Align all web server usage on apache module.
Change-Id: Idd712a8ee5ec81c6b88b7d3e2270dce4da254927 Reviewed-on: https://review.openstack.org/10838 Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
This commit is contained in:
parent
a9f62a2c17
commit
7d8c838038
@ -26,7 +26,13 @@ if ! puppet help module >/dev/null 2>&1 ; then
|
|||||||
apt-get install -y -o Dpkg::Options::="--force-confold" puppet facter
|
apt-get install -y -o Dpkg::Options::="--force-confold" puppet facter
|
||||||
fi
|
fi
|
||||||
|
|
||||||
MODULES="puppetlabs-apt puppetlabs-mysql openstackci-dashboard openstackci-vcsrepo"
|
MODULES="
|
||||||
|
openstackci-dashboard
|
||||||
|
openstackci-vcsrepo
|
||||||
|
puppetlabs-apache
|
||||||
|
puppetlabs-apt
|
||||||
|
puppetlabs-mysql
|
||||||
|
"
|
||||||
MODULE_LIST=`puppet module list`
|
MODULE_LIST=`puppet module list`
|
||||||
|
|
||||||
# Transition away from old things
|
# Transition away from old things
|
||||||
|
58
modules/etherpad_lite/manifests/apache.pp
Normal file
58
modules/etherpad_lite/manifests/apache.pp
Normal file
@ -0,0 +1,58 @@
|
|||||||
|
class etherpad_lite::apache (
|
||||||
|
$vhost_name = $fqdn,
|
||||||
|
$etherpad_crt,
|
||||||
|
$etherpad_key
|
||||||
|
) {
|
||||||
|
|
||||||
|
include remove_nginx
|
||||||
|
|
||||||
|
apache::vhost { $vhost_name:
|
||||||
|
post => 443,
|
||||||
|
docroot => 'MEANINGLESS ARGUMENT',
|
||||||
|
priority => '50',
|
||||||
|
template => 'etherpadlite/etherpadlite.vhost.erb',
|
||||||
|
require => File["/etc/ssl/certs/${vhost_name}.pem",
|
||||||
|
"/etc/ssl/private/${vhost_name}.key"],
|
||||||
|
ssl => true,
|
||||||
|
}
|
||||||
|
a2mod { 'rewrite':
|
||||||
|
ensure => present
|
||||||
|
}
|
||||||
|
a2mod { 'proxy':
|
||||||
|
ensure => present
|
||||||
|
}
|
||||||
|
a2mod { 'proxy_http':
|
||||||
|
ensure => present
|
||||||
|
}
|
||||||
|
|
||||||
|
file { '/etc/ssl/certs':
|
||||||
|
ensure => directory,
|
||||||
|
owner => 'root',
|
||||||
|
mode => 0700,
|
||||||
|
}
|
||||||
|
|
||||||
|
file { '/etc/ssl/private':
|
||||||
|
ensure => directory,
|
||||||
|
owner => 'root',
|
||||||
|
mode => 0700,
|
||||||
|
}
|
||||||
|
|
||||||
|
file { "/etc/ssl/cert/${vhost_name}.pem":
|
||||||
|
ensure => present,
|
||||||
|
replace => true,
|
||||||
|
owner => 'root',
|
||||||
|
mode => 0600,
|
||||||
|
content => template('etherpad_lite/eplite.crt.erb'),
|
||||||
|
require => Apache::Vhost[$vhost_name],
|
||||||
|
}
|
||||||
|
|
||||||
|
file { '/etc/ssl/private/${vhost_name}.key':
|
||||||
|
ensure => present,
|
||||||
|
replace => true,
|
||||||
|
owner => 'root',
|
||||||
|
mode => 0600,
|
||||||
|
content => template('etherpad_lite/eplite.key.erb'),
|
||||||
|
require => Apache::Vhost[$vhost_name],
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
@ -38,7 +38,7 @@ define buildsource(
|
|||||||
# include etherpad_lite
|
# include etherpad_lite
|
||||||
# include etherpad_lite::mysql # necessary to use mysql as the backend
|
# include etherpad_lite::mysql # necessary to use mysql as the backend
|
||||||
# include etherpad_lite::site # configures etherpad lite instance
|
# include etherpad_lite::site # configures etherpad lite instance
|
||||||
# include etherpad_lite::nginx # will add reverse proxy on localhost
|
# include etherpad_lite::apache # will add reverse proxy on localhost
|
||||||
# The defaults for all the classes should just work (tm)
|
# The defaults for all the classes should just work (tm)
|
||||||
#
|
#
|
||||||
#
|
#
|
||||||
|
@ -1,62 +0,0 @@
|
|||||||
class etherpad_lite::nginx (
|
|
||||||
$default_server = 'default_server',
|
|
||||||
$server_name = $fqdn,
|
|
||||||
$etherpad_crt,
|
|
||||||
$etherpad_key
|
|
||||||
) {
|
|
||||||
|
|
||||||
package { 'nginx':
|
|
||||||
ensure => present
|
|
||||||
}
|
|
||||||
|
|
||||||
file { '/etc/nginx/sites-enabled/default':
|
|
||||||
ensure => absent,
|
|
||||||
require => Package['nginx'],
|
|
||||||
notify => Service['nginx']
|
|
||||||
}
|
|
||||||
|
|
||||||
file { '/etc/nginx/sites-available/etherpad-lite':
|
|
||||||
ensure => present,
|
|
||||||
content => template('etherpad_lite/nginx.erb'),
|
|
||||||
replace => 'true',
|
|
||||||
owner => 'root',
|
|
||||||
require => File['/etc/nginx/ssl/eplite.crt', '/etc/nginx/ssl/eplite.key'],
|
|
||||||
