Update etherpad and etherpad puppet manifests.

* manifests/site.pp: Pass new mysql DB variables to
openstack::etherpad*.

* modules/etherpad_lite/manifests/apache.pp: Fix broken /etc/ssl/certs
permissions (0700 -> 0755).

* modules/etherpad_lite/manifests/init.pp: Update default nodejs and
etherpad versions. Remove ep_headings plugin install. New plugin define
should be used for this instead. Stop making the etherpad-lite ref to
checkout optional (defaults to develop). Note these changes are probably
not going to be backward compat.

* modules/etherpad_lite/manifests/plugin.pp: Define to install etherpad
lite plugins.

* modules/etherpad_lite/manifests/site.pp: Simplify DB support and
remove support for the dirty DB type.

* modules/etherpad_lite/templates/etherpad-lite_settings.json.erb: Bring
settings erb up to par with latest template.

* modules/etherpad_lite/templates/etherpadlite.vhost.erb: Update rewrite
rules for new etherpad. Instead of allowing nice pad urls rooted at /
redirect these url to /p/padname. Etherpad does not deal well with a
change in root path as /p/ is hardcoded in many places.

* modules/openstack_project/manifests/etherpad.pp
* modules/openstack_project/manifests/etherpad_dev.pp:
Update to use new etherpad module setup. MySQL DBs are now externally
managed, pass in needed connection info.

* modules/mysql_backup/manifests/backup_remote.pp: New define to backup
remote DB servers.

* modules/mysql_backup/templates/my.cnf.erb: Template for a my.cnf to be
used by the cron in backup_remote.pp. Allows for easy connectivity from
server using MySQL DB as root.

Change-Id: I1250297674b91e81d59cd28c07c52e09967ca548
This commit is contained in:
Clark Boylan 2013-09-05 18:22:21 -07:00
parent b77040b38f
commit c1ffb9f145
16 changed files with 260 additions and 231 deletions

View File

@ -198,15 +198,19 @@ node 'etherpad.openstack.org' {
ssl_cert_file_contents => hiera('etherpad_ssl_cert_file_contents'),
ssl_key_file_contents => hiera('etherpad_ssl_key_file_contents'),
ssl_chain_file_contents => hiera('etherpad_ssl_chain_file_contents'),
database_password => hiera('etherpad_db_password'),
mysql_host => hiera('etherpad_db_host'),
mysql_user => hiera('etherpad_db_user'),
mysql_password => hiera('etherpad_db_password'),
sysadmins => hiera('sysadmins'),
}
}
node 'etherpad-dev.openstack.org' {
class { 'openstack_project::etherpad_dev':
database_password => hiera('etherpad-dev_db_password'),
sysadmins => hiera('sysadmins'),
mysql_host => hiera('etherpad-dev_db_host'),
mysql_user => hiera('etherpad-dev_db_user'),
mysql_password => hiera('etherpad-dev_db_password'),
sysadmins => hiera('sysadmins'),
}
}

View File

@ -34,7 +34,7 @@ class etherpad_lite::apache (
file { '/etc/ssl/certs':
ensure => directory,
owner => 'root',
mode => '0700',
mode => '0755',
}
file { '/etc/ssl/private':

View File

@ -1,31 +0,0 @@
# == Class: etherpad_lite::backup
#
class etherpad_lite::backup (
$minute = '0',
$hour = '0',
$day = '*',
$dest = "${etherpad_lite::base_log_dir}/${etherpad_lite::ep_user}/db.sql.gz",
$rotation = 'daily',
$num_backups = '30'
) {
cron { 'eplitedbbackup':
ensure => present,
command => "/usr/bin/mysqldump --defaults-file=/etc/mysql/debian.cnf --opt etherpad-lite | gzip -9 > ${dest}",
minute => $minute,
hour => $hour,
weekday => $day,
require => Package['mysql-server'],
}
include logrotate
logrotate::file { 'eplitedb':
log => $dest,
options => [
'nocompress',
"rotate ${num_backups}",
$rotation,
],
require => Cron['eplitedbbackup'],
}
}

