Make a new dockerized etherpad.opendev.org
Upstream likes building the settings file into the image, but that's less exciting, let's bind-mount ours in. Depends-On: https://review.opendev.org/717491/ Change-Id: Ia1894d884ef2a84e1282345b77fe07bf8898f367
This commit is contained in:
parent
c98efecdea
commit
b23515c623
42
.zuul.yaml
42
.zuul.yaml
@ -1213,6 +1213,29 @@
|
|||||||
- playbooks/roles/registry/
|
- playbooks/roles/registry/
|
||||||
- testinfra/test_registry.py
|
- testinfra/test_registry.py
|
||||||
|
|
||||||
|
- job:
|
||||||
|
name: system-config-run-etherpad
|
||||||
|
parent: system-config-run
|
||||||
|
description: |
|
||||||
|
Run the playbook for the etherpad servers.
|
||||||
|
timeout: 3600
|
||||||
|
nodeset:
|
||||||
|
nodes:
|
||||||
|
- name: bridge.openstack.org
|
||||||
|
label: ubuntu-bionic
|
||||||
|
- name: etherpad01.opendev.org
|
||||||
|
label: ubuntu-bionic
|
||||||
|
vars:
|
||||||
|
run_playbooks:
|
||||||
|
- playbooks/service-letsencrypt.yaml
|
||||||
|
- playbooks/service-etherpad.yaml
|
||||||
|
files:
|
||||||
|
- playbooks/bridge.yaml
|
||||||
|
- playbooks/service-letsencrypt.yaml
|
||||||
|
- playbooks/service-etherpad.yaml
|
||||||
|
- playbooks/roles/etherpad/.*
|
||||||
|
- docker/etherpad/.*
|
||||||
|
|
||||||
- job:
|
- job:
|
||||||
name: system-config-run-gitea
|
name: system-config-run-gitea
|
||||||
parent: system-config-run-containers
|
parent: system-config-run-containers
|
||||||
@ -1593,6 +1616,21 @@
|
|||||||
- playbooks/roles/nodepool-.*
|
- playbooks/roles/nodepool-.*
|
||||||
- playbooks/templates/clouds/nodepool_.*
|
- playbooks/templates/clouds/nodepool_.*
|
||||||
|
|
||||||
|
- job:
|
||||||
|
name: infra-prod-service-etherpad
|
||||||
|
parent: infra-prod-service-base
|
||||||
|
description: Run service-etherpad.yaml playbook
|
||||||
|
vars:
|
||||||
|
playbook_name: service-etherpad.yaml
|
||||||
|
files:
|
||||||
|
- inventory/.*
|
||||||
|
- playbooks/service-etherpad.yaml
|
||||||
|
- playbooks/host_vars/etherpad01.opendev.org.yaml
|
||||||
|
- playbooks/group_vars/etherpad.*
|
||||||
|
- playbooks/roles/install-docker/.*
|
||||||
|
- playbooks/roles/etherpad.*
|
||||||
|
- playbooks/roles/logrotate.*
|
||||||
|
|
||||||
- job:
|
- job:
|
||||||
name: infra-prod-service-meetpad
|
name: infra-prod-service-meetpad
|
||||||
parent: infra-prod-service-base
|
parent: infra-prod-service-base
|
||||||
@ -1908,6 +1946,7 @@
|
|||||||
- system-config-run-mirror-update
|
- system-config-run-mirror-update
|
||||||
- system-config-run-static
|
- system-config-run-static
|
||||||
- system-config-run-docker-registry
|
- system-config-run-docker-registry
|
||||||
|
- system-config-run-etherpad
|
||||||
- system-config-run-gitea:
|
- system-config-run-gitea:
|
||||||
dependencies:
|
dependencies:
|
||||||
- name: opendev-buildset-registry
|
- name: opendev-buildset-registry
|
||||||
@ -1965,6 +2004,7 @@
|
|||||||
- system-config-run-mirror-update
|
- system-config-run-mirror-update
|
||||||
- system-config-run-static
|
- system-config-run-static
|
||||||
- system-config-run-docker-registry
|
- system-config-run-docker-registry
|
||||||
|
- system-config-run-etherpad
|
||||||
- system-config-run-gitea:
|
- system-config-run-gitea:
|
||||||
dependencies:
|
dependencies:
|
||||||
- name: opendev-buildset-registry
|
- name: opendev-buildset-registry
|
||||||
@ -2035,6 +2075,7 @@
|
|||||||
- infra-prod-service-gitea-lb
|
- infra-prod-service-gitea-lb
|
||||||
- infra-prod-service-nameserver
|
- infra-prod-service-nameserver
|
||||||
- infra-prod-service-nodepool
|
- infra-prod-service-nodepool
|
||||||
|
