Puppet Class: profile::microsites::peopleweb
- Defined in:
- modules/profile/manifests/microsites/peopleweb.pp
Overview
SPDX-License-Identifier: Apache-2.0 people.wikimedia.org lets shells users publish their own files (apache2, mod_userdir) e.g. people.wikimedia.org/~username/
5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 |
# File 'modules/profile/manifests/microsites/peopleweb.pp', line 5
class profile::microsites::peopleweb (
Stdlib::Host $deployment_server = lookup('deployment_server'),
Stdlib::Host $sitename = lookup('profile::microsites::peopleweb::sitename'),
Stdlib::Unixpath $docroot = lookup('profile::microsites::peopleweb::docroot'),
Stdlib::Host $rsync_src_host = lookup('profile::microsites::peopleweb::rsync_src_host'),
Stdlib::Host $rsync_dst_host = lookup('profile::microsites::peopleweb::rsync_dst_host'),
){
# firewall: allow caching layer to talk to http backend
firewall::service { 'people-http':
proto => 'tcp',
port => 80,
src_sets => ['CACHES'],
}
# firewall: allow http from deployment servers for testing
firewall::service { 'people-http-deployment':
proto => 'tcp',
port => 80,
src_sets => ['DEPLOYMENT_HOSTS'],
}
# httpd (apache2)
class { '::httpd':
modules => ['userdir', 'rewrite', 'headers'],
}
class { '::httpd::mpm':
mpm => 'prefork'
}
profile::auto_restarts::service { 'apache2': }
profile::auto_restarts::service { 'envoyproxy': }
rsyslog::input::file { 'apache2-error':
path => '/var/log/apache2/*error*.log',
}
wmflib::dir::mkdir_p($docroot)
# the index page shown at https://people.wikimedia.org/
file { "${docroot}/index.html":
content => template('profile/microsites/peopleweb/index.html.erb'),
mode => '0444',
owner => 'root',
group => 'root',
}
# ensure each user automatically gets a public_html dir inside their home dir
admin::unique_users(['all-users']).each |String $user| {
file { "/home/${user}/public_html":
ensure => directory,
owner => $user,
group => 'wikidev',
mode => '0755',
}
}
# Wikimedia single sign-on portal (idp.wikimedia.org)
# allows users to password protect files
include profile::idp::client::httpd
# Monitoring
prometheus::blackbox::check::http { $sitename:
team => 'collaboration-services',
severity => 'task',
path => '/',
ip_families => ['ip4'],
force_tls => true,
body_regex_matches => ['Welcome to people'],
}
# warn users on servers that are NOT the active backend and source of rsync
if $::fqdn == $rsync_src_host {
$motd_content = "#!/bin/sh\necho '\nThis is people.wikimedia.org.\nFiles you put in 'public_html' in your home dir will be accessible on the web.\nMore info on https://wikitech.wikimedia.org/wiki/People.wikimedia.org.\n'"
$rsync_auto_restart_ensure = 'present'
} else {
$motd_content = "#!/bin/sh\necho '\nThis is NOT the active backend for people.wikimedia.org. DO NOT USE THIS. Please go to ${rsync_src_host} instead.\n'"
$rsync_auto_restart_ensure = 'absent'
service { 'rsync': ensure => stopped }
}
motd::script { 'people-motd':
ensure => present,
content => $motd_content,
}
# people's entire home dirs (not just public_html) are backed up in Bacula
backup::set {'home': }
backup::set {'srv-org-wikimedia': }
# allow copying /home from one server to another for migrations
ensure_packages(['rsync'])
rsync::quickdatacopy { 'people-home':
ensure => present,
auto_sync => false,
source_host => $rsync_src_host,
dest_host => $rsync_dst_host,
module_path => '/home',
}
profile::auto_restarts::service { 'rsync':
ensure => $rsync_auto_restart_ensure,
}
}
|