Files F2718197

No OneTemporary
Actions

File Metadata

Created
Sun, Feb 15, 5:11 PM

View Options

diff --git a/tools/site/puppet/modules/phabricator/manifests/config.pp b/tools/site/puppet/modules/phabricator/manifests/config.pp
index f1f50f8..241fa87 100644
--- a/tools/site/puppet/modules/phabricator/manifests/config.pp
+++ b/tools/site/puppet/modules/phabricator/manifests/config.pp
@@ -1,190 +1,190 @@
# Configures Phabricator.
#
# @summary Configures Arcanist, libphutil and Phabricator.
# @private
#
class phabricator::config {
assert_private()
$notify = Class['php::fpm::service']
# NOTE: Group 'phabricator' managed in basics/init.pp
user {
default:
ensure => 'present',
managehome => false,
system => true;
$phabricator::daemon_user:
gid => $phabricator::group,
comment => 'Phabricator Daemons',
home => "${phabricator::install_dir}/phabricator/support/empty",
shell => '/usr/sbin/nologin';
$phabricator::vcs_user:
gid => $phabricator::group,
comment => 'Phabricator VCS',
home => $phabricator::repo_dir,
shell => '/bin/sh';
}
file {
default:
group => $phabricator::group;
$phabricator::logs_dir:
owner => $phabricator::www_user,
ensure => 'directory',
mode => '0775';
$phabricator::repo_dir:
ensure => 'directory',
- owner => $phabricator::www_user,
+ owner => $phabricator::daemon_user,
mode => '0750';
$phabricator::install_dir:
ensure => 'directory',
owner => $phabricator::admin_user;
$phabricator::storage_dir:
ensure => 'directory',
owner => $phabricator::www_user;
$phabricator::dumps_dir:
ensure => 'directory',
owner => $phabricator::admin_user;
"/home/${phabricator::admin_user}/.ssh/bitbucket_id_rsa":
owner => 'xreate',
mode => 'u=rw,g=,o=',
source => "${phabricator::secrets_dir}bitbucket_id_rsa",
ensure => file;
'phabricator/conf/local.json':
ensure => 'file',
path => "${phabricator::install_dir}/phabricator/conf/local/local.json",
content => inline_template("<%= scope['phabricator::config'].to_json %>"),
mode => '0640',
notify => $notify,
owner => 'root',
group => $phabricator::group,
require => Vcsrepo['phabricator'];
#Xreate Docs
"${phabricator::install_dir}phabricator/webroot/rsrc/css/xreate-docs":
ensure => link,
target => "${phabricator::install_dir}/xreate-docs/css",
owner => $phabricator::daemon_user,
group => $phabricator::group,
require => Vcsrepo['phabricator'];
["${phabricator::install_dir}xreate-docs/conf", $phabricator::xreate_docs_path]:
ensure => 'directory',
owner=>$phabricator::admin_user,
require=>Vcsrepo['xreate-docs'];
"${phabricator::install_dir}xreate-docs/conf/local.json":
ensure => 'file',
content => inline_template("<%= scope['phabricator::xreate_docs_config'].to_json %>"),
require => [Vcsrepo['xreate-docs']];
}
#Configure Bitbucket:
sshkey {
'bitbucket.org':
type => 'ssh-rsa',
key => 'AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw=='
}
class { 'ssh::client':
options => {
"Host *" => {
'HashKnownHosts' => false,
}
}
}
::ssh::client::config::user {
$phabricator::admin_user:
ensure => present,
options => {
'Host bitbucket.org' => {
'Hostname' => 'bitbucket.org',
'User' => 'git',
'IdentityFile' => '~/.ssh/bitbucket_id_rsa'
}
}
}
logrotate::rule { 'phabricator':
ensure => 'present',
path => [$phabricator::log_access_path, "${phabricator::logs_dir}ssh.log"],
compress => true,
delaycompress => true,
ifempty => false,
missingok => true,
rotate_every => 'week',
rotate => 40
}
# TODO: We should be able to tighten these permissions as follows:
#
# - `/usr/bin/git`, `/usr/bin/git-receive-pack`, `/usr/bin/git-upload-pack`
# and `/usr/lib/git-core/git-http-backend` should only be required if the
# node is //hosting// Diffusion repositories.
# - `/usr/bin/ssh` should only be required if the node is //serving// (either
# directly or by proxy) Diffusion repositories.
#
if $phabricator::manage_diffusion {
# lint:ignore:strict_indent
sudo::conf { "${phabricator::vcs_user}:${phabricator::daemon_user}":
ensure => 'present',
content => sprintf(
'%s ALL=(%s) SETENV: NOPASSWD: %s',
$phabricator::vcs_user,
"${phabricator::daemon_user}:${phabricator::group}",
join([
'/usr/bin/git',
'/usr/bin/git-receive-pack',
'/usr/bin/git-upload-pack',
'/usr/bin/ssh',
], ', '),
),
}
# lint:endignore
#PHP
include php::params
# lint:ignore:strict_indent
sudo::conf { "${php::params::fpm_user}:${phabricator::daemon_user}":
ensure => 'present',
content => sprintf(
'%s ALL=(%s) SETENV: NOPASSWD: %s',
$php::params::fpm_user,
"${phabricator::daemon_user}:${phabricator::group}",
join([
'/usr/bin/git',
'/usr/bin/ssh',
'/usr/lib/git-core/git-http-backend',
], ', '),
),
}
# lint:endignore
# lint:ignore:strict_indent
ssh::server::config::setting { $phabricator::vcs_user:
key => "Match User ${phabricator::vcs_user}",
# TODO: This seems quite hacky.
value => join([
'',
"AuthorizedKeysCommand ${phabricator::install_dir}/phabricator/bin/ssh-auth",
"AuthorizedKeysCommandUser ${phabricator::vcs_user}",
], "\n "),
