Issue 4234 - Migrate Discourse to a Docker-based setup

modules/discourse/manifests/init.pp

Index: modules/discourse/manifests/init.pp
===================================================================
--- a/modules/discourse/manifests/init.pp
+++ b/modules/discourse/manifests/init.pp
@@ -1,356 +1,88 @@
 class discourse(
     $domain,
     $certificate,
     $private_key,
-    $is_default = false
-  ) inherits private::discourse {
+    $site_settings,
+    $is_default = false,
+    $admins = hiera('discourse::admins', [])
+  ) {
 
-  class { 'postgresql::globals':
-    manage_package_repo => true,
-    version => '9.3',
-  }->
-  class {"postgresql::server":}
-
-  class {"postgresql::server::contrib":
-    package_ensure => 'present',
+  apt::source {'docker':
+    location => 'https://apt.dockerproject.org/repo',
+    release => 'ubuntu-precise',
+    repos => 'main',
+    key => '58118E89F3A912897C070ADBF76221572C52609D',
+    key_content => template('discourse/dockersource.gpg.key'),
+    include_src => false,
   }
 
-  postgresql::server::database {'discourse':}
-
-  postgresql::server::role {'discourse':
-    password_hash => postgresql_password('discourse', $database_password),
-    db => 'discourse',
-    login => true,
-    superuser => true,
-    require => Postgresql::Server::Database['discourse']
+  package {'docker-engine':
+    ensure => '1.11.0-0~precise',
+    require => Apt::Source['docker'],
   }
 
-  $rvm_dependencies = ['curl', 'git-core', 'patch', 'build-essential', 'bison',
-      'zlib1g-dev', 'libssl-dev', 'libxml2-dev', 'sqlite3', 'libsqlite3-dev',
-      'autotools-dev', 'libxslt1-dev', 'libyaml-0-2', 'autoconf', 'automake',
-      'libreadline6-dev', 'libyaml-dev', 'libtool', 'libgdbm-dev',
-      'libncurses5-dev', 'libffi-dev', 'pkg-config', 'gawk']
-  $discourse_dependencies = ['redis-server', 'libjemalloc1']
-  $gem_dependencies = ['libpq-dev']
-  $image_optim_dependencies = ['advancecomp', 'gifsicle', 'jhead', 'jpegoptim',
-      'libjpeg-progs', 'optipng', 'pngcrush']
-  $image_sorcery_dependencies = 'imagemagick'
-
-  package {[$rvm_dependencies, $discourse_dependencies, $gem_dependencies, $image_optim_dependencies, $image_sorcery_dependencies]:
-    ensure => present
+  package {'git':
+    ensure => present,
   }
 
-  Exec <| tag == 'rvm' |> {
-    path => '/bin:/usr/bin:/usr/sbin:/usr/local/bin:/home/discourse/.rvm/bin',
-    user => discourse,
-    group => www-data,
-    environment => ['HOME=/home/discourse'],
+  service {'docker':
+    ensure => running,
+    require => Package['docker-engine'],
   }
 
-  exec {'install-rvm-key':
-    command => 'gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3',
-    tag => 'rvm',
-    unless => 'gpg --list-keys | grep D39DC0E3',
+  file {'/var/discourse':
+    ensure => directory,
+    mode => 755,
+    owner => root,
+    group => root
   }
 
-  exec {'install-ruby':
-    command => 'curl -sSL https://get.rvm.io | bash -s stable --ruby=2.1.2',
-    tag => 'rvm',
-    creates => '/home/discourse/.rvm',
+  exec {'fetch-discourse-docker':
+    command => "hg clone https://hg.adblockplus.org/discourse_docker /var/discourse",
+    path => ["/usr/bin/", "/bin/"],
+    user => root,
     timeout => 0,
-    logoutput => true,
-    require => [Exec['install-rvm-key'], Package[$rvm_dependencies]],
+    require => [Package['mercurial'], File['/var/discourse']],
+    onlyif => "test ! -d /var/discourse/.hg"

[mathias, 2016/07/13 17:48:03]

Using exec resource parameter "unless" is more straightforward than negation
with "onlyif", in general, and in this case one may even prefer using parameter
"creates" instead (assuming the explicit test for being a directory having not
much more value than a general test for existence).

[Wladimir Palant, 2016/07/13 18:01:12]

The more important question is whether we should even use our copy of the
repository here given that Discourse assumes Git (particularly to verify that
the discourse_docker checkout is up to date) and will check out several
repositories from GitHub within the container anyway (meaning: if GitHub is down
then it won't work regardless).

