Page MenuHomeSoftware Heritage
Differential D4768

production: Add new hedgedoc instance
ClosedPublic
Actions

Authored by ardumont on Dec 18 2020, 1:33 PM.

Details

Reviewers
vsellier
Group Reviewers
System administrators
Maniphest Tasks
T2827: Deploy an instance of hedgedoc
Commits
rSPSITE73219ffec559: Reference domain for the hedgedoc instance
rSPSITE2296f7ee87cb: hedgedoc: Automate installation
rSPSITE37a6bc671d49: hedgedoc: Install a more recent yarn version
rSPSITEe12017013c8b: production: Add new bardo instance for the hedgedoc instance
Summary

Add a hedgedoc role to install and run a hedgedoc instance.

This will:

  • install and configure a postgres instance (ready to receive the hedgedoc schema)
  • install and configure a hedgedoc instance
  • then configure and run the hedgedoc systemd service

Remains:

  • some more configuration options which can be opened later (as we go along i guess)
  • certificate part which can be dealt with later

Related to T2827

Test Plan

vagrant up/provision (from scratch to the hedgedoc instance running):

==> prod-bardo: Info: /Stage[main]/Profile::Prometheus::Sql/File[/usr/bin/update-prometheus-sql-exporter-config]: Scheduling refresh of Service[prometheus-sql-exporter]
==> prod-bardo: Info: Computing checksum on file /etc/default/prometheus-sql-exporter
==> prod-bardo: Info: /Stage[main]/Profile::Prometheus::Sql/File[/etc/default/prometheus-sql-exporter]: Filebucketed /etc/default/prometheus-sql-exporter to puppet with sum d6b9b0dada9aadd4e60d2f08fdc1de55
==> prod-bardo: Notice: /Stage[main]/Profile::Prometheus::Sql/File[/etc/default/prometheus-sql-exporter]/content: content changed '{md5}d6b9b0dada9aadd4e60d2f08fdc1de55' to '{md5}bb991e37c33b3c98237582c9cab77b28'
==> prod-bardo: Info: /Stage[main]/Profile::Prometheus::Sql/File[/etc/default/prometheus-sql-exporter]: Scheduling refresh of Service[prometheus-sql-exporter]
==> prod-bardo: Notice: /Stage[main]/Profile::Prometheus::Sql/Service[prometheus-sql-exporter]/ensure: ensure changed 'stopped' to 'running'
==> prod-bardo: Info: /Stage[main]/Profile::Prometheus::Sql/Service[prometheus-sql-exporter]: Unscheduling refresh on Service[prometheus-sql-exporter]
==> prod-bardo: Notice: /Stage[main]/Postgresql::Server::Install/Package[postgresql-server]/ensure: created
==> prod-bardo: Notice: /Stage[main]/Postgresql::Server::Initdb/File[/srv/softwareheritage/postgres/12/main]/ensure: created
==> prod-bardo: Notice: /Stage[main]/Postgresql::Server::Initdb/Exec[postgresql_initdb]/returns: executed successfully
==> prod-bardo: Notice: /Stage[main]/Profile::Hedgedoc/Package[npm]/ensure: created
==> prod-bardo: Notice: /Stage[main]/Profile::Hedgedoc/Package[npm]: Triggered 'refresh' from 1 event
==> prod-bardo: Notice: /Stage[main]/Profile::Hedgedoc/Package[yarn]/ensure: created
==> prod-bardo: Notice: /Stage[main]/Profile::Hedgedoc/Package[yarn]: Triggered 'refresh' from 1 event
==> prod-bardo: Notice: /Stage[main]/Profile::Hedgedoc/Package[node-gyp]: Triggered 'refresh' from 1 event
==> prod-bardo: Notice: /Stage[main]/Profile::Hedgedoc/Archive[hedgedoc]/ensure: download archive from https://github.com/hedgedoc/hedgedoc/releases/download/1.7.0-rc2/hedgedoc-1.7.0-rc2.tar.gz to /tmp/hedgedoc-1.7.0-rc2.tar.gz and extracted in /home/hedgedoc with cleanup
==> prod-bardo: Info: /Stage[main]/Profile::Hedgedoc/Archive[hedgedoc]: Scheduling refresh of Exec[active-initialize]
==> prod-bardo: Notice: /Stage[main]/Profile::Hedgedoc/Exec[active-initialize]: Triggered 'refresh' from 1 event
==> prod-bardo: Info: /Stage[main]/Profile::Hedgedoc/Exec[active-initialize]: Scheduling refresh of Exec[hedgedoc-flag-upgrade]
==> prod-bardo: Notice: /Stage[main]/Profile::Base/Sudo::Conf[local-env]/File[10_local-env]/ensure: defined content as '{md5}e3e5874da7d4d330d9bc42eec0db7543'
==> prod-bardo: Info: /Stage[main]/Profile::Base/Sudo::Conf[local-env]/File[10_local-env]: Scheduling refresh of Exec[sudo-syntax-check for file /etc/sudoers.d/10_local-env]
==> prod-bardo: Notice: /Stage[main]/Profile::Base/Sudo::Conf[local-env]/Exec[sudo-syntax-check for file /etc/sudoers.d/10_local-env]: Triggered 'refresh' from 1 event
==> prod-bardo: Notice: /Stage[main]/Profile::Base/Sudo::Conf[local-deploy]/File[20_local-deploy]/ensure: defined content as '{md5}68c2b05388c8e1d3c34e492c33fb1ff3'
