Update etherpad and etherpad puppet manifests.
* manifests/site.pp: Pass new mysql DB variables to
openstack::etherpad*.
* modules/etherpad_lite/manifests/apache.pp: Fix broken /etc/ssl/certs
permissions (0700 -> 0755).
* modules/etherpad_lite/manifests/init.pp: Update default nodejs and
etherpad versions. Remove ep_headings plugin install. New plugin define
should be used for this instead. Stop making the etherpad-lite ref to
checkout optional (defaults to develop). Note these changes are probably
not going to be backward compat.
* modules/etherpad_lite/manifests/plugin.pp: Define to install etherpad
lite plugins.
* modules/etherpad_lite/manifests/site.pp: Simplify DB support and
remove support for the dirty DB type.
* modules/etherpad_lite/templates/etherpad-lite_settings.json.erb: Bring
settings erb up to par with latest template.
* modules/etherpad_lite/templates/etherpadlite.vhost.erb: Update rewrite
rules for new etherpad. Instead of allowing nice pad urls rooted at /
redirect these url to /p/padname. Etherpad does not deal well with a
change in root path as /p/ is hardcoded in many places.
* modules/openstack_project/manifests/etherpad.pp
* modules/openstack_project/manifests/etherpad_dev.pp:
Update to use new etherpad module setup. MySQL DBs are now externally
managed, pass in needed connection info.
* modules/mysql_backup/manifests/backup_remote.pp: New define to backup
remote DB servers.
* modules/mysql_backup/templates/my.cnf.erb: Template for a my.cnf to be
used by the cron in backup_remote.pp. Allows for easy connectivity from
server using MySQL DB as root.
Change-Id: I1250297674b91e81d59cd28c07c52e09967ca548
diff --git a/manifests/apache.pp b/manifests/apache.pp
index 67cffeb..d5b2adb 100644
--- a/manifests/apache.pp
+++ b/manifests/apache.pp
@@ -34,7 +34,7 @@
file { '/etc/ssl/certs':
ensure => directory,
owner => 'root',
- mode => '0700',
+ mode => '0755',
}
file { '/etc/ssl/private':
diff --git a/manifests/backup.pp b/manifests/backup.pp
deleted file mode 100644
index 64450b1..0000000
--- a/manifests/backup.pp
+++ /dev/null
@@ -1,31 +0,0 @@
-# == Class: etherpad_lite::backup
-#
-class etherpad_lite::backup (
- $minute = '0',
- $hour = '0',
- $day = '*',
- $dest = "${etherpad_lite::base_log_dir}/${etherpad_lite::ep_user}/db.sql.gz",
- $rotation = 'daily',
- $num_backups = '30'
-) {
-
- cron { 'eplitedbbackup':
- ensure => present,
- command => "/usr/bin/mysqldump --defaults-file=/etc/mysql/debian.cnf --opt etherpad-lite | gzip -9 > ${dest}",
- minute => $minute,
- hour => $hour,
- weekday => $day,
- require => Package['mysql-server'],
- }
-
- include logrotate
- logrotate::file { 'eplitedb':
- log => $dest,
- options => [
- 'nocompress',
- "rotate ${num_backups}",
- $rotation,
- ],
- require => Cron['eplitedbbackup'],
- }
-}
diff --git a/manifests/init.pp b/manifests/init.pp
index ddd9456..1778990 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -15,9 +15,8 @@
$ep_user = 'eplite',
$base_log_dir = '/var/log',
$base_install_dir = '/opt/etherpad-lite',
- $nodejs_version = 'v0.6.16',
- $eplite_version = '',
- $ep_headings = false
+ $nodejs_version = 'v0.10.20',
+ $eplite_version = 'develop'
) {
# where the modules are, needed to easily install modules later
@@ -85,25 +84,16 @@
],
}
- # Allow existing install to exist without modifying its git repo.
- # But give the option to specify versions for new installs.