View File

@ -15,9 +15,8 @@ class etherpad_lite (
$ep_user = 'eplite',
$base_log_dir = '/var/log',
$base_install_dir = '/opt/etherpad-lite',
$nodejs_version = 'v0.6.16',
$eplite_version = '',
$ep_headings = false
$nodejs_version = 'v0.10.20',
$eplite_version = 'develop'
) {
# where the modules are, needed to easily install modules later
@ -85,25 +84,16 @@ class etherpad_lite (
],
}
# Allow existing install to exist without modifying its git repo.
# But give the option to specify versions for new installs.
if $eplite_version != '' {
vcsrepo { "${base_install_dir}/etherpad-lite":
ensure => present,
provider => git,
source => 'https://github.com/ether/etherpad-lite.git',
owner => $ep_user,
revision => $eplite_version,
require => Package['git'],
}
} else {
vcsrepo { "${base_install_dir}/etherpad-lite":
ensure => present,
provider => git,
source => 'https://github.com/Pita/etherpad-lite.git',
owner => $ep_user,
require => Package['git'],
}
vcsrepo { "${base_install_dir}/etherpad-lite":
ensure => present,
provider => git,
source => 'https://github.com/ether/etherpad-lite.git',
owner => $ep_user,
revision => $eplite_version,
require => [
Package['git'],
User[$ep_user],
],
}
exec { 'install_etherpad_dependencies':
@ -120,25 +110,6 @@ class etherpad_lite (
creates => "${base_install_dir}/etherpad-lite/node_modules",
}
if $ep_headings == true {
# install the test install plugin
# This seesm to be needed to get
exec {'npm install ep_fintest':
cwd => $modules_dir,
path => $path,
creates => "${modules_dir}/ep_fintest",
require => Exec['install_etherpad_dependencies']
} ->
# install the headings plugin
exec {'npm install ep_headings':
cwd => $modules_dir,
path => $path,
creates => "${modules_dir}/ep_headings",
require => Exec['install_etherpad_dependencies']
}
}
file { '/etc/init/etherpad-lite.conf':
ensure => present,
content => template('etherpad_lite/upstart.erb'),

View File

@ -1,82 +0,0 @@
# == Class: etherpad_lite::mysql
#
class etherpad_lite::mysql(
$database_password = '',
$dbType = 'mysql',
$database_user = 'eplite',
$database_name = 'etherpad-lite'
) {
include etherpad_lite
$base = "${etherpad_lite::base_install_dir}/etherpad-lite"
package { 'mysql-server':
ensure => present,
}
package { 'mysql-client':
ensure => present,
}
service { 'mysql':
ensure => running,
enable => true,
hasrestart => true,
require => [
Package['mysql-server'],
Package['mysql-client'],
],
}
file { "${base}/create_database.sh":
ensure => present,
content => template('etherpad_lite/create_database.sh.erb'),
group => $etherpad_lite::ep_user,
mode => '0755',
owner => $etherpad_lite::ep_user,
replace => true,
require => Class['etherpad_lite'],
}
file { "${base}/create_user.sh":
ensure => present,
content => template('etherpad_lite/create_user.sh.erb'),
group => $etherpad_lite::ep_user,
mode => '0755',
owner => $etherpad_lite::ep_user,
replace => true,
require => Class['etherpad_lite'],
}
exec { 'create-etherpad-lite-db':
unless => "mysql --defaults-file=/etc/mysql/debian.cnf ${database_name}",
path => [
'/bin',
'/usr/bin',
],
command => "${base}/create_database.sh",
require => [
Service['mysql'],
File["${base}/settings.json"],
File["${base}/create_database.sh"],
],
before => Exec['grant-etherpad-lite-db'],
}
exec { 'grant-etherpad-lite-db':
unless =>
"mysql -u${database_user} -p${database_password} ${database_name}",
path => [
'/bin',
'/usr/bin'
],
command => "${base}/create_user.sh",
require => [
Service['mysql'],
File["${base}/settings.json"],
File["${base}/create_user.sh"],
],
}
}
# vim:sw=2:ts=2:expandtab:textwidth=79

View File

@ -0,0 +1,13 @@
# Define to install etherpad lite plugins
#
define etherpad_lite::plugin {
$plugin_name = $name
exec { "npm install ${plugin_name}":
cwd => $etherpad_lite::modules_dir,
path => $etherpad_lite::path,
user => $etherpad_lite::ep_user,
environment => "HOME=${etherpad_lite::base_log_dir}/${etherpad_lite::ep_user}",
creates => "${etherpad_lite::modules_dir}/${plugin_name}",
require => Class['etherpad_lite']
}
}

