Left: | ||
Right: |
LEFT | RIGHT |
---|---|
1 node 'issues1' { | 1 node 'issues1' { |
2 | 2 |
3 include base, private::trac | 3 include base, private::trac |
4 | 4 |
5 class {'trac': | 5 class {'trac': |
6 domain => 'issues.adblockplus.org', | 6 domain => 'issues.adblockplus.org', |
7 certificate => 'issues.adblockplus.org_sslcert.pem', | 7 certificate => 'issues.adblockplus.org_sslcert.pem', |
8 private_key => 'issues.adblockplus.org_sslcert.key', | 8 private_key => 'issues.adblockplus.org_sslcert.key', |
9 is_default => true, | 9 is_default => true, |
10 } | 10 } |
11 | 11 |
12 trac::instance {'trac': | 12 trac::instance {'issues': |
13 config => 'trac/trac.ini.erb', | 13 config => 'trac/trac.ini.erb', |
14 description => 'Adblock Plus Issue Tracker', | 14 description => 'Adblock Plus Issue Tracker', |
15 environment => 'environment', | |
16 location => '/', | 15 location => '/', |
17 logo => 'adblockplus_logo.png', | 16 logo => 'puppet:///modules/trac/adblockplus_logo.png', |
18 database => 'trac', | 17 database => 'trac', |
19 permissions => "puppet:///modules/trac/permissions.csv", | 18 permissions => "puppet:///modules/trac/permissions.csv", |
20 } | 19 } |
21 | 20 |
22 trac::instance {'orders': | 21 trac::instance {'orders': |
23 config => 'trac/orders.ini.erb', | 22 config => 'trac/orders.ini.erb', |
24 description => 'Eyeo Order System', | 23 description => 'Eyeo Order System', |
25 environment => 'environment-orders', | |
26 location => '/orders', | 24 location => '/orders', |
27 logo => 'eyeo_logo.png', | 25 logo => 'puppet:///modules/trac/eyeo_logo.png', |
28 database => 'trac_orders', | 26 database => 'trac_orders', |
29 permissions => "puppet:///modules/trac/order-permissions.csv", | 27 permissions => "puppet:///modules/trac/order-permissions.csv", |
30 } | 28 } |
31 | 29 |
32 # Transforming the auth_cookie table of the "new" Trac project into an | 30 # Transforming the auth_cookie table of the "new" Trac project into an |
33 # insertable view for the "old" project's table of the same name avoids | 31 # insertable view for the "old" project's table of the same name avoids |
34 # the need to convert the entire auth to htpasswd-file handling, which | 32 # the need to convert the entire auth to htpasswd-file handling, which |
35 # would be the official way to go for achieving a shared authentication. | 33 # would be the official way to go for achieving a shared authentication. |
36 exec { 'trac_auth_cookie_view': | 34 exec { 'trac_auth_cookie_view': |
37 command => "mysql -utrac -p'${private::trac::database_password}' trac_orders --execute ' | 35 command => "mysql -utrac -p'${private::trac::database_password}' trac_orders --execute ' |
38 CREATE VIEW auth_cookie_view AS SELECT * FROM trac.auth_cookie; | 36 DROP TABLE IF EXISTS auth_cookie; |
39 RENAME TABLE auth_cookie TO auth_cookie_original, auth_cookie_view TO auth _cookie;'", | 37 CREATE VIEW auth_cookie AS SELECT * FROM trac.auth_cookie;'", |
Wladimir Palant
2014/07/31 09:46:53
Why the renaming? We don't want that empty table.
mathias
2014/08/01 13:59:46
Well, I still prefer my version: Beside having an
Wladimir Palant
2014/08/01 14:11:13
Backup of an empty table that isn't used anywhere?
mathias
2014/08/01 16:25:03
Since you prefer it without, I'll adjust it.
