Puppet 4 was complaining that this variable was undefined. Define it to
make this warning go away.
We switch away from scope.lookupvar for consistency with the rest of the
var lookups in this file and to keep our conditional short.
Change-Id: I64cc9660a72bf5ab096c9c6f29080a838df5ddea
Change I25bd7b5d2a904dad3e13efaf2da94cce205bcc0b switched the
characterset for new databases to utf8mb4, but the Puppet MySQL
module independently defaults the collate parameter to
utf_general_ci which is not compatible with utf8mb4. Set an explicit
utf8mb4_general_ci collation instead so that the database can be
created successfully.
Change-Id: I9cc715e0b0cec9494489d56a2f4c1549782b0fca
Don't rely on a puppet file resource to purge the unpack dir as this
will trigger on every puppet run then copy the empty unpack dir to the
deployment dir. Instead we call rm prior to tar during the unpack exec
so that we only ever clean the dir if we are unpacking.
Change-Id: I80b4faf54220d88e610e2a224dea47af4133e225
The old webclient tarballs had content in a "dist" subdirectory, but
newer ones do not. So as to avoid webroot contamination as well as
to make sure we copy the correct new content into place, unpack the
tarballs into an empty "dist" subdirectory of the download staging
directory.
Change-Id: I15d1e00c9a0aa752b21b6eeedb29bcd89dc03935
Storyboard.o.o's webclient has been lagging behind master due to
a change in naming.
This patch fixes the tarball name so that the webclient in prod will
actually reflect whats in master.
Change-Id: I35174ab8345fa811f21947c106dd3e18dc1bce0b
Puppet 4 is more strict about data types and doesn't tolerate using
arithmetic operators on strings. The operatingsystemrelease fact is a
string. Switch the arithmetic comparison to a native function that knows
how to deal with version numbers.
Change-Id: I98d5b4c50b26b5ea64035d726d903900c2040b99
Email notifications about task status changes triggered from Gerrit do
not include correct Story URL. Setting the default StoryBoard URL should
fix that issue.
Change-Id: Ic639e344921c4265d3471ac9bd591a4ae489ae52
Story: 2001410
Task: 6106
Use an IETF recommended domain name (example.org) in examples and
class parameter defaults instead of openstack.org. The only default
behavior change is for sender_email_address and the one site where
the default value would have been viable already has an override in
place to the same string anyway so this should result in no
effective behavior change.
Change-Id: I3e1bbb0bf4bfdd71f56cd429e890e90f2881bec5
The default "utf8" character set for MySQL only supports up to
3-byte codepoints. In order to support text with 4-byte codepoints
(at the expense of some additional storage) explicitly use "utf8mb4"
instead when creating and connecting to the database.
Change-Id: I25bd7b5d2a904dad3e13efaf2da94cce205bcc0b
Add a xenial nodeset and update the spec helper to install puppet 3 from
the Ubuntu repos instead of from puppetlabs. Also fix linter errors.
Change-Id: I5b4650de814a23a0ef25ee8cd73ca3591b6df44e
The ssl-cert group which normally owns files under /etc/ssl is
created by a dependency of the apache module, but we need to create
files there before that service is started. Break the cycle by just
relying on the root group instead. Also update permission modes on
these files to reflect sensible systems administration practices
(read/write by root, readable by everyone except for the key file
which is inaccessible for others).
Change-Id: Ia76a344e5b4d3d7acdf0980ed7f951f8d5199052
The snakeoil fallback defaults need to be set in the cert class,
not as defaults in the module init.
Change-Id: Id1f5dd081fa085775b96c0e374055aded203148a
Depends-On: Ifc92d78f081fc69d804c29033e96e1c94462213b
In anticipation of puppet 4, start trying to deal with puppet 4 things
that can be helpfully predicted by puppet lint plugins. Also fix lint
errors caught by the puppet-lint-absolute_classname-check and
puppet-lint-trailing_newline-check gems.
Change-Id: If9e2cd626122c4ff6338a82d87c815ae33578bac
puppet-httpd is the openstack-infra version of puppetlabs-apache
(0.0.4) release.
This patchset will remove the puppetlabs-apache namespace from -infra
allowing for possible future patchsets to use newer puppetlabs-apache
modules.
Change-Id: I4f509f1ce72b069ac89d42f2cb55550e3b5bf590
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
The install directories into which the storyboard api and client
are downloaded and processed are now parameterized.
Change-Id: Ic67a0730246bc7fcf38cc98e460381994ab9d736
In order to support Python3, https://review.openstack.org/#/c/152339/ is switching
to a mysql driver that's supported by Python3. This updates the puppet module to use
the new connection string.
Change-Id: Id5d9eacd8de5700675848d3129b189fad07a221b
This adds an empty, default config.json file to storyboard's webclient install.
While functionally it impacts nothing, it will remove a multitude of 404 log
errors caused by storyboard trying to load a secondary configuration.
Change-Id: Ib31e4ad1c6f03b4dd43659bd8e931d965ce7686b
This patch adds the new oauth config section from
https://review.openstack.org/144355, as well as the cron enabling
flag from https://review.openstack.org/129609/. Both are defaulted
to false in storyboard, so until this patch lands the features
will not be enabled.
Change-Id: Iedd1d8fb9b734c4356a922b6781395249ae14ed4
* manifests/cert.pp: This adds the flexibility to depend on
existing files even if they're created as part of the storyboard
dependency chain, though with the loss of some error handling if a
deployer neglects to ensure the file itself exists before starting
the apache daemon.
