Dzahn has uploaded a new change for review. https://gerrit.wikimedia.org/r/100752
Change subject: include the bugzilla config in puppet ...................................................................... include the bugzilla config in puppet Change-Id: I36e6363c3518c22ea8ff29d80b5a589c1392324b --- M manifests/role/bugzilla.pp M modules/bugzilla/manifests/init.pp A modules/bugzilla/templates/localconfig.erb 3 files changed, 134 insertions(+), 2 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/52/100752/1 diff --git a/manifests/role/bugzilla.pp b/manifests/role/bugzilla.pp index f08055a..3f4f896 100644 --- a/manifests/role/bugzilla.pp +++ b/manifests/role/bugzilla.pp @@ -16,6 +16,11 @@ system::role { 'role::bugzilla': description => '(new/upcoming) Bugzilla server' } - include ::bugzilla + class { 'bugzilla': + db_host => 'db1001.eqiad.wmnet', + db_name => 'bugzilla4', + db_user => 'bugs', + } + } diff --git a/modules/bugzilla/manifests/init.pp b/modules/bugzilla/manifests/init.pp index 23f82da..38f53fb 100644 --- a/modules/bugzilla/manifests/init.pp +++ b/modules/bugzilla/manifests/init.pp @@ -15,6 +15,7 @@ # - the apache site config # - the SSL certs # - the /srv/org/wikimedia dir +# - the bugzilla localconfig file # - cronjobs and scripts: # - auditlog mail for bz admins, bash # - mail report for community metrics, bash @@ -25,8 +26,9 @@ # to the bugzilla path and clone our modifications # from the wikimedia/bugzilla/modifcations repo # -class bugzilla { +class bugzilla ( $db_host, $db_name, $db_user ) { + # document root file { [ '/srv/org','/srv/org/wikimedia','/srv/org/wikimedia/bugzilla']: ensure => directory, owner => 'root', @@ -34,6 +36,15 @@ mode => '0755'; } + # bugzilla localconfig + file { '/srv/org/wikimedia/bugzilla/localconfig': + ensure => present, + owner => 'root', + group => 'www-data', + mode => '0440', + content => template('bugzilla/localconfig.erb'), + } + # basic apache site and certs class {'bugzilla::apache': svc_name => 'bugzilla.wikimedia.org', diff --git a/modules/bugzilla/templates/localconfig.erb b/modules/bugzilla/templates/localconfig.erb new file mode 100644 index 0000000..7c6e866 --- /dev/null +++ b/modules/bugzilla/templates/localconfig.erb @@ -0,0 +1,116 @@ +# If you are using Apache as your web server, Bugzilla can create .htaccess +# files for you, which will keep this file (localconfig) and other +# confidential files from being read over the web. +# +# If this is set to 1, checksetup.pl will create .htaccess files if +# they don't exist. +# +# If this is set to 0, checksetup.pl will not create .htaccess files. +$create_htaccess = 1; + +# The name of the group that your web server runs as. On Red Hat +# distributions, this is usually "apache". On Debian/Ubuntu, it is +# usually "www-data". +# +# If you have use_suexec turned on below, then this is instead the name +# of the group that your web server switches to to run cgi files. +# +# If this is a Windows machine, ignore this setting, as it does nothing. +# +# If you do not have access to the group your scripts will run under, +# set this to "". If you do set this to "", then your Bugzilla installation +# will be _VERY_ insecure, because some files will be world readable/writable, +# and so anyone who can get local access to your machine can do whatever they +# want. You should only have this set to "" if this is a testing installation +# and you cannot set this up any other way. YOU HAVE BEEN WARNED! +# +# If you set this to anything other than "", you will need to run checksetup.pl +# as root or as a user who is a member of the specified group. +$webservergroup = 'www-data'; + +# Set this to 1 if Bugzilla runs in an Apache SuexecUserGroup environment. +# +# If your web server runs control panel software (cPanel, Plesk or similar), +# or if your Bugzilla is to run in a shared hosting environment, then you are +# almost certainly in an Apache SuexecUserGroup environment. +# +# If this is a Windows box, ignore this setting, as it does nothing. +# +# If set to 0, checksetup.pl will set file permissions appropriately for +# a normal webserver environment. +# +# If set to 1, checksetup.pl will set file permissions so that Bugzilla +# works in a SuexecUserGroup environment. +$use_suexec = 0; + +# What SQL database to use. Default is mysql. List of supported databases +# can be obtained by listing Bugzilla/DB directory - every module corresponds +# to one supported database and the name of the module (before ".pm") +# corresponds to a valid value for this variable. +$db_driver = 'mysql'; + +# The DNS name or IP address of the host that the database server runs on. +$db_host = '<%= @db_host %>'; + +# The name of the database. For Oracle, this is the database's SID. For +# SQLite, this is a name (or path) for the DB file. +$db_name = '<%= @db_name %>'; + +# Who we connect to the database as. +$db_user = '<%= @db_user %>'; + +# Enter your database password here. It's normally advisable to specify +# a password for your bugzilla database user. +# If you use apostrophe (') or a backslash (\) in your password, you'll +# need to escape it by preceding it with a '\' character. (\') or (\) +# (It is far simpler to just not use those characters.) +$db_pass = '<%= scope.lookupvar('passwords::bugzilla::bugzilla_db_pass') %>'; + +# Sometimes the database server is running on a non-standard port. If that's +# the case for your database server, set this to the port number that your +# database server is running on. Setting this to 0 means "use the default +# port for my database server." +$db_port = 3306; + +# MySQL Only: Enter a path to the unix socket for MySQL. If this is +# blank, then MySQL's compiled-in default will be used. You probably +# want that. +$db_sock = ''; + +# Should checksetup.pl try to verify that your database setup is correct? +# With some combinations of database servers/Perl modules/moonphase this +# doesn't work, and so you can try setting this to 0 to make checksetup.pl +# run. +$db_check = 0; + +# Most web servers will allow you to use index.cgi as a directory +# index, and many come preconfigured that way, but if yours doesn't +# then you'll need an index.html file that provides redirection +# to index.cgi. Setting $index_html to 1 below will allow +# checksetup.pl to create an index.html for you if it doesn't exist. +# NOTE: checksetup.pl will not replace an existing file, so if you +# wish to have checksetup.pl create one for you, you must +# make sure that index.html doesn't already exist. +$index_html = 0; + +# If you want to use the CVS integration of the Patch Viewer, please specify +# the full path to the "cvs" executable here. +$cvsbin = '/usr/bin/cvs'; + +# If you want to use the "Difference Between Two Patches" feature of the +# Patch Viewer, please specify the full path to the "interdiff" executable +# here. +$interdiffbin = '/usr/bin/interdiff'; + +# For the "Difference Between Two Patches" feature to work, we need to know +# what directory the "diff" bin is in. (You only need to set this if you +# are using that feature of the Patch Viewer.) +$diffpath = '/usr/bin'; + +# This secret key is used by your installation for the creation and +# validation of encrypted tokens. These tokens are used to implement +# security features in Bugzilla, to protect against certain types of attacks. +# A random string is generated by default. It's very important that this key +# is kept secret. It also must be very long. +$site_wide_secret = '<%= scope.lookupvar('passwords::bugzilla::bugzilla_site_secret') %>'; + -- To view, visit https://gerrit.wikimedia.org/r/100752 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I36e6363c3518c22ea8ff29d80b5a589c1392324b Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Dzahn <dz...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits