The current code creates a ServerAliases line even if the variable
is nil. Correct that.
Also, fix a missed cgit:: scope reference.
Create distinct log files for each vhost, and also separate out
http/https logs.
Change-Id: Id03c72ece93350b26586490757cd50dd3d791c0d
Centos7 is a bit more opinionated on how git-daemon should run. In
particular with selinux the git_system_t context does not have
permissions to the git_port_t port(s) because systemd is expected to do
socket activation for git-daemon.
Fix this by not fighting systemd and embracing it. Use it for socket
activation with the git-daemon process and potentially add the git
daemon port to git_port_t label if necessary.
Change-Id: Id3fadfa74261649d158f4f31879f74f83d5856a8
This patch takes the original which was reverted and
adds mod_version which is needed to parse IfVersion if
on a Debian system.
When using puppet-cgit under CentOS 7, apache
fails because the config file is not working
in Apache 2.4 version.
Also, as CentOS 7 is starting apache on systemd,
it needs to load the systemd apache config under
conf.modules.d.
Original Patch: I7e0d51ee176c4f27721c16afeaae120eb8edf7ab
Change-Id: If3acc672ccd85b5704a2120379b60cb95528b7f7
Co-Authored-By: Yolanda Robla <yolanda.robla-mota@hp.com>
Co-Authored-By: Nicola Heald <nicola.heald@hp.com>
In anticipation of puppet 4, start trying to deal with puppet 4 things
that can be helpfully predicted by puppet lint plugins. This patch also
corrects lint errors caught by the puppet-lint-absolute_classname-check
and puppet-lint-empty_string-check gems as well as arrow alignment
which wasn't being caught under the system version of puppet-lint.
Change-Id: I7b9efb0fce3b59d611aa9aaaf6899bc6e6cc62b0
Refering to manifest variables via method calls has been deprecated for
some time and breaks in puppet 4. This patch changes the remaining
variable references in templates to use ruby instance variables.
Change-Id: Ib8265da9699f9f34b4a3185930c9dbfe8fe44733
Class to configure ssh access to git repositories.
Co-Authored-By: K Jonathan Harker <k.jonathan.harker@hp.com>
Change-Id: I9bc857251b6ce119c6b6d6c9323f882327281466
For a while we have been having trouble cloning nova from git.o.o,
particularly during busy times of the day or if we have a job that
needs to clone it multiple times across workers (turbo-hipster for
example).
After investigating the tcpdumps it appears to be because the
origin sends a RST during the git pack headers which regularly
takes more than 60 seconds now.
Co-Authored-By: Angus Lees <gus@inodes.org>
Change-Id: Id1078dfaed2a8e17ec086e13b53df51cb59d480c
When using puppet-cgit under CentOS 7, apache
fails because the config file is not working
in Apache 2.4 version.
Also, as CentOS 7 is starting apache on systemd,
it needs to load the systemd apache config under
conf.modules.d.
Co-Authored-By: Nicola Heald <nicola.heald@hp.com>
Change-Id: I7e0d51ee176c4f27721c16afeaae120eb8edf7ab
In same way as other config files, add a sane
default list, and allow manifest to override that
list, to configure cgitrc from the manifest.
Change-Id: I5c8ef0e7036c4b7a33aa12dc502c048af0499dda
For fine-tuning git, add the ability to configure
settings per prefork and mpm cases.
Co-Authored-By: Nikki Heald <nicky@notnowlewis.com>
Change-Id: I34e66f90b4e9b9156f6ce845642048da04841c6f
Under certain situations it can be good to force
a higher timeout for git vhost. Add the possibility
to send that parameter on the manifest, and ignore
if no timeout is set.
Change-Id: Ib74b5b5182e583dd7fa586f244174e41681636c8
It turns out that specifying the ciphers we want to use leads to
breakage. So instead we'll explicitly tell Apache which ciphers
we don't want to use.
Change-Id: I0f8211533495a6a4340c01dadb8069ccf9be429c
The poodle SSLv3 vulnerability is a good reason to stop using SSLv3.
Switch to TLS everywhere in our apache vhost configs.
Change-Id: If7b18174253b6f185e029f97bfa77d8ad4941385
Allow for specifying ServerAlias entries in the apache
vhost for the cgit puppet module.
(vhost template section lifted from the puppetlabs-apache v0.0.4
vhost-default template).
Change-Id: If7c297247b9556458154e4d01a1e0165a25a14b5
* install_modules.sh: Add puppetlabs-haproxy forge module.
* modules/cgit/manifests/init.pp: Add haproxy config to load balance
https, https and git protocol git access. Each git server will host git
http on port 8080, https on port 4443 and git protocol on 29418. These
endpoints will then be load balanced by a single haproxy instance
listening on ports 80, 443 and 9418. The use of haproxy and having
services listen on offset ports to accomodate haproxy is toggleable
using the $balance_git and $behind_proxy boolean flags.
Additionally, configure rsyslog for haproxy.
* modules/cgit/files/rsyslog.haproxy.conf: Enable syslog over UDP on
port 514. This is needed by haproxy to perform logging. Send local0
messages to /var/log/haproxy.log.
* modules/cgit/templates/ssl.conf.erb: Make Apache https listen port
configurable. Remove default virtualhost.
* modules/cgit/templates/httpd.conf.erb: Make Apache http listen port
configurable.
* modules/cgit/templates/git.vhost..erb: Make Apache http(s) listen
ports configuruable. Allow http without redirecting to https as a
fallback option to accomodate CentOS clients.
* modules/openstack_project/manifests/git.pp: Pass load balancer
variables through to the cgit manifest.
* manifests/site.pp: Configure git.o.o to run the load balancer haproxy
and balance across the new gitXX.o.o nodes.
Change-Id: Icefc5923cff9a7c6ce62c1923ec2ea87ebc6474a
Add git-daemon init file to /etc/init.d and make sure the service
is started.
For transition, keep the git xinetd file and service defined but
switch git service to stopped, we can remove this later.
Change-Id: I0cf02c7292496e39695b80b00cdcb82ec7a61700
Create and define a static directory for cgit to use.
Add initial favicon and logo files and include in cgitrc.
Also include custom CSS and background image.
Change-Id: If1e20d8e62557cc90aafbf92f4291b964400e029
* modules/cgit/templates/git.vhost.erb: Add Apache aliases to the
git-http-backend CGI and static git files where possible. This makes
git clone, pull and fetch HTTPS URLs more consistent with their git
protocol counterparts.
* modules/openstack_project/files/git/cgitrc: Adjust the displayed
HTTPS clone URL in the WebUI to match.
Change-Id: Ibb4fd41191f33b615ed36f78e1951555a1c0dad1
Because of the way we're doing ssl on the centos, the ifmodule
statements evaluate to false. Remove them.
Change-Id: Iad771249c6dc5cf5ede493183f5cebb98c3deb69
The ${APACHE_LOG_DIR} isn't expanding as I had expected on
the CentOS server, updating to default CentOS apache log
directory.
Change-Id: I8fc6ee5084e2ef69be9e888473155c865bdbdfd0
Monty Taylor