opendev
/
puppet-openstackid
Code Issues Proposed changes

Clean up puppet (deploy LAMP / setup app config) 

Implements: blueprint openid-oauth2-infra-implementation-puppet-script

Prepares a raw server with all software stack needed to run
openstackid project:

* installs PHP
* installs Apache
* installs Redis Server
* creates a initial environment configuration for laravel application
  (using *.erb templates)

Change-Id: If6216da0d70a45609076e8111a67055dbc87c9e4
This commit is contained in:
smarcet 2014-01-28 13:03:39 -03:00 committed by Sebastian Marcet
parent e7e07ad1f5
commit 0c6631eeb7
10 changed files with 459 additions and 171 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
files/deploy.sh Normal file
View File

@ -0,0 +1,39 @@
#!/bin/bash -e
#
# Site deployment tool
#
# Commands:
# init @sitealias http://example.com/source.tar.gz
# status @sitealias
# update @sitelias http://example.com/source.tar.gz
# rollback @sitealias
#
#
TOP_DIR=$(cd $(dirname "$0") && pwd)
source $TOP_DIR/functions
if [ ! -r $TOP_DIR/deployrc ]; then
echo "ERROR: missing deployrc - did you grab more than just deploy.sh?"
exit 1
fi
source $TOP_DIR/deployrc
command="${1}"
case $command in
init)
site_init ${2}
;;
status)
site_status ${2}
;;
update)
site_update ${2}
;;
*)
print_help
exit 1
;;
esac

8
files/deployrc Normal file
View File

@ -0,0 +1,8 @@
CONF_DIR=$TOP_DIR
FILE_OWNER=root
FILE_GROUP=www-data
# allow local overrides of env variables
if [ -f $TOP_DIR/localrc ]; then
. $TOP_DIR/localrc
fi