- if $eplite_version != '' {
- vcsrepo { "${base_install_dir}/etherpad-lite":
- ensure => present,
- provider => git,
- source => 'https://github.com/ether/etherpad-lite.git',
- owner => $ep_user,
- revision => $eplite_version,
- require => Package['git'],
- }
- } else {
- vcsrepo { "${base_install_dir}/etherpad-lite":
- ensure => present,
- provider => git,
- source => 'https://github.com/Pita/etherpad-lite.git',
- owner => $ep_user,
- require => Package['git'],
- }
+ vcsrepo { "${base_install_dir}/etherpad-lite":
+ ensure => present,
+ provider => git,
+ source => 'https://github.com/ether/etherpad-lite.git',
+ owner => $ep_user,
+ revision => $eplite_version,
+ require => [
+ Package['git'],
+ User[$ep_user],
+ ],
}
exec { 'install_etherpad_dependencies':
@@ -120,25 +110,6 @@
creates => "${base_install_dir}/etherpad-lite/node_modules",
}
- if $ep_headings == true {
- # install the test install plugin
- # This seesm to be needed to get
- exec {'npm install ep_fintest':
- cwd => $modules_dir,
- path => $path,
- creates => "${modules_dir}/ep_fintest",
- require => Exec['install_etherpad_dependencies']
- } ->
-
- # install the headings plugin
- exec {'npm install ep_headings':
- cwd => $modules_dir,
- path => $path,
- creates => "${modules_dir}/ep_headings",
- require => Exec['install_etherpad_dependencies']
- }
- }
-
file { '/etc/init/etherpad-lite.conf':
ensure => present,
content => template('etherpad_lite/upstart.erb'),
diff --git a/manifests/mysql.pp b/manifests/mysql.pp
deleted file mode 100644
index 92138d6..0000000
--- a/manifests/mysql.pp
+++ /dev/null
@@ -1,82 +0,0 @@
-# == Class: etherpad_lite::mysql
-#
-class etherpad_lite::mysql(
- $database_password = '',
- $dbType = 'mysql',
- $database_user = 'eplite',
- $database_name = 'etherpad-lite'
-) {
- include etherpad_lite
-
- $base = "${etherpad_lite::base_install_dir}/etherpad-lite"
-
- package { 'mysql-server':
- ensure => present,
- }
-
- package { 'mysql-client':
- ensure => present,
- }
-
- service { 'mysql':
- ensure => running,
- enable => true,
- hasrestart => true,
- require => [
- Package['mysql-server'],
- Package['mysql-client'],
- ],
- }
-
- file { "${base}/create_database.sh":
- ensure => present,
- content => template('etherpad_lite/create_database.sh.erb'),
- group => $etherpad_lite::ep_user,
- mode => '0755',
- owner => $etherpad_lite::ep_user,
- replace => true,
- require => Class['etherpad_lite'],
- }
-
- file { "${base}/create_user.sh":
- ensure => present,
- content => template('etherpad_lite/create_user.sh.erb'),
- group => $etherpad_lite::ep_user,
- mode => '0755',
- owner => $etherpad_lite::ep_user,
- replace => true,
- require => Class['etherpad_lite'],
- }
-
- exec { 'create-etherpad-lite-db':
- unless => "mysql --defaults-file=/etc/mysql/debian.cnf ${database_name}",
- path => [
- '/bin',
- '/usr/bin',
- ],
- command => "${base}/create_database.sh",
- require => [
- Service['mysql'],
- File["${base}/settings.json"],
- File["${base}/create_database.sh"],
- ],
- before => Exec['grant-etherpad-lite-db'],
- }
-
- exec { 'grant-etherpad-lite-db':
- unless =>
- "mysql -u${database_user} -p${database_password} ${database_name}",
- path => [
- '/bin',
- '/usr/bin'
- ],
- command => "${base}/create_user.sh",
- require => [
- Service['mysql'],
- File["${base}/settings.json"],
- File["${base}/create_user.sh"],
- ],
- }
-}
-
-# vim:sw=2:ts=2:expandtab:textwidth=79
diff --git a/manifests/plugin.pp b/manifests/plugin.pp
new file mode 100644
index 0000000..f319a71
--- /dev/null
+++ b/manifests/plugin.pp
@@ -0,0 +1,13 @@
+# Define to install etherpad lite plugins
+#
+define etherpad_lite::plugin {
+ $plugin_name = $name
+ exec { "npm install ${plugin_name}":
+ cwd => $etherpad_lite::modules_dir,
+ path => $etherpad_lite::path,
+ user => $etherpad_lite::ep_user,
+ environment => "HOME=${etherpad_lite::base_log_dir}/${etherpad_lite::ep_user}",
+ creates => "${etherpad_lite::modules_dir}/${plugin_name}",
+ require => Class['etherpad_lite']
+ }
+}
diff --git a/manifests/site.pp b/manifests/site.pp
index f2f47c1..78808ae 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -1,30 +1,22 @@
# == Class: etherpad_lite::site
#
class etherpad_lite::site (
- $database_password = '',
- $dbType = 'mysql',
+ $database_password,
+ $sessionKey = '',
+ $dbType = 'mysql',
$database_user = 'eplite',
- $database_name = 'etherpad-lite'
