Nemo bis has uploaded a new change for review. https://gerrit.wikimedia.org/r/213579
Change subject: [WIP] Stub LimeSurvey configuration ...................................................................... [WIP] Stub LimeSurvey configuration Bug: T94807 Change-Id: I23513ebb6eec827739dc3ae04bdc70d45874672a --- M manifests/role/deployment.pp A manifests/role/limesurvey.pp A modules/limesurvey/manifests/init.pp A modules/limesurvey/templates/apache.conf.erb A modules/limesurvey/templates/env.erb M templates/mariadb/dumps-misc.sh.erb M templates/mariadb/production-grants-m2.sql.erb M templates/udp2log/filters.mw.erb M templates/varnish/misc.inc.vcl.erb 9 files changed, 182 insertions(+), 3 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/79/213579/1 diff --git a/manifests/role/deployment.pp b/manifests/role/deployment.pp index f59a56a..acb229c 100644 --- a/manifests/role/deployment.pp +++ b/manifests/role/deployment.pp @@ -121,6 +121,9 @@ 'gitfat_enabled' => true, 'upstream' => 'https://gerrit.wikimedia.org/r/operations/software/dropwizard-metrics', }, + 'limesurvey/limesurvey' => { + 'upstream' => 'https://github.com/LimeSurvey/LimeSurvey.git', + }, } } diff --git a/manifests/role/limesurvey.pp b/manifests/role/limesurvey.pp new file mode 100644 index 0000000..622b30c --- /dev/null +++ b/manifests/role/limesurvey.pp @@ -0,0 +1,26 @@ +# = Class: role::limesurvey +# +# This class sets up a LimeSurvey instance +# +class role::limesurvey { + + class { '::limesurvey': + hostname => 'limesurvey.wikimedia.org', + deploy_dir => '/srv/deployment/limesurvey/limesurvey', + cache_dir => '/var/cache/limesurvey', + # Send logs to fluorine + udp2log_dest => '10.64.0.21:8420', + serveradmin => 'n...@wikimedia.org', + # Misc MySQL shard + mysql_host => 'm2-master.eqiad.wmnet', + mysql_db => 'limesurvey', + smtp_host => $::mail_smarthost[0], + } + + ferm::service { 'limesurvey_http': + proto => 'tcp', + port => '80', + } + +} +# vim:sw=4 ts=4 sts=4 et: diff --git a/modules/limesurvey/manifests/init.pp b/modules/limesurvey/manifests/init.pp new file mode 100644 index 0000000..b9e316f --- /dev/null +++ b/modules/limesurvey/manifests/init.pp @@ -0,0 +1,81 @@ +# = Class: limesurvey +# +# This class installs/configures/manages the LimeSurvey application. +# +# == Parameters: +# - $hostname: hostname for apache vhost +# - $deploy_dir: directory application is deployed to +# - $cache_dir: directory for caching twig templates +# - $udp2log_dest: log destination +# - $serveradmin: administrative contact email address +# - $mysql_host: mysql database server +# - $mysql_db: mysql database +# - $smtp_host: outgoing email relay +# +# == Sample usage: +# +# class { 'limesurvey': +# } +# +class limesurvey( + $hostname = 'limesurvey.wikimedia.org', + $deploy_dir = '/srv/deployment/limesurvey/limesurvey', + $cache_dir = '/var/cache/limesurvey', + $udp2log_dest = '10.64.0.21:8420', + $serveradmin = 'n...@wikimedia.org', + $mysql_host = 'localhost', + $mysql_db = 'limesurvey', + $smtp_host = 'localhost' +) { + + include passwords::mysql::limesurvey, + webserver::php5 + + require_package('php5-mysql') + + $mysql_user = $passwords::mysql::limesurvey::app_user + $mysql_pass = $passwords::mysql::limesurvey::app_password + $log_file = "udp://${udp2log_dest}/limesurvey" + + system::role { 'limesurvey': + description => 'LimeSurvey server' + } + + package { 'limesurvey': + provider => 'trebuchet', + } + + apache::site { 'limesurvey.wikimedia.org': + content => template('limesurvey/apache.conf.erb'), + } + + file { $deploy_dir: + ensure => directory, + } + + file { "${deploy_dir}/.env": + ensure => present, + mode => '0444', + owner => 'root', + group => 'root', + notify => Service['apache2'], + content => template('limesurvey/env.erb'), + } + + file { $cache_dir: + ensure => directory, + mode => '0755', + owner => 'www-data', + group => 'root', + } + + include ::apache::mod::rewrite + include ::apache::mod::headers + + file { '/etc/apache2/conf.d/namevirtualhost': + source => 'puppet:///files/apache/conf.d/namevirtualhost', + mode => '0444', + notify => Service['apache2'], + } +} +# vim:sw=4 ts=4 sts=4 et: diff --git a/modules/limesurvey/templates/apache.conf.erb b/modules/limesurvey/templates/apache.conf.erb new file mode 100644 index 0000000..5c4958e --- /dev/null +++ b/modules/limesurvey/templates/apache.conf.erb @@ -0,0 +1,37 @@ +##################################################################### +### THIS FILE IS MANAGED BY PUPPET +### puppet:///modules/limesurvey/apache.conf +##################################################################### +<VirtualHost *:80> + ServerName <%= @hostname %> + ServerAdmin <%= @serveradmin %> + + RewriteEngine on + RewriteCond %{HTTP:X-Forwarded-Proto} !https + RewriteCond %{REQUEST_URI} !