Left: | ||
Right: |
OLD | NEW |
---|---|
1 class discourse( | 1 class discourse( |
2 $domain, | 2 $domain, |
3 $certificate, | 3 $certificate, |
4 $private_key, | 4 $private_key, |
5 $is_default = false | 5 $site_settings, |
6 ) inherits private::discourse { | 6 $is_default = false, |
7 $admins = hiera('discourse::admins', []) | |
8 ) { | |
7 | 9 |
8 class { 'postgresql::globals': | 10 apt::source {'docker': |
9 manage_package_repo => true, | 11 location => 'https://apt.dockerproject.org/repo', |
10 version => '9.3', | 12 release => 'ubuntu-precise', |
11 }-> | 13 repos => 'main', |
12 class {"postgresql::server":} | 14 key => '58118E89F3A912897C070ADBF76221572C52609D', |
13 | 15 key_content => template('discourse/dockersource.gpg.key'), |
14 class {"postgresql::server::contrib": | 16 include_src => false, |
15 package_ensure => 'present', | |
16 } | 17 } |
17 | 18 |
18 postgresql::server::database {'discourse':} | 19 package {'docker-engine': |
19 | 20 ensure => '1.11.0-0~precise', |
20 postgresql::server::role {'discourse': | 21 require => Apt::Source['docker'], |
21 password_hash => postgresql_password('discourse', $database_password), | |
22 db => 'discourse', | |
23 login => true, | |
24 superuser => true, | |
25 require => Postgresql::Server::Database['discourse'] | |
26 } | 22 } |
27 | 23 |
28 $rvm_dependencies = ['curl', 'git-core', 'patch', 'build-essential', 'bison', | 24 package {'git': |
29 'zlib1g-dev', 'libssl-dev', 'libxml2-dev', 'sqlite3', 'libsqlite3-dev', | 25 ensure => present, |
30 'autotools-dev', 'libxslt1-dev', 'libyaml-0-2', 'autoconf', 'automake', | |
31 'libreadline6-dev', 'libyaml-dev', 'libtool', 'libgdbm-dev', | |
32 'libncurses5-dev', 'libffi-dev', 'pkg-config', 'gawk'] | |
33 $discourse_dependencies = ['redis-server', 'libjemalloc1'] | |
34 $gem_dependencies = ['libpq-dev'] | |
35 $image_optim_dependencies = ['advancecomp', 'gifsicle', 'jhead', 'jpegoptim', | |
36 'libjpeg-progs', 'optipng', 'pngcrush'] | |
37 $image_sorcery_dependencies = 'imagemagick' | |
38 | |
39 package {[$rvm_dependencies, $discourse_dependencies, $gem_dependencies, $imag e_optim_dependencies, $image_sorcery_dependencies]: | |
40 ensure => present | |
41 } | 26 } |
42 | 27 |
43 Exec <| tag == 'rvm' |> { | 28 service {'docker': |
44 path => '/bin:/usr/bin:/usr/sbin:/usr/local/bin:/home/discourse/.rvm/bin', | 29 ensure => running, |
45 user => discourse, | 30 require => Package['docker-engine'], |
46 group => www-data, | |
47 environment => ['HOME=/home/discourse'], | |
48 } | 31 } |
49 | 32 |
50 exec {'install-rvm-key': | 33 file {'/var/discourse': |
51 command => 'gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C2754 62A1703113804BB82D39DC0E3', | 34 ensure => directory, |
52 tag => 'rvm', | 35 mode => 755, |
53 unless => 'gpg --list-keys | grep D39DC0E3', | 36 owner => root, |
37 group => root | |
54 } | 38 } |
55 | 39 |
56 exec {'install-ruby': | 40 exec {'fetch-discourse-docker': |
57 command => 'curl -sSL https://get.rvm.io | bash -s stable --ruby=2.1.2', | 41 command => "hg clone https://hg.adblockplus.org/discourse_docker /var/discou rse", |
58 tag => 'rvm', | 42 path => ["/usr/bin/", "/bin/"], |
59 creates => '/home/discourse/.rvm', | 43 user => root, |
