modules/updateserver/manifests/init.pp - Issue 5071748311547904: Issue 1094 - Generate update manifests on the update server

Delta Between Two Patch Sets: modules/updateserver/manifests/init.pp

Issue 5071748311547904: Issue 1094 - Generate update manifests on the update server (Closed)

Left Patch Set: Created July 24, 2014, 2:16 p.m.

Right Patch Set: Run as user sitescripts Created July 25, 2014, 2:17 p.m.

Left:
Right:

Use n/p to move between diff chunks; N/P to move between comments.

Jump to:

Left: Side by side diff | Download
Right: Side by side diff | Download

LEFT	RIGHT
1 class updateserver(	1 class updateserver(

2 $domain,	2 $domain,

3 $certificate,	3 $certificate,

4 $private_key,	4 $private_key,

5 $is_default=false	5 $is_default=false

6 ) {	6 ) {

7 class {'nginx':	7 class {'nginx':

8 worker_processes => 2,	8 worker_processes => 2,

9 worker_connections => 4000,	9 worker_connections => 4000,

10 ssl_session_cache => off,	10 ssl_session_cache => off,

11 }	11 }

12	12

13 File {	13 File {

14 owner => root,	14 owner => root,

15 group => root	15 group => root

16 }	16 }

17	17

18 file {'/var/www':	18 file {'/var/www':

19 ensure => directory,	19 ensure => directory,

20 mode => 0755,	20 mode => 0755,

21 require => Package['nginx']	21 require => Package['nginx']

22 }	22 }

23	23

24 file {'/var/www/update':	24 $update_dir = '/var/www/update'

	25

	26 file {$update_dir:

25 ensure => directory,	27 ensure => directory,

26 mode => 0755	28 mode => 0755

27 }	29 }

28	30

29 $update_manifest_dirs = ['/var/www/update/adblockplus',	31 $sitescripts_var_dir = '/var/lib/sitescripts'
mathias 2014/07/25 07:04:28 Now that /var/www/update is used over and over, I' Now that /var/www/update is used over and over, I'd prefer using a variable for this prefix, much like $base_dir below. Felix Dahlke 2014/07/25 07:17:45 Done. Show quoted text On 2014/07/25 07:04:28, matze wrote: > Now that /var/www/update is used over and over, I'd prefer using a variable for > this prefix, much like $base_dir below. Done.	Felix Dahlke 2014/07/25 14:21:01 This was /var/lib/adblockplus before. This is now This was /var/lib/adblockplus before. This is now more confusing since we have /opt/sitescripts, which suggests it's a all-in-one package, and then we have these runtime files here in the proper FHS place. I don't see a better way without changing the sitescripts module though. /opt/sitescripts is a hg repository, adding files not under version control there seems worse. I suppose the cleanest way would be to move /opt/sitescripts to /usr/lib/sitescripts.
30 '/var/www/update/adblockplusandroid',	32

31 '/var/www/update/adblockplussafari']	33 user {'sitescripts':

	34 ensure => present,

	35 home => $sitescripts_var_dir

	36 }

	37

	38 file {$sitescripts_var_dir:

	39 ensure => directory,

	40 mode => 0755,

	41 owner => 'sitescripts',

	42 group => 'sitescripts'

	43 }

	44

	45 $update_manifest_dirs = ["${update_dir}/gecko",

	46 "${update_dir}/adblockplusandroid",

	47 "${update_dir}/adblockplussafari"]

32	48

33 file {$update_manifest_dirs:	49 file {$update_manifest_dirs:

	50 ensure => directory,

	51 mode => 0755,

	52 owner => 'sitescripts',

	53 group => 'sitescripts'

	54 }

	55

	56 file {"${update_dir}/adblockplusie":