notify => Service['nginx']
|
|
||||||
}
|
|
||||||
|
|
||||||
file { '/etc/nginx/sites-enabled/etherpad-lite':
|
|
||||||
ensure => link,
|
|
||||||
target => '/etc/nginx/sites-available/etherpad-lite'
|
|
||||||
}
|
|
||||||
|
|
||||||
file { '/etc/nginx/ssl':
|
|
||||||
ensure => directory,
|
|
||||||
owner => 'root',
|
|
||||||
mode => 0700,
|
|
||||||
}
|
|
||||||
|
|
||||||
file { '/etc/nginx/ssl/eplite.crt':
|
|
||||||
ensure => present,
|
|
||||||
replace => true,
|
|
||||||
owner => 'root',
|
|
||||||
mode => 0600,
|
|
||||||
content => template('etherpad_lite/eplite.crt.erb'),
|
|
||||||
require => Package['nginx'],
|
|
||||||
}
|
|
||||||
|
|
||||||
file { '/etc/nginx/ssl/eplite.key':
|
|
||||||
ensure => present,
|
|
||||||
replace => true,
|
|
||||||
owner => 'root',
|
|
||||||
mode => 0600,
|
|
||||||
content => template('etherpad_lite/eplite.key.erb'),
|
|
||||||
require => Package['nginx'],
|
|
||||||
}
|
|
||||||
|
|
||||||
service { 'nginx':
|
|
||||||
enable => true,
|
|
||||||
ensure => running,
|
|
||||||
hasrestart => true
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
44
modules/etherpad_lite/templates/etherpadlite.vhost.erb
Normal file
44
modules/etherpad_lite/templates/etherpadlite.vhost.erb
Normal file
@ -0,0 +1,44 @@
|
|||||||
|
<VirtualHost <%= scope.lookupvar("etherpad_lite::vhost_name") %>:80>
|
||||||
|
ServerAdmin <%= scope.lookupvar("etherpad_lite::serveradmin") %>
|
||||||
|
|
||||||
|
ErrorLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("etherpad_lite::vhost_name") %>-error.log
|
||||||
|
|
||||||
|
LogLevel warn
|
||||||
|
|
||||||
|
CustomLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("etherpad_lite::vhost_name") %>-access.log combined
|
||||||
|
|
||||||
|
Redirect / https://<%= scope.lookupvar("etherpad_lite::vhost_name") %>/
|
||||||
|
|
||||||
|
</VirtualHost>
|
||||||
|
|
||||||
|
<IfModule mod_ssl.c>
|
||||||
|
<VirtualHost <%= scope.lookupvar("etherpad_lite::vhost_name") %>:443>
|
||||||
|
ServerName <%= scope.lookupvar("etherpad_lite::vhost_name") %>
|
||||||
|
ServerAdmin <%= scope.lookupvar("etherpad_lite::serveradmin") %>
|
||||||
|
|
||||||
|
ErrorLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("etherpad_lite::vhost_name") %>-ssl-error.log
|
||||||
|
|
||||||
|
LogLevel warn
|
||||||
|
|
||||||
|
CustomLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("etherpad_lite::vhost_name") %>-ssl-access.log combined
|
||||||
|
|
||||||
|
SSLEngine on
|
||||||
|
|
||||||
|
SSLCertificateFile /etc/ssl/certs/<%= scope.lookupvar("etherpad_lite::vhost_name") %>.pem
|
||||||
|
SSLCertificateKeyFile /etc/ssl/private/<%= scope.lookupvar("etherpad_lite::vhost_name") %>.key
|
||||||
|
|
||||||
|
BrowserMatch "MSIE [2-6]" \
|
||||||
|
nokeepalive ssl-unclean-shutdown \
|
||||||
|
downgrade-1.0 force-response-1.0
|
||||||
|
# MSIE 7 and newer should be able to use keepalive
|
||||||
|
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
|
||||||
|
|
||||||
|
RewriteEngine on
|
||||||
|
RewriteCond %{HTTP_HOST} !<%= scope.lookupvar("etherpad_lite::vhost_name") %>
|
||||||
|
RewriteRule ^.*$ https://<%= scope.lookupvar("etherpad_lite::vhost_name") %>
|
||||||
|
RewriteRule ^/(.*)$ http://localhost:9001/$1 [P]
|
||||||
|
|
||||||
|
ProxyPassReverse / http://localhost:9001/
|
||||||
|
|
||||||
|
</VirtualHost>
|
||||||
|
</IfModule>
|
@ -1,29 +0,0 @@
|
|||||||
server {
|
|
||||||
listen 443 <%= default_server %>;
|
|
||||||
server_name <%= server_name %>;
|
|
||||||
|
|
||||||
access_log /var/log/nginx/eplite.access.log;
|
|
||||||
error_log /var/log/nginx/eplite.error.log;
|
|
||||||
|
|
||||||
ssl on;
|
|
||||||
ssl_certificate /etc/nginx/ssl/eplite.crt;
|
|
||||||
ssl_certificate_key /etc/nginx/ssl/eplite.key;
|
|
||||||
|
|
||||||
ssl_session_timeout 5m;
|
|
||||||
|
|
||||||
ssl_protocols SSLv2 SSLv3 TLSv1;
|
|
||||||
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
|
|
||||||
ssl_prefer_server_ciphers on;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
proxy_pass http://localhost:9001/;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_buffering off;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 80 <%= default_server %>;
|
|
||||||
server_name <%= server_name %>;
|
|
||||||
rewrite ^(.*) https://$server_name$1 permanent;
