Index: manifests/issuesserver.pp |
=================================================================== |
--- a/manifests/issuesserver.pp |
+++ b/manifests/issuesserver.pp |
@@ -1,5 +1,6 @@ |
node 'issues1' { |
- include base |
+ |
+ include base, private::trac |
class {'trac': |
domain => 'issues.adblockplus.org', |
@@ -8,6 +9,58 @@ |
is_default => true, |
} |
+ trac::instance {'trac': |
+ config => 'trac/trac.ini.erb', |
+ description => 'Adblock Plus Issue Tracker', |
+ environment => 'environment', |
+ location => '/', |
+ logo => 'adblockplus_logo.png', |
+ database => 'trac', |
+ permissions => "puppet:///modules/trac/permissions.csv", |
+ } |
+ |
+ trac::instance {'orders': |
+ config => 'trac/orders.ini.erb', |
+ description => 'Eyeo Order System', |
+ environment => 'environment-orders', |
+ location => '/orders', |
+ logo => 'eyeo_logo.png', |
+ database => 'trac_orders', |
+ permissions => "puppet:///modules/trac/order-permissions.csv", |
+ } |
+ |
+ # Transforming the auth_cookie table of the "new" Trac project into an |
+ # insertable view for the "old" project's table of the same name avoids |
+ # the need to convert the entire auth to htpasswd-file handling, which |
+ # would be the official way to go for achieving a shared authentication. |
+ exec { 'trac_auth_cookie_view': |
+ command => "mysql -utrac -p'${private::trac::database_password}' trac_orders --execute ' |
+ CREATE VIEW auth_cookie_view AS SELECT * FROM trac.auth_cookie; |
+ RENAME TABLE auth_cookie TO auth_cookie_original, auth_cookie_view TO auth_cookie;'", |
Wladimir Palant
2014/07/31 09:46:53
Why the renaming? We don't want that empty table.
mathias
2014/08/01 13:59:46
Well, I still prefer my version: Beside having an
Wladimir Palant
2014/08/01 14:11:13
Backup of an empty table that isn't used anywhere?
mathias
2014/08/01 16:25:03
Since you prefer it without, I'll adjust it.
But,
|
+ unless => "mysql -utrac -p'${private::trac::database_password}' trac_orders --execute ' |
+ SHOW CREATE TABLE auth_cookie' | grep VIEW", |
Wladimir Palant
2014/07/31 09:46:53
How about:
unless => "mysql -utrac -p'${private::
mathias
2014/08/01 13:59:46
Agreed, done.
|
+ path => "/usr/bin:/usr/sbin:/bin:/usr/local/bin", |
+ require => [ |
+ Exec["deploy_trac"], |
+ Exec["deploy_orders"], |
+ ], |
+ } |
+ |
+ # Synchronizing e-mail and password information between the project |
+ # allows for logging in from any entry point - whilst maintaining a |
+ # registration form (and process) in one project only. |
+ cron {'trac_session_attribute_sync': |
+ ensure => present, |
+ user => trac, |
+ minute => '*/30', |
+ command => "mysql -utrac -p'${private::trac::database_password}' trac_orders --execute ' \ |
+ INSERT INTO session_attribute (sid, authenticated, name, value) SELECT sid, authenticated, name, value \ |
+ FROM trac.session_attribute WHERE authenticated = 1 AND name IN (\"email\", \"password\") \ |
+ ON DUPLICATE KEY UPDATE value=VALUES(value) ' >/dev/null |
+ ", |
+ require => Exec['trac_auth_cookie_view'], |
+ } |
+ |
class {'nagios::client': |
server_address => 'monitoring.adblockplus.org' |
} |