This begins the conversion process. We keep the bulk of the nodejs and
apache configuration. Remove mysql and replace with redis and so on.
This is not a complete conversion, future work should include
authenticated redis configuration and systemd support. However, this
should be able to get the service running with a basic set of
features and functionality.
Change-Id: Id10247211d9643e81bb1b6e8fb67377ba6de873a
This needs to be a proper url, also our attempt at looking up the var
was not working, just use the same lookup of vhost_name that is used
elsewhere and known to work.
Change-Id: If906f69688bf4412f50fcfafc05861b957ce42a8
Whether to thwart spam or to make more private pads add support for very
simple auth mechanism using mod_auth_openid.
Change-Id: Ife0daf670a20afde46516c60f877e1da8026758a
Enable the proxy_websocket module.
Correct the ProxyPass directives in use with websockets. The
current versions result in 404 on socket.io.js because they strip
the socket.io component of the path.
Change-Id: I3505b4e9693602ec04baec2487871ce57a6dc7a6
We think Apache may be caching 503 responses (possibly themselves
a result of [1]). Set retry=0 so that we do not cache any failures
and switch to proxypass so that we can set that option.
[1] https://bz.apache.org/bugzilla/show_bug.cgi?id=37770
Change-Id: Ibd1087bc8feb288bfb8f66f4e6de61ebe8414233
Updating the robots.txt in the etherpad vcsrepo makes it hard to manage
that repo properly. Solve this by serving the static robots.txt file
directly from apache rather than via etherpad service. Use a mod_rewrite
since we are already using that to set up the proxying.
Change-Id: Iccccf1ef194060490512e6550c22bdb9d3478ba8
This change allows Apache servers with mod_proxy_wstunnel enabled
to pass thru Websocket connections to Etherpad, providing the
browser supports that.
Change-Id: I4f595f456e0d280c6f05958a36552213dd6cf1e2
According to https://wiki.apache.org/httpd/CommonMisconfigurations
is is wrong to specify server name in opening tag. ServerName
should be used instead.
Indentations also fixed in some files.
Change-Id: Id9d20a672103221efa01be61a174b62706036e57
It turns out that specifying the ciphers we want to use leads to
breakage. So instead we'll explicitly tell Apache which ciphers
we don't want to use.
Change-Id: I0f8211533495a6a4340c01dadb8069ccf9be429c
The poodle SSLv3 vulnerability is a good reason to stop using SSLv3.
Switch to TLS everywhere in our apache vhost configs.
Change-Id: If7b18174253b6f185e029f97bfa77d8ad4941385
* manifests/site.pp: Pass new mysql DB variables to
openstack::etherpad*.
* modules/etherpad_lite/manifests/apache.pp: Fix broken /etc/ssl/certs
permissions (0700 -> 0755).
* modules/etherpad_lite/manifests/init.pp: Update default nodejs and
etherpad versions. Remove ep_headings plugin install. New plugin define
should be used for this instead. Stop making the etherpad-lite ref to
checkout optional (defaults to develop). Note these changes are probably
not going to be backward compat.
* modules/etherpad_lite/manifests/plugin.pp: Define to install etherpad
lite plugins.
* modules/etherpad_lite/manifests/site.pp: Simplify DB support and
remove support for the dirty DB type.
* modules/etherpad_lite/templates/etherpad-lite_settings.json.erb: Bring
settings erb up to par with latest template.
* modules/etherpad_lite/templates/etherpadlite.vhost.erb: Update rewrite
rules for new etherpad. Instead of allowing nice pad urls rooted at /
redirect these url to /p/padname. Etherpad does not deal well with a
change in root path as /p/ is hardcoded in many places.
* modules/openstack_project/manifests/etherpad.pp
* modules/openstack_project/manifests/etherpad_dev.pp:
Update to use new etherpad module setup. MySQL DBs are now externally
managed, pass in needed connection info.
* modules/mysql_backup/manifests/backup_remote.pp: New define to backup
remote DB servers.
* modules/mysql_backup/templates/my.cnf.erb: Template for a my.cnf to be
used by the cron in backup_remote.pp. Allows for easy connectivity from
server using MySQL DB as root.
Change-Id: I1250297674b91e81d59cd28c07c52e09967ca548
As copied from jenkins. Both old and new names for the
cert contents are in hiera.
Change-Id: Ic6d8258479c260ac37346c49c1ecde8339c96a37
Reviewed-on: https://review.openstack.org/14432
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Approved: James E. Blair <corvus@inaugust.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
Also, actually redirect on incorrect hostnames.
Change-Id: I4e0981e45ed119eff02027e90a6a983ddeb6138b
Reviewed-on: https://review.openstack.org/14420
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: Paul Belanger <paul.belanger@polybeacon.com>
Approved: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins