First pass at parameterizing secret infos.

Change-Id: Iee56a7e65be51ebf19a61eefd60cc93de6a764bf
2012-07-19 17:17:29 -07:00 · 2012-07-19 17:17:29 -07:00 · 60146e4fc4
parent 2437144192
commit 60146e4fc4
9 changed files with 97 additions and 17 deletions
--- a/manifests/init.pp
+++ b/manifests/init.pp
@ -87,11 +87,6 @@ define buildsource(
 # include etherpad_lite::nginx # will add reverse proxy on localhost
 # The defaults for all the classes should just work (tm)
 #
-# You will need to have a file at
-# /root/secret-files/etherpad-lite_settings.json on the host that is puppet
-# master or running puppet apply. This file should contain the settings for
-# etherpad-lite. A template for that settings file can be found at:
-# https://raw.github.com/Pita/etherpad-lite/master/settings.json.template
 #
 class etherpad_lite (
  $ep_user          = 'eplite',
--- a/manifests/mysql.pp
+++ b/manifests/mysql.pp
@ -1,4 +1,9 @@
-class etherpad_lite::mysql {
+class etherpad_lite::mysql (
+  $dbType = 'mysql',
+  $database_user = 'eplite',
+  $database_name = 'etherpad-lite',
+  $database_password
+) {

  include etherpad_lite

@ -18,20 +23,42 @@ class etherpad_lite::mysql {
                   Package['mysql-client']]
  }

+  file { "${etherpad_lite::base_install_dir}/etherpad-lite/create_database.sh":
+    ensure  => 'present',
+    content => template('etherpad_lite/create_database.sh.erb'),
+    replace => true,
+    owner   => $etherpad_lite::ep_user,
+    group   => $etherpad_lite::ep_user,
+    mode    => 0755,
+    require => Class['etherpad_lite']
+  }
+
+  file { "${etherpad_lite::base_install_dir}/etherpad-lite/create_user.sh":
+    ensure  => 'present',
+    content => template('etherpad_lite/create_user.sh.erb'),
+    replace => true,
+    owner   => $etherpad_lite::ep_user,
+    group   => $etherpad_lite::ep_user,
+    mode    => 0755,
+    require => Class['etherpad_lite']
+  }
+
  exec { "create-etherpad-lite-db":
-    unless  => 'mysql --defaults-file=/etc/mysql/debian.cnf etherpad-lite',
+    unless  => "mysql --defaults-file=/etc/mysql/debian.cnf ${database_name}",
    path    => ['/bin', '/usr/bin'],
-    command => "mysql --defaults-file=/etc/mysql/debian.cnf -e \"create database \`etherpad-lite\` CHARACTER SET utf8 COLLATE utf8_bin;\"",
+    command => "${etherpad_lite::base_install_dir}/etherpad-lite/create_database.sh",
    require => [Service['mysql'],
-                File["${etherpad_lite::base_install_dir}/etherpad-lite/settings.json"]]
+                File["${etherpad_lite::base_install_dir}/etherpad-lite/settings.json"],
+                File["${etherpad_lite::base_install_dir}/etherpad-lite/create_database.sh"]]
  } ->

  exec { "grant-etherpad-lite-db":
-    unless  => "mysql -ueplite -p\"`grep password ${etherpad_lite::base_install_dir}/etherpad-lite/settings.json | cut -d: -f2 | sed -e 's/.*\"\(.*\)\".*/\1/'`\" etherpad-lite",
+    unless  => "mysql -u${database_user} -p${database_password} ${database_name}",
    path    => ['/bin', '/usr/bin'],
-    command => "mysql --defaults-file=/etc/mysql/debian.cnf -e \"grant all on \`etherpad-lite\`.* to 'eplite'@'localhost' identified by '`grep password ${etherpad_lite::base_install_dir}/etherpad-lite/settings.json | cut -d: -f2 | sed -e 's/.*\"\(.*\)\".*/\1/'`';\" mysql",
+    command => "${etherpad_lite::base_install_dir}/etherpad-lite/create_user.sh",
    require => [Service['mysql'],
-                File["${etherpad_lite::base_install_dir}/etherpad-lite/settings.json"]]
+                File["${etherpad_lite::base_install_dir}/etherpad-lite/settings.json"],
+                File["${etherpad_lite::base_install_dir}/etherpad-lite/create_user.sh"]]
  }