==> prod-bardo: Info: /Stage[main]/Profile::Base/Sudo::Conf[local-deploy]/File[20_local-deploy]: Scheduling refresh of Exec[sudo-syntax-check for file /etc/sudoers.d/20_local-deploy]
==> prod-bardo: Notice: /Stage[main]/Profile::Base/Sudo::Conf[local-deploy]/Exec[sudo-syntax-check for file /etc/sudoers.d/20_local-deploy]: Triggered 'refresh' from 1 event
==> prod-bardo: Info: Computing checksum on file /etc/ssh/sshd_config
==> prod-bardo: Info: /Stage[main]/Ssh::Server::Config/Concat[/etc/ssh/sshd_config]/File[/etc/ssh/sshd_config]: Filebucketed /etc/ssh/sshd_config to puppet with sum 55570f990ec9c3b8d19c19ab4d0b8eb8
==> prod-bardo: Notice: /Stage[main]/Ssh::Server::Config/Concat[/etc/ssh/sshd_config]/File[/etc/ssh/sshd_config]/content: content changed '{md5}55570f990ec9c3b8d19c19ab4d0b8eb8' to '{md5}135f12528f7cda23daffddfd6fcd2014'
==> prod-bardo: Notice: /Stage[main]/Ssh::Server::Config/Concat[/etc/ssh/sshd_config]/File[/etc/ssh/sshd_config]/mode: mode changed '0644' to '0600'
==> prod-bardo: Info: Concat[/etc/ssh/sshd_config]: Scheduling refresh of Service[ssh]
==> prod-bardo: Info: Class[Ssh::Server::Config]: Scheduling refresh of Class[Ssh::Server::Service]
==> prod-bardo: Info: Class[Ssh::Server::Service]: Scheduling refresh of Service[ssh]
==> prod-bardo: Notice: /Stage[main]/Ssh::Server::Service/Service[ssh]: Triggered 'refresh' from 2 events
==> prod-bardo: Notice: /Stage[main]/Profile::Icinga2::Objects::Agent_checks/Sudo::Conf[icinga-check_journal]/File[50_icinga-check_journal]/ensure: defined content as '{md5}51979b2623211001ec49b2e5f67c28db'
==> prod-bardo: Info: /Stage[main]/Profile::Icinga2::Objects::Agent_checks/Sudo::Conf[icinga-check_journal]/File[50_icinga-check_journal]: Scheduling refresh of Exec[sudo-syntax-check for file /etc/sudoers.d/50_icinga-check_journal]
==> prod-bardo: Notice: /Stage[main]/Profile::Icinga2::Objects::Agent_checks/Sudo::Conf[icinga-check_journal]/Exec[sudo-syntax-check for file /etc/sudoers.d/50_icinga-check_journal]: Triggered 'refresh' from 1 event
==> prod-bardo: Notice: /Stage[main]/Profile::Icinga2::Objects::Agent_checks/Sudo::Conf[icinga-check_newest_file_age]/File[50_icinga-check_newest_file_age]/ensure: defined content as '{md5}f6d34d1350db746c817f7815cd882b9c'
==> prod-bardo: Info: /Stage[main]/Profile::Icinga2::Objects::Agent_checks/Sudo::Conf[icinga-check_newest_file_age]/File[50_icinga-check_newest_file_age]: Scheduling refresh of Exec[sudo-syntax-check for file /etc/sudoers.d/50_icinga-check_newest_file_age]
==> prod-bardo: Notice: /Stage[main]/Profile::Icinga2::Objects::Agent_checks/Sudo::Conf[icinga-check_newest_file_age]/Exec[sudo-syntax-check for file /etc/sudoers.d/50_icinga-check_newest_file_age]: Triggered 'refresh' from 1 event
==> prod-bardo: Info: Computing checksum on file /etc/postgresql/12/main/pg_hba.conf
==> prod-bardo: Info: /Stage[main]/Postgresql::Server::Config/Concat[/etc/postgresql/12/main/pg_hba.conf]/File[/etc/postgresql/12/main/pg_hba.conf]: Filebucketed /etc/postgresql/12/main/pg_hba.conf to puppet with sum f73c565243edc9a5c780409b7c64f362
==> prod-bardo: Notice: /Stage[main]/Postgresql::Server::Config/Concat[/etc/postgresql/12/main/pg_hba.conf]/File[/etc/postgresql/12/main/pg_hba.conf]/content: content changed '{md5}f73c565243edc9a5c780409b7c64f362' to '{md5}91008fe0d4eeac69cb265a23be1f8ad2'
==> prod-bardo: Info: Concat[/etc/postgresql/12/main/pg_hba.conf]: Scheduling refresh of Class[Postgresql::Server::Reload]
==> prod-bardo: Notice: /Stage[main]/Postgresql::Server::Config/Postgresql::Server::Config_entry[listen_addresses]/Postgresql_conf[listen_addresses]/ensure: created
==> prod-bardo: Info: Computing checksum on file /etc/postgresql/12/main/postgresql.conf
==> prod-bardo: Info: /Stage[main]/Postgresql::Server::Config/Postgresql::Server::Config_entry[listen_addresses]/Postgresql_conf[listen_addresses]: Scheduling refresh of Class[Postgresql::Server::Service]
==> prod-bardo: Notice: /Stage[main]/Postgresql::Server::Config/Postgresql::Server::Config_entry[port]/Postgresql_conf[port]/value: value changed '5432' to 5433
==> prod-bardo: Info: /Stage[main]/Postgresql::Server::Config/Postgresql::Server::Config_entry[port]/Postgresql_conf[port]: Scheduling refresh of Class[Postgresql::Server::Service]
==> prod-bardo: Notice: /Stage[main]/Postgresql::Server::Config/Postgresql::Server::Config_entry[data_directory]/Exec[postgresql_stop_data_directory]/returns: executed successfully
