Alexandros Kosiaris has submitted this change and it was merged.
Change subject: etherpad: convert into a module
......................................................................
etherpad: convert into a module
Some heavy refactoring to achieve this.
Use the new ::apache module definitions
Reorganize into a module and role class
Drop server alias support
Update to the latest coding standards
Change-Id: I4826098f875045e10f1e0a5a69c9ea972dc8e9d8
---
D manifests/misc/etherpad.pp
A manifests/role/etherpad.pp
M manifests/site.pp
R modules/etherpad/files/etherpad-robots.txt
A modules/etherpad/manifests/init.pp
R modules/etherpad/templates/settings.json.erb
R templates/misc/etherpad.wikimedia.org.erb
7 files changed, 130 insertions(+), 136 deletions(-)
Approvals:
Alexandros Kosiaris: Looks good to me, approved
jenkins-bot: Verified
diff --git a/manifests/misc/etherpad.pp b/manifests/misc/etherpad.pp
deleted file mode 100644
index cf8d0dc..0000000
--- a/manifests/misc/etherpad.pp
+++ /dev/null
@@ -1,110 +0,0 @@
-# Etherpad
-
-class misc::etherpad_lite {
-
- include passwords::etherpad_lite
-
- $etherpad_db_user = $passwords::etherpad_lite::etherpad_db_user
- $etherpad_db_host = $passwords::etherpad_lite::etherpad_db_host
- $etherpad_db_name = $passwords::etherpad_lite::etherpad_db_name
- $etherpad_db_pass = $passwords::etherpad_lite::etherpad_db_pass
-
- if $::realm == 'labs' {
- $etherpad_host = $fqdn
- $etherpad_ssl_cert = '/etc/ssl/certs/ssl-cert-snakeoil.pem'
- $etherpad_ssl_key = '/etc/ssl/private/ssl-cert-snakeoil.key'
- } else {
- $etherpad_host = 'etherpad.wikimedia.org'
- $etherpad_serveraliases = 'epl.wikimedia.org'
- install_certificate{ 'etherpad.wikimedia.org': ca => 'RapidSSL_CA.pem'
}
- $etherpad_ssl_cert = '/etc/ssl/certs/etherpad.wikimedia.org.pem'
- $etherpad_ssl_key = '/etc/ssl/private/etherpad.wikimedia.org.key'
- }
-
- $etherpad_ip = '127.0.0.1'
- $etherpad_port = '9001'
-
- system::role { 'misc::etherpad_lite': description => 'Etherpad-lite
server' }
-
- file {
- '/etc/apache2/sites-enabled/etherpad.wikimedia.org':
- ensure => present,
- mode => '0444',
- owner => 'root',
- group => 'root',
- notify => Service['apache2'],
- content =>
template('apache/sites/etherpad_lite.wikimedia.org.erb'),
- }
- file {
- '/usr/share/etherpad-lite/src/static/robots.txt':
- ensure => present,
- mode => '0444',
- owner => 'root',
- group => 'root',
- source => 'puppet:///files/misc/etherpad-robots.txt',
- }
-
-
- # FIX ME - move this to a common role to avoid duplicate defs
- include ::apache::mod::rewrite
- include ::apache::mod::proxy
- include ::apache::mod::proxy_http
- include ::apache::mod::ssl
-
- package { 'etherpad-lite':
- ensure => latest;
- }
- service { 'etherpad-lite':
- ensure => running,
- require => Package['etherpad-lite'],
- subscribe => File['/etc/etherpad-lite/settings.json'],
- enable => true;
- }
-
- # Icinga process monitoring, RT #5790
- monitor_service { 'etherpad-lite-proc':
- description => 'etherpad_lite_process_running',
- check_command => 'nrpe_check_etherpad_lite';
- }
-
- monitor_service { 'etherpad-lite-http':
- description => 'etherpad.wikimedia.org',
