Add a xenial nodeset and update the spec helper to install puppet 3 from
the Ubuntu repos instead of from puppetlabs. Also fix linter errors.
Change-Id: I5b4650de814a23a0ef25ee8cd73ca3591b6df44e
The ssl-cert group which normally owns files under /etc/ssl is
created by a dependency of the apache module, but we need to create
files there before that service is started. Break the cycle by just
relying on the root group instead. Also update permission modes on
these files to reflect sensible systems administration practices
(read/write by root, readable by everyone except for the key file
which is inaccessible for others).
Change-Id: Ia76a344e5b4d3d7acdf0980ed7f951f8d5199052
On systems where the site FQDN is mapped to the loopback interface
in /etc/hosts, Apache doesn't apply the vhost configuration on
incoming connections to other addresses/interfaces. Apache
recommends wildcarding VirtualHost directives these days, and it's
something we already hard-code in other modules (e.g. puppet-zuul).
This _could_ conceivably cause complication for anyone trying to
coinstall this module on a server hosting other sites without
name-based hosting configured correctly, but that should be an
increasingly unusual configuration.
Change-Id: I11f5b586c4f7b42017c2eb78af4be87211343381
The snakeoil fallback defaults need to be set in the cert class,
not as defaults in the module init.
Change-Id: Id1f5dd081fa085775b96c0e374055aded203148a
Depends-On: Ifc92d78f081fc69d804c29033e96e1c94462213b
SSLv2 and SSLv3 should never be used. Update the protocol and cipher
suite lines to match the recommendations by the OpenStack Security team.
This includes opt-in to only TLS and strong ciphers.
Change-Id: I25168293cd822b2838252a71890e0c43b5a7b8f0
Our official git master is at git.openstack.org, update places
that use github instead.
Fix also broken URL.
Change-Id: Idf1501e771b88cf68797cadd4c4bc5127948728b
Use same target directory for zuul-cloner and
the regular git command.
Change-Id: Id3974c8fad34cac7740b547c1514e2a6e534d5cc
Co-Authored-By: Fabien Boucher <fabien.boucher@enovance.com>
In anticipation of puppet 4, start trying to deal with puppet 4 things
that can be helpfully predicted by puppet lint plugins. Also fix lint
errors caught by the puppet-lint-absolute_classname-check and
puppet-lint-trailing_newline-check gems.
Change-Id: If9e2cd626122c4ff6338a82d87c815ae33578bac
puppet-httpd is the openstack-infra version of puppetlabs-apache
(0.0.4) release.
This patchset will remove the puppetlabs-apache namespace from -infra
allowing for possible future patchsets to use newer puppetlabs-apache
modules.
Change-Id: I4f509f1ce72b069ac89d42f2cb55550e3b5bf590
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
The http://ci.openstack.org/ documentation site has been deprecated,
replaced by redirects to corresponding paths within
http://docs.openstack.org/infra/ where other Project Infrastructure
documentation already resides.
Change-Id: I81ecea0021e349232bc36924a04869d29ad4676d
The install directories into which the storyboard api and client
are downloaded and processed are now parameterized.
Change-Id: Ic67a0730246bc7fcf38cc98e460381994ab9d736
In order to support Python3, https://review.openstack.org/#/c/152339/ is switching
to a mysql driver that's supported by Python3. This updates the puppet module to use
the new connection string.
Change-Id: Id5d9eacd8de5700675848d3129b189fad07a221b
There were two references to stdlib in the metadata.json file.
Similarly, there is a dependency on a module that cannot be directly
installed via 'puppet module install' (openstackci/httpd), so I am
switching our metadata back in line with the Modulefile until
that changes.
Change-Id: I04636b14f9cb7b945156a7f20c5321b54ffa67be
Vagrant file will provision the configuration it finds in vagrant.pp.
Node configurations for precise and trusty provided, on different IP
addresses.
Change-Id: I7b08ce4cc5acdc2ad58261f4872ba2df2e06dcf4
The content of this project is Apache 2 licensed, but we should
include a standard LICENSE file just to be clear about that.
Change-Id: Iee6320b9d7e35fbe8d3b0a9794f3e485c18ef2c8
This adds an empty, default config.json file to storyboard's webclient install.
While functionally it impacts nothing, it will remove a multitude of 404 log
errors caused by storyboard trying to load a secondary configuration.
Change-Id: Ib31e4ad1c6f03b4dd43659bd8e931d965ce7686b
Storyboard is currently failing because of requests to get the working
directory are failing. This disables that configuration option so
we have some time to investigate.
Change-Id: I8d0b8d6ce350836b8eba5822e1aa6e9920d7dc8e
This patch adds the new oauth config section from
https://review.openstack.org/144355, as well as the cron enabling
flag from https://review.openstack.org/129609/. Both are defaulted
to false in storyboard, so until this patch lands the features
will not be enabled.
Change-Id: Iedd1d8fb9b734c4356a922b6781395249ae14ed4
* manifests/cert.pp: This adds the flexibility to depend on
existing files even if they're created as part of the storyboard
dependency chain, though with the loss of some error handling if a
deployer neglects to ensure the file itself exists before starting
the apache daemon.
Change-Id: I62d0bc7899703d7cc17f402cf34bd92357f44b58
This resolves an issue where the rabbitmq daemon changed command
output and the puppet module lagged behind it.
Change-Id: Ib71041539bf7cce66fb9f0060ed9a62fca502361
If we are running on anything before trusty, we need to manually
manage the repository because the available version of rabbitmq
is not recent enough for our module. For trusty and later, the
available version is too recent for us to use, so we have to turn
off repo management.
This is volatile, and needs a more permanent solution.
Change-Id: I0db87d6c5cbecee8575d91e6f88ef43a947967ff
Turns out the rabbit module manages its own APT repository, which
can end up with some unexpected results on trusty. This disables
that and defaults back to using the trusty upstream.
After this patch lands, we're going to have to manually update
storyboard.o.o to remove the ppa and reinstall rabbit.
Change-Id: Ic5ada12e730845e550d1beb934c536955b77ef16
Storyboard will soon support CORS, which is configured via
storyboard.conf. This patch adds the two relevant properties
to the puppet module, and makes them accessible in
storyboard::application.
Depends on https://review.openstack.org/#/c/124163/
Change-Id: I33a33076a18a9192b067a9f6f08d752ff8c22e3b
This patch adds a puppet module that will start up N worker threads
to handle messages sent to the deferred processing queue. It does so
by making use of the new storyboard-worker-daemon command
created in the below patch. Both upstart and sysvinit scripts are
provided, with sysvinit being the default.
https://review.openstack.org/#/c/122890/
Change-Id: I5565cbf8062457d343d3e02dbfaae2852a359d91
Story: 96
The default passwords for the various storyboard subcomponents
as well as the init component were removed. Documentation has
also been updated.
Change-Id: I1041154b6d30722649776eca15a0f04b090ab5c8
Version detection for apache was incorrectly based off a version
of the apache module that isn't in use by openstack. Rather than
creating a weird dependency issue, I've moved the apache default
version detection into the storyboard module directly.
Change-Id: Ib4be592207bd43abb0c97417f321a2ffa26465f1
