Merge "This patch impliments the survey spec: I3c389596373b94459a32a4e540d514a2941acbb1"
This commit is contained in:
commit
eea6c0e468
@ -882,6 +882,28 @@ node /^status\d*\.openstack\.org$/ {
|
||||
}
|
||||
}
|
||||
|
||||
# Node-OS: xenial
|
||||
node /^survey\d+\.openstack\.org$/ {
|
||||
$group = "survey"
|
||||
class { 'openstack_project::server':
|
||||
iptables_public_tcp_ports => [22, 80, 443],
|
||||
sysadmins => hiera('sysadmins', []),
|
||||
}
|
||||
|
||||
class { 'openstack_project::survey':
|
||||
vhost_name => 'survey.openstack.org',
|
||||
auth_openid => true,
|
||||
ssl_cert_file_contents => hiera('ssl_cert_file_contents'),
|
||||
ssl_key_file_contents => hiera('ssl_key_file_contents'),
|
||||
ssl_chain_file_contents => hiera('ssl_chain_file_contents'),
|
||||
dbpassword => hiera('dbpassword'),
|
||||
dbhost => hiera('dbhost'),
|
||||
adminuser => hiera('adminuser'),
|
||||
adminpass => hiera('adminpass'),
|
||||
adminmail => hiera('adminmail'),
|
||||
}
|
||||
}
|
||||
|
||||
# This is a hidden authoritative master nameserver, not publicly
|
||||
# accessible.
|
||||
# Node-OS: xenial
|
||||
|
@ -15,6 +15,7 @@ nodepool nodepool*.openstack.org:nb*.openstack.org:nl*.openstack.org