View File

@ -1,30 +1,22 @@
# == Class: etherpad_lite::site
#
class etherpad_lite::site (
$database_password = '',
$dbType = 'mysql',
$database_password,
$sessionKey = '',
$dbType = 'mysql',
$database_user = 'eplite',
$database_name = 'etherpad-lite'
$database_name = 'etherpad-lite',
$database_host = 'localhost'
) {
include etherpad_lite
$base = $etherpad_lite::base_install_dir
if $dbType == 'mysql' {
service { 'etherpad-lite':
ensure => running,
enable => true,
subscribe => File["${base}/etherpad-lite/settings.json"],
require => Class['etherpad_lite::mysql'],
}
}
else {
service { 'etherpad-lite':
ensure => running,
enable => true,
subscribe => File["${base}/etherpad-lite/settings.json"],
}
service { 'etherpad-lite':
ensure => running,
enable => true,
subscribe => File["${base}/etherpad-lite/settings.json"],
}
file { "${base}/etherpad-lite/settings.json":

View File

@ -1,3 +0,0 @@
#!/bin/bash
mysql --defaults-file=/etc/mysql/debian.cnf -e 'create database `<%= database_name %>` CHARACTER SET utf8 COLLATE utf8_bin'

View File

@ -1,3 +0,0 @@
#!/bin/bash
mysql --defaults-file=/etc/mysql/debian.cnf -e 'grant all on `<%= database_name %>`.* to "<%= database_user %>"@"localhost" identified by "<%= database_password %>";'

View File

@ -4,17 +4,27 @@
Please edit settings.json, not settings.json.template
*/
{
// Name your instance!
"title": "OpenStack Etherpad",
//Ip and port which etherpad should bind at
"ip": "127.0.0.1",
"port" : 9001,
// favicon default name
"favicon": "favicon.ico",
// Session Key, used for reconnecting user sessions
// Set this to a secure string at least 10 characters long. Do not share this value.
"sessionKey" : "<%= sessionKey %>",
//The Type of the database. You can choose between dirty, sqlite and mysql
//You should use mysql or sqlite for anything else than testing or development
"dbType" : "<%= dbType %>",
//the database specific settings
"dbSettings" : {
"user" : "<%= database_user %>",
"host" : "localhost",
"host" : "<%= database_host %>",
"password": "<%= database_password %>",
"database": "<%= database_name %>"
},
@ -39,9 +49,72 @@
Abiword is needed to enable the import/export of pads*/
"abiword" : "/usr/bin/abiword",
/* This setting is used if you need http basic auth */
// "httpAuth" : "user:pass",
/* This setting is used if you require authentication of all users.
Note: /admin always requires authentication. */
"requireAuthentication": false,
/* Require authorization by a module, or a user with is_admin set, see below. */
"requireAuthorization": false,
/* Users for basic authentication. is_admin = true gives access to /admin.
If you do not uncomment this, /admin will not be available! */
/*
"users": {
"admin": {
"password": "changeme1",
"is_admin": true
},
"user": {
"password": "changeme1",
"is_admin": false
}
},
*/
// restrict socket.io transport methods
"socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],
/* The log level we are using, can be: DEBUG, INFO, WARN, ERROR */
"loglevel": "INFO"
"loglevel": "INFO",
//Logging configuration. See log4js documentation for further information
// https://github.com/nomiddlename/log4js-node
// You can add as many appenders as you want here:
"logconfig" :
{ "appenders": [
{ "type": "console"
//, "category": "access"// only logs pad access
}
/*
, { "type": "file"
, "filename": "/var/log/eplite/etherpad-lite.log"
, "maxLogSize": 1024
, "backups": 30 // how many log files there're gonna be at max
//, "category": "test" // only log a specific category
}*/
/*
, { "type": "logLevelFilter"
, "level": "warn" // filters out all log messages that have a lower level than "error"
, "appender":
{ Use whatever appender you want here }
}*/
/*
, { "type": "logLevelFilter"
, "level": "error" // filters out all log messages that have a lower level than "error"
, "appender":
{ "type": "smtp"
, "subject": "An error occured in your EPL instance!"
, "recipients": "bar@blurdybloop.com, baz@blurdybloop.com"
, "sendInterval": 60*5 // in secs -- will buffer log messages; set to 0 to send a mail for every message
, "transport": "SMTP", "SMTP": { // see https://github.com/andris9/Nodemailer#possible-transport-methods
"host": "smtp.example.com", "port": 465,
"secureConnection": true,
"auth": {
"user": "foo@example.com",
"pass": "bar_foo"
}
}
}
}*/
] }
}

View File

@ -36,28 +36,37 @@
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
RewriteEngine on
RewriteCond %{HTTP_HOST} !<%= scope.lookupvar("etherpad_lite::apache::vhost_name") %>
RewriteRule ^.*$ https://<%= scope.lookupvar("etherpad_lite::apache::vhost_name") %> [L,R=301]
<IfModule mod_proxy.c>
# The following redirects "nice" urls such as https://etherpad.example.org/padname
# to https://etherpad.example.org/p/padname. It was problematic directly
# supporting "nice" urls as etherpad hardcodes /p/ in many places.
# Adapted from https://github.com/ether/etherpad-lite/wiki/How-to-put-Etherpad-Lite-behind-a-reverse-Proxy
RewriteEngine on
RewriteCond %{HTTP_HOST} !<%= scope.lookupvar("etherpad_lite::apache::vhost_name") %>
RewriteRule ^.*$ https://<%= scope.lookupvar("etherpad_lite::apache::vhost_name") %> [L,R=301]
RewriteRule ^/p/(.*)$ https://<%= scope.lookupvar("etherpad_lite::apache::vhost_name") %>/$1 [NC,L,R=301]
RewriteCond %{REQUEST_URI} !^/p/
RewriteCond %{REQUEST_URI} !^/static/
RewriteCond %{REQUEST_URI} !^/pluginfw/
RewriteCond %{REQUEST_URI} !^/javascripts/
RewriteCond %{REQUEST_URI} !^/socket.io/
RewriteCond %{REQUEST_URI} !^/ep/
RewriteCond %{REQUEST_URI} !^/minified/
RewriteCond %{REQUEST_URI} !^/api/
RewriteCond %{REQUEST_URI} !^/ro/
RewriteCond %{REQUEST_URI} !^/error/
RewriteCond %{REQUEST_URI} !^/jserror
RewriteCond %{REQUEST_URI} !/favicon.ico
RewriteCond %{REQUEST_URI} !/robots.txt
RewriteRule ^/+(.+)$ https://<%= scope.lookupvar("etherpad_lite::apache::vhost_name") %>/p/$1
RewriteCond %{REQUEST_URI} !^/p/
RewriteCond %{REQUEST_URI} !^/locales/
RewriteCond %{REQUEST_URI} !^/locales.json
RewriteCond %{REQUEST_URI} !^/admin
RewriteCond %{REQUEST_URI} !^/p/
RewriteCond %{REQUEST_URI} !^/static/
RewriteCond %{REQUEST_URI} !^/pluginfw/
RewriteCond %{REQUEST_URI} !^/javascripts/
RewriteCond %{REQUEST_URI} !^/socket.io/
RewriteCond %{REQUEST_URI} !^/ep/
RewriteCond %{REQUEST_URI} !^/minified/
RewriteCond %{REQUEST_URI} !^/api/
RewriteCond %{REQUEST_URI} !^/ro/
RewriteCond %{REQUEST_URI} !^/error/
RewriteCond %{REQUEST_URI} !^/jserror
RewriteCond %{REQUEST_URI} !/favicon.ico
RewriteCond %{REQUEST_URI} !/robots.txt
RewriteRule ^/+(.+)$ https://<%= scope.lookupvar("etherpad_lite::apache::vhost_name") %>/p/$1 [NC,L,R=301]
RewriteRule ^/(.*)$ http://localhost:9001/$1 [P]
ProxyPassReverse / http://localhost:9001/
RewriteRule ^/(.*)$ http://localhost:9001/$1 [P]
ProxyPassReverse / http://localhost:9001/
</IfModule>
</VirtualHost>
</IfModule>

View File

@ -26,6 +26,12 @@ define mysql_backup::backup (
}
}
if ! defined(Package['mysql-client']) {
package { 'mysql-client':
ensure => present,
}
}
cron { "${name}-backup":
ensure => present,
command => "/usr/bin/mysqldump --defaults-file=${defaults_file} --opt --ignore-table mysql.event --all-databases | gzip -9 > ${dest_dir}/${name}.sql.gz",

