modules/trac/manifests/init.pp - Issue 5735669590654976: #753 - set up an order system to let eyeo employees file order requests

Side by Side Diff: modules/trac/manifests/init.pp

Issue 5735669590654976: #753 - set up an order system to let eyeo employees file order requests (Closed)

Patch Set: #753 - set up an order system to let eyeo employees file order requests Created July 30, 2014, 4:54 p.m.

Left:
Right:

Use n/p to move between diff chunks; N/P to move between comments.

Jump to:

View unified diff | Download patch

OLD	NEW
1 class trac(	1 class trac(

2 $domain,	2 $domain,

3 $certificate,	3 $certificate,

4 $private_key,	4 $private_key,

	5 $fcgi_config_dir = '/etc/nginx/trac.d',
	Wladimir Palant 2014/07/31 09:46:53 This path is hardcoded in the site.conf, no point This path is hardcoded in the site.conf, no point having it as a configurable parameter then. mathias 2014/08/01 13:59:46 Well, since the site.conf is just one line, I remo Show quoted text On 2014/07/31 09:46:53, Wladimir Palant wrote: > This path is hardcoded in the site.conf, no point having it as a configurable > parameter then. Well, since the site.conf is just one line, I removed it in favor of $fcgi_config_dir ;-) - As soon as we may need more directives in there we can convert it into a template.
5 $is_default = false) inherits private::trac {	6 $is_default = false) inherits private::trac {

	7

6 package {['python-mysqldb','python-pip','subversion', 'tofrodos', 'graphviz']:	8 package {['python-mysqldb','python-pip','subversion', 'tofrodos', 'graphviz']:

7 ensure => present	9 ensure => present

8 }	10 }

9	11

10 include nginx, spawn-fcgi	12 include nginx, spawn-fcgi

11	13

	14 file {$fcgi_config_dir:

	15 ensure => directory,

	16 owner => 'root',

	17 mode => 755,

	18 require => Package['nginx'],

	19 }

	20

12 nginx::hostconfig {$domain:	21 nginx::hostconfig {$domain:

13 source => 'puppet:///modules/trac/site.conf',	22 source => 'puppet:///modules/trac/site.conf',

14 is_default => $is_default,	23 is_default => $is_default,

15 certificate => $certificate,	24 certificate => $certificate,

16 private_key => $private_key,	25 private_key => $private_key,

17 log => 'access_log_trac'	26 log => 'access_log_trac',

	27 require => File[$fcgi_config_dir],

18 }	28 }

19	29

20 user {'trac':	30 user {'trac':

21 ensure => present,	31 ensure => present,

22 comment => 'User of the trac installation',	32 comment => 'User of the trac installation',

23 home => '/home/trac',	33 home => '/home/trac',

24 managehome => true	34 managehome => true

25 }	35 }

26	36

27 class {'mysql::server':	37 class {'mysql::server':

28 root_password => $database_root_password	38 root_password => $database_root_password,

29 }

30

31 mysql::db {'trac':

32 user => 'trac',

33 password => $database_password,

34 host => 'localhost',

35 grant => ['all'],

36 charset => 'utf8',

37 collate => 'utf8_bin',

38 require => Class['mysql::server']

39 }	39 }

40	40

41 Exec {	41 Exec {

42 path => '/usr/bin:/usr/sbin:/bin:/usr/local/bin',	42 path => '/usr/bin:/usr/sbin:/bin:/usr/local/bin',

43 }	43 }

44	44

45 exec { 'install_trac':	45 exec { 'install_trac':

46 command => "pip install Trac==1.0.1",	46 command => "pip install Trac==1.0.1",

47 require => Package['python-pip'],	47 require => Package['python-pip'],

48 unless => "python -c 'import trac,sys;sys.exit(0 if trac.__version__ == \"1. 0.1\" else 1)'",	48 unless => "python -c 'import trac,sys;sys.exit(0 if trac.__version__ == \"1. 0.1\" else 1)'",