- check_command => 'check_http_url!etherpad.wikimedia.org!/',
- }
-
- monitor_service { 'etherpad-lite-https':
- description => 'https.etherpad.wikimedia.org',
- check_command =>
'check_https_url_for_string!etherpad.wikimedia.org!/p/Etherpad!\'<title>Etherpad\'',
- }
-
-
-
-
- #FIXME
- #service { apache2:
- # enable => true,
- # ensure => running;
- #}
-
- file {
- '/etc/etherpad-lite/settings.json':
- require => Package['etherpad-lite'],
- owner => 'root',
- group => 'root',
- mode => '0444',
- content => template('etherpad_lite/settings.json.erb');
- }
-
- ferm::service { 'etherpad_http':
- proto => 'tcp',
- port => '80',
- }
-
- ferm::service { 'etherpad_https':
- proto => 'tcp',
- port => '443',
- }
-
-
-}
-
diff --git a/manifests/role/etherpad.pp b/manifests/role/etherpad.pp
new file mode 100644
index 0000000..6900174
--- /dev/null
+++ b/manifests/role/etherpad.pp
@@ -0,0 +1,73 @@
+class role::etherpad{
+
+ include passwords::etherpad_lite
+ include webserver::apache
+
+ system::role { 'etherpad':
+ description => 'Etherpad-lite server'
+ }
+
+ $etherpad_ip = '127.0.0.1'
+ $etherpad_port = '9001'
+
+ case $::realm {
+ 'labs': {
+ $etherpad_host = $::fqdn
+ $etherpad_ssl_cert = '/etc/ssl/certs/ssl-cert-snakeoil.pem'
+ $etherpad_ssl_key = '/etc/ssl/private/ssl-cert-snakeoil.key'
+ }
+ 'production': {
+ $etherpad_host = 'etherpad.wikimedia.org'
+ install_certificate{ 'etherpad.wikimedia.org': }
+ $etherpad_ssl_cert = '/etc/ssl/certs/etherpad.wikimedia.org.pem'
+ $etherpad_ssl_key = '/etc/ssl/private/etherpad.wikimedia.org.key'
+ }
+ 'default': {
+ fail('unknown realm, should be labs or production')
+ }
+ }
+
+ class { '::etherpad':
+ etherpad_host => $etherpad_host,
+ etherpad_ip => $etherpad_ip,
+ etherpad_port => $etherpad_port,
+ etherpad_db_user => $passwords::etherpad_lite::etherpad_db_user,
+ etherpad_db_host => $passwords::etherpad_lite::etherpad_db_host,
+ etherpad_db_name => $passwords::etherpad_lite::etherpad_db_name,
+ etherpad_db_pass => $passwords::etherpad_lite::etherpad_db_pass,
+ }
+
+ include ::apache::mod::rewrite
+ include ::apache::mod::proxy
+ include ::apache::mod::proxy_http
+ include ::apache::mod::ssl
+
+ ::apache::site { 'etherpad.wikimedia.org':
+ content => template('misc/etherpad.wikimedia.org.erb'),
+ }
+
+ # Icinga process monitoring, RT #5790
+ nrpe::monitor_service { 'etherpad-lite-proc':
+ description => 'etherpad_lite_process_running',
+ nrpe_command => "/usr/lib/nagios/plugins/check_procs -c 1:1
--ereg-argument-array='^node node_modules/ep_etherpad-lite/node/server.js'",
+ }
+
+ monitor_service { 'etherpad-lite-http':
+ description => 'etherpad.wikimedia.org',
+ check_command => 'check_http_url!etherpad.wikimedia.org!/',
+ }
+ monitor_service { 'etherpad-lite-https':
+ description => 'etherpad.wikimedia.org',
+ check_command =>
'check_https_url_for_string!etherpad.wikimedia.org!//p/Etherpad!\'<title>Etherpad\'',
+ }
+
+ ferm::service { 'etherpad_http':
+ proto => 'tcp',
+ port => 'http',
+ }
+
+ ferm::service { 'etherpad_https':
+ proto => 'tcp',
+ port => 'https',
+ }
+}
diff --git a/manifests/site.pp b/manifests/site.pp
index fbb2905..baedc34 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -2884,7 +2884,7 @@
