Switch to etherpad-lite 1.7.0 in production prior to the PTG. This
version brings a couple more security fixes since 1.6.6 and also
fixes the bullet list authorship misattribution bug. See
https://github.com/ether/etherpad-lite/blob/1.7.0/CHANGELOG.md for a
summary of changes. The version of NodeJS we're using now should
meet the minimum requirements (but will need to be updated prior to
the next etherpad-lite release). This version is the one currently
served from etherpad-dev.openstack.org and can be tested there as
desired.
Change-Id: If52d1b1c3dc33da56133ccb5e6adf33ebd3d2428
Etherpad release 1.6.6 restores the pre-1.6.4 font alignment
behavior so line numbers will match their corresponding text content
again. This is the version currently running on etherpad-dev and
exhibits no obvious regressions. Updating now also gives us over a
week to detect any new issues before the service comes under heavy
use at the Summit/Forum/OpenDev event.
Change-Id: Id3a7b4d4dd41f046658b116e4d898def2abc4ba7
Etherpad releases 1.6.4 and 1.6.5 include some security updates as
well as a number of bug fixes over the random post-1.5.0 commit
we've pinned to for a while. Since it appears upstream is now
tagging releases with some regularity we can try pinning to specific
tags again.
Note that the vulnerabilities fixed in 1.6.4+ are either too new or
otherwise non-impacting for the version, configuration and use case
under which we're deploying in production, but this update is good
hygiene anyway.
Change-Id: Idc0e0c3a6d298aad2e41772e249c1a167c88559a
In order to upgrade to current versions of the Etherpad service, we
need newer nodejs than is available on Ubuntu Trusty. Switch to 6.x
which is the current default for the puppet-etherpad_lite module and
is also what we've tested on etherpad-dev.openstack.org. Switching
between Ubuntu and Nodesource package sources does not result in an
immediate package upgrade, so this must be performed manually before
we change the eplite_version parameter to something newer.
Change-Id: Ied9e5bd7ffa16f1832d3e1e26d0886de67f98f72
Migrate backups to new backup01.ord.rax.ci.openstack.org
We decided to start fresh backups on the new server, so this is ready
to go. I have performed an initial backup on each server so it has
accepted the host key of the new server and been tested (I also fixed
up review-dev.o.o, which was rebuilt but keys not updated ... todo:
add this to puppet, but since it changes so infrequently not high
priority).
Change-Id: I0872f9fcf4a334d32f632b3cb04801deefab4fd1
This reduces overall backups by a third saving space on local disk. This
puts a greater reliance on offsite backups but we need those working
anyways.
Change-Id: I0397092646866fad1b828032a362f6814b88f26e
This reverts commit e737a1f5332629ed1f821f0c9c4dc78e6486f7f0.
This didn't actually apply because upstart avoids limits.conf. Remove it
as we fixed this in upstart job directly.
Change-Id: I835c39af1643d42e30d95f0cc9586c4e04001628
Upgrade etherpad to Ubuntu Trusty and switch from node.js compiled
from source to the nodejs/npm distro packages there, and switch to
the current latest "develop" branch tip tested and known working
from the etherpad-dev server.
Change-Id: I5ce02ad5424c3f6cf0dbd1bc067babacf13a3b2f
This bumps the etherpad version to the latest version running on
etherpad-dev. This includes a fix for the invalid sessions on session
updates bug that was noticed during the summit which led to service
restarts (https://github.com/ether/etherpad-lite/issues/2674).
Change-Id: Idd7f4540af4fa581699c8c8e184ecfc8f4a2832c
Due to some implementation details in our vcsrepo puppet module in order
to get the specified revision you must ensure latest on the repo. This
poses a small problem where the repo is reset to that revision each
puppet run, but we can negate that problem by hosting the robots.txt
from apache directly which is where the depends on dependency in this
change comes from.
Note that we also bump the git sha1 to the latest version that has been
tested on etherpad-dev. This catches us up on all of the most recent
etherpad-lite updates.
Change-Id: Ibcfb03cf9ff6f7686e5dbd69905d34009adf9157
Depends-On: Iccccf1ef194060490512e6550c22bdb9d3478ba8
We have tested the latest version of etherpad-lite on etherpad-dev.
