opendev/system-config
Code Issues Proposed changes
97ce5f0f5d
system-config/modules/cgit/manifests/init.pp
Clark Boylan f22f8f5aa1 Split git.o.o haproxy out of cgit module. 
* manifests/site.pp: Use distinct manifests for git.o.o and git.o.o
backends. This allows for the haproxy server to not serve git content
and purely be a load balancer.

* modules/cgit/manifests/init.pp: Remove haproxy from cgit module.
Remove stale xinetd cleanup. Select git daemon port when selecting
HTTP(S) ports.

* modules/openstack_project/manifests/git.pp: Make git.pp a manifest to
load balance git servers with haproxy.

* modules/openstack_project/manifests/git_backend.pp: New manifest to
manage servers that actually serve git content. They sit behind a load
balancer.

* modules/openstack_project/manifests/review.pp: Stop replicating repos
to git load balancer.

Change-Id: I343a0d1e0a7b93874c2e2299ed974a3304957efb
2013-08-26 12:05:26 -07:00

206 lines
5.0 KiB
Puppet
Raw Blame History

# Copyright 2013 Hewlett-Packard Development Company, L.P.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# Class: cgit
#
class cgit(
$vhost_name = $::fqdn,
$serveradmin = "webmaster@${::fqdn}",
$cgitdir = '/var/www/cgit',
$staticfiles = '/var/www/cgit/static',
$ssl_cert_file = '',
$ssl_key_file = '',
$ssl_chain_file = '',
$ssl_cert_file_contents = '', # If left empty puppet will not create file.
$ssl_key_file_contents = '', # If left empty puppet will not create file.
$ssl_chain_file_contents = '', # If left empty puppet will not create file.
$behind_proxy = false,
) {
include apache
package { [
'cgit',
'git-daemon',
'socat',
]:
ensure => present,
}
user { 'cgit':
ensure => present,
home => '/home/cgit',
shell => '/bin/bash',
gid => 'cgit',
managehome => true,
require => Group['cgit'],
}
group { 'cgit':
ensure => present,
}
file {'/home/cgit':
ensure => directory,
owner => 'cgit',
group => 'cgit',
mode => '0755',
require => User['cgit'],
}
file { '/var/lib/git':
ensure => directory,
owner => 'cgit',
group => 'cgit',
mode => '0644',
require => User['cgit'],
}
exec { 'restorecon -R -v /var/lib/git':
path => '/sbin',
require => File['/var/lib/git'],
subscribe => File['/var/lib/git'],
refreshonly => true,
}
selboolean { 'httpd_enable_cgi':
persistent => true,
value => on
}
package { 'policycoreutils-python':
ensure => present,
}
if $behind_proxy == true {
$http_port = 8080
$https_port = 4443
$daemon_port = 29418
}
else {
$http_port = 80
$https_port = 443
$daemon_port = 9418
}
exec { 'cgit_allow_http_port':
# If we cannot add the rule modify the existing rule.
onlyif => "bash -c \'! semanage port -a -t http_port_t -p tcp ${http_port}\'",
command => "semanage port -m -t http_port_t -p tcp ${http_port}",
path => '/bin:/usr/sbin',
before => Service['httpd'],
require => Package['policycoreutils-python'],
subscribe => File['/etc/httpd/conf/httpd.conf'],
refreshonly => true,
}
exec { 'cgit_allow_https_port':
# If we cannot add the rule modify the existing rule.
onlyif => "bash -c \'! semanage port -a -t http_port_t -p tcp ${https_port}\'",
command => "semanage port -m -t http_port_t -p tcp ${https_port}",
path => '/bin:/usr/sbin',
require => Package['policycoreutils-python'],
subscribe => File['/etc/httpd/conf.d/ssl.conf'],
refreshonly => true,
}
apache::vhost { $vhost_name:
port => $https_port,
docroot => 'MEANINGLESS ARGUMENT',
priority => '50',
template => 'cgit/git.vhost.erb',
ssl => true,
require => [
File[$staticfiles],
Package['cgit'],
],
}
file { '/etc/httpd/conf/httpd.conf':
ensure => present,
owner => 'root',
group => 'root',
mode => '0644',
content => template('cgit/httpd.conf.erb'),
require => Package['httpd'],
}
file { '/etc/httpd/conf.d/ssl.conf':
ensure => present,
owner => 'root',
group => 'root',
mode => '0644',
content => template('cgit/ssl.conf.erb'),
require => Package['mod_ssl'],
}
file { $cgitdir:
ensure => directory,
owner => 'root',
group => 'root',
mode => '0755',
}
file { $staticfiles:
ensure => directory,
owner => 'root',
group => 'root',
mode => '0755',
require => File[$cgitdir],
}
file { '/etc/init.d/git-daemon':
ensure => present,
owner => 'root',
group => 'root',
mode => '0755',
content => template('cgit/git-daemon.init.erb'),
}
service { 'git-daemon':
ensure => running,
subscribe => File['/etc/init.d/git-daemon'],
}
if $ssl_cert_file_contents != '' {
file { $ssl_cert_file:
owner => 'root',
group => 'root',
mode => '0640',
content => $ssl_cert_file_contents,
before => Apache::Vhost[$vhost_name],
}
}
if $ssl_key_file_contents != '' {
file { $ssl_key_file:
owner => 'root',
group => 'root',
mode => '0640',
content => $ssl_key_file_contents,
before => Apache::Vhost[$vhost_name],
}
}
if $ssl_chain_file_contents != '' {
file { $ssl_chain_file:
owner => 'root',
group => 'root',
mode => '0640',
content => $ssl_chain_file_contents,
before => Apache::Vhost[$vhost_name],
}
}
}
View Git Blame Copy Permalink