Added HTTP Modules.
This commit is contained in:
parent
993150a336
commit
7cd53e46c6
|
@ -8,6 +8,8 @@ description 'This module installs and maintains the OpenStack RefStack service.'
|
|||
project_page 'https://github.com/openstack-ci/puppet-refstack'
|
||||
|
||||
## Add dependencies, if any:
|
||||
dependency 'stankevich/python', '= 1.6.6'
|
||||
dependency 'openstackci/vcsrepo', '= 0.0.8'
|
||||
dependency 'puppetlabs/stdlib', '= 3.2.0'
|
||||
dependency 'puppetlabs/mysql', '= 0.6.1'
|
||||
dependency 'puppetlabs/apache', '= 0.0.4'
|
||||
dependency 'openstackci/vcsrepo', '= 0.0.8'
|
||||
dependency 'stankevich/python', '= 1.6.6'
|
||||
|
|
|
@ -0,0 +1,47 @@
|
|||
# Copyright (c) 2015 Hewlett-Packard Development Company, L.P.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
# == Class: refstack::apache::http
|
||||
#
|
||||
# This module installs refstack onto the current host using an unecrypted http
|
||||
# protocol.
|
||||
#
|
||||
class refstack::apache::http () {
|
||||
require ::refstack::params
|
||||
require ::refstack::api
|
||||
# require ::refstack::app
|
||||
|
||||
# Pull various variables into this module, for slightly saner templates.
|
||||
$install_api_root = $::refstack::params::install_api_root
|
||||
$install_www_root = $::refstack::params::install_www_root
|
||||
$hostname = $::refstack::params::hostname
|
||||
$user = $::refstack::params::user
|
||||
$group = $::refstack::params::group
|
||||
$server_admin = $::refstack::params::server_admin
|
||||
$python_version = $::refstack::params::python_version
|
||||
|
||||
# Install apache
|
||||
include apache
|
||||
include apache::mod::wsgi
|
||||
|
||||
# Set up refstack as HTTP
|
||||
apache::vhost { $hostname:
|
||||
port => 80,
|
||||
docroot => $install_www_root,
|
||||
priority => '50',
|
||||
template => 'refstack/refstack_http.vhost.erb',
|
||||
ssl => false,
|
||||
notify => Service['httpd'],
|
||||
}
|
||||
}
|
|
@ -0,0 +1,85 @@
|
|||
# Copyright (c) 2015 Hewlett-Packard Development Company, L.P.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
# == Class: refstack::apache::https
|
||||
#
|
||||
# This module installs refstack onto the current host using an the https
|
||||
# protocol.
|
||||
#
|
||||
class refstack::apache::https () {
|
||||
|
||||
require ::refstack::params
|
||||
require ::refstack::api
|
||||
# require ::refstack::app
|
||||
|
||||
# Pull various variables into this module, for slightly saner templates.
|
||||
$install_api_root = $::refstack::params::install_api_root
|
||||
$install_www_root = $::refstack::params::install_www_root
|
||||
$hostname = $::refstack::params::hostname
|
||||
$user = $::refstack::params::user
|
||||
$group = $::refstack::params::group
|
||||
$server_admin = $::refstack::params::server_admin
|
||||
$python_version = $::refstack::params::python_version
|
||||
|
||||
$ssl_cert_content = $::refstack::params::ssl_cert_content
|
||||
$ssl_cert = $::refstack::params::ssl_cert
|
||||
$ssl_key_content = $::refstack::params::ssl_key_content
|
||||
$ssl_key = $::refstack::params::ssl_key
|
||||
$ssl_ca_content = $::refstack::params::ssl_ca_content
|
||||
$resolved_ssl_ca = $::refstack::params::resolved_ssl_ca
|
||||
|
||||
# Install apache
|
||||
include apache
|
||||
include apache::mod::wsgi
|
||||
|
||||
if $ssl_cert_content != undef {
|
||||
file { $ssl_cert:
|
||||
owner => 'root',
|
||||
group => 'ssl-cert',
|
||||
mode => '0640',
|
||||
content => $ssl_cert_content,
|
||||
notify => Service['httpd'],
|
||||
}
|
||||
}
|
||||
|
||||
if $ssl_key_content != undef {
|
||||
file { $ssl_key:
|
||||
owner => 'root',
|
||||
group => 'ssl-cert',
|
||||
mode => '0640',
|
||||
content => $ssl_key_content,
|
||||
notify => Service['httpd'],
|
||||
}
|
||||
}
|
||||
|
||||
if $ssl_ca_content != undef {
|
||||
file { $resolved_ssl_ca:
|
||||
owner => 'root',
|
||||
group => 'ssl-cert',
|
||||
mode => '0640',
|
||||
content => $ssl_ca_content,
|
||||
notify => Service['httpd'],
|
||||
}
|
||||
}
|
||||
|
||||
# Set up ::refstack as HTTPS
|
||||
apache::vhost { $hostname:
|
||||
port => 443,
|
||||
docroot => $install_www_root,
|
||||
priority => '50',
|
||||
template => 'refstack/refstack_https.vhost.erb',
|
||||
ssl => true,
|
||||
notify => Service['httpd'],
|
||||
}
|
||||
}
|
|
@ -21,6 +21,7 @@ class refstack (
|
|||
$mysql_database = 'refstack',
|
||||
$mysql_user = 'refstack',
|
||||
$mysql_user_password,
|
||||
$hostname = $::ipaddress,
|
||||
) {
|
||||
|
||||
# Configure the entire refstack instance. This does not install anything,
|
||||
|
@ -29,8 +30,11 @@ class refstack (
|
|||
mysql_database => $mysql_database,
|
||||
mysql_user => $mysql_user,
|
||||
mysql_user_password => $mysql_user_password,
|
||||
hostname => $hostname
|
||||
}
|
||||
|
||||
include ::refstack::mysql
|
||||
include ::refstack::api
|
||||
|
||||
include ::refstack::apache::http
|
||||
}
|
||||
|
|
|
@ -17,14 +17,18 @@
|
|||
# Centralized configuration management for the refstack module.
|
||||
#
|
||||
class refstack::params (
|
||||
$python_version = '2.7',
|
||||
$python_version = '2.7',
|
||||
|
||||
# Source and install directories.
|
||||
$src_api_root = '/opt/refstack-api',
|
||||
$src_api_root = '/opt/refstack-api',
|
||||
$src_www_root = '/opt/refstack-www',
|
||||
$install_www_root = '/var/www/refstack-www',
|
||||
|
||||
# The user under which refstack will run.
|
||||
$user = 'refstack',
|
||||
$group = 'refstack',
|
||||
$user = 'refstack',
|
||||
$group = 'refstack',
|
||||
$server_admin = undef,
|
||||
$hostname = $::ipaddress,
|
||||
|
||||
# [database] refstack.conf
|
||||
$mysql_user = 'refstack',
|
||||
|
@ -32,6 +36,14 @@ class refstack::params (
|
|||
$mysql_host = localhost,
|
||||
$mysql_port = 3306,
|
||||
$mysql_database = 'refstack',
|
||||
|
||||
# Apache2 ssl configuration
|
||||
$ssl_cert_content = undef,
|
||||
$ssl_cert = '/etc/ssl/certs/refstack.pem',
|
||||
$ssl_key_content = undef,
|
||||
$ssl_key = '/etc/ssl/private/refstack.key',
|
||||
$ssl_ca_content = undef,
|
||||
$ssl_ca = undef, # '/etc/ssl/certs/ca.pem'
