opendev/system-config
Code Issues Proposed changes
70467d8a82
system-config/modules/openstack_project/manifests/ask.pp
Ian Wienand f9184ce323 ask: stream db backup 
Despite be deprecated, the ask server is our 3rd biggest backup.  Even
though the site is R/O we're still backing up the fresh rotations of
the gzipped backups every day.

To reduce the incremental space requirements, move to our plain-text
streaming for the db backup.  This just needs a file dropped in /etc;
see the backup-borg role README documentation.  We do this in puppet
to avoid complexity adding this deprecated service to ansible.  This
then excludes the on-disk db backup dir.

Drop the bup backups while we are here.

Change-Id: Icfd81aca58b9a0dc3a3b74de04c1b00f03160327
2021-02-05 13:24:57 +11:00

207 lines
6.2 KiB
Puppet
Raw Blame History

# == Class: openstack_project::ask
#
# ask.openstack.org Q&A support website
#
class openstack_project::ask (
$db_password,
$redis_password,
$site_ssl_cert_file_contents,
$site_ssl_key_file_contents,
$site_ssl_chain_file_contents,
$db_name = 'askbotdb',
$db_user = 'ask',
$redis_port = '6378',
$redis_max_memory = '512m',
$redis_bind = '127.0.0.1',
$solr_version = '4.10.4',
$askbot_revision = '87086ebcefc5be29e80d3228e465e6bec4523fcf'
) {
if $::lsbdistcodename == "xenial" {
# NOTE(ianw) This is a horrible, horrible hack because puppet-solr
# has not been updated to handle Xenial where jetty split into a
# jetty8 package. This equivs deb pre-depends on jetty8, and sets
# up a few links to fool (confuse?) puppet-solr enough to install
# and run...
file { '/root/jetty_1.0_all.deb':
ensure => present,
owner => 'root',
group => 'root',
mode => '0644',
source => 'puppet:///modules/openstack_project/ask/jetty_1.0_all.deb'
}
package { 'jetty':
provider => dpkg,
ensure => present,
source => "/root/jetty_1.0_all.deb",
require => File['/root/jetty_1.0_all.deb']
}
}
file { '/srv/dist':
ensure => directory,
owner => 'root',
group => 'root',
mode => '0755',
}
# solr search engine
file { '/srv/dist/solr':
ensure => directory,
owner => 'root',
group => 'root',
mode => '0755',
require => File['/srv/dist'],
}
class { 'solr':
mirror => 'https://archive.apache.org/dist/lucene/solr',
version => $solr_version,
cores => [ 'core-default', 'core-en', 'core-zh' ],
dist_root => '/srv/dist/solr',
require => File['/srv/dist/solr'],
}
file { '/usr/share/solr/core-en/conf/schema.xml':
ensure => present,
content => template('openstack_project/askbot/schema.en.xml.erb'),
replace => true,
owner => 'jetty',
group => 'jetty',
mode => '0644',
require => File['/usr/share/solr/core-zh/conf'],
}
file { '/usr/share/solr/core-zh/conf/schema.xml':
ensure => present,
content => template('openstack_project/askbot/schema.cn.xml.erb'),
replace => true,
owner => 'jetty',
group => 'jetty',
mode => '0644',
require => File['/usr/share/solr/core-en/conf'],
}
# deploy smartcn Chinese analyzer from solr contrib/analysys-extras
file { "/usr/share/solr/WEB-INF/lib/lucene-analyzers-smartcn-${solr_version}.jar":
ensure => present,
replace => 'no',
source => "/srv/dist/solr/solr-${solr_version}/contrib/analysis-extras/lucene-libs/lucene-analyzers-smartcn-${solr_version}.jar",
owner => 'root',
group => 'root',
mode => '0644',
require => [ Exec['copy-solr'], File['/srv/dist/solr'] ],
}
# postgresql database
class { 'postgresql::server': }
postgresql::server::db { $db_name:
user => $db_user,
password => postgresql_password($db_user, $db_password),
}
# Streaming backup of db; see borg-backup role
file { '/etc/borg-streams':
ensure => directory,
owner => 'root',
group => 'root',
mode => '0755',
}
file { '/etc/borg-streams/pgsql':
ensure => file,
owner => 'root',
group => 'root',
mode => '0755',
content => '/usr/bin/pg_dump -h localhost -U ask -p 5432 askbotdb',
require => File['/etc/borg-streams'],
}
# redis cache
class { 'redis':
redis_port => $redis_port,
redis_max_memory => $redis_max_memory,
redis_bind => $redis_bind,
redis_password => $redis_password,
version => '2.8.4',
before => Class['askbot'],
}
# askbot site
class { 'askbot':
askbot_revision => $askbot_revision,
db_provider => 'pgsql',
db_name => $db_name,
db_user => $db_user,
db_password => $db_password,
redis_enabled => true,
redis_port => $redis_port,
redis_max_memory => $redis_max_memory,
redis_bind => $redis_bind,
redis_password => $redis_password,
custom_theme_enabled => true,
custom_theme_name => 'os',
site_name => 'ask.openstack.org',
askbot_debug => false,
solr_enabled => true,
site_ssl_enabled => true,
site_ssl_cert_file => '/etc/ssl/certs/ask.openstack.org.pem',
site_ssl_key_file => '/etc/ssl/private/ask.openstack.org.key',
site_ssl_chain_file => '/etc/ssl/certs/ask.openstack.org_ca.pem',
site_ssl_cert_file_contents => $site_ssl_cert_file_contents,
site_ssl_key_file_contents => $site_ssl_key_file_contents,
site_ssl_chain_file_contents => $site_ssl_chain_file_contents,
template_settings => 'openstack_project/askbot/settings.py.erb',
}
# askbot-theme openstack theme
git { 'askbot-theme':
ensure => present,
path => '/srv/askbot-site/themes',
branch => 'master',
origin => 'https://opendev.org/opendev/askbot-theme',
latest => true,
require => [
File['/srv/askbot-site'], Package['git']
],
before => Exec['askbot-syncdb'],
notify => [
Exec['theme-bundle-install-os'],
Exec['theme-bundle-compile-os'],
Exec['askbot-static-generate'],
],
}
askbot::theme::compass { 'os':
require => Git['askbot-theme'],
before => Exec['askbot-static-generate'],
}
# site backup
pgsql_backup::backup { $db_name:
database_user => $db_user,
database_password => $db_password,
require => Postgresql::Server::Db[$db_name],
num_backups => '10',
}
class { '::httpd::logrotate':
options => [
'daily',
'missingok',
'rotate 7',
'compress',
'delaycompress',
'notifempty',
'create 640 root adm',
],
postrotate => [
"if service ${::httpd::params::apache_name} status > /dev/null; then \\",
" service ${::httpd::params::apache_name} restart > /dev/null; fi; \\",
],
}
}
View Git Blame Copy Permalink