|
||||
review ~review\d+\.openstack\.org
|
||||
review-dev ~review-dev\d*\.openstack\.org
|
||||
subunit-worker ~subunit-worker\d+\.openstack\.org
|
||||
survey ~survey\d+\.openstack\.org
|
||||
translate ~translate\d+\.openstack\.org
|
||||
translate-dev ~translate-dev\d*\.openstack\.org
|
||||
wiki ~wiki\d+\.openstack\.org
|
||||
|
@ -13,6 +13,7 @@ refstack.openstack.org 443
|
||||
review.openstack.org 443
|
||||
static.openstack.org 443
|
||||
storyboard.openstack.org 443
|
||||
survey.openstack.org 443
|
||||
translate.openstack.org 443
|
||||
wiki.openstack.org 443
|
||||
www.openstack.org 443
|
||||
|
198
modules/openstack_project/manifests/survey.pp
Normal file
198
modules/openstack_project/manifests/survey.pp
Normal file
@ -0,0 +1,198 @@
|
||||
class openstack_project::survey (
|
||||
$vhost_name = $::fqdn,
|
||||
$ssl_cert_file = '/etc/ssl/certs/survey.openstack.org.pem',
|
||||
$ssl_key_file = '/etc/ssl/private/survey.openstack.org.key',
|
||||
$ssl_chain_file = '/etc/ssl/certs/intermediate.pem',
|
||||
$ssl_cert_file_contents = '',
|
||||
$ssl_key_file_contents = '',
|
||||
$ssl_chain_file_contents = '',
|
||||
$dbpassword = '',
|
||||
$dbhost = '',
|
||||
# Table containing openid auth details. If undef not enabled
|
||||
# Example dict:
|
||||
# {
|
||||
# banner => "Welcome",
|
||||
# singleIdp => "https://openstackid.org",
|
||||
# trusted => '^https://openstackid.org/.*$',
|
||||
# any_valid_user => false,
|
||||
# users => ['https://openstackid.org/foo',
|
||||
# 'https://openstackid.org/bar'],
|
||||
# }
|
||||
# Note that if you care which users get access set any_valid_user to false
|
||||
# and then provide an explicit list of openids in the users list. Otherwise
|
||||
# set any_valid_user to true and any successfully authenticated user will
|
||||
# get access.
|
||||
$auth_openid = undef,
|
||||
$docroot = '/var/www',
|
||||
$runtime_dir_mode = '0755',
|
||||
$download_url = 'https://github.com/LimeSurvey/LimeSurvey/archive/',
|
||||
$version = '3.7.0+180418',
|
||||
$www_group = 'www-data',
|
||||
$www_user = 'www-data',
|
||||
# These are required for bootstrapping, so do not have defaults.
|
||||
$adminuser,
|
||||
$adminpass,
|
||||
$adminmail,
|
||||
) {
|
||||
|
||||
$distro_packages = [
|
||||
'libapache2-mod-php',
|
||||
'php',
|
||||
'php-gd',
|
||||
'php-imap',
|
||||
'php-ldap',
|
||||
'php-mbstring',
|
||||
'php-mcrypt',
|
||||
'php-mysql',
|
||||
'php-xml',
|
||||
'php-zip',
|
||||
'ssl-cert',
|
||||
]
|
||||
|
||||
package { $distro_packages:
|
||||
ensure => present,
|
||||
}
|
||||
|
||||
exec { 'limesurvey-download':
|
||||
path => '/bin:/usr/bin',
|
||||
creates => "${docroot}/tmp/runtime",
|
||||
command => "bash -c 'cd /tmp; wget ${download_url}${version}.tar.gz'",
|
||||
require => File[$docroot],
|
||||
user => $www_user,
|
||||
}
|
||||
|
||||
exec { 'limesurvey-unzip':
|
||||
path => '/bin:/usr/bin',
|
||||
cwd => '/tmp',
|
||||
creates => "${docroot}/tmp/runtime",
|
||||
command => "bash -c 'cd /tmp; tar zxf /tmp/${version}.tar.gz -C ${docroot} --strip-components=1'",
|
||||
notify => Exec['limesurvey-install'],
|
||||
require => Exec['limesurvey-download'],
|
||||
user => $www_user,
|
||||
}
|
||||
|
||||
exec { 'limesurvey-install':
|
||||
command => "/usr/bin/php console.php install ${adminuser} ${adminpass} 'Default Administrator' ${adminmail}",
|
||||
cwd => "${docroot}/application/commands",
|
||||
refreshonly => true,
|
||||
require => [
|
||||
File["${docroot}/application/config/config.php"],
|
||||
Package[$distro_packages],
|
||||
],
|
||||
user => $www_user,
|
||||
}
|
||||
|
||||
file { "/tmp/${version}.tar.gz":
|
||||
ensure => absent,
|
||||
require => Exec['limesurvey-unzip'],
|
||||
}
|
||||
|
||||
file { "${docroot}/tmp/runtime/":
|
||||
ensure => directory,
|
||||
mode => $runtime_dir_mode,
|
||||
require => Exec['limesurvey-install'],
|
||||
}
|
||||
|
||||
file { "${docroot}/application/config/config.php":
|
||||
ensure => present,
|
||||
owner => $www_user,
|
||||
group => $www_group,
|
||||
mode => '0660',
|
||||
content => template ('openstack_project/survey.config.php.erb'),
|
||||
replace => true,
|
||||
require => Exec['limesurvey-unzip'],
|
||||
}
|
||||
|
||||
include ::httpd
|
||||
::httpd::vhost { $vhost_name:
|
||||
port => 443,
|
||||
docroot => $docroot,
|
||||
priority => '50',
|
||||
template => 'openstack_project/survey.vhost.erb',
|
||||
ssl => true,
|
||||
}
|
||||
|
||||
if !defined(Mod['rewrite']) {
|
||||
httpd::mod { 'rewrite':
|
||||
ensure => present,
|
||||
}
|
||||
}
|
||||
if ($auth_openid != undef) {
|
||||
