Split out cgit module

Depends-On: Ibae9f2aa1d40d4b7afe0882c684251b5fc8a7135
Change-Id: I0c6ae1cf29924f1380288790fa53373d3767072d

modules.env

@@ -61,6 +61,7 @@ INTEGRATION_MODULES["https://git.openstack.org/openstack-infra/puppet-ansible"]=
 INTEGRATION_MODULES["https://git.openstack.org/openstack-infra/puppet-asterisk"]="origin/master"
 INTEGRATION_MODULES["https://git.openstack.org/openstack-infra/puppet-bup"]="origin/master"
 INTEGRATION_MODULES["https://git.openstack.org/openstack-infra/puppet-bugdaystats"]="origin/master"
+INTEGRATION_MODULES["https://git.openstack.org/openstack-infra/puppet-cgit"]="origin/master"
 INTEGRATION_MODULES["https://git.openstack.org/openstack-infra/puppet-elasticsearch"]="origin/master"
 INTEGRATION_MODULES["https://git.openstack.org/openstack-infra/puppet-etherpad_lite"]="origin/master"
 INTEGRATION_MODULES["https://git.openstack.org/openstack-infra/puppet-elastic_recheck"]="origin/master"

modules/cgit/files/git.xinetd

@@ -1,14 +0,0 @@
-# default: off
-# description: The git dæmon allows git repositories to be exported using \
-#       the git:// protocol.
-
-service git
-{
-        disable         = yes
-        socket_type     = stream
-        wait            = no
-        user            = nobody
-        server          = /usr/libexec/git-core/git-daemon
-        server_args     = --base-path=/var/lib/git --export-all --syslog --inetd --verbose /var/lib/git
-        log_on_failure  += USERID
-}

modules/cgit/manifests/init.pp

@@ -1,175 +0,0 @@
-# Copyright 2013 Hewlett-Packard Development Company, L.P.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-#
-# Class: cgit
-#
-class cgit(
-  $vhost_name = $::fqdn,
-  $serveradmin = "webmaster@${::fqdn}",
-  $serveraliases = '',
-  $cgitdir = '/var/www/cgit',
-  $staticfiles = '/var/www/cgit/static',
-  $ssl_cert_file = '',
-  $ssl_key_file = '',
-  $ssl_chain_file = '',
-  $ssl_cert_file_contents = '', # If left empty puppet will not create file.
-  $ssl_key_file_contents = '', # If left empty puppet will not create file.
-  $ssl_chain_file_contents = '', # If left empty puppet will not create file.
-  $behind_proxy = false,
-) {
-
-  if $behind_proxy == true {
-    $http_port = 8080
-    $https_port = 4443
-    $daemon_port = 29418
-  }
-  else {
-    $http_port = 80
-    $https_port = 443
-    $daemon_port = 9418
-  }
-
-  include apache
-
-  if ($::osfamily == 'RedHat') {
-    include cgit::selinux
-  }
-
-  package { [
-      'cgit',
-      'git-daemon',
-      'highlight',
-    ]:
-    ensure => present,
-  }
-
-  user { 'cgit':
-    ensure     => present,
-    home       => '/home/cgit',
-    shell      => '/bin/bash',
-    gid        => 'cgit',
-    managehome => true,
-    require    => Group['cgit'],
-  }
-
-  group { 'cgit':
-    ensure => present,
-  }
-
-  file {'/home/cgit':
-    ensure  => directory,
-    owner   => 'cgit',
-    group   => 'cgit',
-    mode    => '0755',
-    require => User['cgit'],
-  }
-
-  file { '/var/lib/git':
-    ensure  => directory,
-    owner   => 'cgit',
-    group   => 'cgit',
-    mode    => '0644',
-    require => User['cgit'],
-  }
-
-  apache::vhost { $vhost_name:
-    port          => $https_port,
-    serveraliases => $serveraliases,
-    docroot       => 'MEANINGLESS ARGUMENT',
-    priority      => '50',
-    template      => 'cgit/git.vhost.erb',
-    ssl           => true,
-    require       => [
-      File[$staticfiles],
-      Package['cgit'],
-    ],
-  }
-
-  file { '/etc/httpd/conf/httpd.conf':
-    ensure  => present,
-    owner   => 'root',
-    group   => 'root',
-    mode    => '0644',
-    content => template('cgit/httpd.conf.erb'),
-    require => Package['httpd'],
-  }
-
-  file { '/etc/httpd/conf.d/ssl.conf':
-    ensure  => present,
-    owner   => 'root',
-    group   => 'root',
-    mode    => '0644',
-    content => template('cgit/ssl.conf.erb'),
-    require => Package[$::apache::params::ssl_package],
-  }
-
-  file { $cgitdir:
-    ensure => directory,
-    owner  => 'root',
-    group  => 'root',
-    mode   => '0755',
-  }
-
-  file { $staticfiles:
-    ensure  => directory,
-    owner   => 'root',
-    group   => 'root',
-    mode    => '0755',
-    require => File[$cgitdir],
-  }
-
-  file { '/etc/init.d/git-daemon':
-    ensure  => present,
-    owner   => 'root',
-    group   => 'root',
-    mode    => '0755',
-    content => template('cgit/git-daemon.init.erb'),
-  }
-
-  service { 'git-daemon':
-    ensure    => running,
-    enable    => true,
-    subscribe => File['/etc/init.d/git-daemon'],
-  }
-
-  if $ssl_cert_file_contents != '' {
-    file { $ssl_cert_file:
-      owner   => 'root',
-      group   => 'root',
-      mode    => '0640',
-      content => $ssl_cert_file_contents,
-      before  => Apache::Vhost[$vhost_name],
-    }
-  }
-
-  if $ssl_key_file_contents != '' {
-    file { $ssl_key_file:
-      owner   => 'root',
-      group   => 'root',
-      mode    => '0640',
-      content => $ssl_key_file_contents,
-      before  => Apache::Vhost[$vhost_name],
-    }
-  }
-
-  if $ssl_chain_file_contents != '' {
-    file { $ssl_chain_file:
-      owner   => 'root',
-      group   => 'root',
-      mode    => '0640',
-      content => $ssl_chain_file_contents,
-      before  => Apache::Vhost[$vhost_name],
-    }
-  }
-}

modules/cgit/manifests/selinux.pp

@@ -1,55 +0,0 @@
-# Copyright 2014 Hewlett-Packard Development Company, L.P.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-#
-# Class: cgit::selinux
-#
-class cgit::selinux {
-  exec { 'restorecon -R -v /var/lib/git':
-    path        => '/sbin',
-    require     => File['/var/lib/git'],
-    subscribe   => File['/var/lib/git'],
-    refreshonly => true,
-  }
-
-  selboolean { 'httpd_enable_cgi':
-    persistent => true,
-    value      => on
-  }
-
-  package { 'policycoreutils-python':
-    ensure => present,
-  }
-
-  exec { 'cgit_allow_http_port':
-    # If we cannot add the rule modify the existing rule.
-    onlyif      => "bash -c \'! semanage port -a -t http_port_t -p tcp ${::cgit::http_port}\'",
-    command     => "semanage port -m -t http_port_t -p tcp ${::cgit::http_port}",
-    path        => '/bin:/usr/sbin',
-    before      => Service['httpd'],
-    require     => Package['policycoreutils-python'],
-    subscribe   => File['/etc/httpd/conf/httpd.conf'],
-    refreshonly => true,
-  }
-
-  exec { 'cgit_allow_https_port':
-    # If we cannot add the rule modify the existing rule.
-    onlyif      => "bash -c \'! semanage port -a -t http_port_t -p tcp ${::cgit::https_port}\'",
-    command     => "semanage port -m -t http_port_t -p tcp ${::cgit::https_port}",
-    path        => '/bin:/usr/sbin',
-    require     => Package['policycoreutils-python'],
-    subscribe   => File['/etc/httpd/conf.d/ssl.conf'],
-    refreshonly => true,
-  }
-}
-

