diff --git a/manifests/site.pp b/manifests/site.pp
index e37a6f5507..8204295e12 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -659,11 +659,11 @@ node /^.*\.jclouds\.openstack\.org$/ {
}
node 'openstackid-dev.openstack.org' {
- class { 'openstack_project::openid_dev':
- sysadmins => hiera('sysadmins'),
- site_admin_password => hiera('openstackid_dev_site_admin_password'),
- site_mysql_host => hiera('openstackid_dev_mysql_host'),
- site_mysql_password => hiera('openstackid_dev_mysql_password'),
+ class { 'openstack_project::openstackid_dev':
+ sysadmins => hiera('sysadmins'),
+ site_admin_password => hiera('openstackid_dev_site_admin_password'),
+ mysql_host => hiera('openstackid_dev_mysql_host'),
+ mysql_password => hiera('openstackid_dev_mysql_password'),
}
}
diff --git a/modules/openstack_project/manifests/openid_dev.pp b/modules/openstack_project/manifests/openstackid_dev.pp
similarity index 61%
rename from modules/openstack_project/manifests/openid_dev.pp
rename to modules/openstack_project/manifests/openstackid_dev.pp
index b871a941f9..dbdec647fc 100644
--- a/modules/openstack_project/manifests/openid_dev.pp
+++ b/modules/openstack_project/manifests/openstackid_dev.pp
@@ -14,17 +14,19 @@
#
# openstackid idp(sso-openid) dev server
#
-class openstack_project::openid_dev (
+class openstack_project::openstackid_dev (
$sysadmins = [],
$site_admin_password = '',
- $site_mysql_password = '',
- $site_mysql_user = 'openstackid',
- $site_mysql_host = '127.0.0.1',
- $db_name = 'openstackid_openid_dev',
- $redis_port = '6378',
- $redis_max_memory = '1gb',
- $redis_bind = '127.0.0.1',
+ $mysql_host = '',
+ $mysql_user = 'openstackid',
+ $mysql_password = '',
+ $id_db_name = 'openstackid_openid_dev',
+ $ss_db_name = 'openstackid_silverstripe_dev',
+ $redis_port = '6378',
+ $redis_max_memory = '1gb',
+ $redis_bind = '127.0.0.1'
) {
+
realize (
User::Virtual::Localuser['smarcet'],
)
@@ -34,25 +36,22 @@ class openstack_project::openid_dev (
sysadmins => $sysadmins,
}
- # php packages needed for openid server
-
- include apt
- apt::ppa { 'ppa:ondrej/php5-oldstable': }
-
- # we need PHP 5.4 or greather
- package { ['php5-common','php5-curl','php5-cli','php5-json','php5-mcrypt','php5-mysql']:
- require => [ Exec[apt_update], Class['openstack_project::server'] ]
+ class { 'openstackid':
+ site_admin_password => $site_admin_password,
+ mysql_host => $mysql_host,
+ mysql_user => $mysql_user,
+ mysql_password => $mysql_password,
+ id_db_name => $id_db_name,
+ ss_db_name => $ss_db_name,
+ redis_port => $redis_port,
+ redis_host => $redis_bind,
}
# redis (custom module written by tipit)
-
class { 'redis':
redis_port => $redis_port,
redis_max_memory => $redis_max_memory,
redis_bind => $redis_bind,
}
- include apache
- include apache::ssl
- include apache::php
}
diff --git a/modules/openstackid/manifests/init.pp b/modules/openstackid/manifests/init.pp
new file mode 100644
index 0000000000..5e0f595432
--- /dev/null
+++ b/modules/openstackid/manifests/init.pp
@@ -0,0 +1,207 @@
+# Copyright 2013 OpenStack Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# openstackid idp(sso-openid)
+#
+# == Class: openstackid
+#
+class openstackid (
+ $git_source_repo = 'https://git.openstack.org/openstack-infra/openstackid',
+ $site_admin_password = '',
+ $mysql_host = '',
+ $mysql_user = '',
+ $mysql_password = '',
+ $id_db_name = '',
+ $ss_db_name = '',
+ $redis_port = '',
+ $redis_host = '',
+ $vhost_name = $::fqdn,
+ $robots_txt_source = '',
+ $serveradmin = "webmaster@${::fqdn}",
+ $canonicalweburl = "https://${::fqdn}/",
+ $ssl_cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem',
+ $ssl_key_file = '/etc/ssl/private/ssl-cert-snakeoil.key',
+ $ssl_chain_file = '',
+ $ssl_cert_file_contents = '', # If left empty puppet will not create file.
+ $ssl_key_file_contents = '', # If left empty puppet will not create file.
+ $ssl_chain_file_contents = '', # If left empty puppet will not create file.
