LEFT | RIGHT |
1 node 'issues1' { | 1 node 'issues1' { |
2 include base | 2 |
| 3 include base, private::trac |
3 | 4 |
4 class {'trac': | 5 class {'trac': |
5 description => 'Adblock Plus Issue Tracker', | |
6 domain => 'issues.adblockplus.org', | 6 domain => 'issues.adblockplus.org', |
7 certificate => 'issues.adblockplus.org_sslcert.pem', | 7 certificate => 'issues.adblockplus.org_sslcert.pem', |
8 private_key => 'issues.adblockplus.org_sslcert.key', | 8 private_key => 'issues.adblockplus.org_sslcert.key', |
9 is_default => true, | 9 is_default => true, |
10 } | 10 } |
11 | 11 |
| 12 trac::instance {'issues': |
| 13 config => 'trac/trac.ini.erb', |
| 14 description => 'Adblock Plus Issue Tracker', |
| 15 location => '/', |
| 16 logo => 'puppet:///modules/trac/adblockplus_logo.png', |
| 17 database => 'trac', |
| 18 permissions => "puppet:///modules/trac/permissions.csv", |
| 19 } |
| 20 |
| 21 trac::instance {'orders': |
| 22 config => 'trac/orders.ini.erb', |
| 23 description => 'Eyeo Order System', |
| 24 location => '/orders', |
| 25 logo => 'puppet:///modules/trac/eyeo_logo.png', |
| 26 database => 'trac_orders', |
| 27 permissions => "puppet:///modules/trac/order-permissions.csv", |
| 28 } |
| 29 |
| 30 # Transforming the auth_cookie table of the "new" Trac project into an |
| 31 # insertable view for the "old" project's table of the same name avoids |
| 32 # the need to convert the entire auth to htpasswd-file handling, which |
| 33 # would be the official way to go for achieving a shared authentication. |
| 34 exec { 'trac_auth_cookie_view': |
| 35 command => "mysql -utrac -p'${private::trac::database_password}' trac_orders
--execute ' |
| 36 DROP TABLE IF EXISTS auth_cookie; |
| 37 CREATE VIEW auth_cookie AS SELECT * FROM trac.auth_cookie;'", |
| 38 unless => "mysql -utrac -p'${private::trac::database_password}' trac_orders
--execute ' |
| 39 SHOW CREATE VIEW auth_cookie'", |
| 40 path => "/usr/bin:/usr/sbin:/bin:/usr/local/bin", |
| 41 require => [ |
| 42 Exec["deploy_issues"], |
| 43 Exec["deploy_orders"], |
| 44 ], |
| 45 } |
| 46 |
| 47 # Synchronizing e-mail and password information between the project |
| 48 # allows for logging in from any entry point - whilst maintaining a |
| 49 # registration form (and process) in one project only. |
| 50 cron {'trac_session_attribute_sync': |
| 51 ensure => present, |
| 52 user => trac, |
| 53 minute => '*/30', |
| 54 command => "mysql -utrac -p'${private::trac::database_password}' trac_orders
--execute ' \ |
| 55 INSERT INTO session_attribute (sid, authenticated, name, value) SELECT sid
, authenticated, name, value \ |
| 56 FROM trac.session_attribute WHERE authenticated = 1 AND name IN (\"email\"
, \"password\") \ |
| 57 ON DUPLICATE KEY UPDATE value=VALUES(value) ' >/dev/null |
| 58 ", |
| 59 require => Exec['trac_auth_cookie_view'], |
| 60 } |
| 61 |
| 62 # This directive is required due to legacy issues, where only one trac |
| 63 # project was configured. Now we want to have more verbose names, e.g. |
| 64 # tracd_issues and tracd_orders, but the spawn-fcgi module doesn't remove |
| 65 # unmentioned former setups. So, in order to avoid conflicts or manual |
| 66 # intervention during rollout, we must keep this statement here and never |
| 67 # re-use the name again. Ugly, but neccessary. |
| 68 spawn-fcgi::pool {"tracd": |
| 69 ensure => absent, |
| 70 require => Exec['tracd_kludge'], |
| 71 } |
| 72 |
| 73 # Unfortunately, the spawn-fcgi module is not capable of stopping the |
| 74 # processes of pools that are changed to absent - simply because it removes |
| 75 # the configuration file and the subsequent reload or restart does not |
| 76 # recognize the pool any more. Thus, we have to ensure that the service is |
| 77 # stopped before: |
| 78 exec { 'tracd_kludge': |
| 79 command => 'service spawn-fcgi stop', |
| 80 onlyif => 'service spawn-fcgi status', |
| 81 path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', |
| 82 notify => Service['spawn-fcgi'], |
| 83 } |
| 84 |
| 85 # Pretty similar to the "tracd" pool issue above: The trac-admin initenv |
| 86 # command would fail for environment-issues after creation of the directory |
| 87 # structure, when it comes to the database setup (which already exists), |
| 88 # if we do not handle the existing resources manually.. |
| 89 exec { 'trac_env_issues_kludge': |
| 90 command => 'ln -s environment /home/trac/environment-issues', |
| 91 before => Exec['trac_env_issues'], |
| 92 path => "/usr/bin:/bin", |
| 93 user => trac, |
| 94 onlyif => 'test -d /home/trac/environment && \ |
| 95 test ! -e /home/trac/environment-issues', |
| 96 require => User['trac'], |
| 97 } |
| 98 |
12 class {'nagios::client': | 99 class {'nagios::client': |
13 server_address => 'monitoring.adblockplus.org' | 100 server_address => 'monitoring.adblockplus.org' |
14 } | 101 } |
15 } | 102 } |
LEFT | RIGHT |