├── .fixtures.yml ├── .gitignore ├── .ruby-gemset ├── .ruby-version ├── .travis.yml ├── Gemfile ├── Gemfile.lock ├── LICENSE ├── Makefile ├── README ├── README.md ├── Rakefile ├── api ├── .fixtures.yml ├── Rakefile ├── manifests │ ├── init.pp │ └── install.pp ├── metadata.json ├── spec │ ├── classes │ │ └── api_install_spec.rb │ └── spec_helper.rb └── templates │ ├── tsuru-server.erb │ └── tsuru.conf.erb ├── base ├── .fixtures.yml ├── Rakefile ├── manifests │ ├── centos.pp │ ├── init.pp │ └── ubuntu.pp ├── metadata.json └── spec │ ├── classes │ ├── base_centos_spec.rb │ └── base_ubuntu_spec.rb │ └── spec_helper.rb ├── bs ├── .fixtures.yml ├── README.md ├── Rakefile ├── manifests │ └── init.pp ├── metadata.json └── spec │ ├── classes │ └── bs_spec.rb │ └── spec_helper.rb ├── docker ├── .fixtures.yml ├── Rakefile ├── manifests │ └── init.pp ├── metadata.json ├── spec │ ├── classes │ │ └── docker_spec.rb │ └── spec_helper.rb └── templates │ └── default-docker.erb ├── gandalf ├── .fixtures.yml ├── Rakefile ├── files │ └── pre-receive ├── lib │ └── puppet │ │ └── parser │ │ └── functions │ │ └── mkdir_p.rb ├── manifests │ └── init.pp ├── metadata.json ├── spec │ ├── classes │ │ └── gandalf_spec.rb │ └── spec_helper.rb └── templates │ ├── gandalf-server.conf.erb │ ├── gandalf.conf.erb │ ├── git-profile.erb │ ├── pre-receive-archive.erb │ ├── pre-receive-s3.erb │ └── pre-receive-swift.erb ├── redis_service ├── Rakefile ├── files │ └── sentinel.conf ├── manifests │ ├── init.pp │ └── install.pp ├── metadata.json └── spec │ ├── classes │ └── redis_install_spec.rb │ └── spec_helper.rb ├── registry ├── .fixtures.yml ├── README.md ├── Rakefile ├── lib │ └── puppet │ │ └── parser │ │ └── functions │ │ └── mkdir_p.rb ├── manifests │ └── init.pp ├── metadata.json ├── spec │ ├── classes │ │ └── registry_spec.rb │ └── spec_helper.rb └── templates │ ├── config.yml.erb │ └── docker-registry.conf.erb ├── router ├── .fixtures.yml ├── Rakefile ├── manifests │ ├── init.pp │ └── install.pp ├── metadata.json ├── spec │ ├── classes │ │ └── router_install_spec.rb │ └── spec_helper.rb └── templates │ └── planb_conf.erb ├── rpaas ├── .fixtures.yml ├── Rakefile ├── files │ ├── check_file.sh │ ├── check_nginx_ssl_data.sh │ └── check_ro_fs.sh ├── manifests │ ├── block_file.pp │ ├── init.pp │ ├── install.pp │ └── lua_file.pp ├── metadata.json ├── spec │ ├── classes │ │ └── rpaas_install_spec.rb │ └── spec_helper.rb └── templates │ ├── consul │ ├── admin_ssl.conf.tpl.erb │ ├── agent_config.json.erb │ ├── block.conf.tpl.erb │ ├── check_and_reload_nginx.sh.erb │ ├── consul.conf.erb │ ├── locations.conf.tpl.erb │ ├── lua.conf.tpl.erb │ ├── main_ssl.conf.tpl.erb │ ├── nginx.crt.tpl.erb │ ├── nginx.key.tpl.erb │ ├── nginx_admin.crt.tpl.erb │ ├── nginx_admin.key.tpl.erb │ ├── nginx_service.json.erb │ └── upstreams.conf.tpl.erb │ ├── nginx.conf.erb │ └── sysctl_nginx_tunnings.conf.erb └── spec ├── classes ├── api_install_spec.rb ├── base_ubuntu_spec.rb ├── bs_spec.rb ├── docker_spec.rb ├── gandalf_spec.rb ├── router_install_spec.rb └── rpaas_install_spec.rb ├── functions └── mkdir_p_spec.rb └── spec_helper.rb /.fixtures.yml: -------------------------------------------------------------------------------- 1 | fixtures: 2 | forge_modules: 3 | sudo: 4 | repo: "saz/sudo" 5 | ref: 3.0.6 6 | multitemplate: 7 | repo: "deanwilson/multitemplate" 8 | ref: 1.0.1 9 | apt: 10 | repo: "puppetlabs/apt" 11 | ref: 2.4.0 12 | stdlib: 13 | repo: "puppetlabs/stdlib" 14 | ref: 4.17.1 15 | python: 16 | repo: "stankevich/python" 17 | ref: 1.9.0 18 | symlinks: 19 | "base": "#{source_dir}/base" 20 | "api": "#{source_dir}/api" 21 | "docker": "#{source_dir}/docker" 22 | "gandalf": "#{source_dir}/gandalf" 23 | "registry": "#{source_dir}/registry" 24 | "router": "#{source_dir}/router" 25 | "rpaas": "#{source_dir}/rpaas" 26 | "bs": "#{source_dir}/bs" 27 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | .bundle 3 | pkg/* 4 | spec/fixtures 5 | */pkg/* 6 | */spec/fixtures 7 | local_modules 8 | *.tar.gz 9 | .vagrant 10 | *.zip 11 | -------------------------------------------------------------------------------- /.ruby-gemset: -------------------------------------------------------------------------------- 1 | tsuru-puppet 2 | -------------------------------------------------------------------------------- /.ruby-version: -------------------------------------------------------------------------------- 1 | ruby-2.1 2 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | sudo: false 2 | language: ruby 3 | before_install: 4 | - gem install bundler -v '< 2' 5 | bundler_args: --without development 6 | rvm: 7 | - 2.1 8 | script: bundle exec rake spec SPEC_OPTS='--color --format documentation' 9 | env: 10 | matrix: 11 | - PUPPET_GEM_VERSION="~> 3.5.1" 12 | - PUPPET_GEM_VERSION="~> 3.7.1" 13 | - PUPPET_GEM_VERSION="~> 3.8.6" 14 | -------------------------------------------------------------------------------- /Gemfile: -------------------------------------------------------------------------------- 1 | source 'https://rubygems.org' 2 | 3 | group :development, :test do 4 | gem 'puppetlabs_spec_helper', '~>2.5.1' 5 | gem 'puppet-lint' 6 | gem 'rspec-mocks' 7 | gem 'rspec-puppet' 8 | gem 'rspec' 9 | gem 'webmock' 10 | end 11 | 12 | if puppetversion = ENV['PUPPET_GEM_VERSION'] 13 | gem 'puppet', puppetversion, :require => false 14 | else 15 | gem 'puppet', '3.8.5', :require => false 16 | end 17 | 18 | # vim:ft=ruby 19 | -------------------------------------------------------------------------------- /Gemfile.lock: -------------------------------------------------------------------------------- 1 | GEM 2 | remote: https://rubygems.org/ 3 | specs: 4 | CFPropertyList (2.3.5) 5 | addressable (2.5.2) 6 | public_suffix (>= 2.0.2, < 4.0) 7 | crack (0.4.3) 8 | safe_yaml (~> 1.0.0) 9 | diff-lcs (1.3) 10 | facter (2.5.1) 11 | CFPropertyList (~> 2.2) 12 | hashdiff (0.3.7) 13 | hiera (1.3.4) 14 | json_pure 15 | json_pure (2.1.0) 16 | metaclass (0.0.4) 17 | mocha (1.3.0) 18 | metaclass (~> 0.0.1) 19 | public_suffix (3.0.1) 20 | puppet (3.8.5) 21 | facter (> 1.6, < 3) 22 | hiera (~> 1.0) 23 | json_pure 24 | puppet-lint (2.3.3) 25 | puppet-syntax (2.4.1) 26 | rake 27 | puppetlabs_spec_helper (2.5.1) 28 | mocha (~> 1.0) 29 | puppet-lint (~> 2.0) 30 | puppet-syntax (~> 2.0) 31 | rspec-puppet (~> 2.0) 32 | rake (12.3.0) 33 | rspec (3.7.0) 34 | rspec-core (~> 3.7.0) 35 | rspec-expectations (~> 3.7.0) 36 | rspec-mocks (~> 3.7.0) 37 | rspec-core (3.7.0) 38 | rspec-support (~> 3.7.0) 39 | rspec-expectations (3.7.0) 40 | diff-lcs (>= 1.2.0, < 2.0) 41 | rspec-support (~> 3.7.0) 42 | rspec-mocks (3.7.0) 43 | diff-lcs (>= 1.2.0, < 2.0) 44 | rspec-support (~> 3.7.0) 45 | rspec-puppet (2.6.9) 46 | rspec 47 | rspec-support (3.7.0) 48 | safe_yaml (1.0.4) 49 | webmock (3.1.1) 50 | addressable (>= 2.3.6) 51 | crack (>= 0.3.2) 52 | hashdiff 53 | 54 | PLATFORMS 55 | ruby 56 | 57 | DEPENDENCIES 58 | puppet (= 3.8.5) 59 | puppet-lint 60 | puppetlabs_spec_helper (~> 2.5.1) 61 | rspec 62 | rspec-mocks 63 | rspec-puppet 64 | webmock 65 | 66 | BUNDLED WITH 67 | 1.16.6 68 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2015, Globo.com 2 | All rights reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without 5 | modification, are permitted provided that the following conditions are met: 6 | 7 | * Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | * Redistributions in binary form must reproduce the above copyright notice, 11 | this list of conditions and the following disclaimer in the documentation 12 | and/or other materials provided with the distribution. 13 | 14 | * Neither the name of Globo.com nor the names of its 15 | contributors may be used to endorse or promote products derived from 16 | this software without specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 19 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 22 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 24 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 25 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 26 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 27 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | test: 2 | rake spec 3 | clean: 4 | rm -rf ./**/pkg 5 | 6 | 7 | -------------------------------------------------------------------------------- /README: -------------------------------------------------------------------------------- 1 | tsuru 2 | 3 | This is the tsuru module. 4 | 5 | License 6 | ------- 7 | 8 | 9 | Contact 10 | ------- 11 | 12 | 13 | Support 14 | ------- 15 | 16 | Please log tickets and issues at our [Projects site](http://projects.example.com) 17 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | puppet-tsuru 2 | ============ 3 | [![Build Status](https://travis-ci.org/tsuru/puppet-tsuru.png)](https://travis-ci.org/tsuru/puppet-tsuru) 4 | 5 | Tsuru Examples Puppet Module 6 | -------------------------------------------------------------------------------- /Rakefile: -------------------------------------------------------------------------------- 1 | require 'puppetlabs_spec_helper/rake_tasks' 2 | require 'puppet-lint/tasks/puppet-lint' 3 | require 'rspec/core/rake_task' 4 | 5 | PuppetLint.configuration.send('disable_80chars') 6 | PuppetLint.configuration.send('disable_class_parameter_defaults') 7 | PuppetLint.configuration.send('disable_documentation') 8 | PuppetLint.configuration.ignore_paths = [ 9 | "spec/**/*.pp", 10 | "vendor/**/*.pp", 11 | "**/pkg/**/*.pp", 12 | "**/spec/fixtures/modules/**/**/*.pp" 13 | ] 14 | PuppetLint.configuration.fail_on_warnings = true 15 | 16 | Rake::Task[:spec].enhance [:lint] 17 | -------------------------------------------------------------------------------- /api/.fixtures.yml: -------------------------------------------------------------------------------- 1 | fixtures: 2 | forge_modules: 3 | base: 4 | repo: "tsuru/base" 5 | ref: 0.0.8 6 | sudo: 7 | repo: "saz/sudo" 8 | ref: 3.0.6 9 | multitemplate: 10 | repo: "deanwilson/multitemplate" 11 | ref: 1.0.1 12 | apt: 13 | repo: "puppetlabs/apt" 14 | ref: 1.8.0 15 | stdlib: 16 | repo: "puppetlabs/stdlib" 17 | ref: 4.3.2 18 | python: 19 | repo: "stankevich/python" 20 | ref: 1.9.0 21 | symlinks: 22 | "api": "#{source_dir}" 23 | -------------------------------------------------------------------------------- /api/Rakefile: -------------------------------------------------------------------------------- 1 | require 'puppetlabs_spec_helper/rake_tasks' 2 | require 'puppet-lint/tasks/puppet-lint' 3 | 4 | PuppetLint.configuration.send('disable_80chars') 5 | PuppetLint.configuration.send('disable_class_parameter_defaults') 6 | PuppetLint.configuration.ignore_paths = [ 7 | "spec/**/*.pp", 8 | "vendor/**/*.pp", 9 | "**/pkg/**/*.pp", 10 | ] 11 | 12 | Rake::Task[:spec].enhance [:lint] 13 | -------------------------------------------------------------------------------- /api/manifests/init.pp: -------------------------------------------------------------------------------- 1 | # 2 | # == Class: api 3 | # 4 | # Installs and configures 5 | # 6 | class api { 7 | 8 | $init_file_name = $::operatingsystem ? { 9 | Ubuntu => '/etc/default/tsuru-server', 10 | CentOS => '/etc/init.d/tsuru-server', 11 | default => fail('OS not supported'), 12 | } 13 | 14 | $service_provider = $::operatingsystem ? { 15 | Ubuntu => 'upstart', 16 | CentOS => 'init', 17 | default => fail('OS not supported'), 18 | } 19 | 20 | } 21 | -------------------------------------------------------------------------------- /api/manifests/install.pp: -------------------------------------------------------------------------------- 1 | # 2 | # == Class: api::install 3 | # 4 | # Installs and configures tsuru api 5 | # 6 | # === Parameters 7 | # 8 | # [tsuru_server_version] package tsuru-server to be installed. 9 | # 10 | # === tsuru configuration parameters 11 | # 12 | # See more information in the config docs https://docs.tsuru.io/en/latest/reference/config.html 13 | # 14 | # - HTTP Server 15 | # 16 | # [tsuru_server_listen] defines in which address tsuru webserver will listen 17 | # [tsuru_host] defines tsuru hostname 18 | # [tsuru_use_tls] indicates whether tsuru should use TLS or not 19 | # [tsuru_tls_cert_file] is the path to the X.509 certificate file configured to serve the domain 20 | # [tsuru_tls_key_file] is the path to private key file configured to serve the domain 21 | # [tsuru_tls_listen] is the address webserver will listen over TLS 22 | # [tsuru_tls_autoreload_interval] defines the time frequency which the TLS certificates are reloaded by the webserver 23 | # [tsuru_tls_validate_certificate] indicates whether server should validate the certificate before to offer that 24 | # 25 | # - Database access 26 | # 27 | # [mongodb_url] is the database connection string 28 | # [mongodb_database_name] is the name of the database that tsuru uses 29 | # 30 | # [logdb_url] is the log database connection string 31 | # [logdb_database_name] is the name of the log database that tsuru uses 32 | # 33 | # - Email configuration 34 | # 35 | # [smtp_server] is the SMTP server to connect to 36 | # [smtp_user] is the user to authenticate with the SMTP sever 37 | # [smtp_password] is the password for authentication within the SMTP server 38 | # 39 | # - Git configuration 40 | # [repo_manager] represents the repository manager that tsuru-server should use. Use none to disable git on tsuru 41 | # [git_unit_repo] is the path where tsuru will clone and manage the git repository in all units of an application 42 | # [git_api_server] is the address of the Gandalf API 43 | # [git_rw_host] is the host that will be used to build the push URL 44 | # [git_ro_host] is the host that units will use to clone code from users applications 45 | # 46 | # - Authentication configuration 47 | # 48 | # [auth_token_expire_days] this setting defines the amount of days that the token will be valid 49 | # [auth_hash_cost] this number indicates how many CPU time you’re willing to give to hashing calculation 50 | # [auth_user_registration] this setting indicates whether user registration is enabled. 51 | # [auth_scheme] the authentication scheme to be used 52 | # [oauth_client_id] the client id provided by your OAuth server 53 | # [oauth_client_secret] the client secret provided by your OAuth server 54 | # [oauth_scope] the scope for your authentication request 55 | # [oauth_auth_url] the URL used in the authorization step of the OAuth flow 56 | # [oauth_token_url] the URL used in the exchange token step of the OAuth flow 57 | # [oauth_info_url] the URL used to fetch information about the authenticated user 58 | # [oauth_collection] the database collection used to store valid access tokens 59 | # [oauth_callback_port] the port used in the callback URL during the authorization step 60 | # 61 | # - Queue configuration 62 | # 63 | # [tsuru_queue] is the name of the queue implementation that tsuru will use 64 | # [redis_host] is the host of the Redis server to be used for the working queue 65 | # [redis_port] is the port of the Redis server to be used for the working queue 66 | # [redis_password] is the password of the Redis server to be used for the working queue 67 | # [redis_db] is the database number of the Redis server to be used for the working queue 68 | # 69 | # - Admin users 70 | # 71 | # [tsuru_admin_team] is the name of the administration team for the current tsuru installation 72 | # 73 | # - Quota management 74 | # 75 | # [tsuru_apps_per_user] is the default value for apps per-user quota 76 | # [tsuru_units_per_app] is the default value for units per-app quota 77 | # 78 | # - Router configuration 79 | # 80 | # [routers] hash params for desired router. Format: 81 | # { 'router_name' => { 'type' => , params }} 82 | # [planb_redis_server or hipache_redis_server] redis server used by Hipache/PlanB router 83 | # [planb_domain or hipache_domain] the domain of the server running your Hipache/PlanB server 84 | # [galeb_api_url] the url for the Galeb manager api. 85 | # [galeb_username] Galeb manager username 86 | # [galeb_password] Galeb manager password 87 | # [galeb_domain] domain of the server running your Galeb server 88 | # [galeb_environment] Galeb manager environment used to create virtual hosts and backend pools. 89 | # [galeb_farm_type] Galeb manager farm type used to create virtual hosts and backend pools. 90 | # [galeb_plan] Galeb manager plan used to create virtual hosts and backend pools. 91 | # [galeb_project] Galeb manager project used to create virtual hosts, backend pools and pools. 92 | # [galeb_load_balance_policy] Galeb manager load balancing policy used to create backend pools. 93 | # [galeb_rule_type] Galeb manager rule type used to create rules. 94 | # [galeb_max_requests] Galeb manager maximum number of parallel requests. 