# Copyright 2016 Markus Opolka # Copyright 2018 Anita Kuno # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. # # Inspiration for this patch as well as portions of it # come from the work of Markus Opolka and his # LimeSurvey Puppet module: # https://github.com/martialblog/puppet-limesurvey # class openstack_project::survey ( $vhost_name = $::fqdn, $ssl_cert_file = '/etc/ssl/certs/survey.openstack.org.pem', $ssl_key_file = '/etc/ssl/private/survey.openstack.org.key', $ssl_chain_file = '/etc/ssl/certs/intermediate.pem', $ssl_cert_file_contents = '', $ssl_key_file_contents = '', $ssl_chain_file_contents = '', $dbpassword = '', $dbhost = '', # Table containing openid auth details. If undef not enabled # Example dict: # { # banner => "Welcome", # singleIdp => "https://openstackid.org", # trusted => '^https://openstackid.org/.*$', # any_valid_user => false, # users => ['https://openstackid.org/foo', # 'https://openstackid.org/bar'], # } # Note that if you care which users get access set any_valid_user to false # and then provide an explicit list of openids in the users list. Otherwise # set any_valid_user to true and any successfully authenticated user will # get access. $auth_openid = undef, $docroot = '/var/www', $runtime_dir_mode = '0755', $download_url = 'https://download.limesurvey.org/latest-stable-release/', $version = '3.15.6+190108', $www_group = 'www-data', $www_user = 'www-data', # These are required for bootstrapping, so do not have defaults. $adminuser, $adminpass, $adminmail, ) { $distro_packages = [ 'libapache2-mod-php', 'php', 'php-gd', 'php-imap', 'php-ldap', 'php-mbstring', 'php-mcrypt', 'php-mysql', 'php-xml', 'php-zip', 'ssl-cert', ] package { $distro_packages: ensure => present, } exec { 'limesurvey-download': path => '/bin:/usr/bin', creates => "${docroot}/tmp/runtime", command => "bash -c 'cd /tmp; wget ${download_url}limesurvey${version}.tar.gz'", require => File[$docroot], user => $www_user, } exec { 'limesurvey-unzip': path => '/bin:/usr/bin', cwd => '/tmp', creates => "${docroot}/tmp/runtime", command => "bash -c 'cd /tmp; tar zxf /tmp/limesurvey${version}.tar.gz -C ${docroot} --strip-components=1'", notify => Exec['limesurvey-install'], require => Exec['limesurvey-download'], user => $www_user, } exec { 'limesurvey-install': command => "/usr/bin/php console.php install ${adminuser} ${adminpass} 'Default Administrator' ${adminmail}", cwd => "${docroot}/application/commands", refreshonly => true, require => [ File["${docroot}/application/config/config.php"], Package[$distro_packages], ], user => $www_user, } file { "/tmp/limesurvey${version}.tar.gz": ensure => absent, require => Exec['limesurvey-unzip'], } file { "${docroot}/tmp/runtime/": ensure => directory, mode => $runtime_dir_mode, require => Exec['limesurvey-install'], } file { "${docroot}/application/config/config.php": ensure => present, owner => $www_user, group => $www_group, mode => '0660', content => template ('openstack_project/survey.config.php.erb'), replace => true, require => Exec['limesurvey-unzip'], } include ::httpd ::httpd::vhost { $vhost_name: port => 443, docroot => $docroot, priority => '50', template => 'openstack_project/survey.vhost.erb', ssl => true, } if !defined(Httpd::Mod['rewrite']) { httpd::mod { 'rewrite': ensure => present, } } if ($auth_openid != undef) { if !defined(Package['libapache2-mod-auth-openid']) { package { 'libapache2-mod-auth-openid': ensure => present, } } if !defined(Httpd::Mod['auth_openid']) { # Workaround for https://bugs.debian.org/759209 file { '/etc/apache2/mods-available/auth_openid.load': ensure => present, content => 'LoadModule authopenid_module /usr/lib/apache2/modules/mod_auth_openid.so', replace => true, require => Package['libapache2-mod-auth-openid'], } httpd::mod { 'auth_openid': ensure => present, require => File['/etc/apache2/mods-available/auth_openid.load'], } } } file { $docroot: ensure => directory, owner => $www_user, group => $www_group, } file { "${docroot}/robots.txt": ensure => present, source => 'puppet:///modules/openstack_project/disallow_robots.txt', owner => 'root', group => 'root', mode => '0444', require => File[$docroot], } file { '/etc/ssl/certs': ensure => directory, owner => 'root', mode => '0755', } file { '/etc/ssl/private': ensure => directory, owner => 'root', mode => '0700', } if $ssl_cert_file_contents != '' { file { $ssl_cert_file: owner => 'root', group => 'root', mode => '0640', content => $ssl_cert_file_contents, before => Httpd::Vhost[$vhost_name], } } if $ssl_key_file_contents != '' { file { $ssl_key_file: owner => 'root', group => 'ssl-cert', mode => '0640', content => $ssl_key_file_contents, require => Package['ssl-cert'], before => Httpd::Vhost[$vhost_name], } } if $ssl_chain_file_contents != '' { file { $ssl_chain_file: owner => 'root', group => 'root', mode => '0640', content => $ssl_chain_file_contents, before => Httpd::Vhost[$vhost_name], } } }