- infra-prod-service-etherpad
|
||||||
- infra-prod-service-meetpad
|
- infra-prod-service-meetpad
|
||||||
- infra-prod-service-mirror-update
|
- infra-prod-service-mirror-update
|
||||||
- infra-prod-service-mirror
|
- infra-prod-service-mirror
|
||||||
@ -2062,6 +2103,7 @@
|
|||||||
- infra-prod-service-gitea-lb
|
- infra-prod-service-gitea-lb
|
||||||
- infra-prod-service-nameserver
|
- infra-prod-service-nameserver
|
||||||
- infra-prod-service-nodepool
|
- infra-prod-service-nodepool
|
||||||
|
- infra-prod-service-etherpad
|
||||||
- infra-prod-service-meetpad
|
- infra-prod-service-meetpad
|
||||||
- infra-prod-service-mirror-update
|
- infra-prod-service-mirror-update
|
||||||
- infra-prod-service-mirror
|
- infra-prod-service-mirror
|
||||||
|
@ -63,6 +63,7 @@ groups:
|
|||||||
kubernetes:
|
kubernetes:
|
||||||
- opendev-k8s*.opendev.org
|
- opendev-k8s*.opendev.org
|
||||||
letsencrypt:
|
letsencrypt:
|
||||||
|
- etherpad[0-9]*.opendev.org
|
||||||
- gitea[0-9]*.opendev.org
|
- gitea[0-9]*.opendev.org
|
||||||
- graphite01.opendev.org
|
- graphite01.opendev.org
|
||||||
- insecure-ci-registry[0-9]*.opendev.org
|
- insecure-ci-registry[0-9]*.opendev.org
|
||||||
@ -121,8 +122,8 @@ groups:
|
|||||||
- eavesdrop[0-9]*.open*.org
|
- eavesdrop[0-9]*.open*.org
|
||||||
- elasticsearch[0-9]*.open*.org
|
- elasticsearch[0-9]*.open*.org
|
||||||
- ethercalc[0-9]*.open*.org
|
- ethercalc[0-9]*.open*.org
|
||||||
|
- etherpad[0-9]*.openstack.org
|
||||||
- etherpad-dev[0-9]*.open*.org
|
- etherpad-dev[0-9]*.open*.org
|
||||||
- etherpad[0-9]*.open*.org
|
|
||||||
- firehose[0-9]*.open*.org
|
- firehose[0-9]*.open*.org
|
||||||
- grafana[0-9]*.open*.org
|
- grafana[0-9]*.open*.org
|
||||||
- graphite*.open*.org
|
- graphite*.open*.org
|
||||||
@ -166,7 +167,7 @@ groups:
|
|||||||
- eavesdrop[0-9]*.open*.org
|
- eavesdrop[0-9]*.open*.org
|
||||||
- elasticsearch[0-9]*.open*.org
|
- elasticsearch[0-9]*.open*.org
|
||||||
- ethercalc[0-9]*.open*.org
|
- ethercalc[0-9]*.open*.org
|
||||||
- etherpad[0-9]*.open*.org
|
- etherpad[0-9]*.openstack.org
|
||||||
- etherpad-dev[0-9]*.open*.org
|
- etherpad-dev[0-9]*.open*.org
|
||||||
- firehose[0-9]*.open*.org
|
- firehose[0-9]*.open*.org
|
||||||
- grafana[0-9]*.open*.org
|
- grafana[0-9]*.open*.org
|
||||||
|
@ -147,6 +147,13 @@ all:
|
|||||||
region_name: DFW
|
region_name: DFW
|
||||||
public_v4: 23.253.253.164
|
public_v4: 23.253.253.164
|
||||||
public_v6: 2001:4800:7817:104:be76:4eff:fe04:66e1
|
public_v6: 2001:4800:7817:104:be76:4eff:fe04:66e1
|
||||||
|
etherpad01.opendev.org:
|
||||||
|
ansible_host: 2001:4800:7818:104:be76:4eff:fe02:b0ff
|
||||||
|
location:
|
||||||
|
cloud: openstackci-rax
|
||||||
|
region_name: DFW
|
||||||
|
public_v4: 104.130.124.120
|
||||||
|
public_v6: 2001:4800:7818:104:be76:4eff:fe02:b0ff
|
||||||
etherpad01.openstack.org:
|
etherpad01.openstack.org:
|
||||||
ansible_host: 2001:4800:7817:104:be76:4eff:fe04:8f0c
|
ansible_host: 2001:4800:7817:104:be76:4eff:fe04:8f0c
|
||||||
location:
|
location:
|
||||||
|
7
playbooks/host_vars/etherpad01.opendev.org.yaml
Normal file
7
playbooks/host_vars/etherpad01.opendev.org.yaml
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
etherpad_vhost_name: etherpad.opendev.org
|
||||||
|
letsencrypt_certs:
|
||||||
|
etherpad01-opendev-org-main:
|
||||||
|
- etherpad.opendev.org
|
||||||
|
- etherpad01.opendev.org
|
||||||
|
- etherpad.openstack.org
|
||||||
|
etherpad_redirect_vhost: etherpad.openstack.org
|
1
playbooks/roles/etherpad/README.rst
Normal file
1
playbooks/roles/etherpad/README.rst
Normal file
@ -0,0 +1 @@
|
|||||||
|
Run an Etherpad server.
|
2
playbooks/roles/etherpad/defaults/main.yaml
Normal file
2
playbooks/roles/etherpad/defaults/main.yaml
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
etherpad_db_user: username
|
||||||
|
etherpad_title: OpenDev Etherpad
|
15
playbooks/roles/etherpad/files/my.cnf
Normal file
15
playbooks/roles/etherpad/files/my.cnf
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
[client]
|
||||||
|
# Default is Latin1, if you need UTF-8 set this (also in server section)
|
||||||
|
default-character-set = utf8
|
||||||
|
|
||||||
|
[mysqld]
|
||||||
|
wait_timeout = 28800
|
||||||
|
#
|
||||||
|
# * Character sets
|
||||||
|
#
|
||||||
|
# Default is Latin1, if you need UTF-8 set all this (also in client section)
|
||||||
|
#
|
||||||
|
character-set-server = utf8
|
||||||
|
collation-server = utf8_bin
|
||||||
|
character_set_server = utf8
|
||||||
|
collation_server = utf8_bin
|
2
playbooks/roles/etherpad/files/robots.txt
Normal file
2
playbooks/roles/etherpad/files/robots.txt
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
User-agent: *
|
||||||
|
Disallow: /
|
4
playbooks/roles/etherpad/handlers/main.yaml
Normal file
4
playbooks/roles/etherpad/handlers/main.yaml
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
- name: etherpad Reload apache2
|
||||||
|
service:
|
||||||
|
name: apache2
|
||||||
|
state: reloaded
|
123
playbooks/roles/etherpad/tasks/main.yaml
Normal file
123
playbooks/roles/etherpad/tasks/main.yaml
Normal file
@ -0,0 +1,123 @@
|
|||||||
|
- name: Ensure docker-compose directory exists
|
||||||
|
file:
|
||||||
|
state: directory
|
||||||
|
path: /etc/etherpad-docker
|
||||||
|
|
||||||
|
- name: Write settings file
|
||||||
|
template:
|
||||||
|
src: docker-compose.yaml.j2
|
||||||
|
dest: /etc/etherpad-docker/docker-compose.yaml
|
||||||
|
|
||||||
|
- name: Ensure database volume exists
|
||||||
|
file:
|
||||||
|
state: directory
|
||||||
|
path: /var/etherpad/db
|
||||||
|
|
||||||
|
- name: Ensure config directory exists
|
||||||
|
file:
|
||||||
|
state: directory
|
||||||
|
path: /etc/etherpad
|
||||||
|
|
||||||
|
- name: Ensure db config directory exists
|
||||||
|
file:
|
||||||
|
state: directory
|
||||||
|
path: /etc/etherpad/mysql
|
||||||
|
|
||||||
|
- name: Install database config settings
|
||||||
|
copy:
|
||||||
|
src: my.cnf
|
||||||
|
dest: /etc/etherpad/mysql/my.cnf
|
||||||
|
|
||||||
|
- name: Install robots.txt
|
||||||
|
copy:
|
||||||
|
src: robots.txt
|
||||||
|
dest: /var/etherpad/robots.txt
|
||||||
|
|
||||||
|
- name: Install apache2