95 | # [vulcand_api_url] Vulcand API URL 96 | # [vulcand_domain] Vulcand Domain 97 | # 98 | # - Provisioner configuration 99 | # 100 | # [tsuru_provisioner] is the string the name of the provisioner that will be used by tsuru 101 | # [docker_collection] database collection name used to store containers information 102 | # [docker_repository_namespace] docker repository namespace to be used for application and platform images 103 | # [docker_router] router to be used to distribute requests to units 104 | # [docker_deploy_cmd] the command that will be called in your platform when a new deploy happens 105 | # [docker_segregate] enable segregate scheduler 106 | # [docker_registry] for tsuru to work with multiple docker nodes, you will need a docker-registry 107 | # [docker_registry_auth_username] username for authenticated docker registry 108 | # [docker_registry_auth_password] password for authenticated docker registry 109 | # [docker_max_layers] number of layers, interval between deployments to use the platform image 110 | # [docker_port_allocator] port allocator to use when running containers 111 | # [docker_cluster_mongo_url] connection URL to the mongodb server used to store information about the docker cluster 112 | # [docker_mongo_database] database name to be used to store information about the docker cluster 113 | # [docker_run_cmd_bin] the command that will be called on the application image to start the application 114 | # [docker_run_cmd_port] the tcp port that will be exported by the container to the node network 115 | # [docker_user] the user which runs processes on containers 116 | # [docker_healing_heal_nodes] boolean value that indicates whether tsuru should try to heal nodes that have failed a 117 | # specified number of times 118 | # [docker_healing_active_monitoring_interval] number of seconds between calls to /_ping in each one of the docker nodes 119 | # [docker_healing_disabled_time] number of seconds tsuru disables a node after a failure 120 | # [docker_healing_max_failures] number of consecutive failures a node should have before triggering a healing operation 121 | # [docker_healing_wait_new_time] number of seconds tsuru should wait for the creation of a new node during the healing process 122 | # [docker_healing_heal_containers_timeout] number of seconds a container should be unresponsive before triggering the recreation of 123 | # the container 124 | # [docker_healing_events_collection] collection name in mongodb used to store information about triggered healing events 125 | # [docker_healthcheck_max_time] maximum time in seconds to wait for deployment time health check to be successful 126 | # [docker_image_history_size] number of images available for rollback using tsuru app-deploy-rollback 127 | # [docker_security_opts] list of security options that will be passed to containers 128 | # [docker_nodecontainer_max_workers] number of concurrent workers creating node containers 129 | # [docker_max_workers] number of concurrent workers creating containers for a single deploy 130 | # 131 | # - IaaS configuration 132 | # 133 | # [tsuru_iaas_default] define the default IaaS to tsuru use to create/list/delete your nodes (default to ec2) 134 | # [iaas_node_protocol] protocol to create node URL 135 | # [iaas_node_port] port to create node URL 136 | # [cloudstack_apikey] api-key to authenticate on IaaS 137 | # [cloudstack_secretkey] secret-key to authenticate on IaaS 138 | # [cloudstack_api_url] endpoint API to use the IaaS 139 | # [cloudstack_collection] collection to handle machine data on database. 140 | # [cloudstack_wait_timeout] seconds to wait for machine to become up (defaults to 300s) 141 | # [ec2_key_id] AWS key id 142 | # [ec2_secret_key] AWS secret key 143 | # [ec2_wait_timeout] seconds to wait for machine to become up (defaults to 300s) 144 | # [ec2_user_data] custom url for ec2 userdata (defaults to script on tsuru now installation) 145 | # [custom_iaas] hash params to custom iaas with custom name as key. Format: 146 | # { custom_iaas_id => { provider => , }} 147 | # - Kubernetes configuration 148 | # 149 | # [kubernetes_use_pool_namespaces] use a different Kubernetes namespace per pool 150 | # 151 | # - Debug configuration 152 | # 153 | # [tsuru_debug] 154 | # 155 | class api::install ( 156 | 157 | $tsuru_server_version = 'latest', 158 | 159 | $tsuru_server_listen = '0.0.0.0:8080', 160 | $tsuru_host = 'http://0.0.0.0:8080', 161 | $tsuru_use_tls = undef, 162 | $tsuru_tls_cert_file = undef, 163 | $tsuru_tls_key_file = undef, 164 | $tsuru_tls_listen = undef, 165 | $tsuru_tls_autoreload_interval = undef, 166 | $tsuru_tls_validate_certificate = undef, 167 | $disable_index_page = false, 168 | $index_page_template = undef, 169 | 170 | 171 | $mongodb_url = 'localhost:27017', 172 | $mongodb_database_name = 'tsuru', 173 | $mongodb_database_password = undef, 174 | 175 | $logdb_url = 'localhost:27017', 176 | $logdb_database_name = 'tsuru', 177 | $logdb_database_password = undef, 178 | 179 | $smtp_server = undef, 180 | $smtp_user = undef, 181 | $smtp_password = undef, 182 | 183 | $repo_manager = 'none', 184 | $git_api_server = undef, 185 | 186 | $auth_scheme = 'native', 187 | $auth_token_expire_days = undef, 188 | $auth_hash_cost = undef, 189 | $auth_max_simultaneous_sessions = undef, 190 | $auth_user_registration = true, 191 | $oauth_client_id = undef, 192 | $oauth_client_secret = undef, 193 | $oauth_scope = undef, 194 | $oauth_auth_url = undef, 195 | $oauth_token_url = undef, 196 | $oauth_info_url = undef, 197 | $oauth_collection = undef, 198 | $oauth_callback_port = undef, 199 | 200 | $queue_mongo_url = 'localhost:27017', 201 | $queue_mongo_database = 'tsuru', 202 | $redis_host = 'localhost', 203 | $redis_port = 6379, 204 | $redis_sentinel_hosts = undef, 205 | $redis_sentinel_master = undef, 206 | $redis_max_idle_conn = 20, 207 | $redis_password = undef, 208 | $redis_db = undef, 209 | 210 | $tsuru_admin_team = 'admin', 211 | 212 | $tsuru_apps_per_user = undef, 213 | $tsuru_units_per_app = undef, 214 | 215 | $routers = { 'my_planb' => { 'router_type' => 'planb', 'planb_domain' => 'cloud.tsuru.io', 216 | 'planb_redis_server' => 'localhost:6379' }}, 217 | 218 | $tsuru_provisioner = 'docker', 219 | $docker_segregate = false, 220 | $docker_registry = undef, 221 | $docker_registry_auth_username = undef, 222 | $docker_registry_auth_password = undef, 223 | $docker_max_layers = undef, 224 | $docker_port_allocator = undef, 225 | $docker_bs_image = 'tsuru/bs', 226 | $docker_bs_reporter_interval = 10, 227 | $docker_bs_socket = '/var/run/docker.sock', 228 | $docker_router = 'my_planb', 229 | $docker_collection = 'docker', 230 | $docker_repository_namespace = 'tsuru', 231 | $docker_deploy_cmd = '/var/lib/tsuru/deploy', 232 | $docker_cluster_mongo_url = 'localhost:27017', 233 | $docker_cluster_mongodb_db = 'tsuru', 234 | $docker_run_cmd_bin = '/var/lib/tsuru/start', 235 | $docker_run_cmd_port = '8888', 236 | $docker_user = 'tsuru', 237 | $docker_uid = undef, 238 | $docker_healing_heal_nodes = undef, 239 | $docker_healing_active_monitoring_interval = undef, 240 | $docker_healing_disabled_time = undef, 241 | $docker_healing_max_failures = undef, 242 | $docker_healing_wait_new_time = undef, 243 | $docker_healing_heal_containers_timeout = undef, 244 | $docker_healing_events_collection = undef, 245 | $docker_healthcheck_max_time = undef, 246 | $docker_image_history_size = 10, 247 | $docker_security_opts = [], 248 | $docker_scheduler_total_memory_metadata = undef, 249 | $docker_scheduler_max_used_memory = undef, 250 | $docker_use_auto_scale = false, 251 | $docker_auto_scale_enabled = false, 252 | $docker_auto_scale_run_interval = 3600, 253 | $docker_nodecontainer_max_workers = undef, 254 | $docker_max_workers = undef, 255 | 256 | $kubernetes_deploy_sidecar_image = undef, 257 | $kubernetes_deploy_inspect_image = undef, 258 | $kubernetes_use_pool_namespaces = undef, 259 | $volume_plans = {}, 260 | 261 | $tsuru_iaas_default = undef, 262 | $ec2_key_id = undef, 263 | $ec2_secret_key = undef, 264 | $ec2_user_data = undef, 265 | $ec2_wait_timeout = 300, 266 | $cloudstack_apikey = undef, 267 | $cloudstack_secretkey = undef, 268 | $cloudstack_api_url = undef, 269 | $cloudstack_user_data = undef, 270 | $cloudstack_wait_timeout = 300, 271 | $iaas_node_protocol = undef, 272 | $iaas_node_port = undef, 273 | $custom_iaas = {}, 274 | 275 | $event_throttling_enable = undef, 276 | $event_throttling_configs = undef, 277 | 278 | $tsuru_debug = false, 279 | $log_file = undef, 280 | $log_disable_syslog = false, 281 | $log_syslog_tag = 'tsurud', 282 | $log_use_stderr = false, 283 | $log_queue_size = 10000, 284 | $log_app_rate_limit = 0, 285 | $log_global_rate_limit = 0, 286 | $log_unsafe_write = false, 287 | $log_app_service = 'memory', 288 | $log_app_memory_buffer_bytes = 524288, 289 | 290 | ) inherits api { 291 | 292 | require base 293 | 294 | if ( !is_hash($custom_iaas) ){ 295 | fail('$custom_iaas must be hash formated iaas with custom name as key') 296 | } 297 | 298 | if ( ($tsuru_iaas_default == 'ec2' and !$ec2_key_id) or ($tsuru_iaas_default == 'cloudstack' and !$cloudstack_apikey) ){ 299 | fail("\$tsuru_iaas_default set to ${tsuru_iaas_default} but iaas conf not set") 300 | } 301 | 302 | if ( !empty($custom_iaas) or $ec2_key_id or $cloudstack_apikey ){ 303 | $iaas_enable = true 304 | } else { 305 | $iaas_enable = false 306 | } 307 | 308 | if ( $docker_scheduler_total_memory_metadata and $docker_scheduler_max_used_memory ) { 309 | if ( $docker_scheduler_max_used_memory < 0 ) { 310 | fail('\$docker_scheduler_max_used_memory must be a value greater than 0') 311 | } 312 | $docker_scheduler_memory = true 313 | } 314 | package { 'tsuru-server' : 315 | ensure => $tsuru_server_version 316 | } 317 | 318 | file { '/etc/tsuru/tsuru.conf' : 319 | content => template('api/tsuru.conf.erb'), 320 | owner => 'root', 321 | group => 'root', 322 | mode => '0644', 323 | require => Package['tsuru-server'] 324 | } 325 | 326 | file { $api::init_file_name: 327 | content => template('api/tsuru-server.erb'), 328 | owner => 'root', 329 | group => 'root', 330 | mode => '0644', 331 | require => Package['tsuru-server'] 332 | } 333 | 334 | if (versioncmp($tsuru_server_version, '1.4.0') >=0 or $tsuru_server_version == latest) { 335 | $tsuru_service = 'tsurud' 336 | } else { 337 | $tsuru_service = 'tsuru-server-api' 338 | } 339 | 340 | # Services 341 | service { $tsuru_service : 342 | ensure => running, 343 | enable => true, 344 | provider => $api::service_provider, 345 | subscribe => [ File['/etc/tsuru/tsuru.conf'], File[$api::init_file_name], Package['tsuru-server'] ], 346 | require => Package['tsuru-server'] 347 | } 348 | 349 | } 350 | -------------------------------------------------------------------------------- /api/metadata.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "tsuru-api", 3 | "version": "0.2.6", 4 | "author": "Tsuru", 5 | "license": "BSD-style license that can be found in the LICENSE file", 6 | "summary": "Puppet module to Tsuru PaaS API", 7 | "source": "https://github.com/tsuru/puppet-tsuru", 8 | "project_page": "(https://github.com/tsuru/puppet-tsuru)", 9 | "issues_url": "https://github.com/tsuru/puppet-tsuru/issues", 10 | "tags": [ 11 | "PaaS", 12 | "tsuru", 13 | "tsuru-api" 14 | ], 15 | "operatingsystem_support": [ 16 | { 17 | "operatingsystem": "RedHat", 18 | "operatingsystemrelease": [ 19 | "6.5", 20 | "7.0" 21 | ] 22 | }, 23 | { 24 | "operatingsystem": "Ubuntu", 25 | "operatingsystemrelease": [ 26 | "14.04" 27 | ] 28 | } 29 | ], 30 | "dependencies": [ 31 | { 32 | "name": "puppetlabs/stdlib", 33 | "version_requirement": ">= 2.5.0" 34 | }, 35 | { 36 | "name": "tsuru/base", 37 | "version_requirement": ">= 0.0.8" 38 | } 39 | ] 40 | } -------------------------------------------------------------------------------- /api/spec/spec_helper.rb: -------------------------------------------------------------------------------- 1 | dir = File.expand_path(File.dirname(__FILE__)) 2 | $LOAD_PATH.unshift File.join(dir, 'lib') 3 | 4 | require 'puppetlabs_spec_helper/module_spec_helper' 5 | require 'mocha' 6 | 7 | fixture_path = File.expand_path(File.join(__FILE__, '..', 'fixtures')) 8 | RSpec.configure do |c| 9 | c.mock_with :mocha 10 | c.module_path = File.join(fixture_path, 'modules') 11 | c.manifest_dir = File.join(fixture_path, 'manifests') 12 | end 13 | 14 | at_exit { RSpec::Puppet::Coverage.report! } 15 | 16 | # We need this because the RAL uses 'should' as a method. This 17 | # allows us the same behaviour but with a different method name. 18 | class Object 19 | alias :must :should 20 | end 21 | -------------------------------------------------------------------------------- /api/templates/tsuru-server.erb: -------------------------------------------------------------------------------- 1 | TSR_API_ENABLED=yes -------------------------------------------------------------------------------- /api/templates/tsuru.conf.erb: -------------------------------------------------------------------------------- 1 | # - HTTP Server 2 | # http://docs.tsuru.io/en/stable/reference/config.html#tsuru-configuration 3 | listen: "<%= @tsuru_server_listen %>" 4 | host: "<%= @tsuru_host %>" 5 | <%- if @tsuru_use_tls %> 6 | use-tls: <%= @tsuru_use_tls %> 7 | tls: 8 | cert-file: <%= @tsuru_tls_cert_file %> 9 | key-file: <%= @tsuru_tls_key_file %> 10 | listen: <%= @tsuru_tls_listen %> 11 | <%- if @tsuru_tls_autoreload_interval -%> 12 | auto-reload: 13 | interval: <%= @tsuru_tls_autoreload_interval %> 14 | <%- end -%> 15 | <%- if @tsuru_tls_validate_certificate -%> 16 | validate-certificate: <%= @tsuru_tls_validate_certificate %> 17 | <%- end -%> 18 | <%- end %> 19 | 20 | # - Index API page 21 | # http://docs.tsuru.io/en/stable/reference/config.html#index-page-template 22 | disable-index-page: <%= @disable_index_page %> 23 | <%= @index_page_template ? "index-page-template: #{@index_page_template}" : '' %> 24 | 25 | # - Database access 26 | # http://docs.tsuru.io/en/stable/reference/config.html#database-access 27 | database: 28 | url: <%= @mongodb_url %> 29 | name: <%= @mongodb_database_name %> 30 | logdb-url: <%= @logdb_url %> 31 | logdb-name: <%= @logdb_database_name %> 32 | 33 | <%- if @smtp_server %> 34 | # - Email configuration 35 | # http://docs.tsuru.io/en/stable/reference/config.html#email-configuration 36 | smtp: 37 | server: <%= @smtp_server %> 38 | user: <%= @smtp_user %> 39 | <%= @smtp_password ? "password: #{@smtp_password}" : '' %> 40 | <%- end %> 41 | 42 | # - Repository management configuration 43 | # http://docs.tsuru.io/en/stable/reference/config.html#repository-configuration 44 | repo-manager: <%= @repo_manager %> 45 | <%- if @git_api_server %> 46 | git: 47 | api-server: <%= @git_api_server %> 48 | <%- end %> 49 | 50 | # - Authentication configuration 51 | # http://docs.tsuru.io/en/stable/reference/config.html#authentication-configuration 52 | auth: 53 | scheme: <%= @auth_scheme %> 54 | user-registration: <%= @auth_user_registration %> 55 | <%= @auth_max_simultaneous_sessions ? "max-simultaneous-sessions: #{@auth_max_simultaneous_sessions}" : '' %> 56 | <%- case @auth_scheme -%> 57 | <%- when 'native' -%> 58 | token-expire-days: <%= @auth_token_expire_days %> 59 | hash-cost: <%= @auth_hash_cost %> 60 | <%- when 'oauth' -%> 61 | oauth: 62 | client-id: <%= @oauth_client_id %> 63 | client-secret: <%= @oauth_client_secret %> 64 | scope: <%= @oauth_scope %> 65 | auth-url: <%= @oauth_auth_url %> 66 | token-url: <%= @oauth_token_url %> 67 | info-url: <%= @oauth_info_url %> 68 | collection: <%= @oauth_collection %> 69 | callback-port: <%= @oauth_callback_port %> 70 | <%- else -%> 71 | <%- raise Puppet::Error, "Auth scheme unknown. Valid types are: native or oauth" -%> 72 | <%- end %> 73 | 74 | # Queue configuration 75 | # http://docs.tsuru.io/en/stable/reference/config.html#config-queue 76 | queue: 77 | mongo-url: <%= @queue_mongo_url %> 78 | mongo-database: <%= @queue_mongo_database %> 79 | 80 | pubsub: 81 | <%- if @redis_sentinel_hosts -%> 82 | redis-sentinel-addrs: <%= @redis_sentinel_hosts %> 83 | redis-sentinel-master: <%= @redis_sentinel_master %> 84 | <%- else -%> 85 | redis-host: <%= @redis_host %> 86 | <%- end -%> 87 | <%= @redis_password ? " redis-password: #{@redis_password}" : '' %> 88 | redis-port: <%= @redis_port %> 89 | pool-max-idle-conn: <%= @redis_max_idle_conn %> 90 | <%= @redis_db ? " redis-db: #{@redis_db}" : '' %> 91 | 92 | # - Admin users 93 | # http://docs.tsuru.io/en/stable/reference/config.html#admin-users 94 | admin-team: <%= @tsuru_admin_team %> 95 | 96 | <%- if @tsuru_apps_per_user %> 97 | # - Quota management 98 | # http://docs.tsuru.io/en/stable/reference/config.html#quota-management 99 | quota: 100 | apps-per-user: <%= @tsuru_apps_per_user %> 101 | units-per-app: <%= @tsuru_units_per_app %> 102 | <%- end %> 103 | 104 | # - Router configuration 105 | # http://docs.tsuru.io/en/stable/reference/config.html#config-routers 106 | routers: 107 | <%- @routers.keys.sort.each do |router| -%> 108 | <%= router %>: 109 | <%- case routers[router]['router_type'] -%> 110 | <%- when /(hipache|planb)/ -%> 111 | type: <%= $1 %> 112 | domain: <%= routers[router]["#{$1}_domain"] %> 113 | <%- if routers[router]["#{$1}_redis_server"] -%> 114 | redis-server: <%= routers[router]["#{$1}_redis_server"] %> 115 | <%- else -%> 116 | redis-sentinel-addrs: <%= routers[router]["#{$1}_redis_sentinel_addrs"] %> 117 | redis-sentinel-master: <%= routers[router]["#{$1}_redis_sentinel_master"] %> 118 | <%= @routers[router]["#{$1}_redis_password"] ? " redis-password: #{@routers[router][$1 + '_redis_password']}" : '' %> 119 | <%- end -%> 120 | <%- when 'vulcand' -%> 121 | type: vulcand 122 | api-url: <%= routers[router]['vulcand_api_url'] %> 123 | domain: <%= routers[router]['vulcand_domain'] %> 124 | <%- when /galeb.*/ -%> 125 | type: <%= routers[router]['router_type'] %> 126 | api-url: <%= routers[router]['galeb_api_url'] %> 127 | username: <%= routers[router]['galeb_username'] %> 128 | password: <%= routers[router]['galeb_password'] %> 129 | domain: <%= routers[router]['galeb_domain'] %> 130 | environment: <%= routers[router]['galeb_environment'] %> 131 | project: <%= routers[router]['galeb_project'] %> 132 | balance-policy: <%= routers[router]['galeb_balance_policy'] %> 133 | rule-type: <%= routers[router]['galeb_rule_type'] %> 134 | max-requests: <%= routers[router]['galeb_max_requests'] || 0 %> 135 | <%= @routers[router]['galeb_debug'] ? "debug: #{routers[router]['galeb_debug']}" : "debug: false" %> 136 | <%= @routers[router]['galeb_use_token'] ? "use-token: #{routers[router]['galeb_use_token']}" : "use-token: false" %> 137 | <%- when 'api' -%> 138 | type: api 139 | api-url: <%= routers[router]['api_url'] %> 140 | <% if @routers[router]['api_headers'] -%> 141 | headers: 142 | <%- routers[router]['api_headers'].each do |header| -%> 143 | <%= header %> 144 | <%- end -%> 145 | <% end -%> 146 | <%= @routers[router]['api_debug'] ? "debug: #{routers[router]['api_debug']}" : "debug: false" %> 147 | <%- else -%> 148 | <%- raise Puppet::Error, "Router type unknown. Valid types are: hipache, planb, vulcand, galeb or api" -%> 149 | <%- end -%> 150 | <%- end -%> 151 | 152 | # - Provisioner configuration 153 | # http://docs.tsuru.io/en/stable/reference/config.html#provisioner 154 | provisioner: <%= @tsuru_provisioner %> 155 | docker: 156 | bs: 157 | image: <%= @docker_bs_image %> 158 | reporter-interval: <%= @docker_bs_reporter_interval %> 159 | socket: <%= @docker_bs_socket %> 160 | segregate: <%= @docker_segregate %> 161 | <%= @docker_registry ? "registry: #{@docker_registry}" : '' %> 162 | <%- if @docker_registry_auth_username || @docker_registry_auth_password -%> 163 | registry-auth: 164 | <%= @docker_registry_auth_username ? "username: #{@docker_registry_auth_username}" : "" %> 165 | <%= @docker_registry_auth_password ? "password: #{@docker_registry_auth_password}" : "" %> 166 | <%- end -%> 167 | <%= @docker_max_layers ? "max-layers: #{@docker_max_layers}" : '' %> 168 | <%= @docker_port_allocator ? "port-allocator: #{@docker_port_allocator}" : '' %> 169 | collection: <%= @docker_collection %> 170 | repository-namespace: <%= @docker_repository_namespace %> 171 | router: <%= @docker_router %> 172 | deploy-cmd: <%= @docker_deploy_cmd %> 173 | image-history-size: <%= @docker_image_history_size %> 174 | cluster: 175 | mongo-url: <%= @docker_cluster_mongo_url %> 176 | mongo-database: <%= @docker_cluster_mongodb_db %> 177 | run-cmd: 178 | bin: <%= @docker_run_cmd_bin %> 179 | port: <%= @docker_run_cmd_port %> 180 | user: <%= @docker_user ? @docker_user : "" %> 181 | uid: <%= @docker_uid ? @docker_uid : -1 %> 182 | <%- if @docker_healing_heal_nodes -%> 183 | healing: 184 | heal-nodes: <%= @docker_healing_heal_nodes %> 185 | active-monitoring-interval: <%= @docker_healing_active_monitoring_interval %> 186 | disabled-time: <%= @docker_healing_disabled_time %> 187 | max-failures: <%= @docker_healing_max_failures %> 188 | wait-new-time: <%= @docker_healing_wait_new_time %> 189 | heal-containers-timeout: <%= @docker_healing_heal_containers_timeout %> 190 | events-collection : <%= @docker_healing_events_collection %> 191 | max-time: <%= @docker_healthcheck_max_time %> 192 | <%- end -%> 193 | <%- if @docker_security_opts.length > 0 -%> 194 | security-opts: 195 | <%- docker_security_opts.each do |security_opt_item| -%> 196 | - <%= security_opt_item %> 197 | <%- end -%> 198 | <%- end -%> 199 | <%- if @docker_scheduler_memory -%> 200 | scheduler: 201 | total-memory-metadata: <%= @docker_scheduler_total_memory_metadata %> 202 | max-used-memory: <%= @docker_scheduler_max_used_memory %> 203 | <%- end -%> 204 | <%- if @docker_use_auto_scale -%> 205 | auto-scale: 206 | enabled: <%= @docker_auto_scale_enabled %> 207 | <%- if @docker_auto_scale_run_interval -%> 208 | run-interval: <%= @docker_auto_scale_run_interval %> 209 | <%- end -%> 210 | <%- end -%> 211 | <%- if @docker_nodecontainer_max_workers -%> 212 | nodecontainer: 213 | max-workers: <%= @docker_nodecontainer_max_workers %> 214 | <%- end -%> 215 | <%- if @docker_max_workers -%> 216 | max-workers: <%= @docker_max_workers %> 217 | <%- end -%> 218 | 219 | kubernetes: 220 | <%- if @kubernetes_deploy_sidecar_image -%> 221 | deploy-sidecar-image: <%= @kubernetes_deploy_sidecar_image %> 222 | <%- end -%> 223 | <%- if @kubernetes_deploy_inspect_image -%> 224 | deploy-inspect-image: <%= @kubernetes_deploy_inspect_image %> 225 | <%- end -%> 226 | <%- if @kubernetes_use_pool_namespaces -%> 227 | use-pool-namespaces: <%= @kubernetes_use_pool_namespaces %> 228 | <%- end -%> 229 | 230 | volume-plans: 231 | <%- @volume_plans.keys.sort.each do |plan| -%> 232 | <%= plan %>: 233 | <%- if @volume_plans[plan]['kubernetes'] -%> 234 | kubernetes: 235 | <%- @volume_plans[plan]['kubernetes'].keys.sort.each do |opt| -%> 236 | <%= opt %>: <%= volume_plans[plan]['kubernetes'][opt] %> 237 | <%- end -%> 238 | <%- end -%> 239 | <%- if @volume_plans[plan]['swarm'] -%> 240 | swarm: 241 | <%- @volume_plans[plan]['swarm'].keys.sort.each do |opt| -%> 242 | <%= opt %>: <%= volume_plans[plan]['swarm'][opt] %> 243 | <%- end -%> 244 | <%- end -%> 245 | <%- end -%> 246 | 247 | # - Iaas configuration 248 | # http://docs.tsuru.io/en/stable/reference/config.html#iaas-configuration 249 | <%- if @iaas_enable -%> 250 | iaas: 251 | <%= @tsuru_iaas_default ? "default: #{tsuru_iaas_default}\n" : "default: ec2\n" -%> 252 | <%- if @cloudstack_apikey -%> 253 | cloudstack: 254 | api-key: <%= @cloudstack_apikey %> 255 | secret-key: <%= @cloudstack_secretkey %> 256 | url: <%= @cloudstack_api_url %> 257 | user-data: <%= @cloudstack_user_data %> 258 | wait-timeout: <%= @cloudstack_wait_timeout %> 259 | <%- end -%> 260 | <%- if @ec2_key_id -%> 261 | ec2: 262 | key-id: <%= @ec2_key_id %> 263 | secret-key: <%= @ec2_secret_key %> 264 | user-data: <%= @ec2_user_data %> 265 | wait-timeout: <%= @ec2_wait_timeout %> 266 | <%- end -%> 267 | <%= @custom_iaas.empty? ? nil : ' custom:' %> 268 | <%- @custom_iaas.keys.sort.each do |custom_key| -%> 269 | <%= custom_key %>: 270 | provider: <%= custom_iaas[custom_key]['provider'] %> 271 | <%- case custom_iaas[custom_key]['provider'] -%> 272 | <%- when 'cloudstack' -%> 273 | url: <%= custom_iaas[custom_key]['cloudstack_api_url'] %> 274 | api-key: "<%= custom_iaas[custom_key]['cloudstack_apikey'] %>" 275 | secret-key: "<%= custom_iaas[custom_key]['cloudstack_secretkey'] %>" 276 | user-data: <%= custom_iaas[custom_key]['cloudstack_user_data'] %> 277 | wait-timeout: <%= custom_iaas[custom_key]['cloudstack_wait_timeout'] ? custom_iaas[custom_key]['cloudstack_wait_timeout'] : 300 %> 278 | <%- when 'ec2' -%> 279 | key-id: "<%= custom_iaas[custom_key]['ec2_key_id'] %>" 280 | secret-key: "<%= custom_iaas[custom_key]['ec2_secret_key'] %>" 281 | user-data: <%= custom_iaas[custom_key]['ec2_user_data'] %> 282 | wait-timeout: <%= custom_iaas[custom_key]['ec2_wait_timeout'] ? custom_iaas[custom_key]['ec2_wait_timeout'] : 300 %> 283 | <%- when 'dockermachine' -%> 284 | user-data: <%= custom_iaas[custom_key]['dockermachine_user_data'] %> 285 | debug: <%= custom_iaas[custom_key]['dockermachine_debug'] ? custom_iaas[custom_key]['dockermachine_debug'] : 'false' %> 286 | <%- if @custom_iaas[custom_key]['docker_flags'] -%> 287 | docker-flags: <%= custom_iaas[custom_key]['docker_flags'] %> 288 | <%- end -%> 289 | <%- if @custom_iaas[custom_key]['docker_install_url'] -%> 290 | docker-install-url: <%= custom_iaas[custom_key]['docker_install_url'] %> 291 | <%- end -%> 292 | <%- if @custom_iaas[custom_key]['docker_storage_driver'] -%> 293 | docker-storage-driver: <%= custom_iaas[custom_key]['docker_storage_driver'] %> 294 | <%- end -%> 295 | <%- if @custom_iaas[custom_key]['insecure_registry'] -%> 296 | insecure-registry: <%= custom_iaas[custom_key]['insecure_registry'] %> 297 | <%- end -%> 298 | driver: 299 | name: <%= custom_iaas[custom_key]['dockermachine_driver'] %> 300 | user-data-file-param: <%= custom_iaas[custom_key]['dockermachine_user_data_param'] %> 301 | options: 302 | <%- @custom_iaas[custom_key]['driver'].keys.each do |driver_key| -%> 303 | <%= driver_key.gsub('_','-') %>: <%= custom_iaas[custom_key]['driver'][driver_key] %> 304 | <%- end -%> 305 | <%- end -%> 306 | <%- end -%> 307 | node-protocol: <%= @iaas_node_protocol ? @iaas_node_protocol : 'http' %> 308 | node-port: <%= @iaas_node_port ? @iaas_node_port : '2375' %> 309 | <% end %> 310 | # - Debug configuration 311 | # http://docs.tsuru.io/en/stable/reference/config.html#log-level 312 | debug: <%= @tsuru_debug %> 313 | log: 314 | <%= @log_file ? " log-file: #{@log_file}\n": nil -%> 315 | <%= @log_disable_syslog ? " disable-syslog: #{@log_disable_syslog}\n": nil -%> 316 | syslog-tag: <%= @log_syslog_tag %> 317 | <%= @log_use_stderr ? " use-stderr: #{@log_use_stderr}\n": nil -%> 318 | queue-size: <%= @log_queue_size %> 319 | app-log-service: <%= @log_app_service %> 320 | app-log-rate-limit: <%= @log_app_rate_limit %> 321 | global-app-log-rate-limit: <%= @log_global_rate_limit %> 322 | unsafe-write: <%= @log_unsafe_write %> 323 | app-log-memory-buffer-bytes: <%= @log_app_memory_buffer_bytes %> 324 | 325 | <%- if @event_throttling_enable -%> 326 | # - Event throttling configuration 327 | # https://docs.tsuru.io/master/reference/config.html#event-throttling-configuration 328 | 329 | event: 330 | throttling:<%= @event_throttling_configs.to_yaml.gsub("---", '').gsub("\"", '') %> 331 | <% end -%> 332 | -------------------------------------------------------------------------------- /base/.fixtures.yml: -------------------------------------------------------------------------------- 1 | fixtures: 2 | forge_modules: 3 | sudo: 4 | repo: "saz/sudo" 5 | ref: 3.0.6 6 | stdlib: 7 | repo: "puppetlabs/stdlib" 8 | ref: 4.3.2 9 | apt: 10 | repo: "puppetlabs/apt" 11 | ref: 2.4.0 12 | symlinks: 13 | "base": "#{source_dir}" 14 | -------------------------------------------------------------------------------- /base/Rakefile: -------------------------------------------------------------------------------- 1 | require 'puppetlabs_spec_helper/rake_tasks' 2 | require 'puppet-lint/tasks/puppet-lint' 3 | 4 | PuppetLint.configuration.send('disable_80chars') 5 | PuppetLint.configuration.send('disable_class_parameter_defaults') 6 | PuppetLint.configuration.ignore_paths = [ 7 | "spec/**/*.pp", 8 | "vendor/**/*.pp", 9 | "**/pkg/**/*.pp", 10 | ] 11 | 12 | Rake::Task[:spec].enhance [:lint] 13 | -------------------------------------------------------------------------------- /base/manifests/centos.pp: -------------------------------------------------------------------------------- 1 | # 2 | # == Class: base::ubuntu 3 | # 4 | # base used by other tsuru classes installed on CentOS. 5 | # 6 | 7 | class base::centos inherits base { 8 | 9 | } -------------------------------------------------------------------------------- /base/manifests/init.pp: -------------------------------------------------------------------------------- 1 | # 2 | # == Class: base 3 | # 4 | # base used by other tsuru classes 5 | # 6 | # === Parameters 7 | # [no_repos] Do not add any repository 8 | # [tsuru_source_list] Optional source list used instead tsuru PPA 9 | # [tsuru_release] Optional release name to used instead lsb dist code 10 | # [docker_source_list] Optional source list used instead tsuru PPA 11 | # [docker_release] Optional release name to used instead lsb dist code 12 | # [nginx_source_list] Optional source list used instead tsuru PPA 13 | # [nginx_release] Optional release name to used instead lsb dist code 14 | # 15 | 16 | class base ( 17 | $no_repos = false, 18 | $tsuru_source_list = false, 19 | $tsuru_release = $::lsbdistcodename, 20 | $tsuru_repos = 'main', 21 | $enable_tsuru_rc = false, 22 | $tsuru_rc_source_list = undef, 23 | $tsuru_rc_release = undef, 24 | $tsuru_rc_repos = 'main', 25 | $docker_source_list = false, 26 | $docker_release = $::lsbdistcodename, 27 | $docker_repos = 'main' 28 | ) { 29 | 30 | $tsuru_pub_key = ' 31 | -----BEGIN PGP PUBLIC KEY BLOCK----- 32 | Version: SKS 1.1.4 33 | Comment: Hostname: keyserver.ubuntu.com 34 | 35 | mI0EUktBQAEEAJwPWcFy1B20SgKkF3QVvMoSJld+3bhrS6AT0fbYwv4RgpwekQGrnO5z4Otg 36 | APTwe64jJPyCRneO0IC8Y5U2ILZNl50oFVrE3eMjdRp7Gy+9t1Kpq1fLlH/bER/YVkzmaomI 37 | xA8ZWOWOXWrdf4IwGYtzmrBarAryHliSjXwXej+nABEBAAG0F0xhdW5jaHBhZCBQUEEgZm9y 38 | IHRzdXJ1iLgEEwECACIFAlJLQUACGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEDsB 39 | U9A4Pwc9wpMD/RKIYfFBX3m7rsu0CELJwthyIaynjjMdl9AlVwc97Df2N2hVWR1hzTBFT43q 40 | Qt//piVffD29fWIMG5ZuCFWMUPKOeljRLoX71kHVlgHBmJDSsE8ygYV1Y1RvGu/BBuNvn/ha 41 | kDrSLb2SyfEoJ0psRDssSDHjOaIDEDpaACkSd+hm 42 | =37Zt 43 | -----END PGP PUBLIC KEY BLOCK----- 44 | ' 45 | 46 | $docker_pub_key = ' 47 | -----BEGIN PGP PUBLIC KEY BLOCK----- 48 | Version: GnuPG v1.4.11 (GNU/Linux) 49 | 50 | mQENBFIOqEUBCADsvqwefcPPQArws9jHF1PaqhXxkaXzeE5uHHtefdoRxQdjoGok 51 | HFmHWtCd9zR7hDpHE7Q4dwJtSFWZAM3zaUtlvRAgvMmfLm08NW9QQn0CP5khjjF1 52 | cgckhjmzQAzpEHO5jiSwl0ZU8ouJrLDgmbhT6knB1XW5/VmeECqKRyhlEK0zRz1a 53 | XV+4EVDySlORmFyqlmdIUmiU1/6pKEXyRBBVCHNsbnpZOOzgNhfMz8VE8Hxq7Oh8 54 | 1qFaFXjNGCrNZ6xr/DI+iXlsZ8urlZjke5llm4874N8VPUeFQ/szmsbSqmCnbd15 55 | LLtrpvpSMeyRG+LoTYvyTG9QtAuewL9EKJPfABEBAAG0OURvY2tlciBSZWxlYXNl 56 | IFRvb2wgKHJlbGVhc2Vkb2NrZXIpIDxkb2NrZXJAZG90Y2xvdWQuY29tPokBOAQT 57 | AQIAIgUCUg6oRQIbLwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQ2Fdqi6iN 58 | IenM+QgAnOiozhHDAYGO92SmZjib6PK/1djbrDRMreCT8bnzVpriTOlEtARDXsmX 59 | njKSFa+HTxHi/aTNo29TmtHDfUupcfmaI2mXbZt1ixXLuwcMv9sJXKoeWwKZnN3i 60 | 9vAM9/yAJz3aq+sTXeG2dDrhZr34B3nPhecNkKQ4v6pnQy43Mr59Fvv5CzKFa9oZ 61 | IoZf+Ul0F90HSw5WJ1NsDdHGrAaHLZfzqAVrqHzazw7ghe94k460T8ZAaovCaTQV 62 | HzTcMfJdPz/uTim6J0OergT9njhtdg2ugUj7cPFUTpsxQ1i2S8qDEQPL7kabAZZo 63 | Pim0BXdjsHVftivqZqfWeVFKMorchQ== 64 | =fRgo 65 | -----END PGP PUBLIC KEY BLOCK----- 66 | ' 67 | 68 | $docker_project_pub_key = ' 69 | -----BEGIN PGP PUBLIC KEY BLOCK----- 70 | Version: GnuPG v1 71 | 72 | mQINBFWln24BEADrBl5p99uKh8+rpvqJ48u4eTtjeXAWbslJotmC/CakbNSqOb9o 73 | ddfzRvGVeJVERt/Q/mlvEqgnyTQy+e6oEYN2Y2kqXceUhXagThnqCoxcEJ3+KM4R 74 | mYdoe/BJ/J/6rHOjq7Omk24z2qB3RU1uAv57iY5VGw5p45uZB4C4pNNsBJXoCvPn 75 | TGAs/7IrekFZDDgVraPx/hdiwopQ8NltSfZCyu/jPpWFK28TR8yfVlzYFwibj5WK 76 | dHM7ZTqlA1tHIG+agyPf3Rae0jPMsHR6q+arXVwMccyOi+ULU0z8mHUJ3iEMIrpT 77 | X+80KaN/ZjibfsBOCjcfiJSB/acn4nxQQgNZigna32velafhQivsNREFeJpzENiG 78 | HOoyC6qVeOgKrRiKxzymj0FIMLru/iFF5pSWcBQB7PYlt8J0G80lAcPr6VCiN+4c 79 | NKv03SdvA69dCOj79PuO9IIvQsJXsSq96HB+TeEmmL+xSdpGtGdCJHHM1fDeCqkZ 80 | hT+RtBGQL2SEdWjxbF43oQopocT8cHvyX6Zaltn0svoGs+wX3Z/H6/8P5anog43U 81 | 65c0A+64Jj00rNDr8j31izhtQMRo892kGeQAaaxg4Pz6HnS7hRC+cOMHUU4HA7iM 82 | zHrouAdYeTZeZEQOA7SxtCME9ZnGwe2grxPXh/U/80WJGkzLFNcTKdv+rwARAQAB 83 | tDdEb2NrZXIgUmVsZWFzZSBUb29sIChyZWxlYXNlZG9ja2VyKSA8ZG9ja2VyQGRv 84 | Y2tlci5jb20+iQI4BBMBAgAiBQJVpZ9uAhsvBgsJCAcDAgYVCAIJCgsEFgIDAQIe 85 | AQIXgAAKCRD3YiFXLFJgnbRfEAC9Uai7Rv20QIDlDogRzd+Vebg4ahyoUdj0CH+n 86 | Ak40RIoq6G26u1e+sdgjpCa8jF6vrx+smpgd1HeJdmpahUX0XN3X9f9qU9oj9A4I 87 | 1WDalRWJh+tP5WNv2ySy6AwcP9QnjuBMRTnTK27pk1sEMg9oJHK5p+ts8hlSC4Sl 88 | uyMKH5NMVy9c+A9yqq9NF6M6d6/ehKfBFFLG9BX+XLBATvf1ZemGVHQusCQebTGv 89 | 0C0V9yqtdPdRWVIEhHxyNHATaVYOafTj/EF0lDxLl6zDT6trRV5n9F1VCEh4Aal8 90 | L5MxVPcIZVO7NHT2EkQgn8CvWjV3oKl2GopZF8V4XdJRl90U/WDv/6cmfI08GkzD 91 | YBHhS8ULWRFwGKobsSTyIvnbk4NtKdnTGyTJCQ8+6i52s+C54PiNgfj2ieNn6oOR 92 | 7d+bNCcG1CdOYY+ZXVOcsjl73UYvtJrO0Rl/NpYERkZ5d/tzw4jZ6FCXgggA/Zxc 93 | jk6Y1ZvIm8Mt8wLRFH9Nww+FVsCtaCXJLP8DlJLASMD9rl5QS9Ku3u7ZNrr5HWXP 94 | HXITX660jglyshch6CWeiUATqjIAzkEQom/kEnOrvJAtkypRJ59vYQOedZ1sFVEL 95 | MXg2UCkD/FwojfnVtjzYaTCeGwFQeqzHmM241iuOmBYPeyTY5veF49aBJA1gEJOQ 96 | TvBR8Q== 97 | =Fm3p 98 | -----END PGP PUBLIC KEY BLOCK----- 99 | ' 100 | 101 | case $::operatingsystem { 102 | 'Ubuntu' : { include base::ubuntu } 103 | 'CentOS' : { include base::centos } 104 | default : { fail('OS not supported') } 105 | } 106 | 107 | } 108 | -------------------------------------------------------------------------------- /base/manifests/ubuntu.pp: -------------------------------------------------------------------------------- 1 | # 2 | # == Class: base::ubuntu 3 | # 4 | # base used by other tsuru classes installed on Ubuntu. 