|
|
||||||
}
|
|
@ -1,6 +1,6 @@
|
|||||||
# Install and maintain Gerrit Code Review.
|
# Install and maintain Gerrit Code Review.
|
||||||
# params:
|
# params:
|
||||||
# virtual_hostname:
|
# vhost_name:
|
||||||
# used in the Apache virtual host, eg., review.example.com
|
# used in the Apache virtual host, eg., review.example.com
|
||||||
# canonicalweburl:
|
# canonicalweburl:
|
||||||
# Used in the Gerrit config to generate links, eg., https://review.example.com/
|
# Used in the Gerrit config to generate links, eg., https://review.example.com/
|
||||||
@ -53,8 +53,9 @@
|
|||||||
# which can interfere with testing.
|
# which can interfere with testing.
|
||||||
# TODO: make more gerrit options configurable here
|
# TODO: make more gerrit options configurable here
|
||||||
|
|
||||||
class gerrit($virtual_hostname=$fqdn,
|
class gerrit($vhost_name=$fqdn,
|
||||||
$canonicalweburl="https://$fqdn/",
|
$canonicalweburl="https://$fqdn/",
|
||||||
|
$serveradmin="webmaster@$fqdn",
|
||||||
$ssl_cert_file='/etc/ssl/certs/ssl-cert-snakeoil.pem',
|
$ssl_cert_file='/etc/ssl/certs/ssl-cert-snakeoil.pem',
|
||||||
$ssl_key_file='/etc/ssl/private/ssl-cert-snakeoil.key',
|
$ssl_key_file='/etc/ssl/private/ssl-cert-snakeoil.key',
|
||||||
$ssl_chain_file='',
|
$ssl_chain_file='',
|
||||||
@ -87,7 +88,6 @@ class gerrit($virtual_hostname=$fqdn,
|
|||||||
) {
|
) {
|
||||||
|
|
||||||
include apache
|
include apache
|
||||||
require apache::dev
|
|
||||||
|
|
||||||
$java_home = $lsbdistcodename ? {
|
$java_home = $lsbdistcodename ? {
|
||||||
"precise" => "/usr/lib/jvm/java-6-openjdk-amd64/jre",
|
"precise" => "/usr/lib/jvm/java-6-openjdk-amd64/jre",
|
||||||
@ -248,7 +248,7 @@ class gerrit($virtual_hostname=$fqdn,
|
|||||||
|
|
||||||
# Set up apache.
|
# Set up apache.
|
||||||
|
|
||||||
apache::vhost { $virtual_hostname:
|
apache::vhost { $vhost_name:
|
||||||
port => 443,
|
port => 443,
|
||||||
docroot => 'MEANINGLESS ARGUMENT',
|
docroot => 'MEANINGLESS ARGUMENT',
|
||||||
priority => '50',
|
priority => '50',
|
||||||
|
@ -1,17 +1,20 @@
|
|||||||
<VirtualHost *:80>
|
<VirtualHost <%= scope.lookupvar("gerrit::vhost_name") %>:80>
|
||||||
|
ServerAdmin <%= scope.lookupvar("gerrit::serveradmin") %>
|
||||||
|
|
||||||
ErrorLog ${APACHE_LOG_DIR}/gerrit-error.log
|
ErrorLog ${APACHE_LOG_DIR}/gerrit-error.log
|
||||||
|
|
||||||
LogLevel warn
|
LogLevel warn
|
||||||
|
|
||||||
CustomLog ${APACHE_LOG_DIR}/gerrit-access.log combined
|
CustomLog ${APACHE_LOG_DIR}/gerrit-access.log combined
|
||||||
|
|
||||||
Redirect / <%= scope.lookupvar("gerrit::canonicalweburl") %>
|
Redirect / https://<%= scope.lookupvar("gerrit::vhost_name") %>/
|
||||||
|
|
||||||
</VirtualHost>
|
</VirtualHost>
|
||||||
|
|
||||||
<IfModule mod_ssl.c>
|
<IfModule mod_ssl.c>
|
||||||
<VirtualHost _default_:443>
|
<VirtualHost <%= scope.lookupvar("gerrit::vhost_name") %>:443>
|
||||||
ServerName <%= scope.lookupvar("gerrit::virtual_hostname") %>
|
ServerName <%= scope.lookupvar("gerrit::vhost_name") %>
|
||||||
|
ServerAdmin <%= scope.lookupvar("gerrit::serveradmin") %>
|
||||||
|
|
||||||
ErrorLog ${APACHE_LOG_DIR}/gerrit-ssl-error.log
|
ErrorLog ${APACHE_LOG_DIR}/gerrit-ssl-error.log
|
||||||
|
|
||||||
@ -41,7 +44,7 @@
|
|||||||
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
|
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
|
||||||
|
|
||||||
RewriteEngine on
|
RewriteEngine on
|
||||||
RewriteCond %{HTTP_HOST} !<%= scope.lookupvar("gerrit::virtual_hostname") %>
|
RewriteCond %{HTTP_HOST} !<%= scope.lookupvar("gerrit::vhost_name") %>
|
||||||
RewriteRule ^.*$ <%= scope.lookupvar("gerrit::canonicalweburl") %>
|
RewriteRule ^.*$ <%= scope.lookupvar("gerrit::canonicalweburl") %>
|
||||||
<% if scope.lookupvar("gerrit::replicate_local") -%>
|
<% if scope.lookupvar("gerrit::replicate_local") -%>
|
||||||
RewriteCond %{REQUEST_URI} !^/p/
|
RewriteCond %{REQUEST_URI} !^/p/
|
||||||
|
@ -3,7 +3,7 @@ class gerritbot(
|
|||||||
$password,
|
$password,
|
||||||
$server,
|
$server,
|
||||||
$user,
|
$user,
|
||||||
$virtual_hostname
|
$vhost_name
|
||||||
) {
|
) {
|
||||||
|
|
||||||
file { "/usr/local/gerrit/gerritbot":
|
file { "/usr/local/gerrit/gerritbot":
|
||||||
|
@ -9,5 +9,5 @@ lockfile=/var/run/gerritbot/gerritbot.pid
|
|||||||
[gerrit]
|
[gerrit]
|
||||||
user=<%= user %>
|
user=<%= user %>
|
||||||
key=/home/gerrit2/.ssh/gerritbot_rsa
|