modules/cgit/templates/git-daemon.init.erb

@@ -1,63 +0,0 @@
-#!/bin/sh
-#
-#   Startup/shutdown script for the git daemon
-#   chkconfig: 345 56 10
-#
-#   description: Startup/shutdown script for the git daemon
-#
-. /etc/init.d/functions
-
-NAME=git-daemon
-USER=nobody
-DAEMON=/usr/libexec/git-core/git-daemon
-GIT_REPO=/var/lib/git
-PORT=<%= scope.lookupvar("cgit::daemon_port") %>
-ARGS="--base-path=/var/lib/git --user=$USER --export-all --syslog --detach --verbose --port=$PORT $GIT_REPO"
-
-start () {
-    echo -n $"Starting $NAME: "
-
-    # start daemon
-    daemon $DAEMON $ARGS
-        RETVAL=$?
-    echo
-    [ $RETVAL = 0 ] && touch /var/lock/git-daemon
-    return $RETVAL
-}
-
-stop () {
-    # stop daemon
-
-    echo -n $"Stopping $NAME: "
-    killproc $DAEMON
-    RETVAL=$?
-    echo
-    [ $RETVAL = 0 ] && rm -f /var/lock/git-daemon
-}
-
-restart() {
-    stop
-    start
-}
-
-case $1 in
-    start)
-        start
-        ;;
-    stop)
-        stop
-        ;;
-    restart)
-        restart
-        ;;
-    status)
-        status $DAEMON
-        RETVAL=$?
-        ;;
-    *)
-        echo $"Usage: $NAME {start|stop|restart|status}"
-        exit 3
-        ;;
-esac
-
-exit $RETVAL

modules/cgit/templates/git.vhost.erb

@@ -1,70 +0,0 @@
-<VirtualHost *:<%= scope.lookupvar("cgit::http_port") %>>
-  ServerName <%= scope.lookupvar("cgit::vhost_name") %>
-  ServerAdmin <%= scope.lookupvar("cgit::serveradmin") %>
-
-<% if @serveraliases.is_a? Array -%>
-<% @serveraliases.each do |name| -%><%= "  ServerAlias #{name}\n" %><% end -%>
-<% elsif @serveraliases != '' -%>
-<%= "  ServerAlias #{@serveraliases}" -%>
-<% end -%>
-
-  Alias /cgit-data /usr/share/cgit
-  ScriptAlias /cgit /var/www/cgi-bin/cgit
-  Alias /static <%= scope.lookupvar("cgit::staticfiles") %>
-  RewriteEngine On
-  RewriteRule ^/$ /cgit [R]
-
-  SetEnv GIT_PROJECT_ROOT /var/lib/git/
-  SetEnv GIT_HTTP_EXPORT_ALL
-  SetEnv GIT_NOTES_DISPLAY_REF refs/notes/*
-
-  AliasMatch ^/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$ /var/lib/git/$1
-  AliasMatch ^/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ /var/lib/git/$1
-  ScriptAlias / /usr/libexec/git-core/git-http-backend/
-
-  ErrorLog /var/log/httpd/git-error.log
-
-  LogLevel warn
-
-  CustomLog /var/log/httpd/git-access.log combined
-</VirtualHost>
-
-<VirtualHost *:<%= scope.lookupvar("cgit::https_port") %>>
-  ServerName <%= scope.lookupvar("cgit::vhost_name") %>
-  ServerAdmin <%= scope.lookupvar("cgit::serveradmin") %>
-
-<% if @serveraliases.is_a? Array -%>
-<% @serveraliases.each do |name| -%><%= "  ServerAlias #{name}\n" %><% end -%>
-<% elsif @serveraliases != '' -%>
-<%= "  ServerAlias #{@serveraliases}" -%>
-<% end -%>
-
-  Alias /cgit-data /usr/share/cgit
-  ScriptAlias /cgit /var/www/cgi-bin/cgit
-  Alias /static <%= scope.lookupvar("cgit::staticfiles") %>
-  RewriteEngine On
-  RewriteRule ^/$ /cgit [R]
-
-  SetEnv GIT_PROJECT_ROOT /var/lib/git/
-  SetEnv GIT_HTTP_EXPORT_ALL
-  SetEnv GIT_NOTES_DISPLAY_REF refs/notes/*
-
-  AliasMatch ^/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$ /var/lib/git/$1
-  AliasMatch ^/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ /var/lib/git/$1
-  ScriptAlias / /usr/libexec/git-core/git-http-backend/
-
-  ErrorLog /var/log/httpd/git-error.log
-
-  LogLevel warn
-
-  CustomLog /var/log/httpd/git-access.log combined
-
-  SSLEngine on
-  SSLProtocol All -SSLv2 -SSLv3
-
-  SSLCertificateFile      <%= scope.lookupvar("cgit::ssl_cert_file") %>
-  SSLCertificateKeyFile   <%= scope.lookupvar("cgit::ssl_key_file") %>
-<% if scope.lookupvar("cgit::ssl_chain_file") != "" %>
-  SSLCertificateChainFile <%= scope.lookupvar("cgit::ssl_chain_file") %>
-<% end %>
-</VirtualHost>

