1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
|
# File 'modules/profile/manifests/mediawiki/webserver.pp', line 1
class profile::mediawiki::webserver(
Boolean $has_lvs = lookup('has_lvs'),
Boolean $has_tls = lookup('profile::mediawiki::webserver::has_tls'),
Boolean $stream_to_logstash = lookup('profile::mediawiki::webserver::stream_to_logstash', {'default_value' => false}),
Optional[Stdlib::Port::User] $fcgi_port = lookup('profile::php_fpm::fcgi_port', {'default_value' => undef}),
String $fcgi_pool = lookup('profile::mediawiki::fcgi_pool', {'default_value' => 'www'}),
Array[Wmflib::Php_version] $php_versions = lookup('profile::mediawiki::php::php_versions', {'default_value' => ['7.2']}),
Mediawiki::Vhost_feature_flags $vhost_feature_flags = lookup('profile::mediawiki::vhost_feature_flags', {'default_value' => {}}),
# Sites shared between different installations
Array[Mediawiki::SiteCollection] $common_sites = lookup('mediawiki::common_sites'),
# Installation/site dependent sites
Array[Mediawiki::SiteCollection] $sites = lookup('mediawiki::sites'),
Boolean $install_fonts = lookup('profile::mediawiki::webserver::install_fonts', {'default_value' => false}),
Optional[Wmflib::Php_version] $default_php_version = lookup('profile::mediawiki::webserver::default_php_version', {'default_value' => undef}),
) {
include ::profile::mediawiki::httpd
$versioned_port = php::fpm::versioned_port($fcgi_port, $php_versions)
# The ordering of $fcgi_proxies determines the fallback php version in mediawiki::web::vhost
# so we want to order php versions accordingly.
$ordered_php_versions = $default_php_version ? {
undef => $php_versions,
default => [$default_php_version] + $php_versions.filter |$x| { $x != $default_php_version}
}
$fcgi_proxies = $ordered_php_versions.map |$version| {
$retval = [$version, mediawiki::fcgi_endpoint($versioned_port[$version], "${fcgi_pool}-${version}")]
}
# Declare the proxies explicitly with retry=0
httpd::conf { 'fcgi_proxies':
ensure => present,
content => template('mediawiki/apache/fcgi_proxies.conf.erb')
}
# we may not need fonts anymore! (T294378)
$font_ensure = $install_fonts.bool2str('installed','absent')
class { '::mediawiki::packages::fonts':
ensure => $font_ensure,
}
# Set feature flags for all mediawiki::web::vhost resources
Mediawiki::Web::Vhost {
php_fpm_fcgi_endpoint => $fcgi_proxies[0],
feature_flags => $vhost_feature_flags,
additional_fcgi_endpoints => $fcgi_proxies[1, -1]
}
# Define all websites for apache, as the sum of general and env-specific stuff.
# Note: "fcgi_proxy" is used in the additonal non-MediaWiki sites, and is
# set to the default php engine.
class { '::mediawiki::web::sites':
siteconfigs => $common_sites + $sites,
fcgi_proxy => $fcgi_proxies[0][1],
}
if $has_lvs {
require ::profile::lvs::realserver
class { 'conftool::scripts': }
conftool::credentials { 'mwdeploy':
home => '/var/lib/mwdeploy',
}
# Will re-enable a mediawiki appserver after running scap pull
file { '/usr/local/bin/mw-pool':
ensure => present,
source => 'puppet:///modules/mediawiki/mw-pool',
owner => 'root',
group => 'root',
mode => '0555',
}
monitoring::service { 'etcd_mw_config':
ensure => present,
description => 'MediaWiki EtcdConfig up-to-date',
check_command => "check_etcd_mw_config_lastindex!${::site}",
notes_url => 'https://wikitech.wikimedia.org/wiki/Etcd',
}
}
ferm::service { 'mediawiki-http':
proto => 'tcp',
notrack => true,
port => 'http',
srange => '$DOMAIN_NETWORKS',
}
if $has_tls == true {
# Override niceness to run at -19 like php-fpm
file { '/etc/systemd/system/envoyproxy.service.d/niceness-override.conf':
content => "[Service]\nNice=-19\nCPUAccounting=yes\n",
owner => 'root',
group => 'root',
mode => '0444',
notify => Exec['systemd daemon-reload for envoyproxy.service']
}
include ::profile::tlsproxy::envoy
}
# Mtail program to gather latency metrics from application servers, see T226815
class { '::mtail':
logs => ['/var/log/apache2/other_vhosts_access.log'],
group => 'adm',
}
mtail::program { 'apache2-mediawiki':
ensure => present,
notify => undef,
source => 'puppet:///modules/mtail/programs/mediawiki_access_log.mtail',
}
# Stream to logstash, we are using an if condition to avoid breaking beta T244472
if $stream_to_logstash {
if defined('$::_role'){
$server_role = regsubst($::_role.split('/')[-1], '_', '-', 'G')
} else {
$server_role = 'generic'
}
rsyslog::input::file { "${server_role}-mediawiki-apache2-access":
path => '/var/log/apache2/other_vhosts_access.log',
reopen_on_truncate => 'on',
addmetadata => 'on',
addceetag => 'off',
syslog_tag => "${server_role}-mw-access",
}
}
}
|