key=/home/gerrit2/.ssh/gerritbot_rsa
|
||||||
host=<%= virtual_hostname %>
|
host=<%= vhost_name %>
|
||||||
port=29418
|
port=29418
|
||||||
|
@ -1,4 +1,6 @@
|
|||||||
class jenkins_master($site, $serveradmin, $logo,
|
class jenkins_master($vhost_name=$fqdn,
|
||||||
|
$serveradmin="webmaster@$fqdn",
|
||||||
|
$logo,
|
||||||
$ssl_cert_file='',
|
$ssl_cert_file='',
|
||||||
$ssl_key_file='',
|
$ssl_key_file='',
|
||||||
$ssl_chain_file=''
|
$ssl_chain_file=''
|
||||||
@ -6,6 +8,7 @@ class jenkins_master($site, $serveradmin, $logo,
|
|||||||
|
|
||||||
include pip
|
include pip
|
||||||
include apt
|
include apt
|
||||||
|
include apache
|
||||||
|
|
||||||
#This key is at http://pkg.jenkins-ci.org/debian/jenkins-ci.org.key
|
#This key is at http://pkg.jenkins-ci.org/debian/jenkins-ci.org.key
|
||||||
apt::key { "jenkins":
|
apt::key { "jenkins":
|
||||||
@ -22,74 +25,25 @@ class jenkins_master($site, $serveradmin, $logo,
|
|||||||
include_src => false,
|
include_src => false,
|
||||||
}
|
}
|
||||||
|
|
||||||
file { '/etc/apache2/sites-available/jenkins':
|
apache::vhost { $vhost_name:
|
||||||
owner => 'root',
|
port => 443,
|
||||||
group => 'root',
|
docroot => 'MEANINGLESS ARGUMENT',
|
||||||
mode => 444,
|
priority => '50',
|
||||||
ensure => 'present',
|
template => 'jenkins_master/jenkins.vhost.erb',
|
||||||
content => template("jenkins_master/jenkins.vhost.erb"),
|
ssl => true,
|
||||||
replace => 'true',
|
|
||||||
require => Package['apache2'],
|
|
||||||
}
|
}
|
||||||
|
a2mod { 'rewrite':
|
||||||
file { '/etc/apache2/sites-enabled/jenkins':
|
ensure => present
|
||||||
target => '/etc/apache2/sites-available/jenkins',
|
|
||||||
ensure => link,
|
|
||||||
require => [
|
|
||||||
File['/etc/apache2/sites-available/jenkins'],
|
|
||||||
File['/etc/apache2/mods-enabled/ssl.conf'],
|
|
||||||
File['/etc/apache2/mods-enabled/ssl.load'],
|
|
||||||
File['/etc/apache2/mods-enabled/rewrite.load'],
|
|
||||||
File['/etc/apache2/mods-enabled/proxy.conf'],
|
|
||||||
File['/etc/apache2/mods-enabled/proxy.load'],
|
|
||||||
File['/etc/apache2/mods-enabled/proxy_http.load'],
|
|
||||||
],
|
|
||||||
}
|
}
|
||||||
|
a2mod { 'proxy':
|
||||||
file { '/etc/apache2/sites-enabled/000-default':
|
ensure => present
|
||||||
require => File['/etc/apache2/sites-available/jenkins'],
|
|
||||||
ensure => absent,
|
|
||||||
}
|
}
|
||||||
|
a2mod { 'proxy_http':
|
||||||
file { '/etc/apache2/mods-enabled/ssl.conf':
|
ensure => present
|
||||||
target => '/etc/apache2/mods-available/ssl.conf',
|
|
||||||
ensure => link,
|
|
||||||
require => Package['apache2'],
|
|
||||||
}
|
|
||||||
|
|
||||||
file { '/etc/apache2/mods-enabled/ssl.load':
|
|
||||||
target => '/etc/apache2/mods-available/ssl.load',
|
|
||||||
ensure => link,
|
|
||||||
require => Package['apache2'],
|
|
||||||
}
|
|
||||||
|
|
||||||
file { '/etc/apache2/mods-enabled/rewrite.load':
|
|
||||||
target => '/etc/apache2/mods-available/rewrite.load',
|
|
||||||
ensure => link,
|
|
||||||
require => Package['apache2'],
|
|
||||||
}
|
|
||||||
|
|
||||||
file { '/etc/apache2/mods-enabled/proxy.conf':
|
|
||||||
target => '/etc/apache2/mods-available/proxy.conf',
|
|
||||||
ensure => link,
|
|
||||||
require => Package['apache2'],
|
|
||||||
}
|
|
||||||
|
|
||||||
file { '/etc/apache2/mods-enabled/proxy.load':
|
|
||||||
target => '/etc/apache2/mods-available/proxy.load',
|
|
||||||
ensure => link,
|
|
||||||
require => Package['apache2'],
|
|
||||||
}
|
|
||||||
|
|
||||||
file { '/etc/apache2/mods-enabled/proxy_http.load':
|
|
||||||
target => '/etc/apache2/mods-available/proxy_http.load',
|
|
||||||
ensure => link,
|
|
||||||
require => Package['apache2'],
|
|
||||||
}
|
}
|
||||||
|
|
||||||
$packages = [
|
$packages = [
|
||||||
"python-babel",
|
"python-babel",
|
||||||
"apache2",
|
|
||||||
"wget",
|
"wget",
|
||||||
]
|
]
|
||||||
|
|
||||||
@ -142,13 +96,6 @@ class jenkins_master($site, $serveradmin, $logo,
|
|||||||
command => "apt-get update",
|
command => "apt-get update",
|
||||||
}
|
}
|
||||||
|
|
||||||
exec { "gracefully restart apache":
|
|
||||||
subscribe => [ File["/etc/apache2/sites-available/jenkins"]],
|
|
||||||
refreshonly => true,
|
|
||||||
path => "/bin:/usr/bin:/usr/sbin",
|
|
||||||
command => "apache2ctl graceful",
|
|
||||||
}
|
|
||||||
|
|
||||||
file { "/var/lib/jenkins/plugins/simple-theme-plugin":
|
file { "/var/lib/jenkins/plugins/simple-theme-plugin":
