From 318c79b9fc62de64aa825e066d3212b251446255 Mon Sep 17 00:00:00 2001 From: Jeremy Stanley Date: Fri, 20 Dec 2013 04:59:12 +0000 Subject: [PATCH] Set up openstackid module Refactor the openstack_project::openstackid_dev module out into a top-level openstackid module in preparation for multiple servers, set up Apache to serve content out of /srv/openstackid, add an /etc/openstackid/database.php file with connection details injected from hiera and keep an updated clone of openstack-infra/openstackid in /opt/openstackid. Change-Id: Icdde594384e3af27c8dd185a51b9e5a71619fb7b --- manifests/site.pp | 10 +- .../{openid_dev.pp => openstackid_dev.pp} | 39 ++-- modules/openstackid/manifests/init.pp | 207 ++++++++++++++++++ .../openstackid/templates/database.php.erb | 107 +++++++++ modules/openstackid/templates/vhost.erb | 39 ++++ 5 files changed, 377 insertions(+), 25 deletions(-) rename modules/openstack_project/manifests/{openid_dev.pp => openstackid_dev.pp} (61%) create mode 100644 modules/openstackid/manifests/init.pp create mode 100644 modules/openstackid/templates/database.php.erb create mode 100644 modules/openstackid/templates/vhost.erb diff --git a/manifests/site.pp b/manifests/site.pp index 1d2f3c357b..bf72dd8c8d 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -662,11 +662,11 @@ node /^.*\.jclouds\.openstack\.org$/ { } node 'openstackid-dev.openstack.org' { - class { 'openstack_project::openid_dev': - sysadmins => hiera('sysadmins'), - site_admin_password => hiera('openstackid_dev_site_admin_password'), - site_mysql_host => hiera('openstackid_dev_mysql_host'), - site_mysql_password => hiera('openstackid_dev_mysql_password'), + class { 'openstack_project::openstackid_dev': + sysadmins => hiera('sysadmins'), + site_admin_password => hiera('openstackid_dev_site_admin_password'), + mysql_host => hiera('openstackid_dev_mysql_host'), + mysql_password => hiera('openstackid_dev_mysql_password'), } } diff --git a/modules/openstack_project/manifests/openid_dev.pp b/modules/openstack_project/manifests/openstackid_dev.pp similarity index 61% rename from modules/openstack_project/manifests/openid_dev.pp rename to modules/openstack_project/manifests/openstackid_dev.pp index b871a941f9..dbdec647fc 100644 --- a/modules/openstack_project/manifests/openid_dev.pp +++ b/modules/openstack_project/manifests/openstackid_dev.pp @@ -14,17 +14,19 @@ # # openstackid idp(sso-openid) dev server # -class openstack_project::openid_dev ( +class openstack_project::openstackid_dev ( $sysadmins = [], $site_admin_password = '', - $site_mysql_password = '', - $site_mysql_user = 'openstackid', - $site_mysql_host = '127.0.0.1', - $db_name = 'openstackid_openid_dev', - $redis_port = '6378', - $redis_max_memory = '1gb', - $redis_bind = '127.0.0.1', + $mysql_host = '', + $mysql_user = 'openstackid', + $mysql_password = '', + $id_db_name = 'openstackid_openid_dev', + $ss_db_name = 'openstackid_silverstripe_dev', + $redis_port = '6378', + $redis_max_memory = '1gb', + $redis_bind = '127.0.0.1' ) { + realize ( User::Virtual::Localuser['smarcet'], ) @@ -34,25 +36,22 @@ class openstack_project::openid_dev ( sysadmins => $sysadmins, } - # php packages needed for openid server - - include apt - apt::ppa { 'ppa:ondrej/php5-oldstable': } - - # we need PHP 5.4 or greather - package { ['php5-common','php5-curl','php5-cli','php5-json','php5-mcrypt','php5-mysql']: - require => [ Exec[apt_update], Class['openstack_project::server'] ] + class { 'openstackid': + site_admin_password => $site_admin_password, + mysql_host => $mysql_host, + mysql_user => $mysql_user, + mysql_password => $mysql_password, + id_db_name => $id_db_name, + ss_db_name => $ss_db_name, + redis_port => $redis_port, + redis_host => $redis_bind, } # redis (custom module written by tipit) - class { 'redis': redis_port => $redis_port, redis_max_memory => $redis_max_memory, redis_bind => $redis_bind, } - include apache - include apache::ssl - include apache::php } diff --git a/modules/openstackid/manifests/init.pp b/modules/openstackid/manifests/init.pp new file mode 100644 index 0000000000..5e0f595432 --- /dev/null +++ b/modules/openstackid/manifests/init.pp @@ -0,0 +1,207 @@ +# Copyright 2013 OpenStack Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# openstackid