|
||||
) {
|
||||
|
||||
# Resolve a few parameters based on the install environment.
|
||||
|
@ -45,4 +57,11 @@ class refstack::params (
|
|||
# Build the connection string from individual parameters
|
||||
$mysql_connection_string = "mysql://${mysql_user}:${mysql_user_password}@${mysql_host}:${mysql_port}/${mysql_database}"
|
||||
|
||||
# CA file needs special treatment, since we want the path variable
|
||||
# to be undef in some cases.
|
||||
if $ssl_ca == undef and $ssl_ca_content != undef {
|
||||
$resolved_ssl_ca = '/etc/ssl/certs/storyboard.ca.pem'
|
||||
} else {
|
||||
$resolved_ssl_ca = $ssl_ca
|
||||
}
|
||||
}
|
||||
|
|
|
@ -9,16 +9,36 @@
|
|||
"issues_url": "https://refstack.openstack.org/#!/project/700",
|
||||
"dependencies": [
|
||||
{
|
||||
"name": "stankevich/python",
|
||||
"version_requirement": ">= 1.6.6"
|
||||
"name": "puppetlabs/stdlib",
|
||||
"version_requirement": ">= 3.2.0"
|
||||
},
|
||||
{
|
||||
"name": "puppetlabs/mysql",
|
||||
"version_requirement": ">= 0.6.1"
|
||||
},
|
||||
{
|
||||
"name": "openstackci/httpd",
|
||||
"version_requirement": "= 0.0.4"
|
||||
},
|
||||
{
|
||||
"name": "puppetlabs/rabbitmq",
|
||||
"version_requirement": ">= 4.0.0"
|
||||
},
|
||||
{
|
||||
"name": "example42/puppi",
|
||||
"version_requirement": ">= 2.1.9"
|
||||
},
|
||||
{
|
||||
"name": "openstackci/vcsrepo",
|
||||
"version_requirement": ">= 0.0.8"
|
||||
},
|
||||
{
|
||||
"name": "puppetlabs/mysql",
|
||||
"version_requirement": ">= 0.6.1"
|
||||
"name": "stankevich/python",
|
||||
"version_requirement": ">= 1.6.6"
|
||||
},
|
||||
{
|
||||
"name": "puppetlabs/stdlib",
|
||||
"version_requirement": ">= 3.2.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
|
@ -0,0 +1,21 @@
|
|||
WSGIPythonHome <%= @install_api_root %>
|
||||
|
||||
<VirtualHost <%= @hostname %>:80>
|
||||
<% if !!@server_admin %>
|
||||
ServerAdmin <%= @server_admin %>
|
||||
<% end %>
|
||||
ServerName <%= @hostname %>
|
||||
|
||||
DocumentRoot <%= @install_www_root %>
|
||||
|
||||
# WSGIDaemonProcess refstack user=<%= @user %> group=<%= @group %> threads=5
|
||||
# WSGIScriptAlias /api <%= @install_api_root %>/lib/python<%= @python_version %>/site-packages/refstack/api/app.wsgi
|
||||
# WSGIPassAuthorization On
|
||||
LogLevel warn
|
||||
ErrorLog ${APACHE_LOG_DIR}/refstack-error.log
|
||||
CustomLog ${APACHE_LOG_DIR}/refstack-access.log combined
|
||||
|
||||
<Directory "<%= @install_api_root %>">
|
||||
Require all granted
|
||||
</Directory>
|
||||
</VirtualHost>
|
|
@ -0,0 +1,60 @@
|
|||
WSGIPythonHome <%= @install_api_root %>
|
||||
|
||||
<VirtualHost <%= @hostname %>:80>
|
||||
<% if !!@server_admin %>
|
||||
ServerAdmin <%= @server_admin %>
|
||||
<% end %>
|
||||
ServerName <%= @hostname %>
|
||||
|
||||
DocumentRoot <%= @install_www_root %>
|
||||
|
||||
Redirect / https://<%= @hostname %>/