|
||||||
|
apt:
|
||||||
|
name:
|
||||||
|
- apache2
|
||||||
|
- apache2-utils
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Apache modules
|
||||||
|
apache2_module:
|
||||||
|
state: present
|
||||||
|
name: "{{ item }}"
|
||||||
|
loop:
|
||||||
|
- rewrite
|
||||||
|
- proxy
|
||||||
|
- proxy_http
|
||||||
|
- ssl
|
||||||
|
- headers
|
||||||
|
- proxy_wstunnel
|
||||||
|
|
||||||
|
- name: Copy apache config
|
||||||
|
template:
|
||||||
|
src: etherpad.vhost.j2
|
||||||
|
dest: /etc/apache2/sites-enabled/000-default.conf
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
notify: etherpad Reload apache2
|
||||||
|
|
||||||
|
- name: Copy redirect config
|
||||||
|
template:
|
||||||
|
src: redirect.vhost.j2
|
||||||
|
dest: "/etc/apache2/sites-enabled/010-{{ etherpad_redirect_vhost }}.conf"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
when: etherpad_redirect_vhost is defined
|
||||||
|
notify: etherpad Reload apache2
|
||||||
|
|
||||||
|
- name: Write settings file
|
||||||
|
template:
|
||||||
|
src: settings.json.j2
|
||||||
|
dest: /etc/etherpad/settings.json
|
||||||
|
|
||||||
|
- name: Install docker-compose
|
||||||
|
package:
|
||||||
|
name:
|
||||||
|
- docker-compose
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Run docker-compose pull
|
||||||
|
shell:
|
||||||
|
cmd: docker-compose pull
|
||||||
|
chdir: /etc/etherpad-docker/
|
||||||
|
|
||||||
|
- name: Run docker-compose up
|
||||||
|
shell:
|
||||||
|
cmd: docker-compose up -d
|
||||||
|
chdir: /etc/etherpad-docker/
|
||||||
|
|
||||||
|
- name: Run docker prune to cleanup unneeded images
|
||||||
|
shell:
|
||||||
|
cmd: docker image prune -f
|
||||||
|
|
||||||
|
- name: Create db backup dest
|
||||||
|
file:
|
||||||
|
state: directory
|
||||||
|
path: /var/backups/etherpad-mariadb
|
||||||
|
mode: 0700
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
|
||||||
|
- name: Set up cron job to backup the database
|
||||||
|
cron:
|
||||||
|
name: etherpad-db-backup
|
||||||
|
state: present
|
||||||
|
user: root
|
||||||
|
job: >
|
||||||
|
/usr/bin/docker-compose -f /etc/etherpad-docker/docker-compose.yaml exec -T mariadb
|
||||||
|
bash -c '/usr/bin/mysqldump --opt --databases etherpad-lite --single-transaction -uroot -p"$MYSQL_ROOT_PASSWORD"' |
|
||||||
|
gzip -9 > /var/backups/etherpad-mariadb/etherpad-mariadb.sql.gz
|
||||||
|
minute: 42
|
||||||
|
hour: 4
|
||||||
|
|
||||||
|
- name: Rotate db backups
|
||||||
|
include_role:
|
||||||
|
name: logrotate
|
||||||
|
vars:
|
||||||
|
logrotate_file_name: /var/backups/etherpad-mariadb/etherpad-mariadb.sql.gz
|
23
playbooks/roles/etherpad/templates/docker-compose.yaml.j2
Normal file
23
playbooks/roles/etherpad/templates/docker-compose.yaml.j2
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
# Version 2 is the latest that is supported by docker-compose in
|
||||||
|
# Ubuntu Xenial.
|
||||||
|
version: '2'
|
||||||
|
|
||||||
|
services:
|
||||||
|
mariadb:
|
||||||
|
image: docker.io/library/mariadb:10.4
|
||||||
|
network_mode: host
|
||||||
|
restart: always
|
||||||
|
environment:
|
||||||
|
MYSQL_ROOT_PASSWORD: "{{ etherpad_db_root_password }}"
|
||||||
|
MYSQL_DATABASE: etherpad-lite
|
||||||
|
MYSQL_USER: "{{ etherpad_db_user }}"
|
||||||
|
MYSQL_PASSWORD: "{{ etherpad_db_password }}"
|
||||||
|
volumes:
|
||||||
|
- /var/etherpad/db:/var/lib/mysql
|
||||||
|
- /etc/etherpad/mysql:/etc/mysql/conf.d
|
||||||
|
etherpad:
|
||||||
|
restart: always
|
||||||
|
image: docker.io/etherpad/etherpad:1.8.0
|
||||||
|
network_mode: host
|
||||||
|
volumes:
|
||||||
|
- /etc/etherpad/settings.json:/opt/etherpad-lite/settings.json
|
99
playbooks/roles/etherpad/templates/etherpad.vhost.j2
Normal file
99
playbooks/roles/etherpad/templates/etherpad.vhost.j2
Normal file
@ -0,0 +1,99 @@
|
|||||||
|
<VirtualHost *:80>
|
||||||
|
ServerName {{ etherpad_vhost_name }}
|
||||||
|
ServerAdmin webmaster@openstack.org
|
||||||
|
|
||||||
|
ErrorLog ${APACHE_LOG_DIR}/gerrit-error.log
|
||||||
|
|
||||||
|
LogLevel warn
|
||||||
|
|
||||||
|
CustomLog ${APACHE_LOG_DIR}/gerrit-access.log combined
|
||||||
|
|
||||||
|
Redirect / https://{{ etherpad_vhost_name }}/
|
||||||
|
|
||||||
|
</VirtualHost>
|
||||||
|
|
||||||
|
<IfModule mod_ssl.c>
|
||||||
|
<VirtualHost *:443>
|
||||||
|
ServerName {{ etherpad_vhost_name }}
|
||||||
|
ServerAdmin webmaster@openstack.org
|
||||||
|
|
||||||
|
AllowEncodedSlashes On
|
||||||
|
|
||||||
|
ErrorLog ${APACHE_LOG_DIR}/etherpad-ssl-error.log
|
||||||
|
|
||||||
|
LogLevel warn
|
||||||
|
|
||||||
|
CustomLog ${APACHE_LOG_DIR}/etherpad-ssl-access.log combined
|
||||||
|
|
||||||
|
SSLEngine on
|
||||||
|
SSLProtocol All -SSLv2 -SSLv3
|
||||||
|
# Note: this list should ensure ciphers that provide forward secrecy
|
||||||
|
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
|
||||||
|
SSLHonorCipherOrder on
|
||||||
|
|
||||||
|
SSLCertificateFile /etc/letsencrypt-certs/{{ etherpad_vhost_name }}/{{ etherpad_vhost_name }}.cer
|
||||||
|
SSLCertificateKeyFile /etc/letsencrypt-certs/{{ etherpad_vhost_name }}/{{ etherpad_vhost_name }}.key
|
||||||
|
SSLCertificateChainFile /etc/letsencrypt-certs/{{ etherpad_vhost_name }}/ca.cer
|
||||||
|
|
||||||
|
BrowserMatch "MSIE [2-6]" \
|
||||||
|
nokeepalive ssl-unclean-shutdown \
|
||||||
|
downgrade-1.0 force-response-1.0
|
||||||
|
# MSIE 7 and newer should be able to use keepalive
|
||||||
|
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
|
||||||
|
|
||||||
|
<IfModule mod_proxy.c>
|
||||||
|
# The following redirects "nice" urls such as https://etherpad.example.org/padname
|
||||||
|
# to https://etherpad.example.org/p/padname. It was problematic directly
|
||||||
|
# supporting "nice" urls as etherpad hardcodes /p/ in many places.
|
||||||
|
# Adapted from https://github.com/ether/etherpad-lite/wiki/How-to-put-Etherpad-Lite-behind-a-reverse-Proxy
|
||||||
|
RewriteEngine on
|
||||||
|
|
||||||
|
# Do not rewrite the /server-status URL (though by default, this
|
||||||
|
# is only accessible from localhost). Connect to it with:
|
||||||
|
# ssh -L 8443:localhost:443 $HOSTNAME
|
||||||
|
# https://localhost:8443/server-status
|
||||||
|
RewriteRule ^/server-status$ /server-status [L]
|
||||||
|
|
||||||
|
RewriteCond %{HTTP_HOST} !{{ etherpad_vhost_name }}
|
||||||
|
RewriteRule ^.*$ https://{{ etherpad_vhost_name }} [L,R=301]