Install this specific version on the production server.
Change-Id: Iab5daf249539415254892c5d9d55cead366eb24d
The etherpad class does not have SSL key/cert/chain file params
exposed in the outer signature, thus preventing applying this manifest
for testing with snakeoil cert/keys on site.pp.
Change-Id: Ica682b82e5dc8f8a8048bdb074925b1f970942ab
The general etherpad_lite module should not contain OpenStack as
a hardcoded title. Parameterize it.
Change-Id: I473720d9566233ab4c8d2081c9835b42ddfcb94e
* modules/openstack_project/manifests/etherpad.pp: Add the needed
bup resources to perform offsite backups of the etherpad.o.o host.
Do this now that etherpad.o.o has been migrated.
Change-Id: Icf25549529ef8cfa8a535ab58bbbc7156297ac9f
* manifests/site.pp: Pass new mysql DB variables to
openstack::etherpad*.
* modules/etherpad_lite/manifests/apache.pp: Fix broken /etc/ssl/certs
permissions (0700 -> 0755).
* modules/etherpad_lite/manifests/init.pp: Update default nodejs and
etherpad versions. Remove ep_headings plugin install. New plugin define
should be used for this instead. Stop making the etherpad-lite ref to
checkout optional (defaults to develop). Note these changes are probably
not going to be backward compat.
* modules/etherpad_lite/manifests/plugin.pp: Define to install etherpad
lite plugins.
* modules/etherpad_lite/manifests/site.pp: Simplify DB support and
remove support for the dirty DB type.
* modules/etherpad_lite/templates/etherpad-lite_settings.json.erb: Bring
settings erb up to par with latest template.
* modules/etherpad_lite/templates/etherpadlite.vhost.erb: Update rewrite
rules for new etherpad. Instead of allowing nice pad urls rooted at /
redirect these url to /p/padname. Etherpad does not deal well with a
change in root path as /p/ is hardcoded in many places.
* modules/openstack_project/manifests/etherpad.pp
* modules/openstack_project/manifests/etherpad_dev.pp:
Update to use new etherpad module setup. MySQL DBs are now externally
managed, pass in needed connection info.
* modules/mysql_backup/manifests/backup_remote.pp: New define to backup
remote DB servers.
* modules/mysql_backup/templates/my.cnf.erb: Template for a my.cnf to be
used by the cron in backup_remote.pp. Allows for easy connectivity from
server using MySQL DB as root.
Change-Id: I1250297674b91e81d59cd28c07c52e09967ca548
* .../openstack_project/manifests/etherpad.pp:
Use the new mysql_backup module to backup the etherpad DB. Note that
this change is not sufficient to completely clean out the old logrotate
config and cron for the old etherpad DB backups. This should be merged
in a coordinated manner where the other logrotate configs and cron are
removed by hand.
Change-Id: Ide60ce13a454f72865d697ee736beada76850f32
Now with extra unwrap!
Change-Id: I7c622ffa77821f33f911793fc6b6cdaaba37904a
Reviewed-on: https://review.openstack.org/15052
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Approved: Jeremy Stanley <fungi@yuggoth.org>
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Tested-by: Jenkins
As copied from jenkins. Both old and new names for the
cert contents are in hiera.
Change-Id: Ic6d8258479c260ac37346c49c1ecde8339c96a37
Reviewed-on: https://review.openstack.org/14432
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Approved: James E. Blair <corvus@inaugust.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
Once our gate-ci-puppet-lint job goes live, this will help to get it to
pass.
Change-Id: I2eb363038b8e63e4b17a3f80cc40dc6c6bf90bee
Signed-off-by: Paul Belanger <paul.belanger@polybeacon.com>
Reviewed-on: https://review.openstack.org/13722
Reviewed-by: James E. Blair <corvus@inaugust.com>
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Approved: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
Pass the sysadmins list into each node definition. This allows us to
retrieve the data from hiera rather than hard coding it in the puppet
manifests. Also, update test script to use bogus sysadmin data when
testing.
Change-Id: Ide3560f16bce4d66fb95cc5021fc879476e6a712
Reviewed-on: https://review.openstack.org/12512
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
