Puppet Class: profile::webperf::site

Defined in:
modules/profile/manifests/webperf/site.pp

Overview

SPDX-License-Identifier: Apache-2.0

Class: profile::webperf::site

This profile provisions the <performance.wikimedia.org> website.

Parameters

server_name

Server name for the Apache VirtualHost of this site.

arclamp_host

HTTP host address where Arc Lamp artefacts are served (hostname or IP, port allowed). For example “prof.example” or “127.0.0.2:8000”. Optional. If undefined, the “/arclamp” path is not proxied.

Parameters:

  • server_name (Stdlib::Fqdn) (defaults to: lookup('profile::webperf::site::server_name'))
  • arclamp_host (Stdlib::Fqdn) (defaults to: lookup('arclamp_host'))
  • xhgui_mysql_host (Stdlib::Fqdn) (defaults to: lookup('profile::webperf::xhgui::mysql_host'))
  • xhgui_mysql_db (String) (defaults to: lookup('profile::webperf::xhgui::mysql_db'))
  • xhgui_mysql_user (String) (defaults to: lookup('profile::webperf::xhgui::mysql_user'))
  • xhgui_mysql_password (String) (defaults to: lookup('profile::webperf::xhgui::mysql_password'))
  • xhgui_mysql_admin_user (String) (defaults to: lookup('profile::webperf::xhgui::mysql_admin_user'))
  • xhgui_mysql_admin_password (String) (defaults to: lookup('profile::webperf::xhgui::mysql_admin_password'))
  • excimer_mysql_host (Stdlib::Fqdn) (defaults to: lookup('profile::webperf::site::excimer_mysql_host'))
  • excimer_mysql_db (String) (defaults to: lookup('profile::webperf::site::excimer_mysql_db'))
  • excimer_mysql_user (String) (defaults to: lookup('profile::webperf::site::excimer_mysql_user'))
  • excimer_mysql_password (String) (defaults to: lookup('profile::webperf::site::excimer_mysql_password'))
  • swift_accounts (Hash[String, Hash]) (defaults to: lookup('profile::swift::accounts')) 


16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
 
# File 'modules/profile/manifests/webperf/site.pp', line 16

class profile::webperf::site (
    Stdlib::Fqdn $server_name                      = lookup('profile::webperf::site::server_name'),
    Stdlib::Fqdn $arclamp_host                     = lookup('arclamp_host'),
    Stdlib::Fqdn $xhgui_mysql_host                 = lookup('profile::webperf::xhgui::mysql_host'),
    String $xhgui_mysql_db                         = lookup('profile::webperf::xhgui::mysql_db'),
    String $xhgui_mysql_user                       = lookup('profile::webperf::xhgui::mysql_user'),
    String $xhgui_mysql_password                   = lookup('profile::webperf::xhgui::mysql_password'),
    String $xhgui_mysql_admin_user                 = lookup('profile::webperf::xhgui::mysql_admin_user'),
    String $xhgui_mysql_admin_password             = lookup('profile::webperf::xhgui::mysql_admin_password'),
    Stdlib::Fqdn $excimer_mysql_host               = lookup('profile::webperf::site::excimer_mysql_host'),
    String $excimer_mysql_db                       = lookup('profile::webperf::site::excimer_mysql_db'),
    String $excimer_mysql_user                     = lookup('profile::webperf::site::excimer_mysql_user'),
    String $excimer_mysql_password                 = lookup('profile::webperf::site::excimer_mysql_password'),
    Hash[String, Hash] $swift_accounts             = lookup('profile::swift::accounts'),
) {
    ensure_packages(['libapache2-mod-php7.4', 'php7.4-mysql', 'mariadb-client'])

    file { '/srv/org':
        ensure => directory,
        owner  => 'root',
        group  => 'root',
        mode   => '0555',
    }

    file { '/srv/org/wikimedia':
        ensure => directory,
        owner  => 'www-data',
        group  => 'www-data',
    }

    git::clone { 'performance/docroot':
        ensure             => latest,
        recurse_submodules => true,
        owner              => 'www-data',
        group              => 'www-data',
        directory          => '/srv/org/wikimedia/performance',
        notify             => Service['apache2'],
        require            => Package['apache2']
    }

    # Allow traffic to port 80 from internal networks
    firewall::service { 'performance-website-global':
        proto    => 'tcp',
        port     => 80,
        src_sets => ['CACHES'],
    }

    file { '/var/www/no-robots.txt':
        ensure  => file,
        owner   => 'www-data',
        group   => 'www-data',
        content => file('profile/webperf/site/no-robots.txt'),
    }

    $excimer_baseurl = "https://${server_name}/excimer/";
    file { '/etc/excimer-ui-server':
        ensure => directory,
        owner  => 'root',
        group  => 'root',
        mode   => '0755',
    }
    $excimer_config = {
        'url' => $excimer_baseurl,
        'dsn' => "mysql:host=${excimer_mysql_host};dbname=${excimer_mysql_db};charset=utf8",
        'dbUser' => $excimer_mysql_user,
        'dbPassword' => $excimer_mysql_password,
        'logToSyslogCee' => true,
    }
    file { '/etc/excimer-ui-server/config.json':
        ensure    => file,
        show_diff => false,
        content   => Sensitive($excimer_config.to_json_pretty()),
        owner     => 'www-data',
        group     => 'www-data',
        mode      => '0600',
        require   => File['/etc/excimer-ui-server']
    }

    file { '/etc/php/7.4/apache2/conf.d/50-webperf.ini':
        ensure  => file,
        content => wmflib::php_ini({
            # XHGui requires more than the default 128M
            'memory_limit' => '512M',
        }),
        owner   => 'root',
        group   => 'root',
        mode    => '0644',
        notify  => Class['::httpd'],
    }

    $httpd_config = [
        'SetEnv EXCIMER_CONFIG_PATH /etc/excimer-ui-server/config.json',
        'SetEnv XHGUI_SAVE_HANDLER pdo',
        # Turn off schema mgmt, as the app fatals unconditionally otherwise.
        # We deploy XHGui as read-only frontend (enforced with non-admin DB grant).
        # https://github.com/perftools/xhgui/pull/494
        'SetEnv XHGUI_PDO_INITSCHEMA "false"',
        "SetEnv XHGUI_PDO_DSN \"mysql:host=${xhgui_mysql_host};dbname=${xhgui_mysql_db};charset=utf8\"",
        "SetEnv XHGUI_PDO_USER \"${xhgui_mysql_user}\"",
        "SetEnv XHGUI_PDO_PASS \"${xhgui_mysql_password}\"",
        'SetEnv XHGUI_PDO_TABLE xhgui'
    ];
    httpd::conf { 'webperf_env':
        content => inline_template("<%= @httpd_config.join(\"\n\") %>\n"),
    }

    $swift_auth_url = $swift_accounts['performance_arclamp']['auth']
    $swift_account_name = $swift_accounts['performance_arclamp']['account_name']

    httpd::site { 'performance-wikimedia-org':
        content => template('profile/webperf/site/performance-website.erb'),
        require => Git::Clone['performance/docroot'],
    }

    profile::auto_restarts::service { 'apache2': }
    profile::auto_restarts::service { 'envoyproxy': }
}