|
||||||
ensure => directory,
|
ensure => directory,
|
||||||
owner => 'jenkins',
|
owner => 'jenkins',
|
||||||
|
@ -1,37 +1,32 @@
|
|||||||
<VirtualHost _default_:80>
|
<VirtualHost <%= scope.lookupvar("jenkins::vhost_name") %>:80>
|
||||||
ServerAdmin <%= serveradmin %>
|
ServerAdmin <%= scope.lookupvar("jenkins::serveradmin") %>
|
||||||
|
|
||||||
ErrorLog ${APACHE_LOG_DIR}/jenkins-error.log
|
ErrorLog ${APACHE_LOG_DIR}/jenkins-error.log
|
||||||
|
|
||||||
# Possible values include: debug, info, notice, warn, error, crit,
|
|
||||||
# alert, emerg.
|
|
||||||
LogLevel warn
|
LogLevel warn
|
||||||
|
|
||||||
CustomLog ${APACHE_LOG_DIR}/jenkins-access.log combined
|
CustomLog ${APACHE_LOG_DIR}/jenkins-access.log combined
|
||||||
|
|
||||||
Redirect / https://<%= site %>/
|
Redirect / https://<%= scope.lookupvar("jenkins::vhost_name") %>/
|
||||||
|
|
||||||
</VirtualHost>
|
</VirtualHost>
|
||||||
|
|
||||||
<VirtualHost _default_:443>
|
<VirtualHost <%= scope.lookupvar("jenkins::vhost_name") %>:443>
|
||||||
ServerAdmin <%= serveradmin %>
|
ServerName <%= scope.lookupvar("jenkins::vhost_name") %>
|
||||||
|
ServerAdmin <%= scope.lookupvar("jenkins::serveradmin") %>
|
||||||
|
|
||||||
ErrorLog ${APACHE_LOG_DIR}/jenkins-ssl-error.log
|
ErrorLog ${APACHE_LOG_DIR}/jenkins-ssl-error.log
|
||||||
|
|
||||||
# Possible values include: debug, info, notice, warn, error, crit,
|
|
||||||
# alert, emerg.
|
|
||||||
LogLevel warn
|
LogLevel warn
|
||||||
|
|
||||||
CustomLog ${APACHE_LOG_DIR}/jenkins-ssl-access.log combined
|
CustomLog ${APACHE_LOG_DIR}/jenkins-ssl-access.log combined
|
||||||
|
|
||||||
# SSL Engine Switch:
|
|
||||||
# Enable/Disable SSL for this virtual host.
|
|
||||||
SSLEngine on
|
SSLEngine on
|
||||||
|
|
||||||
SSLCertificateFile <%= ssl_cert_file %>
|
SSLCertificateFile <%= scope.lookupvar("jenkins::ssl_cert_file") %>
|
||||||
SSLCertificateKeyFile <%= ssl_key_file %>
|
SSLCertificateKeyFile <%= scope.lookupvar("jenkins::ssl_key_file") %>
|
||||||
<% if ssl_chain_file != "" %>
|
<% if scope.lookupvar("jenkins::ssl_chain_file") != "" %>
|
||||||
SSLCertificateChainFile <%= ssl_chain_file %>
|
SSLCertificateChainFile <%= scope.lookupvar("jenkins::ssl_chain_file") %>
|
||||||
<% end %>
|
<% end %>
|
||||||
|
|
||||||
BrowserMatch "MSIE [2-6]" \
|
BrowserMatch "MSIE [2-6]" \
|
||||||
@ -41,8 +36,8 @@
|
|||||||
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
|
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
|
||||||
|
|
||||||
RewriteEngine on
|
RewriteEngine on
|
||||||
RewriteCond %{HTTP_HOST} !<%= site %>
|
RewriteCond %{HTTP_HOST} !<%= scope.lookupvar("jenkins::vhost_name") %>
|
||||||
RewriteRule ^.*$ https://<%= site %>/
|
RewriteRule ^.*$ https://<%= scope.lookupvar("jenkins::vhost_name") %>/
|
||||||
|
|
||||||
RewriteRule /zuul/status http://127.0.0.1:8001/status [P]
|
RewriteRule /zuul/status http://127.0.0.1:8001/status [P]
|
||||||
|
|
||||||
|
@ -10,7 +10,7 @@ function makeDoubleDelegate(function1, function2) {
|
|||||||
function chgeLogo() {
|
function chgeLogo() {
|
||||||
var imgs=document.getElementsByTagName("img");
|
var imgs=document.getElementsByTagName("img");
|
||||||
var imgTag = document.createElement("img");
|
var imgTag = document.createElement("img");
|
||||||
imgTag.setAttribute("src","https://<%= site %>/plugin/simple-theme-plugin/title.png");
|
imgTag.setAttribute("src","https://<%= vhost_name %>/plugin/simple-theme-plugin/title.png");
|
||||||
imgTag.setAttribute("style", "vertical-align: middle;padding-left: 0.75em;");
|
imgTag.setAttribute("style", "vertical-align: middle;padding-left: 0.75em;");
|
||||||
imgs[0].parentNode.appendChild(imgTag);
|
imgs[0].parentNode.appendChild(imgTag);
|
||||||
var spanTag = document.createElement("span");
|
var spanTag = document.createElement("span");
|
||||||
|
@ -1,6 +1,5 @@
|
|||||||
class lodgeit {
|
class lodgeit {
|
||||||
$packages = [ "nginx",
|
$packages = [ "python-imaging",
|
||||||
"python-imaging",
|
|
||||||
"python-jinja2",
|
"python-jinja2",
|
||||||
"python-pybabel",
|
"python-pybabel",
|
||||||
"python-werkzeug",
|
"python-werkzeug",
|
||||||
@ -9,7 +8,15 @@ class lodgeit {
|
|||||||
"drizzle",
|
"drizzle",
|
||||||
"python-mysqldb" ]
|
"python-mysqldb" ]
|
||||||
|
|
||||||
|
include apache
|
||||||
|
|
||||||
include pip
|
include pip
|
||||||
|
a2mod { 'proxy':
|
||||||
|
ensure => present
|
||||||
|
}
|
||||||
|
a2mod { 'proxy_http':
|
||||||
|