   }
 
-  exec {'install-bundler':
-    command => 'rvm default do gem install bundler',
-    tag => 'rvm',
-    unless => 'rvm default do gem list | grep "^bundler ")',
-    require => Exec['install-ruby'],
+  file {'/var/discourse/containers/app.yml':
+    ensure => file,
+    mode => 600,
+    owner => root,
+    group => root,
+    content => template('discourse/app.yml.erb'),
+    require => Exec['fetch-discourse-docker'],
   }
 
-  file {'/opt/discourse':
-    ensure => directory,
-    mode => 755,
-    owner => discourse,
-    group => www-data
+  exec {'rebuild':
+    command => '/var/discourse/launcher rebuild app --skip-prereqs',
+    user => root,
+    subscribe => File['/var/discourse/containers/app.yml'],
+    refreshonly => true,
+    logoutput => 'on_failure',
+    timeout => 0,
+    require => [Exec['fetch-discourse-docker'],
+                Service['docker'],
+                Package['git']],
   }
 
-  file {['/opt/discourse/tmp', '/opt/discourse/tmp/pids']:
-    ensure => directory,
-    mode => 755,
-    owner => discourse,
-    group => www-data,
-    require => Exec['fetch-discourse']
-  }
-
-  file {'/opt/discourse/config/discourse.conf':
-    mode => 600,
-    owner => discourse,
-    group => www-data,
-    content => template('discourse/discourse.conf.erb'),
-    notify => Service['discourse'],
-    require => Exec['fetch-discourse']
-  }
-
-  file {'/usr/local/bin/init-discourse':
-    mode => 0755,
-    owner => root,
-    group => root,
-    source => 'puppet:///modules/discourse/init-discourse'
-  }
-
-  user {'discourse':
-    ensure => present,
-    comment => 'Discourse user',
-    home => '/home/discourse',
-    gid => www-data,
-    password => '*',
-    managehome => true
-  }
-
-  file {'/etc/sudoers.d/discourse':
-    ensure => present,
-    owner => root,
-    group => root,
-    mode => 0440,
-    source => 'puppet:///modules/discourse/sudoers',
-    require => User['discourse']
-  }
-
-  exec {'fetch-discourse':
-    command => "hg clone https://hg.adblockplus.org/discourse /opt/discourse",
-    path => ["/usr/bin/", "/bin/"],
-    user => discourse,
-    group => www-data,
-    timeout => 0,
-    require => [Package['mercurial'], File['/opt/discourse']],
-    notify => Exec['init-discourse'],
-    onlyif => "test ! -d /opt/discourse/.hg"
-  }
-
-  file {'/opt/discourse/config/initializers/airbrake.rb':
-    ensure => absent,
-    before => Exec['init-discourse'],
-  }
-
-  file {'/opt/discourse/config/version.rb':
-    ensure => present,
-    owner => discourse,
-    group => www-data,
-
-    # This is hardcoded here so that Discourse doesn't try to extract it from
-    # the repository. Ideally, we should update it when updating Discourse.
-    content => '$git_version = "a324c71869cad20a40f7979354cd731041878276"',
-    require => Exec['fetch-discourse'],
-    before => Exec['init-discourse'],
-  }
-
-  exec {'init-discourse':
-    command => 'rvm default do /usr/local/bin/init-discourse',
-    tag => 'rvm',
-    subscribe => File['/usr/local/bin/init-discourse'],
-    refreshonly => true,
-    timeout => 0,
-    logoutput => true,
-    require => [Exec['install-bundler'],
-                Package[$discourse_dependencies, $gem_dependencies],
-                User['discourse'], File['/etc/sudoers.d/discourse'],
-                Exec['fetch-discourse'],
-                File['/opt/discourse/config/discourse.conf'],
-                Postgresql::Server::Role['discourse']]
-  }
-
-  Discourse::Sitesetting <| |> {
-    require => Exec['init-discourse']
-  }
-
-  discourse::sitesetting {'title':
-    ensure => present,
-    type => 1,
-    value => 'Adblock Plus internal discussions'
-  }
-
-  discourse::sitesetting {'notification_email':
-    ensure => present,
-    type => 1,
-    value => 'donotreply@adblockplus.org'
-  }
-
-  discourse::sitesetting {'contact_email':
-    ensure => present,
-    type => 1,
-    value => 'admins@adblockplus.org'