==> prod-bardo: Notice: /Stage[main]/Postgresql::Server::Config/Postgresql::Server::Config_entry[data_directory]/Postgresql_conf[data_directory]/value: value changed '/var/lib/postgresql/12/main' to '/srv/softwareheritage/postgres/12/main'
==> prod-bardo: Info: /Stage[main]/Postgresql::Server::Config/Postgresql::Server::Config_entry[data_directory]/Postgresql_conf[data_directory]: Scheduling refresh of Class[Postgresql::Server::Service]
==> prod-bardo: Info: Computing checksum on file /etc/postgresql/12/main/pg_ident.conf
==> prod-bardo: Info: /Stage[main]/Postgresql::Server::Config/Concat[/etc/postgresql/12/main/pg_ident.conf]/File[/etc/postgresql/12/main/pg_ident.conf]: Filebucketed /etc/postgresql/12/main/pg_ident.conf to puppet with sum f11c8332d3f444148c0b8ee83ec5fc6d
==> prod-bardo: Notice: /Stage[main]/Postgresql::Server::Config/Concat[/etc/postgresql/12/main/pg_ident.conf]/File[/etc/postgresql/12/main/pg_ident.conf]/content: content changed '{md5}f11c8332d3f444148c0b8ee83ec5fc6d' to '{md5}9300ac105fe777787ac9e793b8df8d25'
==> prod-bardo: Info: Concat[/etc/postgresql/12/main/pg_ident.conf]: Scheduling refresh of Class[Postgresql::Server::Reload]
==> prod-bardo: Info: Class[Postgresql::Server::Reload]: Scheduling refresh of Exec[postgresql_reload]
==> prod-bardo: Info: Computing checksum on file /etc/icinga2/features-available/checker.conf
==> prod-bardo: Info: /Stage[main]/Icinga2::Feature::Checker/Icinga2::Object[icinga2::object::CheckerComponent::checker]/Concat[/etc/icinga2/features-available/checker.conf]/File[/etc/icinga2/features-available/checker.conf]: Filebucketed /etc/icinga2/features-available/checker.conf to puppet with sum 257218608de8900b923668baae3e0998
==> prod-bardo: Notice: /Stage[main]/Icinga2::Feature::Checker/Icinga2::Object[icinga2::object::CheckerComponent::checker]/Concat[/etc/icinga2/features-available/checker.conf]/File[/etc/icinga2/features-available/checker.conf]/content: content changed '{md5}257218608de8900b923668baae3e0998' to '{md5}03bd83e158b39db6f8ff70c37b3c6fd8'
==> prod-bardo: Notice: /Stage[main]/Icinga2::Feature::Checker/Icinga2::Object[icinga2::object::CheckerComponent::checker]/Concat[/etc/icinga2/features-available/checker.conf]/File[/etc/icinga2/features-available/checker.conf]/owner: owner changed 'nagios' to 'root'
==> prod-bardo: Notice: /Stage[main]/Icinga2::Feature::Checker/Icinga2::Object[icinga2::object::CheckerComponent::checker]/Concat[/etc/icinga2/features-available/checker.conf]/File[/etc/icinga2/features-available/checker.conf]/mode: mode changed '0644' to '0640'
==> prod-bardo: Info: Concat[/etc/icinga2/features-available/checker.conf]: Scheduling refresh of Class[Icinga2::Service]
==> prod-bardo: Info: Icinga2::Object[icinga2::object::CheckerComponent::checker]: Scheduling refresh of Class[Icinga2::Service]
==> prod-bardo: Info: Computing checksum on file /etc/icinga2/features-available/mainlog.conf
==> prod-bardo: Info: /Stage[main]/Icinga2::Feature::Mainlog/Icinga2::Object[icinga2::object::FileLogger::mainlog]/Concat[/etc/icinga2/features-available/mainlog.conf]/File[/etc/icinga2/features-available/mainlog.conf]: Filebucketed /etc/icinga2/features-available/mainlog.conf to puppet with sum c0176893302f9bab22324901e3b942c3
==> prod-bardo: Notice: /Stage[main]/Icinga2::Feature::Mainlog/Icinga2::Object[icinga2::object::FileLogger::mainlog]/Concat[/etc/icinga2/features-available/mainlog.conf]/File[/etc/icinga2/features-available/mainlog.conf]/content: content changed '{md5}c0176893302f9bab22324901e3b942c3' to '{md5}a2c3c83e98ed07845c0c61cd8232eb7a'
==> prod-bardo: Notice: /Stage[main]/Icinga2::Feature::Mainlog/Icinga2::Object[icinga2::object::FileLogger::mainlog]/Concat[/etc/icinga2/features-available/mainlog.conf]/File[/etc/icinga2/features-available/mainlog.conf]/owner: owner changed 'nagios' to 'root'
==> prod-bardo: Notice: /Stage[main]/Icinga2::Feature::Mainlog/Icinga2::Object[icinga2::object::FileLogger::mainlog]/Concat[/etc/icinga2/features-available/mainlog.conf]/File[/etc/icinga2/features-available/mainlog.conf]/mode: mode changed '0644' to '0640'
==> prod-bardo: Info: Concat[/etc/icinga2/features-available/mainlog.conf]: Scheduling refresh of Class[Icinga2::Service]
==> prod-bardo: Info: Icinga2::Object[icinga2::object::FileLogger::mainlog]: Scheduling refresh of Class[Icinga2::Service]
==> prod-bardo: Info: Computing checksum on file /etc/icinga2/features-available/api.conf