49 }	49 }

50	50

51 exec { 'trac_env':

52 command => "trac-admin /home/trac/environment initenv \"Adblock Plus issue t racker\" mysql://trac:${database_password}@localhost:3306/trac",

53 require => [

54 Exec['install_trac'],

55 Mysql_grant['trac@localhost/trac.*']

56 ],

57 user => trac,

58 unless => "test -d /home/trac/environment"

59 }

60

61 exec { 'install_BlackMagicTicketTweaks':	51 exec { 'install_BlackMagicTicketTweaks':

62 command => "pip install svn+http://trac-hacks.org/svn/blackmagictickettweaks plugin/0.12/",	52 command => "pip install svn+http://trac-hacks.org/svn/blackmagictickettweaks plugin/0.12/",

63 require => Package['subversion', 'python-pip'],	53 require => Package['subversion', 'python-pip'],

64 unless => "python -c 'import blackmagic'",	54 unless => "python -c 'import blackmagic'",

65 }	55 }

66	56

67 exec { 'install_SensitiveTickets':	57 exec { 'install_SensitiveTickets':

68 command => "pip install svn+http://trac-hacks.org/svn/sensitiveticketsplugin /trunk/",	58 command => "pip install svn+http://trac-hacks.org/svn/sensitiveticketsplugin /trunk/",

69 require => Package['subversion', 'python-pip'],	59 require => Package['subversion', 'python-pip'],

70 unless => "python -c 'import sensitivetickets'",	60 unless => "python -c 'import sensitivetickets'",

(...skipping 40 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
111 }	101 }

112	102

113 exec { 'install_TracSpamFilter':	103 exec { 'install_TracSpamFilter':

114 command => "pip install svn+http://svn.edgewall.com/repos/trac/plugins/1.0/s pam-filter",	104 command => "pip install svn+http://svn.edgewall.com/repos/trac/plugins/1.0/s pam-filter",

115 require => Package[	105 require => Package[

116 'spambayes',	106 'spambayes',

117 'python-pip'],	107 'python-pip'],

118 unless => "python -c 'import tracspamfilter'",	108 unless => "python -c 'import tracspamfilter'",

119 }	109 }

120	110

121 file {"/home/trac/environment/conf/trac.ini":

122 ensure => present,

123 content => template('trac/trac.ini.erb'),

124 owner => trac,

125 require => Exec['trac_env']

126 }

127

128 exec { 'install_Tractags':	111 exec { 'install_Tractags':

129 command => "pip install svn+http://trac-hacks.org/svn/tagsplugin/tags/0.7/",	112 command => "pip install svn+http://trac-hacks.org/svn/tagsplugin/tags/0.7/",

130 require => Package['python-pip'],	113 require => Package['python-pip'],

131 unless => "python -c 'import tractags'",	114 unless => "python -c 'import tractags'",

132 }	115 }

133	116

134 file {"/home/trac/htdocs/htdocs/common/adblockplus_logo.png":	117 exec { 'install_PrivateTickets':

135 ensure => present,	118 command => "pip install svn+http://trac-hacks.org/svn/privateticketsplugin/t ags/2.0.2/",

136 source => 'puppet:///modules/trac/adblockplus_logo.png',	119 require => Package['subversion', 'python-pip'],

137 owner => trac,	120 unless => "python -c 'import privateticketsplugin'",

138 require => Exec['deploy']

139 }	121 }

140	122

141 file {"/home/trac/environment/htdocs/theme.css":	123 file { '/home/trac/trac.ini':

142 ensure => present,	124 ensure => present,

143 source => 'puppet:///modules/trac/theme.css',	125 source => 'puppet:///modules/trac/trac.ini',

144 owner => trac,	126 owner => 'trac',

145 require => Exec['trac_env']	127 mode => 644,

146 }	128 }

147	129

148 exec {"update_env":	130 define instance (

149 command => "trac-admin /home/trac/environment upgrade",	131 $config = 'trac/trac.ini.erb',

150 user => trac,	132 $description = 'Issue Tracker',

151 require => [	133 $environment = 'environment',
	Wladimir Palant 2014/07/31 09:46:53 It's probably better to just set environment based It's probably better to just set environment based on name and not have it configurable, same as with deployment directories: $environment = "environment-$name" mathias 2014/08/01 13:59:46 Sure, but there's another but: This will cause the Show quoted text On 2014/07/31 09:46:53, Wladimir Palant wrote: > It's probably better to just set environment based on name and not have it > configurable, same as with deployment directories: > > $environment = "environment-$name" Sure, but there's another but: This will cause the trac-admin/initenv to become a major source of error, requiring a hack (see issueserver.pp). Both versions are somehow ugly, but mine/the former one does not introduce any quirks in the file system.
152 File['/home/trac/environment/conf/trac.ini'],	134 $location = '/',

153 Exec['install_SensitiveTickets'],	135 $logo = 'eyeo_logo.png',

154 Exec['install_BlackMagicTicketTweaks'],	136 $database = 'trac',

155 Exec['install_AccountManager'],	137 $permissions = 'puppet:///modules/trac/permissions.csv',

156 Exec['install_AutocompleteUsers'],	138 $theme = 'puppet:///modules/trac/theme.css') {

157 Exec['install_TicketTemplate'],	139

158 Exec['install_NeverNotifyUpdater'],	140 $database_password = $private::trac::database_password

159 Exec['install_MasterTickets'],	141

160 Exec['install_ThemeEngine'],	142 mysql::db {$database:

161 Exec['install_Tractags'],	143 user => 'trac',

162 Exec['install_TracSpamFilter']]	144 password => $database_password,

	145 host => 'localhost',

	146 grant => ['all'],

	147 charset => 'utf8',

	148 collate => 'utf8_bin',

	149 require => Class['mysql::server'],

	150 }

	151

	152 $location_base = $location ? {

	153 '/' => '',

	154 default => $location,

	155 }
	Wladimir Palant 2014/07/31 09:46:53 I think what you really want here is removing trai I think what you really want here is removing trailing slashes: $location_base = regsubst($location, '/+$', '') mathias 2014/08/01 13:59:46 Makes sense, done. Show quoted text On 2014/07/31 09:46:53, Wladimir Palant wrote: > I think what you really want here is removing trailing slashes: > > $location_base = regsubst($location, '/+$', '') Makes sense, done.
	156

	157 file {"${trac::fcgi_config_dir}/${name}.conf":

	158 ensure => file,

	159 owner => 'root',

	160 mode => 644,

	161 content => "

	162 location $location_base/

	163 {

	164 fastcgi_pass unix:/tmp/${name}-fastcgi.sock;

	165 fastcgi_split_path_info ^(${location_base})(.*)\$;

	166 include /etc/nginx/fastcgi_params;

	167 fastcgi_param SCRIPT_NAME \$fastcgi_script_name;

	168 fastcgi_param PATH_INFO \$fastcgi_path_info;

	169 client_max_body_size 20m;

	170 }

	171 location $location_base/chrome/

	172 {

	173 alias /home/trac/htdocs-$name/htdocs/;

	174 }",
	Wladimir Palant 2014/07/31 09:46:53 I'd rather go with a template here, having nginx c I'd rather go with a template here, having nginx configuration files inline is ugly (also because of the escaping required). mathias 2014/08/01 13:59:46 Done. Show quoted text On 2014/07/31 09:46:53, Wladimir Palant wrote: > I'd rather go with a template here, having nginx configuration files inline is > ugly (also because of the escaping required). Done.
	175 require => File[$trac::fcgi_config_dir],

	176 }
	Wladimir Palant 2014/07/31 09:46:53 This needs: notify => Service['nginx'] Otherwi This needs: notify => Service['nginx'] Otherwise nginx might not pick up the changes to configuration files. mathias 2014/08/01 13:59:46 Done. Show quoted text On 2014/07/31 09:46:53, Wladimir Palant wrote: > This needs: > > notify => Service['nginx'] > > Otherwise nginx might not pick up the changes to configuration files. Done.
	177

	178 exec {"trac_env_${name}":

	179 command => shellquote(

	180 'trac-admin', "/home/trac/$environment", 'initenv', $description,

	181 "mysql://trac:${database_password}@localhost:3306/$database"),

	182 path => '/usr/bin:/usr/sbin:/bin:/usr/local/bin',

	183 require => [

	184 Exec['install_trac'],

	185 Mysql_grant["trac@localhost/${database}.*"]],

	186 user => trac,

	187 unless => "test -d /home/trac/$environment"

	188 }

	189

	190 file {"/home/trac/${environment}/conf/permissions.csv":

	191 ensure => present,

	192 owner => trac,

	193 source => $permissions,

	194 require => Exec["trac_env_$name"],

	195 }

	196

	197 file {"/home/trac/$environment/conf/trac.ini":

	198 ensure => present,

	199 content => template($config),

	200 owner => trac,

	201 require => Exec["trac_env_$name"]

	202 }

	203

	204 file {"/home/trac/$environment/htdocs/theme.css":

	205 ensure => present,

	206 source => $theme,

	207 owner => trac,

	208 require => Exec["trac_env_$name"],

	209 }

	210

	211 exec {"update_env_$name":

	212 command => "trac-admin /home/trac/$environment upgrade",

	213 user => trac,

	214 path => '/usr/bin:/usr/sbin:/bin:/usr/local/bin',

	215 require => [

	216 File["/home/trac/$environment/conf/trac.ini"],

	217 Exec['install_SensitiveTickets'],

	218 Exec['install_BlackMagicTicketTweaks'],

	219 Exec['install_AccountManager'],

	220 Exec['install_AutocompleteUsers'],

	221 Exec['install_TicketTemplate'],

	222 Exec['install_NeverNotifyUpdater'],

	223 Exec['install_MasterTickets'],

	224 Exec['install_ThemeEngine'],

	225 Exec['install_Tractags'],

	226 Exec['install_TracSpamFilter'],

	227 Exec['install_PrivateTickets']],

	228 }

	229

	230 exec {"deploy_$name":

	231 command => "trac-admin /home/trac/$environment \

	232 deploy /home/trac/htdocs-$name \

	233 && fromdos /home/trac/htdocs-$name/cgi-bin/trac.fcgi \

	234 && chmod 755 /home/trac/htdocs-$name/cgi-bin/trac.fcgi",

	235 user => trac,

	236 path => '/usr/bin:/usr/sbin:/bin:/usr/local/bin',

	237 require => [

	238 Exec["update_env_$name"],

	239 Package["tofrodos"]],

	240 }

	241

	242 file {"/home/trac/htdocs-$name/htdocs/common/$logo":
	Wladimir Palant 2014/07/31 09:46:53 Feel free to always name that file logo.png (namin Feel free to always name that file logo.png (naming conflict has been resolved by separating deployment directories), regardless of the source file name. Then this entry in trac.ini will be static and you will be able to use an absolute path for the $logo parameter, consistent with $theme. mathias 2014/08/01 13:59:46 Done. Show quoted text On 2014/07/31 09:46:53, Wladimir Palant wrote: > Feel free to always name that file logo.png (naming conflict has been resolved > by separating deployment directories), regardless of the source file name. Then > this entry in trac.ini will be static and you will be able to use an absolute > path for the $logo parameter, consistent with $theme. Done.
	243 ensure => present,

	244 source => "puppet:///modules/trac/$logo",

	245 owner => trac,

	246 require => Exec["deploy_$name"],

	247 }

	248

	249 spawn-fcgi::pool {"${name}d":
	Wladimir Palant 2014/07/31 09:46:53 I think "tracd_$name" was a better name for the se I think "tracd_$name" was a better name for the service... mathias 2014/08/01 13:59:46 Sure, I think so too. But I've had a hard time try Show quoted text On 2014/07/31 09:46:53, Wladimir Palant wrote: > I think "tracd_$name" was a better name for the service... Sure, I think so too. But I've had a hard time trying to find a way to tell the spawn-fcgi module that the former "tracd" is gone and replaced by two new instances. It always failed to do anything right (when migrating from the current production setup, a plain installation worked of course), so I figured it may be better not to waste any more time on that (with the current version the old name remains in use). However, after your review I've applied a hack to issueserver.pp - it works now with more verbose pool names, but is still ugly.
	250 ensure => present,

	251 fcgi_app => "/home/trac/htdocs-$name/cgi-bin/trac.fcgi",

	252 socket => "/tmp/${name}-fastcgi.sock",

	253 mode => "0666",

	254 user => trac,

	255 children => 1,

	256 require => Exec["deploy_$name"],

	257 notify => Service['nginx'],
	Wladimir Palant 2014/07/31 09:46:53 This one is pointless - nginx doesn't care whether This one is pointless - nginx doesn't care whether the FCGI process is running, it will simply produce "502 Bad Gateway" if it isn't. mathias 2014/08/01 13:59:46 Not quite correct, I believe. It's the file descri Show quoted text On 2014/07/31 09:46:53, Wladimir Palant wrote: > This one is pointless - nginx doesn't care whether the FCGI process is running, > it will simply produce "502 Bad Gateway" if it isn't. Not quite correct, I believe. It's the file descriptors to the sockets that nginx(8) needs to re-open if it still has a handle on any of them. Otherwise one gets gateway errors although the processes are running. At least that's what we've encountered during the tests. Wladimir Palant 2014/08/01 14:11:13 We had FCGI processes crash often enough that I kn Show quoted text On 2014/08/01 13:59:46, matze wrote: > Not quite correct, I believe. We had FCGI processes crash often enough that I know - nginx doesn't need to be reloaded if the process is restared. mathias 2014/08/01 16:25:03 Indeed, Nginx will re-open the descriptor - after Show quoted text On 2014/08/01 14:11:13, Wladimir Palant wrote: > On 2014/08/01 13:59:46, matze wrote: > > Not quite correct, I believe. > > We had FCGI processes crash often enough that I know - nginx doesn't need to be > reloaded if the process is restared. Indeed, Nginx will re-open the descriptor - after it realizes that the handle is invalid, at least. However, since it's only during the computation of the first page view after the provision, I'll remove it.
	258 }

163 }	259 }

	260 }

164	261

165 exec {"deploy":

166 command => "trac-admin /home/trac/environment deploy /home/trac/htdocs && fr omdos /home/trac/htdocs/cgi-bin/trac.fcgi && chmod 755 /home/trac/htdocs/cgi-bin /trac.fcgi",

167 user => trac,

168 require => [

169 Exec["update_env"],

170 Package["tofrodos"]]

171 }

172

173 spawn-fcgi::pool {"tracd":

174 ensure => present,

175 fcgi_app => "/home/trac/htdocs/cgi-bin/trac.fcgi",

176 socket => "/tmp/trac-fastcgi.sock",

177 mode => "0666",

178 user => trac,

179 children => 1,

180 require => Exec['deploy'],

181 }

182

183 file {"/home/trac/permissions.csv":

184 ensure => present,

185 owner => trac,

186 source => 'puppet:///modules/trac/permissions.csv'

187 }

188

189 }

OLD	NEW

« modules/discourse/manifests/init.pp ('K') | « modules/trac/files/trac.ini ('k') | modules/trac/templates/orders.ini.erb » ('j') | modules/trac/templates/orders.ini.erb » ('J')