Change-Id: I62d0bc7899703d7cc17f402cf34bd92357f44b58
If we are running on anything before trusty, we need to manually
manage the repository because the available version of rabbitmq
is not recent enough for our module. For trusty and later, the
available version is too recent for us to use, so we have to turn
off repo management.
This is volatile, and needs a more permanent solution.
Change-Id: I0db87d6c5cbecee8575d91e6f88ef43a947967ff
Turns out the rabbit module manages its own APT repository, which
can end up with some unexpected results on trusty. This disables
that and defaults back to using the trusty upstream.
After this patch lands, we're going to have to manually update
storyboard.o.o to remove the ppa and reinstall rabbit.
Change-Id: Ic5ada12e730845e550d1beb934c536955b77ef16
Storyboard will soon support CORS, which is configured via
storyboard.conf. This patch adds the two relevant properties
to the puppet module, and makes them accessible in
storyboard::application.
Depends on https://review.openstack.org/#/c/124163/
Change-Id: I33a33076a18a9192b067a9f6f08d752ff8c22e3b
This patch adds a puppet module that will start up N worker threads
to handle messages sent to the deferred processing queue. It does so
by making use of the new storyboard-worker-daemon command
created in the below patch. Both upstart and sysvinit scripts are
provided, with sysvinit being the default.
https://review.openstack.org/#/c/122890/
Change-Id: I5565cbf8062457d343d3e02dbfaae2852a359d91
Story: 96
The default passwords for the various storyboard subcomponents
as well as the init component were removed. Documentation has
also been updated.
Change-Id: I1041154b6d30722649776eca15a0f04b090ab5c8
Version detection for apache was incorrectly based off a version
of the apache module that isn't in use by openstack. Rather than
creating a weird dependency issue, I've moved the apache default
version detection into the storyboard module directly.
Change-Id: Ib4be592207bd43abb0c97417f321a2ffa26465f1
puppi:netinstall appears to be less useful than expected, as the
remote versions are no longer being downloaded and updated. This
change moves us back to using curl to download the webclient tarball,
so that we're assured to always have a fresh version.
Change-Id: I4120f82239614ec355b921b8ee54bb81e4b39543
Apache version 2.4.3 changes the Order Allow,Deny security
configuration options. This patch modifies the input parameters
as well as the vhost templates in order to support it.
Change-Id: I179ffa924fed204c45a08ba19ea4acdc519edda2
In order to support subscriptions in StoryBoard, we're adding a
queueing system to support triggered events. The specification in
question is #95307, which goes into detail on the various different
options evaluated. I also anticipate that this system can be used
for report generation.
Change-Id: Ia4cc91f1e75365a9fb41ca163e55548023233412
Story: 96
Storyboard's configuration directory was not being created,
which causes an error on clean systems.
Change-Id: I506bebee77cbc6e60d05598cd4c13d65fb287e11
For some reason, storyboard's config is again trying to read from
/etc/storyboard/storyboard.conf rather than /etc/storyboard.conf. This
fixes our configuration.
Change-Id: I978b8cd99744fabfab7fdf5b1d63bd54396350ed
In order to get the puppet module for storyboard up to a level where
we can publish it to puppetforge, I did some work on it to create
separate modules which can be used by anyone to install storyboard.
- API and Webclient are now installed via storyboard::application,
which assumes that you can provide the DB connection criteria.
- storyboard::cert is now a separate class, which accepts either
files or strings, which generates the SSL certificate and chain
files for storyboard.
- storyboard::params is our dependency checker.
- storyboard::init will install a standalone, entirely
self-contained instance of storyboard.
- Added various puppet module files necessary for eventual
deployment to puppetforge.
- Added README.md documentation for later puppetforge addition.
This patch also includes a new module: example42-puppi, which is a
series of convenience utilities useful for deployment. For example,
puppi::netinstall (used here) will fetch tarballs and zip files and
extract them into a provided directory. It also contains changes to
the storyboard configuration for the new refresh token support patch
in #94363
Change-Id: I6ab8c24b308df38774fc0694d218dcb5022cd899
Apache doesn't reload python libs until a reboot, so
our strategy of reloading storyboard wasn't effective.
This removes the old storyboard-reload command and
replaces it with a straight http service restart.
Change-Id: I1f2fb736277c3ca39b513695e42ef4860267737f
Previously the curl command was itself idempotent but this
was transparent to Puppet, meaning the node reported as
always changed. I have, somewhat akwardly, taught Puppet how to
check for changed files on the remote server. It pulls only HTTP
headers to save time/bandwidth.
Change-Id: I539e67f0c82ad91450dd3720512b92518e70c122
There are actions, such as deleting projects, that should only be done
by superusers. For that to work, we need to have superusers.
Change-Id: I827446788ca53018a6d2c76eaf667b6fe4065f80
Openstack manages it's projects in projects.yaml file. As we want all of
the projects to have a corresponding entry in storyboard, run the
storyboard projects.yaml loader if projects.yaml changes.
Change-Id: I86367b9980b100bf45f2dd881ca626a16f31cca1
There are two major parts being installed with this module:
1. storyboard-api - REST API service served with
apache mod_wsgi module
2. storyboard-webclient - static html/css/js files.
This project is built and published to tarballs.o.o,
from where it'll be installed with this puppet module
This module requires three configs from Hiera:
* storyboard_db_host
* storyboard_db_password
* storyboard_db_user
Installed projects:
* http://git.openstack.org/cgit/openstack-infra/storyboard/
* http://git.openstack.org/cgit/openstack-infra/storyboard-webclient/
Things to be added in later commits:
* Documentation for ci.openstack.org.
* Configure logging (once supported by storyboard.)
* SSL.
Change-Id: If3da06f8d20a6282036f1f9f063c25a6d0db60c6
Clark Boylan