diff --git a/manifests/site.pp b/manifests/site.pp index 142018b945..abced732cb 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -198,15 +198,19 @@ node 'etherpad.openstack.org' { ssl_cert_file_contents => hiera('etherpad_ssl_cert_file_contents'), ssl_key_file_contents => hiera('etherpad_ssl_key_file_contents'), ssl_chain_file_contents => hiera('etherpad_ssl_chain_file_contents'), - database_password => hiera('etherpad_db_password'), + mysql_host => hiera('etherpad_db_host'), + mysql_user => hiera('etherpad_db_user'), + mysql_password => hiera('etherpad_db_password'), sysadmins => hiera('sysadmins'), } } node 'etherpad-dev.openstack.org' { class { 'openstack_project::etherpad_dev': - database_password => hiera('etherpad-dev_db_password'), - sysadmins => hiera('sysadmins'), + mysql_host => hiera('etherpad-dev_db_host'), + mysql_user => hiera('etherpad-dev_db_user'), + mysql_password => hiera('etherpad-dev_db_password'), + sysadmins => hiera('sysadmins'), } } diff --git a/modules/etherpad_lite/manifests/apache.pp b/modules/etherpad_lite/manifests/apache.pp index 67cffebfc4..d5b2adb896 100644 --- a/modules/etherpad_lite/manifests/apache.pp +++ b/modules/etherpad_lite/manifests/apache.pp @@ -34,7 +34,7 @@ class etherpad_lite::apache ( file { '/etc/ssl/certs': ensure => directory, owner => 'root', - mode => '0700', + mode => '0755', } file { '/etc/ssl/private': diff --git a/modules/etherpad_lite/manifests/backup.pp b/modules/etherpad_lite/manifests/backup.pp deleted file mode 100644 index 64450b1ff7..0000000000 --- a/modules/etherpad_lite/manifests/backup.pp +++ /dev/null @@ -1,31 +0,0 @@ -# == Class: etherpad_lite::backup -# -class etherpad_lite::backup ( - $minute = '0', - $hour = '0', - $day = '*', - $dest = "${etherpad_lite::base_log_dir}/${etherpad_lite::ep_user}/db.sql.gz", - $rotation = 'daily', - $num_backups = '30' -) { - - cron { 'eplitedbbackup': - ensure => present, - command => "/usr/bin/mysqldump --defaults-file=/etc/mysql/debian.cnf --opt etherpad-lite | gzip -9 > ${dest}", - minute => $minute, - hour => $hour, - weekday => $day, - require => Package['mysql-server'], - } - - include logrotate - logrotate::file { 'eplitedb': - log => $dest, - options => [ - 'nocompress', - "rotate ${num_backups}", - $rotation, - ], - require => Cron['eplitedbbackup'], - } -} diff --git a/modules/etherpad_lite/manifests/init.pp b/modules/etherpad_lite/manifests/init.pp index ddd9456d4a..17789900fd 100644 --- a/modules/etherpad_lite/manifests/init.pp +++ b/modules/etherpad_lite/manifests/init.pp @@ -15,9 +15,8 @@ class etherpad_lite ( $ep_user = 'eplite', $base_log_dir = '/var/log', $base_install_dir = '/opt/etherpad-lite', - $nodejs_version = 'v0.6.16', - $eplite_version = '', - $ep_headings = false + $nodejs_version = 'v0.10.20', + $eplite_version = 'develop' ) { # where the modules are, needed to easily install modules later @@ -85,25 +84,16 @@ class etherpad_lite ( ], } - # Allow existing install to exist without modifying its git repo. - # But give the option to specify versions for new installs. - if $eplite_version != '' { - vcsrepo { "${base_install_dir}/etherpad-lite": - ensure => present, - provider => git, - source => 'https://github.com/ether/etherpad-lite.git', - owner => $ep_user, - revision => $eplite_version, - require => Package['git'], - } - } else { - vcsrepo { "${base_install_dir}/etherpad-lite": - ensure => present, - provider => git, - source => 'https://github.com/Pita/etherpad-lite.git', - owner => $ep_user, - require => Package['git'], - } + vcsrepo { "${base_install_dir}/etherpad-lite": + ensure => present, + provider => git, + source => 