But,
| |
40 unless => "mysql -utrac -p'${private::trac::database_password}' trac_orders --execute ' | 38 unless => "mysql -utrac -p'${private::trac::database_password}' trac_orders --execute ' |
41 SHOW CREATE TABLE auth_cookie' | grep VIEW", | 39 SHOW CREATE VIEW auth_cookie'", |
Wladimir Palant
2014/07/31 09:46:53
How about:
unless => "mysql -utrac -p'${private::
mathias
2014/08/01 13:59:46
Agreed, done.
| |
42 path => "/usr/bin:/usr/sbin:/bin:/usr/local/bin", | 40 path => "/usr/bin:/usr/sbin:/bin:/usr/local/bin", |
43 require => [ | 41 require => [ |
44 Exec["deploy_trac"], | 42 Exec["deploy_issues"], |
45 Exec["deploy_orders"], | 43 Exec["deploy_orders"], |
46 ], | 44 ], |
47 } | 45 } |
48 | 46 |
49 # Synchronizing e-mail and password information between the project | 47 # Synchronizing e-mail and password information between the project |
50 # allows for logging in from any entry point - whilst maintaining a | 48 # allows for logging in from any entry point - whilst maintaining a |
51 # registration form (and process) in one project only. | 49 # registration form (and process) in one project only. |
52 cron {'trac_session_attribute_sync': | 50 cron {'trac_session_attribute_sync': |
53 ensure => present, | 51 ensure => present, |
54 user => trac, | 52 user => trac, |
55 minute => '*/30', | 53 minute => '*/30', |
56 command => "mysql -utrac -p'${private::trac::database_password}' trac_orders --execute ' \ | 54 command => "mysql -utrac -p'${private::trac::database_password}' trac_orders --execute ' \ |
57 INSERT INTO session_attribute (sid, authenticated, name, value) SELECT sid , authenticated, name, value \ | 55 INSERT INTO session_attribute (sid, authenticated, name, value) SELECT sid , authenticated, name, value \ |
58 FROM trac.session_attribute WHERE authenticated = 1 AND name IN (\"email\" , \"password\") \ | 56 FROM trac.session_attribute WHERE authenticated = 1 AND name IN (\"email\" , \"password\") \ |
59 ON DUPLICATE KEY UPDATE value=VALUES(value) ' >/dev/null | 57 ON DUPLICATE KEY UPDATE value=VALUES(value) ' >/dev/null |
60 ", | 58 ", |
61 require => Exec['trac_auth_cookie_view'], | 59 require => Exec['trac_auth_cookie_view'], |
62 } | 60 } |
63 | 61 |
62 # This directive is required due to legacy issues, where only one trac | |
63 # project was configured. Now we want to have more verbose names, e.g. | |
64 # tracd_issues and tracd_orders, but the spawn-fcgi module doesn't remove | |
65 # unmentioned former setups. So, in order to avoid conflicts or manual | |
66 # intervention during rollout, we must keep this statement here and never | |
67 # re-use the name again. Ugly, but neccessary. | |
68 spawn-fcgi::pool {"tracd": | |
69 ensure => absent, | |
70 require => Exec['tracd_kludge'], | |
71 } | |
72 | |
73 # Unfortunately, the spawn-fcgi module is not capable of stopping the | |
74 # processes of pools that are changed to absent - simply because it removes | |
75 # the configuration file and the subsequent reload or restart does not | |
76 # recognize the pool any more. Thus, we have to ensure that the service is | |
77 # stopped before: | |
78 exec { 'tracd_kludge': | |
79 command => 'service spawn-fcgi stop', | |
80 onlyif => 'service spawn-fcgi status', | |
81 path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', | |
82 notify => Service['spawn-fcgi'], | |
83 } | |
84 | |
85 # Pretty similar to the "tracd" pool issue above: The trac-admin initenv | |
86 # command would fail for environment-issues after creation of the directory | |
87 # structure, when it comes to the database setup (which already exists), | |
88 # if we do not handle the existing resources manually.. | |
89 exec { 'trac_env_issues_kludge': | |
90 command => 'ln -s environment /home/trac/environment-issues', | |
91 before => Exec['trac_env_issues'], | |
92 path => "/usr/bin:/bin", | |
93 user => trac, | |
94 onlyif => 'test -d /home/trac/environment && \ | |
95 test ! -e /home/trac/environment-issues', | |
96 require => User['trac'], | |
97 } | |
98 | |
64 class {'nagios::client': | 99 class {'nagios::client': |
65 server_address => 'monitoring.adblockplus.org' | 100 server_address => 'monitoring.adblockplus.org' |
66 } | 101 } |
67 } | 102 } |
LEFT | RIGHT |