View File

@ -0,0 +1,67 @@
# == Define: mysql_backup::backup_remote
#
# Arguments determine when backups should be taken, where they should
# be located, and how often they shouled be rotated. Additionally
# provide remote DB authentication details for that DB to be backed up.
# This define assumes that the mysqldump command is installed under
# /usr/bin. All reachable DBs and tables will be backed up.
#
define mysql_backup::backup_remote (
$database_host,
$database_user,
$database_password,
$minute = '0',
$hour = '0',
$day = '*',
$dest_dir = '/var/backups/mysql_backups',
$rotation = 'daily',
$num_backups = '30'
) {
# Wrap in check as there may be mutliple backup defines backing
# up to the same dir.
if ! defined(File[$dest_dir]) {
file { $dest_dir:
ensure => directory,
mode => '0755',
owner => 'root',
group => 'root',
}
}
$defaults_file = "/root/.${name}_db.cnf"
file { $defaults_file:
ensure => present,
mode => '0400',
owner => 'root',
group => 'root',
content => template('mysql_backup/my.cnf.erb'),
}
if ! defined(Package['mysql-client']) {
package { 'mysql-client':
ensure => present,
}
}
cron { "${name}-backup":
ensure => present,
command => "/usr/bin/mysqldump --defaults-file=${defaults_file} --opt --ignore-table mysql.event --all-databases | gzip -9 > ${dest_dir}/${name}.sql.gz",
minute => $minute,
hour => $hour,
weekday => $day,
require => [
File[$dest_dir],
File[$defaults_file],
],
}
include logrotate
logrotate::file { "${name}-rotate":
log => "${dest_dir}/${name}.sql.gz",
options => [
'nocompress',
"rotate ${num_backups}",
$rotation,
],
require => Cron["${name}-backup"],
}
}

View File

@ -0,0 +1,4 @@
[client]
host=<%= database_host %>
user=<%= database_user %>
password=<%= database_password %>

View File

@ -1,8 +1,11 @@
class openstack_project::etherpad (
$mysql_password,
$ssl_cert_file_contents = '',
$ssl_key_file_contents = '',
$ssl_chain_file_contents = '',
$database_password = '',
$mysql_host = 'localhost',
$mysql_user = 'eplite',
$mysql_db_name = 'etherpad-lite',
$sysadmins = []
) {
class { 'openstack_project::server':
@ -11,9 +14,6 @@ class openstack_project::etherpad (
}
include etherpad_lite
mysql_backup::backup { 'etherpad-lite':
require => Class['etherpad_lite'],
}
class { 'etherpad_lite::apache':
ssl_cert_file => '/etc/ssl/certs/etherpad.openstack.org.pem',
@ -25,11 +25,21 @@ class openstack_project::etherpad (
}
class { 'etherpad_lite::site':
database_password => $database_password,
database_host => $mysql_host,
database_user => $mysql_user,
database_name => $mysql_db_name,
database_password => $mysql_password,
}
class { 'etherpad_lite::mysql':
database_password => $database_password,
etherpad_lite::plugin { 'ep_headings':
require => Class['etherpad_lite'],
}
mysql_backup::backup_remote { 'etherpad-lite':
database_host => $mysql_host,
database_user => $mysql_user,
database_password => $mysql_password,
require => Class['etherpad_lite'],
}
}

View File

@ -1,5 +1,8 @@
class openstack_project::etherpad_dev (
$database_password = '',
$mysql_password,
$mysql_host = 'localhost',
$mysql_user = 'eplite',
$mysql_db_name = 'etherpad-lite',
$sysadmins = []
) {
class { 'openstack_project::server':
@ -7,21 +10,7 @@ class openstack_project::etherpad_dev (
sysadmins => $sysadmins
}
class { 'etherpad_lite':
# Use the version running on the prod server.
eplite_version => '4195e11a41c5992bc555cef71246800bceaf1915',
# Use the version running on the prod server.
nodejs_version => 'v0.6.16',
# Once dev install is working replace the above parameters with
# the following to test automated upgrade by puppet.
# eplite_version => '1.1.4',
# nodejs_version => 'v0.8.14',
ep_headings => true
}
mysql_backup::backup { 'etherpad-lite':
require => Class['etherpad_lite'],
}
include etherpad_lite
class { 'etherpad_lite::apache':
ssl_cert_file => '/etc/ssl/certs/ssl-cert-snakeoil.pem',
@ -30,11 +19,21 @@ class openstack_project::etherpad_dev (
}
class { 'etherpad_lite::site':
database_password => $database_password,
database_host => $mysql_host,
database_user => $mysql_user,
database_name => $mysql_db_name,
database_password => $mysql_password,
}
class { 'etherpad_lite::mysql':
database_password => $database_password,
etherpad_lite::plugin { 'ep_headings':
require => Class['etherpad_lite'],
}
mysql_backup::backup_remote { 'etherpad-lite-dev':
database_host => $mysql_host,
database_user => $mysql_user,
database_password => $mysql_password,
require => Class['etherpad_lite'],
}
}