ensure => present
|
||||||
|
}
|
||||||
|
|
||||||
package { $packages: ensure => present }
|
package { $packages: ensure => present }
|
||||||
|
|
||||||
|
@ -1,17 +1,11 @@
|
|||||||
define lodgeit::site($port, $image="") {
|
define lodgeit::site($vhost_name="paste.$name.org", $port, $image="") {
|
||||||
|
|
||||||
file { "/etc/nginx/sites-available/${name}":
|
include remove_nginx
|
||||||
ensure => 'present',
|
|
||||||
content => template("lodgeit/nginx.erb"),
|
|
||||||
replace => 'true',
|
|
||||||
require => Package[nginx],
|
|
||||||
notify => Service[nginx]
|
|
||||||
}
|
|
||||||
|
|
||||||
file { "/etc/nginx/sites-enabled/${name}":
|
apache::vhost::proxy { $vhost_name:
|
||||||
ensure => link,
|
port => 80,
|
||||||
target => "/etc/nginx/sites-available/${name}",
|
dest => "http://localhost:$port",
|
||||||
require => Package[nginx]
|
require => File["/srv/lodgeit/${name}"],
|
||||||
}
|
}
|
||||||
|
|
||||||
file { "/etc/init/${name}-paste.conf":
|
file { "/etc/init/${name}-paste.conf":
|
||||||
|
@ -1,10 +0,0 @@
|
|||||||
server {
|
|
||||||
listen 80;
|
|
||||||
server_name paste.<%= name %>.org;
|
|
||||||
root /srv/lodgeit/<%= name %>;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
proxy_pass http://localhost:<%= port %>/;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
@ -1,17 +1,19 @@
|
|||||||
class mailman($mailman_host='') {
|
class mailman($vhost_name=$fqdn) {
|
||||||
|
|
||||||
|
include apache
|
||||||
|
|
||||||
package { "mailman":
|
package { "mailman":
|
||||||
ensure => installed,
|
ensure => installed,
|
||||||
}
|
}
|
||||||
|
|
||||||
package { "apache2":
|
apache::vhost { $vhost_name:
|
||||||
ensure => installed,
|
port => 80,
|
||||||
|
docroot => "/var/www/",
|
||||||
|
priority => '50',
|
||||||
|
template => 'mailman/mailman.vhost.erb',
|
||||||
}
|
}
|
||||||
|
a2mod { 'rewrite':
|
||||||
file { '/etc/apache2/mods-enabled/rewrite.load':
|
ensure => present
|
||||||
target => '/etc/apache2/mods-available/rewrite.load',
|
|
||||||
ensure => link,
|
|
||||||
require => Package['apache2'],
|
|
||||||
}
|
}
|
||||||
|
|
||||||
file { "/var/www/index.html":
|
file { "/var/www/index.html":
|
||||||
@ -34,37 +36,6 @@ class mailman($mailman_host='') {
|
|||||||
require => Package["mailman"]
|
require => Package["mailman"]
|
||||||
}
|
}
|
||||||
|
|
||||||
file { "/etc/apache2/sites-available/mailman":
|
|
||||||
content => template('mailman/mailman.vhost.erb'),
|
|
||||||
owner => 'root',
|
|
||||||
group => 'root',
|
|
||||||
ensure => 'present',
|
|
||||||
replace => 'true',
|
|
||||||
mode => 444,
|
|
||||||
require => Package["apache2"],
|
|
||||||
}
|
|
||||||
|
|
||||||
file { "/etc/apache2/sites-enabled/mailman":
|
|
||||||
ensure => link,
|
|
||||||
target => '/etc/apache2/sites-available/mailman',
|
|
||||||
require => [
|
|
||||||
File['/etc/apache2/sites-available/mailman'],
|
|
||||||
File['/etc/apache2/mods-enabled/rewrite.load'],
|
|
||||||
],
|
|
||||||
}
|
|
||||||
|
|
||||||
file { '/etc/apache2/sites-enabled/000-default':
|
|
||||||
require => File['/etc/apache2/sites-available/mailman'],
|
|
||||||
ensure => absent,
|
|
||||||
}
|
|
||||||
|
|
||||||
exec { "gracefully restart apache":
|
|
||||||
subscribe => [ File["/etc/apache2/sites-available/mailman"]],
|
|
||||||
refreshonly => true,
|
|
||||||
path => "/bin:/usr/bin:/usr/sbin",
|
|
||||||
command => "apache2ctl graceful",
|
|
||||||
}
|
|
||||||
|
|
||||||
service { 'mailman':
|
service { 'mailman':
|
||||||
ensure => running,
|
ensure => running,
|
||||||
hasrestart => true,
|
hasrestart => true,
|
||||||
@ -73,13 +44,6 @@ class mailman($mailman_host='') {
|
|||||||
require => Package["mailman"]
|
require => Package["mailman"]
|
||||||
}
|
}
|
||||||
|
|
||||||
service { 'apache2':
|
|
||||||
ensure => running,
|
|
||||||
hasrestart => true,
|
|
||||||
subscribe => File["/etc/apache2/sites-available/mailman"],
|
|
||||||
require => Package["apache2"]
|
|
||||||
}
|
|
||||||
|
|
||||||
file { '/etc/mailman/en':
|
file { '/etc/mailman/en':
|
||||||
owner => 'root',
|
owner => 'root',
|
||||||
group => 'list',
|
group => 'list',
|
||||||
|
@ -1,13 +1,13 @@
|
|||||||
<VirtualHost *:80>
|
<VirtualHost *:80>
|
||||||
ServerName <%= mailman_host %>
|
ServerName <%= scope.lookupvar("mailman::vhost_name") %>
|
||||||
|
|
||||||
ErrorLog ${APACHE_LOG_DIR}/mailman-error.log
|
ErrorLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("mailman::vhost_name") %>-error.log