|
||||
|
||||
LogLevel warn
|
||||
ErrorLog ${APACHE_LOG_DIR}/storyboard-error.log
|
||||
CustomLog ${APACHE_LOG_DIR}/storyboard-access.log combined
|
||||
|
||||
</VirtualHost>
|
||||
<IfModule mod_ssl.c>
|
||||
<VirtualHost <%= @hostname %>:443>
|
||||
<% if !!@server_admin %>
|
||||
ServerAdmin <%= @server_admin %>
|
||||
<% end %>
|
||||
ServerName <%= @hostname %>
|
||||
|
||||
LogLevel warn
|
||||
ErrorLog ${APACHE_LOG_DIR}/storyboard-ssl-error.log
|
||||
CustomLog ${APACHE_LOG_DIR}/storyboard-ssl-access.log combined
|
||||
|
||||
SSLEngine on
|
||||
|
||||
SSLCertificateFile <%= @ssl_cert %>
|
||||
SSLCertificateKeyFile <%= @ssl_key %>
|
||||
<% if !!@resolved_ssl_ca %>
|
||||
SSLCertificateChainFile <%= @resolved_ssl_ca %>
|
||||
<% end %>
|
||||
|
||||
<FilesMatch "\.(cgi|shtml|phtml|php)$">
|
||||
SSLOptions +StdEnvVars
|
||||
</FilesMatch>
|
||||
<Directory /usr/lib/cgi-bin>
|
||||
SSLOptions +StdEnvVars
|
||||
</Directory>
|
||||
|
||||
BrowserMatch "MSIE [2-6]" \
|
||||
nokeepalive ssl-unclean-shutdown \
|
||||
downgrade-1.0 force-response-1.0
|
||||
# MSIE 7 and newer should be able to use keepalive
|
||||
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
|
||||
|
||||
DocumentRoot <%= @install_www_root %>
|
||||
|
||||
# WSGIDaemonProcess storyboard user=<%= @user %> group=<%= @group %> threads=5
|
||||
# WSGIScriptAlias /api <%= @install_api_root %>/lib/python<%= @python_version %>/site-packages/storyboard/api/app.wsgi
|
||||
# WSGIPassAuthorization On
|
||||
|
||||
<Directory "<%= @install_api_root %>">
|
||||
Require all granted
|
||||
</Directory>
|
||||
</VirtualHost>
|
||||
</IfModule>
|
|
@ -1,5 +1,6 @@
|
|||
node default {
|
||||
class { 'refstack':
|
||||
hostname => '192.168.99.88',
|
||||
mysql_user_password => 'refstack',
|
||||
}
|
||||
}
|
14
vagrant.sh
14
vagrant.sh
|
@ -15,12 +15,18 @@ if [ ! -d /etc/puppet/modules/refstack ]; then
|
|||
fi
|
||||
|
||||
# Install required puppet modules.
|
||||
if [ ! -d /etc/puppet/modules/python ]; then
|
||||
puppet module install stankevich-python --version 1.6.6
|
||||
if [ ! -d /etc/puppet/modules/stdlib ]; then
|
||||
puppet module install puppetlabs-stdlib --version 3.2.0
|
||||
fi
|
||||
if [ ! -d /etc/puppet/modules/mysql ]; then
|
||||
puppet module install puppetlabs-mysql --version 0.6.1
|
||||
fi
|
||||
if [ ! -d /etc/puppet/modules/apache ]; then
|
||||
puppet module install puppetlabs-apache --version 0.0.4
|
||||
fi
|
||||
if [ ! -d /etc/puppet/modules/vcsrepo ]; then
|
||||
puppet module install openstackci-vcsrepo --version 0.0.8
|
||||
fi
|
||||
if [ ! -d /etc/puppet/modules/mysql ]; then
|
||||
puppet module install puppetlabs-mysql --version 0.6.1
|
||||
if [ ! -d /etc/puppet/modules/python ]; then
|
||||
puppet module install stankevich-python --version 1.6.6
|
||||
fi
|
Loading…
Reference in New Issue