150
files/functions Normal file
View File

@ -0,0 +1,150 @@
function print_help() {
echo "Usage: `basename $0` command [options]"
echo ""
echo "Commands:"
echo " status [site] return status information about site configurations"
echo " init <site> initialize site structure"
echo " update <site> update to new version"
echo ""
}
function site_init() {
if [ ! $1 ]; then
echo "ERROR: site parameter mandatory"
exit 1
fi
CONF_PATH="$CONF_DIR/conf.d/$1.conf"
if [ ! -f $CONF_PATH ]; then
echo "Site configuration not found: " $1
exit 1
fi
source $CONF_PATH
if [ -f "$SITE_ROOT/w/public/index.php" ]; then
echo "Cannot override an existing deployment: $SITE_ROOT/w"
exit 1
fi
# cleanup previous broken deployment
rm -rf $SITE_ROOT/slot0
# create directory structure
for dir in slot0 slot1; do
mkdir -p $SITE_ROOT/$dir
chown $FILE_OWNER:$FILE_GROUP $SITE_ROOT/$dir
done
target_dir="$SITE_ROOT/slot0"
# fetch and extract release tarball
umask 0027
if [[ $SOURCE_TARBALL == http* ]]; then
echo "Download from http!"
curl $SOURCE_TARBALL | tar -xzv -C $target_dir --strip-components 1 --no-same-permissions
else
echo "extract from local file system"
if [ ! -f $SOURCE_TARBALL ]; then
echo "Source tarball not found: $SOURCE_TARBALL"
exit 1
fi
tar -xzvf $SOURCE_TARBALL -C $target_dir --strip-components 1 --no-same-permissions
fi
chown -R $FILE_OWNER:$FILE_GROUP $target_dir
umask 0022
# link configuration files managed by puppet
ln -s /etc/openstackid/environment.php $target_dir/bootstrap/environment.php
ln -s /etc/openstackid/recaptcha.php $target_dir/app/config/packages/greggilbert/recaptcha/$LARAVEL_ENV/config.php
ln -s /etc/openstackid/database.php $target_dir/app/config/$LARAVEL_ENV/database.php
ln -s /etc/openstackid/log.php $target_dir/app/config/$LARAVEL_ENV/log.php
# convert app/storage into symlink and set permissions
mv $target_dir/app/storage $SITE_ROOT/
chmod 02770 $SITE_ROOT/storage
find $SITE_ROOT/storage/ -type d -exec chmod 0775 {} \;
find $SITE_ROOT/storage/ -type f -exec chmod 0664 {} \;
rm -rf $target_dir/app/storage
ln -s $SITE_ROOT/storage $target_dir/app
# populate application database
cd $target_dir
php artisan migrate --env=$LARAVEL_ENV
php artisan db:seed --env=$LARAVEL_ENV
# activate site
rm -rf $SITE_ROOT/w
ln -s $SITE_ROOT/slot0 $SITE_ROOT/w
}
function site_status() {
if [ ! $1 ]; then
echo "ERROR: site parameter mandatory"
exit 1
fi
CONF_PATH="$CONF_DIR/conf.d/$1.conf"
if [ ! -f $CONF_PATH ]; then
echo "Site configuration not found: $1"
exit 0
fi
source $CONF_PATH
if [ ! -f "$SITE_ROOT/w/public/index.php" ]; then
if [ -d "$SITE_ROOT/slot0" ]; then
echo "PENDING"
else