|
||||||
|
|
||||||
# Possible values include: debug, info, notice, warn, error, crit,
|
# Possible values include: debug, info, notice, warn, error, crit,
|
||||||
# alert, emerg.
|
# alert, emerg.
|
||||||
LogLevel warn
|
LogLevel warn
|
||||||
|
|
||||||
CustomLog ${APACHE_LOG_DIR}/mailman-access.log combined
|
CustomLog ${APACHE_LOG_DIR}/<%= scope.lookupvar("mailman::vhost_name") %>-access.log combined
|
||||||
|
|
||||||
DocumentRoot /var/www
|
DocumentRoot /var/www
|
||||||
|
|
||||||
|
@ -1,5 +1,7 @@
|
|||||||
class meetbot {
|
class meetbot {
|
||||||
|
|
||||||
|
include apache
|
||||||
|
|
||||||
vcsrepo { "/opt/meetbot":
|
vcsrepo { "/opt/meetbot":
|
||||||
ensure => latest,
|
ensure => latest,
|
||||||
provider => git,
|
provider => git,
|
||||||
|
@ -1,17 +1,11 @@
|
|||||||
define meetbot::site($nick, $nickpass, $network, $server, $url=$fqdn, $channels, $use_ssl) {
|
define meetbot::site($nick, $nickpass, $network, $server, $vhost_name=$fqdn, $channels, $use_ssl) {
|
||||||
|
|
||||||
file { "/etc/nginx/sites-available/${name}-meetbot":
|
include remove_nginx
|
||||||
ensure => 'present',
|
|
||||||
content => template("meetbot/nginx.erb"),
|
|
||||||
replace => 'true',
|
|
||||||
require => Package[nginx],
|
|
||||||
notify => Service[nginx]
|
|
||||||
}
|
|
||||||
|
|
||||||
file { "/etc/nginx/sites-enabled/${name}-meetbot":
|
apache::vhost { $vhost_name:
|
||||||
ensure => link,
|
port => 80,
|
||||||
target => "/etc/nginx/sites-available/${name}-meetbot",
|
docroot => "/srv/meetbot-$name",
|
||||||
require => Package[nginx]
|
priority => '50',
|
||||||
}
|
}
|
||||||
|
|
||||||
file { "/var/lib/meetbot/${name}":
|
file { "/var/lib/meetbot/${name}":
|
||||||
|
@ -1,19 +0,0 @@
|
|||||||
server {
|
|
||||||
listen 80;
|
|
||||||
server_name <%= url %>;
|
|
||||||
root /srv/meetbot-<%= name %>;
|
|
||||||
|
|
||||||
types {
|
|
||||||
text/plain log;
|
|
||||||
text/plain txt;
|
|
||||||
text/html html;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /meetings {
|
|
||||||
autoindex on;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /irclogs {
|
|
||||||
autoindex on;
|
|
||||||
}
|
|
||||||
}
|
|
@ -7,7 +7,7 @@ class openstack_project::etherpad(
|
|||||||
}
|
}
|
||||||
|
|
||||||
include etherpad_lite
|
include etherpad_lite
|
||||||
class { 'etherpad_lite::nginx':
|
class { 'etherpad_lite::apache':
|
||||||
etherpad_crt => $etherpad_crt,
|
etherpad_crt => $etherpad_crt,
|
||||||
etherpad_key => $etherpad_key,
|
etherpad_key => $etherpad_key,
|
||||||
}
|
}
|
||||||
|
@ -4,8 +4,9 @@
|
|||||||
# TODO: launchpadlib creds for user sync script
|
# TODO: launchpadlib creds for user sync script
|
||||||
|
|
||||||
class openstack_project::gerrit (
|
class openstack_project::gerrit (
|
||||||
$virtual_hostname=$fqdn,
|
$vhost_name=$fqdn,
|
||||||
$canonicalweburl="https://$fqdn/",
|
$canonicalweburl="https://$fqdn/",
|
||||||
|
$serveradmin='webmaster@openstack.org',
|
||||||
$ssl_cert_file='',
|
$ssl_cert_file='',
|
||||||
$ssl_key_file='',
|
$ssl_key_file='',
|
||||||
$ssl_chain_file='',
|
$ssl_chain_file='',
|
||||||
@ -36,7 +37,7 @@ class openstack_project::gerrit (
|
|||||||
}
|
}
|
||||||
|
|
||||||
class { '::gerrit':
|
class { '::gerrit':
|
||||||
virtual_hostname => $virtual_hostname,
|
vhost_name => $vhost_name,
|
||||||
canonicalweburl => $canonicalweburl,
|
canonicalweburl => $canonicalweburl,
|
||||||
# opinions
|
# opinions
|
||||||
enable_melody => 'true',
|
enable_melody => 'true',
|
||||||
|
@ -8,7 +8,7 @@ class openstack_project::jenkins_dev {
|
|||||||
backup_server => 'ci-backup-rs-ord.openstack.org'
|
backup_server => 'ci-backup-rs-ord.openstack.org'
|
||||||
}
|
}
|
||||||
class { 'jenkins_master':
|
class { 'jenkins_master':
|
||||||
site => 'jenkins-dev.openstack.org',
|
vhost_name => 'jenkins-dev.openstack.org',
|
||||||
serveradmin => 'webmaster@openstack.org',
|
serveradmin => 'webmaster@openstack.org',
|
||||||
logo => 'openstack.png',
|
logo => 'openstack.png',
|
||||||
ssl_cert_file => '/etc/ssl/certs/ssl-cert-snakeoil.pem',
|
ssl_cert_file => '/etc/ssl/certs/ssl-cert-snakeoil.pem',
|
||||||
|
@ -14,7 +14,6 @@ class openstack_project::pypi {
|
|||||||
}
|
}
|
||||||
|
|
||||||
class { "pypimirror":
|
class { "pypimirror":
|
||||||
base_url => "http://pypi.openstack.org",
|
|
||||||
projects => $openstack_project::project_list,
|
projects => $openstack_project::project_list,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -58,7 +58,7 @@ class openstack_project::review(
|
|||||||
password => $gerritbot_password,
|
password => $gerritbot_password,
|
||||||
server => 'irc.freenode.net',
|
server => 'irc.freenode.net',
|
||||||
user => 'gerritbot',
|
user => 'gerritbot',
|
||||||
virtual_hostname => $fqdn
|
vhost_name => $fqdn
|
||||||
}
|
}
|
||||||