==> prod-bardo: Info: /Stage[main]/Icinga2::Feature::Api/Icinga2::Object[icinga2::object::ApiListener::api]/Concat[/etc/icinga2/features-available/api.conf]/File[/etc/icinga2/features-available/api.conf]: Filebucketed /etc/icinga2/features-available/api.conf to puppet with sum 8fbc346baedc7e981eafe326b5934159
==> prod-bardo: Notice: /Stage[main]/Icinga2::Feature::Api/Icinga2::Object[icinga2::object::ApiListener::api]/Concat[/etc/icinga2/features-available/api.conf]/File[/etc/icinga2/features-available/api.conf]/content: content changed '{md5}8fbc346baedc7e981eafe326b5934159' to '{md5}b351576dd97147b8640a02bb18f5d428'
==> prod-bardo: Notice: /Stage[main]/Icinga2::Feature::Api/Icinga2::Object[icinga2::object::ApiListener::api]/Concat[/etc/icinga2/features-available/api.conf]/File[/etc/icinga2/features-available/api.conf]/owner: owner changed 'nagios' to 'root'
==> prod-bardo: Notice: /Stage[main]/Icinga2::Feature::Api/Icinga2::Object[icinga2::object::ApiListener::api]/Concat[/etc/icinga2/features-available/api.conf]/File[/etc/icinga2/features-available/api.conf]/mode: mode changed '0644' to '0640'
==> prod-bardo: Info: Concat[/etc/icinga2/features-available/api.conf]: Scheduling refresh of Class[Icinga2::Service]
==> prod-bardo: Notice: /Stage[main]/Icinga2::Feature::Api/Icinga2::Feature[api]/File[/etc/icinga2/features-enabled/api.conf]/ensure: created
==> prod-bardo: Info: /Stage[main]/Icinga2::Feature::Api/Icinga2::Feature[api]/File[/etc/icinga2/features-enabled/api.conf]: Scheduling refresh of Class[Icinga2::Service]
==> prod-bardo: Info: Icinga2::Object[icinga2::object::ApiListener::api]: Scheduling refresh of Class[Icinga2::Service]
==> prod-bardo: Info: Computing checksum on file /etc/apt/apt.conf.d/50unattended-upgrades
==> prod-bardo: Info: /Stage[main]/Unattended_upgrades/Apt::Conf[unattended-upgrades]/Apt::Setting[conf-unattended-upgrades]/File[/etc/apt/apt.conf.d/50unattended-upgrades]: Filebucketed /etc/apt/apt.conf.d/50unattended-upgrades to puppet with sum 16a42c3bbce2144e6d19788a670de8b0
==> prod-bardo: Notice: /Stage[main]/Unattended_upgrades/Apt::Conf[unattended-upgrades]/Apt::Setting[conf-unattended-upgrades]/File[/etc/apt/apt.conf.d/50unattended-upgrades]/content: content changed '{md5}16a42c3bbce2144e6d19788a670de8b0' to '{md5}7fb9f7f5811d28ef5ab74c4a02377a89'
==> prod-bardo: Notice: /Stage[main]/Unattended_upgrades/Apt::Conf[periodic]/Apt::Setting[conf-periodic]/File[/etc/apt/apt.conf.d/10periodic]/ensure: defined content as '{md5}2d61ab8514b5eada528ae80eaf1d5edf'
==> prod-bardo: Notice: /Stage[main]/Unattended_upgrades/Apt::Conf[options]/Apt::Setting[conf-options]/File[/etc/apt/apt.conf.d/10options]/ensure: defined content as '{md5}5812e79a8e013327aba71e43f1ea3725'
==> prod-bardo: Info: Class[Postgresql::Server::Service]: Scheduling refresh of Anchor[postgresql::server::service::begin]
==> prod-bardo: Info: Class[Postgresql::Server::Service]: Scheduling refresh of Service[postgresqld]
==> prod-bardo: Info: Class[Postgresql::Server::Service]: Scheduling refresh of Anchor[postgresql::server::service::end]
==> prod-bardo: Notice: /Stage[main]/Postgresql::Server::Service/Anchor[postgresql::server::service::begin]: Triggered 'refresh' from 1 event
==> prod-bardo: Notice: /Stage[main]/Postgresql::Server::Service/Service[postgresqld]/ensure: ensure changed 'stopped' to 'running'
==> prod-bardo: Info: /Stage[main]/Postgresql::Server::Service/Service[postgresqld]: Unscheduling refresh on Service[postgresqld]
==> prod-bardo: Notice: /Stage[main]/Postgresql::Server::Service/Anchor[postgresql::server::service::end]: Triggered 'refresh' from 1 event
==> prod-bardo: Notice: /Stage[main]/Postgresql::Server::Reload/Exec[postgresql_reload]: Triggered 'refresh' from 1 event
==> prod-bardo: Notice: /Stage[main]/Postgresql::Server::Passwd/Exec[set_postgres_postgrespw]/returns: ALTER ROLE
==> prod-bardo: Notice: /Stage[main]/Postgresql::Server::Passwd/Exec[set_postgres_postgrespw]/returns: executed successfully
==> prod-bardo: Notice: /Stage[main]/Profile::Postgresql::Server/Postgresql::Server::Role[guest]/Postgresql_psql[CREATE ROLE guest ENCRYPTED PASSWORD ****]/command: command changed 'notrun' to 'CREATE ROLE "guest" ENCRYPTED PASSWORD \'$NEWPGPASSWD\' LOGIN NOCREATEROLE NOCREATEDB NOSUPERUSER  CONNECTION LIMIT -1'
