summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSteffen Pingel2012-11-24 15:29:25 (EST)
committer Steffen Pingel2012-11-25 15:12:23 (EST)
commita0a8c2a45b5e20512e273dbec52595bb3bb1b1be (patch)
treefb646505904924842e59be005f51432471d74095
parent0b76a185e03d1fbaeff1bc9ff6c2e9f92a2cf77a (diff)
downloadorg.eclipse.mylyn.tasks-a0a8c2a45b5e20512e273dbec52595bb3bb1b1be.zip
org.eclipse.mylyn.tasks-a0a8c2a45b5e20512e273dbec52595bb3bb1b1be.tar.gz
org.eclipse.mylyn.tasks-a0a8c2a45b5e20512e273dbec52595bb3bb1b1be.tar.bz2
394051: ensure that services are running as a non privileged userrefs/changes/45/8845/2
Change-Id: I074bc03ca10667bd729f877e773767f879833754 Task-Url: https://bugs.eclipse.org/bugs/show_bug.cgi?id=394051
-rw-r--r--org.eclipse.mylyn.trac.releng/manifests/default.pp10
-rw-r--r--org.eclipse.mylyn.trac.releng/modules/trac/manifests/defaultsites.pp195
-rw-r--r--org.eclipse.mylyn.trac.releng/modules/trac/manifests/init.pp2
-rw-r--r--org.eclipse.mylyn.trac.releng/modules/trac/manifests/plugin.pp69
-rw-r--r--org.eclipse.mylyn.trac.releng/modules/trac/manifests/service.pp19
-rw-r--r--org.eclipse.mylyn.trac.releng/modules/trac/manifests/site.pp44
-rw-r--r--org.eclipse.mylyn.trac.releng/modules/trac/manifests/trac.pp29
-rw-r--r--org.eclipse.mylyn.trac.releng/modules/trac/templates/service.json.erb15
8 files changed, 237 insertions, 146 deletions
diff --git a/org.eclipse.mylyn.trac.releng/manifests/default.pp b/org.eclipse.mylyn.trac.releng/manifests/default.pp
index a7a45b9..2d7b494 100644
--- a/org.eclipse.mylyn.trac.releng/manifests/default.pp
+++ b/org.eclipse.mylyn.trac.releng/manifests/default.pp
@@ -1,6 +1,14 @@
-Exec { path => [ "/bin/", "/sbin/" , "/usr/bin/", "/usr/sbin/" ] }
+Exec {
+ path => ["/bin/", "/sbin/", "/usr/bin/", "/usr/sbin/"] }
include "trac"
+user { "tools":
+ ensure => present,
+ membership => minimum,
+ shell => "/bin/bash",
+ managehome => true,
+}
+
trac::defaultsites { "trac":
}
diff --git a/org.eclipse.mylyn.trac.releng/modules/trac/manifests/defaultsites.pp b/org.eclipse.mylyn.trac.releng/modules/trac/manifests/defaultsites.pp
index 720b8de..68a17f8 100644
--- a/org.eclipse.mylyn.trac.releng/modules/trac/manifests/defaultsites.pp
+++ b/org.eclipse.mylyn.trac.releng/modules/trac/manifests/defaultsites.pp
@@ -1,97 +1,102 @@
-define trac::defaultsites (
- $base = $trac::base,
-) {
-
-include "trac"
-
-/* Defaults */
-
-Trac::Trac {
- base => $base,
-}
-Trac::Plugin {
- base => $base,
-}
-Trac::Site {
- base => $base,
- version => "1.0",
- require => Trac["1.0"],
-}
-
-/* Instances */
-
-trac::trac { "0.11.7":
-}
-
-trac::trac { "0.12.4":
-}
-
-trac::trac { "1.0":
-}
-
-trac::trac { "trunk":
-}
-
-/* Plugins */
-
-trac::plugin { "accountmanagerplugin-0.11":
- url => "http://trac-hacks.org/svn/accountmanagerplugin/0.11",
- egg => "TracAccountManager",
-}
-
-trac::plugin { "masterticketsplugin-0.11":
- url => "http://trac-hacks.org/svn/masterticketsplugin/0.11",
- egg => "TracMasterTickets",
-}
-
-trac::plugin { "xmlrpcplugin-trunk":
- url => "http://trac-hacks.org/svn/xmlrpcplugin/trunk",
- egg => "TracXMLRPC",
-}
-
-/* Sites */
-
-trac::site { "trac-0.11":
- version => "0.11.7",
- require => Trac["0.11.7"],
-}
-
-trac::site { "trac-0.12":
- version => "0.12.4",
- require => Trac["0.12.4"],
-}
-
-trac::site { "trac-1.0":
- version => "1.0",
- require => Trac["1.0"],
-}
-
-trac::site { "trac-allbasic":
- allbasicauth => true,
- envinfo => "AllBasicAuth",
-}
-
-trac::site { "trac-cert":
- certauth => true,
- envinfo => "CertAuth",
-}
-
-trac::site { "trac-digest":
- digestauth => true,
- envinfo => "DigestAuth",
-}
-
-trac::site { "trac-form-auth":
- accountmanagerplugin => "0.11",
- envinfo => "FormAuth",
-}
-
-trac::site { "trac-trunk":
- version => "trunk",
- require => Trac["trunk"],
-}
-
-trac::site { "trac-test":
-}
+define trac::defaultsites ($base = $trac::base, $userOwner = $trac::userOwner, $userGroup = $trac::userGroup,) {
+ include "trac"
+
+ /* Defaults */
+
+ Trac::Trac {
+ base => $base,
+ userOwner => $userOwner,
+ userGroup => $userGroup,
+ }
+
+ Trac::Plugin {
+ base => $base,
+ userOwner => $userOwner,
+ userGroup => $userGroup,
+ }
+
+ Trac::Site {
+ base => $base,
+ version => "1.0",
+ require => Trac["1.0"],
+ userOwner => $userOwner,
+ userGroup => $userGroup,
+ }
+
+ /* Instances */
+
+ trac::trac { "0.11.7":
+ }
+
+ trac::trac { "0.12.4":
+ }
+
+ trac::trac { "1.0":
+ }
+
+ trac::trac { "trunk":
+ }
+
+ /* Plugins */
+
+ trac::plugin { "accountmanagerplugin-0.11":
+ url => "http://trac-hacks.org/svn/accountmanagerplugin/0.11",
+ egg => "TracAccountManager",
+ }
+
+ trac::plugin { "masterticketsplugin-0.11":
+ url => "http://trac-hacks.org/svn/masterticketsplugin/0.11",
+ egg => "TracMasterTickets",
+ }
+
+ trac::plugin { "xmlrpcplugin-trunk":
+ url => "http://trac-hacks.org/svn/xmlrpcplugin/trunk",
+ egg => "TracXMLRPC",
+ }
+
+ /* Sites */
+
+ trac::site { "trac-0.11":
+ version => "0.11.7",
+ require => Trac["0.11.7"],
+ }
+
+ trac::site { "trac-0.12":
+ version => "0.12.4",
+ require => Trac["0.12.4"],
+ }
+
+ trac::site { "trac-1.0":
+ version => "1.0",
+ require => Trac["1.0"],
+ }
+
+ trac::site { "trac-allbasic":
+ allbasicauth => true,
+ envinfo => "AllBasicAuth",
+ }
+
+ trac::site { "trac-cert":
+ certauth => true,
+ envinfo => "CertAuth",
+ }
+
+ trac::site { "trac-digest":
+ digestauth => true,
+ envinfo => "DigestAuth",
+ }
+
+ trac::site { "trac-form-auth":
+ accountmanagerplugin => "0.11",
+ envinfo => "FormAuth",
+ }
+
+ trac::site { "trac-trunk":
+ version => "trunk",
+ require => Trac["trunk"],
+ }
+
+ trac::site { "trac-test":
+ }
} \ No newline at end of file
diff --git a/org.eclipse.mylyn.trac.releng/modules/trac/manifests/init.pp b/org.eclipse.mylyn.trac.releng/modules/trac/manifests/init.pp
index eb386de..136d179 100644
--- a/org.eclipse.mylyn.trac.releng/modules/trac/manifests/init.pp
+++ b/org.eclipse.mylyn.trac.releng/modules/trac/manifests/init.pp
@@ -1,5 +1,7 @@
class trac {
$base = "/home/tools/trac"
+ $userOwner = "tools"
+ $userGroup = "tools"
/* Common requirements for all Trac instances */
diff --git a/org.eclipse.mylyn.trac.releng/modules/trac/manifests/plugin.pp b/org.eclipse.mylyn.trac.releng/modules/trac/manifests/plugin.pp
index 6b87829..e51e3ed 100644
--- a/org.eclipse.mylyn.trac.releng/modules/trac/manifests/plugin.pp
+++ b/org.eclipse.mylyn.trac.releng/modules/trac/manifests/plugin.pp
@@ -1,37 +1,42 @@
-define trac::plugin(
- $plugin = "$title",
- $egg,
- $url,
- $base = $trac::base,
-) {
- $srcbase = "$base/src/$plugin"
-
- include "trac"
-
- exec { "prepare $plugin":
+define trac::plugin (
+ $plugin = "$title",
+ $egg,
+ $url,
+ $base = $trac::base,
+ $userOwner = $trac::userOwner,
+ $userGroup = $trac::userGroup,) {
+ $srcbase = "$base/src/$plugin"
+
+ include "trac"
+
+ exec { "prepare $plugin":
command => "mkdir -p $srcbase",
creates => "$srcbase",
+ user => "$userOwner",
require => Exec["prepare trac"]
}
-
- exec { "svn checkout $plugin":
- command => "svn checkout $url src",
- cwd => "$srcbase",
- creates => "$srcbase/src",
- require => Exec["prepare $plugin"],
- }
-
- exec { "setup $plugin":
- command => "python setup.py bdist_egg",
- cwd => "$srcbase/src",
- creates => "$srcbase/src/dist",
- require => Exec["svn checkout $plugin"],
- }
-
- exec { "copy egg $plugin":
- command => "cp $srcbase/src/dist/${egg}-*.egg $srcbase/src/dist/$egg.egg",
- creates => "$srcbase/src/dist/$egg.egg",
- require => Exec["setup $plugin"],
- }
-
+
+ exec { "svn checkout $plugin":
+ command => "svn checkout $url src",
+ cwd => "$srcbase",
+ creates => "$srcbase/src",
+ user => "$userOwner",
+ require => Exec["prepare $plugin"],
+ }
+
+ exec { "setup $plugin":
+ command => "python setup.py bdist_egg",
+ cwd => "$srcbase/src",
+ creates => "$srcbase/src/dist",
+ user => "$userOwner",
+ require => Exec["svn checkout $plugin"],
+ }
+
+ exec { "copy egg $plugin":
+ command => "cp $srcbase/src/dist/${egg}-*.egg $srcbase/src/dist/$egg.egg",
+ creates => "$srcbase/src/dist/$egg.egg",
+ user => "$userOwner",
+ require => Exec["setup $plugin"],
+ }
+
} \ No newline at end of file
diff --git a/org.eclipse.mylyn.trac.releng/modules/trac/manifests/service.pp b/org.eclipse.mylyn.trac.releng/modules/trac/manifests/service.pp
new file mode 100644
index 0000000..96b41c1
--- /dev/null
+++ b/org.eclipse.mylyn.trac.releng/modules/trac/manifests/service.pp
@@ -0,0 +1,19 @@
+define trac::service (
+ $envid = "$title",
+ $version,
+ $envtype = "trac",
+ $envinfo = "",
+ $envmode = "XML-RPC",
+ $accessmode = "XML_RPC",
+ $base = $trac::base,
+ $userOwner = $trac::userOwner,
+ $userGroup = $trac::userGroup,) {
+ $envbase = "$base/var/$envid"
+
+ file { "$envbase/service-$title.json":
+ content => template('trac/service.json.erb'),
+ require => File["$envbase"],
+ owner => "$userOwner",
+ group => "$userGroup",
+ }
+}
diff --git a/org.eclipse.mylyn.trac.releng/modules/trac/manifests/site.pp b/org.eclipse.mylyn.trac.releng/modules/trac/manifests/site.pp
index b9d9080..facacc7 100644
--- a/org.eclipse.mylyn.trac.releng/modules/trac/manifests/site.pp
+++ b/org.eclipse.mylyn.trac.releng/modules/trac/manifests/site.pp
@@ -9,8 +9,9 @@ define trac::site (
$digestauth = false,
$base = $trac::base,
$envtype = "trac",
- $envinfo = "",) {
-
+ $envinfo = "",
+ $userOwner = $trac::userOwner,
+ $userGroup = $trac::userGroup,) {
$prefix = "$base/share/trac-$version"
$envbase = "$base/var/$envid"
$env = "$base/var/$envid/env"
@@ -22,17 +23,20 @@ define trac::site (
command => "mkdir -p $base/bin $base/conf.d $base/src $base/var $envbase",
creates => "$envbase",
require => Exec["prepare trac"],
+ user => "$userOwner",
}
file { "$envbase":
ensure => "directory",
owner => "www-data",
+ group => "$userGroup",
require => Exec["prepare $envbase"],
}
file { "$envbase/svn":
ensure => "directory",
owner => "www-data",
+ group => "$userGroup",
require => File["$envbase"],
}
@@ -40,6 +44,7 @@ define trac::site (
command => "svnadmin create $envbase/svn",
require => File["$envbase/svn"],
creates => "$envbase/svn/format",
+ user => "www-data",
}
exec { "initenv $envid":
@@ -80,22 +85,30 @@ define trac::site (
file { "$env/conf/trac.ini":
content => template('trac/trac.ini.erb'),
require => Exec["initenv $envid"],
+ owner => "www-data",
+ group => "$userGroup",
}
file { "$conf/$envid.conf":
content => template('trac/trac.conf.erb'),
require => Exec["prepare $envbase"],
+ owner => "$userOwner",
+ group => "$userGroup",
}
if $digestauth {
file { "$envbase/htpasswd.digest":
content => template('trac/htpasswd.digest.erb'),
require => File["$envbase"],
+ owner => "$userOwner",
+ group => "$userGroup",
}
} else {
file { "$envbase/htpasswd":
content => template('trac/htpasswd.erb'),
require => File["$envbase"],
+ owner => "$userOwner",
+ group => "$userGroup",
}
}
@@ -103,12 +116,16 @@ define trac::site (
content => template('trac/trac.fcgi.erb'),
mode => 755,
require => File["$envbase"],
+ owner => "$userOwner",
+ group => "$userGroup",
}
if $xmlrpcplugin {
file { "$env/plugins/TracXMLRPC.egg":
source => "$base/src/xmlrpcplugin-$xmlrpcplugin/src/dist/TracXMLRPC.egg",
require => Exec["initenv $envid"],
+ owner => "$userOwner",
+ group => "$userGroup",
}
exec { "add xmlrpc permissions $envid":
@@ -125,14 +142,11 @@ define trac::site (
file { "$env/plugins/TracAccountManager.egg":
source => "$base/src/accountmanagerplugin-$accountmanagerplugin/src/dist/TracAccountManager.egg",
require => Exec["initenv $envid"],
+ owner => "$userOwner",
+ group => "$userGroup",
}
}
- file { "$envbase/service.json":
- content => template('trac/service.json.erb'),
- require => File["$envbase"],
- }
-
exec { "add $envbase to /etc/apache2/conf.d/trac.conf":
command => "echo 'Include $base/conf.d/[^.#]*\n' >> /etc/apache2/conf.d/trac.conf",
require => File["$conf/$envid.conf"],
@@ -140,4 +154,20 @@ define trac::site (
onlyif => "grep -qe '^Include $base/conf.d' /etc/apache2/conf.d/trac.conf; test $? != 0"
}
+ trac::service { "${envid}-xml-rpc":
+ envid => "$title",
+ version => "$version",
+ envinfo => "$envinfo",
+ envmode => "XML-RPC",
+ accessmode => "XML_RPC",
+ }
+
+ trac::service { "${envid}-web":
+ envid => "$title",
+ version => "$version",
+ envinfo => "$envinfo",
+ envmode => "Web",
+ accessmode => "TRAC_0_9",
+ }
+
}
diff --git a/org.eclipse.mylyn.trac.releng/modules/trac/manifests/trac.pp b/org.eclipse.mylyn.trac.releng/modules/trac/manifests/trac.pp
index 5637022..bef5b2a 100644
--- a/org.eclipse.mylyn.trac.releng/modules/trac/manifests/trac.pp
+++ b/org.eclipse.mylyn.trac.releng/modules/trac/manifests/trac.pp
@@ -1,6 +1,8 @@
-/* Instance specific provisioning */
-
-define trac::trac ($version = "$title", $base = $trac::base,) {
+define trac::trac ( #
+ $version = "$title",
+ $base = $trac::base,
+ $userOwner = $trac::userOwner,
+ $userGroup = $trac::userGroup,) {
$binbase = "$base/bin"
$srcbase = "$base/src/trac-$version"
$prefix = "$base/share/trac-$version"
@@ -9,13 +11,16 @@ define trac::trac ($version = "$title", $base = $trac::base,) {
exec { "prepare $version":
command => "mkdir -p $binbase $srcbase $prefix",
- creates => [ "$binbase", "$srcbase", "$prefix" ],
- require => Exec["prepare trac"]
+ creates => ["$binbase", "$srcbase", "$prefix"],
+ require => Exec["prepare trac"],
+ user => "$userOwner",
}
file { "$srcbase":
ensure => "directory",
require => Exec["prepare $version"],
+ owner => "$userOwner",
+ group => "$userGroup",
}
if $version == "trunk" {
@@ -24,24 +29,29 @@ define trac::trac ($version = "$title", $base = $trac::base,) {
cwd => "$srcbase",
creates => "$srcbase/Trac-$version",
require => File["$srcbase"],
+ user => "$userOwner",
}
} else {
exec { "download trac $version":
command => "wget -O $srcbase/Trac-$version.tar.gz http://download.edgewall.org/trac/Trac-$version.tar.gz",
creates => "$srcbase/Trac-$version.tar.gz",
require => File["$srcbase"],
+ user => "$userOwner",
}
exec { "extract trac $version":
command => "tar -C $srcbase -xzvf $srcbase/Trac-$version.tar.gz",
require => Exec["download trac $version"],
creates => "$srcbase/Trac-$version",
+ user => "$userOwner",
}
}
file { "$srcbase/install.sh":
source => "puppet:///modules/trac/install.sh",
- mode => '755',
+ mode => 755,
+ owner => "$userOwner",
+ group => "$userGroup",
}
exec { "install $version":
@@ -50,18 +60,23 @@ define trac::trac ($version = "$title", $base = $trac::base,) {
logoutput => false,
require => Exec["extract trac $version"],
creates => "$prefix/lib/.provisioned",
+ user => "$userOwner",
}
file { "$binbase/trac-$version.cgi":
content => template('trac/trac.cgi.erb'),
require => Exec["prepare $version"],
mode => 755,
+ owner => "$userOwner",
+ group => "$userGroup",
}
file { "$binbase/tracadmin-$version":
content => template('trac/tracadmin.erb'),
mode => 755,
- require => Exec["prepare $version"]
+ require => Exec["prepare $version"],
+ owner => "$userOwner",
+ group => "$userGroup",
}
} \ No newline at end of file
diff --git a/org.eclipse.mylyn.trac.releng/modules/trac/templates/service.json.erb b/org.eclipse.mylyn.trac.releng/modules/trac/templates/service.json.erb
index 88c3301..dfff4a5 100644
--- a/org.eclipse.mylyn.trac.releng/modules/trac/templates/service.json.erb
+++ b/org.eclipse.mylyn.trac.releng/modules/trac/templates/service.json.erb
@@ -1,6 +1,13 @@
{
-"type": "<%= envtype %>",
-"url": "/<%= envid %>/",
-"version": "<%= version %>",
-"info": "<%= envinfo %>"
+ "type": "<%= envtype %>",
+ "url": "/<%= envid %>/",
+ "version": "<%= version %>",
+<% if @envinfo == "" %>
+ "info": "<%= envmode %>",
+<% else %>
+ "info": "<%= envinfo %>/<%= envmode %>",
+<% end %>
+ "properties":{
+ "version": "<%= accessmode %>"
+ }
}