60 timeout => 0, | 44 timeout => 0, |
61 logoutput => true, | 45 require => [Package['mercurial'], File['/var/discourse']], |
62 require => [Exec['install-rvm-key'], Package[$rvm_dependencies]], | 46 onlyif => "test ! -d /var/discourse/.hg" |
mathias
2016/07/13 17:48:03
Using exec resource parameter "unless" is more str
Wladimir Palant
2016/07/13 18:01:12
The more important question is whether we should e
| |
63 } | 47 } |
64 | 48 |
65 exec {'install-bundler': | 49 file {'/var/discourse/containers/app.yml': |
66 command => 'rvm default do gem install bundler', | 50 ensure => file, |
67 tag => 'rvm', | 51 mode => 600, |
68 unless => 'rvm default do gem list | grep "^bundler ")', | 52 owner => root, |
69 require => Exec['install-ruby'], | 53 group => root, |
54 content => template('discourse/app.yml.erb'), | |
55 require => Exec['fetch-discourse-docker'], | |
70 } | 56 } |
71 | 57 |
72 file {'/opt/discourse': | 58 exec {'rebuild': |
73 ensure => directory, | 59 command => '/var/discourse/launcher rebuild app --skip-prereqs', |
74 mode => 755, | 60 user => root, |
75 owner => discourse, | 61 subscribe => File['/var/discourse/containers/app.yml'], |
76 group => www-data | 62 refreshonly => true, |
63 logoutput => 'on_failure', | |
64 timeout => 0, | |
65 require => [Exec['fetch-discourse-docker'], | |
66 Service['docker'], | |
67 Package['git']], | |
77 } | 68 } |
78 | 69 |
79 file {['/opt/discourse/tmp', '/opt/discourse/tmp/pids']: | 70 exec {'start': |
80 ensure => directory, | 71 command => '/var/discourse/launcher start app --skip-prereqs', |
81 mode => 755, | 72 user => root, |
82 owner => discourse, | 73 logoutput => 'on_failure', |
83 group => www-data, | 74 require => Exec['rebuild'], |
84 require => Exec['fetch-discourse'] | |
85 } | |
86 | |
87 file {'/opt/discourse/config/discourse.conf': | |
88 mode => 600, | |
89 owner => discourse, | |
90 group => www-data, | |
91 content => template('discourse/discourse.conf.erb'), | |
92 notify => Service['discourse'], | |
93 require => Exec['fetch-discourse'] | |
94 } | |
95 | |
96 file {'/usr/local/bin/init-discourse': | |
97 mode => 0755, | |
98 owner => root, | |
99 group => root, | |
100 source => 'puppet:///modules/discourse/init-discourse' | |
101 } | |
102 | |
103 user {'discourse': | |
104 ensure => present, | |
105 comment => 'Discourse user', | |
106 home => '/home/discourse', | |
107 gid => www-data, | |
108 password => '*', | |
109 managehome => true | |
110 } | |
111 | |
112 file {'/etc/sudoers.d/discourse': | |
113 ensure => present, | |
114 owner => root, | |
115 group => root, | |
116 mode => 0440, | |
117 source => 'puppet:///modules/discourse/sudoers', | |
118 require => User['discourse'] | |
119 } | |
120 | |
121 exec {'fetch-discourse': | |
122 command => "hg clone https://hg.adblockplus.org/discourse /opt/discourse", | |
123 path => ["/usr/bin/", "/bin/"], | |
124 user => discourse, | |
125 group => www-data, | |
126 timeout => 0, | |
127 require => [Package['mercurial'], File['/opt/discourse']], | |
128 notify => Exec['init-discourse'], | |
129 onlyif => "test ! -d /opt/discourse/.hg" | |
130 } | |
131 | |
132 file {'/opt/discourse/config/initializers/airbrake.rb': | |
133 ensure => absent, | |