==> prod-bardo: Notice: /Stage[main]/Profile::Postgresql::Server/Postgresql::Server::Db[hedgedoc]/Postgresql::Server::Role[hedgedoc]/Postgresql_psql[CREATE ROLE hedgedoc ENCRYPTED PASSWORD ****]/command: command changed 'notrun' to 'CREATE ROLE "hedgedoc" ENCRYPTED PASSWORD \'$NEWPGPASSWD\' LOGIN NOCREATEROLE NOCREATEDB NOSUPERUSER  CONNECTION LIMIT -1'
==> prod-bardo: Notice: /Stage[main]/Profile::Postgresql::Server/Postgresql::Server::Db[hedgedoc]/Postgresql::Server::Database[hedgedoc]/Postgresql_psql[CREATE DATABASE "hedgedoc"]/command: command changed 'notrun' to 'CREATE DATABASE "hedgedoc" WITH TEMPLATE = "template0"   '
==> prod-bardo: Info: /Stage[main]/Profile::Postgresql::Server/Postgresql::Server::Db[hedgedoc]/Postgresql::Server::Database[hedgedoc]/Postgresql_psql[CREATE DATABASE "hedgedoc"]: Scheduling refresh of Postgresql_psql[REVOKE CONNECT ON DATABASE "hedgedoc" FROM public]
==> prod-bardo: Notice: /Stage[main]/Profile::Postgresql::Server/Postgresql::Server::Db[hedgedoc]/Postgresql::Server::Database[hedgedoc]/Postgresql_psql[REVOKE CONNECT ON DATABASE "hedgedoc" FROM public]: Triggered 'refresh' from 1 event
==> prod-bardo: Notice: /Stage[main]/Profile::Postgresql::Server/Postgresql::Server::Db[hedgedoc]/Postgresql::Server::Database[hedgedoc]/Postgresql_psql[ALTER DATABASE "hedgedoc" OWNER TO "hedgedoc"]/command: command changed 'notrun' to 'ALTER DATABASE "hedgedoc" OWNER TO "hedgedoc"'
==> prod-bardo: Info: Class[Puppet::Agent::Config]: Scheduling refresh of Class[Puppet::Agent::Service]
==> prod-bardo: Info: Class[Puppet::Agent::Service]: Scheduling refresh of Class[Puppet::Agent::Service::Daemon]
==> prod-bardo: Info: Class[Puppet::Agent::Service]: Scheduling refresh of Class[Puppet::Agent::Service::Systemd]
==> prod-bardo: Info: Class[Puppet::Agent::Service]: Scheduling refresh of Class[Puppet::Agent::Service::Cron]
==> prod-bardo: Info: Class[Puppet::Agent::Service::Daemon]: Scheduling refresh of Service[puppet]
==> prod-bardo: Notice: /Stage[main]/Puppet::Agent::Service::Daemon/Service[puppet]: Triggered 'refresh' from 1 event
==> prod-bardo: Info: Class[Puppet::Agent::Service::Systemd]: Scheduling refresh of Exec[systemctl-daemon-reload-puppet]
==> prod-bardo: Info: Class[Puppet::Agent::Service::Systemd]: Scheduling refresh of Service[puppet-run.timer]
==> prod-bardo: Notice: /Stage[main]/Puppet::Agent::Service::Systemd/Service[puppet-run.timer]: Triggered 'refresh' from 1 event
==> prod-bardo: Notice: /Stage[main]/Puppet::Agent::Service::Systemd/Exec[systemctl-daemon-reload-puppet]: Triggered 'refresh' from 1 event
==> prod-bardo: Notice: /Stage[main]/Profile::Icinga2::Objects::Agent_checks/Icinga2::Object::Checkcommand[check_journal]/Icinga2::Object[icinga2::object::CheckCommand::check_journal]/Concat[/etc/icinga2/conf.d/swh-plugins.conf]/File[/etc/icinga2/conf.d/swh-plugins.conf]/ensure: defined content as '{md5}d6f071c58e8813e9271bc6c32c5e749f'
==> prod-bardo: Info: Concat[/etc/icinga2/conf.d/swh-plugins.conf]: Scheduling refresh of Class[Icinga2::Service]
==> prod-bardo: Info: Computing checksum on file /etc/icinga2/zones.conf
==> prod-bardo: Info: /Stage[main]/Icinga2::Feature::Api/Icinga2::Object::Endpoint[NodeName]/Icinga2::Object[icinga2::object::Endpoint::NodeName]/Concat[/etc/icinga2/zones.conf]/File[/etc/icinga2/zones.conf]: Filebucketed /etc/icinga2/zones.conf to puppet with sum 4d4028e9660ccd461369f5b0a42475e6
==> prod-bardo: Notice: /Stage[main]/Icinga2::Feature::Api/Icinga2::Object::Endpoint[NodeName]/Icinga2::Object[icinga2::object::Endpoint::NodeName]/Concat[/etc/icinga2/zones.conf]/File[/etc/icinga2/zones.conf]/content: content changed '{md5}4d4028e9660ccd461369f5b0a42475e6' to '{md5}93f31da2b8de5a1eccb5d89265197a4d'
==> prod-bardo: Notice: /Stage[main]/Icinga2::Feature::Api/Icinga2::Object::Endpoint[NodeName]/Icinga2::Object[icinga2::object::Endpoint::NodeName]/Concat[/etc/icinga2/zones.conf]/File[/etc/icinga2/zones.conf]/owner: owner changed 'nagios' to 'root'
==> prod-bardo: Info: Concat[/etc/icinga2/zones.conf]: Scheduling refresh of Class[Icinga2::Service]
==> prod-bardo: Info: Class[Icinga2::Service]: Unscheduling all events on Class[Icinga2::Service]
==> prod-bardo: Notice: /Stage[main]/Icinga2::Service/Service[icinga2]: Dependency File[/var/lib/icinga2/certs/bardo.softwareheritage.org.key] has failures: true
==> prod-bardo: Notice: /Stage[main]/Icinga2::Service/Service[icinga2]: Dependency File[/var/lib/icinga2/certs/bardo.softwareheritage.org.crt] has failures: true