5 | # 6 | 7 | class base::ubuntu inherits base { 8 | 9 | class { 'apt': 10 | update => { 11 | 'frequency' => 'always', 12 | 'timeout' => 600 13 | } 14 | } 15 | 16 | apt::conf { 'unauth': 17 | priority => 99, 18 | content => 'APT::Get::AllowUnauthenticated 1;' 19 | } 20 | 21 | if (!$base::no_repos) { 22 | 23 | apt::key { 'tsuru': 24 | id => '383F073D', 25 | content => $base::tsuru_pub_key 26 | } 27 | 28 | apt::key { 'docker': 29 | id => 'A88D21E9', 30 | content => $base::docker_pub_key 31 | } 32 | 33 | apt::key {'docker_project': 34 | id => '2C52609D', 35 | content => $base::docker_project_pub_key 36 | } 37 | 38 | if ($base::tsuru_source_list) { 39 | apt::source { 'tsuru': 40 | location => $base::tsuru_source_list, 41 | include => { 'src' => false }, 42 | repos => $base::tsuru_repos, 43 | release => $base::tsuru_release, 44 | require => Apt::Key['tsuru'] 45 | } 46 | } else { 47 | apt::ppa { 'ppa:tsuru/ppa': 48 | release => $base::tsuru_release, 49 | require => Apt::Key['tsuru'] 50 | } 51 | } 52 | 53 | # Tsuru RC 54 | if ($base::tsuru_rc_source_list or $base::enable_tsuru_rc) { 55 | if ($base::tsuru_rc_source_list) { 56 | apt::source { 'tsuru_rc': 57 | location => $base::tsuru_rc_source_list, 58 | include => { 'src' => false }, 59 | repos => $base::tsuru_rc_repos, 60 | release => $base::tsuru_rc_release, 61 | require => Apt::Key['tsuru'] 62 | } 63 | } else { 64 | apt::ppa { 'ppa:tsuru/rc': 65 | release => $base::tsuru_rc_release, 66 | require => Apt::Key['tsuru'] 67 | } 68 | } 69 | } 70 | 71 | if ($base::docker_source_list) { 72 | apt::source { 'docker' : 73 | location => $base::docker_source_list, 74 | include => { 'src' => false }, 75 | repos => $base::docker_repos, 76 | release => $base::docker_release, 77 | require => [Apt::Key['docker'], Apt::Key['docker_project']] 78 | } 79 | } else { 80 | apt::source { 'docker' : 81 | location => 'https://apt.dockerproject.org/repo', 82 | include => { 'src' => false }, 83 | repos => 'main', 84 | release => 'ubuntu-trusty', 85 | require => [Apt::Key['docker'], Apt::Key['docker_project']] 86 | } 87 | } 88 | } 89 | 90 | } 91 | -------------------------------------------------------------------------------- /base/metadata.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "tsuru-base", 3 | "version": "0.0.14", 4 | "author": "Tsuru", 5 | "license": "BSD-style license that can be found in the LICENSE file", 6 | "summary": "Puppet module to Tsuru PaaS base", 7 | "source": "https://github.com/tsuru/puppet-tsuru", 8 | "project_page": "(https://github.com/tsuru/puppet-tsuru)", 9 | "issues_url": "https://github.com/tsuru/puppet-tsuru/issues", 10 | "tags": ["PaaS", "tsuru", "tsuru-base"], 11 | "operatingsystem_support": [ 12 | {"operatingsystem":"RedHat", 13 | "operatingsystemrelease":[ "6.5", "7.0" ]}, 14 | {"operatingsystem": "Ubuntu", 15 | "operatingsystemrelease": [ "14.04" ]} 16 | ], 17 | "dependencies": [ 18 | { "name": "puppetlabs/stdlib", "version_requirement": ">= 2.5.0" }, 19 | { "name": "puppetlabs/apt" } 20 | ] 21 | } 22 | -------------------------------------------------------------------------------- /base/spec/classes/base_centos_spec.rb: -------------------------------------------------------------------------------- 1 | require 'spec_helper' 2 | 3 | describe 'base' do 4 | 5 | let :facts do 6 | { :osfamily => 'RedHat', :operatingsystem => 'CentOS', :hostname => 'foo.bar' } 7 | end 8 | 9 | it 'requires class base' do 10 | should contain_class('base') 11 | end 12 | 13 | it 'requires class base::centos' do 14 | should contain_class('base::centos') 15 | end 16 | 17 | end 18 | -------------------------------------------------------------------------------- /base/spec/classes/base_ubuntu_spec.rb: -------------------------------------------------------------------------------- 1 | require 'spec_helper' 2 | 3 | describe 'base' do 4 | 5 | let :facts do 6 | { :osfamily => 'Debian', :operatingsystem => 'Ubuntu', :lsbdistid => 'Ubuntu', :lsbdistcodename => 'precise' } 7 | end 8 | 9 | it 'contains class apt' do 10 | should contain_class('apt').with( 11 | :update => { 'frequency' => 'always', 'timeout' => 600 } 12 | ) 13 | end 14 | 15 | it 'contains define apt::key{unauth}' do 16 | should contain_apt__conf('unauth') 17 | end 18 | 19 | it 'contains define apt::key{tsuru}' do 20 | should contain_apt__key('tsuru') 21 | end 22 | 23 | it 'contains define apt::key{docker}' do 24 | should contain_apt__key('docker') 25 | end 26 | 27 | context 'with default base' do 28 | it { should contain_apt__ppa('ppa:tsuru/ppa') } 29 | it { should contain_apt__source('docker').with(:location => 'https://apt.dockerproject.org/repo', :repos => 'main', :release => 'ubuntu-trusty') } 30 | end 31 | 32 | context 'setting custom source list' do 33 | 34 | let :params do { 35 | :tsuru_source_list => 'tsuru_source_list_custom', 36 | :docker_source_list => 'docker_source_list_custom' 37 | } 38 | end 39 | 40 | it { should contain_apt__source('tsuru').with(:location => 'tsuru_source_list_custom') } 41 | it { should contain_apt__source('docker').with(:location => 'docker_source_list_custom') } 42 | context 'using custom release' do 43 | 44 | before do 45 | params.merge!( :docker_release => 'docker' ) 46 | end 47 | 48 | it { should contain_apt__source('tsuru').with(:location => 'tsuru_source_list_custom', :release => 'precise') } 49 | it { should contain_apt__source('docker').with(:location => 'docker_source_list_custom', :release => 'docker') } 50 | 51 | end 52 | end 53 | 54 | context 'fail with wrong OS' do 55 | 56 | before do 57 | facts.merge!( :operatingsystem => 'RedHat' ) 58 | end 59 | 60 | it 'install packages on RedHat system' do 61 | expect { should compile }.to raise_error(RSpec::Expectations::ExpectationNotMetError, /OS not supported/) 62 | end 63 | 64 | end 65 | 66 | context 'setting no repository' do 67 | let :params do { 68 | :no_repos => true 69 | } 70 | end 71 | 72 | it 'should no add extra repository for docker or tsuru' do 73 | should_not contain_apt__ppa('ppa:tsuru/ppa') 74 | should_not contain_apt__source('docker').with(:location => 'https://apt.dockerproject.org/repo', :repos => 'main', :release => 'ubuntu-trusty') 75 | end 76 | end 77 | 78 | end 79 | -------------------------------------------------------------------------------- /base/spec/spec_helper.rb: -------------------------------------------------------------------------------- 1 | dir = File.expand_path(File.dirname(__FILE__)) 2 | $LOAD_PATH.unshift File.join(dir, 'lib') 3 | 4 | require 'puppetlabs_spec_helper/module_spec_helper' 5 | require 'mocha' 6 | 7 | fixture_path = File.expand_path(File.join(__FILE__, '..', 'fixtures')) 8 | RSpec.configure do |c| 9 | c.mock_with :mocha 10 | c.module_path = File.join(fixture_path, 'modules') 11 | c.manifest_dir = File.join(fixture_path, 'manifests') 12 | end 13 | 14 | at_exit { RSpec::Puppet::Coverage.report! } 15 | 16 | # We need this because the RAL uses 'should' as a method. This 17 | # allows us the same behaviour but with a different method name. 18 | class Object 19 | alias :must :should 20 | end 21 | -------------------------------------------------------------------------------- /bs/.fixtures.yml: -------------------------------------------------------------------------------- 1 | fixtures: 2 | forge_modules: 3 | docker: 4 | repo: "tsuru/docker" 5 | ref: 0.0.21 6 | stdlib: 7 | repo: "puppetlabs/stdlib" 8 | ref: 4.3.2 9 | symlinks: 10 | "bs": "#{source_dir}" 11 | -------------------------------------------------------------------------------- /bs/README.md: -------------------------------------------------------------------------------- 1 | # Docker Big-Sibling puppet-module 2 | 3 | Puppet module for big-sibling installation 4 | 5 | # Usage 6 | 7 | ```puppet 8 | class { 'bs': 9 | image => 'tsuru/bs:v1', 10 | log_backends => 'none', 11 | metrics_backend => 'logstash', 12 | metrics_logstash_host => 'localhost', 13 | metrics_logstash_port => '1984', 14 | } 15 | ``` 16 | 17 | # Full Parameters list 18 | 19 | For details on each of those parameters, check https://github.com/tsuru/bs#environment-variables. 20 | 21 | -------------------------------------------------------------------------------- /bs/Rakefile: -------------------------------------------------------------------------------- 1 | require 'puppetlabs_spec_helper/rake_tasks' 2 | require 'puppet-lint/tasks/puppet-lint' 3 | 4 | PuppetLint.configuration.send('disable_80chars') 5 | PuppetLint.configuration.send('disable_class_parameter_defaults') 6 | PuppetLint.configuration.ignore_paths = [ 7 | "spec/**/*.pp", 8 | "vendor/**/*.pp", 9 | "**/pkg/**/*.pp", 10 | ] 11 | 12 | Rake::Task[:spec].enhance [:lint] 13 | -------------------------------------------------------------------------------- /bs/manifests/init.pp: -------------------------------------------------------------------------------- 1 | # 2 | # == Class: bs 3 | # 4 | # Big-Sibling 5 | # 6 | # === Parameters 7 | # 8 | # https://github.com/tsuru/bs#environment-variables 9 | 10 | class bs ( 11 | $image = 'tsuru/bs:latest', 12 | $log_backends = undef, 13 | $log_tsuru_buffer_size = undef, 14 | $log_tsuru_ping_interval = undef, 15 | $log_tsuru_pong_interval = undef, 16 | $log_syslog_buffer_size = undef, 17 | $log_syslog_forward_addresses = undef, 18 | $log_syslog_timezone = undef, 19 | $status_interval = undef, 20 | $metrics_backend = undef, 21 | $metrics_interval = undef, 22 | $metrics_logstash_client = undef, 23 | $metrics_logstash_port = undef, 24 | $metrics_logstash_host = undef, 25 | $metrics_logstash_protocol = undef, 26 | $container_selection_env = undef, 27 | $debug = undef, 28 | $hostcheck_base_container_name = undef, 29 | $hostcheck_extra_paths = undef, 30 | $tsuru_endpoint = undef, 31 | $tsuru_token = undef, 32 | $syslog_listen_address = undef, 33 | $host_proc = '/prochost', 34 | ){ 35 | 36 | $docker_socket = '/var/run/docker.sock' 37 | $socket_volume = "-v ${docker_socket}:/var/run/docker.sock:rw" 38 | 39 | $env_map = delete_undef_values({ 40 | 'LOG_BACKENDS' => $log_backends, 41 | 'LOG_TSURU_BUFFER_SIZE' => $log_tsuru_buffer_size, 42 | 'LOG_TSURU_PING_INTERVAL' => $log_tsuru_ping_interval, 43 | 'LOG_TSURU_PONG_INTERVAL' => $log_tsuru_pong_interval, 44 | 'LOG_SYSLOG_BUFFER_SIZE' => $log_syslog_buffer_size, 45 | 'LOG_SYSLOG_FORWARD_ADDRESSES' => $log_syslog_forward_addresses, 46 | 'LOG_SYSLOG_TIMEZONE' => $log_syslog_timezone, 47 | 'STATUS_INTERVAL' => $status_interval, 48 | 'METRICS_BACKEND' => $metrics_backend, 49 | 'METRICS_INTERVAL' => $metrics_interval, 50 | 'METRICS_LOGSTASH_CLIENT' => $metrics_logstash_client, 51 | 'METRICS_LOGSTASH_PORT' => $metrics_logstash_port, 52 | 'METRICS_LOGSTASH_HOST' => $metrics_logstash_host, 53 | 'METRICS_LOGSTASH_PROTOCOL' => $metrics_logstash_protocol, 54 | 'CONTAINER_SELECTION_ENV' => $container_selection_env, 55 | 'BS_DEBUG' => $debug, 56 | 'HOSTCHECK_BASE_CONTAINER_NAME' => $hostcheck_base_container_name, 57 | 'HOSTCHECK_EXTRA_PATHS' => $hostcheck_extra_paths, 58 | 'TSURU_ENDPOINT' => $tsuru_endpoint, 59 | 'TSURU_TOKEN' => $tsuru_token, 60 | 'DOCKER_ENDPOINT' => "unix://${docker_socket}", 61 | 'SYSLOG_LISTEN_ADDRESS' => $syslog_listen_address, 62 | 'HOST_PROC' => $host_proc, 63 | }) 64 | 65 | $env_st = join(join_keys_to_values($env_map, '='), ' ') 66 | $env = join(prefix(join_keys_to_values($env_map, '='), '-e '), ' ') 67 | 68 | if $host_proc { 69 | $proc_volume = "-v /proc:${host_proc}:ro" 70 | } else { 71 | $proc_volume = '' 72 | } 73 | 74 | $image_id = "docker images --no-trunc --format='{{.ID}}' ${image}" 75 | 76 | # returns 0 if bs is running 77 | $bs_running = 'docker ps -f name=big-sibling --format="{{.Names}}" | grep -c big-sibling' 78 | 79 | # returns 0 if bs is running with diferent envs or image id 80 | $inspect_bs = 'docker inspect --format="{{range .Config.Env}}{{println .}}{{end}}{{.Image}}" big-sibling' 81 | $changed = "${inspect_bs} 2> /dev/null | grep -v 'PATH' | xargs | grep -c -v \"${env_st} \$(${image_id})\"" 82 | 83 | exec { 'pull bs image': 84 | command => "docker pull ${image}", 85 | path => '/usr/bin', 86 | require => Class['docker'] 87 | } 88 | ->exec { 'stop bs container': 89 | command => 'docker stop big-sibling', 90 | path => ['/usr/bin', '/bin'], 91 | onlyif => [$changed, $bs_running], 92 | } 93 | ->exec { 'remove bs container': 94 | command => 'docker rm big-sibling', 95 | path => ['/usr/bin', '/bin'], 96 | onlyif => $inspect_bs, 97 | unless => $bs_running, 98 | } 99 | ->exec { 'run bs container': 100 | command => "docker run -d --privileged --net='host' --restart='always' --name='big-sibling' \ 101 | ${socket_volume} ${proc_volume} ${env} ${image}", 102 | path => ['/usr/bin', '/bin'], 103 | unless => $bs_running, 104 | } 105 | } 106 | -------------------------------------------------------------------------------- /bs/metadata.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "tsuru-bs", 3 | "version": "0.0.4", 4 | "author": "Tsuru", 5 | "license": "BSD-style license that can be found in the LICENSE file", 6 | "summary": "Puppet module to Big-Sibling", 7 | "source": "https://github.com/tsuru/puppet-tsuru", 8 | "project_page": "(https://github.com/tsuru/puppet-tsuru)", 9 | "issues_url": "https://github.com/tsuru/puppet-tsuru/issues", 10 | "tags": ["PaaS", "tsuru", "tsuru-bs"], 11 | "operatingsystem_support": [ 12 | {"operatingsystem":"RedHat", 13 | "operatingsystemrelease":[ "6.5", "7.0" ]}, 14 | {"operatingsystem": "Ubuntu", 15 | "operatingsystemrelease": [ "14.04" ]} 16 | ], 17 | "dependencies": [ 18 | { "name": "puppetlabs/stdlib", "version_requirement": ">= 2.5.0" }, 19 | { "name": "tsuru/docker"} 20 | ] 21 | } 22 | -------------------------------------------------------------------------------- /bs/spec/classes/bs_spec.rb: -------------------------------------------------------------------------------- 1 | require 'spec_helper' 2 | 3 | describe 'bs' do 4 | 5 | let :facts do 6 | { :osfamily => 'Debian', :operatingsystem => 'Ubuntu', :lsbdistid => 'Ubuntu', :lsbdistcodename => 'precise' } 7 | end 8 | 9 | let :params do 10 | {} 11 | end 12 | 13 | it do 14 | should contain_class('bs') 15 | end 16 | 17 | context 'without version' do 18 | it 'pull latest image' do 19 | should contain_exec('pull bs image').with({ 20 | :command => 'docker pull tsuru/bs:latest' 21 | }) 22 | end 23 | 24 | it 'starts the latest image' do 25 | should contain_exec('run bs container').with({ 26 | :command => "docker run -d --privileged --net='host' --restart='always' --name='big-sibling' \ 27 | -v /var/run/docker.sock:/var/run/docker.sock:rw -v /proc:/prochost:ro \ 28 | -e DOCKER_ENDPOINT=unix:///var/run/docker.sock -e HOST_PROC=/prochost tsuru/bs:latest" 29 | }) 30 | end 31 | 32 | end 33 | 34 | context 'when setting bs image to v1' do 35 | before { params.merge!( :image => 'tsuru/bs:v1' ) } 36 | it 'pull v1 image' do 37 | should contain_exec('pull bs image').with({ 38 | :command => 'docker pull tsuru/bs:v1' 39 | }) 40 | end 41 | 42 | it 'starts the v1 image' do 43 | should contain_exec('run bs container').with({ 44 | :command => "docker run -d --privileged --net='host' --restart='always' --name='big-sibling' \ 45 | -v /var/run/docker.sock:/var/run/docker.sock:rw -v /proc:/prochost:ro \ 46 | -e DOCKER_ENDPOINT=unix:///var/run/docker.sock -e HOST_PROC=/prochost tsuru/bs:v1" 47 | }) 48 | end 49 | end 50 | 51 | context 'when setting configurations' do 52 | before {params.merge!( :log_backends => 'tsuru', :metrics_backend => 'logstash')} 53 | it 'runs bs with the environment configuration' do 54 | should contain_exec('run bs container').with({ 55 | :command => "docker run -d --privileged --net='host' --restart='always' --name='big-sibling' \ 56 | -v /var/run/docker.sock:/var/run/docker.sock:rw -v /proc:/prochost:ro \ 57 | -e LOG_BACKENDS=tsuru -e METRICS_BACKEND=logstash -e DOCKER_ENDPOINT=unix:///var/run/docker.sock \ 58 | -e HOST_PROC=/prochost tsuru/bs:latest" 59 | }) 60 | end 61 | end 62 | end 63 | -------------------------------------------------------------------------------- /bs/spec/spec_helper.rb: -------------------------------------------------------------------------------- 1 | dir = File.expand_path(File.dirname(__FILE__)) 2 | $LOAD_PATH.unshift File.join(dir, 'lib') 3 | 4 | require 'puppetlabs_spec_helper/module_spec_helper' 5 | require 'mocha' 6 | 7 | fixture_path = File.expand_path(File.join(__FILE__, '..', 'fixtures')) 8 | RSpec.configure do |c| 9 | c.mock_with :mocha 10 | c.module_path = File.join(fixture_path, 'modules') 11 | c.manifest_dir = File.join(fixture_path, 'manifests') 12 | end 13 | 14 | at_exit { RSpec::Puppet::Coverage.report! } 15 | 16 | # We need this because the RAL uses 'should' as a method. This 17 | # allows us the same behaviour but with a different method name. 18 | class Object 19 | alias :must :should 20 | end 21 | -------------------------------------------------------------------------------- /docker/.fixtures.yml: -------------------------------------------------------------------------------- 1 | fixtures: 2 | forge_modules: 3 | base: 4 | repo: "tsuru/base" 5 | ref: 0.0.9 6 | sudo: 7 | repo: "saz/sudo" 8 | ref: 3.0.6 9 | stdlib: 10 | repo: "puppetlabs/stdlib" 11 | ref: 4.3.2 12 | apt: 13 | repo: "puppetlabs/apt" 14 | ref: 1.7.0 15 | symlinks: 16 | "docker": "#{source_dir}" 17 | -------------------------------------------------------------------------------- /docker/Rakefile: -------------------------------------------------------------------------------- 1 | require 'puppetlabs_spec_helper/rake_tasks' 2 | require 'puppet-lint/tasks/puppet-lint' 3 | 4 | PuppetLint.configuration.send('disable_80chars') 5 | PuppetLint.configuration.send('disable_class_parameter_defaults') 6 | PuppetLint.configuration.ignore_paths = [ 7 | "spec/**/*.pp", 8 | "vendor/**/*.pp", 9 | "**/pkg/**/*.pp", 10 | ] 11 | 12 | Rake::Task[:spec].enhance [:lint] 13 | -------------------------------------------------------------------------------- /docker/manifests/init.pp: -------------------------------------------------------------------------------- 1 | # 2 | # == Class: docker 3 | # 4 | # Tsuru docker node 5 | # 6 | # === Parameters 7 | # 8 | # [docker_version] LXC docker package version 9 | # [docker_graph_dir] Docker root directory where all files are located 10 | # [docker_bind] Docker bind array options. Eg ['tcp://0.0.0.0:4243', 'unix:///var/run/docker.sock'] 11 | # [docker_extra_opts] Extra opts to docker daemon 12 | # [log_to_syslog] Log output and stderr also to syslog 13 | 14 | 15 | class docker ( 16 | $docker_version = latest, 17 | $docker_graph_dir = '/var/lib/docker', 18 | $docker_bind = [], 19 | $docker_extra_opts = '', 20 | $log_to_syslog = true, 21 | $proxy_url = undef 22 | ) { 23 | 24 | if (!is_array($docker_bind)) { 25 | fail('\$docker_bind must be an array') 26 | } 27 | 28 | if (versioncmp($docker_version, '1.9.1') <= 0 and $docker_version != latest) { 29 | fail('\$docker_version must be greater than 1.9.1') 30 | } 31 | 32 | if (versioncmp($docker_version, '5:18.09.2') >=0 or versioncmp($docker_version, '17.03.2') >=0 or $docker_version == latest) { 33 | $docker_package = 'docker-ce' 34 | } else { 35 | $docker_package = 'docker-engine' 36 | } 37 | 38 | package { $docker_package: 39 | ensure => $docker_version, 40 | require => File['/etc/default/docker'] 41 | } 42 | 43 | $docker_bind_join = join($docker_bind, ' -H ') 44 | 45 | if ($docker_bind_join) { 46 | $docker_bind_opts = "-H ${docker_bind_join}" 47 | } else { 48 | $docker_bind_opts = '' 49 | } 50 | 51 | $docker_opts = join(["-g ${docker_graph_dir}", $docker_bind_opts, $docker_extra_opts ],' ') 52 | 53 | service { 'docker': 54 | ensure => running, 55 | enable => true, 56 | require => Package[$docker_package] 57 | } 58 | 59 | file { '/etc/default/docker': 60 | ensure => present, 61 | content => template('docker/default-docker.erb'), 62 | mode => '0644', 63 | owner => root, 64 | group => root, 65 | } 66 | 67 | } 68 | -------------------------------------------------------------------------------- /docker/metadata.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "tsuru-docker", 3 | "version": "0.1.3", 4 | "author": "Tsuru", 5 | "license": "BSD-style license that can be found in the LICENSE file", 6 | "summary": "Puppet module to Docker", 7 | "source": "https://github.com/tsuru/puppet-tsuru", 8 | "project_page": "(https://github.com/tsuru/puppet-tsuru)", 9 | "issues_url": "https://github.com/tsuru/puppet-tsuru/issues", 10 | "tags": ["PaaS", "tsuru", "tsuru-docker"], 11 | "operatingsystem_support": [ 12 | {"operatingsystem":"RedHat", 13 | "operatingsystemrelease":[ "6.5", "7.0" ]}, 14 | {"operatingsystem": "Ubuntu", 15 | "operatingsystemrelease": [ "14.04" ]} 16 | ], 17 | "dependencies": [ 18 | { "name": "puppetlabs/stdlib", "version_requirement": ">= 2.5.0" }, 19 | { "name": "tsuru/base" } 20 | ] 21 | } 22 | -------------------------------------------------------------------------------- /docker/spec/classes/docker_spec.rb: -------------------------------------------------------------------------------- 1 | require 'spec_helper' 2 | 3 | describe 'docker' do 4 | 5 | let :facts do 6 | { :osfamily => 'Debian', :operatingsystem => 'Ubuntu', :lsbdistid => 'Ubuntu', :lsbdistcodename => 'precise' } 7 | end 8 | 9 | let :params do 10 | { :docker_version => 'latest' } 11 | end 12 | 13 | context 'when setting docker version to 1.8.1' do 14 | before { params.merge!( :docker_version => '1.8.1' ) } 15 | it 'raises puppet error when version is lower or equal than 1.9.1' do 16 | should raise_error(Puppet::Error, /\$docker_version must be greater than 1.9.1/) 17 | end 18 | end 19 | 20 | context 'when setting docker version to 1.10.2' do 21 | before { params.merge!( :docker_version => '1.10.2' ) } 22 | it 'install docker-engine package with version 1.10.2' do 23 | should contain_package('docker-engine').with({ 24 | :ensure => '1.10.2', 25 | :require => "File[/etc/default/docker]" 26 | }) 27 | end 28 | end 29 | 30 | context 'when setting docker version to 17.03.2' do 31 | before { params.merge!( :docker_version => '17.03.2' ) } 32 | it 'install docker-ce package with version 17.03.2' do 33 | should contain_package('docker-ce').with({ 34 | :ensure => '17.03.2', 35 | :require => "File[/etc/default/docker]" 36 | }) 37 | end 38 | end 39 | 40 | context 'when setting docker version to 5:18.09.3~3' do 41 | before { params.merge!( :docker_version => '5:18.09.3~3' ) } 42 | it 'install docker-ce package with version 5:18.09.3~3' do 43 | should contain_package('docker-ce').with({ 44 | :ensure => '5:18.09.3~3', 45 | :require => "File[/etc/default/docker]" 46 | }) 47 | end 48 | end 49 | 50 | 51 | 52 | context 'when setting docker version to latest' do 53 | it 'install docker-engine package with latest version' do 54 | should contain_package('docker-ce').with({ 55 | :require => "File[/etc/default/docker]" 56 | }) 57 | end 58 | end 59 | 60 | context 'setting all docker options' do 61 | let (:params) { { :docker_graph_dir => '/foo/bar', 62 | :docker_bind => ['tcp:///0.0.0.0:4243', 'unix:///var/run/docker.sock'], 63 | :docker_extra_opts => '--extra-opts foo=bar' } } 64 | it 'creates docker default file /etc/default/docker' do 65 | should contain_file('/etc/default/docker').with_content(/^DOCKER_OPTS="-g \/foo\/bar -H tcp:\/\/\/0.0.0.0:4243 -H unix:\/\/\/var\/run\/docker.sock --extra-opts foo=bar"/m) 66 | end 67 | end 68 | 69 | context 'default docker options' do 70 | it 'creates docker default file /etc/default/docker' do 71 | should contain_file('/etc/default/docker').with_content(/^DOCKER_OPTS="-g \/var\/lib\/docker "/m) 72 | end 73 | end 74 | 75 | context 'invalid docker_bind' do 76 | let (:params) { { :docker_bind => "tcp:///0.0.0.0:4243" } } 77 | it 'raises puppet error when not array' do 78 | should raise_error(Puppet::Error, /\$docker_bind must be an array/) 79 | end 80 | end 81 | 82 | end 83 | -------------------------------------------------------------------------------- /docker/spec/spec_helper.rb: -------------------------------------------------------------------------------- 1 | dir = File.expand_path(File.dirname(__FILE__)) 2 | $LOAD_PATH.unshift File.join(dir, 'lib') 3 | 4 | require 'puppetlabs_spec_helper/module_spec_helper' 5 | require 'mocha' 6 | 7 | fixture_path = File.expand_path(File.join(__FILE__, '..', 'fixtures')) 8 | RSpec.configure do |c| 9 | c.mock_with :mocha 10 | c.module_path = File.join(fixture_path, 'modules') 11 | c.manifest_dir = File.join(fixture_path, 'manifests') 12 | end 13 | 14 | at_exit { RSpec::Puppet::Coverage.report! } 15 | 16 | # We need this because the RAL uses 'should' as a method. This 17 | # allows us the same behaviour but with a different method name. 18 | class Object 19 | alias :must :should 20 | end 21 | -------------------------------------------------------------------------------- /docker/templates/default-docker.erb: -------------------------------------------------------------------------------- 1 | # Docker Upstart and SysVinit configuration file 2 | 3 | # Customize location of Docker binary (especially for development testing). 4 | #DOCKER="/usr/local/bin/docker" 5 | 6 | # Use DOCKER_OPTS to modify the daemon startup options. 7 | DOCKER_OPTS="<%= @docker_opts %>" 8 | 9 | # If you need Docker to use an HTTP proxy, it can also be specified here. 10 | #export http_proxy="http://127.0.0.1:3128/" 11 | 12 | # This is also a handy place to tweak where Docker's temporary files go. 13 | #export TMPDIR="/mnt/bigdrive/docker-tmp" 14 | -------------------------------------------------------------------------------- /gandalf/.fixtures.yml: -------------------------------------------------------------------------------- 1 | fixtures: 2 | forge_modules: 3 | sudo: 4 | repo: "saz/sudo" 5 | ref: 3.0.6 6 | base: 7 | repo: "tsuru/base" 8 | ref: 0.0.5 9 | python: 10 | repo: "stankevich/python" 11 | ref: 1.9.0 12 | multitemplate: 13 | repo: "deanwilson/multitemplate" 14 | ref: 1.0.1 15 | apt: 16 | repo: "puppetlabs/apt" 17 | ref: 1.8.0 18 | repositories: 19 | "stdlib": "git://github.com/puppetlabs/puppetlabs-stdlib.git" 20 | symlinks: 21 | "gandalf": "#{source_dir}" 22 | -------------------------------------------------------------------------------- /gandalf/Rakefile: -------------------------------------------------------------------------------- 1 | require 'puppetlabs_spec_helper/rake_tasks' 2 | require 'puppet-lint/tasks/puppet-lint' 3 | 4 | PuppetLint.configuration.send('disable_80chars') 5 | PuppetLint.configuration.send('disable_class_parameter_defaults') 6 | PuppetLint.configuration.ignore_paths = [ 7 | "spec/**/*.pp", 8 | "vendor/**/*.pp", 9 | "**/pkg/**/*.pp", 10 | ] 11 | 12 | Rake::Task[:spec].enhance [:lint] 13 | -------------------------------------------------------------------------------- /gandalf/files/pre-receive: -------------------------------------------------------------------------------- 1 | #!/bin/bash -el 2 | 3 | # This script generate archives and deploy applications using tsuru api. 4 | # 5 | # It depends on the following environment variables: 6 | # 7 | # - TSURU_HOST: URL to the Tsuru API (for example: http://yourtsuru:8080) 8 | # - TSURU_TOKEN: the token to communicate with the API (generated with 9 | # `tsurud token`, in the server). 10 | 11 | while read oldrev newrev refname 12 | do 13 | set +e 14 | echo $refname | grep -v tags/master$ | grep -q /master$ 15 | status=$? 16 | set -e 17 | if [ $status = 0 ] 18 | then 19 | COMMIT=${newrev} 20 | fi 21 | done 22 | 23 | if [ -z ${COMMIT} ] 24 | then 25 | echo "ERROR: please push to master" 26 | exit 3 27 | fi 28 | 29 | git_archive_all() { 30 | REV=$1; FILE=$2 31 | TMP_WORK_DIR=$(mktemp -d) 32 | chmod 755 $TMP_WORK_DIR 33 | unset GIT_DIR GIT_WORK_TREE 34 | git clone -q $PWD $TMP_WORK_DIR &> /dev/null 35 | pushd $TMP_WORK_DIR > /dev/null 36 | git config advice.detachedHead false 37 | git checkout $REV > /dev/null 38 | git submodule update --init --recursive > /dev/null 39 | find -name .git -prune -exec rm -rf {} \; > /dev/null 40 | tar zcf /tmp/$FILE . 41 | popd > /dev/null 42 | rm -rf $TMP_WORK_DIR > /dev/null 43 | } 44 | 45 | APP_DIR=${PWD##*/} 46 | APP_NAME=${APP_DIR/.git/} 47 | UUID=`python -c 'import uuid; print uuid.uuid4().hex'` 48 | ARCHIVE_FILE_NAME=${APP_NAME}_${COMMIT}_${UUID}.tar.gz 49 | git_archive_all $COMMIT $ARCHIVE_FILE_NAME 50 | archive_url="/tmp/${ARCHIVE_FILE_NAME}" 51 | url="${TSURU_HOST}/apps/${APP_NAME}/deploy" 52 | curl -H "Authorization: bearer ${TSURU_TOKEN}" -F "file=@${archive_url}" -F "commit=${COMMIT}" -F "user=${TSURU_USER}" -s -N $url | tee /tmp/deploy-${APP_NAME}.log 53 | rm /tmp/${ARCHIVE_FILE_NAME} 54 | tail -1 /tmp/deploy-${APP_NAME}.log | grep -q "^OK$" -------------------------------------------------------------------------------- /gandalf/lib/puppet/parser/functions/mkdir_p.rb: -------------------------------------------------------------------------------- 1 | require 'puppet/parser/functions' 2 | require 'fileutils' 3 | 4 | module Puppet::Parser::Functions 5 | newfunction(:mkdir_p, :type => :rvalue) do |args| 6 | if (args.size != 1) then 7 | raise(Puppet::ParseError, "mkdir_p(): Wrong number of arguments given #{args.size} for 1") 8 | end 9 | dir_name = args[0] 10 | begin 11 | FileUtils.mkdir_p(dir_name) 12 | rescue 13 | return false 14 | end 15 | return true 16 | end 17 | end 18 | -------------------------------------------------------------------------------- /gandalf/manifests/init.pp: -------------------------------------------------------------------------------- 1 | # 2 | # == Class: gandalf 3 | # 4 | # Tsuru gandalf node 5 | # 6 | # === Parameters 7 | # 8 | # [gandalf_host] Gandalf host to 9 | # [gandalf_ipbind_port] Gandalf ip x port to bind 10 | # [gandalf_db_url] Gandalf mongodb url 11 | # [gandalf_db_name] Gandalf mongodb database name 12 | # [gandalf_repositories_path] Git repository root path 13 | # [gandalf_create_repositories] Create repositories base dir 14 | # [gandalf_bare_template_path] Git base template to use 15 | # [gandalf_create_bare_template] Create bare template dir 16 | # [gandalf_user] Gandalf running user 17 | # [gandalf_group] Gandalf running group 18 | # [gandalf_authorized_keys_path] Path to the authorized_keys file 19 | # [gandalf_version] Gandalf server package version 20 | # [tsuru_api_host] Tsuru Server API Host 21 | # [tsuru_api_token] Tsuru API Token 22 | 23 | 24 | class gandalf ( 25 | $gandalf_host = 'localhost', 26 | $gandalf_ipbind_port = '0.0.0.0:8080', 27 | $gandalf_db_url = 'localhost:27017', 28 | $gandalf_db_name = 'gandalf', 29 | $gandalf_repositories_path = '/var/lib/gandalf/repositories', 30 | $gandalf_create_repositories = true, 31 | $gandalf_bare_template_path = '/var/lib/gandalf/bare-template', 32 | $gandalf_create_bare_template = true, 33 | $gandalf_user = 'git', 34 | $gandalf_group = 'git', 35 | $gandalf_user_home = '/var/lib/gandalf', 36 | $gandalf_authorized_keys_path = '/var/lib/gandalf/.ssh/authorized_keys', 37 | $gandalf_version = 'latest', 38 | $tsuru_api_host = 'localhost:8081', 39 | $tsuru_api_token = undef 40 | ) { 41 | 42 | include base 43 | 44 | package { 'gandalf-server': 45 | ensure => $gandalf_version, 46 | require => Class['Base'] 47 | } 48 | ->file { '/etc/gandalf.conf': 49 | ensure => present, 50 | content => template('gandalf/gandalf.conf.erb'), 51 | mode => '0644', 52 | owner => root, 53 | group => root, 54 | notify => Service['gandalf-server'], 55 | } 56 | ->file { '/etc/init/gandalf-server.conf': 57 | ensure => present, 58 | content => template('gandalf/gandalf-server.conf.erb'), 59 | mode => '0644', 60 | owner => root, 61 | group => root, 62 | notify => Service['gandalf-server'], 63 | require => File['/etc/gandalf.conf'] 64 | } 65 | 66 | service { 'gandalf-server': 67 | ensure => running, 68 | enable => true, 69 | provider => 'upstart', 70 | subscribe => File['/etc/init/gandalf-server.conf'], 71 | require => [ File['/etc/init/gandalf-server.conf'] , Package['gandalf-server'] ] 72 | } 73 | 74 | if ($gandalf_create_repositories) { 75 | if ( mkdir_p($gandalf_repositories_path) ) { 76 | file { $gandalf_repositories_path: 77 | ensure => directory, 78 | recurse => true, 79 | mode => '0755', 80 | owner => $gandalf_user, 81 | group => $gandalf_group, 82 | require => Package['gandalf-server'] 83 | } 84 | } else { 85 | fail("Cannot create and set ${gandalf_repositories_path}") 86 | } 87 | } 88 | 89 | if ($gandalf_create_bare_template) { 90 | if ( mkdir_p("${gandalf_bare_template_path}/hooks") ) { 91 | file { $gandalf_bare_template_path: 92 | ensure => directory, 93 | recurse => true, 94 | mode => '0755', 95 | owner => $gandalf_user, 96 | group => $gandalf_group, 97 | require => Package['gandalf-server'] 98 | } 99 | } else { 100 | fail("Cannot create and set ${gandalf_bare_template_path}") 101 | } 102 | } 103 | 104 | file { "${gandalf_bare_template_path}/hooks/pre-receive": 105 | ensure => file, 106 | recurse => true, 107 | mode => '0755', 108 | owner => $gandalf_user, 109 | group => $gandalf_group, 110 | source => 'puppet:///modules/gandalf/pre-receive', 111 | require => File[$gandalf_bare_template_path] 112 | } 113 | 114 | file { "${gandalf_user_home}/.profile": 115 | ensure => file, 116 | mode => '0755', 117 | owner => $gandalf_user, 118 | group => $gandalf_group, 119 | content => template('gandalf/git-profile.erb'), 120 | require => Package['gandalf-server'] 121 | } 122 | 123 | } 124 | -------------------------------------------------------------------------------- /gandalf/metadata.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "tsuru-gandalf", 3 | "version": "0.1.0", 4 | "author": "Tsuru", 5 | "license": "BSD-style license that can be found in the LICENSE file", 6 | "summary": "Puppet module for Gandalf git repository manager", 7 | "source": "https://github.com/tsuru/puppet-tsuru", 8 | "project_page": "(https://github.com/tsuru/puppet-tsuru)", 9 | "issues_url": "https://github.com/tsuru/puppet-tsuru/issues", 10 | "tags": ["PaaS", "tsuru", "tsuru-gandalf"], 11 | "operatingsystem_support": [ 12 | {"operatingsystem":"RedHat", 13 | "operatingsystemrelease":[ "6.5", "7.0" ]}, 14 | {"operatingsystem": "Ubuntu", 15 | "operatingsystemrelease": [ "14.04" ]} 16 | ], 17 | "dependencies": [ 18 | { "name": "puppetlabs/stdlib", "version_requirement": ">= 2.5.0" }, 19 | { "name": "tsuru/base", "version_requirement": ">= 0.0.5" }, 20 | { "name": "stankevich/python", "version_requirement": "1.9.0" }, 21 | { "name": "deanwilson/multitemplate", "vesion_requirement": "1.0.1" } 22 | ] 23 | } 24 | -------------------------------------------------------------------------------- /gandalf/spec/classes/gandalf_spec.rb: -------------------------------------------------------------------------------- 1 | require 'rspec-puppet' 2 | require 'spec_helper' 3 | # require 'fileutils' 4 | 5 | describe 'gandalf' do 6 | 7 | before (:each) do 8 | FileUtils.stubs(:mkdir_p).returns(true) 9 | end 10 | 11 | let :facts do 12 | { :osfamily => 'Debian', :operatingsystem => 'Ubuntu', :lsbdistid => 'Ubuntu', :lsbdistcodename => 'precise', :hostname => 'foo.bar' } 13 | end 14 | 15 | let :params do 16 | { 17 | :gandalf_host => 'foo.bar', 18 | :gandalf_ipbind_port => '0.0.0.0:9000', 19 | :gandalf_db_url => 'foobar:27017', 20 | :gandalf_db_name => 'gandalf_db', 21 | :gandalf_repositories_path => '/foo/bar/repos', 22 | :gandalf_bare_template_path => '/foo/bar/bare', 23 | :gandalf_create_repositories => true, 24 | :gandalf_create_bare_template => true, 25 | :gandalf_user => 'gand_user', 26 | :gandalf_group => 'gand_group', 27 | :gandalf_version => '0.1.0', 28 | :gandalf_authorized_keys_path => '/my/authorized_keys', 29 | :tsuru_api_host => 'api_host', 30 | :tsuru_api_token => 'api_token', 31 | } 32 | end 33 | 34 | it 'requires class base' do 35 | should contain_class('base') 36 | end 37 | 38 | it 'install gandalf-server package' do 39 | should contain_package('gandalf-server').with({ 40 | :ensure => '0.1.0' 41 | }) 42 | end 43 | 44 | it 'creates file /etc/gandalf.conf' do 45 | should contain_file('/etc/gandalf.conf').with({ 46 | :content => /url: foobar:27017.+name: gandalf_db.+location: \/foo\/bar\/repos.+template: \/foo\/bar\/bare.+host: foo.bar.+bind: 0.0.0.0:9000.+uid: gand_user\n\nauthorized-keys-path: \/my\/authorized_keys\n/m, 47 | :notify => 'Service[gandalf-server]' 48 | }) 49 | end 50 | 51 | it 'creates file /etc/init/gandalf-server.conf' do 52 | should contain_file('/etc/init/gandalf-server.conf').with({ 53 | :content => /setuid gand_user\nsetgid gand_group\nexec \/usr\/bin\/gandalf-server/, 54 | :notify => 'Service[gandalf-server]' 55 | }) 56 | end 57 | 58 | 59 | 60 | it 'runs gandalf-server service' do 61 | should contain_service('gandalf-server').with({ 62 | :ensure => 'running', 63 | :subscribe => 'File[/etc/init/gandalf-server.conf]' 64 | }) 65 | end 66 | 67 | it 'fix git repositories base dir permission' do 68 | should contain_file('/foo/bar/repos').with({ 69 | :ensure => 'directory', 70 | :recurse => 'true', 71 | :owner => 'gand_user', 72 | :group => 'gand_group', 73 | }) 74 | end 75 | 76 | it 'fix bare template dir permission' do 77 | should contain_file('/foo/bar/bare').with({ 78 | :ensure => 'directory', 79 | :recurse => 'true', 80 | :owner => 'gand_user', 81 | :group => 'gand_group', 82 | }) 83 | end 84 | 85 | end 86 | -------------------------------------------------------------------------------- /gandalf/spec/spec_helper.rb: -------------------------------------------------------------------------------- 1 | dir = File.expand_path(File.dirname(__FILE__)) 2 | $LOAD_PATH.unshift File.join(dir, 'lib') 3 | 4 | require 'puppetlabs_spec_helper/module_spec_helper' 5 | require 'mocha' 6 | 7 | fixture_path = File.expand_path(File.join(__FILE__, '..', 'fixtures')) 8 | RSpec.configure do |c| 9 | c.mock_with :mocha 10 | c.module_path = File.join(fixture_path, 'modules') 11 | c.manifest_dir = File.join(fixture_path, 'manifests') 12 | end 13 | 14 | at_exit { RSpec::Puppet::Coverage.report! } 15 | 16 | # We need this because the RAL uses 'should' as a method. This 17 | # allows us the same behaviour but with a different method name. 18 | class Object 19 | alias :must :should 20 | end 21 | -------------------------------------------------------------------------------- /gandalf/templates/gandalf-server.conf.erb: -------------------------------------------------------------------------------- 1 | limit nofile 10000 10000 2 | 3 | kill timeout 180 4 | 5 | start on runlevel [2345] 6 | stop on runlevel [06] 7 | 8 | respawn 9 | setuid <%= @gandalf_user %> 10 | setgid <%= @gandalf_group %> 11 | exec /usr/bin/gandalf-server -config=/etc/gandalf.conf 12 | post-stop exec sleep 5 13 | -------------------------------------------------------------------------------- /gandalf/templates/gandalf.conf.erb: -------------------------------------------------------------------------------- 1 | bin-path: /usr/bin/gandalf-ssh 2 | 3 | # MongoDB connection settings. By default, Gandalf will connect on localhost 4 | # using the "gandalf" database. Uncomment and change to customize. 5 | # 6 | database: 7 | url: <%= gandalf_db_url %> 8 | name: <%= gandalf_db_name %> 9 | 10 | # Git configuration. 11 | # 12 | # The template is a bare template. For more details, check git-init(1) man 13 | # page. 14 | git: 15 | bare: 16 | location: <%= gandalf_repositories_path %> 17 | template: <%= gandalf_bare_template_path %> 18 | 19 | # Host is the host used to build repositories URL. If you want Gandalf to be 20 | # accessible from other hosts, you need to change this option. 21 | host: <%= gandalf_host %> 22 | 23 | # Address that the Gandalf API server will bind. 24 | bind: <%= gandalf_ipbind_port %> 25 | 26 | # User that manages repositories in the file system. 27 | uid: <%= gandalf_user %> 28 | 29 | authorized-keys-path: <%= gandalf_authorized_keys_path %> 30 | -------------------------------------------------------------------------------- /gandalf/templates/git-profile.erb: -------------------------------------------------------------------------------- 1 | # ~/.profile: executed by the command interpreter for login shells. 2 | # This file is not read by bash(1), if ~/.bash_profile or ~/.bash_login 3 | # exists. 4 | # see /usr/share/doc/bash/examples/startup-files for examples. 5 | # the files are located in the bash-doc package. 6 | 7 | # the default umask is set in /etc/profile; for setting the umask 8 | # for ssh logins, install and configure the libpam-umask package. 9 | #umask 022 10 | 11 | # if running bash 12 | if [ -n "$BASH_VERSION" ]; then 13 | # include .bashrc if it exists 14 | if [ -f "$HOME/.bashrc" ]; then 15 | . "$HOME/.bashrc" 16 | fi 17 | fi 18 | 19 | # set PATH so it includes user's private bin if it exists 20 | if [ -d "$HOME/bin" ] ; then 21 | PATH="$HOME/bin:$PATH" 22 | fi 23 | export TSURU_HOST=<%= @tsuru_api_host %> 24 | export TSURU_TOKEN=<%= @tsuru_api_token %> 25 | <%= @gandalf_storage_bucket ? "export BUCKET_NAME=#{gandalf_storage_bucket}\nexport CONTAINER_NAME=#{gandalf_storage_bucket}" : '' %> 26 | <%= @gandalf_cdn_url ? "export CDN_URL=\"#{gandalf_cdn_url}\"" : '' %> 27 | <%= @gandalf_auth_params ? "export AUTH_PARAMS=\"#{gandalf_auth_params}\"" : '' %> 28 | -------------------------------------------------------------------------------- /gandalf/templates/pre-receive-archive.erb: -------------------------------------------------------------------------------- 1 | #!/bin/bash -el 2 | 3 | # This script uses the archive-server (https://github.com/tsuru/archive-server) 4 | # to generate archives and deploy applications using them. 5 | # 6 | # It depends on the following environment variables: 7 | # 8 | # - ARCHIVE_SERVER_READ: the base URL that will be sent to the tsuru server, 9 | # is a public URL that will be used to serve the 10 | # archive (for example: http://archive-server:8080) 11 | # - ARCHIVE_SERVER_WRITE: the base URL that will be used to generate the 12 | # archive, it's commonly a private URL (for example: 13 | # http://127.0.0.1:8181) 14 | # - TSURU_HOST: URL to the Tsuru API (for example: http://yourtsuru:8080) 15 | # - TSURU_TOKEN: the token to communicate with the API (generated with `tsr 16 | # token`, in the server). 17 | 18 | while read oldrev newrev refname 19 | do 20 | set +e 21 | echo $refname | grep -q /master$ 22 | status=$? 23 | set -e 24 | if [ $status = 0 ] 25 | then 26 | COMMIT=${newrev} 27 | fi 28 | done 29 | 30 | if [ -z ${COMMIT} ] 31 | then 32 | echo "ERROR: please push to master" 33 | exit 3 34 | fi 35 | 36 | generate_archive() { 37 | url="${ARCHIVE_SERVER_WRITE}/" 38 | result=`curl -sNd "path=${1}&refid=${2}" $url` 39 | python </bin/s3cmd put -P /tmp/${ARCHIVE_FILE_NAME} s3://${BUCKET_NAME}/ > /dev/null 40 | rm /tmp/${ARCHIVE_FILE_NAME} 41 | ARCHIVE_URL=`<%= @gandalf_storage_venv %>/bin/s3cmd info s3://${BUCKET_NAME}/${ARCHIVE_FILE_NAME} | grep URL | awk -F': ' '{print $2}' | tr -d ' '` 42 | URL="${TSURU_HOST}/apps/${APP_NAME}/repository/clone" 43 | curl -H "Authorization: bearer ${TSURU_TOKEN}" -d "archive-url=${ARCHIVE_URL}&commit=${COMMIT}&user=${TSURU_USER}" -s -N $URL | tee /tmp/deploy-${APP_NAME}.log 44 | <%= @gandalf_storage_venv %>/bin/s3cmd del s3://${BUCKET_NAME}/${ARCHIVE_FILE_NAME} > /dev/null 45 | tail -1 /tmp/deploy-${APP_NAME}.log | grep -q "^OK$" 46 | -------------------------------------------------------------------------------- /gandalf/templates/pre-receive-swift.erb: -------------------------------------------------------------------------------- 1 | #!/bin/bash -el 2 | 3 | # This script generates a git archive from the provided commit, uploads it to 4 | # Swift, sends the URL to Tsuru and then delete the archive in from the 5 | # container. 6 | # 7 | # It depends on the "swift" command line (it can be installed with pip). 8 | # 9 | # It also depends on the following environment variables: 10 | # 11 | # - AUTH_PARAMS: the parameters used in authentication (for example: 12 | # "-A https://yourswift.com -K yourkey -U youruser") 13 | # - CDN_URL: the URL of the CDN that serves content from your container (for 14 | # example: something.cf5.rackcdn.com). 15 | # - CONTAINER_NAME: name of the container where the script will store the 16 | # archives 17 | # - TSURU_HOST: URL to the Tsuru API (for example: http://yourtsuru:8080) 18 | # - TSURU_TOKEN: the token to communicate with the API (generated with `tsr 19 | # token`, in the server). 20 | 21 | while read oldrev newrev refname 22 | do 23 | set +e 24 | echo $refname | grep -q /master$ 25 | status=$? 26 | set -e 27 | if [ $status = 0 ] 28 | then 29 | COMMIT=${newrev} 30 | fi 31 | done 32 | 33 | if [ -z ${COMMIT} ] 34 | then 35 | echo "ERROR: please push to master" 36 | exit 3 37 | fi 38 | 39 | APP_DIR=${PWD##*/} 40 | APP_NAME=${APP_DIR/.git/} 41 | UUID=`python -c 'import uuid; print uuid.uuid4().hex'` 42 | ARCHIVE_FILE_NAME=${APP_NAME}_${COMMIT}_${UUID}.tar.gz 43 | git archive --format=tar.gz -o /tmp/$ARCHIVE_FILE_NAME $COMMIT 44 | <%= @gandalf_storage_venv %>/bin/swift -q $AUTH_PARAMS upload $CONTAINER_NAME /tmp/$ARCHIVE_FILE_NAME --object-name $ARCHIVE_FILE_NAME 45 | <%= @gandalf_storage_venv %>/bin/swift -q $AUTH_PARAMS post -r ".r:*" $CONTAINER_NAME 46 | rm /tmp/$ARCHIVE_FILE_NAME 47 | if [ -z "${CDN_URL}" ] 48 | then 49 | ARCHIVE_URL=`<%= @gandalf_storage_venv %>/bin/swift $AUTH_PARAMS stat -v $CONTAINER_NAME $ARCHIVE_FILE_NAME | grep URL | awk -F': ' '{print $2}'` 50 | else 51 | ARCHIVE_URL=${CDN_URL}/${ARCHIVE_FILE_NAME} 52 | fi 53 | URL="${TSURU_HOST}/apps/${APP_NAME}/repository/clone" 54 | curl -H "Authorization: bearer ${TSURU_TOKEN}" -d "archive-url=${ARCHIVE_URL}&commit=${COMMIT}&user=${TSURU_USER}" -s -N $URL | tee /tmp/deploy-${APP_NAME}.log 55 | <%= @gandalf_storage_venv %>/bin/swift -q $AUTH_PARAMS delete $CONTAINER_NAME $ARCHIVE_FILE_NAME 56 | tail -1 /tmp/deploy-${APP_NAME}.log | grep -q "^OK$" 57 | -------------------------------------------------------------------------------- /redis_service/Rakefile: -------------------------------------------------------------------------------- 1 | require 'puppetlabs_spec_helper/rake_tasks' 2 | require 'puppet-lint/tasks/puppet-lint' 3 | 4 | PuppetLint.configuration.send('disable_80chars') 5 | PuppetLint.configuration.send('disable_class_parameter_defaults') 6 | PuppetLint.configuration.ignore_paths = [ 7 | "spec/**/*.pp", 8 | "vendor/**/*.pp", 9 | "**/pkg/**/*.pp", 10 | ] 11 | 12 | Rake::Task[:spec].enhance [:lint] 13 | -------------------------------------------------------------------------------- /redis_service/files/sentinel.conf: -------------------------------------------------------------------------------- 1 | description "Redis Sentinel" 2 | 3 | stop on runlevel [!2345] 4 | 5 | respawn 6 | setuid redis 7 | setgid redis 8 | 9 | script 10 | touch /var/lib/redis/sentinel.conf 11 | /usr/bin/redis-server /var/lib/redis/sentinel.conf --sentinel --port 26379 --loglevel warning 12 | end script 13 | -------------------------------------------------------------------------------- /redis_service/manifests/init.pp: -------------------------------------------------------------------------------- 1 | class redis_service {} 2 | -------------------------------------------------------------------------------- /redis_service/manifests/install.pp: -------------------------------------------------------------------------------- 1 | class redis_service::install ( 2 | $lxc_docker_version = 'latest' 3 | ) inherits redis_service { 4 | 5 | include base 6 | 7 | class {'docker': 8 | lxc_docker_version => $lxc_docker_version, 9 | docker_extra_opts => '-H tcp://0.0.0.0:4243 -H unix:///var/run/docker.sock', 10 | } 11 | 12 | file { '/etc/init/sentinel.conf': 13 | ensure => file, 14 | source => 'puppet:///modules/redis_service/sentinel.conf', 15 | owner => 'root', 16 | group => 'root', 17 | mode => '0644', 18 | } 19 | 20 | package { 'redis-server': 21 | ensure => latest, 22 | notify => Service['sentinel'], 23 | require => File['/etc/init/sentinel.conf'] 24 | } 25 | 26 | service { 'sentinel': 27 | ensure => running, 28 | enable => true, 29 | hasrestart => true, 30 | subscribe => File['/etc/init/sentinel.conf'], 31 | provider => 'upstart', 32 | require => [ Package['redis-server'], File['/etc/init/sentinel.conf'] ] 33 | } 34 | 35 | service { 'redis-server': 36 | ensure => stopped, 37 | require => Package['redis-server'] 38 | } 39 | } 40 | -------------------------------------------------------------------------------- /redis_service/metadata.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "tsuru-redis_service", 3 | "version": "0.0.7", 4 | "source": "git://github.com/tsuru/puppet-tsuru.git", 5 | "author": "Tsuru", 6 | "license": "BSD-style license that can be found in the LICENSE file", 7 | "summary": "Puppet module for Redis Service", 8 | "description": "Module to install and configure a Redis Service", 9 | "project_page": "https://github.com/tsuru/puppet-tsuru", 10 | "dependencies": [ 11 | { "name": "puppetlabs/stdlib", "version_requirement": ">= 2.5.0" }, 12 | { "name": "tsuru/base" } 13 | ] 14 | } 15 | -------------------------------------------------------------------------------- /redis_service/spec/classes/redis_install_spec.rb: -------------------------------------------------------------------------------- 1 | require 'spec_helper' 2 | 3 | describe 'redis::init' do 4 | 5 | context 'on a Ubuntu OS' do 6 | let :facts do 7 | { 8 | :osfamily => 'Debian', 9 | :operatingsystem => 'Ubuntu', 10 | :lsbdistid => 'Ubuntu', 11 | :lsbdistcodename => 'trusty', 12 | :hostname => 'foo.bar', 13 | :zabbix_enable => true, 14 | } 15 | end 16 | 17 | it do 18 | should contain_service("redis-server") 19 | end 20 | end 21 | end 22 | -------------------------------------------------------------------------------- /redis_service/spec/spec_helper.rb: -------------------------------------------------------------------------------- 1 | dir = File.expand_path(File.dirname(__FILE__)) 2 | $LOAD_PATH.unshift File.join(dir, 'lib') 3 | 4 | require 'puppetlabs_spec_helper/module_spec_helper' 5 | require 'mocha' 6 | 7 | fixture_path = File.expand_path(File.join(__FILE__, '..', 'fixtures')) 8 | RSpec.configure do |c| 9 | c.mock_with :mocha 10 | c.module_path = File.join(fixture_path, 'modules') 11 | c.manifest_dir = File.join(fixture_path, 'manifests') 12 | end 13 | 14 | at_exit { RSpec::Puppet::Coverage.report! } 15 | 16 | # We need this because the RAL uses 'should' as a method. This 17 | # allows us the same behaviour but with a different method name. 18 | class Object 19 | alias :must :should 20 | end 21 | -------------------------------------------------------------------------------- /registry/.fixtures.yml: -------------------------------------------------------------------------------- 1 | fixtures: 2 | forge_modules: 3 | sudo: 4 | repo: "saz/sudo" 5 | ref: 3.0.6 6 | base: 7 | repo: "tsuru/base" 8 | ref: 0.0.4 9 | repositories: 10 | "stdlib": "git://github.com/puppetlabs/puppetlabs-stdlib.git" 11 | "apt": "git://github.com/puppetlabs/puppetlabs-apt.git" 12 | "python": "git://github.com/stankevich/puppet-python.git" 13 | symlinks: 14 | "registry": "#{source_dir}" 15 | -------------------------------------------------------------------------------- /registry/README.md: -------------------------------------------------------------------------------- 1 | # Docker Registry puppet-module 2 | 3 | Puppet module for docker registry config and instalation 4 | 5 | # Usage 6 | 7 | ```puppet 8 | class { 'redistry': 9 | ipbind_port => '0.0.0.0:8080', 10 | storage => 's3', 11 | cache_redis_host => '0.0.0.0', 12 | cache_redis_port => 6379 13 | } 14 | ``` 15 | 16 | # Full Parameters list 17 | 18 | ```puppet 19 | $ipbind_port = '0.0.0.0:8080', 20 | $version = latest, 21 | $user = 'registry', 22 | $group = 'registry', 23 | $storage = 'local', 24 | $venv_path = '/var/lib/venv', 25 | $gunicorn_max_requests = 100, 26 | $gunicorn_workers = 3, 27 | $loglevel = 'info', 28 | $debug = false, 29 | $standalone = true, 30 | $index_endpoint = 'https://index.docker.io', 31 | $storage_redirect = undef, 32 | $disable_token_auth = undef, 33 | $privileged_key = undef, 34 | $search_backend = undef, 35 | $sqlalchemy_index_database = 'sqlite:////tmp/docker-registry.db', 36 | $mirror_source = undef, 37 | $mirror_source_index = undef, 38 | $mirror_tags_cache_ttl = '172800', 39 | $cache_redis_host = undef, 40 | $cache_redis_port = undef, 41 | $cache_redis_db = '0', 42 | $cache_redis_password = undef, 43 | $cache_lru_redis_host = undef, 44 | $cache_lru_redis_port = undef, 45 | $cache_lru_redis_db = '0', 46 | $cache_lru_redis_password = undef, 47 | $smtp_host = undef, 48 | $smtp_port = 25, 49 | $smtp_login = undef, 50 | $smtp_password = undef, 51 | $smtp_secure = 'false', 52 | $smtp_from_addr = 'docker-registry@localdomain.local', 53 | $smtp_to_addr = 'noise+dockerregistry@localdomain. local', 54 | $bugsnag = undef, 55 | $cors_origins = undef, 56 | $cors_methods = undef, 57 | $cors_headers = '[Content-Type]', 58 | $cors_expose_headers = undef, 59 | $cors_supports_credentials = undef, 60 | $cors_max_age = undef, 61 | $cors_send_wildcard = undef, 62 | $cors_always_send = undef, 63 | $cors_automatic_options = undef, 64 | $cors_vary_header = undef, 65 | $cors_resources = undef, 66 | $local_storage_path = '/tmp/registry', 67 | $aws_region = undef, 68 | $aws_bucket = undef, 69 | $aws_storage_path = '/registry', 70 | $aws_encrypt = true, 71 | $aws_secure = true, 72 | $aws_key = undef, 73 | $aws_secret = undef, 74 | $aws_use_sigv4 = undef, 75 | $aws_host = undef, 76 | $aws_port = undef, 77 | $aws_debug = 0, 78 | $aws_calling_format = undef, 79 | $cf_base_url = undef, 80 | $cf_keyid = undef, 81 | $cf_keysecret = undef, 82 | $azure_storage_account_name = undef, 83 | $azure_storage_account_key = undef, 84 | $azure_storage_container = 'registry', 85 | $azure_use_https = true, 86 | $gcs_bucket = undef, 87 | $gcs_storage_path = '/registry', 88 | $gcs_secure = true, 89 | $gcs_key = undef, 90 | $gcs_secret = undef, 91 | $gcs_oauth2 = false, 92 | $os_storage_path = undef, 93 | $os_auth_url = undef, 94 | $os_container = undef, 95 | $os_container = undef, 96 | $os_password = undef, 97 | $os_tenant_name = undef, 98 | $os_region_name = undef, 99 | $glance_storage_alternate = file, 100 | $glance_storage_path = '/tmp/registry', 101 | $elliptics_nodes = undef, 102 | $elliptics_wait_timeout = 60, 103 | $elliptics_check_timeout = 60, 104 | $elliptics_io_thread_num = 2, 105 | $elliptics_net_thread_num = 2, 106 | $elliptics_nonblocking_io_thread_num = 2, 107 | $elliptics_groups = undef, 108 | $elliptics_verbosity = 4, 109 | $elliptics_logfile = '/dev/stderr', 110 | $elliptics_addr_family = 2, 111 | $oss_storage_path = '/registry/', 112 | $oss_host = undef, 113 | $oss_bucket = undef, 114 | $oss_key = undef, 115 | $oss_secret = undef, 116 | $dev_loglevel = 'debug', 117 | $dev_debug = true, 118 | $dev_search_backend = 'sqlalchemy', 119 | $test_storage_path = './tmp/test', 120 | $prod_storage_path = '/prod', 121 | ``` -------------------------------------------------------------------------------- /registry/Rakefile: -------------------------------------------------------------------------------- 1 | require 'puppetlabs_spec_helper/rake_tasks' 2 | require 'puppet-lint/tasks/puppet-lint' 3 | 4 | PuppetLint.configuration.send('disable_80chars') 5 | PuppetLint.configuration.send('disable_class_parameter_defaults') 6 | PuppetLint.configuration.ignore_paths = [ 7 | "spec/**/*.pp", 8 | "vendor/**/*.pp", 9 | "**/pkg/**/*.pp", 10 | ] 11 | 12 | Rake::Task[:spec].enhance [:lint] 13 | -------------------------------------------------------------------------------- /registry/lib/puppet/parser/functions/mkdir_p.rb: -------------------------------------------------------------------------------- 1 | require 'puppet/parser/functions' 2 | require 'fileutils' 3 | 4 | module Puppet::Parser::Functions 5 | newfunction(:mkdir_p, :type => :rvalue) do |args| 6 | if (args.size != 1) then 7 | raise(Puppet::ParseError, "mkdir_p(): Wrong number of arguments given #{args.size} for 1") 8 | end 9 | dir_name = args[0] 10 | begin 11 | FileUtils.mkdir_p(dir_name) 12 | rescue 13 | return false 14 | end 15 | return true 16 | end 17 | end 18 | -------------------------------------------------------------------------------- /registry/manifests/init.pp: -------------------------------------------------------------------------------- 1 | # 2 | # == Class: registry 3 | # 4 | # Tsuru registry node 5 | # 6 | # === Parameters 7 | # 8 | # [lxc_docker_version] LXC docker package version 9 | # [docker_graph_dir] Docker root directory where all files are located 10 | # [docker_bind] Docker bind array options. Eg ['tcp://0.0.0.0:4243', 'unix:///var/run/docker.sock'] 11 | # [docker_extra_opts] Extra opts to docker daemon 12 | # [registry_install_command] 13 | # [registry_start_command] 14 | # [proxy_url] 15 | class registry ( 16 | $lxc_docker_version = 'latest', 17 | $docker_graph_dir = undef, 18 | $docker_bind = undef, 19 | $docker_extra_opts = undef, 20 | $registry_install_command = undef, 21 | $registry_start_command = undef, 22 | $proxy_url = undef 23 | ){ 24 | 25 | class { 'docker': 26 | lxc_docker_version => $lxc_docker_version, 27 | docker_graph_dir => $docker_graph_dir, 28 | docker_bind => $docker_bind, 29 | docker_extra_opts => $docker_extra_opts, 30 | proxy_url => $proxy_url, 31 | } 32 | 33 | exec { 'install registry': 34 | command => $registry_install_command, 35 | path => '/usr/bin', 36 | require => Class['docker'] 37 | } 38 | 39 | exec { 'start registry': 40 | command => $registry_start_command, 41 | path => '/usr/bin', 42 | unless => '/usr/bin/docker inspect --format="{{ .State.Running }}" $(docker ps -f name=registry -q)', 43 | require => Exec['install registry'] 44 | } 45 | 46 | } 47 | -------------------------------------------------------------------------------- /registry/metadata.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "tsuru-registry", 3 | "version": "0.0.6", 4 | "author": "Tsuru", 5 | "license": "BSD-style license that can be found in the LICENSE file", 6 | "summary": "Puppet module to Tsuru PaaS Docker Registry", 7 | "source": "https://github.com/tsuru/puppet-tsuru", 8 | "project_page": "(https://github.com/tsuru/puppet-tsuru)", 9 | "issues_url": "https://github.com/tsuru/puppet-tsuru/issues", 10 | "tags": ["PaaS", "tsuru", "Registry"], 11 | "operatingsystem_support": [ 12 | {"operatingsystem": "Ubuntu", 13 | "operatingsystemrelease": [ "14.04" ]} 14 | ], 15 | "dependencies": [ 16 | { "name": "puppetlabs/stdlib", "version_requirement": ">= 2.5.0" }, 17 | { "name": "saz/sudo" }, 18 | { "name": "tsuru/base" } 19 | ] 20 | } 21 | -------------------------------------------------------------------------------- /registry/spec/classes/registry_spec.rb: -------------------------------------------------------------------------------- 1 | require 'spec_helper' 2 | 3 | describe 'registry' do 4 | 5 | before (:each) do 6 | FileUtils.stubs(:mkdir_p).returns(true) 7 | end 8 | 9 | let :facts do 10 | { :osfamily => 'Debian', :operatingsystem => 'Ubuntu', :lsbdistid => 'Ubuntu', :lsbdistcodename => 'precise', :hostname => 'foo.bar' } 11 | end 12 | 13 | let :params do 14 | { 15 | :storage => 'cloudfronts3' 16 | } 17 | end 18 | 19 | it do 20 | should contain_class('base') 21 | end 22 | 23 | it do 24 | should contain_file('/etc/init/docker-registry.conf') 25 | end 26 | 27 | it do 28 | should contain_file('/etc/docker-registry/config/config.yml') 29 | end 30 | 31 | end 32 | -------------------------------------------------------------------------------- /registry/spec/spec_helper.rb: -------------------------------------------------------------------------------- 1 | dir = File.expand_path(File.dirname(__FILE__)) 2 | $LOAD_PATH.unshift File.join(dir, 'lib') 3 | 4 | require 'puppetlabs_spec_helper/module_spec_helper' 5 | require 'mocha' 6 | 7 | fixture_path = File.expand_path(File.join(__FILE__, '..', 'fixtures')) 8 | RSpec.configure do |c| 9 | c.mock_with :mocha 10 | c.module_path = File.join(fixture_path, 'modules') 11 | c.manifest_dir = File.join(fixture_path, 'manifests') 12 | end 13 | 14 | at_exit { RSpec::Puppet::Coverage.report! } 15 | 16 | # We need this because the RAL uses 'should' as a method. This 17 | # allows us the same behaviour but with a different method name. 18 | class Object 19 | alias :must :should 20 | end 21 | -------------------------------------------------------------------------------- /registry/templates/config.yml.erb: -------------------------------------------------------------------------------- 1 | # All other flavors inherit the `common' config snippet 2 | common: &common 3 | issue: '"docker-registry server"' 4 | <% if @loglevel -%> 5 | # Default log level is info 6 | loglevel: <%= @loglevel %> 7 | <% end -%> 8 | <% if @debug -%> 9 | # Enable debugging (additional informations in the output of the _ping endpoint) 10 | debug: <%= @debug %> 11 | <% end -%> 12 | <% if @standalone -%> 13 | # By default, the registry acts standalone (eg: doesn't query the index) 14 | standalone: <%= @standalone %> 15 | <% end -%> 16 | <% if @index_endpoint -%> 17 | # The default endpoint to use (if NOT standalone) is index.docker.io 18 | index_endpoint: <%= @index_endpoint %> 19 | <% end -%> 20 | <% if @storage_redirect -%> 21 | # Storage redirect is disabled 22 | storage_redirect: <%= @storage_redirect %> 23 | <% end -%> 24 | <% if @disable_token_auth -%> 25 | # Token auth is enabled (if NOT standalone) 26 | disable_token_auth: <%= @disable_token_auth %> 27 | <% end -%> 28 | <% if @privileged_key -%> 29 | # No priv key 30 | privileged_key: <%= @privileged_key %> 31 | <% end -%> 32 | <% if @search_backend -%> 33 | # No search backend 34 | search_backend: <%= @search_backend %> 35 | <% end -%> 36 | <% if @sqlalchemy_index_database -%> 37 | # SQLite search backend 38 | sqlalchemy_index_database: <%= @sqlalchemy_index_database %> 39 | <% end -%> 40 | <% if @mirror_source -%> 41 | 42 | # Mirroring is not enabled 43 | mirroring: 44 | source: <%= @mirror_source %> 45 | source_index: <%= @mirror_source_index %> 46 | tags_cache_ttl: <%= @mirror_tags_cache_ttl %> 47 | <% end -%> 48 | <% if @cache_redis_host -%> 49 | 50 | cache: 51 | host: <%= @cache_redis_host %> 52 | port: <%= @cache_redis_port %> 53 | db: <%= @cache_redis_db %> 54 | password: <%= @cache_redis_password %> 55 | <% end -%> 56 | <% if @cache_lru_redis_host -%> 57 | 58 | # Enabling LRU cache for small files 59 | # This speeds up read/write on small files 60 | # when using a remote storage backend (like S3). 61 | cache_lru: 62 | host: <%= @cache_lru_redis_host %> 63 | port: <%= @cache_lru_redis_port %> 64 | db: <%= @cache_lru_redis_db %> 65 | password: <%= @cache_lru_redis_password %> 66 | <% end -%> 67 | <% if @smtp_host -%> 68 | 69 | # Enabling these options makes the Registry send an email on each code Exception 70 | email_exceptions: 71 | smtp_host: <%= @smtp_host %> 72 | smtp_port: <%= @smtp_port %> 73 | smtp_login: <%= @smtp_login %> 74 | smtp_password: <%= @smtp_password %> 75 | smtp_secure: <%= @smtp_secure %> 76 | from_addr: <%= @smtp_from_addr %> 77 | to_addr: <%= @smtp_to_addr %> 78 | <% end -%> 79 | <% if @bugsnag -%> 80 | 81 | # Enable bugsnag (set the API key) 82 | bugsnag: <%= @bugsnag %> 83 | <% end -%> 84 | <% if @cors_origins -%> 85 | 86 | # CORS support is not enabled by default 87 | cors: 88 | origins: <%= @cors_origins %> 89 | methods: <%= @cors_methods %> 90 | headers: <%= @cors_headers %> 91 | expose_headers: <%= @cors_expose_headers %> 92 | supports_credentials: <%= @cors_supports_credentials %> 93 | max_age: <%= @cors_max_age %> 94 | send_wildcard: <%= @cors_send_wildcard %> 95 | always_send: <%= @cors_always_send %> 96 | automatic_options: <%= @cors_automatic_options %> 97 | vary_header: <%= @cors_vary_header %> 98 | resources: <%= @cors_resources %> 99 | <% end -%> 100 | <% if @storage == "local" -%> 101 | 102 | local: &local 103 | <<: *common 104 | storage: local 105 | storage_path: <%= @local_storage_path %> 106 | <% end -%> 107 | <% if @storage == "s3" or @storage == "cloudfronts3" -%> 108 | 109 | s3: &s3 110 | <<: *common 111 | storage: s3 112 | s3_region: <%= @aws_region %> 113 | s3_bucket: <%= @aws_bucket %> 114 | boto_bucket: <%= @aws_bucket %> 115 | storage_path: <%= @aws_storage_path %> 116 | s3_encrypt: <%= @aws_encrypt %> 117 | s3_secure: <%= @aws_secure %> 118 | s3_access_key: <%= @aws_key %> 119 | s3_secret_key: <%= @aws_secret %> 120 | s3_use_sigv4: <%= @aws_use_sigv4 %> 121 | boto_host: <%= @aws_host %> 122 | boto_port: <%= @aws_port %> 123 | boto_calling_format: <%= @aws_calling_format %> 124 | <% end -%> 125 | <% if @storage == "cloudfronts3" -%> 126 | 127 | cloudfronts3: &cloudfronts3 128 | <<: *s3 129 | cloudfront: 130 | base: <%= @cf_base_url %> 131 | keyid: <%= @cf_keyid %> 132 | keysecret: <%= @cf_keysecret %> 133 | <% end -%> 134 | <% if @storage == "azureblob" -%> 135 | 136 | azureblob: &azureblob 137 | <<: *common 138 | storage: azureblob 139 | azure_storage_account_name: <%= @azure_storage_account_name %> 140 | azure_storage_account_key: <%= @azure_storage_account_key %> 141 | azure_storage_container: <%= @azure_storage_contaiNER %> 142 | azure_use_https: <%= @azure_use_https %> 143 | <% end -%> 144 | <% if @storage == "ceph-s3" -%> 145 | 146 | # Ceph Object Gateway Configuration 147 | # See http://ceph.com/docs/master/radosgw/ for details on installing this service. 148 | ceph-s3: &ceph-s3 149 | <<: *common 150 | storage: s3 151 | s3_region: ~ 152 | s3_bucket: <%= @aws_bucket %> 153 | s3_encrypt: <%= @aws_encrypt %> 154 | s3_secure: <%= @aws_secure %> 155 | storage_path: <%= @aws_storage_path %> 156 | s3_access_key: <%= @aws_key %> 157 | s3_secret_key: <%= @aws_secret %> 158 | boto_bucket: <%= @aws_bucket %> 159 | boto_host: <%= @aws_host %> 160 | boto_port: <%= @aws_port %> 161 | boto_debug: <%= @aws_debug %> 162 | boto_calling_format: <%= @aws_calling_format %> 163 | <% end -%> 164 | <% if @storage == "gcs" -%> 165 | 166 | # Google Cloud Storage Configuration 167 | # See: 168 | # https://developers.google.com/storage/docs/reference/v1/getting-startedv1#keys 169 | # for details on access and secret keys. 170 | gcs: 171 | <<: *common 172 | storage: gcs 173 | boto_bucket: <%= @gcs_bucket %> 174 | storage_path: <%= @gcs_storage_path %> 175 | gs_secure: <%= @gcs_secure %> 176 | gs_access_key: <%= @gcs_key %> 177 | gs_secret_key: <%= @gcs_secret %> 178 | # OAuth 2.0 authentication with the storage. 179 | # oauth2 can be set to true or false. If it is set to true, gs_access_key, 180 | # gs_secret_key and gs_secure are not needed. 181 | # Client ID and Client Secret must be set into OAUTH2_CLIENT_ID and 182 | # OAUTH2_CLIENT_SECRET environment variables. 183 | # See: https://developers.google.com/accounts/docs/OAuth2. 184 | oauth2: <%= @gcs_oauth2 %> 185 | <% end -%> 186 | <% if @storage == "swift" or @storage == "glance-swift" -%> 187 | 188 | # This flavor is for storing images in Openstack Swift 189 | swift: &swift 190 | <<: *common 191 | storage: swift 192 | storage_path: <%= @os_storage_path %> 193 | # keystone authorization 194 | swift_authurl: <%= @os_auth_url %> 195 | swift_container: <%= @os_container %> 196 | swift_user: <%= @os_username %> 197 | swift_password: <%= @os_password %> 198 | swift_tenant_name: <%= @os_tenant_name %> 199 | swift_region_name: <%= @os_region_name %> 200 | <% end -%> 201 | <% if @storage == "glance" -%> 202 | 203 | # This flavor stores the images in Glance (to integrate with openstack) 204 | # See also: https://github.com/docker/openstack-docker 205 | glance: &glance 206 | <<: *common 207 | storage: glance 208 | storage_alternate: <%= @glance_storage_alternate %> 209 | storage_path: <%= @glance_storage_path %> 210 | 211 | openstack: 212 | <<: *glance 213 | <% end -%> 214 | <% if @storage == "glance-swift" -%> 215 | 216 | # This flavor stores the images in Glance (to integrate with openstack) 217 | # and tags in Swift. 