echo "N/A"
exit 1
fi
else
echo "INSTALLED"
fi
}
function site_update() {
if [ ! $1 ]; then
echo "ERROR: missing site parameter"
exit 1
fi
CONF_PATH="$CONF_DIR/conf.d/$1.conf"
if [ ! -f $CONF_PATH ]; then
echo "Site configuration not found: $1"
exit 0
fi
source $CONF_PATH
SITE_LINK=`readlink -f $SITE_ROOT/w`
ACTIVE_SLOT=`basename $SITE_LINK`
case $ACTIVE_SLOT in
slot0)
TARGET_SLOT='slot1'
;;
slot1)
TARGET_SLOT='slot0'
;;
*)
echo "Invalid active slot"
exit 1
esac
echo "Target slot: $TARGET_SLOT"
target_dir="$SITE_ROOT/$TARGET_SLOT"
rm -rf $target_dir
mkdir $target_dir
# fetch and extract release tarball
umask 0027
if [[ $SOURCE_TARBALL == http* ]]; then
echo "Download from http!"
curl $SOURCE_TARBALL | tar -xzv -C $target_dir --strip-components 1 --no-same-permissions
else
echo "extract from local file system"
if [ ! -f $SOURCE_TARBALL ]; then
echo "Source tarball not found: $SOURCE_TARBALL"
exit 1
fi
tar -xzvf $SOURCE_TARBALL -C $target_dir --strip-components 1 --no-same-permissions
fi
chown -R $FILE_OWNER:$FILE_GROUP $target_dir
umask 0022
# link configuration files managed by puppet
ln -s /etc/openstackid/environment.php $target_dir/bootstrap/environment.php
ln -s /etc/openstackid/recaptcha.php $target_dir/app/config/packages/greggilbert/recaptcha/$LARAVEL_ENV/config.php
ln -s /etc/openstackid/database.php $target_dir/app/config/$LARAVEL_ENV/database.php
ln -s /etc/openstackid/log.php $target_dir/app/config/$LARAVEL_ENV/log.php
# link shared app/storage directory
rm -rf $target_dir/app/storage
ln -s $SITE_ROOT/storage $target_dir/app
# populate application database
cd $target_dir
php artisan migrate --env=$LARAVEL_ENV
# activate site
rm -rf $SITE_ROOT/w
ln -s $target_dir $SITE_ROOT/w
}

53
manifests/deploy.pp Normal file
View File

@ -0,0 +1,53 @@
# Copyright 2013 OpenStack Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Define: deploy
#
# deployment tool for laravel framework/php site management
#
define openstackid::deploy (
) {
$deploy_dirs = [ '/opt/deploy', '/opt/deploy/conf.d' ]
file { $deploy_dirs:
ensure => directory,
owner => 'root',
group => 'root',
mode => '0755',
}
file { '/opt/deploy/deploy.sh':
source => 'puppet:///modules/openstackid/deploy.sh',
owner => 'root',
group => 'root',
mode => '0755',
require => File[$deploy_dirs],
}
file { '/opt/deploy/functions':
source => 'puppet:///modules/openstackid/functions',
owner => 'root',
group => 'root',
mode => '0644',
require => File[$deploy_dirs],
}
file { '/opt/deploy/deployrc':
source => 'puppet:///modules/openstackid/deployrc',
owner => 'root',
group => 'root',
mode => '0644',
require => File[$deploy_dirs],
}
}

148
manifests/init.pp
View File

@ -19,13 +19,17 @@
class openstackid (
$git_source_repo = 'https://git.openstack.org/openstack-infra/openstackid',
$site_admin_password = '',
$mysql_host = '',
$mysql_user = '',
$mysql_password = '',
$id_mysql_host = '',
$id_mysql_user = '',
$id_mysql_password = '',
$id_db_name = '',
$ss_mysql_host = '',
$ss_mysql_user = '',
$ss_mysql_password = '',
$ss_db_name = '',
$redis_port = '',
$redis_host = '',
$redis_password = '',
$vhost_name = $::fqdn,
$robots_txt_source = '',
$serveradmin = "webmaster@${::fqdn}",
@ -37,29 +41,26 @@ class openstackid (
$ssl_key_file_contents = '', # If left empty puppet will not create file.
$ssl_chain_file_contents = '', # If left empty puppet will not create file.
$httpd_acceptorthreads = '',
$id_log_error_to_email = '',
$id_log_error_from_email = '',
$id_environment = 'dev',
$id_hostname = $::fqdn,
$id_recaptcha_public_key = '',
$id_recaptcha_private_key = '',
$id_recaptcha_template = '',
) {
vcsrepo { '/opt/openstackid':
ensure => latest,
provider => git,
revision => 'master',
source => $git_source_repo,
}
# we need PHP 5.4 or greather
include apt
apt::ppa { 'ppa:ondrej/php5-oldstable': }
# php packages needed for openid server
package {
[
$php5_packages = [
'php5-common',
'php5-curl',
'php5-cli',
'php5-json',
'php5-mcrypt',
'php5-mysql',
]:
]
package { $php5_packages:
require => Exec[apt_update],
}
@ -87,60 +88,54 @@ class openstackid (
ensure => present,
content => template('openstackid/database.php.erb'),
owner => 'root',
group => 'openstackid',
group => 'www-data',
mode => '0640',
require => [
File['/etc/openstackid'],
Group['openstackid'],
]
}
file { '/srv/openstackid':
ensure => directory,
owner => 'root',
group => 'root',
mode => '0755',
file { '/etc/openstackid/log.php':
ensure => present,
content => template('openstackid/log.php.erb'),
owner => 'root',
group => 'www-data',
mode => '0640',
require => [
File['/etc/openstackid'],
]
}
file { '/srv/openstackid/app':
file { '/etc/openstackid/environment.php':
ensure => present,
content => template('openstackid/environment.php.erb'),
owner => 'root',
group => 'www-data',
mode => '0640',
require => [
File['/etc/openstackid'],
]
}
file { '/etc/openstackid/recaptcha.php':
ensure => present,
content => template('openstackid/recaptcha.php.erb'),
owner => 'root',
group => 'www-data',
mode => '0640',
require => [
File['/etc/openstackid'],
]
}
$docroot_dirs = [ '/srv/openstackid', '/srv/openstackid/w',
'/srv/openstackid/w/public']
file { $docroot_dirs:
ensure => directory,
owner => 'root',
group => 'root',
mode => '0755',
require => File['/srv/openstackid'],
}
file { '/srv/openstackid/app/config':
ensure => directory,
owner => 'root',
group => 'root',
mode => '0755',
require => File['/srv/openstackid/app'],
}
file { '/srv/openstackid/app/config/dev':
ensure => directory,
owner => 'root',
group => 'root',
mode => '0755',
require => File['/srv/openstackid/app/config'],
}
file { '/srv/openstackid/app/config/dev/database.php':
ensure => link,
target => '/etc/openstackid/database.php',
require => [
File['/srv/openstackid/app/config/dev'],
File['/etc/openstackid/database.php'],
],
}
file { '/srv/openstackid/public':
ensure => directory,
owner => 'root',
group => 'root',
mode => '0755',
require => File['/srv/openstackid'],
}
include apache
@ -148,11 +143,11 @@ class openstackid (
include apache::php
apache::vhost { $vhost_name:
port => 443,
docroot => '/srv/openstackid/public',
docroot => '/srv/openstackid/w/public',
priority => '50',
template => 'openstackid/vhost.erb',
ssl => true,
require => File['/srv/openstackid/public'],
require => File[$docroot_dirs],
}
a2mod { 'rewrite':
ensure => present,
@ -194,14 +189,29 @@ class openstackid (
}
}
if $robots_txt_source != '' {
file { '/srv/openstackid/public/robots.txt':
owner => 'root',
group => 'root',
mode => '0644',
source => $robots_txt_source,
require => File['/srv/openstackid/public'],
}
deploy { 'deploytool':
}
file { '/opt/deploy/conf.d/openstackid.conf':
content => template('openstackid/openstackid.conf.erb'),
owner => 'root',
group => 'root',
mode => '0644',
require => Deploy['deploytool'],
}
exec { 'deploy-site':
path => '/usr/bin:/bin:/usr/local/bin',
command => '/opt/deploy/deploy.sh init openstackid',
onlyif => '/opt/deploy/deploy.sh status openstackid | grep N/A',
logoutput => on_failure,
require => [
File['/opt/deploy/conf.d/openstackid.conf'],
Apache::Vhost[$vhost_name],
File['/etc/openstackid/recaptcha.php'],
File['/etc/openstackid/database.php'],
File['/etc/openstackid/log.php'],
Package[$php5_packages] ],
}
}