==> prod-bardo: Notice: /Stage[main]/Icinga2::Service/Service[icinga2]: Dependency File[/var/lib/icinga2/certs/ca.crt] has failures: true
==> prod-bardo: Warning: /Stage[main]/Icinga2::Service/Service[icinga2]: Skipping because of failed dependencies
==> prod-bardo: Warning: /Stage[main]/Icinga2/Anchor[::icinga2::end]: Skipping because of failed dependencies
==> prod-bardo: Info: /Stage[main]/Icinga2/Anchor[::icinga2::end]: Unscheduling all events on Anchor[::icinga2::end]
==> prod-bardo: Info: Class[Icinga2::Feature::Api]: Unscheduling all events on Class[Icinga2::Feature::Api]
==> prod-bardo: Notice: /Stage[main]/Profile::Hedgedoc/Exec[hedgedoc-flag-upgrade]/returns: executed successfully
==> prod-bardo: Notice: /Stage[main]/Profile::Hedgedoc/Exec[hedgedoc-flag-upgrade]: Triggered 'refresh' from 1 event
==> prod-bardo: Info: Computing checksum on file /home/hedgedoc/hedgedoc/config.json
==> prod-bardo: Info: /Stage[main]/Profile::Hedgedoc/File[/home/hedgedoc/hedgedoc/config.json]: Filebucketed /home/hedgedoc/hedgedoc/config.json to puppet with sum 0cc09cd6f81c1b32312041c7d0240644
==> prod-bardo: Notice: /Stage[main]/Profile::Hedgedoc/File[/home/hedgedoc/hedgedoc/config.json]/content: content changed '{md5}0cc09cd6f81c1b32312041c7d0240644' to '{md5}424d7ac619396924de96d53aa6eeb9f2'
==> prod-bardo: Notice: /Stage[main]/Profile::Hedgedoc/File[/home/hedgedoc/hedgedoc/config.json]/owner: owner changed 'root' to 'hedgedoc'
==> prod-bardo: Notice: /Stage[main]/Profile::Hedgedoc/File[/home/hedgedoc/hedgedoc/config.json]/group: group changed 'root' to 'hedgedoc'
==> prod-bardo: Info: Computing checksum on file /home/hedgedoc/hedgedoc/.sequelizerc
==> prod-bardo: Info: /Stage[main]/Profile::Hedgedoc/File[/home/hedgedoc/hedgedoc/.sequelizerc]: Filebucketed /home/hedgedoc/hedgedoc/.sequelizerc to puppet with sum f66b04f55711ba9887910dbaa315c73a
==> prod-bardo: Notice: /Stage[main]/Profile::Hedgedoc/File[/home/hedgedoc/hedgedoc/.sequelizerc]/content: content changed '{md5}f66b04f55711ba9887910dbaa315c73a' to '{md5}6db3e3090077abe1ac0ea20669734634'
==> prod-bardo: Notice: /Stage[main]/Profile::Hedgedoc/File[/home/hedgedoc/hedgedoc/.sequelizerc]/owner: owner changed 'root' to 'hedgedoc'
==> prod-bardo: Notice: /Stage[main]/Profile::Hedgedoc/File[/home/hedgedoc/hedgedoc/.sequelizerc]/group: group changed 'root' to 'hedgedoc'
==> prod-bardo: Info: /Stage[main]/Profile::Hedgedoc/File[/home/hedgedoc/hedgedoc/.sequelizerc]: Scheduling refresh of Exec[yarn-build]
==> prod-bardo: Info: /Stage[main]/Profile::Hedgedoc/File[/home/hedgedoc/hedgedoc/.sequelizerc]: Scheduling refresh of Exec[yarn-build]
==> prod-bardo: Info: /Stage[main]/Profile::Hedgedoc/File[/home/hedgedoc/hedgedoc/.sequelizerc]: Scheduling refresh of Exec[yarn-build]
==> prod-bardo: Notice: /Stage[main]/Profile::Hedgedoc/Exec[yarn-build]/returns: executed successfully
==> prod-bardo: Info: /Stage[main]/Profile::Hedgedoc/Exec[yarn-build]: Scheduling refresh of Exec[hegdedoc-flag-upgrade-done]
==> prod-bardo: Notice: /Stage[main]/Profile::Hedgedoc/Exec[yarn-build]: Triggered 'refresh' from 3 events
==> prod-bardo: Info: /Stage[main]/Profile::Hedgedoc/Exec[yarn-build]: Scheduling refresh of Exec[hegdedoc-flag-upgrade-done]
==> prod-bardo: Notice: /Stage[main]/Profile::Hedgedoc/Exec[hegdedoc-flag-upgrade-done]/returns: executed successfully
==> prod-bardo: Info: /Stage[main]/Profile::Hedgedoc/Exec[hegdedoc-flag-upgrade-done]: Scheduling refresh of Service[hedgedoc]
==> prod-bardo: Notice: /Stage[main]/Profile::Hedgedoc/Exec[hegdedoc-flag-upgrade-done]: Triggered 'refresh' from 2 events
==> prod-bardo: Info: /Stage[main]/Profile::Hedgedoc/Exec[hegdedoc-flag-upgrade-done]: Scheduling refresh of Service[hedgedoc]
==> prod-bardo: Notice: /Stage[main]/Profile::Hedgedoc/Service[hedgedoc]/ensure: ensure changed 'stopped' to 'running'
==> prod-bardo: Info: /Stage[main]/Profile::Hedgedoc/Service[hedgedoc]: Unscheduling refresh on Service[hedgedoc]
==> prod-bardo: Notice: /Stage[main]/Profile::Postgresql::Server/Postgresql::Server::Database_grant[hedgedoc]/Postgresql::Server::Grant[database:hedgedoc]/Postgresql_psql[grant:database:hedgedoc]/command: command changed 'notrun' to 'GRANT CONNECT ON DATABASE "hedgedoc" TO "guest"'
==> prod-bardo: Info: Stage[main]: Unscheduling all events on Stage[main]
==> prod-bardo: Info: Creating state file /var/cache/puppet/state/state.yaml
==> prod-bardo: Notice: Applied catalog in 395.75 seconds