'https://github.com/ether/etherpad-lite.git', + owner => $ep_user, + revision => $eplite_version, + require => [ + Package['git'], + User[$ep_user], + ], } exec { 'install_etherpad_dependencies': @@ -120,25 +110,6 @@ class etherpad_lite ( creates => "${base_install_dir}/etherpad-lite/node_modules", } - if $ep_headings == true { - # install the test install plugin - # This seesm to be needed to get - exec {'npm install ep_fintest': - cwd => $modules_dir, - path => $path, - creates => "${modules_dir}/ep_fintest", - require => Exec['install_etherpad_dependencies'] - } -> - - # install the headings plugin - exec {'npm install ep_headings': - cwd => $modules_dir, - path => $path, - creates => "${modules_dir}/ep_headings", - require => Exec['install_etherpad_dependencies'] - } - } - file { '/etc/init/etherpad-lite.conf': ensure => present, content => template('etherpad_lite/upstart.erb'), diff --git a/modules/etherpad_lite/manifests/mysql.pp b/modules/etherpad_lite/manifests/mysql.pp deleted file mode 100644 index 92138d6b30..0000000000 --- a/modules/etherpad_lite/manifests/mysql.pp +++ /dev/null @@ -1,82 +0,0 @@ -# == Class: etherpad_lite::mysql -# -class etherpad_lite::mysql( - $database_password = '', - $dbType = 'mysql', - $database_user = 'eplite', - $database_name = 'etherpad-lite' -) { - include etherpad_lite - - $base = "${etherpad_lite::base_install_dir}/etherpad-lite" - - package { 'mysql-server': - ensure => present, - } - - package { 'mysql-client': - ensure => present, - } - - service { 'mysql': - ensure => running, - enable => true, - hasrestart => true, - require => [ - Package['mysql-server'], - Package['mysql-client'], - ], - } - - file { "${base}/create_database.sh": - ensure => present, - content => template('etherpad_lite/create_database.sh.erb'), - group => $etherpad_lite::ep_user, - mode => '0755', - owner => $etherpad_lite::ep_user, - replace => true, - require => Class['etherpad_lite'], - } - - file { "${base}/create_user.sh": - ensure => present, - content => template('etherpad_lite/create_user.sh.erb'), - group => $etherpad_lite::ep_user, - mode => '0755', - owner => $etherpad_lite::ep_user, - replace => true, - require => Class['etherpad_lite'], - } - - exec { 'create-etherpad-lite-db': - unless => "mysql --defaults-file=/etc/mysql/debian.cnf ${database_name}", - path => [ - '/bin', - '/usr/bin', - ], - command => "${base}/create_database.sh", - require => [ - Service['mysql'], - File["${base}/settings.json"], - File["${base}/create_database.sh"], - ], - before => Exec['grant-etherpad-lite-db'], - } - - exec { 'grant-etherpad-lite-db': - unless => - "mysql -u${database_user} -p${database_password} ${database_name}", - path => [ - '/bin', - '/usr/bin' - ], - command => "${base}/create_user.sh", - require => [ - Service['mysql'], - File["${base}/settings.json"], - File["${base}/create_user.sh"], - ], - } -} - -# vim:sw=2:ts=2:expandtab:textwidth=79 diff --git a/modules/etherpad_lite/manifests/plugin.pp b/modules/etherpad_lite/manifests/plugin.pp new file mode 100644 index 0000000000..f319a71915 --- /dev/null +++ b/modules/etherpad_lite/manifests/plugin.pp @@ -0,0 +1,13 @@ +# Define to install etherpad lite plugins +# +define etherpad_lite::plugin { + $plugin_name = $name + exec { "npm install ${plugin_name}": + cwd => $etherpad_lite::modules_dir, + path => $etherpad_lite::path, + user => $etherpad_lite::ep_user, + environment => "HOME=${etherpad_lite::base_log_dir}/${etherpad_lite::ep_user}", + creates => "${etherpad_lite::modules_dir}/${plugin_name}", + require => Class['etherpad_lite'] + } +} diff --git a/modules/etherpad_lite/manifests/site.pp