|
||||||
|
|
||||||
|
# Server robots.txt directly so that it does not affect
|
||||||
|
# etherpad-lite installation.
|
||||||
|
RewriteRule ^/robots.txt$ /var/etherpad/robots.txt [L]
|
||||||
|
|
||||||
|
# Refuse external connections to the API through the proxy
|
||||||
|
RewriteRule ^/api/ - [F,L]
|
||||||
|
|
||||||
|
RewriteCond %{REQUEST_URI} !^/p/
|
||||||
|
RewriteCond %{REQUEST_URI} !^/locales/
|
||||||
|
RewriteCond %{REQUEST_URI} !^/locales.json
|
||||||
|
RewriteCond %{REQUEST_URI} !^/admin
|
||||||
|
RewriteCond %{REQUEST_URI} !^/p/
|
||||||
|
RewriteCond %{REQUEST_URI} !^/static/
|
||||||
|
RewriteCond %{REQUEST_URI} !^/pluginfw/
|
||||||
|
RewriteCond %{REQUEST_URI} !^/javascripts/
|
||||||
|
RewriteCond %{REQUEST_URI} !^/socket.io/
|
||||||
|
RewriteCond %{REQUEST_URI} !^/ep/
|
||||||
|
RewriteCond %{REQUEST_URI} !^/minified/
|
||||||
|
RewriteCond %{REQUEST_URI} !^/api/
|
||||||
|
RewriteCond %{REQUEST_URI} !^/ro/
|
||||||
|
RewriteCond %{REQUEST_URI} !^/error/
|
||||||
|
RewriteCond %{REQUEST_URI} !^/jserror
|
||||||
|
RewriteCond %{REQUEST_URI} !/favicon.ico
|
||||||
|
RewriteCond %{REQUEST_URI} !/robots.txt
|
||||||
|
RewriteRule ^/+(.+)$ https://{{ etherpad_vhost_name }}/p/$1 [NC,L,R=301]
|
||||||
|
|
||||||
|
<IfModule mod_proxy_wstunnel.c>
|
||||||
|
RewriteCond %{REQUEST_URI} ^/socket.io [NC]
|
||||||
|
RewriteCond %{QUERY_STRING} transport=websocket [NC]
|
||||||
|
RewriteRule /(.*) ws://localhost:9001/$1 [P,L]
|
||||||
|
ProxyPass /socket.io http://localhost:9001/socket.io retry=0
|
||||||
|
ProxyPassReverse /socket.io http://localhost:9001/socket.io
|
||||||
|
</IfModule>
|
||||||
|
|
||||||
|
ProxyPass / http://localhost:9001/ retry=0
|
||||||
|
ProxyPassReverse / http://localhost:9001/
|
||||||
|
</IfModule>
|
||||||
|
|
||||||
|
</VirtualHost>
|
||||||
|
</IfModule>
|
37
playbooks/roles/etherpad/templates/redirect.vhost.j2
Normal file
37
playbooks/roles/etherpad/templates/redirect.vhost.j2
Normal file
@ -0,0 +1,37 @@
|
|||||||
|
# ************************************
|
||||||
|
# Managed by Ansible
|
||||||
|
# ************************************
|
||||||
|
|
||||||
|
<VirtualHost *:80>
|
||||||
|
ServerName {{ etherpad_redirect_vhost }}
|
||||||
|
|
||||||
|
LogLevel warn
|
||||||
|
ErrorLog /var/log/apache2/{{ etherpad_redirect_vhost }}_error.log
|
||||||
|
CustomLog /var/log/apache2/{{ etherpad_redirect_vhost }}_access.log combined
|
||||||
|
ServerSignature Off
|
||||||
|
|
||||||
|
Redirect / https://{{ etherpad_vhost_name }}/
|
||||||
|
</VirtualHost>
|
||||||
|
|
||||||
|
<IfModule mod_ssl.c>
|
||||||
|
<VirtualHost *:443>
|
||||||
|
ServerName {{ etherpad_redirect_vhost }}
|
||||||
|
|
||||||
|
SSLEngine on
|
||||||
|
SSLProtocol All -SSLv2 -SSLv3
|
||||||
|
# Note: this list should ensure ciphers that provide forward secrecy
|
||||||
|
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:!AES256:!aNULL:!eNULL:!MD5:!DSS:!PSK:!SRP
|
||||||
|
SSLHonorCipherOrder on
|
||||||
|
|
||||||
|
SSLCertificateFile /etc/letsencrypt-certs/{{ etherpad_vhost_name }}/{{ etherpad_vhost_name }}.cer
|
||||||
|
SSLCertificateKeyFile /etc/letsencrypt-certs/{{ etherpad_vhost_name }}/{{ etherpad_vhost_name }}.key
|
||||||
|
SSLCertificateChainFile /etc/letsencrypt-certs/{{ etherpad_vhost_name }}/ca.cer
|
||||||
|
|
||||||
|
LogLevel warn
|
||||||
|
ErrorLog /var/log/apache2/{{ etherpad_redirect_vhost }}_error.log
|
||||||
|
CustomLog /var/log/apache2/{{ etherpad_redirect_vhost }}_access.log combined
|
||||||
|
ServerSignature Off
|
||||||
|
|
||||||
|
Redirect / https://{{ etherpad_vhost_name }}/
|
||||||
|
</VirtualHost>
|
||||||
|
</IfModule>
|
120
playbooks/roles/etherpad/templates/settings.json.j2
Normal file
120
playbooks/roles/etherpad/templates/settings.json.j2
Normal file
@ -0,0 +1,120 @@
|
|||||||
|
/*
|
||||||
|
This file must be valid JSON. But comments are allowed
|
||||||
|
|
||||||
|
Please edit settings.json, not settings.json.template
|
||||||
|
*/
|
||||||
|
{
|
||||||
|
// Name your instance!