idp(sso-openid) +# +# == Class: openstackid +# +class openstackid ( + $git_source_repo = 'https://git.openstack.org/openstack-infra/openstackid', + $site_admin_password = '', + $mysql_host = '', + $mysql_user = '', + $mysql_password = '', + $id_db_name = '', + $ss_db_name = '', + $redis_port = '', + $redis_host = '', + $vhost_name = $::fqdn, + $robots_txt_source = '', + $serveradmin = "webmaster@${::fqdn}", + $canonicalweburl = "https://${::fqdn}/", + $ssl_cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem', + $ssl_key_file = '/etc/ssl/private/ssl-cert-snakeoil.key', + $ssl_chain_file = '', + $ssl_cert_file_contents = '', # If left empty puppet will not create file. + $ssl_key_file_contents = '', # If left empty puppet will not create file. + $ssl_chain_file_contents = '', # If left empty puppet will not create file. + $httpd_acceptorthreads = '', +) { + + vcsrepo { '/opt/openstackid': + ensure => latest, + provider => git, + revision => 'master', + source => $git_source_repo, + } + + # we need PHP 5.4 or greather + include apt + apt::ppa { 'ppa:ondrej/php5-oldstable': } + + # php packages needed for openid server + package { + [ + 'php5-common', + 'php5-curl', + 'php5-cli', + 'php5-json', + 'php5-mcrypt', + 'php5-mysql', + ]: + require => Exec[apt_update], + } + + group { 'openstackid': + ensure => present, + } + + user { 'openstackid': + ensure => present, + managehome => true, + comment => 'OpenStackID User', + shell => '/bin/bash', + gid => 'openstackid', + require => Group['openstackid'], + } + + file { '/etc/openstackid': + ensure => directory, + owner => 'root', + group => 'root', + mode => '0755', + } + + file { '/etc/openstackid/database.php': + ensure => present, + content => template('openstackid/database.php.erb'), + owner => 'root', + group => 'openstackid', + mode => '0640', + require => [ + File['/etc/openstackid'], + Group['openstackid'], + ] + } + + file { '/srv/openstackid': + ensure => directory, + owner => 'root', + group => 'root', + mode => '0755', + } + + file { '/srv/openstackid/app': + ensure => directory, + owner => 'root', + group => 'root', + mode => '0755', + require => File['/srv/openstackid'], + } + + file { '/srv/openstackid/app/config': + ensure => directory, + owner => 'root', + group => 'root', + mode => '0755', + require => File['/srv/openstackid/app'], + } + + file { '/srv/openstackid/app/config/dev': + ensure => directory, + owner => 'root', + group => 'root', + mode => '0755', + require => File['/srv/openstackid/app/config'], + } + + file { '/srv/openstackid/app/config/dev/database.php': + ensure => link, + target => '/etc/openstackid/database.php', + require => [ + File['/srv/openstackid/app/config/dev'], + File['/etc/openstackid/database.php'], + ], + } + + file { '/srv/openstackid/public': + ensure => directory, + owner => 'root', + group => 'root', + mode => '0755', + require => File['/srv/openstackid'], + } + + include apache + include apache::ssl + include apache::php + apache::vhost { $vhost_name: + port => 443, + docroot => '/srv/openstackid/public', + priority => '50', + template => 'openstackid/vhost.erb', + ssl => true, + require => File['/srv/openstackid/public'], + } + a2mod { 'rewrite': + ensure => present, + } + a2mod { 'proxy': + ensure => present, + } + a2mod { 'proxy_http': + ensure => present, + } + + if $ssl_cert_file_contents != '' { + file { $ssl_cert_file: + owner => 'root', + group => 'root', + mode => '0640', + content => $ssl_cert_file_contents, + before => Apache::Vhost[$vhost_name], + } + } + + if $ssl_key_file_contents != '' { + file { $ssl_key_file: + owner => 'root', + group => 'ssl-cert', + mode => '0640', + content => $ssl_key_file_contents, + before => Apache::Vhost[$vhost_name], + } + } + + if $ssl_chain_file_contents != '' { + file { $ssl_chain_file: + owner => 'root', + group => 'root', + mode => '0640', + content => $ssl_chain_file_contents, + before => Apache::Vhost[$vhost_name], + } + } + + if $robots_txt_source != '' { + file { '/srv/openstackid/public/robots.txt': + owner => 'root', + group => 'root', + mode => '0644', + source => $robots_txt_source, + require => File['/srv/openstackid/public'], + } + } + +} diff --git a/modules/openstackid/templates/database.php.erb b/modules/openstackid/templates/database.php.erb