diff --git a/data/deployments/admin/common.yaml b/data/deployments/admin/common.yaml index 5e2e9f02..de0d0a91 100644 --- a/data/deployments/admin/common.yaml +++ b/data/deployments/admin/common.yaml @@ -1,31 +1,32 @@ swh::deploy::environment: admin swh::deploy::reverse_proxy::services: - hedgedoc +swh::postgresql::version: '14' swh::postgresql::listen_addresses: - 0.0.0.0 swh::postgresql::network_accesses: - 192.168.100.0/24 # Monitoring swh::postgresql::shared_buffers: 4GB swh::postgresql::port: 5432 swh::postgresql::cluster_name: "%{lookup('swh::postgresql::version')}/main" swh::postgresql::datadir_base: "/srv/postgresql" swh::postgresql::datadir: "%{lookup('swh::postgresql::datadir_base')}/%{lookup('swh::postgresql::cluster_name')}" hedgedoc::db::database: hedgedoc hedgedoc::db::username: hedgedoc # swh::deploy::hedgedoc::db::password: in private-data swh::deploy::hedgedoc::reverse_proxy::backend_http_host: bardo.internal.admin.swh.network swh::deploy::hedgedoc::reverse_proxy::backend_http_port: "3000" swh::deploy::hedgedoc::reverse_proxy::websocket_support: true swh::deploy::hedgedoc::base_url: hedgedoc.softwareheritage.org swh::deploy::hedgedoc::vhost::letsencrypt_cert: hedgedoc hitch::frontend: "[*]:443" hitch::proxy_support: true varnish::http_port: 80 diff --git a/data/hostname/bardo.internal.admin.swh.network.yaml b/data/hostname/bardo.internal.admin.swh.network.yaml index d25c4ef3..c0f4f151 100644 --- a/data/hostname/bardo.internal.admin.swh.network.yaml +++ b/data/hostname/bardo.internal.admin.swh.network.yaml @@ -1,41 +1,21 @@ -hedgedoc::db::host: localhost - -swh::postgresql::version: '12' -swh::postgresql::port: 5433 - -swh::postgresql::datadir_base: "%{lookup('swh::base_directory')}/postgres" -swh::postgresql::datadir: "%{lookup('swh::postgresql::datadir_base')}/%{lookup('swh::postgresql::cluster_name')}" -swh::postgresql::network_accesses: - - 192.168.100.0/24 # Monitoring - - 192.168.130.0/24 # Staging services - -swh::dbs: - hedgedoc: - name: "%{alias('hedgedoc::db::database')}" - user: "%{alias('hedgedoc::db::username')}" +hedgedoc::db::host: db1.internal.admin.swh.network hedgedoc::release::version: 1.9.2 hedgedoc::release::digest: 052088a634731e0f9c28e40f9869281f24bf3fbb25173a341ba2c94496109f51 hedgedoc::release::digest_type: sha256 hedgedoc::allow_anonymous: true hedgedoc::allow_anonymous_edits: true # authentication hedgedoc::allow_email: true hedgedoc::allow_email_register: false hedgedoc::enable_keycloak: true hedgedoc::keycloak::provider_name: Software Heritage hedgedoc::keycloak::domain: auth.softwareheritage.org hedgedoc::keycloak::realm: SoftwareHeritage hedgedoc::keycloak::client::id: hedgedoc # hedgedoc::keycloak::client::secret in private-data - - hedgedoc::runtime_environment: production hedgedoc::log_level: info - -postgresql::server::config_entries: - shared_buffers: "%{alias('swh::postgresql::shared_buffers')}" - cluster_name: "%{alias('swh::postgresql::cluster_name')}" diff --git a/data/hostname/dali.internal.admin.swh.network.yaml b/data/hostname/dali.internal.admin.swh.network.yaml index 1d03575f..f0474f72 100644 --- a/data/hostname/dali.internal.admin.swh.network.yaml +++ b/data/hostname/dali.internal.admin.swh.network.yaml @@ -1,23 +1,22 @@ -swh::postgresql::version: '14' swh::postgresql::shared_buffers: 8GB swh::dbs: netbox: name: "%{alias('netbox::db::database')}" user: "%{alias('netbox::db::username')}" password: "%{alias('netbox::db::password')}" hedgedoc: name: "%{alias('hedgedoc::db::database')}" user: "%{alias('hedgedoc::db::username')}" grafana: name: "%{alias('grafana::db::username')}" user: "%{alias('grafana::db::username')}" password: "%{alias('grafana::db::password')}" sentry: name: "%{alias('sentry::postgres::dbname')}" user: "%{alias('sentry::postgres::user')}" password: "%{alias('sentry::postgres::password')}" keycloak: name: "%{alias('keycloak::postgres::dbname')}" user: "%{alias('keycloak::postgres::user')}" password: "%{alias('keycloak::postgres::password')}" diff --git a/site-modules/profile/manifests/hedgedoc.pp b/site-modules/profile/manifests/hedgedoc.pp index 7393866e..5ffe8d56 100644 --- a/site-modules/profile/manifests/hedgedoc.pp +++ b/site-modules/profile/manifests/hedgedoc.pp @@ -1,168 +1,175 @@ # deploy a hedgedoc instance class profile::hedgedoc { include profile::hedgedoc::apt_config include profile::hedgedoc::user $user = $::profile::hedgedoc::user::user $group = $::profile::hedgedoc::user::group # ---- install $version = lookup('hedgedoc::release::version') $archive_url = "https://github.com/hedgedoc/hedgedoc/releases/download/${version}/hedgedoc-${version}.tar.gz" $archive_digest = lookup('hedgedoc::release::digest') $archive_digest_type = lookup('hedgedoc::release::digest_type') $install_basepath = "/opt/hedgedoc" $install_dir = "${install_basepath}/${version}" $install_db_dump = "${install_basepath}/db-backup_pre-${version}.sql.gz" $install_flag = "${install_dir}/setup_done" $uploads_dir = "${install_basepath}/uploads" $yarn_cachedir = "/var/cache/hedgedoc-yarn" $archive_path = "${install_basepath}/${version}.tar.gz" $current_symlink = "${install_basepath}/current" $service_name = "hedgedoc" $unit_name = "${service_name}.service" file { [$install_basepath, $install_dir, $uploads_dir]: ensure => 'directory', owner => $user, group => $group, mode => '0644', } file { $yarn_cachedir: ensure => 'directory', owner => $user, group => $group, mode => '0600', } archive { 'hedgedoc': path => $archive_path, extract => true, extract_command => 'tar xzf %s --strip-components=1 --no-same-owner --no-same-permissions', source => $archive_url, extract_path => $install_dir, checksum => $archive_digest, checksum_type => $archive_digest_type, creates => "${install_dir}/bin/setup", cleanup => true, user => $user, group => $group, require => File[$install_dir], notify => Exec['hedgedoc-setup'], } # ---- configuration $db_host = lookup('hedgedoc::db::host') $db_name = lookup('hedgedoc::db::database') $db_user = lookup('hedgedoc::db::username') $db_password = lookup('swh::deploy::hedgedoc::db::password') $db_port = lookup('swh::postgresql::port') $db_url = "postgres://${db_user}:${db_password}@${db_host}:${db_port}/${db_name}" $sequelizerc_path = "${install_dir}/.sequelizerc" + # Template uses variables: + # - $db_url file {$sequelizerc_path: ensure => present, owner => $user, group => $group, mode => '0644', content => template("profile/hedgedoc/sequelizerc.erb"), notify => Service[$service_name], } $base_url = lookup('swh::deploy::hedgedoc::base_url') $runtime_environment = lookup('hedgedoc::runtime_environment') $log_level = lookup('hedgedoc::log_level') $session_secret = lookup('hedgedoc::session_secret') $allow_anonymous = lookup('hedgedoc::allow_anonymous') $allow_anonymous_edits = lookup('hedgedoc::allow_anonymous_edits') $allow_email = lookup('hedgedoc::allow_email') $allow_email_register = lookup('hedgedoc::allow_email_register') $enable_keycloak = lookup('hedgedoc::enable_keycloak', Boolean, 'first', false) $keycloak_domain = lookup('hedgedoc::keycloak::domain') $keycloak_provider_name = lookup('hedgedoc::keycloak::provider_name') $keycloak_realm = lookup('hedgedoc::keycloak::realm') $keycloak_client_id = lookup('hedgedoc::keycloak::client::id') $keycloak_client_secret = lookup('hedgedoc::keycloak::client::secret') $config_json_path = "${install_dir}/config.json" + $pg_version = lookup('swh::postgresql::version') + $pg_client_package = "postgresql-client-${pg_version}" + package {$pg_client_package: + ensure => 'present', + } + file {$config_json_path: ensure => present, owner => $user, group => $group, # Contains credentials mode => '0600', content => template("profile/hedgedoc/config.json.erb"), notify => Service[$service_name], } exec {'hedgedoc-dump-db': command => "pg_dump ${db_name} | gzip -9 > ${install_db_dump}", path => ["/bin", "/usr/bin"], environment => [ "PGHOST=${db_host}", "PGUSER=${db_user}", "PGPORT=${db_port}", "PGPASSWORD=${db_password}", ], creates => $install_db_dump, user => $user, umask => '0066', require => [ - Postgresql::Server::Db[$db_name], + Package[$pg_client_package], ], } -> exec {'hedgedoc-setup': command => "${install_dir}/bin/setup && touch ${install_flag}", cwd => $install_dir, require => [ - Postgresql::Server::Db[$db_name], File[$config_json_path], File[$sequelizerc_path], ], environment => [ "YARN_CACHE_FOLDER=${yarn_cachedir}", ], creates => $install_flag, user => $user, } -> file {$current_symlink: ensure => 'link', target => $install_dir, notify => Service[$service_name], } -> systemd::unit_file {$unit_name: ensure => present, content => template('profile/hedgedoc/hedgedoc.service.erb'), } -> service {$service_name: ensure => 'running', enable => true, require => [ Class['profile::hedgedoc::apt_config'], ], } profile::prometheus::export_scrape_config {"hedgedoc_${base_url}": job => 'hedgedoc', target => "${base_url}:443", scheme => 'https', metrics_path => '/metrics', } } diff --git a/site-modules/role/manifests/swh_hedgedoc.pp b/site-modules/role/manifests/swh_hedgedoc.pp index 792bfb35..80261c9f 100644 --- a/site-modules/role/manifests/swh_hedgedoc.pp +++ b/site-modules/role/manifests/swh_hedgedoc.pp @@ -1,4 +1,3 @@ class role::swh_hedgedoc inherits role::swh_database { - include profile::postgresql::server include profile::hedgedoc }