include admin
include role::planet
include misc::outreach::civicrm # contacts.wikimedia.org
- include misc::etherpad_lite
+ include role::etherpad
include role::wikimania_scholarships
include role::bugzilla
diff --git a/files/misc/etherpad-robots.txt
b/modules/etherpad/files/etherpad-robots.txt
similarity index 100%
rename from files/misc/etherpad-robots.txt
rename to modules/etherpad/files/etherpad-robots.txt
diff --git a/modules/etherpad/manifests/init.pp
b/modules/etherpad/manifests/init.pp
new file mode 100644
index 0000000..e66393b
--- /dev/null
+++ b/modules/etherpad/manifests/init.pp
@@ -0,0 +1,36 @@
+# Install and manage Etherpad Lite
+
+class etherpad(
+ $etherpad_host,
+ $etherpad_ip,
+ $etherpad_port,
+ $etherpad_db_user,
+ $etherpad_db_host,
+ $etherpad_db_name,
+ $etherpad_db_pass,
+ ){
+
+ package { 'etherpad-lite':
+ ensure => 'latest',
+ }
+
+ service { 'etherpad-lite':
+ ensure => running,
+ enable => true,
+ require => Package['etherpad-lite'],
+ subscribe => File['/etc/etherpad-lite/settings.json'],
+ }
+
+ file { '/etc/etherpad-lite/settings.json':
+ require => Package['etherpad-lite'],
+ content => template('etherpad/settings.json.erb'),
+ }
+
+ file { '/usr/share/etherpad-lite/src/static/robots.txt':
+ ensure => present,
+ owner => 'root',
+ group => 'root',
+ mode => '0444',
+ source => 'puppet:///modules/etherpad/etherpad-robots.txt',
+ }
+}
diff --git a/templates/etherpad_lite/settings.json.erb
b/modules/etherpad/templates/settings.json.erb
similarity index 71%
rename from templates/etherpad_lite/settings.json.erb
rename to modules/etherpad/templates/settings.json.erb
index 6bf99e9..81ebf2f 100644
--- a/templates/etherpad_lite/settings.json.erb
+++ b/modules/etherpad/templates/settings.json.erb
@@ -1,15 +1,15 @@
{
"title": "Etherpad",
"favicon": "favicon.ico",
- "ip": "<%= etherpad_ip %>",
- "port": <%= etherpad_port %>,
+ "ip": "<%= @etherpad_ip %>",
+ "port": <%= @etherpad_port %>,
"dbType": "mysql",
"dbSettings": {
- "user": "<%= etherpad_db_user %>",
- "host": "<%= etherpad_db_host %>",
- "password": "<%= etherpad_db_pass %>",
- "database": "<%= etherpad_db_name %>"
+ "user": "<%= @etherpad_db_user %>",
+ "host": "<%= @etherpad_db_host %>",
+ "password": "<%= @etherpad_db_pass %>",
+ "database": "<%= @etherpad_db_name %>"
},
"defaultPadText": "",
diff --git a/templates/apache/sites/etherpad_lite.wikimedia.org.erb
b/templates/misc/etherpad.wikimedia.org.erb
similarity index 70%
rename from templates/apache/sites/etherpad_lite.wikimedia.org.erb
rename to templates/misc/etherpad.wikimedia.org.erb
index 91944a1..9cb608f 100644
--- a/templates/apache/sites/etherpad_lite.wikimedia.org.erb
+++ b/templates/misc/etherpad.wikimedia.org.erb
@@ -1,15 +1,12 @@
#####################################################################
-### THIS FILE IS MANAGED BY PUPPET
-### puppet:///templates/apache/sites/etherpad_lite.wikimedia.org.erb
-#####################################################################
+#### THIS FILE IS MANAGED BY PUPPET
+#### puppet:///templates/etherpad.wikimedia.org.erb
+######################################################################
# vim: filetype=apache
<VirtualHost *:80>