Diff Detail

Repository
rSPSITE puppet-swh-site
Branch
staging
Lint
No Linters Available
Unit
No Unit Test Coverage
Build Status
Buildable 18036
Build 27859: arc lint + arc unit

Event Timeline

ardumont created this revision.Dec 18 2020, 1:33 PM
Harbormaster completed remote builds in B18021: Diff 16869.Dec 18 2020, 1:33 PM
ardumont planned changes to this revision.Dec 18 2020, 1:33 PM
olasd added a subscriber: olasd.Dec 18 2020, 1:35 PM

Please create the hedgedoc user only in the hedgedoc profile, not on all servers :)

ardumont added a comment.Dec 18 2020, 1:37 PM

very good idea ;)

ardumont updated this revision to Diff 16882.Dec 18 2020, 6:03 PM
  • production: Add new bardo instance for the hedgedoc instance
  • hedgedoc: Install a more recent yarn version
  • hedgedoc: Automate installation

Not completely ok yet

Harbormaster completed remote builds in B18034: Diff 16882.Dec 18 2020, 6:03 PM
ardumont planned changes to this revision.Dec 18 2020, 6:03 PM
ardumont edited the test plan for this revision. (Show Details)Dec 18 2020, 6:10 PM
ardumont updated this revision to Diff 16883.Dec 18 2020, 7:49 PM

From scratch to hedgedoc start

No ssl, only http though

Harbormaster completed remote builds in B18035: Diff 16883.Dec 18 2020, 7:49 PM
ardumont edited the summary of this revision. (Show Details)Dec 18 2020, 8:27 PM
ardumont edited the test plan for this revision. (Show Details)
ardumont retitled this revision from wip: production: Add new hedgedoc instance to production: Add new hedgedoc instance.
ardumont edited the summary of this revision. (Show Details)
ardumont updated this revision to Diff 16884.Dec 18 2020, 8:57 PM
ardumont edited the test plan for this revision. (Show Details)

Rebase

Harbormaster completed remote builds in B18036: Diff 16884.Dec 18 2020, 8:57 PM
ardumont updated this revision to Diff 16889.Dec 21 2020, 10:49 AM

Drop numa activated by copy/paste

Harbormaster completed remote builds in B18044: Diff 16889.Dec 21 2020, 10:49 AM
ardumont updated this revision to Diff 16890.Dec 21 2020, 10:50 AM

Drop numa

Harbormaster completed remote builds in B18045: Diff 16890.Dec 21 2020, 10:50 AM
ardumont updated this revision to Diff 16891.Dec 21 2020, 10:50 AM

Fix

Harbormaster completed remote builds in B18046: Diff 16891.Dec 21 2020, 10:50 AM
vsellier requested changes to this revision.Dec 21 2020, 12:15 PM
vsellier added a subscriber: vsellier.
vsellier added inline comments.
manifests/site.pp
135

plain hostname should be quoted

site-modules/profile/manifests/hedgedoc.pp
49

~> is equivalent to a notify, here, a strict require -> should be more appropriate to avoid any attempt to install the packages before the source is installed

63

the dependencies on the user and group should be explicitly declared

71

Shouldn't a condition on the presence of the flag be specified?
I'm afraid the upgrade will be launched each puppet run without it

77

should be $user and $group ?