modules/cgit/templates/ssl.conf.erb

@@ -1,68 +0,0 @@
-#
-# This is the Apache server configuration file providing SSL support.
-# It contains the configuration directives to instruct the server how to
-# serve pages over an https connection. For detailing information about these 
-# directives see <URL:http://httpd.apache.org/docs/2.2/mod/mod_ssl.html>
-# 
-# Do NOT simply read the instructions in here without understanding
-# what they do.  They're here only as hints or reminders.  If you are unsure
-# consult the online docs. You have been warned.  
-#
-
-LoadModule ssl_module modules/mod_ssl.so
-
-#
-# When we also provide SSL we have to listen to the 
-# the HTTPS port in addition.
-#
-Listen <%= scope.lookupvar("cgit::https_port") %>
-
-##
-##  SSL Global Context
-##
-##  All SSL configuration in this context applies both to
-##  the main server and all SSL-enabled virtual hosts.
-##
-
-#   Pass Phrase Dialog:
-#   Configure the pass phrase gathering process.
-#   The filtering dialog program (`builtin' is a internal
-#   terminal dialog) has to provide the pass phrase on stdout.
-SSLPassPhraseDialog  builtin
-
-#   Inter-Process Session Cache:
-#   Configure the SSL Session Cache: First the mechanism 
-#   to use and second the expiring timeout (in seconds).
-SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
-SSLSessionCacheTimeout  300
-
-#   Semaphore:
-#   Configure the path to the mutual exclusion semaphore the
-#   SSL engine uses internally for inter-process synchronization. 
-SSLMutex default
-
-#   Pseudo Random Number Generator (PRNG):
-#   Configure one or more sources to seed the PRNG of the 
-#   SSL library. The seed data should be of good random quality.
-#   WARNING! On some platforms /dev/random blocks if not enough entropy
-#   is available. This means you then cannot use the /dev/random device
-#   because it would lead to very long connection times (as long as
-#   it requires to make more entropy available). But usually those
-#   platforms additionally provide a /dev/urandom device which doesn't
-#   block. So, if available, use this one instead. Read the mod_ssl User
-#   Manual for more details.
-SSLRandomSeed startup file:/dev/urandom  256
-SSLRandomSeed connect builtin
-#SSLRandomSeed startup file:/dev/random  512
-#SSLRandomSeed connect file:/dev/random  512
-#SSLRandomSeed connect file:/dev/urandom 512
-
-#
-# Use "SSLCryptoDevice" to enable any supported hardware
-# accelerators. Use "openssl engine -v" to list supported
-# engine names.  NOTE: If you enable an accelerator and the
-# server does not start, consult the error logs and ensure
-# your accelerator is functioning properly. 
-#
-SSLCryptoDevice builtin
-#SSLCryptoDevice ubsec