Dzahn has uploaded a new change for review.
https://gerrit.wikimedia.org/r/100752
Change subject: include the bugzilla config in puppet
......................................................................
include the bugzilla config in puppet
Change-Id: I36e6363c3518c22ea8ff29d80b5a589c1392324b
---
M manifests/role/bugzilla.pp
M modules/bugzilla/manifests/init.pp
A modules/bugzilla/templates/localconfig.erb
3 files changed, 134 insertions(+), 2 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/52/100752/1
diff --git a/manifests/role/bugzilla.pp b/manifests/role/bugzilla.pp
index f08055a..3f4f896 100644
--- a/manifests/role/bugzilla.pp
+++ b/manifests/role/bugzilla.pp
@@ -16,6 +16,11 @@
system::role { 'role::bugzilla': description => '(new/upcoming) Bugzilla
server' }
- include ::bugzilla
+ class { 'bugzilla':
+ db_host => 'db1001.eqiad.wmnet',
+ db_name => 'bugzilla4',
+ db_user => 'bugs',
+ }
+
}
diff --git a/modules/bugzilla/manifests/init.pp
b/modules/bugzilla/manifests/init.pp
index 23f82da..38f53fb 100644
--- a/modules/bugzilla/manifests/init.pp
+++ b/modules/bugzilla/manifests/init.pp
@@ -15,6 +15,7 @@
# - the apache site config
# - the SSL certs
# - the /srv/org/wikimedia dir
+# - the bugzilla localconfig file
# - cronjobs and scripts:
# - auditlog mail for bz admins, bash
# - mail report for community metrics, bash
@@ -25,8 +26,9 @@
# to the bugzilla path and clone our modifications
# from the wikimedia/bugzilla/modifcations repo
#
-class bugzilla {
+class bugzilla ( $db_host, $db_name, $db_user ) {
+ # document root
file { [ '/srv/org','/srv/org/wikimedia','/srv/org/wikimedia/bugzilla']:
ensure => directory,
owner => 'root',
@@ -34,6 +36,15 @@
mode => '0755';
}
+ # bugzilla localconfig
+ file { '/srv/org/wikimedia/bugzilla/localconfig':
+ ensure => present,
+ owner => 'root',
+ group => 'www-data',
+ mode => '0440',
+ content => template('bugzilla/localconfig.erb'),
+ }
+
# basic apache site and certs
class {'bugzilla::apache':
svc_name => 'bugzilla.wikimedia.org',
diff --git a/modules/bugzilla/templates/localconfig.erb
b/modules/bugzilla/templates/localconfig.erb
new file mode 100644
index 0000000..7c6e866
--- /dev/null
+++ b/modules/bugzilla/templates/localconfig.erb
@@ -0,0 +1,116 @@
+# If you are using Apache as your web server, Bugzilla can create .htaccess
+# files for you, which will keep this file (localconfig) and other
+# confidential files from being read over the web.
+#
+# If this is set to 1, checksetup.pl will create .htaccess files if
+# they don't exist.
+#
+# If this is set to 0, checksetup.pl will not create .htaccess files.
+$create_htaccess = 1;
+
+# The name of the group that your web server runs as. On Red Hat
+# distributions, this is usually "apache". On Debian/Ubuntu, it is
+# usually "www-data".
+#
+# If you have use_suexec turned on below, then this is instead the name
+# of the group that your web server switches to to run cgi files.
+#
+# If this is a Windows machine, ignore this setting, as it does nothing.
+#
+# If you do not have access to the group your scripts will run under,
+# set this to "". If you do set this to "", then your Bugzilla installation
+# will be _VERY_ insecure, because some files will be world readable/writable,
+# and so anyone who can get local access to your machine can do whatever they
+# want. You should only have this set to "" if this is a testing installation
+# and you cannot set this up any other way. YOU HAVE BEEN WARNED!
+#
+# If you set this to anything other than "", you will need to run checksetup.pl
+# as root or as a user who is a member of the specified group.
+$webservergroup = 'www-data';
+
+# Set this to 1 if Bugzilla runs in an Apache SuexecUserGroup environment.
+#
+# If your web server runs control panel software (cPanel, Plesk or similar),
+# or if your Bugzilla is to run in a shared hosting environment, then you are
+# almost certainly in an Apache SuexecUserGroup environment.
+#
+# If this is a Windows box, ignore this setting, as it does nothing.
+#
+# If set to 0, checksetup.pl will set file permissions appropriately for
+# a normal webserver environment.
+#
+# If set to 1, checksetup.pl will set file permissions so that Bugzilla
+# works in a SuexecUserGroup environment.
+$use_suexec = 0;
+
+# What SQL database to use. Default is mysql. List of supported databases
+# can be obtained by listing Bugzilla/DB directory - every module corresponds
+# to one supported database and the name of the module (before ".pm")
+# corresponds to a valid value for this variable.
+$db_driver = 'mysql';
+
+# The DNS name or IP address of the host that the database server runs on.
+$db_host = '<%= @db_host %>';
+
+# The name of the database. For Oracle, this is the database's SID. For
+# SQLite, this is a name (or path) for the DB file.
+$db_name = '<%= @db_name %>';
+
+# Who we connect to the database as.
+$db_user = '<%= @db_user %>';
+
+# Enter your database password here. It's normally advisable to specify
+# a password for your bugzilla database user.
+# If you use apostrophe (') or a backslash (\) in your password, you'll
+# need to escape it by preceding it with a '\' character. (\') or (\)
+# (It is far simpler to just not use those characters.)
+$db_pass = '<%= scope.lookupvar('passwords::bugzilla::bugzilla_db_pass') %>';
+
+# Sometimes the database server is running on a non-standard port. If that's
+# the case for your database server, set this to the port number that your
+# database server is running on. Setting this to 0 means "use the default
+# port for my database server."
+$db_port = 3306;
+
+# MySQL Only: Enter a path to the unix socket for MySQL. If this is
+# blank, then MySQL's compiled-in default will be used. You probably
+# want that.
+$db_sock = '';
+
+# Should checksetup.pl try to verify that your database setup is correct?
+# With some combinations of database servers/Perl modules/moonphase this
+# doesn't work, and so you can try setting this to 0 to make checksetup.pl
+# run.
+$db_check = 0;
+
+# Most web servers will allow you to use index.cgi as a directory
+# index, and many come preconfigured that way, but if yours doesn't
+# then you'll need an index.html file that provides redirection
+# to index.cgi. Setting $index_html to 1 below will allow
+# checksetup.pl to create an index.html for you if it doesn't exist.
+# NOTE: checksetup.pl will not replace an existing file, so if you
+# wish to have checksetup.pl create one for you, you must
+# make sure that index.html doesn't already exist.
+$index_html = 0;
+
+# If you want to use the CVS integration of the Patch Viewer, please specify
+# the full path to the "cvs" executable here.
+$cvsbin = '/usr/bin/cvs';
+
+# If you want to use the "Difference Between Two Patches" feature of the
+# Patch Viewer, please specify the full path to the "interdiff" executable
+# here.
+$interdiffbin = '/usr/bin/interdiff';
+
+# For the "Difference Between Two Patches" feature to work, we need to know
+# what directory the "diff" bin is in. (You only need to set this if you
+# are using that feature of the Patch Viewer.)
+$diffpath = '/usr/bin';
+
+# This secret key is used by your installation for the creation and
+# validation of encrypted tokens. These tokens are used to implement
+# security features in Bugzilla, to protect against certain types of attacks.
+# A random string is generated by default. It's very important that this key
+# is kept secret. It also must be very long.
+$site_wide_secret = '<%=
scope.lookupvar('passwords::bugzilla::bugzilla_site_secret') %>';
+
--
To view, visit https://gerrit.wikimedia.org/r/100752
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I36e6363c3518c22ea8ff29d80b5a589c1392324b
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn <dz...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