b/modules/etherpad_lite/manifests/site.pp index f2f47c1d03..78808aeca3 100644 --- a/modules/etherpad_lite/manifests/site.pp +++ b/modules/etherpad_lite/manifests/site.pp @@ -1,30 +1,22 @@ # == Class: etherpad_lite::site # class etherpad_lite::site ( - $database_password = '', - $dbType = 'mysql', + $database_password, + $sessionKey = '', + $dbType = 'mysql', $database_user = 'eplite', - $database_name = 'etherpad-lite' + $database_name = 'etherpad-lite', + $database_host = 'localhost' ) { include etherpad_lite $base = $etherpad_lite::base_install_dir - if $dbType == 'mysql' { - service { 'etherpad-lite': - ensure => running, - enable => true, - subscribe => File["${base}/etherpad-lite/settings.json"], - require => Class['etherpad_lite::mysql'], - } - } - else { - service { 'etherpad-lite': - ensure => running, - enable => true, - subscribe => File["${base}/etherpad-lite/settings.json"], - } + service { 'etherpad-lite': + ensure => running, + enable => true, + subscribe => File["${base}/etherpad-lite/settings.json"], } file { "${base}/etherpad-lite/settings.json": diff --git a/modules/etherpad_lite/templates/create_database.sh.erb b/modules/etherpad_lite/templates/create_database.sh.erb deleted file mode 100644 index 97af276a9e..0000000000 --- a/modules/etherpad_lite/templates/create_database.sh.erb +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -mysql --defaults-file=/etc/mysql/debian.cnf -e 'create database `<%= database_name %>` CHARACTER SET utf8 COLLATE utf8_bin' diff --git a/modules/etherpad_lite/templates/create_user.sh.erb b/modules/etherpad_lite/templates/create_user.sh.erb deleted file mode 100644 index 0c1f24bd34..0000000000 --- a/modules/etherpad_lite/templates/create_user.sh.erb +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -mysql --defaults-file=/etc/mysql/debian.cnf -e 'grant all on `<%= database_name %>`.* to "<%= database_user %>"@"localhost" identified by "<%= database_password %>";' diff --git a/modules/etherpad_lite/templates/etherpad-lite_settings.json.erb b/modules/etherpad_lite/templates/etherpad-lite_settings.json.erb index 7d9ee88257..4e417f685b 100644 --- a/modules/etherpad_lite/templates/etherpad-lite_settings.json.erb +++ b/modules/etherpad_lite/templates/etherpad-lite_settings.json.erb @@ -4,17 +4,27 @@ Please edit settings.json, not settings.json.template */ { + // Name your instance! + "title": "OpenStack Etherpad", + //Ip and port which etherpad should bind at "ip": "127.0.0.1", "port" : 9001, + // favicon default name + "favicon": "favicon.ico", + + // Session Key, used for reconnecting user sessions + // Set this to a secure string at least 10 characters long. Do not share this value. + "sessionKey" : "<%= sessionKey %>", + //The Type of the database. You can choose between dirty, sqlite and mysql //You should use mysql or sqlite for anything else than testing or development "dbType" : "<%= dbType %>", //the database specific settings "dbSettings" : { "user" : "<%= database_user %>", - "host" : "localhost", + "host" : "<%= database_host %>", "password": "<%= database_password %>", "database": "<%= database_name %>" }, @@ -39,9 +49,72 @@ Abiword is needed to enable the import/export of pads*/ "abiword" : "/usr/bin/abiword", - /* This setting is used if you need http basic auth */ - // "httpAuth" : "user:pass", + /* This setting is used if you require authentication of all users. + Note: /admin always requires authentication. */ + "requireAuthentication": false, + + /* Require authorization by a module, or a user with is_admin set, see below. */ + "requireAuthorization": false, + + /* Users for basic authentication. is_admin = true gives access to /admin. + If you do not uncomment this, /admin will not be available! */ + /* + "users": { + "admin": { + "password": "changeme1", + "is_admin": true + }, + "user": { + "password": "changeme1", + "is_admin": false + } + }, + */ + + // restrict socket.io transport methods + "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"], /* The log level we are using, can be: DEBUG, INFO, WARN, ERROR */ - "loglevel": "INFO" + "loglevel": "INFO", + + //Logging configuration. See log4js documentation for further information + // https://github.com/nomiddlename/log4js-node + // You can add as many appenders as you want here: + "logconfig" : + { "appenders": [ + { "type": "console" + //, "category": "access"// only logs pad access + } + /* + , { "type": "file" + , "filename": "/var/log/eplite/etherpad-lite.log" + , "maxLogSize": 1024 + , "backups": 30 // how many log files there're gonna be at max + //, "category": "test" // only log a specific category + }*/ + /* + , { "type": "logLevelFilter" + , "level": "warn" // filters out all log messages that have a lower level than "error" + , "appender": + { Use whatever appender you want here } + }*/ + /* + , { "type": "logLevelFilter" + , "level": "error" // filters out all log messages that have a lower level than "error" + , "appender": + { "type": "smtp" + , "subject": "An error occured in your EPL instance!" + , "recipients": "bar@blurdybloop.com, baz@blurdybloop.com" + , "sendInterval": 60*5 // in secs -- will buffer log messages; set to 0 to send a mail for every message + , "transport": "SMTP", "SMTP": { // see https://github.com/andris9/Nodemailer#possible-transport-methods + "host": "smtp.example.com", "port": 465, + "secureConnection": true, + "auth": { + "user": "foo@example.com", + "pass": "bar_foo" + } + } + } + }*/ + ] } } diff --git a/modules/etherpad_lite/templates/etherpadlite.vhost.erb b/modules/etherpad_lite/templates/etherpadlite.vhost.erb index 2de1e36370..97d05fa997 100644 --- a/modules/etherpad_lite/templates/etherpadlite.vhost.erb +++ b/modules/etherpad_lite/templates/etherpadlite.vhost.erb @@ -36,28 +36,37 @@ # MSIE 7 and newer should be able to use keepalive BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown - RewriteEngine on - RewriteCond %{HTTP_HOST} !<%= scope.lookupvar("etherpad_lite::apache::vhost_name") %> - RewriteRule ^.*$ https://<%= scope.lookupvar("etherpad_lite::apache::vhost_name") %> [L,R=301] + + # The following redirects "nice" urls such as https://etherpad.example.org/padname + # to https://etherpad.example.org/p/padname. It was problematic directly + # supporting "nice" urls as etherpad hardcodes /p/ in many places. + # Adapted from https://github.com/ether/etherpad-lite/wiki/How-to-put-Etherpad-Lite-behind-a-reverse-Proxy + RewriteEngine on + RewriteCond %{HTTP_HOST} !<%= scope.lookupvar("etherpad_lite::apache::vhost_name") %> + RewriteRule ^.*$ https://<%= scope.lookupvar("etherpad_lite::apache::vhost_name") %> [L,R=301] - RewriteRule ^/p/(.*)$ https://<%= scope.lookupvar("etherpad_lite::apache::vhost_name") %>/$1 [NC,L,R=301] - RewriteCond %{REQUEST_URI} !^/p/ - RewriteCond %{REQUEST_URI} !^/static/ - RewriteCond %{REQUEST_URI} !^/pluginfw/ - RewriteCond %{REQUEST_URI} !^/javascripts/ - RewriteCond %{REQUEST_URI} !^/socket.io/ - RewriteCond %{REQUEST_URI} !^/ep/ - RewriteCond %{REQUEST_URI} !^/minified/ - RewriteCond %{REQUEST_URI} !^/api/ - RewriteCond %{REQUEST_URI} !^/ro/ - RewriteCond %{REQUEST_URI} !^/error/ - RewriteCond %{REQUEST_URI} !^/jserror - RewriteCond %{REQUEST_URI} !/favicon.ico - RewriteCond %{REQUEST_URI} !/robots.txt - RewriteRule ^/+(.