Nemo bis has uploaded a new change for review.
https://gerrit.wikimedia.org/r/213579
Change subject: [WIP] Stub LimeSurvey configuration
......................................................................
[WIP] Stub LimeSurvey configuration
Bug: T94807
Change-Id: I23513ebb6eec827739dc3ae04bdc70d45874672a
---
M manifests/role/deployment.pp
A manifests/role/limesurvey.pp
A modules/limesurvey/manifests/init.pp
A modules/limesurvey/templates/apache.conf.erb
A modules/limesurvey/templates/env.erb
M templates/mariadb/dumps-misc.sh.erb
M templates/mariadb/production-grants-m2.sql.erb
M templates/udp2log/filters.mw.erb
M templates/varnish/misc.inc.vcl.erb
9 files changed, 182 insertions(+), 3 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/79/213579/1
diff --git a/manifests/role/deployment.pp b/manifests/role/deployment.pp
index f59a56a..acb229c 100644
--- a/manifests/role/deployment.pp
+++ b/manifests/role/deployment.pp
@@ -121,6 +121,9 @@
'gitfat_enabled' => true,
'upstream' =>
'https://gerrit.wikimedia.org/r/operations/software/dropwizard-metrics',
},
+ 'limesurvey/limesurvey' => {
+ 'upstream' => 'https://github.com/LimeSurvey/LimeSurvey.git',
+ },
}
}
diff --git a/manifests/role/limesurvey.pp b/manifests/role/limesurvey.pp
new file mode 100644
index 0000000..622b30c
--- /dev/null
+++ b/manifests/role/limesurvey.pp
@@ -0,0 +1,26 @@
+# = Class: role::limesurvey
+#
+# This class sets up a LimeSurvey instance
+#
+class role::limesurvey {
+
+ class { '::limesurvey':
+ hostname => 'limesurvey.wikimedia.org',
+ deploy_dir => '/srv/deployment/limesurvey/limesurvey',
+ cache_dir => '/var/cache/limesurvey',
+ # Send logs to fluorine
+ udp2log_dest => '10.64.0.21:8420',
+ serveradmin => 'n...@wikimedia.org',
+ # Misc MySQL shard
+ mysql_host => 'm2-master.eqiad.wmnet',
+ mysql_db => 'limesurvey',
+ smtp_host => $::mail_smarthost[0],
+ }
+
+ ferm::service { 'limesurvey_http':
+ proto => 'tcp',
+ port => '80',
+ }
+
+}
+# vim:sw=4 ts=4 sts=4 et:
diff --git a/modules/limesurvey/manifests/init.pp
b/modules/limesurvey/manifests/init.pp
new file mode 100644
index 0000000..b9e316f
--- /dev/null
+++ b/modules/limesurvey/manifests/init.pp
@@ -0,0 +1,81 @@
+# = Class: limesurvey
+#
+# This class installs/configures/manages the LimeSurvey application.
+#
+# == Parameters:
+# - $hostname: hostname for apache vhost
+# - $deploy_dir: directory application is deployed to
+# - $cache_dir: directory for caching twig templates
+# - $udp2log_dest: log destination
+# - $serveradmin: administrative contact email address
+# - $mysql_host: mysql database server
+# - $mysql_db: mysql database
+# - $smtp_host: outgoing email relay
+#
+# == Sample usage:
+#
+# class { 'limesurvey':
+# }
+#
+class limesurvey(
+ $hostname = 'limesurvey.wikimedia.org',
+ $deploy_dir = '/srv/deployment/limesurvey/limesurvey',
+ $cache_dir = '/var/cache/limesurvey',
+ $udp2log_dest = '10.64.0.21:8420',
+ $serveradmin = 'n...@wikimedia.org',
+ $mysql_host = 'localhost',
+ $mysql_db = 'limesurvey',
+ $smtp_host = 'localhost'
+) {
+
+ include passwords::mysql::limesurvey,
+ webserver::php5
+
+ require_package('php5-mysql')
+
+ $mysql_user = $passwords::mysql::limesurvey::app_user
+ $mysql_pass = $passwords::mysql::limesurvey::app_password
+ $log_file = "udp://${udp2log_dest}/limesurvey"
+
+ system::role { 'limesurvey':
+ description => 'LimeSurvey server'
+ }
+
+ package { 'limesurvey':
+ provider => 'trebuchet',
+ }
+
+ apache::site { 'limesurvey.wikimedia.org':
+ content => template('limesurvey/apache.conf.erb'),
+ }
+
+ file { $deploy_dir:
+ ensure => directory,
+ }
+
+ file { "${deploy_dir}/.env":
+ ensure => present,
+ mode => '0444',
+ owner => 'root',
+ group => 'root',
+ notify => Service['apache2'],
+ content => template('limesurvey/env.erb'),
+ }
+
+ file { $cache_dir:
+ ensure => directory,
+ mode => '0755',
+ owner => 'www-data',
+ group => 'root',
+ }
+
+ include ::apache::mod::rewrite
+ include ::apache::mod::headers
+
+ file { '/etc/apache2/conf.d/namevirtualhost':
+ source => 'puppet:///files/apache/conf.d/namevirtualhost',
+ mode => '0444',
+ notify => Service['apache2'],
+ }
+}
+# vim:sw=4 ts=4 sts=4 et:
diff --git a/modules/limesurvey/templates/apache.conf.erb
b/modules/limesurvey/templates/apache.conf.erb
new file mode 100644
index 0000000..5c4958e
--- /dev/null
+++ b/modules/limesurvey/templates/apache.conf.erb
@@ -0,0 +1,37 @@
+#####################################################################
+### THIS FILE IS MANAGED BY PUPPET
+### puppet:///modules/limesurvey/apache.conf
+#####################################################################
+<VirtualHost *:80>
+ ServerName <%= @hostname %>
+ ServerAdmin <%= @serveradmin %>
+
+ RewriteEngine on
+ RewriteCond %{HTTP:X-Forwarded-Proto} !https
+ RewriteCond %{REQUEST_URI} !^/status$
+ RewriteRule ^/(.*)$ https://%{HTTP_HOST}%{REQUEST_URI}
[R=301,E=ProtoRedirect]
+ Header always merge Vary X-Forwarded-Proto env=ProtoRedirect
+ Header always set Strict-Transport-Security "max-age=31536000"
+
+ DocumentRoot <%= @deploy_dir %>/public
+
+ <Directory />
+ Options FollowSymLinks
+ AllowOverride None
+ </Directory>
+
+ <Directory <%= @deploy_dir %>/public>
+ Options Indexes FollowSymLinks
+ AllowOverride None
+ Order allow,deny
+ allow from all
+ </Directory>
+
+ <Location />
+ RewriteEngine On
+ RewriteCond %{REQUEST_FILENAME} !-f
+ RewriteRule .* index.php/$0 [L,PT]
+ </Location>
+
+</VirtualHost>
+# vim:sw=2 ts=2 sts=2 et ft=apache:
diff --git a/modules/limesurvey/templates/env.erb
b/modules/limesurvey/templates/env.erb
new file mode 100644
index 0000000..05abe89
--- /dev/null
+++ b/modules/limesurvey/templates/env.erb
@@ -0,0 +1,22 @@
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;; THIS FILE IS MANAGED BY PUPPET
+;;; puppet:///modules/limesurvey/env
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+; PHP PDO database connection data source name
+DB_DSN="mysql:host=<%= @mysql_host %>;dbname=<%= @mysql_db %>;charset=utf8"
+
+; PHP PDO database connection user name
+DB_USER=<%= @mysql_user %>
+
+; PHP PDO database connection password
+DB_PASS="<%= @mysql_pass %>"
+
+; Log message output file or udp2log uri
+LOG_FILE=<%= @log_file %>
+
+; SMTP relay for outgoing email messages
+SMTP_HOST=<%= @smtp_host %>
+
+; Directory for apache to write twig template cache files
+CACHE_DIR=<%= @cache_dir %>
diff --git a/templates/mariadb/dumps-misc.sh.erb
b/templates/mariadb/dumps-misc.sh.erb
index f9b6c76..0c39ebf 100644
--- a/templates/mariadb/dumps-misc.sh.erb
+++ b/templates/mariadb/dumps-misc.sh.erb
@@ -8,7 +8,7 @@
$dump -h m1-slave --databases bacula etherpadlite librenms puppet racktables
rt | \
pigz > /srv/backups/m1-$(date +%Y%m%d%H%M%S).sql.gz &
-$dump -h m2-slave --databases iegreview reviewdb scholarships | \
+$dump -h m2-slave --databases iegreview limesurvey reviewdb scholarships | \
pigz > /srv/backups/m2-$(date +%Y%m%d%H%M%S).sql.gz &
$dump -h m2-slave --max_allowed_packet=64M --databases otrs | \
diff --git a/templates/mariadb/production-grants-m2.sql.erb
b/templates/mariadb/production-grants-m2.sql.erb
index 753f30d..2762d09 100644
--- a/templates/mariadb/production-grants-m2.sql.erb
+++ b/templates/mariadb/production-grants-m2.sql.erb
@@ -63,6 +63,16 @@
GRANT DELETE, INSERT, SELECT, UPDATE
ON `iegreview`.* TO 'iegapp'@'10.64.0.166';
+-- limesurvey
+
+GRANT USAGE
+ ON *.* TO 'limesurvey'@'10.64.0.166'
+ IDENTIFIED BY PASSWORD '*B13B788BED5B6012E963FF853C01154266232753'
+ WITH MAX_USER_CONNECTIONS 10;
+
+GRANT ALL PRIVILEGES
+ ON `limesurvey`.* TO 'limesurvey'@'10.64.0.166';
+
-- otrs
GRANT USAGE
diff --git a/templates/udp2log/filters.mw.erb b/templates/udp2log/filters.mw.erb
index 1878327..2859af6 100644
--- a/templates/udp2log/filters.mw.erb
+++ b/templates/udp2log/filters.mw.erb
@@ -10,4 +10,4 @@
# Udp2log messages that originate from rsyslog and MediaWiki are already
# forwarded directly to logstash via other mechanisms, but some channels are
# not yet directly connected to logstash and should be relayed here.
-pipe 1 egrep '^(scap|scholarships|iegreview) ' | /usr/bin/log2udp -h <%=
@template_variables['logstash_host'] %> -p <%=
@template_variables['logstash_port'] %>
+pipe 1 egrep '^(scap|scholarships|iegreview|limesurvey) ' | /usr/bin/log2udp
-h <%= @template_variables['logstash_host'] %> -p <%=
@template_variables['logstash_port'] %>
diff --git a/templates/varnish/misc.inc.vcl.erb
b/templates/varnish/misc.inc.vcl.erb
index 9a8cfd8..ffb4f6e 100644
--- a/templates/varnish/misc.inc.vcl.erb
+++ b/templates/varnish/misc.inc.vcl.erb
@@ -20,7 +20,7 @@
set req.backend = logstash;
} elsif (req.http.Host == "releases.wikimedia.org") {
set req.backend = caesium;
- } elsif (req.http.Host == "scholarships.wikimedia.org" || req.http.Host
== "transparency.wikimedia.org" || req.http.Host == "grafana.wikimedia.org" ||
req.http.Host == "iegreview.wikimedia.org" || req.http.Host ==
"annual.wikimedia.org" || req.http.Host == "policy.wikimedia.org") {
+ } elsif (req.http.Host == "scholarships.wikimedia.org" || req.http.Host
== "transparency.wikimedia.org" || req.http.Host == "grafana.wikimedia.org" ||
req.http.Host == "iegreview.wikimedia.org" || req.http.Host ==
"annual.wikimedia.org" || req.http.Host == "policy.wikimedia.org" ||
req.http.Host == "limesurvey.wikimedia.org") {
set req.backend = zirconium;
} elsif (req.http.Host == "parsoid-tests.wikimedia.org") {
set req.backend = ruthenium;
--
To view, visit https://gerrit.wikimedia.org/r/213579
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I23513ebb6eec827739dc3ae04bdc70d45874672a
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Nemo bis <federicol...@tiscali.it>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
