Dzahn has submitted this change and it was merged.

Change subject: phabricator: Configuration for Aphlict
......................................................................


phabricator: Configuration for Aphlict

Aphlict is the node.js-based websocket server that powers the
Phabricator real-time notification service refs T112765, T765

Bug: T112765
Change-Id: I182e2e28e38514cb03e8ac79192fe165ad6e6ee0
---
A modules/phabricator/files/logrotate_aphlict
A modules/phabricator/manifests/aphlict.pp
M modules/phabricator/manifests/init.pp
A modules/phabricator/templates/aphlict-config.json.erb
A modules/phabricator/templates/aphlict-upstart.conf.erb
A modules/phabricator/templates/aphlict.service.erb
M modules/role/manifests/phabricator/labs.pp
7 files changed, 194 insertions(+), 13 deletions(-)

Approvals:
  jenkins-bot: Verified
  Dzahn: Looks good to me, approved



diff --git a/modules/phabricator/files/logrotate_aphlict 
b/modules/phabricator/files/logrotate_aphlict
new file mode 100644
index 0000000..99b5672
--- /dev/null
+++ b/modules/phabricator/files/logrotate_aphlict
@@ -0,0 +1,8 @@
+/var/log/aphlict {
+    daily
+    compress
+    delaycompress
+    missingok
+    notifempty
+    rotate 7
+}
diff --git a/modules/phabricator/manifests/aphlict.pp 
b/modules/phabricator/manifests/aphlict.pp
new file mode 100644
index 0000000..0fe8615
--- /dev/null
+++ b/modules/phabricator/manifests/aphlict.pp
@@ -0,0 +1,110 @@
+# == Class: phabricator::aphlict
+# Aphlict is the phabricator real-time notification relay service.
+# Docs: https://secure.phabricator.com/book/phabricator/article/notifications/
+class phabricator::aphlict(
+    $ensure = 'present',
+    $user   = 'aphlict',
+    $group  = 'aphlict',
+) {
+    validate_ensure($ensure)
+
+    # packages
+    require_package('nodejs')
+
+    # paths
+    $basedir = $phabricator::phabdir
+    $phabdir = "${basedir}/phabricator/"
+    $aphlict_dir = "${phabdir}/support/aphlict/server"
+    $node_modules = "${aphlict_dir}/node_modules"
+    $aphlict_conf = "${basedir}/aphlict/config.json"
+    $aphlict_cmd = "${phabdir}/bin/aphlict start --config ${aphlict_conf}"
+
+    # Ordering
+    Package['nodejs'] -> File[$aphlict_conf] ~> Service['aphlict']
+    File['/var/run/aphlict/'] -> File['/var/log/aphlict/'] -> 
Service['aphlict']
+    User[$user] -> Service['aphlict']
+    File[$node_modules] ~> Service['aphlict']
+
+    if $ensure == 'present' {
+        $link = 'link'
+        $directory = 'directory'
+    } else {
+        $link = 'absent'
+        $directory = 'absent'
+    }
+
+
+    # Defines
+    file { $node_modules:
+        ensure => 'link',
+        target => "${basedir}/aphlict/node_modules",
+    }
+
+    file { $aphlict_conf:
+        ensure  => $ensure,
+        content => template('phabricator/aphlict-config.json.erb'),
+        owner   => $user,
+        group   => $group,
+        mode    => '0644',
+    }
+
+    if $::initsystem == 'upstart' {
+        # upstart init conf file
+        $init_file = '/etc/init/aphlict.conf'
+        $init_source = 'aphlict-upstart.conf.erb'
+    } else {
+        # systemd service unit
+        $init_file = '/etc/systemd/system/aphlict.service'
+        $init_source = 'aphlict.service.erb'
+    }
+
+    file { '/etc/init.d/aphlict':
+        ensure => $link,
+        target => "${phabdir}/bin/aphlict",
+    }
+
+    file { $init_file:
+        content => template("phabricator/${init_source}"),
+        mode    => '0644',
+        owner   => 'root',
+        group   => 'root',
+    }
+
+    service { 'aphlict':
+        ensure     => running,
+        provider   => $::initsystem,
+        hasrestart => true,
+    }
+
+    file { '/var/run/aphlict/':
+        ensure => $directory,
+        owner  => $user,
+        group  => $group,
+    }
+
+    file { '/var/log/aphlict/':
+        ensure => $directory,
+        owner  => $user,
+        group  => $group,
+    }
+
+    logrotate::conf { 'aphlict':
+        ensure  => $ensure,
+        source  => 'puppet:///modules/phabricator/logrotate_aphlict',
+        require => File['/var/log/aphlict/']
+    }
+
+    # accounts
+    group { $group:
+        ensure => $ensure,
+        system => true,
+    }
+
+    user { $user:
+        gid    => 'aphlict',
+        shell  => '/bin/false',
+        home   => '/var/run/aphlict',
+        system => true,
+    }
+
+}
diff --git a/modules/phabricator/manifests/init.pp 
b/modules/phabricator/manifests/init.pp
index 19987a4..299edb6 100644
--- a/modules/phabricator/manifests/init.pp
+++ b/modules/phabricator/manifests/init.pp
@@ -266,4 +266,8 @@
         hasrestart => true,
         require    => $base_requirements,
     }
+
+    if $phab_settings['notification.servers'] {
+        include phabricator::aphlict
+    }
 }
diff --git a/modules/phabricator/templates/aphlict-config.json.erb 
b/modules/phabricator/templates/aphlict-config.json.erb
new file mode 100644
index 0000000..9a219f9
--- /dev/null
+++ b/modules/phabricator/templates/aphlict-config.json.erb
@@ -0,0 +1,20 @@
+{
+  "servers": [
+    {
+      "type": "client",
+      "port": 22280,
+      "listen": "0.0.0.0"
+    },
+    {
+      "type": "admin",
+      "port": 22281,
+      "listen": "127.0.0.1"
+    }
+  ],
+  "logs": [
+    {
+      "path": "/var/log/aphlict/aphlict.log"
+    }
+  ],
+  "pidfile": "/var/run/aphlict/aphlict.pid"
+}
diff --git a/modules/phabricator/templates/aphlict-upstart.conf.erb 
b/modules/phabricator/templates/aphlict-upstart.conf.erb
new file mode 100644
index 0000000..aabd55b
--- /dev/null
+++ b/modules/phabricator/templates/aphlict-upstart.conf.erb
@@ -0,0 +1,19 @@
+# aphlict - Phabricator notification server
+#
+# Routes real-time notifications to websocket clients
+
+description "Phabricator notification websocket server"
+
+setuid <%= @user %>
+setgid <%= @group %>
+
+start on runlevel [2345]
+stop on runlevel [!2345]
+
+respawn
+respawn limit 10 5
+umask 022
+
+expect stop
+
+exec <%= @aphlict_cmd %>
diff --git a/modules/phabricator/templates/aphlict.service.erb 
b/modules/phabricator/templates/aphlict.service.erb
new file mode 100644
index 0000000..b02dbbc
--- /dev/null
+++ b/modules/phabricator/templates/aphlict.service.erb
@@ -0,0 +1,15 @@
+[Unit]
+Description=Aphlict - Phabricator notification service
+After=network.target auditd.service
+
+[Service]
+User=<%= @user %>
+Group=<%= @group %>
+ExecStart=<%= @aphlict_cmd %>
+ExecReload=/bin/kill -HUP $MAINPID
+KillMode=process
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
+Alias=aphlict.service
diff --git a/modules/role/manifests/phabricator/labs.pp 
b/modules/role/manifests/phabricator/labs.pp
index 48d2593..ba17212 100644
--- a/modules/role/manifests/phabricator/labs.pp
+++ b/modules/role/manifests/phabricator/labs.pp
@@ -1,28 +1,33 @@
 # phabricator instance on wmflabs at phab-0[1-9].wmflabs.org
 
-class role::phabricator::labs {
+class role::phabricator::labs(
+        $settings,
+) {
+    $role_settings = {
+        'darkconsole.enabled'             => true,
+        'phabricator.base-uri'            => 
"https://${::hostname}.wmflabs.org";,
+        'mysql.pass'                      => $mysqlpass,
+        'auth.require-email-verification' => false,
+        'metamta.mail-adapter'            => 
'PhabricatorMailImplementationTestAdapter',
+        'repository.default-local-path'   => '/srv/repos',
+        'phd.taskmasters'                 => 1,
+        'config.ignore-issues'            => '{
+                                                  
"security.security.alternate-file-domain": true
+                                              }',
+    }
 
+    $phab_settings = merge($settings, $role_settings)
     # pass not sensitive but has to match phab and db
     $mysqlpass = 'labspass'
     $phab_root_dir = '/srv/phab'
+
     class { '::phabricator':
         deploy_target => 'phabricator/deployment',
         phabdir       => $phab_root_dir,
         libraries     => ["${phab_root_dir}/libext/Sprint/src",
                           "${phab_root_dir}/libext/security/src",
                           "${phab_root_dir}/libext/misc/"],
-        settings      => {
-            'darkconsole.enabled'             => true,
-            'phabricator.base-uri'            => 
"https://${::hostname}.wmflabs.org";,
-            'mysql.pass'                      => $mysqlpass,
-            'auth.require-email-verification' => false,
-            'metamta.mail-adapter'            => 
'PhabricatorMailImplementationTestAdapter',
-            'repository.default-local-path'   => '/srv/repos',
-            'phd.taskmasters'                 => 1,
-            'config.ignore-issues'            => '{
-                                                      
"security.security.alternate-file-domain": true
-                                                  }',
-        },
+        settings      => $phab_settings,
     }
 
     package { 'mysql-server': ensure => present }

-- 
To view, visit https://gerrit.wikimedia.org/r/313937
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I182e2e28e38514cb03e8ac79192fe165ad6e6ee0
Gerrit-PatchSet: 7
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: 20after4 <mmod...@wikimedia.org>
Gerrit-Reviewer: 20after4 <mmod...@wikimedia.org>
Gerrit-Reviewer: Aklapper <aklap...@wikimedia.org>
Gerrit-Reviewer: BBlack <bbl...@wikimedia.org>
Gerrit-Reviewer: Chasemp <r...@wikimedia.org>
Gerrit-Reviewer: Dzahn <dz...@wikimedia.org>
Gerrit-Reviewer: Paladox <thomasmulhall...@yahoo.com>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to