if !defined(Package['libapache2-mod-auth-openid']) {
|
||||
package { 'libapache2-mod-auth-openid':
|
||||
ensure => present,
|
||||
}
|
||||
}
|
||||
if !defined(Mod['auth_openid']) {
|
||||
# Workaround for https://bugs.debian.org/759209
|
||||
file { '/etc/apache2/mods-available/auth_openid.load':
|
||||
ensure => present,
|
||||
content => 'LoadModule authopenid_module /usr/lib/apache2/modules/mod_auth_openid.so',
|
||||
replace => true,
|
||||
require => Package['libapache2-mod-auth-openid'],
|
||||
}
|
||||
httpd::mod { 'auth_openid':
|
||||
ensure => present,
|
||||
require => File['/etc/apache2/mods-available/auth_openid.load'],
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
file { $docroot:
|
||||
ensure => directory,
|
||||
owner => $www_user,
|
||||
group => $www_group,
|
||||
}
|
||||
|
||||
file { "${docroot}/robots.txt":
|
||||
ensure => present,
|
||||
source => 'puppet:///modules/openstack_project/disallow_robots.txt',
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0444',
|
||||
require => File[$docroot],
|
||||
}
|
||||
|
||||
file { '/etc/ssl/certs':
|
||||
ensure => directory,
|
||||
owner => 'root',
|
||||
mode => '0755',
|
||||
}
|
||||
|
||||
file { '/etc/ssl/private':
|
||||
ensure => directory,
|
||||
owner => 'root',
|
||||
mode => '0700',
|
||||
}
|
||||
|
||||
if $ssl_cert_file_contents != '' {
|
||||
file { $ssl_cert_file:
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0640',
|
||||
content => $ssl_cert_file_contents,
|
||||
before => Httpd::Vhost[$vhost_name],
|
||||
}
|
||||
}
|
||||
|
||||
if $ssl_key_file_contents != '' {
|
||||
file { $ssl_key_file:
|
||||
owner => 'root',
|
||||
group => 'ssl-cert',
|
||||
mode => '0640',
|
||||
content => $ssl_key_file_contents,
|
||||
require => Package['ssl-cert'],
|
||||
before => Httpd::Vhost[$vhost_name],
|
||||
}
|
||||
}
|
||||
|
||||
if $ssl_chain_file_contents != '' {
|
||||
file { $ssl_chain_file:
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0640',
|
||||
content => $ssl_chain_file_contents,
|
||||
before => Httpd::Vhost[$vhost_name],
|
||||
}
|
||||
}
|
||||
}
|
65
modules/openstack_project/templates/survey.config.php.erb
Normal file
65
modules/openstack_project/templates/survey.config.php.erb
Normal file
@ -0,0 +1,65 @@
|
||||
<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
|
||||
/*
|
||||
| -------------------------------------------------------------------
|
||||
| DATABASE CONNECTIVITY SETTINGS
|
||||
| -------------------------------------------------------------------
|
||||
| This file will contain the settings needed to access your database.
|
||||
|
|
||||
| For complete instructions please consult the 'Database Connection'
|
||||
| page of the User Guide.
|
||||
|
|
||||
| -------------------------------------------------------------------
|
||||
| EXPLANATION OF VARIABLES
|
||||
| -------------------------------------------------------------------
|
||||
|
|
||||
| 'connectionString' Hostname, database, port and database type for
|
||||
| the connection. Driver example: mysql. Currently supported:
|
||||
| mysql, pgsql, mssql, sqlite, oci
|
||||
| 'username' The username used to connect to the database
|
||||
| 'password' The password used to connect to the database
|
||||
| 'tablePrefix' You can add an optional prefix, which will be added
|
||||
| to the table name when using the Active Record class
|
||||
|
|
||||
*/
|
||||
return array(
|
||||
'components' => array(
|
||||
'db' => array(
|
||||
'connectionString' => 'mysql:host=<%= @dbhost %>;port=3306;dbname=limesurvey;',
|
||||
'emulatePrepare' => true,
|
||||
'username' => 'limesurvey',
|
||||
'password' => '<%= @dbpassword %>',
|
||||
'charset' => 'utf8mb4',
|
||||
'tablePrefix' => '',
|
||||
),
|
||||
|
||||
// Uncomment the following line if you need table-based sessions
|
||||
// 'session' => array (
|
||||
// 'class' => 'application.core.web.DbHttpSession',
|
||||
// 'connectionID' => 'db',
|
||||
// 'sessionTableName' => '{{sessions}}',
|
||||
// ),
|
||||
|
||||
'urlManager' => array(
|
||||
'urlFormat' => 'path',
|
||||
'rules' => array(
|
||||
// You can add your own rules here
|
||||
),
|
||||
'showScriptName' => true,
|
||||
),
|
||||
|
||||
),
|
||||
// Use the following config variable to set modified optional settings copied from config-defaults.php
|
||||
'config'=>array(
|
||||
// debug: Set this to 1 if you are looking for errors. If you still get no errors after enabling this
|
||||
// then please check your error-logs - either in your hosting provider admin panel or in some /logs directory
|
||||
// on your webspace.
