puppet-zuul/manifests/web.pp

260 lines
6.9 KiB
Puppet

# Copyright 2017 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
# == Class: zuul::web
#
class zuul::web (
$ensure = undef,
$manage_log_conf = true,
$web_listen_address = '127.0.0.1',
$web_listen_port = 9000,
$enable_status_backups = true,
$tenant_name = '',
$vhost_name = $::fqdn,
$ssl_cert_file_contents = '',
$ssl_key_file_contents = '',
$ssl_chain_file_contents = '',
$block_referers = [],
$serveradmin = "webmaster@${::fqdn}",
# New sets of hashes on which create resources will be run.
# If not supplied the legacy parameters above will be used to
# construct these hashes.
$vhosts = {},
$vhosts_flags = {},
$vhosts_ssl = {},
) {
$web_url = "http://${web_listen_address}:${web_listen_port}"
$websocket_url = "ws://${web_listen_address}:${web_listen_port}"
$zuul_web_root = '/opt/zuul-web'
$zuul_web_content_root = '/opt/zuul-web/content'
$zuul_web_src_root = '/opt/zuul-web/source'
$zuul_web_filename = 'zuul-js-content-master.tar.gz'
$zuul_web_url = "https://tarballs.opendev.org/zuul/zuul/${zuul_web_filename}"
if $vhosts == {} {
if $ssl_cert_file_contents == '' {
$vhost_port = 80
$use_ssl = false
$vhosts_ssl_int = {}
}
else {
$vhost_port = 443
$use_ssl = true
$vhosts_ssl_int = {
"${vhost_name}" => {
ssl_cert_file_contents => $ssl_cert_file_contents,
ssl_key_file_contents => $ssl_key_file_contents,
ssl_chain_file_contents => $ssl_chain_file_contents,
}
}
}
$vhosts_int = {
"${vhost_name}" => {
port => $vhost_port,
docroot => $zuul_web_content_root,
priority => '50',
ssl => $use_ssl,
template => 'zuul/zuulv3.vhost.erb',
vhost_name => $vhost_name,
}
}
$vhosts_flags_int = {
"${vhost_name}" => {
tenant_name => $tenant_name,
ssl => $use_ssl,
use_le => false,
}
}
}
else {
$vhosts_ssl_int = $vhosts_ssl
$vhosts_int = $vhosts
$vhosts_flags_int = $vhosts_flags
}
service { 'zuul-web':
ensure => $ensure,
name => 'zuul-web',
enable => true,
hasrestart => true,
require => [File['/etc/init.d/zuul-web'],
File['/etc/default/zuul-web'],
Class['zuul::systemd_reload']]
}
file { '/etc/init.d/zuul-web':
ensure => present,
owner => 'root',
group => 'root',
mode => '0555',
source => 'puppet:///modules/zuul/zuul-web.init',
notify => Class['zuul::systemd_reload'],
}
if $manage_log_conf {
file { '/etc/zuul/web-logging.conf':
ensure => present,
source => 'puppet:///modules/zuul/web-logging.conf',
}
}
include logrotate
logrotate::file { 'web.log':
log => '/var/log/zuul/web.log',
options => [
'compress',
'missingok',
'rotate 30',
'daily',
'notifempty',
],
require => Service['zuul-web'],
}
logrotate::file { 'web-debug.log':
log => '/var/log/zuul/web-debug.log',
options => [
'compress',
'missingok',
'rotate 30',
'daily',
'notifempty',
],
require => Service['zuul-web'],
}
file { '/etc/default/zuul-web':
ensure => present,
mode => '0444',
content => "PIDFILE=/var/run/zuul/web.pid\n",
}
if !defined(Package['curl']) {
package { 'curl':
ensure => present
}
}
file { '/var/lib/zuul/backup':
ensure => directory,
require => File['/var/lib/zuul'],
}
if $enable_status_backups {
create_resources(zuul::status_backups, $vhosts_flags_int)
}
file { $zuul_web_root:
ensure => directory,
group => 'zuul',
mode => '0755',
owner => 'zuul',
require => User['zuul'],
}
file { $zuul_web_content_root:
ensure => directory,
group => 'zuul',
mode => '0755',
owner => 'zuul',
require => [
File[$zuul_web_root],
User['zuul'],
]
}
file { $zuul_web_src_root:
ensure => directory,
group => 'zuul',
mode => '0755',
owner => 'zuul',
require => [
File[$zuul_web_root],
User['zuul'],
]
}
# Download the latest zuul-web
exec { 'get-zuul-web':
command => "curl ${zuul_web_url} -z ./${zuul_web_filename} -o ${zuul_web_filename}",
path => '/bin:/usr/bin',
cwd => $zuul_web_root,
require => [
File[$zuul_web_root],
File[$zuul_web_content_root],
File[$zuul_web_src_root],
],
onlyif => "curl -I ${zuul_web_url} -z ./${zuul_web_filename} | grep '200 OK'",
}
# Unpack storyboard-zuul_web
exec { 'unpack-zuul-web':
command => "rm -rf ${zuul_web_src_root}/* && tar -C ${zuul_web_src_root} -xzf ./${zuul_web_filename}",
path => '/bin:/usr/bin',
refreshonly => true,
cwd => $zuul_web_root,
require => Exec['get-zuul-web'],
subscribe => Exec['get-zuul-web'],
}
# Sync zuul-web to the directory we serve it from. This is so that we don't
# have files go missing - but also so that we can clean up old verisons of
# files. The assets built by webpack have hashes in the filenames to help
# with caching.
exec { 'sync-zuul-web':
command => "rsync -rl --delete-delay . ${zuul_web_content_root}/",
path => '/bin:/usr/bin',
refreshonly => true,
cwd => $zuul_web_src_root,
require => Exec['unpack-zuul-web'],
subscribe => Exec['unpack-zuul-web'],
}
if ! defined(Httpd::Mod['rewrite']) {
httpd::mod { 'rewrite': ensure => present }
}
if ! defined(Httpd::Mod['proxy']) {
httpd::mod { 'proxy': ensure => present }
}
if ! defined(Httpd::Mod['proxy_http']) {
httpd::mod { 'proxy_http': ensure => present }
}
if ! defined(Httpd::Mod['cache']) {
httpd::mod { 'cache': ensure => present }
}
if !defined(Httpd::Mod['proxy_wstunnel']) {
httpd::mod { 'proxy_wstunnel': ensure => present }
}
if ! defined(Httpd::Mod['cache_disk']) {
httpd::mod { 'cache_disk': ensure => present }
}
if $vhosts_ssl_int != {} {
file { '/etc/ssl/certs':
ensure => directory,
owner => 'root',
group => 'root',
mode => '0755',
}
file { '/etc/ssl/private':
ensure => directory,
owner => 'root',
group => 'root',
mode => '0700',
}
create_resources(zuul::ssl_files, $vhosts_ssl_int)
}
create_resources(httpd::vhost, $vhosts_int)
}