34 ensure => directory,	57 ensure => directory,

35 mode => 0755	58 mode => 0755

36 }	59 }

37	60

38 file {'/var/www/update/adblockplusie':	61 file {"${update_dir}/adblockplusie/update.json":
mathias 2014/07/25 07:04:28 I assume it's intentional that adblockplusie is no I assume it's intentional that adblockplusie is not included in the $update_manifest_dirs? (I don't know these parts of our infrastructure, software and requirements well enough yet to answer that myself..) Felix Dahlke 2014/07/25 07:17:45 Yup, we can't generate that one yet with how thing Show quoted text On 2014/07/25 07:04:28, matze wrote: > I assume it's intentional that adblockplusie is not included in the > $update_manifest_dirs? (I don't know these parts of our infrastructure, software > and requirements well enough yet to answer that myself..) Yup, we can't generate that one yet with how things currently are in sitescripts. Working on that in parallel, will be a separate patch.
39 ensure => directory,

40 mode => 0755

41 }

42

43 file {'/var/www/update/adblockplusie/update.json':

44 ensure => file,	62 ensure => file,

45 source => 'puppet:///modules/updateserver/adblockplusie/update.json',	63 source => 'puppet:///modules/updateserver/adblockplusie/update.json',

46 mode => 0644	64 mode => 0644

47 }	65 }

48	66

49 nginx::hostconfig{$domain:	67 nginx::hostconfig{$domain:

50 source => 'puppet:///modules/updateserver/site.conf',	68 source => 'puppet:///modules/updateserver/site.conf',

51 is_default => $is_default,	69 is_default => $is_default,

52 certificate => $certificate,	70 certificate => $certificate,

53 private_key => $private_key,	71 private_key => $private_key,

54 log => 'access_log_update'	72 log => 'access_log_update'

55 }	73 }

56	74

57 class {'sitescripts':	75 class {'sitescripts':

58 sitescriptsini_source => 'puppet:///modules/updateserver/sitescripts'	76 sitescriptsini_source => 'puppet:///modules/updateserver/sitescripts'

59 }	77 }

60	78

61 $base_dir = '/var/lib/adblockplus'	79 $safari_certificate_path = "${sitescripts_var_dir}/adblockplussafari.pem"

62

63 file {$base_dir:

64 ensure => directory,

65 mode => 0755

66 }

67

68 $safari_certificate_path = "${base_dir}/adblockplussafari.pem"

69	80

70 file {$safari_certificate_path:	81 file {$safari_certificate_path:

71 source => 'puppet:///modules/private/adblockplussafari.pem'	82 source => 'puppet:///modules/private/adblockplussafari.pem'

72 }	83 }

73	84

74 $repositories_to_sync = ['downloads', 'adblockplus', 'adblockplusandroid',	85 $repositories_to_sync = ['downloads', 'adblockplus', 'adblockplusandroid',

75 'adblockpluschrome', 'elemhidehelper', 'abpwatcher',	86 'adblockpluschrome', 'elemhidehelper', 'abpwatcher',

76 'abpcustomization', 'urlfixer']	87 'abpcustomization', 'urlfixer']

77	88

78 define fetch_repository() {	89 define fetch_repository() {

79 $repository_path = "${updateserver::base_dir}/${title}"	90 $repository_path = "${updateserver::sitescripts_var_dir}/${title}"

80 exec {"fetch_repository_${title}":	91 exec {"fetch_repository_${title}":

81 command => "hg clone https://hg.adblockplus.org/${title} ${repository_path }",	92 command => "hg clone -U https://hg.adblockplus.org/${title} ${repository_p ath}",

82 path => '/usr/bin',	93 path => '/usr/local/bin:/usr/bin:/bin',
mathias 2014/07/25 07:04:28 Are you sure that hg(1) is available in /usr/bin? Are you sure that hg(1) is available in /usr/bin? Felix Dahlke 2014/07/25 07:17:45 Yes. Show quoted text On 2014/07/25 07:04:28, matze wrote: > Are you sure that hg(1) is available in /usr/bin? Yes. Wladimir Palant 2014/07/25 09:54:39 Thinking a bit more about it - this does look like Show quoted text On 2014/07/25 07:17:45, Felix H. Dahlke wrote: > On 2014/07/25 07:04:28, matze wrote: > > Are you sure that hg(1) is available in /usr/bin? > > Yes. Thinking a bit more about it - this does look like a bad assumption. What if we at some point decide to install Mercurial via pip? I'd rather go with a standard search path like '/bin:/usr/bin:/usr/sbin:/usr/local/bin'. Felix Dahlke 2014/07/25 10:31:15 Done. Left sbin out since I really wouldn't expect Show quoted text On 2014/07/25 09:54:39, Wladimir Palant wrote: > On 2014/07/25 07:17:45, Felix H. Dahlke wrote: > > On 2014/07/25 07:04:28, matze wrote: > > > Are you sure that hg(1) is available in /usr/bin? > > > > Yes. > > Thinking a bit more about it - this does look like a bad assumption. What if we > at some point decide to install Mercurial via pip? I'd rather go with a standard > search path like '/bin:/usr/bin:/usr/sbin:/usr/local/bin'. Done. Left sbin out since I really wouldn't expect hg there.
	94 user => 'sitescripts',

