26 Commits

Author SHA1 Message Date
Jenkins
e189ea41c6 Merge "Only include selinux bits on rhel-based systems" 2014-06-11 00:24:34 +00:00
K Jonathan Harker
5f58803b8d Use the correct name for apache
The name of the apache package and service are different on different
operating systems. Fortunately, the apache module populates a variable
with the correct name for us. This is also true of the apache ssl
package.

Change-Id: I7d93e56281f828cba9262c135b0beb43dce9748a
2014-06-04 17:33:50 -07:00
K Jonathan Harker
c29a9dd8df Only include selinux bits on rhel-based systems
The gate-config-puppet-apply test will try to run everything on a
bare-precise node, so even though this doesn't occur in production it is
being tested.

Change-Id: I13b03a7476e30cbb26dc820bb4cf5b56c4018669
2014-05-30 15:36:07 -07:00
Manuel Desbonnet
e39b5ce777 Add serveraliases to cgit vhost template
Allow for specifying ServerAlias entries in the apache
vhost for the cgit puppet module.
(vhost template section lifted from the puppetlabs-apache v0.0.4
vhost-default template).

Change-Id: If7c297247b9556458154e4d01a1e0165a25a14b5
2014-05-16 08:30:29 +01:00
Clark Boylan
85c01e9f50 Update git.o.o configs for better rolling reboots
* modules/openstack_project/manifests/git.pp: Give the haproxy stats
socket admin level permissions. Make the socket owned by user root and
group root with mode of 0600. This is necessary to provide instructions
to enable and disable backend servers through the stats socket. Also,
install socat on this server so that commands can be given through the
stats socket.

* modules/openstack_project/manifests/git.pp: Enable git-daemon service
so that it starts running at boot.

Change-Id: Ic38114bdbd9fd1e9ab711e636deaadb15f9c7fe3
2013-10-25 11:18:22 -07:00
Elizabeth Krumbach Joseph
c2879e7da6 Add basic syntax highlighting to cgit
* modules/cgit/manifests/init.pp: Add highlight package
dependency to cgit server

 * modules/openstack_project/files/git/cgitrc: Enable syntax
highlighting option

 * modules/openstack_project/files/git/openstack.css: Add basic
syntax highlighting, copied from CSS that used to ship with
cgit by default

Closes-Bug: #1228361

Change-Id: Ic496215b5782527ac8159dedf639e549debeed2b
2013-09-30 12:39:21 -07:00
Jenkins
5dcb45e758 Merge "Move location of haproxy rsyslog conf file." 2013-08-29 00:22:14 +00:00
Mathieu Gagné
ae3d3d1ff4 Configure cgit to show git notes
Change-Id: Id76bfa2b269591b6c125b31584542962d32fb048
2013-08-28 18:58:25 -04:00
Clark Boylan
1c0c4b18df Move location of haproxy rsyslog conf file.
The haproxy rsyslog config file was left in the cgit module despite
pulling the haproxy stuff out of cgit and putting it in
openstack_project. Move the rsyslog config file into the
openstack_project module where it belongs.

Change-Id: I0fc45f7497f0f2682bbc5c7ae0da546a71b67188
2013-08-28 15:53:38 -07:00
Clark Boylan
f22f8f5aa1 Split git.o.o haproxy out of cgit module.
* manifests/site.pp: Use distinct manifests for git.o.o and git.o.o
backends. This allows for the haproxy server to not serve git content
and purely be a load balancer.

* modules/cgit/manifests/init.pp: Remove haproxy from cgit module.
Remove stale xinetd cleanup. Select git daemon port when selecting
HTTP(S) ports.

* modules/openstack_project/manifests/git.pp: Make git.pp a manifest to
load balance git servers with haproxy.

* modules/openstack_project/manifests/git_backend.pp: New manifest to
manage servers that actually serve git content. They sit behind a load
balancer.

* modules/openstack_project/manifests/review.pp: Stop replicating repos
to git load balancer.

Change-Id: I343a0d1e0a7b93874c2e2299ed974a3304957efb
2013-08-26 12:05:26 -07:00
Jenkins
00d42e30e6 Merge "Add socat package to cgit servers" 2013-08-23 18:06:01 +00:00
Clark Boylan
08f4472336 Use the haproxy source balance method.
* modules/cgit/manifests/init.pp: HTTP(S) access to the git cluster may
end up making connections to different node members potentially causing
fetches to fail when a ref is visible on one node but not on another.
Fix this by using the source balance method. Every request from a single
host will be served by one backend node unless nodes are added or
removed.

Change-Id: Iedca1938277020b837eb1607e43013f5feb2ed2d
2013-08-22 14:59:15 -07:00
Elizabeth Krumbach Joseph
f44bc74cdf Add socat package to cgit servers
Add socat to cgit servers for git + haproxy debugging.

Change-Id: I6e6622d89fdab91829dfb8871fd013ed2ba79738
2013-08-22 13:48:25 -07:00
Clark Boylan
dea75ed695 Load balance git requests.
* install_modules.sh: Add puppetlabs-haproxy forge module.

* modules/cgit/manifests/init.pp: Add haproxy config to load balance
https, https and git protocol git access. Each git server will host git
http on port 8080, https on port 4443 and git protocol on 29418. These
endpoints will then be load balanced by a single haproxy instance
listening on ports 80, 443 and 9418. The use of haproxy and having
services listen on offset ports to accomodate haproxy is toggleable
using the $balance_git and $behind_proxy boolean flags.
Additionally, configure rsyslog for haproxy.

* modules/cgit/files/rsyslog.haproxy.conf: Enable syslog over UDP on
port 514. This is needed by haproxy to perform logging. Send local0
messages to /var/log/haproxy.log.

* modules/cgit/templates/ssl.conf.erb: Make Apache https listen port
configurable. Remove default virtualhost.

* modules/cgit/templates/httpd.conf.erb: Make Apache http listen port
configurable.

* modules/cgit/templates/git.vhost..erb: Make Apache http(s) listen
ports configuruable. Allow http without redirecting to https as a
fallback option to accomodate CentOS clients.

* modules/openstack_project/manifests/git.pp: Pass load balancer
variables through to the cgit manifest.

* manifests/site.pp: Configure git.o.o to run the load balancer haproxy
and balance across the new gitXX.o.o nodes.

Change-Id: Icefc5923cff9a7c6ce62c1923ec2ea87ebc6474a
2013-08-22 10:52:04 -07:00
Elizabeth Krumbach Joseph
a6e4c8952b Swap git daemon in xinetd for service
Add git-daemon init file to /etc/init.d and make sure the service
is started.

For transition, keep the git xinetd file and service defined but
switch git service to stopped, we can remove this later.

Change-Id: I0cf02c7292496e39695b80b00cdcb82ec7a61700
2013-08-22 10:03:05 -07:00
Elizabeth Krumbach Joseph
8dd215bece Add static web directory for cgit & initial files
Create and define a static directory for cgit to use.

Add initial favicon and logo files and include in cgitrc.

Also include custom CSS and background image.

Change-Id: If1e20d8e62557cc90aafbf92f4291b964400e029
2013-08-16 16:41:30 -07:00
Jeremy Stanley
ef54ed93c9 Serve repos via git+https outside of cgit
* modules/cgit/templates/git.vhost.erb: Add Apache aliases to the
git-http-backend CGI and static git files where possible. This makes
git clone, pull and fetch HTTPS URLs more consistent with their git
protocol counterparts.

* modules/openstack_project/files/git/cgitrc: Adjust the displayed
HTTPS clone URL in the WebUI to match.

Change-Id: Ibb4fd41191f33b615ed36f78e1951555a1c0dad1
2013-08-15 03:04:04 +00:00
Monty Taylor
60ef5a3fd0 Remove if module statements
Because of the way we're doing ssl on the centos, the ifmodule
statements evaluate to false. Remove them.

Change-Id: Iad771249c6dc5cf5ede493183f5cebb98c3deb69
2013-08-10 20:52:55 -03:00
Elizabeth Krumbach
3810e0b49e Enable ssl module in httpd on git.openstack.org
Adding CentOS ssl.conf and make sure mod_ssl package is
installed.

Change-Id: Ie891716b815a4b103aa1911696ee5b2cb8af13a4
2013-08-09 11:47:39 -07:00
Elizabeth Krumbach
9a07f307a7 Update httpd log directory in template for git.o.o
The ${APACHE_LOG_DIR} isn't expanding as I had expected on
the CentOS server, updating to default CentOS apache log
directory.

Change-Id: I8fc6ee5084e2ef69be9e888473155c865bdbdfd0
2013-08-07 22:14:02 -07:00
Elizabeth Krumbach
8b81e9d213 Add httpd ssl support to git.openstack.org
Certificates have been added to hiera, now adding the support for
https in a new apache file.

Change-Id: I8447d60a15779b103556e53f04accf671dbf4843
2013-08-06 16:26:52 -07:00
Clark Boylan
9173bc92d1 Add git-daemon to cgit server.
* modules/cgit/files/git.xinetd: Configure git xinetd

* modules/cgit/manifests/init.pp: Install git xinetd file and make sure the
* service is running.

Change-Id: I7686b1cacd257e2aa519885b969272055a74e48e
2013-08-05 11:01:22 -07:00
Elizabeth Krumbach
10a9f854fa Add /cgit rewrite for git server docroot
Update the cgit Apache config to make requests to
http://git.openstack.org be rewritten to go to /cgit

Change-Id: I3589868e9cb202f4d4b89378ca5e38ec57869b2c
2013-07-17 22:45:36 -07:00
Elizabeth Krumbach
16edba6c5f Fix restorecon exec on /var/lib/git
The restorecon command for selinux needed to require /var/lib/git
and the syntax is actually "File" rather than "Folder" here.

Also added refreshonly so it only runs when /var/lib/git changes.

Change-Id: I88f40dc3051d66ef9f9dc4d667474b8cc7d2a5f7
2013-07-17 17:54:36 -07:00
Elizabeth Krumbach
1aad376815 Remove httpd stanza from cgit
The cgit module is already calling the apache module which handles
making sure httpd is installed and running, pulling this from the
cgit module.

Change-Id: I51f724e7cf1e2b725c6af375fb1c8774045a0956
2013-07-17 10:41:04 -07:00
Elizabeth Krumbach
52732dd550 Add cgit web service and git server
Define git.openstack.org server and deploy cgit web service with
Apache on CentOS.

Change-Id: Id3c7c870e25e4202915bc081454896895084f9af
2013-07-16 09:55:11 -07:00