191
templates/database.php.erb
View File

@ -1,107 +1,94 @@
<?php
return array(
/*
|--------------------------------------------------------------------------
| PDO Fetch Style
|--------------------------------------------------------------------------
|
| By default, database results will be returned as instances of the PHP
| stdClass object; however, you may desire to retrieve records in an
| array format for simplicity. Here you can tweak the fetch style.
|
*/
'fetch' => PDO::FETCH_CLASS,
/*
|--------------------------------------------------------------------------
| Default Database Connection Name
|--------------------------------------------------------------------------
|
| Here you may specify which of the database connections below you wish
| to use as your default connection for all database work. Of course
| you may use many connections at once using the Database library.
|
*/
'default' => 'mysql',
/*
|--------------------------------------------------------------------------
| Database Connections
|--------------------------------------------------------------------------
|
| Here are each of the database connections setup for your application.
| Of course, examples of configuring each database platform that is
| supported by Laravel is shown below to make development simple.
|
|
| All database work in Laravel is done through the PHP PDO facilities
| so make sure you have the driver for your particular database of
| choice installed on your machine before you begin development.
|
*/
'connections' => array(
/* OpenID IDP database */
'mysql' => array(
'driver' => 'mysql',
'host' => '<%= mysql_host %>',
'database' => '<%= id_db_name %>',
'username' => '<%= mysql_user %>',
'password' => '<%= mysql_password %>',
'charset' => 'utf8',
'collation' => 'utf8_unicode_ci',
'prefix' => '',
),
/* Silverstripe database */
'mysql_external' => array(
'driver' => 'mysql',
'host' => '<%= mysql_host %>',
'database' => '<%= ss_db_name %>',
'username' => '<%= mysql_user %>',
'password' => '<%= mysql_password %>',
'charset' => 'utf8',
'collation' => 'utf8_unicode_ci',
'prefix' => '',
),
/*
|--------------------------------------------------------------------------
| PDO Fetch Style
|--------------------------------------------------------------------------
|
| By default, database results will be returned as instances of the PHP
| stdClass object; however, you may desire to retrieve records in an
| array format for simplicity. Here you can tweak the fetch style.
|
*/
'fetch' => PDO::FETCH_CLASS,
/*
|--------------------------------------------------------------------------
| Default Database Connection Name
|--------------------------------------------------------------------------
|
| Here you may specify which of the database connections below you wish
| to use as your default connection for all database work. Of course
| you may use many connections at once using the Database library.
|
*/
'default' => 'openstackid',
/*
|--------------------------------------------------------------------------
| Database Connections
|--------------------------------------------------------------------------
|
| Here are each of the database connections setup for your application.
| Of course, examples of configuring each database platform that is
| supported by Laravel is shown below to make development simple.
|
|
| All database work in Laravel is done through the PHP PDO facilities
| so make sure you have the driver for your particular database of
| choice installed on your machine before you begin development.
|
*/
'connections' => array(
//primary DB
'openstackid' => array(
'driver' => 'mysql',
'host' => '<%= id_mysql_host %>',
'database' => '<%= id_db_name %>',
'username' => '<%= id_mysql_user %>',
'password' => '<%= id_mysql_password %>',
'charset' => 'utf8',
'collation' => 'utf8_unicode_ci',
'prefix' => '',
),
//secondary DB (OS Membership)
'os_members' => array(
'driver' => 'mysql',
'host' => '<%= ss_mysql_host %>',
'database' => '<%= ss_db_name %>',
'username' => '<%= ss_mysql_user %>',
'password' => '<%= ss_mysql_password %>',
'charset' => 'utf8',
'collation' => 'utf8_unicode_ci',
'prefix' => '',
),
/*
|--------------------------------------------------------------------------
| Migration Repository Table
|--------------------------------------------------------------------------
|
| This table keeps track of all the migrations that have already run for
| your application. Using this information, we can determine which of
| the migrations on disk have not actually be run in the databases.
|
*/
'migrations' => 'migrations',
/*
|--------------------------------------------------------------------------
| Redis Databases
|--------------------------------------------------------------------------
|
| Redis is an open source, fast, and advanced key-value store that also
| provides a richer set of commands than a typical key-value systems
| such as APC or Memcached. Laravel makes it easy to dig right in.
|
*/
'redis' => array(
'cluster' => true,
'default' => array(
'host' => '<%= redis_host %>',
'port' => <%= redis_port %>,
),
),
/*
|--------------------------------------------------------------------------
| Migration Repository Table
|--------------------------------------------------------------------------
|
| This table keeps track of all the migrations that have already run for
| your application. Using this information, we can determine which of
| the migrations on disk have not actually be run in the databases.
|
*/
'migrations' => 'migrations',
/*
|--------------------------------------------------------------------------
| Redis Databases
|--------------------------------------------------------------------------
|
| Redis is an open source, fast, and advanced key-value store that also
| provides a richer set of commands than a typical key-value systems
| such as APC or Memcached. Laravel makes it easy to dig right in.
|
*/
'redis' => array(
'cluster' => false,
'default' => array(
'host' => '<%= redis_host %>',
'port' => <%= redis_port %>,
'database' => 0,
'password' => '<%= redis_password %>'
),
),
);

6
templates/environment.php.erb Normal file
View File

@ -0,0 +1,6 @@
<?php
$env = $app->detectEnvironment(array(
'<%= id_environment %>' => array('<%= id_hostname %>')
));

10
templates/log.php.erb Normal file
View File

@ -0,0 +1,10 @@
<?php
return array(
/**
* EMAIL ERROR LOG CONFIGURATION
*/
//The receiver of the mail
'to_email' => '<%= id_log_error_to_email %>',
//The sender of the mail
'from_email' => '<%= id_log_error_from_email %>'
);

3
templates/openstackid.conf.erb Normal file
View File

@ -0,0 +1,3 @@
SITE_ROOT=/srv/openstackid
SOURCE_TARBALL=http://tarballs.openstack.org/openstackid/openstackid-latest.tar.gz
LARAVEL_ENV=dev

22
templates/recaptcha.php.erb Normal file
View File

@ -0,0 +1,22 @@
<?php
return array(
/*
|--------------------------------------------------------------------------
| API Keys
|--------------------------------------------------------------------------
|
| Set the public and private API keys as provided by reCAPTCHA.
|
*/
'public_key' => '<%= id_recaptcha_public_key %>',
'private_key' => '<%= id_recaptcha_private_key %>',
/*
|--------------------------------------------------------------------------
| Template
|--------------------------------------------------------------------------
|
| Set a template to use if you don't want to use the standard one.
|
*/
'template' => '<%= id_recaptcha_template %>'
);