Commit 361eaf63 authored by mh's avatar mh
Browse files

add containers user script and roll them out by default

parent e0d92b1f
#!/bin/env ruby
require 'etc'
## methods required by commons
# which option entries beside sftp_user does
# this script need?
def script_option_keys
['webdir']
end
# further settings files used by this script
def script_settings_files_def
{
'pod_restart.pods' => {
:uid => sftp_user_uid,
:gid => group_gid,
:reject_mmask => 0007,
}
}
end
# verify security related things to that script
def script_security
end
# the main method
def run_script
log "Starting to restart..."
['pods','containers'].each do |w|
unless items[w].empty?
log "Starting to restart #{w}"
items[w].each { |n| stop(w,n) }
end
end
log "Finished restarting..."
return true
end
## script specific methods
def items
@config ||= load_items
end
# sanitize that we only get pods & containers
def load_items
load_file('pod_restart.pods',['pods','containers']).inject({}) do |res,items|
k,v = items
res[k] = v.map do |n|
if n =~ /^[A-Za-z0-9\.\-_]+$/
n
else
log "Name '#{n}' is not a valid name"
nil
end
end.flatten.compact
res
end
end
def stop(what, name)
# chmod runs as sftp user, which should own all the relevant files now
log "Stopping #{what} '#{name}'"
sudo(sftp_user_uid,group_gid) do
cmd("XDG_RUNTIME_DIR=/run/pods/#{sftp_user_uid} podman #{what} stop '#{name}'")
end
log "Stopped #{what} '#{name}' - Restart will be triggered soon..."
rescue => e
log "Error while restarting #{what} '#{name}': #{e.message}"
end
# this will also trigger the run of the script
require "#{File.expand_path(File.join(File.dirname(__FILE__),'..','common','webscripts'))}"
......@@ -24,7 +24,7 @@ define webhosting::common (
$run_gid = 'absent',
$wwwmail = false,
$watch_adjust_webfiles = 'absent',
$user_scripts = 'absent',
Variant[Enum['absent'], Array[String[1]]] $user_scripts = 'absent',
$user_scripts_options = {},
$nagios_check = 'ensure',
Variant[String,Array[String]] $nagios_check_domain = 'absent',
......@@ -351,17 +351,50 @@ define webhosting::common (
if $scl_name and !('scl' in $user_scripts_options['global']) {
$real_user_scripts_options = deep_merge( {
'global' => { 'scl' => $scl_name },
}, $user_scripts_options)
}, $user_scripts_options)
} else {
$real_user_scripts_options = $user_scripts_options
}
if 'containers' in $configuration {
$_user_scripts = unique($user_scripts + $webhosting::user_scripts::container_scripts)
$pods = $configuration['containers'].keys.map |$con_name| {
$vals = $configuration['containers'][$con_name]
if 'deployment_mode' in $vals and $vals['deployment_mode'] =~ /pod$/ {
$con_name
} elsif 'publish_socket' in $vals and !empty($vals['publish_socket']) {
"pod-${con_name}"
} else {
undef
}
}.filter |$val| { $val =~ NotUndef }
$containers = $configuration['containers'].keys.map |$con_name| {
$vals = $configuration['containers'][$con_name]
if 'deployment_mode' in $vals and $vals['deployment_mode'] !~ /pod$/ {
$con_name
} elsif !('deployment_mode' in $vals) and (!('publish_socket' in $vals) or empty($vals['publish_socket'])) {
$con_name
} else {
undef
}
}.filter |$val| { $val =~ NotUndef }
$_real_user_scripts_options = $real_user_scripts_options + {
pod_restart => {
pods => $pods,
containers => $containers,
} + pick($real_user_scripts_options[pod_restart],{}),
}
} else {
$_user_scripts = $user_scripts
$_real_user_scripts_options = $real_user_scripts_options
}
webhosting::user_scripts::manage { $name:
base_path => $vhost_path,
scripts => $user_scripts,
scripts => $_user_scripts,
sftp_user => $real_uid_name,
run_user => $real_run_uid_name,
web_group => $real_gid_name,
options => $real_user_scripts_options,
options => $_real_user_scripts_options,
}
if 'mail_ratelimit' in $configuration {
......
......@@ -41,7 +41,7 @@ define webhosting::container (
$nagios_check_code = '200',
$nagios_use = 'generic-service',
$watch_adjust_webfiles = 'absent',
$user_scripts = 'absent',
$user_scripts = 'auto',
$user_scripts_options = {},
) {
if $gid_name == 'absent' {
......@@ -66,6 +66,12 @@ define webhosting::container (
default => $gid,
}
}
if $user_scripts == 'auto' {
include webhosting::user_scripts
$_user_scripts = $webhosting::user_scripts::container_scripts
} else {
$_user_scripts = $user_scripts
}
$user_container_config = pick($configuration['container_config'],{})
webhosting::common { $name:
ensure => $ensure,
......@@ -84,7 +90,7 @@ define webhosting::container (
nagios_check_code => $nagios_check_code,
nagios_use => $nagios_use,
watch_adjust_webfiles => $watch_adjust_webfiles,
user_scripts => $user_scripts,
user_scripts => $_user_scripts,
user_scripts_options => $user_scripts_options,
configuration => $configuration + {
containers => {
......
......@@ -12,7 +12,7 @@
# - nologs: Send every logging to /dev/null
# - anonym: Don't log ips for CustomLog, send ErrorLog to /dev/null
# - semianonym: Don't log ips for CustomLog, log normal ErrorLog
define webhosting::passenger(
define webhosting::passenger (
$ensure = present,
$configuration = {},
$uid = 'absent',
......@@ -51,16 +51,15 @@ define webhosting::passenger(
$nagios_use = 'generic-service',
$mod_security = false,
$git_repo = 'absent',
$user_scripts = 'absent',
$user_scripts = 'auto',
$user_scripts_options = {},
){
if ($uid_name == 'absent'){
) {
if ($uid_name == 'absent') {
$real_uid_name = $name
} else {
$real_uid_name = $uid_name
}
if ($gid_name == 'absent'){
if ($gid_name == 'absent') {
$real_gid_name = $real_uid_name
} else {
$real_gid_name = $gid_name
......@@ -74,7 +73,13 @@ define webhosting::passenger(
$real_group = $group
}
}
webhosting::common{$name:
if $user_scripts == 'auto' {
include webhosting::user_scripts
$_user_scripts = $webhosting::user_scripts::static_scripts
} else {
$_user_scripts = $user_scripts
}
webhosting::common { $name:
ensure => $ensure,
configuration => $configuration,
uid => $uid,
......@@ -97,10 +102,10 @@ define webhosting::passenger(
nagios_check_code => $nagios_check_code,
nagios_use => $nagios_use,
git_repo => $git_repo,
user_scripts => $user_scripts,
user_scripts => $_user_scripts,
user_scripts_options => $user_scripts_options,
}
apache::vhost::passenger{$name:
apache::vhost::passenger { $name:
ensure => $ensure,
configuration => $configuration,
domainalias => $domainalias,
......@@ -122,7 +127,7 @@ define webhosting::passenger(
if $ensure == 'present' {
$path_options = "\nexport PATH=~/gems/bin:\$PATH"
file{
file {
"/var/www/vhosts/${name}/.ccache":
ensure => directory,
owner => $real_uid_name,
......@@ -146,12 +151,12 @@ define webhosting::passenger(
case $run_mode {
'fcgid': {
if ($run_uid_name == 'absent'){
if ($run_uid_name == 'absent') {
$real_run_uid_name = "${name}_run"
} else {
$real_run_uid_name = $run_uid_name
}
if ($run_gid_name == 'absent'){
if ($run_gid_name == 'absent') {
$real_run_gid_name = $gid_name ? {
'absent' => $name,
default => $gid_name
......@@ -159,7 +164,7 @@ define webhosting::passenger(
} else {
$real_run_gid_name = $run_gid_name
}
Apache::Vhost::Passenger[$name]{
Apache::Vhost::Passenger[$name] {
documentroot_owner => $real_uid_name,
documentroot_group => $real_gid_name,
documentroot_mode => '0750',
......@@ -167,22 +172,22 @@ define webhosting::passenger(
run_gid => $real_run_gid_name,
}
if $ensure != 'absent' {
Apache::Vhost::Passenger[$name]{
require => [ User::Sftp_only[$real_uid_name],
User::Managed[$real_run_uid_name] ],
Apache::Vhost::Passenger[$name] {
require => [User::Sftp_only[$real_uid_name],
User::Managed[$real_run_uid_name]],
}
}
}
default: {
Apache::Vhost::Passenger[$name]{
Apache::Vhost::Passenger[$name] {
require => User::Sftp_only[$real_uid_name],
}
if ($run_uid_name == 'absent'){
if ($run_uid_name == 'absent') {
$real_run_uid_name = 'apache'
} else {
$real_run_uid_name = $run_uid_name
}
if ($run_gid_name == 'absent'){
if ($run_gid_name == 'absent') {
$real_run_gid_name = $gid_name ? {
'absent' => 'apache',
default => $gid_name
......@@ -190,16 +195,15 @@ define webhosting::passenger(
} else {
$real_run_gid_name = $run_gid_name
}
Apache::Vhost::Passenger[$name]{
Apache::Vhost::Passenger[$name] {
run_uid => $run_uid,
run_gid => $run_gid,
}
}
}
if $template_partial != 'absent' {
Apache::Vhost::Passenger[$name]{
Apache::Vhost::Passenger[$name] {
template_partial => $template_partial,
}
}
}
......@@ -14,7 +14,7 @@
# - nologs: Send every logging to /dev/null
# - anonym: Don't log ips for CustomLog, send ErrorLog to /dev/null
# - semianonym: Don't log ips for CustomLog, log normal ErrorLog
define webhosting::php(
define webhosting::php (
$ensure = present,
$configuration = {},
$uid = 'absent',
......@@ -61,13 +61,13 @@ define webhosting::php(
$nagios_use = 'generic-service',
$mod_security = false,
$git_repo = 'absent',
){
if ($uid_name == 'absent'){
) {
if ($uid_name == 'absent') {
$real_uid_name = $name
} else {
$real_uid_name = $uid_name
}
if ($gid_name == 'absent'){
if ($gid_name == 'absent') {
$real_gid_name = $real_uid_name
} else {
$real_gid_name = $gid_name
......@@ -81,7 +81,13 @@ define webhosting::php(
$real_group = $group
}
}
webhosting::common{$name:
if $user_scripts == 'auto' {
include webhosting::user_scripts
$_user_scripts = $webhosting::user_scripts::php_scripts
} else {
$_user_scripts = $user_scripts
}
webhosting::common { $name:
ensure => $ensure,
configuration => $configuration,
uid => $uid,
......@@ -98,7 +104,7 @@ define webhosting::php(
run_uid_name => $run_uid_name,
run_gid => $run_gid,
watch_adjust_webfiles => $watch_adjust_webfiles,
user_scripts => $user_scripts,
user_scripts => $_user_scripts,
user_scripts_options => $user_scripts_options,
wwwmail => $wwwmail,
nagios_check => $nagios_check,
......@@ -109,7 +115,7 @@ define webhosting::php(
git_repo => $git_repo,
php_installation => $php_installation,
}
apache::vhost::php::standard{$name:
apache::vhost::php::standard { $name:
ensure => $ensure,
configuration => $configuration,
domain => $domain,
......@@ -136,17 +142,17 @@ define webhosting::php(
}
case $run_mode {
'fpm','fcgid': {
if ($run_uid_name == 'absent'){
if ($run_uid_name == 'absent') {
$real_run_uid_name = "${name}_run"
} else {
$real_run_uid_name = $run_uid_name
}
if ($run_gid_name == 'absent'){
if ($run_gid_name == 'absent') {
$real_run_gid_name = $real_gid_name
} else {
$real_run_gid_name = $run_gid_name
}
Apache::Vhost::Php::Standard[$name]{
Apache::Vhost::Php::Standard[$name] {
documentroot_owner => $real_uid_name,
documentroot_group => $real_gid_name,
documentroot_mode => '0750',
......@@ -154,24 +160,23 @@ define webhosting::php(
run_gid => $real_run_gid_name,
}
if $ensure != 'absent' {
Apache::Vhost::Php::Standard[$name]{
Apache::Vhost::Php::Standard[$name] {
require => [User::Sftp_only[$real_uid_name],
User::Managed[$real_run_uid_name] ],
User::Managed[$real_run_uid_name]],
}
}
}
default: {
if $ensure != 'absent' {
Apache::Vhost::Php::Standard[$name]{
Apache::Vhost::Php::Standard[$name] {
require => User::Sftp_only[$real_uid_name],
}
}
}
}
if $template_partial != 'absent' {
Apache::Vhost::Php::Standard[$name]{
Apache::Vhost::Php::Standard[$name] {
template_partial => $template_partial
}
}
}
......@@ -14,7 +14,7 @@
# - nologs: Send every logging to /dev/null
# - anonym: Don't log ips for CustomLog, send ErrorLog to /dev/null
# - semianonym: Don't log ips for CustomLog, log normal ErrorLog
define webhosting::php::drupal(
define webhosting::php::drupal (
$ensure = present,
$configuration = {},
$uid = 'absent',
......@@ -34,7 +34,7 @@ define webhosting::php::drupal(
$run_gid = 'absent',
$run_gid_name = 'absent',
$watch_adjust_webfiles = 'absent',
$user_scripts = 'absent',
$user_scripts = 'auto',
$user_scripts_options = {},
$wwwmail = false,
$allow_override = 'None',
......@@ -62,13 +62,13 @@ define webhosting::php::drupal(
$config_webwriteable = false,
$manage_directories = true,
$manage_cron = true,
){
if ($uid_name == 'absent'){
) {
if ($uid_name == 'absent') {
$real_uid_name = $name
} else {
$real_uid_name = $uid_name
}
if ($gid_name == 'absent'){
if ($gid_name == 'absent') {
$real_gid_name = $real_uid_name
} else {
$real_gid_name = $gid_name
......@@ -81,7 +81,13 @@ define webhosting::php::drupal(
$path = "/var/www/vhosts/${name}"
$documentroot = "${path}/www"
webhosting::common{$name:
if $user_scripts == 'auto' {
include webhosting::user_scripts
$_user_scripts = $webhosting::user_scripts::php_scripts
} else {
$_user_scripts = $user_scripts
}
webhosting::common { $name:
ensure => $ensure,
configuration => $configuration,
uid => $uid,
......@@ -96,7 +102,7 @@ define webhosting::php::drupal(
run_uid => $run_uid,
run_uid_name => $run_uid_name,
run_gid => $run_gid,
user_scripts => $user_scripts,
user_scripts => $_user_scripts,
user_scripts_options => $user_scripts_options,
watch_adjust_webfiles => $watch_adjust_webfiles,
wwwmail => $wwwmail,
......@@ -109,7 +115,7 @@ define webhosting::php::drupal(
php_installation => $php_installation,
}
apache::vhost::php::drupal{$name:
apache::vhost::php::drupal { $name:
ensure => $ensure,
configuration => $configuration,
domainalias => $domainalias,
......@@ -138,12 +144,12 @@ define webhosting::php::drupal(
}
case $run_mode {
'fpm','fcgid': {
if ($run_uid_name == 'absent'){
if ($run_uid_name == 'absent') {
$real_run_uid_name = "${name}_run"
} else {
$real_run_uid_name = $run_uid_name
}
if ($run_gid_name == 'absent'){
if ($run_gid_name == 'absent') {
$real_run_gid_name = $gid_name ? {
'absent' => $name,
default => $gid_name
......@@ -151,29 +157,29 @@ define webhosting::php::drupal(
} else {
$real_run_gid_name = $run_gid_name
}
Apache::Vhost::Php::Drupal[$name]{
Apache::Vhost::Php::Drupal[$name] {
documentroot_owner => $real_uid_name,
documentroot_group => $real_gid_name,
run_uid => $real_run_uid_name,
run_gid => $real_run_gid_name,
}
if $ensure != 'absent' {
Apache::Vhost::Php::Drupal[$name]{
Apache::Vhost::Php::Drupal[$name] {
require => [User::Sftp_only[$real_uid_name],
User::Managed[$real_run_uid_name] ],
User::Managed[$real_run_uid_name]],
}
}
}
default: {
if $ensure != 'absent' {
Apache::Vhost::Php::Drupal[$name]{
Apache::Vhost::Php::Drupal[$name] {
require => User::Sftp_only[$real_uid_name],
}
}
}
}
if $template_partial != 'absent' {
Apache::Vhost::Php::Drupal[$name]{
Apache::Vhost::Php::Drupal[$name] {
template_partial => $template_partial,
}
}
......
......@@ -14,7 +14,7 @@
# - nologs: Send every logging to /dev/null
# - anonym: Don't log ips for CustomLog, send ErrorLog to /dev/null
# - semianonym: Don't log ips for CustomLog, log normal ErrorLog
define webhosting::php::joomla(
define webhosting::php::joomla (
$ensure = present,
$configuration = {},
$uid = 'absent',
......@@ -34,7 +34,7 @@ define webhosting::php::joomla(
$run_gid = 'absent',
$run_gid_name = 'absent',
$watch_adjust_webfiles = 'absent',
$user_scripts = 'absent',
$user_scripts = 'auto',
$user_scripts_options = {},
$wwwmail = false,
$allow_override = 'None',
......@@ -61,13 +61,13 @@ define webhosting::php::joomla(
$manage_config = true,
$config_webwriteable = false,
$manage_directories = true
){
if ($uid_name == 'absent'){
) {
if ($uid_name == 'absent') {
$real_uid_name = $name
} else {
$real_uid_name = $uid_name
}
if ($gid_name == 'absent'){
if ($gid_name == 'absent') {
$real_gid_name = $real_uid_name
} else {
$real_gid_name = $gid_name
......@@ -77,7 +77,13 @@ define webhosting::php::joomla(
} else {
$real_group = 'apache'
}
webhosting::common{$name:
if $user_scripts == 'auto' {
include webhosting::user_scripts
$_user_scripts = $webhosting::user_scripts::php_scripts
} else {
$_user_scripts = $user_scripts
}
webhosting::common { $name:
ensure => $ensure,
configuration => $configuration,
uid => $uid,
......@@ -92,7 +98,7 @@ define webhosting::php::joomla(
run_uid => $run_uid,
run_uid_name => $run_uid_name,
run_gid => $run_gid,
user_scripts => $user_scripts,
user_scripts => $_user_scripts,
user_scripts_options => $user_scripts_options,
watch_adjust_webfiles => $watch_adjust_webfiles,
wwwmail => $wwwmail,
......@@ -108,7 +114,7 @@ define webhosting::php::joomla(
$path = "/var/www/vhosts/${name}"
$documentroot = "${path}/www"
apache::vhost::php::joomla{$name:
apache::vhost::php::joomla { $name:
ensure => $ensure,
configuration => $configuration,
domainalias => $domainalias,
......@@ -136,12 +142,12 @@ define webhosting::php::joomla(
}
case $run_mode {
'fpm','fcgid': {
if ($run_uid_name == 'absent'){
if ($run_uid_name == 'absent') {
$real_run_uid_name = "${name}_run"
} else {
$real_run_uid_name = $run_uid_name
}
if ($run_gid_name == 'absent'){
if ($run_gid_name == 'absent') {
$real_run_gid_name = $gid_name ? {
'absent' => $name,
default => $gid_name
......@@ -149,29 +155,29 @@ define webhosting::php::joomla(
} else {
$real_run_gid_name = $run_gid_name
}
Apache::Vhost::Php::Joomla[$name]{
Apache::Vhost::Php::Joomla[$name] {
documentroot_owner => $real_uid_name,
documentroot_group => $real_gid_name,
run_uid => $real_run_uid_name,
run_gid => $real_run_gid_name,
}
if $ensure != 'absent' {