+)$ https://<%= scope.lookupvar("etherpad_lite::apache::vhost_name") %>/p/$1 + RewriteCond %{REQUEST_URI} !^/p/ + RewriteCond %{REQUEST_URI} !^/locales/ + RewriteCond %{REQUEST_URI} !^/locales.json + RewriteCond %{REQUEST_URI} !^/admin + RewriteCond %{REQUEST_URI} !^/p/ + RewriteCond %{REQUEST_URI} !^/static/ + RewriteCond %{REQUEST_URI} !^/pluginfw/ + RewriteCond %{REQUEST_URI} !^/javascripts/ + RewriteCond %{REQUEST_URI} !^/socket.io/ + RewriteCond %{REQUEST_URI} !^/ep/ + RewriteCond %{REQUEST_URI} !^/minified/ + RewriteCond %{REQUEST_URI} !^/api/ + RewriteCond %{REQUEST_URI} !^/ro/ + RewriteCond %{REQUEST_URI} !^/error/ + RewriteCond %{REQUEST_URI} !^/jserror + RewriteCond %{REQUEST_URI} !/favicon.ico + RewriteCond %{REQUEST_URI} !/robots.txt + RewriteRule ^/+(.+)$ https://<%= scope.lookupvar("etherpad_lite::apache::vhost_name") %>/p/$1 [NC,L,R=301] - RewriteRule ^/(.*)$ http://localhost:9001/$1 [P] - ProxyPassReverse / http://localhost:9001/ + RewriteRule ^/(.*)$ http://localhost:9001/$1 [P] + ProxyPassReverse / http://localhost:9001/ + diff --git a/modules/mysql_backup/manifests/backup.pp b/modules/mysql_backup/manifests/backup.pp index 7b3167930d..585621de90 100644 --- a/modules/mysql_backup/manifests/backup.pp +++ b/modules/mysql_backup/manifests/backup.pp @@ -26,6 +26,12 @@ define mysql_backup::backup ( } } + if ! defined(Package['mysql-client']) { + package { 'mysql-client': + ensure => present, + } + } + cron { "${name}-backup": ensure => present, command => "/usr/bin/mysqldump --defaults-file=${defaults_file} --opt --ignore-table mysql.event --all-databases | gzip -9 > ${dest_dir}/${name}.sql.gz", diff --git a/modules/mysql_backup/manifests/backup_remote.pp b/modules/mysql_backup/manifests/backup_remote.pp new file mode 100644 index 0000000000..257c363a10 --- /dev/null +++ b/modules/mysql_backup/manifests/backup_remote.pp @@ -0,0 +1,67 @@ +# == Define: mysql_backup::backup_remote +# +# Arguments determine when backups should be taken, where they should +# be located, and how often they shouled be rotated. Additionally +# provide remote DB authentication details for that DB to be backed up. +# This define assumes that the mysqldump command is installed under +# /usr/bin. All reachable DBs and tables will be backed up. +# +define mysql_backup::backup_remote ( + $database_host, + $database_user, + $database_password, + $minute = '0', + $hour = '0', + $day = '*', + $dest_dir = '/var/backups/mysql_backups', + $rotation = 'daily', + $num_backups = '30' +) { + # Wrap in check as there may be mutliple backup defines backing + # up to the same dir. + if ! defined(File[$dest_dir]) { + file { $dest_dir: + ensure => directory, + mode => '0755', + owner => 'root', + group => 'root', + } + } + $defaults_file = "/root/.${name}_db.cnf" + file { $defaults_file: + ensure => present, + mode => '0400', + owner => 'root', + group => 'root', + content => template('mysql_backup/my.cnf.erb'), + } + + if ! defined(Package['mysql-client']) { + package { 'mysql-client': + ensure => present, + } + } + + cron { "${name}-backup": + ensure => present, + command => "/usr/bin/mysqldump --defaults-file=${defaults_file} --opt --ignore-table mysql.event --all-databases | gzip -9 > ${dest_dir}/${name}.sql.gz", + minute => $minute, + hour => $hour, + weekday => $day, + require => [ + File[$dest_dir], + File[$defaults_file], + ], + } + + include logrotate + logrotate::file { "${name}-rotate": + log => "${dest_dir}/${name}.sql.gz", + options => [ + 'nocompress', + "rotate ${num_backups}", + $rotation, + ], + require => Cron["${name}-backup"], + } +} diff --git a/modules/mysql_backup/templates/my.cnf.erb