^/status$ + RewriteRule ^/(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,E=ProtoRedirect] + Header always merge Vary X-Forwarded-Proto env=ProtoRedirect + Header always set Strict-Transport-Security "max-age=31536000" + + DocumentRoot <%= @deploy_dir %>/public + + <Directory /> + Options FollowSymLinks + AllowOverride None + </Directory> + + <Directory <%= @deploy_dir %>/public> + Options Indexes FollowSymLinks + AllowOverride None + Order allow,deny + allow from all + </Directory> + + <Location /> + RewriteEngine On + RewriteCond %{REQUEST_FILENAME} !-f + RewriteRule .* index.php/$0 [L,PT] + </Location> + +</VirtualHost> +# vim:sw=2 ts=2 sts=2 et ft=apache: diff --git a/modules/limesurvey/templates/env.erb b/modules/limesurvey/templates/env.erb new file mode 100644 index 0000000..05abe89 --- /dev/null +++ b/modules/limesurvey/templates/env.erb @@ -0,0 +1,22 @@ +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;; THIS FILE IS MANAGED BY PUPPET +;;; puppet:///modules/limesurvey/env +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +; PHP PDO database connection data source name +DB_DSN="mysql:host=<%= @mysql_host %>;dbname=<%= @mysql_db %>;charset=utf8" + +; PHP PDO database connection user name +DB_USER=<%= @mysql_user %> + +; PHP PDO database connection password +DB_PASS="<%= @mysql_pass %>" + +; Log message output file or udp2log uri +LOG_FILE=<%= @log_file %> + +; SMTP relay for outgoing email messages +SMTP_HOST=<%= @smtp_host %> + +; Directory for apache to write twig template cache files +CACHE_DIR=<%= @cache_dir %> diff --git a/templates/mariadb/dumps-misc.sh.erb b/templates/mariadb/dumps-misc.sh.erb index f9b6c76..0c39ebf 100644 --- a/templates/mariadb/dumps-misc.sh.erb +++ b/templates/mariadb/dumps-misc.sh.erb @@ -8,7 +8,7 @@ $dump -h m1-slave --databases bacula etherpadlite librenms puppet racktables rt | \ pigz > /srv/backups/m1-$(date +%Y%m%d%H%M%S).sql.gz & -$dump -h m2-slave --databases iegreview reviewdb scholarships | \ +$dump -h m2-slave --databases iegreview limesurvey reviewdb scholarships | \ pigz > /srv/backups/m2-$(date +%Y%m%d%H%M%S).sql.gz & $dump -h m2-slave --max_allowed_packet=64M --databases otrs | \ diff --git a/templates/mariadb/production-grants-m2.sql.erb b/templates/mariadb/production-grants-m2.sql.erb index 753f30d..2762d09 100644 --- a/templates/mariadb/production-grants-m2.sql.erb +++ b/templates/mariadb/production-grants-m2.sql.erb @@ -63,6 +63,16 @@ GRANT DELETE, INSERT, SELECT, UPDATE ON `iegreview`.* TO 'iegapp'@'10.64.0.166'; +-- limesurvey + +GRANT USAGE + ON *.* TO 'limesurvey'@'10.64.0.166' + IDENTIFIED BY PASSWORD '*B13B788BED5B6012E963FF853C01154266232753' + WITH MAX_USER_CONNECTIONS 10; + +GRANT ALL PRIVILEGES + ON `limesurvey`.* TO 'limesurvey'@'10.64.0.166'; + -- otrs GRANT USAGE diff --git a/templates/udp2log/filters.mw.erb b/templates/udp2log/filters.mw.erb index 1878327..2859af6 100644 --- a/templates/udp2log/filters.mw.erb +++ b/templates/udp2log/filters.mw.erb @@ -10,4 +10,4 @@ # Udp2log messages that originate from rsyslog and MediaWiki are already # forwarded directly to logstash via other mechanisms, but some channels are # not yet directly connected to logstash and should be relayed here. -pipe 1 egrep '^(scap|scholarships|iegreview) ' | /usr/bin/log2udp -h <%= @template_variables['logstash_host'] %> -p <%= @template_variables['logstash_port'] %> +pipe 1 egrep '^(scap|scholarships|iegreview|limesurvey) ' | /usr/bin/log2udp -h <%= @template_variables['logstash_host'] %> -p <%= @template_variables['logstash_port'] %> diff --git a/templates/varnish/misc.inc.vcl.erb b/templates/varnish/misc.inc.vcl.erb index 9a8cfd8..ffb4f6e 100644 --- a/templates/varnish/misc.inc.vcl.erb +++ b/templates/varnish/misc.inc.vcl.erb @@ -20,7 +20,7 @@ set req.backend = logstash; } elsif (req.http.Host == "releases.wikimedia.org") { set req.backend = caesium; - } elsif (req.http.Host == "scholarships.wikimedia.org" || req.http.Host == "transparency.wikimedia.org" || req.http.Host == "grafana.wikimedia.org" || req.http.Host == "iegreview.wikimedia.org" || req.http.Host == "annual.wikimedia.org" || req.http.Host == "policy.wikimedia.org") { + } elsif (req.http.Host == "scholarships.wikimedia.org" || req.http.Host == "transparency.wikimedia.org" || req.http.Host == "grafana.wikimedia.org" || req.http.Host == "iegreview.wikimedia.org" || req.http.Host == "annual.wikimedia.org" || req.http.Host == "policy.wikimedia.org" || req.http.Host == "limesurvey.wikimedia.org") { set req.backend = zirconium; } elsif (req.http.Host == "parsoid-tests.wikimedia.org") { set req.backend = ruthenium; -- To view, visit https://gerrit.wikimedia.org/r/213579 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I23513ebb6eec827739dc3ae04bdc70d45874672a Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Nemo bis <federicol...@tiscali.it> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits