From e8293cd94152eeb41ffa31e2982a20749366e292 Mon Sep 17 00:00:00 2001 From: Evgeni Golov Date: Mon, 4 Sep 2023 09:41:44 +0200 Subject: [PATCH 01/10] only deploy LE for redmine when https is true --- puppet/modules/redmine/manifests/init.pp | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/puppet/modules/redmine/manifests/init.pp b/puppet/modules/redmine/manifests/init.pp index 31347c4f2..43bb39d64 100644 --- a/puppet/modules/redmine/manifests/init.pp +++ b/puppet/modules/redmine/manifests/init.pp @@ -142,13 +142,6 @@ $start_timeout = 600 $priority = '05' - letsencrypt::certonly { $servername: - plugin => 'webroot', - domains => [$servername], - webroot_paths => [$docroot], - require => Vcsrepo[$app_root], - } - apache::vhost { $servername: docroot => $docroot, manage_docroot => false, @@ -159,6 +152,13 @@ } if $https { + letsencrypt::certonly { $servername: + plugin => 'webroot', + domains => [$servername], + webroot_paths => [$docroot], + require => Vcsrepo[$app_root], + } + apache::vhost { "${servername}-https": add_default_charset => 'UTF-8', docroot => $docroot, From 9d8df75c9b70b34450b4ce0f6e77c1dcbc666e5a Mon Sep 17 00:00:00 2001 From: Evgeni Golov Date: Mon, 4 Sep 2023 10:21:41 +0200 Subject: [PATCH 02/10] install git -- required for vcsrepo --- puppet/modules/redmine/manifests/init.pp | 1 + 1 file changed, 1 insertion(+) diff --git a/puppet/modules/redmine/manifests/init.pp b/puppet/modules/redmine/manifests/init.pp index 43bb39d64..996d7fc39 100644 --- a/puppet/modules/redmine/manifests/init.pp +++ b/puppet/modules/redmine/manifests/init.pp @@ -46,6 +46,7 @@ # Needed for bundle install $packages = [ + 'git', 'rubygem-bundler.noarch', 'ruby-devel', 'gcc', From 98e8014a007087dd5928969d6d0f9267ad0a5045 Mon Sep 17 00:00:00 2001 From: Evgeni Golov Date: Mon, 4 Sep 2023 10:21:58 +0200 Subject: [PATCH 03/10] use modern postgresql::postgresql_password syntax --- puppet/modules/redmine/manifests/init.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/puppet/modules/redmine/manifests/init.pp b/puppet/modules/redmine/manifests/init.pp index 996d7fc39..0639afc94 100644 --- a/puppet/modules/redmine/manifests/init.pp +++ b/puppet/modules/redmine/manifests/init.pp @@ -74,7 +74,7 @@ postgresql::server::db { $db_name: user => $username, - password => postgresql_password($username, $db_password), + password => postgresql::postgresql_password($username, $db_password), owner => $username, encoding => 'utf8', locale => 'en_US.utf8', From 1cc26a3d9d6faf2d2c0fd90e830d9d7a10bbe9d7 Mon Sep 17 00:00:00 2001 From: Evgeni Golov Date: Mon, 4 Sep 2023 10:22:22 +0200 Subject: [PATCH 04/10] ensure app-root exists and is writable by our user --- puppet/modules/redmine/manifests/init.pp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/puppet/modules/redmine/manifests/init.pp b/puppet/modules/redmine/manifests/init.pp index 0639afc94..2ae47f1f3 100644 --- a/puppet/modules/redmine/manifests/init.pp +++ b/puppet/modules/redmine/manifests/init.pp @@ -100,10 +100,16 @@ content => template('redmine/secure_config.yaml.erb'), } + file { $app_root: + ensure => directory, + owner => $username, + } + vcsrepo { $app_root: ensure => present, provider => 'git', source => $repo_url, + owner => $username, user => $username, notify => Exec['install redmine'], } From ff8b80b77b373bf37ee6c58d6ecdb5805bdeaffe Mon Sep 17 00:00:00 2001 From: Evgeni Golov Date: Mon, 4 Sep 2023 10:26:28 +0200 Subject: [PATCH 05/10] use Ruby 2.7 for Redmine on EL8 --- puppet/modules/redmine/manifests/init.pp | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/puppet/modules/redmine/manifests/init.pp b/puppet/modules/redmine/manifests/init.pp index 2ae47f1f3..f1642ac07 100644 --- a/puppet/modules/redmine/manifests/init.pp +++ b/puppet/modules/redmine/manifests/init.pp @@ -45,6 +45,16 @@ } # Needed for bundle install + if $facts['os']['release']['major'] == '8' { + package { 'ruby dnf module': + ensure => '2.7', + name => 'ruby', + enable_only => true, + provider => 'dnfmodule', + before => Package['rubygem-bundler.noarch', 'ruby-devel'], + } + } + $packages = [ 'git', 'rubygem-bundler.noarch', From 3ade74e164e85eabc86cfe6368963ad1f6ec6323 Mon Sep 17 00:00:00 2001 From: Evgeni Golov Date: Mon, 4 Sep 2023 11:18:53 +0200 Subject: [PATCH 06/10] add packages needed to build things --- puppet/modules/redmine/manifests/init.pp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/puppet/modules/redmine/manifests/init.pp b/puppet/modules/redmine/manifests/init.pp index f1642ac07..d255020f5 100644 --- a/puppet/modules/redmine/manifests/init.pp +++ b/puppet/modules/redmine/manifests/init.pp @@ -65,6 +65,8 @@ 'ImageMagick-devel', 'postgresql-devel', 'sqlite-devel', + 'redhat-rpm-config', + 'make', ] ensure_packages($packages) From 4ef8cc57dc3db371f8eeeed61dba5b10a55e50dd Mon Sep 17 00:00:00 2001 From: Evgeni Golov Date: Mon, 4 Sep 2023 11:19:09 +0200 Subject: [PATCH 07/10] explicitly set `--path` when doing bundle install --- puppet/modules/redmine/manifests/init.pp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/puppet/modules/redmine/manifests/init.pp b/puppet/modules/redmine/manifests/init.pp index d255020f5..4c79f5278 100644 --- a/puppet/modules/redmine/manifests/init.pp +++ b/puppet/modules/redmine/manifests/init.pp @@ -126,8 +126,9 @@ notify => Exec['install redmine'], } + # TODO: this should lay down a .bundle/config instead of using --path exec { 'install redmine': - command => 'bundle install', + command => 'bundle install --path ./vendor', user => $username, cwd => $app_root, path => $::path, From 967ede7686f5dda6eab077f901de17fab3f27815 Mon Sep 17 00:00:00 2001 From: Evgeni Golov Date: Mon, 4 Sep 2023 11:20:48 +0200 Subject: [PATCH 08/10] don't set checkpoint_segments, it's removed in PostgreSQL 10+ --- puppet/modules/redmine/manifests/init.pp | 1 - 1 file changed, 1 deletion(-) diff --git a/puppet/modules/redmine/manifests/init.pp b/puppet/modules/redmine/manifests/init.pp index 4c79f5278..34cfed0ec 100644 --- a/puppet/modules/redmine/manifests/init.pp +++ b/puppet/modules/redmine/manifests/init.pp @@ -38,7 +38,6 @@ # PostgreSQL tuning $postgresql_settings = { 'checkpoint_completion_target' => '0.9', - 'checkpoint_segments' => '20', 'effective_cache_size' => '2GB', 'shared_buffers' => '512MB', 'work_mem' => '4MB', From b2b22295b7fff4a8ffeaddc44eff34feb6c6b390 Mon Sep 17 00:00:00 2001 From: Evgeni Golov Date: Mon, 4 Sep 2023 11:52:36 +0200 Subject: [PATCH 09/10] move apache backend (passenger) to a dedicated hash --- puppet/modules/redmine/manifests/init.pp | 38 +++++++++++++----------- 1 file changed, 20 insertions(+), 18 deletions(-) diff --git a/puppet/modules/redmine/manifests/init.pp b/puppet/modules/redmine/manifests/init.pp index 34cfed0ec..2722b9389 100644 --- a/puppet/modules/redmine/manifests/init.pp +++ b/puppet/modules/redmine/manifests/init.pp @@ -157,10 +157,14 @@ include web::base $docroot = "${app_root}/public" - $min_instances = 1 - $start_timeout = 600 $priority = '05' + $apache_backend_config = { + passenger_app_root => $app_root, + passenger_min_instances => 1, + passenger_start_timeout => 600, + } + apache::vhost { $servername: docroot => $docroot, manage_docroot => false, @@ -179,24 +183,22 @@ } apache::vhost { "${servername}-https": - add_default_charset => 'UTF-8', - docroot => $docroot, - manage_docroot => false, - port => 443, - options => ['SymLinksIfOwnerMatch'], - passenger_app_root => $app_root, - passenger_min_instances => $min_instances, - passenger_start_timeout => $start_timeout, - priority => $priority, - servername => $servername, - ssl => true, - ssl_cert => "/etc/letsencrypt/live/${servername}/fullchain.pem", - ssl_chain => "/etc/letsencrypt/live/${servername}/chain.pem", - ssl_key => "/etc/letsencrypt/live/${servername}/privkey.pem", - headers => [ + add_default_charset => 'UTF-8', + docroot => $docroot, + manage_docroot => false, + port => 443, + options => ['SymLinksIfOwnerMatch'], + priority => $priority, + servername => $servername, + ssl => true, + ssl_cert => "/etc/letsencrypt/live/${servername}/fullchain.pem", + ssl_chain => "/etc/letsencrypt/live/${servername}/chain.pem", + ssl_key => "/etc/letsencrypt/live/${servername}/privkey.pem", + headers => [ 'set Strict-Transport-Security: max-age=15778800;', ], - require => [Letsencrypt::Certonly[$servername], Exec['install redmine']], + require => [Letsencrypt::Certonly[$servername], Exec['install redmine']], + * => $apache_backend_config, } } From 238094f98475e639862e052ad459c466b5740eee Mon Sep 17 00:00:00 2001 From: Evgeni Golov Date: Mon, 4 Sep 2023 11:53:43 +0200 Subject: [PATCH 10/10] allow deploying from a different branch --- puppet/modules/redmine/manifests/init.pp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/puppet/modules/redmine/manifests/init.pp b/puppet/modules/redmine/manifests/init.pp index 2722b9389..b534e0824 100644 --- a/puppet/modules/redmine/manifests/init.pp +++ b/puppet/modules/redmine/manifests/init.pp @@ -30,6 +30,7 @@ Stdlib::Absolutepath $data_dir = '/var/lib/redmine', String $servername = 'projects.theforeman.org', Stdlib::Httpsurl $repo_url = 'https://github.com/theforeman/redmine', + Optional[String] $repo_branch = undef, String $username = 'redmine', String $db_name = 'redmine', String $db_password = extlib::cache_data('foreman_cache_data', 'db_password', extlib::random_password(32)), @@ -120,6 +121,7 @@ ensure => present, provider => 'git', source => $repo_url, + revision => $repo_branch, owner => $username, user => $username, notify => Exec['install redmine'],