+ $database_name = 'etherpad-lite',
+ $database_host = 'localhost'
) {
include etherpad_lite
$base = $etherpad_lite::base_install_dir
- if $dbType == 'mysql' {
- service { 'etherpad-lite':
- ensure => running,
- enable => true,
- subscribe => File["${base}/etherpad-lite/settings.json"],
- require => Class['etherpad_lite::mysql'],
- }
- }
- else {
- service { 'etherpad-lite':
- ensure => running,
- enable => true,
- subscribe => File["${base}/etherpad-lite/settings.json"],
- }
+ service { 'etherpad-lite':
+ ensure => running,
+ enable => true,
+ subscribe => File["${base}/etherpad-lite/settings.json"],
}
file { "${base}/etherpad-lite/settings.json":
diff --git a/templates/create_database.sh.erb b/templates/create_database.sh.erb
deleted file mode 100644
index 97af276..0000000
--- a/templates/create_database.sh.erb
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/bash
-
-mysql --defaults-file=/etc/mysql/debian.cnf -e 'create database `<%= database_name %>` CHARACTER SET utf8 COLLATE utf8_bin'
diff --git a/templates/create_user.sh.erb b/templates/create_user.sh.erb
deleted file mode 100644
index 0c1f24b..0000000
--- a/templates/create_user.sh.erb
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/bash
-
-mysql --defaults-file=/etc/mysql/debian.cnf -e 'grant all on `<%= database_name %>`.* to "<%= database_user %>"@"localhost" identified by "<%= database_password %>";'
diff --git a/templates/etherpad-lite_settings.json.erb b/templates/etherpad-lite_settings.json.erb
index 7d9ee88..4e417f6 100644
--- a/templates/etherpad-lite_settings.json.erb
+++ b/templates/etherpad-lite_settings.json.erb
@@ -4,17 +4,27 @@
Please edit settings.json, not settings.json.template
*/
{
+ // Name your instance!
+ "title": "OpenStack Etherpad",
+
//Ip and port which etherpad should bind at
"ip": "127.0.0.1",
"port" : 9001,
+ // favicon default name
+ "favicon": "favicon.ico",
+
+ // Session Key, used for reconnecting user sessions
+ // Set this to a secure string at least 10 characters long. Do not share this value.
+ "sessionKey" : "<%= sessionKey %>",
+
//The Type of the database. You can choose between dirty, sqlite and mysql
//You should use mysql or sqlite for anything else than testing or development
"dbType" : "<%= dbType %>",
//the database specific settings
"dbSettings" : {
"user" : "<%= database_user %>",
- "host" : "localhost",
+ "host" : "<%= database_host %>",
"password": "<%= database_password %>",
"database": "<%= database_name %>"
},
@@ -39,9 +49,72 @@
Abiword is needed to enable the import/export of pads*/
"abiword" : "/usr/bin/abiword",
- /* This setting is used if you need http basic auth */
- // "httpAuth" : "user:pass",
+ /* This setting is used if you require authentication of all users.
+ Note: /admin always requires authentication. */
+ "requireAuthentication": false,
+
+ /* Require authorization by a module, or a user with is_admin set, see below. */
+ "requireAuthorization": false,
+
+ /* Users for basic authentication. is_admin = true gives access to /admin.
+ If you do not uncomment this, /admin will not be available! */
+ /*
+ "users": {
+ "admin": {
+ "password": "changeme1",
+ "is_admin": true
+ },
+ "user": {
+ "password": "changeme1",
+ "is_admin": false
+ }
+ },
+ */
+
+ // restrict socket.io transport methods
+ "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],
/* The log level we are using, can be: DEBUG, INFO, WARN, ERROR */
- "loglevel": "INFO"
+ "loglevel": "INFO",
+
+ //Logging configuration. See log4js documentation for further information
+ // https://github.com/nomiddlename/log4js-node
+ // You can add as many appenders as you want here:
+ "logconfig" :
+ { "appenders": [
+ { "type": "console"
+ //, "category": "access"// only logs pad access
+ }
+ /*
+ , { "type": "file"
+ , "filename": "/var/log/eplite/etherpad-lite.log"
+ , "maxLogSize": 1024
+ , "backups": 30 // how many log files there're gonna be at max
+ //, "category": "test" // only log a specific category
+ }*/
+ /*
+ , { "type": "logLevelFilter"
+ , "level": "warn" // filters out all log messages that have a lower level than "error"
+ , "appender":
+ { Use whatever appender you want here }
+ }*/
+ /*
+ , { "type": "logLevelFilter"
+ , "level": "error" // filters out all log messages that have a lower level than "error"
+ , "appender":
+ { "type": "smtp"
+ , "subject": "An error occured in your EPL instance!"