|
||||
// LimeSurvey developers: Set this to 2 to additionally display STRICT PHP error messages and get full access to standard templates
|
||||
'debug'=>0,
|
||||
'debugsql'=>0, // Set this to 1 to enanble sql logging, only active when debug = 2
|
||||
// Update default LimeSurvey config here
|
||||
'auth_webserver'=>true,
|
||||
'auth_webserver_autocreate_user'=>true,
|
||||
)
|
||||
);
|
||||
/* End of file config.php */
|
||||
/* Location: ./application/config/config.php */
|
53
modules/openstack_project/templates/survey.vhost.erb
Normal file
53
modules/openstack_project/templates/survey.vhost.erb
Normal file
@ -0,0 +1,53 @@
|
||||
# ************************************
|
||||
# Managed by Puppet
|
||||
# ************************************
|
||||
|
||||
<VirtualHost <%= @vhost_name %>:80>
|
||||
ServerName <%= @srvname %>
|
||||
ReWriteEngine On
|
||||
ReWriteRule ^/(.*) https://<%= @srvname %>/$1 [last,redirect=permanent]
|
||||
LogLevel warn
|
||||
ErrorLog /var/log/apache2/<%= @name %>_error.log
|
||||
CustomLog /var/log/apache2/<%= @name %>_access.log combined
|
||||
ServerSignature Off
|
||||
</VirtualHost>
|
||||
|
||||
<VirtualHost <%= @vhost_name %>:<%= @port %>>
|
||||
ServerName <%= @srvname %>
|
||||
|
||||
DocumentRoot <%= @docroot %>
|
||||
<Directory <%= @docroot %>>
|
||||
Options <%= @options %>
|
||||
AllowOverride None
|
||||
Order allow,deny
|
||||
allow from all
|
||||
Require all granted
|
||||
</Directory>
|
||||
|
||||
<% if @auth_openid != nil %>
|
||||
<Location /index.php/admin/>
|
||||
AuthType OpenID
|
||||
AuthName "Welcome"
|
||||
AuthOpenIDSecureCookie On
|
||||
AuthOpenIDCookieLifespan 3600
|
||||
AuthOpenIDTrustRoot https://survey01.openstack.org
|
||||
AuthOpenIDServerName https://survey01.openstack.org
|
||||
AuthOpenIDSingleIdP https://openstackid.org
|
||||
AuthOpenIDTrusted ^https://openstackid.org/.*$
|
||||
Require valid-user
|
||||
</Location>
|
||||
<% end %>
|
||||
|
||||
SSLEngine on
|
||||
SSLProtocol ALL -SSLv2 -SSLv3
|
||||
SSLCertificateFile <%= scope.lookupvar("openstack_project::survey::ssl_cert_file") %>
|
||||
SSLCertificateKeyFile <%= scope.lookupvar("openstack_project::survey::ssl_key_file") %>
|
||||
<% if scope.lookupvar("openstack_project::survey::ssl_chain_file") != "" %>
|
||||
SSLCertficateChainFile <%= scope.lookupvar("openstack_project::survey::ssl_chain_file") %>
|
||||
<% end %>
|
||||
|
||||
ErrorLog /var/log/apache2/<%= @name %>_error.log
|
||||
LogLevel warn
|
||||
CustomLog /var/log/apache2/<%= @name %>_access.log combined
|
||||
ServerSignature Off
|
||||
</VirtualHost>
|
Loading…
Reference in New Issue
Block a user