new file mode 100644 index 0000000000..e7b6c6a9c0 --- /dev/null +++ b/modules/openstackid/templates/database.php.erb @@ -0,0 +1,107 @@ + PDO::FETCH_CLASS, + + /* + |-------------------------------------------------------------------------- + | Default Database Connection Name + |-------------------------------------------------------------------------- + | + | Here you may specify which of the database connections below you wish + | to use as your default connection for all database work. Of course + | you may use many connections at once using the Database library. + | + */ + + 'default' => 'mysql', + + /* + |-------------------------------------------------------------------------- + | Database Connections + |-------------------------------------------------------------------------- + | + | Here are each of the database connections setup for your application. + | Of course, examples of configuring each database platform that is + | supported by Laravel is shown below to make development simple. + | + | + | All database work in Laravel is done through the PHP PDO facilities + | so make sure you have the driver for your particular database of + | choice installed on your machine before you begin development. + | + */ + + 'connections' => array( + /* OpenID IDP database */ + 'mysql' => array( + 'driver' => 'mysql', + 'host' => '<%= mysql_host %>', + 'database' => '<%= id_db_name %>', + 'username' => '<%= mysql_user %>', + 'password' => '<%= mysql_password %>', + 'charset' => 'utf8', + 'collation' => 'utf8_unicode_ci', + 'prefix' => '', + ), + /* Silverstripe database */ + 'mysql_external' => array( + 'driver' => 'mysql', + 'host' => '<%= mysql_host %>', + 'database' => '<%= ss_db_name %>', + 'username' => '<%= mysql_user %>', + 'password' => '<%= mysql_password %>', + 'charset' => 'utf8', + 'collation' => 'utf8_unicode_ci', + 'prefix' => '', + ), + ), + + /* + |-------------------------------------------------------------------------- + | Migration Repository Table + |-------------------------------------------------------------------------- + | + | This table keeps track of all the migrations that have already run for + | your application. Using this information, we can determine which of + | the migrations on disk have not actually be run in the databases. + | + */ + + 'migrations' => 'migrations', + + /* + |-------------------------------------------------------------------------- + | Redis Databases + |-------------------------------------------------------------------------- + | + | Redis is an open source, fast, and advanced key-value store that also + | provides a richer set of commands than a typical key-value systems + | such as APC or Memcached. Laravel makes it easy to dig right in. + | + */ + + 'redis' => array( + + 'cluster' => true, + + 'default' => array( + 'host' => '<%= redis_host %>', + 'port' => <%= redis_port %>, + ), + + ), + +); diff --git a/modules/openstackid/templates/vhost.erb b/modules/openstackid/templates/vhost.erb new file mode 100644 index 0000000000..5594b52241 --- /dev/null +++ b/modules/openstackid/templates/vhost.erb @@ -0,0 +1,39 @@ +:80> + ServerAdmin <%= scope.lookupvar("openstackid::serveradmin") %> + + ErrorLog ${APACHE_LOG_DIR}/openstackid-error.log + LogLevel warn + CustomLog ${APACHE_LOG_DIR}/openstackid-access.log combined + + Redirect / https://<%= scope.lookupvar("openstackid::vhost_name") %>/ + + + + +:443> + ServerName <%= scope.lookupvar("openstackid::vhost_name") %> + ServerAdmin <%= scope.lookupvar("openstackid::serveradmin") %> + + ErrorLog ${APACHE_LOG_DIR}/openstackid-ssl-error.log + LogLevel warn + CustomLog ${APACHE_LOG_DIR}/openstackid-ssl-access.log combined + + SSLEngine on + SSLCertificateFile <%= scope.lookupvar("openstackid::ssl_cert_file") %> + SSLCertificateKeyFile <%= scope.lookupvar("openstackid::ssl_key_file") %> +<% if scope.lookupvar("openstackid::ssl_chain_file") != "" %> + SSLCertificateChainFile <%= scope.lookupvar("openstackid::ssl_chain_file") %> +<% end %> + + RewriteEngine on + RewriteCond %{HTTP_HOST} !<%= scope.lookupvar("openstackid::vhost_name") %> + RewriteRule ^.*$ <%= scope.lookupvar("openstackid::canonicalweburl") %> + + DocumentRoot <%= docroot %> + /> + Order allow,deny + Allow from all + + + +