include gerrit::remotes
|
include gerrit::remotes
|
||||||
}
|
}
|
||||||
|
@ -4,7 +4,7 @@ class openstack_project::review_dev(
|
|||||||
$mysql_root_password,
|
$mysql_root_password,
|
||||||
$email_private_key) {
|
$email_private_key) {
|
||||||
class { 'openstack_project::gerrit':
|
class { 'openstack_project::gerrit':
|
||||||
virtual_hostname => 'review-dev.openstack.org',
|
vhost_name => 'review-dev.openstack.org',
|
||||||
canonicalweburl => "https://review-dev.openstack.org/",
|
canonicalweburl => "https://review-dev.openstack.org/",
|
||||||
ssl_cert_file => '/etc/ssl/certs/ssl-cert-snakeoil.pem',
|
ssl_cert_file => '/etc/ssl/certs/ssl-cert-snakeoil.pem',
|
||||||
ssl_key_file => '/etc/ssl/private/ssl-cert-snakeoil.key',
|
ssl_key_file => '/etc/ssl/private/ssl-cert-snakeoil.key',
|
||||||
|
@ -4,10 +4,6 @@ class planet {
|
|||||||
ensure => present
|
ensure => present
|
||||||
}
|
}
|
||||||
|
|
||||||
package { 'nginx':
|
|
||||||
ensure => present
|
|
||||||
}
|
|
||||||
|
|
||||||
file { '/srv/planet':
|
file { '/srv/planet':
|
||||||
ensure => directory
|
ensure => directory
|
||||||
}
|
}
|
||||||
@ -20,9 +16,4 @@ class planet {
|
|||||||
ensure => directory
|
ensure => directory
|
||||||
}
|
}
|
||||||
|
|
||||||
service { "nginx":
|
|
||||||
ensure => running,
|
|
||||||
hasrestart => true
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -1,17 +1,13 @@
|
|||||||
define planet::site($git_url) {
|
define planet::site($git_url, $vhost_name="planet.${name}.org") {
|
||||||
|
|
||||||
file { "/etc/nginx/sites-available/planet-${name}":
|
include apache
|
||||||
ensure => present,
|
include remove_nginx
|
||||||
content => template("planet/nginx.erb"),
|
|
||||||
replace => true,
|
|
||||||
require => Package[nginx],
|
|
||||||
notify => Service[nginx]
|
|
||||||
}
|
|
||||||
|
|
||||||
file { "/etc/nginx/sites-enabled/planet-${name}":
|
apache::vhost { $vhost_name:
|
||||||
ensure => link,
|
port => 80,
|
||||||
target => "/etc/nginx/sites-available/planet-${name}",
|
priority => '50',
|
||||||
require => Package[nginx],
|
docroot => "/srv/planet/${name}",
|
||||||
|
require => File["/srv/planet"],
|
||||||
}
|
}
|
||||||
|
|
||||||
vcsrepo { "/var/lib/planet/${name}":
|
vcsrepo { "/var/lib/planet/${name}":
|
||||||
|
@ -1,5 +0,0 @@
|
|||||||
server {
|
|
||||||
listen 80;
|
|
||||||
server_name planet.<%= name %>.org;
|
|
||||||
root /srv/planet/<%= name %>;
|
|
||||||
}
|
|
@ -1,4 +1,4 @@
|
|||||||
class pypimirror ( $base_url,
|
class pypimirror ( $vhost_name = $fqdn,
|
||||||
$log_filename = "/var/log/pypimirror.log",
|
$log_filename = "/var/log/pypimirror.log",
|
||||||
$mirror_file_path = "/var/lib/pypimirror",
|
$mirror_file_path = "/var/lib/pypimirror",
|
||||||
$pip_download = "/var/lib/pip-download",
|
$pip_download = "/var/lib/pip-download",
|
||||||
@ -7,16 +7,14 @@ class pypimirror ( $base_url,
|
|||||||
$projects = [] )
|
$projects = [] )
|
||||||
{
|
{
|
||||||
|
|
||||||
|
include apache
|
||||||
include pip
|
include pip
|
||||||
|
include remove_nginx
|
||||||
|
|
||||||
package { 'python-yaml':
|
package { 'python-yaml':
|
||||||
ensure => 'present'
|
ensure => 'present'
|
||||||
}
|
}
|
||||||
|
|
||||||
package { 'nginx':
|
|
||||||
ensure => present,
|
|
||||||
}
|
|
||||||
|
|
||||||
package { 'pip':
|
package { 'pip':
|
||||||
ensure => present,
|
ensure => present,
|
||||||
provider => 'pip',
|
provider => 'pip',
|
||||||
@ -112,20 +110,9 @@ class pypimirror ( $base_url,
|
|||||||
require => Cron["update_mirror"],
|
require => Cron["update_mirror"],
|
||||||
}
|
}
|
||||||
|
|
||||||
# Setup the web server
|
apache::vhost { $vhost_name:
|
||||||
|
port => 80,
|
||||||
service { "nginx":
|
docroot => $mirror_file_path,
|
||||||
ensure => running,
|
priority => 50,
|
||||||
hasrestart => true
|
|
||||||
}
|
|
||||||
|
|
||||||
file { "/etc/nginx/sites-available/default":
|
|
||||||
ensure => present,
|
|
||||||
content => template('pypimirror/nginx_default.erb'),
|
|
||||||
replace => true,
|
|
||||||
owner => "root",
|
|
||||||
group => "root",
|
|
||||||
require => Package["nginx"],
|
|
||||||
notify => Service["nginx"],
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -1,9 +0,0 @@
|
|||||||
server {
|
|
||||||
listen 80;
|
|
||||||
|
|
||||||
index index.html index.htm;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
root <%= mirror_file_path %>;
|
|
||||||
}
|
|
||||||
}
|
|
8
modules/remove_nginx/manifests/init.pp
Normal file
8
modules/remove_nginx/manifests/init.pp
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
class remove_nginx {
|
||||||
|
package { 'nginx':
|
||||||
|
ensure => absent,
|
||||||
|
}
|
||||||
|
file { "/etc/nginx/sites-available/default":
|
||||||
|
ensure => absent,
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user