modules/adblockplus/manifests/web/static.pp - Issue 29733731: #7320 - Introduce helpcenter role

Delta Between Two Patch Sets: modules/adblockplus/manifests/web/static.pp

Issue 29733731: #7320 - Introduce helpcenter role (Closed)

Left Patch Set: Created March 27, 2018, 3:53 a.m.

Right Patch Set: Make documentation right Created April 17, 2018, 8:03 p.m.

Left:
Right:

Use n/p to move between diff chunks; N/P to move between comments.

Jump to:

Left: Side by side diff | Download
Right: Side by side diff | Download

LEFT	RIGHT
1 # == Class: adblockplus::web::static	1 # == Class: adblockplus::web::static

2 #	2 #

3 # Manage a simple Nginx-based webserver for static content	3 # Manage a simple Nginx-based webserver for static content

4 # that uses a customizable deployment script to e.g. fetch the content	4 # that uses a customizable deployment script to e.g. fetch the content

5 # from a repository server (ref. http://hub.eyeo.com/issues/4523)	5 # from a repository server (ref. http://hub.eyeo.com/issues/4523)

6 #

7 #	6 #

8 # === Parameters:	7 # === Parameters:
mathias 2018/03/27 14:46:51 Incomplete. Incomplete. f.lopez 2018/03/27 19:29:50 Acknowledged. Show quoted text On 2018/03/27 14:46:51, mathias wrote: > Incomplete. Acknowledged.
9 #	8 #

10 # [domain]	9 # [domain]

11 # The domain name for the website.	10 # The domain name for the website.

12 #	11 #

13 # [ssl_certificate]	12 # [ssl_certificate]

14 # The name of the SSL certificate file within modules/private/files, if any.	13 # The name of the SSL certificate file within modules/private/files, if any.

15 # Requires a private_key as well.	14 # Requires a private_key as well.

16 #	15 #

17 # [ssl_private_key]	16 # [ssl_private_key]

18 # The name of the private key file within modules/private/files, if any.	17 # The name of the private key file within modules/private/files, if any.

19 # Requires a certificate as well.	18 # Requires a certificate as well.

20 #	19 #

21 # [ensure]	20 # [ensure]

22 # Whether to set up the website or not.	21 # Whether to set up the website or not, e.g. "asbsent" or "present".

	22 #

	23 # [deploy_user]

	24 # User that will be used to issue commands.

	25 #

	26 # [deploy_user_authorized_keys]

	27 # Array of public keys that will have access to ssh commands

23 #	28 #

24 # [hooks]	29 # [hooks]

25 # Hash of adblockplus::web::static::hook items to set up in this context.	30 # Hash of adblockplus::web::static::hook items to set up in this context.

26 #	31 #

27 # === Examples:	32 # === Examples:

28 #	33 #

29 # class {'adblockplus::web::static':	34 # class {'adblockplus::web::static':

30 # domain => 'help.eyeo.com',	35 # domain => 'help.eyeo.com',

31 # hooks => {	36 # hooks => {

32 # deploy => {	37 # uname => {

33 # file => {	38 # file => {

34 # content => 'uname -a',	39 # content => 'uname -a',
mathias 2018/03/27 14:46:51 That is a quite strange "deploy" example. That is a quite strange "deploy" example. f.lopez 2018/03/27 19:29:50 heh :), I'll change the name of the example :D Show quoted text On 2018/03/27 14:46:51, mathias wrote: > That is a quite strange "deploy" example. heh :), I'll change the name of the example :D
35 # }	40 # },

36 # }	41 # },

	42 # uptime => {

	43 # file => {

	44 # target => '/usr/bin/uptime',

	45 # ensure => 'link',

	46 # },

	47 # },

37 # },	48 # },

38 # }	49 # }

39 #	50 #

40 class adblockplus::web::static (	51 class adblockplus::web::static (

41 $domain = undef,	52 $domain,
mathias 2018/03/27 14:46:50 A required parameter shall not default to anything A required parameter shall not default to anything, not even undef. f.lopez 2018/03/27 19:29:50 Acknowledged. Show quoted text On 2018/03/27 14:46:50, mathias wrote: > A required parameter shall not default to anything, not even undef. Acknowledged.
42 $ssl_certificate = undef,	53 $ssl_certificate = undef,

43 $ssl_private_key = undef,	54 $ssl_private_key = undef,

44 $ensure = 'present',	55 $ensure = 'present',

45 $deploy_user = 'web-deploy',	56 $deploy_user = 'web-deploy',

46 $deploy_user_authorized_keys = undef,	57 $deploy_user_authorized_keys = [],

47 $hooks = {},	58 $hooks = {},

48 ) {	59 ) {

49	60

50 include adblockplus::web	61 include adblockplus::web

51 include nginx	62 include nginx

52 include geoip

53 include ssh	63 include ssh

	64

	65 File {

	66 mode => '0755',

	67 owner => $deploy_user,

	68 group => $deploy_user,

	69 }

54	70

55 ensure_resource('file', "/var/www/$domain", {	71 ensure_resource('file', "/var/www/$domain", {

56 ensure => ensure_directory_state($ensure),	72 ensure => ensure_directory_state($ensure),

57 mode => '0775',	73 owner => 'www-data',

58 owner => www-data,	74 group => 'www-data',

59 group => www-data,

60 })	75 })

61	76

62 ensure_resource('nginx::hostconfig', $title, {	77 ensure_resource('nginx::hostconfig', $title, {

63 content => template('adblockplus/web/static.conf.erb'),	78 content => template('adblockplus/web/static.conf.erb'),

64 certificate => $ssl_certificate,	79 certificate => $ssl_certificate,

65 domain => $domain,	80 domain => $domain,

66 is_default => $is_default,	81 is_default => true,
mathias 2018/03/27 14:46:50 is_undef is_undef f.lopez 2018/03/27 19:29:49 Acknowledged. Show quoted text On 2018/03/27 14:46:50, mathias wrote: > is_undef Acknowledged.
67 private_key => $ssl_private_key,	82 private_key => $ssl_private_key,

68 log => "access_log_$domain",	83 log => 'web.access.log',
mathias 2018/03/27 14:46:51 I don't know who started this practice but I don't I don't know who started this practice but I don't like it: Either call it access_log_web_static or something or call it "$domain.access" or "access.$domain" or add ".log" or whatever - but please don't mix different notations, e.g. underscores and file-ext-agnostic-dots ("access_log_help.eyeo.com" is just a shitty file name). Also, as long as this is a class and not a named type there is no point in having a variable log file name. Just makes configuration more prone to error. f.lopez 2018/03/27 19:29:49 Acknowledged. Show quoted text On 2018/03/27 14:46:51, mathias wrote: > I don't know who started this practice but I don't like it: Either call it > access_log_web_static or something or call it "$domain.access" or > "access.$domain" or add ".log" or whatever - but please don't mix different > notations, e.g. underscores and file-ext-agnostic-dots > ("access_log_help.eyeo.com" is just a shitty file name). Also, as long as this > is a class and not a named type there is no point in having a variable log file > name. Just makes configuration more prone to error. Acknowledged.
	84 })

	85

	86 $content = [

	87 "Match User ${deploy_user}",

	88 'AllowTcpForwarding no',

	89 'X11Forwarding no',

	90 'AllowAgentForwarding no',

	91 'GatewayPorts no',

	92 'ForceCommand /usr/local/bin/hooks_wrapper $SSH_ORIGINAL_COMMAND',

	93 ]

	94

	95 ensure_resource('concat::fragment', 'helpcenter', {

	96 content => join($content, "\n\t"),

	97 ensure => 'present',

	98 target => 'sshd_config',

	99 order => '20',

69 })	100 })

70	101

71 ensure_resource('adblockplus::user', $deploy_user, {	102 ensure_resource('adblockplus::user', $deploy_user, {

72 authorized_keys => $deploy_user_authorized_keys,	103 authorized_keys => $deploy_user_authorized_keys,

73 ensure => $ensure,	104 ensure => $ensure,

74 password_hash => '*',

75 shell => '/bin/bash',	105 shell => '/bin/bash',

76 groups => ['www-data'],	106 groups => ['www-data'],

	107 })

	108

	109 $wrapper_path = "/home/${deploy_user}/bin"

	110 ensure_resource('file', 'commands_dir', {

	111 path => $wrapper_path,

	112 ensure => ensure_directory_state($ensure),

	113 })

	114

	115 ensure_resource('file', '/usr/local/bin/hooks_wrapper', {

	116 ensure => ensure_file_state($ensure),

	117 content => template('adblockplus/web/hooks_wrapper.sh.erb'),

77 })	118 })

78	119

79 # https://docs.puppet.com/puppet/latest/function.html#createresources	120 # https://docs.puppet.com/puppet/latest/function.html#createresources

80 create_resources('adblockplus::web::static::hook', $hooks)	121 create_resources('adblockplus::web::static::hook', $hooks)

81 }	122 }

82	123

LEFT	RIGHT