|
||||||
|
"title": "{{ etherpad_title }}",
|
||||||
|
|
||||||
|
//Ip and port which etherpad should bind at
|
||||||
|
"ip": "127.0.0.1",
|
||||||
|
"port" : 9001,
|
||||||
|
|
||||||
|
// favicon default name
|
||||||
|
"favicon": "favicon.ico",
|
||||||
|
|
||||||
|
// Session Key, used for reconnecting user sessions
|
||||||
|
// Set this to a secure string at least 10 characters long. Do not share this value.
|
||||||
|
"sessionKey" : "{{ etherpad_session_key }}",
|
||||||
|
|
||||||
|
//The Type of the database. You can choose between dirty, sqlite and mysql
|
||||||
|
//You should use mysql or sqlite for anything else than testing or development
|
||||||
|
"dbType" : "mysql",
|
||||||
|
//the database specific settings
|
||||||
|
"dbSettings" : {
|
||||||
|
"user" : "{{ etherpad_db_user }}",
|
||||||
|
"host" : "localhost",
|
||||||
|
"password": "{{ etherpad_db_password }}",
|
||||||
|
"database": "etherpad-lite"
|
||||||
|
},
|
||||||
|
//the default text of a pad
|
||||||
|
"defaultPadText" : "Welcome to Etherpad Lite!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nEtherpad Lite on Github: http:\/\/j.mp/ep-lite\n",
|
||||||
|
|
||||||
|
/* Users must have a session to access pads. This effectively allows only group pads to be accessed. */
|
||||||
|
"requireSession" : false,
|
||||||
|
|
||||||
|
/* Users may edit pads but not create new ones. Pad creation is only via the API. This applies both to group pads and regular pads. */
|
||||||
|
"editOnly" : false,
|
||||||
|
|
||||||
|
/* if true, all css & js will be minified before sending to the client. This will improve the loading performance massivly,
|
||||||
|
but makes it impossible to debug the javascript/css */
|
||||||
|
"minify" : true,
|
||||||
|
|
||||||
|
/* How long may clients use served javascript code? Without versioning this
|
||||||
|
is may cause problems during deployment. */
|
||||||
|
"maxAge" : 21600000, // 6 hours
|
||||||
|
|
||||||
|
/* This is the path to the Abiword executable. Setting it to null, disables abiword.
|
||||||
|
Abiword is needed to enable the import/export of pads*/
|
||||||
|
"abiword" : null,
|
||||||
|
|
||||||
|
/* This setting is used if you require authentication of all users.
|
||||||
|
Note: /admin always requires authentication. */
|
||||||
|
"requireAuthentication": false,
|
||||||
|
|
||||||
|
/* Require authorization by a module, or a user with is_admin set, see below. */
|
||||||
|
"requireAuthorization": false,
|
||||||
|
|
||||||
|
/* Users for basic authentication. is_admin = true gives access to /admin.
