Puppet 4 was complaining that this variable was undefined. Define it to
make this warning go away.
We switch away from scope.lookupvar for consistency with the rest of the
var lookups in this file and to keep our conditional short.
Change-Id: I64cc9660a72bf5ab096c9c6f29080a838df5ddea
There are two ServerAdmin entries in the https vhost erb template. One
for port 80 and one for port 443. The previous change only fixed the
issue for port 80. Fix this for port 443 too.
Additionally fix the ssl chain file variable which has the same problem.
Change-Id: Id3a36d1a3088f9ae08761f51f4073f388e2eedf8
On puppet 3 an explicit undef value is evaluated as the symbol :undef in
ERB templates, while on puppet 4 the explicit undef is evaluated the
same as the implicit undef which comes to the nil value in ERB. Check
for both values to make both puppet versions happy.
Change-Id: Ib4bff7259fea2722f799745d476d1af0c34408d5
This is required to properly support handling requests for project by
name, where the name may contain encoded slashes. For example,
GET /v1/projects/openstack-infra%2Fstoryboard
causes Apache to give a 404 error without this patch.
Change-Id: Ibe95dbfc28621574bac7e4af78fe1d913fa4e1b6
Dynamic scoping for variables in ERB templates was removed in puppet
4[1] which means that the variables defined in the manifests cannot be
found when it is referenced in the httpd::vhost defined type and will be
evaluated as nil when puppet runs. Use scope.lookupvar instead to be
explicit about the variable's source.
[1] https://puppet.com/docs/puppet/4.10/lang_updating_manifests.html#dynamic-scoping-in-erb
Change-Id: I007975c920bd12a352acdea742b841a17ecc5d17
Email notifications about task status changes triggered from Gerrit do
not include correct Story URL. Setting the default StoryBoard URL should
fix that issue.
Change-Id: Ic639e344921c4265d3471ac9bd591a4ae489ae52
Story: 2001410
Task: 6106
The default "utf8" character set for MySQL only supports up to
3-byte codepoints. In order to support text with 4-byte codepoints
(at the expense of some additional storage) explicitly use "utf8mb4"
instead when creating and connecting to the database.
Change-Id: I25bd7b5d2a904dad3e13efaf2da94cce205bcc0b
On systems where the site FQDN is mapped to the loopback interface
in /etc/hosts, Apache doesn't apply the vhost configuration on
incoming connections to other addresses/interfaces. Apache
recommends wildcarding VirtualHost directives these days, and it's
something we already hard-code in other modules (e.g. puppet-zuul).
This _could_ conceivably cause complication for anyone trying to
coinstall this module on a server hosting other sites without
name-based hosting configured correctly, but that should be an
increasingly unusual configuration.
Change-Id: I11f5b586c4f7b42017c2eb78af4be87211343381
SSLv2 and SSLv3 should never be used. Update the protocol and cipher
suite lines to match the recommendations by the OpenStack Security team.
This includes opt-in to only TLS and strong ciphers.
Change-Id: I25168293cd822b2838252a71890e0c43b5a7b8f0
In order to support Python3, https://review.openstack.org/#/c/152339/ is switching
to a mysql driver that's supported by Python3. This updates the puppet module to use
the new connection string.
Change-Id: Id5d9eacd8de5700675848d3129b189fad07a221b
Storyboard is currently failing because of requests to get the working
directory are failing. This disables that configuration option so
we have some time to investigate.
Change-Id: I8d0b8d6ce350836b8eba5822e1aa6e9920d7dc8e
This patch adds the new oauth config section from
https://review.openstack.org/144355, as well as the cron enabling
flag from https://review.openstack.org/129609/. Both are defaulted
to false in storyboard, so until this patch lands the features
will not be enabled.
Change-Id: Iedd1d8fb9b734c4356a922b6781395249ae14ed4
* manifests/cert.pp: This adds the flexibility to depend on
existing files even if they're created as part of the storyboard
dependency chain, though with the loss of some error handling if a
deployer neglects to ensure the file itself exists before starting
the apache daemon.
Change-Id: I62d0bc7899703d7cc17f402cf34bd92357f44b58
Storyboard will soon support CORS, which is configured via
storyboard.conf. This patch adds the two relevant properties
to the puppet module, and makes them accessible in
storyboard::application.
Depends on https://review.openstack.org/#/c/124163/
Change-Id: I33a33076a18a9192b067a9f6f08d752ff8c22e3b
This patch adds a puppet module that will start up N worker threads
to handle messages sent to the deferred processing queue. It does so
by making use of the new storyboard-worker-daemon command
created in the below patch. Both upstart and sysvinit scripts are
provided, with sysvinit being the default.
https://review.openstack.org/#/c/122890/
Change-Id: I5565cbf8062457d343d3e02dbfaae2852a359d91
Story: 96
Apache version 2.4.3 changes the Order Allow,Deny security
configuration options. This patch modifies the input parameters
as well as the vhost templates in order to support it.
Change-Id: I179ffa924fed204c45a08ba19ea4acdc519edda2
In order to support subscriptions in StoryBoard, we're adding a
queueing system to support triggered events. The specification in
question is #95307, which goes into detail on the various different
options evaluated. I also anticipate that this system can be used
for report generation.
Change-Id: Ia4cc91f1e75365a9fb41ca163e55548023233412
Story: 96
In order to get the puppet module for storyboard up to a level where
we can publish it to puppetforge, I did some work on it to create
separate modules which can be used by anyone to install storyboard.
- API and Webclient are now installed via storyboard::application,
which assumes that you can provide the DB connection criteria.
- storyboard::cert is now a separate class, which accepts either
files or strings, which generates the SSL certificate and chain
files for storyboard.
- storyboard::params is our dependency checker.
- storyboard::init will install a standalone, entirely
self-contained instance of storyboard.
- Added various puppet module files necessary for eventual
deployment to puppetforge.
- Added README.md documentation for later puppetforge addition.
This patch also includes a new module: example42-puppi, which is a
series of convenience utilities useful for deployment. For example,
puppi::netinstall (used here) will fetch tarballs and zip files and
extract them into a provided directory. It also contains changes to
the storyboard configuration for the new refresh token support patch
in #94363
Change-Id: I6ab8c24b308df38774fc0694d218dcb5022cd899
There are two major parts being installed with this module:
1. storyboard-api - REST API service served with
apache mod_wsgi module
2. storyboard-webclient - static html/css/js files.
This project is built and published to tarballs.o.o,
from where it'll be installed with this puppet module
This module requires three configs from Hiera:
* storyboard_db_host
* storyboard_db_password
* storyboard_db_user
Installed projects:
* http://git.openstack.org/cgit/openstack-infra/storyboard/
* http://git.openstack.org/cgit/openstack-infra/storyboard-webclient/
Things to be added in later commits:
* Documentation for ci.openstack.org.
* Configure logging (once supported by storyboard.)
* SSL.
Change-Id: If3da06f8d20a6282036f1f9f063c25a6d0db60c6