Mobrovac has uploaded a new change for review.
https://gerrit.wikimedia.org/r/305256
Change subject: PDF Render Service: Role and module
......................................................................
PDF Render Service: Role and module
Bug: T143129
Change-Id: I47c20199a98e2f447a596ea3ce5cd11cf7b1c618
---
A manifests/role/pdfrender.pp
A modules/pdfrender/manifests/init.pp
A modules/pdfrender/templates/initscripts/pdfrender.systemd.erb
3 files changed, 131 insertions(+), 0 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/56/305256/1
diff --git a/manifests/role/pdfrender.pp b/manifests/role/pdfrender.pp
new file mode 100644
index 0000000..b9d0f23
--- /dev/null
+++ b/manifests/role/pdfrender.pp
@@ -0,0 +1,10 @@
+class role::pdfrender {
+
+ system::role { 'role::pdfrender':
+ description => 'A PDF render service based on Electron',
+ }
+
+ include ::pdfrender
+
+}
+
diff --git a/modules/pdfrender/manifests/init.pp
b/modules/pdfrender/manifests/init.pp
new file mode 100644
index 0000000..e612b6b
--- /dev/null
+++ b/modules/pdfrender/manifests/init.pp
@@ -0,0 +1,93 @@
+# == Class: pdfrender
+#
+# This module installs and configures the PDF rendering service - a HTML2PDF
+# conversion service based on the Electron framework.
+#
+# === Parameters
+#
+# [*access_key*]
+# The secret key that needs to match the one sent in requests. Default:
secret
+#
+# [*width*]
+# The default browser width to use when converting, if not specified in the
+# request. Default: 1024
+#
+# [*height*]
+# The default browser height to use when converting, if not specified in the
+# request. Default: 768
+#
+# [*no_browsers*]
+# The number of browser instances to launch in parallel. Default: 1
+#
+# [*timeout*]
+# The maximum number of seconds to wait for a render to complete before
+# aborting it, in seconds. Default: 60
+#
+class pdfrender(
+ $access_key = 'secret',
+ $width = 1024,
+ $height = 768,
+ $no_browsers = 1,
+ $timeout = 60,
+) {
+
+ include ::service::configuration
+
+ $log_dir = "${::service::configuration::log_dir}/zotero"
+
+ # TODO: revisit this list
+ require_package('xvfb', 'libgtk2.0-0', 'ttf-mscorefonts-installer',
+ 'libnotify4', 'libgconf2-4', 'libxss1', 'libnss3', 'dbus-x11',
+ 'firejail', 'nodejs', 'nodejs-legacy')
+
+ ferm::service { 'pdfrender_http_5252':
+ proto => 'tcp',
+ port => '5252',
+ }
+
+ monitoring::service { 'pdfrender':
+ description => 'pdfrender',
+ check_command => 'check_http_zotero!5252',
+ }
+
+ scap::target { 'electron-render/deploy':
+ deploy_user => 'deploy-service',
+ service_name => 'pdfrender',
+ before => Base::Service_unit['pdfrender'],
+ }
+
+ group { 'pdfrender':
+ ensure => present,
+ system => true,
+ before => User['pdfrender'],
+ }
+
+ user { 'pdfrender':
+ gid => 'pdfrender',
+ home => '/nonexistent',
+ shell => '/bin/false',
+ system => true,
+ before => Base::Service_unit['pdfrender'],
+ }
+
+ file { $log_dir:
+ ensure => directory,
+ owner => 'pdfrender',
+ group => 'pdfrender',
+ mode => '0755',
+ before => Base::Service_unit['pdfrender'],
+ }
+
+ systemd::syslog { 'pdfrender':
+ readable_by => 'all',
+ base_dir => $::service::configuration::log_dir,
+ group => 'root',
+ before => Base::Service_unit['pdfrender'],
+ }
+
+ base::service_unit { 'pdfrender':
+ ensure => present,
+ systemd => true,
+ }
+
+}
diff --git a/modules/pdfrender/templates/initscripts/pdfrender.systemd.erb
b/modules/pdfrender/templates/initscripts/pdfrender.systemd.erb
new file mode 100644
index 0000000..1b27267
--- /dev/null
+++ b/modules/pdfrender/templates/initscripts/pdfrender.systemd.erb
@@ -0,0 +1,28 @@
+# NOTE: This file is managed by Puppet
+# Systemd unit for pdfrender
+[Unit]
+Description="pdfrender service"
+After=network.target
+
+[Service]
+# up ulimit -n a bit
+LimitNOFILE=10000
+User=pdfrender
+Group=pdfrender
+Environment="NODE_PATH=/srv/deployment/electron-render/deploy/node_modules"
+Environment="RENDERER_ACCESS_KEY=<%= @access_key %>"
+Environment="PORT=5252"
+Environment="WINDOW_HEIGHT=<%= @height %>"
+Environment="WINDOW_WIDTH=<%= @width %>"
+Environment="CONCURRENCY=<%= @no_browsers %>"
+Environment="TIMEOUT=<%= @timeout %>"
+SyslogIdentifier=pdfrender
+Restart=always
+RestartSec=2s
+# wait 60 seconds for a graceful restart before killing the master
+TimeoutStopSec=60
+WorkingDirectory=/srv/deployment/electron-render/deploy
+ExecStart=/usr/bin/firejail --blacklist=/root --blacklist=/home --caps
--seccomp /usr/bin/xvfb-run
/srv/deployment/electron-render/deploy/src/bin/electron-render-service.js
+
+[Install]
+WantedBy=multi-user.target
--
To view, visit https://gerrit.wikimedia.org/r/305256
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I47c20199a98e2f447a596ea3ce5cd11cf7b1c618
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Mobrovac <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