 }
--- a/manifests/nginx.pp
+++ b/manifests/nginx.pp
@ -1,6 +1,6 @@
 class etherpad_lite::nginx (
  $default_server = 'default_server',
-  $server_name    = 'localhost'
+  $server_name    = $fqdn
 ) {

  package { 'nginx':
@ -38,7 +38,7 @@ class etherpad_lite::nginx (
    replace => true,
    owner   => 'root',
    mode    => 0600,
-    source  => 'file:///root/secret-files/eplite.crt',
+    content => template('etherpad_lite/eplite.crt.erb'),
    require => Package['nginx'],
  }

@ -47,7 +47,7 @@ class etherpad_lite::nginx (
    replace => true,
    owner   => 'root',
    mode    => 0600,
-    source  => 'file:///root/secret-files/eplite.key',
+    content => template('etherpad_lite/eplite.key.erb'),
    require => Package['nginx'],
  }

--- a/manifests/site.pp
+++ b/manifests/site.pp
@ -1,5 +1,8 @@
 class etherpad_lite::site (
-  $dbType = 'mysql'
+  $dbType = 'mysql',
+  $database_user = 'eplite',
+  $database_name = 'etherpad-lite',
+  $database_password,
 ) {

  include etherpad_lite
@ -22,7 +25,7 @@ class etherpad_lite::site (

  file { "${etherpad_lite::base_install_dir}/etherpad-lite/settings.json":
    ensure  => 'present',
-    source  => 'file:///root/secret-files/etherpad-lite_settings.json',
+    content => template('etherpad_lite/etherpad-lite_settings.json.erb'),
    replace => true,
    owner   => $etherpad_lite::ep_user,
    group   => $etherpad_lite::ep_user,
--- a/templates/create_database.sh.erb
+++ b/templates/create_database.sh.erb
@ -0,0 +1,3 @@
+#!/bin/bash
+
+mysql --defaults-file=/etc/mysql/debian.cnf -e 'create database `<%= database_name %>` CHARACTER SET utf8 COLLATE utf8_bin'
--- a/templates/create_user.sh.erb
+++ b/templates/create_user.sh.erb
@ -0,0 +1,3 @@
+#!/bin/bash
+
+mysql --defaults-file=/etc/mysql/debian.cnf -e 'grant all on `<%= database_name %>`.* to "<%= database_user %>"@"localhost" identified by "<%= database_password %>";'
--- a/templates/eplite.crt.erb
+++ b/templates/eplite.crt.erb
@ -0,0 +1 @@
+<%= cert_file %>
--- a/templates/eplite.key.erb
+++ b/templates/eplite.key.erb
@ -0,0 +1 @@
+<%= key_file %>
--- a/templates/etherpad-lite_settings.json.erb
+++ b/templates/etherpad-lite_settings.json.erb
@ -0,0 +1,47 @@
+/*
+  This file must be valid JSON. But comments are allowed
+
+  Please edit settings.json, not settings.json.template
+*/
+{
+  //Ip and port which etherpad should bind at
+  "ip": "127.0.0.1",
+  "port" : 9001,
+
+  //The Type of the database. You can choose between dirty, sqlite and mysql
+  //You should use mysql or sqlite for anything else than testing or development
+  "dbType" : "<%= dbType %>",
+  //the database specific settings
+  "dbSettings" : {
+                   "user"    : "<%= database_user %>",
+                   "host"    : "localhost",
+                   "password": "<%= database_password %>",
+                   "database": "<%= database_name %>"
+                 },
+  //the default text of a pad
+  "defaultPadText" : "Welcome to Etherpad Lite!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nEtherpad Lite on Github: http:\/\/j.mp/ep-lite\n",
+
+  /* Users must have a session to access pads. This effectively allows only group pads to be accessed. */
+  "requireSession" : false,
+
+  /* Users may edit pads but not create new ones. Pad creation is only via the API. This applies both to group pads and regular pads. */
+  "editOnly" : false,
+
+  /* if true, all css & js will be minified before sending to the client. This will improve the loading performance massivly,
+     but makes it impossible to debug the javascript/css */
+  "minify" : true,
+
+  /* How long may clients use served javascript code? Without versioning this
+    is may cause problems during deployment. */
+  "maxAge" : 21600000, // 6 hours
+
+  /* This is the path to the Abiword executable. Setting it to null, disables abiword.
+     Abiword is needed to enable the import/export of pads*/
+  "abiword" : "/usr/bin/abiword",
+
+  /* This setting is used if you need http basic auth */
+  // "httpAuth" : "user:pass",
+
+  /* The log level we are using, can be: DEBUG, INFO, WARN, ERROR */
+  "loglevel": "INFO"
+}