+ $httpd_acceptorthreads = '',
+) {
+
+ vcsrepo { '/opt/openstackid':
+ ensure => latest,
+ provider => git,
+ revision => 'master',
+ source => $git_source_repo,
+ }
+
+ # we need PHP 5.4 or greather
+ include apt
+ apt::ppa { 'ppa:ondrej/php5-oldstable': }
+
+ # php packages needed for openid server
+ package {
+ [
+ 'php5-common',
+ 'php5-curl',
+ 'php5-cli',
+ 'php5-json',
+ 'php5-mcrypt',
+ 'php5-mysql',
+ ]:
+ require => Exec[apt_update],
+ }
+
+ group { 'openstackid':
+ ensure => present,
+ }
+
+ user { 'openstackid':
+ ensure => present,
+ managehome => true,
+ comment => 'OpenStackID User',
+ shell => '/bin/bash',
+ gid => 'openstackid',
+ require => Group['openstackid'],
+ }
+
+ file { '/etc/openstackid':
+ ensure => directory,
+ owner => 'root',
+ group => 'root',
+ mode => '0755',
+ }
+
+ file { '/etc/openstackid/database.php':
+ ensure => present,
+ content => template('openstackid/database.php.erb'),
+ owner => 'root',
+ group => 'openstackid',
+ mode => '0640',
+ require => [
+ File['/etc/openstackid'],
+ Group['openstackid'],
+ ]
+ }
+
+ file { '/srv/openstackid':
+ ensure => directory,
+ owner => 'root',
+ group => 'root',
+ mode => '0755',
+ }
+
+ file { '/srv/openstackid/app':
+ ensure => directory,
+ owner => 'root',
+ group => 'root',
+ mode => '0755',
+ require => File['/srv/openstackid'],
+ }
+
+ file { '/srv/openstackid/app/config':
+ ensure => directory,
+ owner => 'root',
+ group => 'root',
+ mode => '0755',
+ require => File['/srv/openstackid/app'],
+ }
+
+ file { '/srv/openstackid/app/config/dev':
+ ensure => directory,
+ owner => 'root',
+ group => 'root',
+ mode => '0755',
+ require => File['/srv/openstackid/app/config'],
+ }
+
+ file { '/srv/openstackid/app/config/dev/database.php':
+ ensure => link,
+ target => '/etc/openstackid/database.php',
+ require => [
+ File['/srv/openstackid/app/config/dev'],
+ File['/etc/openstackid/database.php'],
+ ],
+ }
+
+ file { '/srv/openstackid/public':
+ ensure => directory,
+ owner => 'root',
+ group => 'root',
+ mode => '0755',
+ require => File['/srv/openstackid'],
+ }
+
+ include apache
+ include apache::ssl
+ include apache::php
+ apache::vhost { $vhost_name:
+ port => 443,
+ docroot => '/srv/openstackid/public',
+ priority => '50',
+ template => 'openstackid/vhost.erb',
+ ssl => true,
+ require => File['/srv/openstackid/public'],
+ }
+ a2mod { 'rewrite':
+ ensure => present,
+ }
+ a2mod { 'proxy':
+ ensure => present,
+ }
+ a2mod { 'proxy_http':
+ ensure => present,
+ }
+
+ if $ssl_cert_file_contents != '' {
+ file { $ssl_cert_file:
+ owner => 'root',
+ group => 'root',
+ mode => '0640',
+ content => $ssl_cert_file_contents,
+ before => Apache::Vhost[$vhost_name],
+ }
+ }
+
+ if $ssl_key_file_contents != '' {
+ file { $ssl_key_file:
+ owner => 'root',
+ group => 'ssl-cert',
+ mode => '0640',
+ content => $ssl_key_file_contents,
+ before => Apache::Vhost[$vhost_name],
+ }
+ }
+
+ if $ssl_chain_file_contents != '' {
+ file { $ssl_chain_file:
+ owner => 'root',
+ group => 'root',
+ mode => '0640',
+ content => $ssl_chain_file_contents,
+ before => Apache::Vhost[$vhost_name],
+ }
+ }
+
+ if $robots_txt_source != '' {
+ file { '/srv/openstackid/public/robots.txt':
+ owner => 'root',
+ group => 'root',
+ mode => '0644',
+ source => $robots_txt_source,
+ require => File['/srv/openstackid/public'],
+ }
+ }
+
+}
diff --git a/modules/openstackid/templates/database.php.erb b/modules/openstackid/templates/database.php.erb
new file mode 100644
index 0000000000..e7b6c6a9c0
--- /dev/null
+++ b/modules/openstackid/templates/database.php.erb
@@ -0,0 +1,107 @@
+ PDO::FETCH_CLASS,
+
+ /*
+ |--------------------------------------------------------------------------
+ | Default Database Connection Name
+ |--------------------------------------------------------------------------
+ |
+ | Here you may specify which of the database connections below you wish
+ | to use as your default connection for all database work. Of course
+ | you may use many connections at once using the Database library.