83 timeout => 0,	95 timeout => 0,

84 onlyif => "test ! -d ${repository_path}",	96 onlyif => "test ! -d ${repository_path}",

85 require => [Package['mercurial'], File[$updateserver::base_dir]]	97 require => [Package['mercurial'], File[$updateserver::sitescripts_var_dir] ]

86 }	98 }

87 }	99 }

88	100

89 fetch_repository {$repositories_to_sync: }	101 fetch_repository {$repositories_to_sync: }

90	102

91 $update_update_manifests_script = '/usr/local/bin/update_update_manifests'	103 $update_update_manifests_script = '/usr/local/bin/update_update_manifests'
mathias 2014/07/25 07:04:28 Is the update_update prefix intentional? Is the update_update prefix intentional? Felix Dahlke 2014/07/25 07:17:45 Yes, we're updating update manifests here. Show quoted text On 2014/07/25 07:04:28, matze wrote: > Is the update_update prefix intentional? Yes, we're updating update manifests here.
92	104

93 file {$update_update_manifests_script:	105 file {$update_update_manifests_script:

94 mode => '0755',	106 mode => '0755',

95 content => template('updateserver/update_update_manifests.erb')	107 content => template('updateserver/update_update_manifests.erb')

96 }	108 }

97	109

98 $update_update_manifests_dependencies = ['python-m2crypto', 'python-jinja2']	110 $update_update_manifests_dependencies = ['python-m2crypto', 'python-jinja2']
mathias 2014/07/25 07:04:28 Is the update_update prefix intentional? Is the update_update prefix intentional? Felix Dahlke 2014/07/25 07:17:45 Yes. Show quoted text On 2014/07/25 07:04:28, matze wrote: > Is the update_update prefix intentional? Yes.
99	111

100 package {$update_update_manifests_dependencies:}	112 package {$update_update_manifests_dependencies:}

101	113

102 exec {'update_update_manifests':	114 exec {'update_update_manifests':

103 command => $update_update_manifests_script,	115 command => $update_update_manifests_script,

	116 user => 'sitescripts',

104 timeout => 0,	117 timeout => 0,

105 require => [Exec['fetch_sitescripts'],	118 require => [Exec['fetch_sitescripts'],

106 Fetch_repository[$repositories_to_sync],	119 Fetch_repository[$repositories_to_sync],

107 File[$update_update_manifests_script],	120 File[$update_update_manifests_script],

108 File[$update_manifest_dirs], File[$safari_certificate_path],	121 File[$update_manifest_dirs], File[$safari_certificate_path],

109 Package[$update_update_manifests_dependencies]]	122 Package[$update_update_manifests_dependencies]]

110 }	123 }

111	124

112 cron {'update_update_manifests':	125 cron {'update_update_manifests':

113 ensure => present,	126 ensure => present,

114 environment => ['MAILTO=admins@adblockplus.org'],	127 environment => ['MAILTO=admins@adblockplus.org'],

115 command => $update_update_manifests_script,	128 command => $update_update_manifests_script,

	129 user => 'sitescripts',

116 minute => '*/10',	130 minute => '*/10',

117 require => Exec['update_update_manifests']	131 require => Exec['update_update_manifests']

118 }	132 }

119 }	133 }

LEFT	RIGHT