}
# lint:endignore
}
}
diff --git a/tools/site/puppet/modules/phabricator/manifests/install.pp b/tools/site/puppet/modules/phabricator/manifests/install.pp
index eedaff3..207372c 100644
--- a/tools/site/puppet/modules/phabricator/manifests/install.pp
+++ b/tools/site/puppet/modules/phabricator/manifests/install.pp
@@ -1,178 +1,179 @@
# Installs Phabricator.
#
# @summary Installs Arcanist, libphutil and Phabricator.
# @private
#
class phabricator::install {
assert_private()
# The `php::packages` class requires `Class['apt::update']` unconditionally,
# but the `apt::update` class may not have been defined. See
# https://github.com/voxpupuli/puppet-php/pull/323.
include apt
include git
$notify = Class['php::fpm::service']
# Ensure that the CLI is installed before any extensions are installed.
Class['php::cli'] -> Php::Extension <| |>
vcsrepo {
default:
ensure => 'latest',
provider => 'git',
user => $phabricator::admin_user,
group => $phabricator::group,
require => Ssh::Client::Config::User[$phabricator::admin_user],
notify => $notify;
'arcanist':
path => "${phabricator::install_dir}/arcanist",
source => $phabricator::arcanist_url;
'libphutil':
path => "${phabricator::install_dir}/libphutil",
source => $phabricator::libphutil_url;
'phabricator':
path => "${phabricator::install_dir}/phabricator",
source => $phabricator::phabricator_url;
'xreate-docs':
path => "${phabricator::install_dir}/xreate-docs",
source => $phabricator::xreate_docs_url
}
class refresh {
exec {
default:
refreshonly => true,
user => $phabricator::admin_user,
group => $phabricator::group,
cwd => "${phabricator::install_dir}",
path =>['/bin', '/usr/bin'],
logoutput => true,
subscribe => [
Vcsrepo['xreate-docs'],
File['phabricator/conf/local.json']
];
'arc liberate':
command => "${phabricator::install_dir}arcanist/bin/arc liberate --upgrade",
cwd => "${phabricator::install_dir}xreate-docs";
"${phabricator::install_dir}libphutil/scripts/phutil_rebuild_map.php libphutil/src/":;
'celerity map':
command => "${phabricator::install_dir}phabricator/bin/celerity map";
}
}
class storage {
$storage_upgrade_flags = shellquote(
[
'--force',
"--user=${phabricator::storage_upgrade_user}",
"--password=${phabricator::storage_upgrade_password}",
]
)
if !empty($phabricator::init_db) {
notice ("Restore DB from dump!")
exec {'db update':
command => "${phabricator::ctl} dump-restore ${phabricator::init_db}",
timeout => 1800,
onlyif => [
"test -e ${phabricator::ctl}",
"test -e ${phabricator::init_db}",
],
unless => '/usr/bin/mysql -uroot -e "show databases;" | grep phabricator',
path => ['/bin', '/usr/bin'],
subscribe => Class['phabricator::mysql'],
notify => [Class['php::fpm::service'], Service['phd']]
}
} else {
exec { 'db update':
command => Sensitive.new("${phabricator::install_dir}phabricator/bin/storage upgrade ${storage_upgrade_flags}"),
unless => '/usr/bin/mysql -uroot -e "show databases;" | grep phabricator',
timeout => 0,
user => $phabricator::admin_user,
group => $phabricator::group,
path =>['/bin', '/usr/bin'],
logoutput => true,
require => [
Class['php::cli'],
File['phabricator/conf/local.json'],
Vcsrepo['arcanist'],
Vcsrepo['libphutil']
],
subscribe => [
Vcsrepo['phabricator'],
Class['phabricator::mysql'],
File['phabricator/conf/local.json'],
],
notify => [Class['php::fpm::service'], Service['phd']]
}
}
}
class{'phabricator::install::refresh': }
class{'phabricator::install::storage': require=>Class['phabricator::install::refresh']}
#Repo
archive {"${phabricator::init_repo}":
extract => true,
extract_path => $phabricator::repo_dir,
creates => "${phabricator::repo_dir}/1",
cleanup => false,
+ user => $phabricator::daemon_user
}
$repositories = ['rXR']
$repositories.each | $rep | {
exec{"${phabricator::install_dir}phabricator/bin/repository update ${rep}":
refreshonly => true,
subscribe => Archive["${phabricator::init_repo}"],
path => '/usr/bin/',
logoutput => true
}
}
# These packages are required in order to compile XHPAST.
ensure_packages(['g++', 'make'])
exec { 'build_xhpast.php':
command => "${phabricator::install_dir}/libphutil/scripts/build_xhpast.php",
refreshonly => true,
require => [
Class['php::cli'],
Package['g++'],
Package['make'],
],
subscribe => Vcsrepo['libphutil'],
}
if $phabricator::install_fonts {
debconf { 'msttcorefonts/accepted-mscorefonts-eula':
ensure => 'present',
package => 'ttf-mscorefonts-installer',
type => 'select',
value => bool2str(true),
before => Package['ttf-mscorefonts-installer'],
}
package { 'ttf-mscorefonts-installer':
ensure => 'latest',
}
$font_file_ensure = 'link'
} else {
$font_file_ensure = 'absent'
}
file { "${phabricator::install_dir}/phabricator/resources/font/impact.ttf":
ensure => $font_file_ensure,
target => '/usr/share/fonts/truetype/msttcorefonts/Impact.ttf',
require => Vcsrepo['phabricator'],
}
}

Event Timeline

Email: pr.h7@xreate.org · 2019 Xreate.org · Powered by Phabricator