opendev/system-config
Code Issues Proposed changes
60522f90a2
system-config/modules/openstack_project/manifests/survey.pp
Jeremy Stanley d40c64cd0a Upgrade to LimeSurvey 3.15.6 
LimeSurvey releases early and often (yay!) but as a result we're
rather many versions behind just in the time it took us to finalize
our automation. Upgrade to the latest tagged version now. Also
switch to downloading from limesurvey.org instead of github.com as
the latter seems to only house a (delayed) mirror of their releases.
The updated location also implies slightly different file naming, so
a few of the Puppet execs dealing with retrieval and unpacking that
file have to be adjusted to match.

Change-Id: Ib6faa4cedcef6685f6992d61de9a29cd72f05aa2
2019-01-16 18:47:57 +00:00

219 lines
6.1 KiB
Puppet
Raw Blame History

# Copyright 2016 Markus Opolka <markus@martiablog.de>
# Copyright 2018 Anita Kuno <anteaya@anteaya.info>
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# Inspiration for this patch as well as portions of it
# come from the work of Markus Opolka and his
# LimeSurvey Puppet module:
# https://github.com/martialblog/puppet-limesurvey
#
class openstack_project::survey (
$vhost_name = $::fqdn,
$ssl_cert_file = '/etc/ssl/certs/survey.openstack.org.pem',
$ssl_key_file = '/etc/ssl/private/survey.openstack.org.key',
$ssl_chain_file = '/etc/ssl/certs/intermediate.pem',
$ssl_cert_file_contents = '',
$ssl_key_file_contents = '',
$ssl_chain_file_contents = '',
$dbpassword = '',
$dbhost = '',
# Table containing openid auth details. If undef not enabled
# Example dict:
# {
# banner => "Welcome",
# singleIdp => "https://openstackid.org",
# trusted => '^https://openstackid.org/.*$',
# any_valid_user => false,
# users => ['https://openstackid.org/foo',
# 'https://openstackid.org/bar'],
# }
# Note that if you care which users get access set any_valid_user to false
# and then provide an explicit list of openids in the users list. Otherwise
# set any_valid_user to true and any successfully authenticated user will
# get access.
$auth_openid = undef,
$docroot = '/var/www',
$runtime_dir_mode = '0755',
$download_url = 'https://download.limesurvey.org/latest-stable-release/',
$version = '3.15.6+190108',
$www_group = 'www-data',
$www_user = 'www-data',
# These are required for bootstrapping, so do not have defaults.
$adminuser,
$adminpass,
$adminmail,
) {
$distro_packages = [
'libapache2-mod-php',
'php',
'php-gd',
'php-imap',
'php-ldap',
'php-mbstring',
'php-mcrypt',
'php-mysql',
'php-xml',
'php-zip',
'ssl-cert',
]
package { $distro_packages:
ensure => present,
}
exec { 'limesurvey-download':
path => '/bin:/usr/bin',
creates => "${docroot}/tmp/runtime",
command => "bash -c 'cd /tmp; wget ${download_url}limesurvey${version}.tar.gz'",
require => File[$docroot],
user => $www_user,
}
exec { 'limesurvey-unzip':
path => '/bin:/usr/bin',
cwd => '/tmp',
creates => "${docroot}/tmp/runtime",
command => "bash -c 'cd /tmp; tar zxf /tmp/limesurvey${version}.tar.gz -C ${docroot} --strip-components=1'",
notify => Exec['limesurvey-install'],
require => Exec['limesurvey-download'],
user => $www_user,
}
exec { 'limesurvey-install':
command => "/usr/bin/php console.php install ${adminuser} ${adminpass} 'Default Administrator' ${adminmail}",
cwd => "${docroot}/application/commands",
refreshonly => true,
require => [
File["${docroot}/application/config/config.php"],
Package[$distro_packages],
],
user => $www_user,
}
file { "/tmp/limesurvey${version}.tar.gz":
ensure => absent,
require => Exec['limesurvey-unzip'],
}
file { "${docroot}/tmp/runtime/":
ensure => directory,
mode => $runtime_dir_mode,
require => Exec['limesurvey-install'],
}
file { "${docroot}/application/config/config.php":
ensure => present,
owner => $www_user,
group => $www_group,
mode => '0660',
content => template ('openstack_project/survey.config.php.erb'),
replace => true,
require => Exec['limesurvey-unzip'],
}
include ::httpd
::httpd::vhost { $vhost_name:
port => 443,
docroot => $docroot,
priority => '50',
template => 'openstack_project/survey.vhost.erb',
ssl => true,
}
if !defined(Httpd::Mod['rewrite']) {
httpd::mod { 'rewrite':
ensure => present,
}
}
if ($auth_openid != undef) {
if !defined(Package['libapache2-mod-auth-openid']) {
package { 'libapache2-mod-auth-openid':
ensure => present,
}
}
if !defined(Httpd::Mod['auth_openid']) {
# Workaround for https://bugs.debian.org/759209
file { '/etc/apache2/mods-available/auth_openid.load':
ensure => present,
content => 'LoadModule authopenid_module /usr/lib/apache2/modules/mod_auth_openid.so',
replace => true,
require => Package['libapache2-mod-auth-openid'],
}
httpd::mod { 'auth_openid':
ensure => present,
require => File['/etc/apache2/mods-available/auth_openid.load'],
}
}
}
file { $docroot:
ensure => directory,
owner => $www_user,
group => $www_group,
}
file { "${docroot}/robots.txt":
ensure => present,
source => 'puppet:///modules/openstack_project/disallow_robots.txt',
owner => 'root',
group => 'root',
mode => '0444',
require => File[$docroot],
}
file { '/etc/ssl/certs':
ensure => directory,
owner => 'root',
mode => '0755',
}
file { '/etc/ssl/private':
ensure => directory,
owner => 'root',
mode => '0700',
}
if $ssl_cert_file_contents != '' {
file { $ssl_cert_file:
owner => 'root',
group => 'root',
mode => '0640',
content => $ssl_cert_file_contents,
before => Httpd::Vhost[$vhost_name],
}
}
if $ssl_key_file_contents != '' {
file { $ssl_key_file:
owner => 'root',
group => 'ssl-cert',
mode => '0640',
content => $ssl_key_file_contents,
require => Package['ssl-cert'],
before => Httpd::Vhost[$vhost_name],
}
}
if $ssl_chain_file_contents != '' {
file { $ssl_chain_file:
owner => 'root',
group => 'root',
mode => '0640',
content => $ssl_chain_file_contents,
before => Httpd::Vhost[$vhost_name],
}
}
}
View Git Blame Copy Permalink