134 before => Exec['init-discourse'], | |
135 } | |
136 | |
137 file {'/opt/discourse/config/version.rb': | |
138 ensure => present, | |
139 owner => discourse, | |
140 group => www-data, | |
141 | |
142 # This is hardcoded here so that Discourse doesn't try to extract it from | |
143 # the repository. Ideally, we should update it when updating Discourse. | |
144 content => '$git_version = "a324c71869cad20a40f7979354cd731041878276"', | |
145 require => Exec['fetch-discourse'], | |
146 before => Exec['init-discourse'], | |
147 } | |
148 | |
149 exec {'init-discourse': | |
150 command => 'rvm default do /usr/local/bin/init-discourse', | |
151 tag => 'rvm', | |
152 subscribe => File['/usr/local/bin/init-discourse'], | |
153 refreshonly => true, | |
154 timeout => 0, | |
155 logoutput => true, | |
156 require => [Exec['install-bundler'], | |
157 Package[$discourse_dependencies, $gem_dependencies], | |
158 User['discourse'], File['/etc/sudoers.d/discourse'], | |
159 Exec['fetch-discourse'], | |
160 File['/opt/discourse/config/discourse.conf'], | |
161 Postgresql::Server::Role['discourse']] | |
162 } | |
163 | |
164 Discourse::Sitesetting <| |> { | |
165 require => Exec['init-discourse'] | |
166 } | |
167 | |
168 discourse::sitesetting {'title': | |
169 ensure => present, | |
170 type => 1, | |
171 value => 'Adblock Plus internal discussions' | |
172 } | |
173 | |
174 discourse::sitesetting {'notification_email': | |
175 ensure => present, | |
176 type => 1, | |
177 value => 'donotreply@adblockplus.org' | |
178 } | |
179 | |
180 discourse::sitesetting {'contact_email': | |
181 ensure => present, | |
182 type => 1, | |
183 value => 'admins@adblockplus.org' | |
184 } | |
185 | |
186 discourse::sitesetting {'site_contact_username': | |
187 ensure => present, | |
188 type => 1, | |
189 value => 'system' | |
190 } | |
191 | |
192 discourse::sitesetting {'must_approve_users': | |
193 ensure => present, | |
194 type => 5, | |
195 value => 'f' | |
196 } | |
197 | |
198 discourse::sitesetting {'login_required': | |
199 ensure => present, | |
200 type => 5, | |
201 value => 't' | |
202 } | |
203 | |
204 discourse::sitesetting {'email_domains_blacklist': | |
205 ensure => present, | |
206 type => 1, | |
207 value => '' | |
208 } | |
209 | |
210 discourse::sitesetting {'email_domains_whitelist': | |
211 ensure => present, | |
212 type => 1, | |
213 value => 'adblockplus.org|eyeo.com' | |
214 } | |
215 | |
216 discourse::sitesetting {'use_https': | |
217 ensure => present, | |
218 type => 5, | |
219 value => 't' | |
220 } | |
221 | |
222 discourse::sitesetting {'company_full_name': | |
223 ensure => present, | |
224 type => 1, | |
225 value => 'Eyeo GmbH' | |
226 } | |
227 | |
228 discourse::sitesetting {'company_short_name': | |
229 ensure => present, | |
230 type => 1, | |
231 value => 'Eyeo' | |
232 } | |
233 | |
234 discourse::sitesetting {'company_domain': | |
235 ensure => present, | |
236 type => 1, | |
237 value => 'eyeo.com' | |
238 } | |
239 | |
240 discourse::sitesetting {'enable_local_logins': | |
241 ensure => present, | |
242 type => 5, | |
243 value => 'f' | |
244 } | |
245 | |
246 discourse::sitesetting {'enable_local_account_create': | |
247 ensure => present, | |