ServerName <%= @etherpad_host %>
-<% if @etherpad_serveraliases -%>
- ServerAlias <%= @etherpad_serveraliases %>
-<% end -%>
RewriteEngine on
ProxyVia On
@@ -17,7 +14,7 @@
ProxyPass / http://<%= @etherpad_ip %>:<%= @etherpad_port %>/ retry=15
ProxyPassReverse / http://<%= @etherpad_ip %>:<%= @etherpad_port %>/
ProxyPreserveHost On
- RewriteRule /p/*$ https://etherpad.wikimedia.org/ [NC,L]
+ RewriteRule /p/*$ https://<%= @etherpad_host %>/ [NC,L]
RewriteCond %{REQUEST_URI} !^/locales/
RewriteCond %{REQUEST_URI} !^/locales.json
RewriteCond %{REQUEST_URI} !^/admin
@@ -34,10 +31,10 @@
RewriteCond %{REQUEST_URI} !^/jserror
RewriteCond %{REQUEST_URI} !/favicon.ico
RewriteCond %{REQUEST_URI} !/robots.txt
- RewriteRule ^/+(.+)$ https://etherpad.wikimedia.org/p/$1 [L]
+ RewriteRule ^/+(.+)$ https://<%= @etherpad_host %>/p/$1 [L]
- RewriteCond %{HTTP_HOST} !etherpad.wikimedia.org
- RewriteRule ^/+(.+)$ https://etherpad.wikimedia.org/$1 [R=301,L]
+ RewriteCond %{HTTP_HOST} !<%= @etherpad_host %>
+ RewriteRule ^/+(.+)$ https://<%= @etherpad_host %>/$1 [R=301,L]
<Proxy *>
Options FollowSymLinks MultiViews
@@ -48,16 +45,14 @@
</VirtualHost>
-<VirtualHost *:443>
+
+<VirtualHost *:80>
ServerName <%= @etherpad_host %>
-<% if @etherpad_serveraliases -%>
- ServerAlias <%= @etherpad_serveraliases %>
-<% end -%>
SSLEngine on
SSLProtocol +ALL -SSLv2
- SSLCipherSuite
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!DH
+ SSLCipherSuite
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDH
SSLHonorCipherOrder on
SSLCertificateFile <%= @etherpad_ssl_cert %>
SSLCertificateKeyFile <%= @etherpad_ssl_key %>
@@ -69,7 +64,7 @@
ProxyPass / http://<%= @etherpad_ip %>:<%= @etherpad_port %>/ retry=15
ProxyPassReverse / http://<%= @etherpad_ip %>:<%= @etherpad_port %>/
ProxyPreserveHost On
- RewriteRule /p/*$ https://etherpad.wikimedia.org/ [NC,L]
+ RewriteRule /p/*$ https://<%= @etherpad_host %>/ [NC,L]
RewriteCond %{REQUEST_URI} !^/locales/
RewriteCond %{REQUEST_URI} !^/locales.json
RewriteCond %{REQUEST_URI} !^/admin
@@ -86,10 +81,10 @@
RewriteCond %{REQUEST_URI} !^/jserror
RewriteCond %{REQUEST_URI} !/favicon.ico
RewriteCond %{REQUEST_URI} !/robots.txt
- RewriteRule ^/+(.+)$ https://etherpad.wikimedia.org/p/$1 [L]
+ RewriteRule ^/+(.+)$ https://<%= @etherpad_host %>/p/$1 [L]
- RewriteCond %{HTTP_HOST} !etherpad.wikimedia.org
- RewriteRule ^/+(.+)$ https://etherpad.wikimedia.org/$1 [R=301,L]
+ RewriteCond %{HTTP_HOST} !<%= @etherpad_host %>
+ RewriteRule ^/+(.+)$ https://<%= @etherpad_host %>/$1 [R=301,L]
<Proxy *>
Options FollowSymLinks MultiViews
--
To view, visit https://gerrit.wikimedia.org/r/107567
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I4826098f875045e10f1e0a5a69c9ea972dc8e9d8
Gerrit-PatchSet: 27
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Matanya <mata...@foss.co.il>
Gerrit-Reviewer: Alexandros Kosiaris <akosia...@wikimedia.org>
Gerrit-Reviewer: Andrew Bogott <abog...@wikimedia.org>
Gerrit-Reviewer: Dzahn <dz...@wikimedia.org>
Gerrit-Reviewer: Mark Bergsma <m...@wikimedia.org>
Gerrit-Reviewer: Matanya <mata...@foss.co.il>
Gerrit-Reviewer: Ori.livneh <o...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