96

this chaineds exec should all be refreshonly, you have no guaranty on the execution order as there is no strict dependencies between them

111

Should also require the Archive['hedgedoc'] ?

This revision now requires changes to proceed.Dec 21 2020, 12:15 PM
ardumont updated this revision to Diff 16893.Dec 21 2020, 12:37 PM
ardumont marked 5 inline comments as done.

Adapt according to review

Harbormaster completed remote builds in B18048: Diff 16893.Dec 21 2020, 12:37 PM
ardumont marked an inline comment as done.Dec 21 2020, 12:38 PM
ardumont added a comment.Dec 21 2020, 12:40 PM

Still ok:

$ vagrant destroy prod-bardo; vagrant up prod-bardo
...
==> prod-bardo: Notice: Applied catalog in 386.00 seconds
$ curl -s http://bardo.softwareheritage.org:3000 | grep "CodiMD was renamed to HedgeDoc"
                        CodiMD was renamed to HedgeDoc. <a href="https://hedgedoc.org/history/" rel="noopener noreferrer" target="_blank" class="text-danger">Read more</a>
ardumont updated this revision to Diff 16894.Dec 21 2020, 1:08 PM

Try to reduce the use of ambiguate keywords ~>, ->, replace them with notify instead
(when it makes sense).

vagrant destroy, up, provision dance ok -> hedgedoc up and running in the end subsequent
run does nothing.

Harbormaster completed remote builds in B18049: Diff 16894.Dec 21 2020, 1:08 PM
vsellier accepted this revision.Dec 22 2020, 9:53 AM

Tested locally, it looks good. I just add a small comment about the installation directory usually in /opt instead of the user home dir.

site-modules/profile/manifests/hedgedoc.pp
33

WDYT about installing the files on /opt/hedgedoc ?

This revision is now accepted and ready to land.Dec 22 2020, 9:53 AM
ardumont added inline comments.Dec 22 2020, 10:26 AM
site-modules/profile/manifests/hedgedoc.pp
33

indeed, /opt it should be.

I just mapped to where i did my manual tryouts without thinking.

ardumont updated this revision to Diff 16906.Dec 22 2020, 10:43 AM
  • Rebase
  • Install hedgedoc in /opt

(test in progress)

Harbormaster completed remote builds in B18058: Diff 16906.Dec 22 2020, 10:43 AM
ardumont updated this revision to Diff 16911.Dec 22 2020, 12:12 PM

Installing in /opt requires some more steps but now it's ok

Harbormaster completed remote builds in B18062: Diff 16911.Dec 22 2020, 12:13 PM
vsellier accepted this revision.Dec 22 2020, 12:22 PM
ardumont updated this revision to Diff 16912.Dec 22 2020, 12:33 PM

Rebase

Harbormaster completed remote builds in B18063: Diff 16912.Dec 22 2020, 12:33 PM
Closed by commit rSPSITEe12017013c8b: production: Add new bardo instance for the hedgedoc instance (authored by ardumont). · Explain WhyDec 22 2020, 12:34 PM
This revision was automatically updated to reflect the committed changes.
ardumont added a commit: rSPSITEe12017013c8b: production: Add new bardo instance for the hedgedoc instance.
ardumont added a commit: rSPSITE37a6bc671d49: hedgedoc: Install a more recent yarn version.
ardumont added a commit: rSPSITE2296f7ee87cb: hedgedoc: Automate installation.
ardumont added a commit: rSPSITE73219ffec559: Reference domain for the hedgedoc instance.

Revision Contents
Changeset List

PathSize
data/
common/
3 lines
225 lines
deployments/
production/
1 line
2 lines
hostname/
51 lines
subnets/
2 lines
manifests/
4 lines
site-modules/
profile/
manifests/
115 lines
templates/
hedgedoc/
104 lines
23 lines
8 lines
role/
manifests/
4 lines

Diff 16884

View Options

data/common/common.yaml

Loading...
View Options

data/common/public_keys.yaml

Loading...
View Options

data/deployments/production/common.yaml

Loading...
View Options

data/deployments/production/vagrant.yaml

Loading...
View Options

data/hostname/bardo.softwareheritage.org.yaml

Loading...
View Options

data/subnets/vagrant.yaml

Loading...
View Options

manifests/site.pp

Loading...
View Options

site-modules/profile/manifests/hedgedoc.pp

Loading...
View Options

site-modules/profile/templates/hedgedoc/config.json.erb

Loading...
View Options

site-modules/profile/templates/hedgedoc/hedgedoc.service.erb

Loading...
View Options

site-modules/profile/templates/hedgedoc/sequelizerc.erb

Loading...
View Options

site-modules/role/manifests/swh_hedgedoc.pp

Loading...
About · Developer information · Legal