
eplite_version => '4195e11a41c5992bc555cef71246800bceaf1915',
# Use the version running on the prod server.
nodejs_version => 'v0.6.16',
# Once dev install is working replace the above parameters with
# the following to test automated upgrade by puppet.
# eplite_version => '1.1.4',
# nodejs_version => 'v0.8.14',
ep_headings => true
}
mysql_backup::backup { 'etherpad-lite':
require => Class['etherpad_lite'],
}
class { 'etherpad_lite::apache': class { 'etherpad_lite::apache':
ssl_cert_file => '/etc/ssl/certs/ssl-cert-snakeoil.pem', ssl_cert_file => '/etc/ssl/certs/ssl-cert-snakeoil.pem',
@ -30,11 +19,21 @@ class openstack_project::etherpad_dev (
} }
class { 'etherpad_lite::site': class { 'etherpad_lite::site':
database_password => $database_password, database_host => $mysql_host,
database_user => $mysql_user,
database_name => $mysql_db_name,
database_password => $mysql_password,
} }
class { 'etherpad_lite::mysql': etherpad_lite::plugin { 'ep_headings':
database_password => $database_password, require => Class['etherpad_lite'],
}
mysql_backup::backup_remote { 'etherpad-lite-dev':
database_host => $mysql_host,
database_user => $mysql_user,
database_password => $mysql_password,
require => Class['etherpad_lite'],
} }
} }