|
||||||
|
If you do not uncomment this, /admin will not be available! */
|
||||||
|
/*
|
||||||
|
"users": {
|
||||||
|
"admin": {
|
||||||
|
"password": "changeme1",
|
||||||
|
"is_admin": true
|
||||||
|
},
|
||||||
|
"user": {
|
||||||
|
"password": "changeme1",
|
||||||
|
"is_admin": false
|
||||||
|
}
|
||||||
|
},
|
||||||
|
*/
|
||||||
|
|
||||||
|
// restrict socket.io transport methods
|
||||||
|
"socketTransportProtocols" : ["websocket", "xhr-polling", "jsonp-polling", "htmlfile"],
|
||||||
|
|
||||||
|
/* The log level we are using, can be: DEBUG, INFO, WARN, ERROR */
|
||||||
|
"loglevel": "INFO",
|
||||||
|
|
||||||
|
//Logging configuration. See log4js documentation for further information
|
||||||
|
// https://github.com/nomiddlename/log4js-node
|
||||||
|
// You can add as many appenders as you want here:
|
||||||
|
"logconfig" :
|
||||||
|
{ "appenders": [
|
||||||
|
{ "type": "console"
|
||||||
|
//, "category": "access"// only logs pad access
|
||||||
|
}
|
||||||
|
/*
|
||||||
|
, { "type": "file"
|
||||||
|
, "filename": "/var/log/eplite/etherpad-lite.log"
|
||||||
|
, "maxLogSize": 1024
|
||||||
|
, "backups": 30 // how many log files there're gonna be at max
|
||||||
|
//, "category": "test" // only log a specific category
|
||||||
|
}*/
|
||||||
|
/*
|
||||||
|
, { "type": "logLevelFilter"
|
||||||
|
, "level": "warn" // filters out all log messages that have a lower level than "error"
|
||||||
|
, "appender":
|
||||||
|
{ Use whatever appender you want here }
|
||||||
|
}*/
|
||||||
|
/*
|
||||||
|
, { "type": "logLevelFilter"
|
||||||
|
, "level": "error" // filters out all log messages that have a lower level than "error"
|
||||||
|
, "appender":
|
||||||
|
{ "type": "smtp"
|
||||||
|
, "subject": "An error occured in your EPL instance!"
|
||||||
|
, "recipients": "bar@blurdybloop.com, baz@blurdybloop.com"
|
||||||
|
, "sendInterval": 60*5 // in secs -- will buffer log messages; set to 0 to send a mail for every message
|
||||||
|
, "transport": "SMTP", "SMTP": { // see https://github.com/andris9/Nodemailer#possible-transport-methods
|
||||||
|
"host": "smtp.example.com", "port": 465,
|
||||||
|
"secureConnection": true,
|
||||||
|
"auth": {
|
||||||
|
"user": "foo@example.com",
|
||||||
|
"pass": "bar_foo"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}*/
|
||||||
|
] }
|
||||||
|
}
|
@ -185,6 +185,9 @@
|
|||||||
- name: letsencrypt updated nb01-test-main
|
- name: letsencrypt updated nb01-test-main
|
||||||
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
||||||
|
|
||||||
|
- name: letsencrypt updated etherpad01-opendev-org-main
|
||||||
|
include_tasks: roles/letsencrypt-create-certs/handlers/restart_apache.yaml
|
||||||
|
|
||||||
# We split out handlers for each gitea host as handlers should be run in order
|
# We split out handlers for each gitea host as handlers should be run in order
|
||||||
# This allows us to do a rolling restart of the gitea backends.
|
# This allows us to do a rolling restart of the gitea backends.
|
||||||
- name: letsencrypt updated gitea01-main
|
- name: letsencrypt updated gitea01-main
|
||||||
|
5
playbooks/service-etherpad.yaml
Normal file
5
playbooks/service-etherpad.yaml
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
- hosts: "etherpad:!disabled"
|
||||||
|
name: "Base: configure etherpad"
|
||||||
|
roles:
|
||||||
|
- install-docker
|
||||||
|
- etherpad
|
@ -85,6 +85,7 @@
|
|||||||
- group_vars/control-plane-clouds.yaml
|
- group_vars/control-plane-clouds.yaml
|
||||||
- group_vars/afs-client.yaml
|
- group_vars/afs-client.yaml
|
||||||
- host_vars/bridge.openstack.org.yaml
|
- host_vars/bridge.openstack.org.yaml
|
||||||
|
- host_vars/etherpad01.opendev.org.yaml
|
||||||
- host_vars/letsencrypt01.opendev.org.yaml
|
- host_vars/letsencrypt01.opendev.org.yaml
|
||||||
- host_vars/letsencrypt02.opendev.org.yaml
|
- host_vars/letsencrypt02.opendev.org.yaml
|
||||||
- host_vars/gitea99.opendev.org.yaml
|
- host_vars/gitea99.opendev.org.yaml
|
||||||
|
@ -0,0 +1,4 @@
|
|||||||
|
etherpad_db_root_password: rootpassword
|
||||||
|
etherpad_db_password: password
|
||||||
|
# Must be 14 characters
|
||||||
|
etherpad_session_key: 'R382T#^XDcNYmg'
|
Loading…
Reference in New Issue
Block a user