+ , "recipients": "bar@blurdybloop.com, baz@blurdybloop.com"
+ , "sendInterval": 60*5 // in secs -- will buffer log messages; set to 0 to send a mail for every message
+ , "transport": "SMTP", "SMTP": { // see https://github.com/andris9/Nodemailer#possible-transport-methods
+ "host": "smtp.example.com", "port": 465,
+ "secureConnection": true,
+ "auth": {
+ "user": "foo@example.com",
+ "pass": "bar_foo"
+ }
+ }
+ }
+ }*/
+ ] }
}
diff --git a/templates/etherpadlite.vhost.erb b/templates/etherpadlite.vhost.erb
index 2de1e36..97d05fa 100644
--- a/templates/etherpadlite.vhost.erb
+++ b/templates/etherpadlite.vhost.erb
@@ -36,28 +36,37 @@
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
- RewriteEngine on
- RewriteCond %{HTTP_HOST} !<%= scope.lookupvar("etherpad_lite::apache::vhost_name") %>
- RewriteRule ^.*$ https://<%= scope.lookupvar("etherpad_lite::apache::vhost_name") %> [L,R=301]
+ <IfModule mod_proxy.c>
+ # The following redirects "nice" urls such as https://etherpad.example.org/padname
+ # to https://etherpad.example.org/p/padname. It was problematic directly
+ # supporting "nice" urls as etherpad hardcodes /p/ in many places.
+ # Adapted from https://github.com/ether/etherpad-lite/wiki/How-to-put-Etherpad-Lite-behind-a-reverse-Proxy
+ RewriteEngine on
+ RewriteCond %{HTTP_HOST} !<%= scope.lookupvar("etherpad_lite::apache::vhost_name") %>
+ RewriteRule ^.*$ https://<%= scope.lookupvar("etherpad_lite::apache::vhost_name") %> [L,R=301]
- RewriteRule ^/p/(.*)$ https://<%= scope.lookupvar("etherpad_lite::apache::vhost_name") %>/$1 [NC,L,R=301]
- RewriteCond %{REQUEST_URI} !^/p/
- RewriteCond %{REQUEST_URI} !^/static/
- RewriteCond %{REQUEST_URI} !^/pluginfw/
- RewriteCond %{REQUEST_URI} !^/javascripts/
- RewriteCond %{REQUEST_URI} !^/socket.io/
- RewriteCond %{REQUEST_URI} !^/ep/
- RewriteCond %{REQUEST_URI} !^/minified/
- RewriteCond %{REQUEST_URI} !^/api/
- RewriteCond %{REQUEST_URI} !^/ro/
- RewriteCond %{REQUEST_URI} !^/error/
- RewriteCond %{REQUEST_URI} !^/jserror
- RewriteCond %{REQUEST_URI} !/favicon.ico
- RewriteCond %{REQUEST_URI} !/robots.txt
- RewriteRule ^/+(.+)$ https://<%= scope.lookupvar("etherpad_lite::apache::vhost_name") %>/p/$1
+ RewriteCond %{REQUEST_URI} !^/p/
+ RewriteCond %{REQUEST_URI} !^/locales/
+ RewriteCond %{REQUEST_URI} !^/locales.json
+ RewriteCond %{REQUEST_URI} !^/admin
+ RewriteCond %{REQUEST_URI} !^/p/
+ RewriteCond %{REQUEST_URI} !^/static/
+ RewriteCond %{REQUEST_URI} !^/pluginfw/
+ RewriteCond %{REQUEST_URI} !^/javascripts/
+ RewriteCond %{REQUEST_URI} !^/socket.io/
+ RewriteCond %{REQUEST_URI} !^/ep/
+ RewriteCond %{REQUEST_URI} !^/minified/
+ RewriteCond %{REQUEST_URI} !^/api/
+ RewriteCond %{REQUEST_URI} !^/ro/
+ RewriteCond %{REQUEST_URI} !^/error/
+ RewriteCond %{REQUEST_URI} !^/jserror
+ RewriteCond %{REQUEST_URI} !/favicon.ico
+ RewriteCond %{REQUEST_URI} !/robots.txt
+ RewriteRule ^/+(.+)$ https://<%= scope.lookupvar("etherpad_lite::apache::vhost_name") %>/p/$1 [NC,L,R=301]
- RewriteRule ^/(.*)$ http://localhost:9001/$1 [P]
- ProxyPassReverse / http://localhost:9001/
+ RewriteRule ^/(.*)$ http://localhost:9001/$1 [P]
+ ProxyPassReverse / http://localhost:9001/
+ </IfModule>
</VirtualHost>
</IfModule>