+ |
+ */
+
+ 'default' => 'mysql',
+
+ /*
+ |--------------------------------------------------------------------------
+ | Database Connections
+ |--------------------------------------------------------------------------
+ |
+ | Here are each of the database connections setup for your application.
+ | Of course, examples of configuring each database platform that is
+ | supported by Laravel is shown below to make development simple.
+ |
+ |
+ | All database work in Laravel is done through the PHP PDO facilities
+ | so make sure you have the driver for your particular database of
+ | choice installed on your machine before you begin development.
+ |
+ */
+
+ 'connections' => array(
+ /* OpenID IDP database */
+ 'mysql' => array(
+ 'driver' => 'mysql',
+ 'host' => '<%= mysql_host %>',
+ 'database' => '<%= id_db_name %>',
+ 'username' => '<%= mysql_user %>',
+ 'password' => '<%= mysql_password %>',
+ 'charset' => 'utf8',
+ 'collation' => 'utf8_unicode_ci',
+ 'prefix' => '',
+ ),
+ /* Silverstripe database */
+ 'mysql_external' => array(
+ 'driver' => 'mysql',
+ 'host' => '<%= mysql_host %>',
+ 'database' => '<%= ss_db_name %>',
+ 'username' => '<%= mysql_user %>',
+ 'password' => '<%= mysql_password %>',
+ 'charset' => 'utf8',
+ 'collation' => 'utf8_unicode_ci',
+ 'prefix' => '',
+ ),
+ ),
+
+ /*
+ |--------------------------------------------------------------------------
+ | Migration Repository Table
+ |--------------------------------------------------------------------------
+ |
+ | This table keeps track of all the migrations that have already run for
+ | your application. Using this information, we can determine which of
+ | the migrations on disk have not actually be run in the databases.
+ |
+ */
+
+ 'migrations' => 'migrations',
+
+ /*
+ |--------------------------------------------------------------------------
+ | Redis Databases
+ |--------------------------------------------------------------------------
+ |
+ | Redis is an open source, fast, and advanced key-value store that also
+ | provides a richer set of commands than a typical key-value systems
+ | such as APC or Memcached. Laravel makes it easy to dig right in.
+ |
+ */
+
+ 'redis' => array(
+
+ 'cluster' => true,
+
+ 'default' => array(
+ 'host' => '<%= redis_host %>',
+ 'port' => <%= redis_port %>,
+ ),
+
+ ),
+
+);
diff --git a/modules/openstackid/templates/vhost.erb b/modules/openstackid/templates/vhost.erb
new file mode 100644
index 0000000000..5594b52241
--- /dev/null
+++ b/modules/openstackid/templates/vhost.erb
@@ -0,0 +1,39 @@
+:80>
+ ServerAdmin <%= scope.lookupvar("openstackid::serveradmin") %>
+
+ ErrorLog ${APACHE_LOG_DIR}/openstackid-error.log
+ LogLevel warn
+ CustomLog ${APACHE_LOG_DIR}/openstackid-access.log combined
+
+ Redirect / https://<%= scope.lookupvar("openstackid::vhost_name") %>/
+
+
+
+
+:443>
+ ServerName <%= scope.lookupvar("openstackid::vhost_name") %>
+ ServerAdmin <%= scope.lookupvar("openstackid::serveradmin") %>
+
+ ErrorLog ${APACHE_LOG_DIR}/openstackid-ssl-error.log
+ LogLevel warn
+ CustomLog ${APACHE_LOG_DIR}/openstackid-ssl-access.log combined
+
+ SSLEngine on
+ SSLCertificateFile <%= scope.lookupvar("openstackid::ssl_cert_file") %>
+ SSLCertificateKeyFile <%= scope.lookupvar("openstackid::ssl_key_file") %>
+<% if scope.lookupvar("openstackid::ssl_chain_file") != "" %>
+ SSLCertificateChainFile <%= scope.lookupvar("openstackid::ssl_chain_file") %>
+<% end %>
+
+ RewriteEngine on
+ RewriteCond %{HTTP_HOST} !<%= scope.lookupvar("openstackid::vhost_name") %>
+ RewriteRule ^.*$ <%= scope.lookupvar("openstackid::canonicalweburl") %>
+
+ DocumentRoot <%= docroot %>
+ />
+ Order allow,deny
+ Allow from all
+
+
+
+