248 type => 5, | |
249 value => 'f' | |
250 } | |
251 | |
252 discourse::sitesetting {'enable_google_logins': | |
253 ensure => present, | |
254 type => 5, | |
255 value => 'f' | |
256 } | |
257 | |
258 discourse::sitesetting {'enable_google_oauth2_logins': | |
259 ensure => present, | |
260 type => 5, | |
261 value => 't' | |
262 } | |
263 | |
264 discourse::sitesetting {'google_oauth2_client_id': | |
265 ensure => present, | |
266 type => 1, | |
267 value => $google_client_id | |
268 } | |
269 | |
270 discourse::sitesetting {'google_oauth2_client_secret': | |
271 ensure => present, | |
272 type => 1, | |
273 value => $google_client_secret | |
274 } | |
275 | |
276 discourse::sitesetting {'enable_facebook_logins': | |
277 ensure => present, | |
278 type => 5, | |
279 value => 'f' | |
280 } | |
281 | |
282 discourse::sitesetting {'enable_twitter_logins': | |
283 ensure => present, | |
284 type => 5, | |
285 value => 'f' | |
286 } | |
287 | |
288 discourse::sitesetting {'enable_github_logins': | |
289 ensure => present, | |
290 type => 5, | |
291 value => 'f' | |
292 } | |
293 | |
294 discourse::sitesetting {'enable_yahoo_logins': | |
295 ensure => present, | |
296 type => 5, | |
297 value => 'f' | |
298 } | |
299 | |
300 discourse::sitesetting {'enforce_global_nicknames': | |
301 ensure => present, | |
302 type => 5, | |
303 value => 'f' | |
304 } | |
305 | |
306 discourse::sitesetting {'allow_user_locale': | |
307 ensure => present, | |
308 type => 5, | |
309 value => 't' | |
310 } | |
311 | |
312 discourse::sitesetting {'white_listed_spam_host_domains': | |
313 ensure => present, | |
314 type => 1, | |
315 value => 'adblockplus.org,eyeo.com' | |
316 } | |
317 | |
318 discourse::sitesetting {'max_mentions_per_post': | |
319 ensure => present, | |
320 type => 3, | |
321 value => '50', | |
322 } | |
323 | |
324 Customservice { | |
325 user => 'discourse', | |
326 workdir => '/opt/discourse', | |
327 env => ['RAILS_ENV=production', 'RUBY_GC_MALLOC_LIMIT=90000000', | |
328 'UNICORN_WORKERS=2', 'LD_PRELOAD=/usr/lib/libjemalloc.so.1'], | |
329 require => Exec['init-discourse'] | |
330 } | |
331 | |
332 customservice {'discourse': | |
333 command => '/home/discourse/.rvm/bin/rvm default do bundle exec config/unico rn_launcher -c config/unicorn.conf.rb', | |
334 require => File['/opt/discourse/tmp/pids'], | |
335 } | |
336 | |
337 customservice {'sidekiq': | |
338 command => '/home/discourse/.rvm/bin/rvm default do bundle exec sidekiq' | |
339 } | 75 } |
340 | 76 |
341 class {'nginx': | 77 class {'nginx': |
342 worker_connections => 500 | 78 worker_connections => 500 |
343 } | 79 } |
344 | 80 |
345 nginx::hostconfig{$domain: | 81 nginx::hostconfig {$domain: |
346 source => 'puppet:///modules/discourse/site.conf', | 82 source => 'puppet:///modules/discourse/site.conf', |
347 global_config => ' | |
348 upstream discourse { | |
349 server localhost:3000; | |
350 }', | |
351 is_default => $is_default, | 83 is_default => $is_default, |
352 certificate => $certificate, | 84 certificate => $certificate, |
353 private_key => $private_key, | 85 private_key => $private_key, |
354 log => 'access_log_intraforum' | 86 log => 'access_log_intraforum' |
355 } | 87 } |
356 } | 88 } |
OLD | NEW |