b/modules/mysql_backup/templates/my.cnf.erb new file mode 100644 index 0000000000..c168a7d194 --- /dev/null +++ b/modules/mysql_backup/templates/my.cnf.erb @@ -0,0 +1,4 @@ +[client] +host=<%= database_host %> +user=<%= database_user %> +password=<%= database_password %> diff --git a/modules/openstack_project/manifests/etherpad.pp b/modules/openstack_project/manifests/etherpad.pp index db2991343c..49b78567bf 100644 --- a/modules/openstack_project/manifests/etherpad.pp +++ b/modules/openstack_project/manifests/etherpad.pp @@ -1,8 +1,11 @@ class openstack_project::etherpad ( + $mysql_password, $ssl_cert_file_contents = '', $ssl_key_file_contents = '', $ssl_chain_file_contents = '', - $database_password = '', + $mysql_host = 'localhost', + $mysql_user = 'eplite', + $mysql_db_name = 'etherpad-lite', $sysadmins = [] ) { class { 'openstack_project::server': @@ -11,9 +14,6 @@ class openstack_project::etherpad ( } include etherpad_lite - mysql_backup::backup { 'etherpad-lite': - require => Class['etherpad_lite'], - } class { 'etherpad_lite::apache': ssl_cert_file => '/etc/ssl/certs/etherpad.openstack.org.pem', @@ -25,11 +25,21 @@ class openstack_project::etherpad ( } class { 'etherpad_lite::site': - database_password => $database_password, + database_host => $mysql_host, + database_user => $mysql_user, + database_name => $mysql_db_name, + database_password => $mysql_password, } - class { 'etherpad_lite::mysql': - database_password => $database_password, + etherpad_lite::plugin { 'ep_headings': + require => Class['etherpad_lite'], + } + + mysql_backup::backup_remote { 'etherpad-lite': + database_host => $mysql_host, + database_user => $mysql_user, + database_password => $mysql_password, + require => Class['etherpad_lite'], } } diff --git a/modules/openstack_project/manifests/etherpad_dev.pp b/modules/openstack_project/manifests/etherpad_dev.pp index af1273e5f1..9fa5dcb94b 100644 --- a/modules/openstack_project/manifests/etherpad_dev.pp +++ b/modules/openstack_project/manifests/etherpad_dev.pp @@ -1,5 +1,8 @@ class openstack_project::etherpad_dev ( - $database_password = '', + $mysql_password, + $mysql_host = 'localhost', + $mysql_user = 'eplite', + $mysql_db_name = 'etherpad-lite', $sysadmins = [] ) { class { 'openstack_project::server': @@ -7,21 +10,7 @@ class openstack_project::etherpad_dev ( sysadmins => $sysadmins } - class { 'etherpad_lite': - # Use the version running on the prod server. - eplite_version => '4195e11a41c5992bc555cef71246800bceaf1915', - # Use the version running on the prod server. - nodejs_version => 'v0.6.16', - # Once dev install is working replace the above parameters with - # the following to test automated upgrade by puppet. - # eplite_version => '1.1.4', - # nodejs_version => 'v0.8.14', - ep_headings => true - } - - mysql_backup::backup { 'etherpad-lite': - require => Class['etherpad_lite'], - } + include etherpad_lite class { 'etherpad_lite::apache': ssl_cert_file => '/etc/ssl/certs/ssl-cert-snakeoil.pem', @@ -30,11 +19,21 @@ class openstack_project::etherpad_dev ( } class { 'etherpad_lite::site': - database_password => $database_password, + database_host => $mysql_host, + database_user => $mysql_user, + database_name => $mysql_db_name, + database_password => $mysql_password, } - class { 'etherpad_lite::mysql': - database_password => $database_password, + etherpad_lite::plugin { 'ep_headings': + require => Class['etherpad_lite'], + } + + mysql_backup::backup_remote { 'etherpad-lite-dev': + database_host => $mysql_host, + database_user => $mysql_user, + database_password => $mysql_password, + require => Class['etherpad_lite'], } }