diff --git a/doc/puppet_modules.rst b/doc/puppet_modules.rst index 97973fd1c0..0d83754956 100644 --- a/doc/puppet_modules.rst +++ b/doc/puppet_modules.rst @@ -364,10 +364,11 @@ Nginx The reverse proxy is configured to talk to Etherpad Lite over localhost:9001. Nginx listens on TCP 443 for HTTPS connections. Because HTTPS is used you will -need SSL certificates (again not managed by Puppet because of the sensitive -nature of these files). Nginx expects your certificate file to be at -``/etc/nginx/ssl/eplite.crt`` and your certificate key file to be at -``/etc/nginx/ssl/eplite.key``. +need SSL certificates. These files are not directly managed by Puppet (again +because of the sensitive nature of these files), but Puppet will look for +``/root/secret-files/eplite.crt`` and ``/root/secret-files/eplite.key`` and +copy them to ``/etc/nginx/ssl/eplite.crt`` and ``/etc/nginx/ssl/eplite.key``, +which is where Nginx expects them to be. MySQL ^^^^^ diff --git a/manifests/site.pp b/manifests/site.pp index 42f2b2ddb1..6e53974e15 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -383,6 +383,20 @@ node "pypi.openstack.org" { } } +node 'etherpadlite.openstack.org' { + include openstack_cron + class { 'openstack_server': + iptables_public_tcp_ports => [22, 80, 443] + } + + include etherpad_lite + class { 'etherpad_lite::nginx': + server_name => 'etherpadlite.openstack.org' + } + include etherpad_lite::site + include etherpad_lite::mysql +} + # A bare machine, but with a jenkins user node /^.*\.template\.openstack\.org$/ { class { 'openstack_template': diff --git a/modules/etherpad_lite/manifests/init.pp b/modules/etherpad_lite/manifests/init.pp index 82d99fd23f..7408883db2 100644 --- a/modules/etherpad_lite/manifests/init.pp +++ b/modules/etherpad_lite/manifests/init.pp @@ -107,10 +107,6 @@ class etherpad_lite ( mode => 0664, } - package { 'git': - ensure => present - } - git_repo { 'nodejs_repo': repo => 'https://github.com/joyent/node.git', dest => "${base_install_dir}/nodejs", @@ -151,7 +147,6 @@ class etherpad_lite ( user => $ep_user, cwd => "${base_install_dir}/etherpad-lite", environment => "HOME=${base_log_dir}/${ep_user}", - creates => "${base_install_dir}/etherpad-lite/node_modules", require => [Git_repo['etherpad_repo'], Buildsource["${base_install_dir}/nodejs"]], before => File["${base_install_dir}/etherpad-lite/settings.json"] diff --git a/modules/etherpad_lite/manifests/nginx.pp b/modules/etherpad_lite/manifests/nginx.pp index 506891e660..a1b403b970 100644 --- a/modules/etherpad_lite/manifests/nginx.pp +++ b/modules/etherpad_lite/manifests/nginx.pp @@ -18,10 +18,34 @@ class etherpad_lite::nginx ( content => template('etherpad_lite/nginx.erb'), replace => 'true', owner => 'root', - require => Package['nginx'], + require => File['/etc/nginx/ssl/eplite.crt', '/etc/nginx/ssl/eplite.key'], notify => Service['nginx'] } + file { '/etc/nginx/ssl': + ensure => directory, + owner => 'root', + mode => 0700, + } + + file { '/etc/nginx/ssl/eplite.crt': + ensure => present, + replace => true, + owner => 'root', + mode => 0600, + source => 'file:///root/secret-files/eplite.crt', + require => Package['nginx'], + } + + file { '/etc/nginx/ssl/eplite.key': + ensure => present, + replace => true, + owner => 'root', + mode => 0600, + source => 'file:///root/secret-files/eplite.key', + require => Package['nginx'], + } + service { 'nginx': enable => true, ensure => running, diff --git a/modules/etherpad_lite/manifests/site.pp b/modules/etherpad_lite/manifests/site.pp index d4527b1552..7efcfd92b5 100644 --- a/modules/etherpad_lite/manifests/site.pp +++ b/modules/etherpad_lite/manifests/site.pp @@ -30,7 +30,7 @@ class etherpad_lite::site ( require => Class['etherpad_lite'] } - file { "${etherpad_lite::base_install_dir}/etherpad-lite/static/custom/pad.js": + file { "${etherpad_lite::base_install_dir}/etherpad-lite/src/static/custom/pad.js": ensure => 'present', source => 'puppet:///modules/etherpad_lite/pad.js', owner => $etherpad_lite::ep_user, diff --git a/modules/etherpad_lite/templates/nginx.erb b/modules/etherpad_lite/templates/nginx.erb index 8554ec0715..a816749df4 100644 --- a/modules/etherpad_lite/templates/nginx.erb +++ b/modules/etherpad_lite/templates/nginx.erb @@ -22,8 +22,8 @@ server { } } -#server { -# listen 80 <%= default_server %>; -# server_name <%= server_name %>; -# rewrite ^(.*) https://$server_name$1 permanent; -#} +server { + listen 80 <%= default_server %>; + server_name <%= server_name %>; + rewrite ^(.*) https://$server_name$1 permanent; +} diff --git a/modules/etherpad_lite/templates/upstart.erb b/modules/etherpad_lite/templates/upstart.erb index 5a3ddb1264..9610779659 100644 --- a/modules/etherpad_lite/templates/upstart.erb +++ b/modules/etherpad_lite/templates/upstart.erb @@ -19,8 +19,8 @@ pre-start script end script script - cd $EPHOME/node - exec su -s /bin/sh -c 'exec "$0" "$@"' $EPUSER -- /usr/local/bin/node server.js \ + cd $EPHOME + exec su -s /bin/sh -c 'exec "$0" "$@"' $EPUSER -- /usr/local/bin/node node_modules/ep_etherpad-lite/node/server.js \ >> $EPLOGS/access.log \ 2>> $EPLOGS/error.log end script