-  }
-
-  discourse::sitesetting {'site_contact_username':
-    ensure => present,
-    type => 1,
-    value => 'system'
-  }
-
-  discourse::sitesetting {'must_approve_users':
-    ensure => present,
-    type => 5,
-    value => 'f'
-  }
-
-  discourse::sitesetting {'login_required':
-    ensure => present,
-    type => 5,
-    value => 't'
-  }
-
-  discourse::sitesetting {'email_domains_blacklist':
-    ensure => present,
-    type => 1,
-    value => ''
-  }
-
-  discourse::sitesetting {'email_domains_whitelist':
-    ensure => present,
-    type => 1,
-    value => 'adblockplus.org|eyeo.com'
-  }
-
-  discourse::sitesetting {'use_https':
-    ensure => present,
-    type => 5,
-    value => 't'
-  }
-
-  discourse::sitesetting {'company_full_name':
-    ensure => present,
-    type => 1,
-    value => 'Eyeo GmbH'
-  }
-
-  discourse::sitesetting {'company_short_name':
-    ensure => present,
-    type => 1,
-    value => 'Eyeo'
-  }
-
-  discourse::sitesetting {'company_domain':
-    ensure => present,
-    type => 1,
-    value => 'eyeo.com'
-  }
-
-  discourse::sitesetting {'enable_local_logins':
-    ensure => present,
-    type => 5,
-    value => 'f'
-  }
-
-  discourse::sitesetting {'enable_local_account_create':
-    ensure => present,
-    type => 5,
-    value => 'f'
-  }
-
-  discourse::sitesetting {'enable_google_logins':
-    ensure => present,
-    type => 5,
-    value => 'f'
-  }
-
-  discourse::sitesetting {'enable_google_oauth2_logins':
-    ensure => present,
-    type => 5,
-    value => 't'
-  }
-
-  discourse::sitesetting {'google_oauth2_client_id':
-    ensure => present,
-    type => 1,
-    value => $google_client_id
-  }
-
-  discourse::sitesetting {'google_oauth2_client_secret':
-    ensure => present,
-    type => 1,
-    value => $google_client_secret
-  }
-
-  discourse::sitesetting {'enable_facebook_logins':
-    ensure => present,
-    type => 5,
-    value => 'f'
-  }
-
-  discourse::sitesetting {'enable_twitter_logins':
-    ensure => present,
-    type => 5,
-    value => 'f'
-  }
-
-  discourse::sitesetting {'enable_github_logins':
-    ensure => present,
-    type => 5,
-    value => 'f'
-  }
-
-  discourse::sitesetting {'enable_yahoo_logins':
-    ensure => present,
-    type => 5,
-    value => 'f'
-  }
-
-  discourse::sitesetting {'enforce_global_nicknames':
-    ensure => present,
-    type => 5,
-    value => 'f'
-  }
-
-  discourse::sitesetting {'allow_user_locale':
-    ensure => present,
-    type => 5,
-    value => 't'
-  }
-
-  discourse::sitesetting {'white_listed_spam_host_domains':
-    ensure => present,
-    type => 1,
-    value => 'adblockplus.org,eyeo.com'
-  }
-
-  discourse::sitesetting {'max_mentions_per_post':
-    ensure => present,
-    type => 3,
-    value => '50',
-  }
-
-  Customservice {
-    user => 'discourse',
-    workdir => '/opt/discourse',
-    env => ['RAILS_ENV=production', 'RUBY_GC_MALLOC_LIMIT=90000000',
-      'UNICORN_WORKERS=2', 'LD_PRELOAD=/usr/lib/libjemalloc.so.1'],
-    require => Exec['init-discourse']
-  }
-
-  customservice {'discourse':
-    command => '/home/discourse/.rvm/bin/rvm default do bundle exec config/unicorn_launcher -c config/unicorn.conf.rb',
-    require => File['/opt/discourse/tmp/pids'],
-  }
-
-  customservice {'sidekiq':
-    command => '/home/discourse/.rvm/bin/rvm default do bundle exec sidekiq'
+  exec {'start':
+    command => '/var/discourse/launcher start app --skip-prereqs',
+    user => root,
+    logoutput => 'on_failure',
+    require => Exec['rebuild'],
   }
 
   class {'nginx':
     worker_connections => 500
   }
 
-  nginx::hostconfig{$domain:
+  nginx::hostconfig {$domain:
     source => 'puppet:///modules/discourse/site.conf',
-    global_config => '
-      upstream discourse {
-        server localhost:3000;
-      }',
     is_default => $is_default,
     certificate => $certificate,
     private_key => $private_key,
     log => 'access_log_intraforum'
   }
 }