Ori.livneh has submitted this change and it was merged.
Change subject: svn: convert into a module
......................................................................
svn: convert into a module
I have removed the svn::groups class as svn is only served readonly, and it
seems it can be removed.
I didn't include init.pp as it seems redundant here.
also removed the apache dependency for the time being until the status
of this service is cleared out.
- move server.pp to init.pp
- rename svn::server to subversion and svn::client to subversion::client etc
- adjust file pathes
- add role class
- minor lint stuff like line over 80 chars and aligned arrows
Change-Id: Ife6ab663edba01ecd86977ae13a3838f3979e2ed
---
A manifests/role/subversion.pp
M manifests/site.pp
D manifests/svn.pp
R modules/subversion/files/apache/svn.wikimedia.org
R modules/subversion/files/docroot/robots.txt
R modules/subversion/files/revision.ezt
R modules/subversion/files/sillyshell
R modules/subversion/files/viewvc.conf
A modules/subversion/manifests/client.pp
A modules/subversion/manifests/conversion.pp
A modules/subversion/manifests/init.pp
A modules/subversion/manifests/viewvc.pp
12 files changed, 149 insertions(+), 129 deletions(-)
Approvals:
Ori.livneh: Looks good to me, approved
jenkins-bot: Verified
diff --git a/manifests/role/subversion.pp b/manifests/role/subversion.pp
new file mode 100644
index 0000000..7625924
--- /dev/null
+++ b/manifests/role/subversion.pp
@@ -0,0 +1,16 @@
+# manifests/role/subversion.pp
+
+class role::subversion {
+
+ system::role { 'role::subversion': description => 'public, read-only SVN
server' }
+
+ class { '::subversion':
+ host => 'svn.wikimedia.org',
+ }
+
+ monitor_service { 'https':
+ description => 'HTTPS',
+ check_command => "check_ssl_cert!${host}"
+ }
+}
+
diff --git a/manifests/site.pp b/manifests/site.pp
index fecc6cf..1584cc0 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -27,7 +27,6 @@
import "search.pp"
import "snapshots.pp"
import "sudo.pp"
-import "svn.pp"
import "swift.pp"
import "webserver.pp"
import "zuul.pp"
@@ -189,7 +188,7 @@
groups::wikidev,
accounts::demon,
role::gitblit,
- svn::server
+ role::subversion
# full root for gerrit admin (RT-3698)
sudo_user { "demon": privileges => ['ALL = NOPASSWD: ALL'] }
@@ -222,7 +221,7 @@
interface::add_ip6_mapped { "main": interface => "eth0" }
include standard,
- svn::client,
+ subversion::client,
admins::roots,
admins::mortals,
admins::restricted,
@@ -867,7 +866,7 @@
interface::add_ip6_mapped { "main": interface => "eth0" }
include role::applicationserver::maintenance,
- svn::client,
+ subversion::client,
nfs::netapp::home,
admins::roots,
admins::mortals,
@@ -919,7 +918,7 @@
$ssh_x11_forwarding = "no"
include standard,
webserver::php5,
- svn::server,
+ role::subversion,
backup::client,
role::deployment::test
diff --git a/manifests/svn.pp b/manifests/svn.pp
deleted file mode 100644
index b42abd2..0000000
--- a/manifests/svn.pp
+++ /dev/null
@@ -1,124 +0,0 @@
-class svn::server {
- system::role { 'svn::server': description => 'public SVN server' }
-
- require 'svn::groups::svn'
-
- # include webserver::php5
-
- package { [ 'libsvn-notify-perl', 'python-subversion',
- 'libapache2-svn', 'python-pygments' ]:
- ensure => latest;
- }
-
- file {
- '/usr/local/bin/sillyshell':
- owner => 'root',
- group => 'root',
- mode => '0555',
- source => 'puppet:///files/svn/sillyshell';
- '/etc/apache2/sites-available/svn':
- owner => 'root',
- group => 'root',
- mode => '0444',
- source =>
'puppet:///files/apache/sites/svn.wikimedia.org',
- notify => Service[apache2];
- '/srv/org/wikimedia/svn':
- ensure => directory,
- source => 'puppet:///files/svn/docroot',
- owner => 'root',
- group => 'svnadm',
- mode => '0664',
- recurse => true;
- '/var/cache/svnusers':
- ensure => directory,
- owner => 'www-data',
- group => 'www-data',
- mode => '0755';
- '/svnroot':
- ensure => directory,
- owner => 'root',
- group => 'svn',
- mode => '0775';
- }
-
- include backup::host
- backup::set { 'svnroot': }
-
- apache_site { 'svn': name => 'svn', prefix => '000-' }
- apache_module { 'authz_svn': name => 'authz_svn' }
-
- monitor_service { 'https': description => 'HTTPS', check_command =>
'check_ssl_cert!svn.wikimedia.org' }
-
- ferm::rule { 'svn_80':
- rule => 'proto tcp dport 80 ACCEPT;'
- }
- ferm::rule { 'svn_443':
- rule => 'proto tcp dport 443 ACCEPT;'
- }
-
- cron { 'svnuser_generation':
- command => '(cd /var/cache/svnusers && svn up) >
/dev/null 2>&1',
- user => 'www-data',
- hour => 0,
- minute => 0;
- }
-
- exec { '/usr/bin/svn co file:///svnroot/mediawiki/USERINFO svnusers':
- creates => '/var/cache/svnusers/.svn',
- cwd => '/var/cache',
- user => 'www-data',
- require => File['/var/cache/svnusers'];
- }
-
- class viewvc {
- require svn::server
-
- package { 'viewvc':
- ensure => latest;
- }
-
- file {
- '/etc/apache2/svn-authz':
- owner => 'root',
- group => 'root',
- mode => '0444',
- source => 'puppet:///private/svn/svn-authz';
- '/etc/viewvc/viewvc.conf':
- owner => 'root',
- group => 'root',
- mode => '0444',
- source => 'puppet:///files/svn/viewvc.conf';
- '/etc/viewvc/templates/revision.ezt':
- owner => 'root',
- group => 'root',
- mode => '0444',
- source => 'puppet:///files/svn/revision.ezt';
- }
- }
-
- class conversion {
- package { ['libqt4-dev', 'libsvn-dev', 'g++']:
- ensure => latest;
- }
- }
-
- include viewvc, conversion
-}
-
-class svn::groups {
- class svn {
- group { 'svn':
- name => 'svn',
- gid => 550,
- alias => 550,
- ensure => present,
- allowdupe => false;
- }
- }
-}
-
-class svn::client {
- package { 'subversion':
- ensure => latest;
- }
-}
diff --git a/files/apache/sites/svn.wikimedia.org
b/modules/subversion/files/apache/svn.wikimedia.org
similarity index 100%
rename from files/apache/sites/svn.wikimedia.org
rename to modules/subversion/files/apache/svn.wikimedia.org
diff --git a/files/svn/docroot/robots.txt
b/modules/subversion/files/docroot/robots.txt
similarity index 100%
rename from files/svn/docroot/robots.txt
rename to modules/subversion/files/docroot/robots.txt
diff --git a/files/svn/revision.ezt b/modules/subversion/files/revision.ezt
similarity index 100%
rename from files/svn/revision.ezt
rename to modules/subversion/files/revision.ezt
diff --git a/files/svn/sillyshell b/modules/subversion/files/sillyshell
similarity index 100%
rename from files/svn/sillyshell
rename to modules/subversion/files/sillyshell
diff --git a/files/svn/viewvc.conf b/modules/subversion/files/viewvc.conf
similarity index 100%
rename from files/svn/viewvc.conf
rename to modules/subversion/files/viewvc.conf
diff --git a/modules/subversion/manifests/client.pp
b/modules/subversion/manifests/client.pp
new file mode 100644
index 0000000..774f716
--- /dev/null
+++ b/modules/subversion/manifests/client.pp
@@ -0,0 +1,7 @@
+class subversion::client {
+
+ package { 'subversion':
+ ensure => present,
+
+ }
+}
diff --git a/modules/subversion/manifests/conversion.pp
b/modules/subversion/manifests/conversion.pp
new file mode 100644
index 0000000..6fc8ecf
--- /dev/null
+++ b/modules/subversion/manifests/conversion.pp
@@ -0,0 +1,11 @@
+class subversion::conversion {
+
+ package { [
+ 'libqt4-dev',
+ 'libsvn-dev',
+ 'g++',
+ ]:
+ ensure => present,
+ }
+
+}
diff --git a/modules/subversion/manifests/init.pp
b/modules/subversion/manifests/init.pp
new file mode 100644
index 0000000..c5f116a
--- /dev/null
+++ b/modules/subversion/manifests/init.pp
@@ -0,0 +1,80 @@
+class subversion ($host){
+
+ include viewvc,
+ subversion::conversion
+
+ # include webserver::php5
+
+ package { 'libapache2-svn':
+ ensure => present,
+ }
+
+ group { 'svn':
+ ensure => present,
+ gid => 550,
+ alias => 550,
+ allowdupe => false,
+ }
+
+ file { '/usr/local/bin/sillyshell':
+ owner => 'root',
+ group => 'root',
+ mode => '0555',
+ source => 'puppet:///modules/subversion/sillyshell',
+ }
+
+ file { '/srv/org/wikimedia/svn':
+ ensure => directory,
+ source => 'puppet:///modules/subversion/docroot',
+ owner => 'root',
+ group => 'svnadm',
+ mode => '0664',
+ recurse => true,
+ }
+
+ file { '/var/cache/svnusers':
+ ensure => directory,
+ owner => 'www-data',
+ group => 'www-data',
+ mode => '0755',
+ }
+
+ file { '/svnroot':
+ ensure => directory,
+ owner => 'root',
+ group => 'svn',
+ mode => '0775';
+ }
+
+ include backup::host
+ backup::set { 'svnroot': }
+
+ apache_site { 'svn':
+ name => 'svn',
+ prefix => '000-'
+ }
+
+ apache_module { 'authz_svn': name => 'authz_svn' }
+
+ ferm::rule { 'svn_80':
+ rule => 'proto tcp dport 80 ACCEPT;'
+ }
+ ferm::rule { 'svn_443':
+ rule => 'proto tcp dport 443 ACCEPT;'
+ }
+
+ exec { '/usr/bin/svn co file:///svnroot/mediawiki/USERINFO svnusers':
+ creates => '/var/cache/svnusers/.svn',
+ cwd => '/var/cache',
+ user => 'www-data',
+ require => File['/var/cache/svnusers'],
+ }
+
+ file { '/etc/apache2/sites-available/svn':
+ owner => 'root',
+ group => 'root',
+ mode => '0444',
+ source => "puppet:///modules/subversion/apache/${host}",
+ }
+}
+
diff --git a/modules/subversion/manifests/viewvc.pp
b/modules/subversion/manifests/viewvc.pp
new file mode 100644
index 0000000..067ce5f
--- /dev/null
+++ b/modules/subversion/manifests/viewvc.pp
@@ -0,0 +1,31 @@
+class subversion::viewvc {
+
+ require subversion
+
+ package { 'viewvc':
+ ensure => present,
+ }
+
+ file { '/etc/apache2/svn-authz':
+ owner => 'root',
+ group => 'root',
+ mode => '0444',
+ source => 'puppet:///private/svn/svn-authz',
+ }
+
+ file { '/etc/viewvc/viewvc.conf':
+ owner => 'root',
+ group => 'root',
+ mode => '0444',
+ source => 'puppet:///modules/subversion/viewvc.conf',
+ }
+
+ file { '/etc/viewvc/templates/revision.ezt':
+ owner => 'root',
+ group => 'root',
+ mode => '0444',
+ source => 'puppet:///modules/subversion/revision.ezt',
+ }
+
+}
+
--
To view, visit https://gerrit.wikimedia.org/r/100760
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Ife6ab663edba01ecd86977ae13a3838f3979e2ed
Gerrit-PatchSet: 13
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Matanya <mata...@foss.co.il>
Gerrit-Reviewer: Alexandros Kosiaris <akosia...@wikimedia.org>
Gerrit-Reviewer: Andrew Bogott <abog...@wikimedia.org>
Gerrit-Reviewer: Chad <ch...@wikimedia.org>
Gerrit-Reviewer: Dzahn <dz...@wikimedia.org>
Gerrit-Reviewer: Matanya <mata...@foss.co.il>
Gerrit-Reviewer: Ori.livneh <o...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