218 | glance-swift: &glance-swift 219 | <<: *swift 220 | storage: glance 221 | storage_alternate: swift 222 | 223 | openstack-swift: 224 | <<: *glance-swift 225 | <% end -%> 226 | <% if @storage == "elliptics" -%> 227 | 228 | elliptics: 229 | <<: *common 230 | storage: elliptics 231 | elliptics_nodes: <%= @elliptics_nodes %> 232 | elliptics_wait_timeout: <%= @elliptics_wait_timeout %> 233 | elliptics_check_timeout: <%= @elliptics_check_timeout %> 234 | elliptics_io_thread_num: <%= @elliptics_io_thread_num %> 235 | elliptics_net_thread_num: <%= @elliptics_net_thread_num %> 236 | elliptics_nonblocking_io_thread_num: <%= @elliptics_nonblocking_io_thread_num %> 237 | elliptics_groups: <%= @elliptics_groups %> 238 | elliptics_verbosity: <%= @elliptics_verbosity %> 239 | elliptics_logfile: <%= @elliptics_logfile %> 240 | elliptics_addr_family: <%= @elliptics_addr_family %> 241 | <% end -%> 242 | <% if @storage == "oss" -%> 243 | 244 | # This flavor stores the images in Aliyun OSS 245 | # See: 246 | # https://i.aliyun.com/access_key/ 247 | # for details on access and secret keys. 248 | oss: &oss 249 | <<: *common 250 | storage: oss 251 | storage_path: <%= @oss_storage_path %> 252 | oss_host: <%= @oss_host %> 253 | oss_bucket: <%= @oss_bucket %> 254 | oss_accessid: <%= @oss_key %> 255 | oss_accesskey: <%= @oss_secret %> 256 | <% end -%> 257 | <% if @flavor == "dev" -%> 258 | 259 | # This is the default configuration when no flavor is specified 260 | dev: &dev 261 | <<: *local 262 | loglevel: <%= @loglevel %> 263 | debug: <%= @debug %> 264 | search_backend: <%= @search_backend %> 265 | <% end -%> 266 | <% if @flavor == "test" -%> 267 | 268 | # This flavor is used by unit tests 269 | test: 270 | <<: *dev 271 | index_endpoint: https://registry-stage.hub.docker.com 272 | standalone: true 273 | storage_path: <%= @storage_path %> 274 | <% end -%> 275 | <% if @flavor == "prod" -%> 276 | 277 | # To specify another flavor, set the environment variable SETTINGS_FLAVOR 278 | # $ export SETTINGS_FLAVOR=prod 279 | prod: 280 | <<: *s3 281 | storage_path: <%= @storage_path %> 282 | <% end -%> 283 | -------------------------------------------------------------------------------- /registry/templates/docker-registry.conf.erb: -------------------------------------------------------------------------------- 1 | limit nofile 10000 10000 2 | 3 | kill timeout 180 4 | 5 | start on runlevel [2345] 6 | stop on runlevel [06] 7 | 8 | setuid <%= @user %> 9 | setgid <%= @group %> 10 | 11 | respawn 12 | 13 | env DOCKER_REGISTRY_CONFIG=<%= @path %>/config.yml 14 | script 15 | <%= @venv_path %>/bin/gunicorn \ 16 | -k gevent --max-requests <%= @gunicorn_max_requests %> \ 17 | --graceful-timeout 3600 -t 3600 -b <%= @ipbind_port %> \ 18 | -w <%= @gunicorn_workers %> docker_registry.wsgi:application 19 | end script 20 | post-stop exec sleep 5 21 | -------------------------------------------------------------------------------- /router/.fixtures.yml: -------------------------------------------------------------------------------- 1 | fixtures: 2 | forge_modules: 3 | base: 4 | repo: "tsuru/base" 5 | ref: 0.0.2 6 | sudo: 7 | repo: "saz/sudo" 8 | ref: 3.0.6 9 | stdlib: 10 | repo: "puppetlabs/stdlib" 11 | ref: 4.3.2 12 | apt: 13 | repo: "puppetlabs/apt" 14 | ref: 1.7.0 15 | docker: 16 | repo: "tsuru/docker" 17 | ref: 0.0.21 18 | symlinks: 19 | "router": "#{source_dir}" 20 | -------------------------------------------------------------------------------- /router/Rakefile: -------------------------------------------------------------------------------- 1 | require 'puppetlabs_spec_helper/rake_tasks' 2 | require 'puppet-lint/tasks/puppet-lint' 3 | 4 | PuppetLint.configuration.send('disable_80chars') 5 | PuppetLint.configuration.send('disable_class_parameter_defaults') 6 | PuppetLint.configuration.ignore_paths = [ 7 | "spec/**/*.pp", 8 | "vendor/**/*.pp", 9 | "**/pkg/**/*.pp", 10 | ] 11 | 12 | Rake::Task[:spec].enhance [:lint] 13 | -------------------------------------------------------------------------------- /router/manifests/init.pp: -------------------------------------------------------------------------------- 1 | # class router 2 | class router { 3 | 4 | $service_provider = $::operatingsystem ? { 5 | Ubuntu => 'upstart', 6 | CentOS => 'init', 7 | default => fail('OS not supported') 8 | } 9 | 10 | } 11 | -------------------------------------------------------------------------------- /router/manifests/install.pp: -------------------------------------------------------------------------------- 1 | # 2 | # == Class: router 3 | # 4 | # Tsuru router node 5 | # 6 | # === Parameters 7 | # 8 | 9 | class router::install ( 10 | 11 | $router_port = 80, 12 | $router_bind = '0.0.0.0', 13 | $router_hipache_workers = 5, 14 | $router_hipache_max_sockets = 100, 15 | $router_dead_backend_ttl = 30, 16 | $router_tcp_timeout = 30, 17 | $router_planb_connect_timeout = 10, 18 | $router_hipache_http_keep_alive = true, 19 | $router_access_log = '/var/log/hipache/access_log', 20 | $router_access_log_mode = 'file', 21 | $router_redis_host = '127.0.0.1', 22 | $router_redis_port = 6379, 23 | $router_redis_master_host = '127.0.0.1', 24 | $router_redis_master_port = 6379, 25 | $router_service_planb_enable = true, 26 | $router_service_planb_ensure = 'running', 27 | $router_service_hipache_enable = true, 28 | $router_service_hipache_ensure = 'running', 29 | $router_service_hchecker_enable = true, 30 | $router_service_hchecker_ensure = 'running', 31 | $router_mode = 'planb-docker', 32 | $router_planb_package_version = 'latest', 33 | $docker_version = 'latest', 34 | $docker_graph_dir = undef, 35 | $docker_bind = undef, 36 | $docker_extra_opts = undef, 37 | $proxy_url = undef, 38 | $planb_pull_command = '/usr/bin/docker pull tsuru/planb:v1', 39 | $planb_start_command = "/usr/bin/docker run -d --restart=always --net=host --name=planb tsuru/planb:v1 \ 40 | --listen :80 \ 41 | --request-timeout 30 \ 42 | --dial-timeout 10 \ 43 | --dead-backend-time 30 \ 44 | --access-log /var/log/hipache/access_log", 45 | 46 | ) inherits router { 47 | 48 | require base 49 | 50 | if ($router_mode == 'planb') { 51 | 52 | package { 'planb': 53 | ensure => $router_planb_package_version, 54 | notify => Service['planb'] 55 | } 56 | 57 | file { '/etc/default/planb': 58 | ensure => file, 59 | content => template('router/planb_conf.erb'), 60 | notify => Service['planb'], 61 | require => Package['planb'] 62 | } 63 | 64 | service { 'planb': 65 | ensure => $router_service_planb_ensure, 66 | enable => $router_service_planb_enable, 67 | hasrestart => true, 68 | hasstatus => true, 69 | provider => $router::service_provider, 70 | require => [ Package['planb'], File['/etc/default/planb'] ] 71 | } 72 | 73 | } 74 | 75 | if ($router_mode == 'planb-docker') { 76 | 77 | class { 'docker': 78 | docker_version => $docker_version, 79 | docker_graph_dir => $docker_graph_dir, 80 | docker_bind => $docker_bind, 81 | docker_extra_opts => $docker_extra_opts, 82 | proxy_url => $proxy_url, 83 | } 84 | ->exec { 'pull planb': 85 | command => $planb_pull_command, 86 | path => '/usr/bin', 87 | } 88 | ->exec { 'start planb': 89 | command => $planb_start_command, 90 | path => '/usr/bin', 91 | unless => '/usr/bin/docker inspect --format="{{ .State.Running }}" planb', 92 | } 93 | 94 | } 95 | 96 | 97 | } 98 | -------------------------------------------------------------------------------- /router/metadata.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "tsuru-router", 3 | "version": "0.0.9", 4 | "author": "Tsuru", 5 | "license": "BSD-style license that can be found in the LICENSE file", 6 | "summary": "Puppet module to Tsuru PaaS Router", 7 | "source": "https://github.com/tsuru/puppet-tsuru", 8 | "project_page": "(https://github.com/tsuru/puppet-tsuru)", 9 | "issues_url": "https://github.com/tsuru/puppet-tsuru/issues", 10 | "tags": ["PaaS", "tsuru", "tsuru-router"], 11 | "operatingsystem_support": [ 12 | {"operatingsystem":"RedHat", 13 | "operatingsystemrelease":[ "6.5", "7.0" ]}, 14 | {"operatingsystem": "Ubuntu", 15 | "operatingsystemrelease": [ "14.04" ]} 16 | ], 17 | "dependencies": [ 18 | { "name": "puppetlabs/stdlib", "version_requirement": ">= 2.5.0" }, 19 | { "name": "tsuru/docker" }, 20 | { "name": "tsuru/base" } 21 | ] 22 | } 23 | -------------------------------------------------------------------------------- /router/spec/classes/router_install_spec.rb: -------------------------------------------------------------------------------- 1 | require 'spec_helper' 2 | 3 | describe 'router::install' do 4 | 5 | context "on a Ubuntu OS" do 6 | let :facts do 7 | { 8 | :osfamily => 'Debian', 9 | :operatingsystem => 'Ubuntu', 10 | :lsbdistid => 'Ubuntu', 11 | :lsbdistcodename => 'precise', 12 | :hostname => 'foo.bar' 13 | } 14 | end 15 | 16 | context "with default parameters" do 17 | 18 | it 'install required classes' do 19 | should contain_class('base') 20 | should contain_class('router') 21 | should contain_class('router::install') 22 | should contain_class('base::ubuntu') 23 | end 24 | 25 | it 'required by apt' do 26 | 27 | should contain_class('apt') 28 | should contain_class('apt::params') 29 | should contain_class('apt::update') 30 | 31 | should contain_exec('apt_update') 32 | should contain_exec('add-apt-repository-ppa:tsuru/ppa') 33 | 34 | should contain_file('sources.list') 35 | should contain_file('sources.list.d') 36 | should contain_file('preferences.d') 37 | should contain_file('/etc/apt/apt.conf.d/15update-stamp') 38 | should contain_file('/etc/apt/sources.list.d/tsuru-ppa-precise.list') 39 | 40 | should contain_anchor('apt_key 383F073D present') 41 | should contain_anchor('apt_key A88D21E9 present') 42 | 43 | should contain_apt__ppa('ppa:tsuru/ppa') 44 | 45 | should contain_apt__source('docker') 46 | 47 | should contain_apt_key('tsuru') 48 | should contain_apt_key('docker') 49 | 50 | should contain_apt__key('tsuru') 51 | should contain_apt__key('docker') 52 | 53 | end 54 | 55 | end 56 | 57 | context "using router planb" do 58 | let :params do 59 | { 60 | :router_mode => 'planb', 61 | :router_access_log_mode => 'syslog' 62 | } 63 | end 64 | 65 | it 'install planb package' do 66 | should contain_package('planb').with_ensure('latest') 67 | should contain_service('planb').with_ensure('running') 68 | end 69 | 70 | planb_conf = < 'planb-docker' 88 | } 89 | end 90 | 91 | it 'install docker package' do 92 | should contain_package('docker-ce').with_ensure('latest') 93 | end 94 | 95 | it 'exec planb commands' do 96 | should contain_exec('pull planb').with_command('/usr/bin/docker pull tsuru/planb:v1') 97 | should contain_exec('start planb').with_command('/usr/bin/docker run -d --restart=always --net=host --name=planb tsuru/planb:v1 --listen :80 --request-timeout 30 --dial-timeout 10 --dead-backend-time 30 --access-log /var/log/hipache/access_log') 98 | end 99 | 100 | end 101 | 102 | end 103 | end 104 | -------------------------------------------------------------------------------- /router/spec/spec_helper.rb: -------------------------------------------------------------------------------- 1 | dir = File.expand_path(File.dirname(__FILE__)) 2 | $LOAD_PATH.unshift File.join(dir, 'lib') 3 | 4 | require 'puppetlabs_spec_helper/module_spec_helper' 5 | require 'mocha' 6 | 7 | fixture_path = File.expand_path(File.join(__FILE__, '..', 'fixtures')) 8 | RSpec.configure do |c| 9 | c.mock_with :mocha 10 | c.module_path = File.join(fixture_path, 'modules') 11 | c.manifest_dir = File.join(fixture_path, 'manifests') 12 | end 13 | 14 | at_exit { RSpec::Puppet::Coverage.report! } 15 | 16 | # We need this because the RAL uses 'should' as a method. This 17 | # allows us the same behaviour but with a different method name. 18 | class Object 19 | alias :must :should 20 | end 21 | -------------------------------------------------------------------------------- /router/templates/planb_conf.erb: -------------------------------------------------------------------------------- 1 | PLANB_OPTS="--listen 0.0.0.0:<%= @router_port %> --read-redis-host <%= @router_redis_host %> --read-redis-port <%= @router_redis_port %> 2 | --write-redis-host <%= @router_redis_master_host %> --write-redis-port <%= @router_redis_master_port %> 3 | --access-log <%= (['syslog'].include? @router_access_log_mode) ? 'syslog' : @router_access_log %> 4 | --request-timeout <%= @router_tcp_timeout %> --dial-timeout <%= @router_planb_connect_timeout %> 5 | --dead-backend-time <%= @router_dead_backend_ttl %> 6 | " 7 | 8 | -------------------------------------------------------------------------------- /rpaas/.fixtures.yml: -------------------------------------------------------------------------------- 1 | fixtures: 2 | forge_modules: 3 | base: 4 | repo: "tsuru/base" 5 | ref: 0.0.9 6 | sudo: 7 | repo: "saz/sudo" 8 | ref: 3.0.6 9 | stdlib: 10 | repo: "puppetlabs/stdlib" 11 | ref: 4.17.1 12 | apt: 13 | repo: "puppetlabs/apt" 14 | ref: 1.7.0 15 | symlinks: 16 | "rpaas": "#{source_dir}" 17 | -------------------------------------------------------------------------------- /rpaas/Rakefile: -------------------------------------------------------------------------------- 1 | require 'puppetlabs_spec_helper/rake_tasks' 2 | require 'puppet-lint/tasks/puppet-lint' 3 | 4 | PuppetLint.configuration.send('disable_80chars') 5 | PuppetLint.configuration.send('disable_class_parameter_defaults') 6 | PuppetLint.configuration.ignore_paths = [ 7 | "spec/**/*.pp", 8 | "vendor/**/*.pp", 9 | "**/pkg/**/*.pp", 10 | ] 11 | 12 | Rake::Task[:spec].enhance [:lint] 13 | -------------------------------------------------------------------------------- /rpaas/files/check_file.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ -f $1 ]; then 4 | cat $1 5 | fi 6 | 7 | exit 0 8 | -------------------------------------------------------------------------------- /rpaas/files/check_nginx_ssl_data.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ -z "$3" ]; then 4 | cat /etc/nginx/certs/nginx_${1}.${2} 5 | else 6 | header_key_cert="" 7 | footer_key_cert="" 8 | for line in $3; do 9 | if [[ $line =~ ^-----BEGIN$ ]]; then 10 | header_key_cert=true 11 | cert_line=$line 12 | continue 13 | fi 14 | if [[ $line =~ ^-----END$ ]]; then 15 | footer_key_cert=true 16 | cert_line=$line 17 | continue 18 | fi 19 | if [[ $line =~ -----$ ]]; then 20 | header_key_cert="" 21 | footer_key_cert="" 22 | cert_line="${cert_line} ${line}" 23 | echo $cert_line 24 | cert_line="" 25 | continue 26 | fi 27 | if [ "$header_key_cert" -o "$footer_key_cert" ]; then 28 | cert_line="${cert_line} ${line}" 29 | continue 30 | fi 31 | echo $line 32 | done 33 | fi 34 | exit 0 35 | -------------------------------------------------------------------------------- /rpaas/files/check_ro_fs.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | CHECK_RO_FILE=$(mktemp) && rm $CHECK_RO_FILE 4 | -------------------------------------------------------------------------------- /rpaas/manifests/block_file.pp: -------------------------------------------------------------------------------- 1 | define rpaas::block_file ($block_type){ 2 | file { "/etc/consul-template.d/templates/block_${block_type}.conf.tpl": 3 | ensure => file, 4 | content => template('rpaas/consul/block.conf.tpl.erb'), 5 | require => File['/etc/consul-template.d/templates'] 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /rpaas/manifests/init.pp: -------------------------------------------------------------------------------- 1 | # class rpaas 2 | class rpaas { 3 | 4 | $service_provider = $::operatingsystem ? { 5 | Ubuntu => 'upstart', 6 | CentOS => 'init', 7 | default => fail('OS not supported') 8 | } 9 | 10 | $consul_ssl_dir = '/etc/nginx/certs' 11 | $consul_ssl_key_file = "${consul_ssl_dir}/nginx_main.key" 12 | $consul_ssl_crt_file = "${consul_ssl_dir}/nginx_main.crt" 13 | $consul_admin_ssl_key_file = "${consul_ssl_dir}/nginx_admin.key" 14 | $consul_admin_ssl_crt_file = "${consul_ssl_dir}/nginx_admin.crt" 15 | 16 | $nginx_dirs = [ '/etc/nginx', '/etc/nginx/sites-enabled', '/etc/nginx/sites-enabled/consul', 17 | '/etc/nginx/sites-enabled/consul/blocks', $consul_ssl_dir ] 18 | 19 | } 20 | -------------------------------------------------------------------------------- /rpaas/manifests/install.pp: -------------------------------------------------------------------------------- 1 | # class rpaas::install 2 | class rpaas::install ( 3 | 4 | $nginx_package = 'latest', 5 | $nginx_user = 'www-data', 6 | $nginx_group = 'www-data', 7 | $nginx_worker_processes = 'auto', 8 | $nginx_worker_connections = 1024, 9 | $nginx_worker_shutdown_timeout = undef, 10 | $nginx_worker_rlimit_nofile = undef, 11 | $nginx_listen = 8080, 12 | $nginx_ssl_listen = 8443, 13 | $nginx_http2 = false, 14 | $nginx_admin_listen = 8089, 15 | $nginx_admin_ssl_listen = 8090, 16 | $nginx_admin_enable_ssl = false, 17 | $nginx_key_zone_size = '10m', 18 | $nginx_cache_inactive = '3d', 19 | $nginx_cache_size = '3g', 20 | $nginx_loader_files = 50, 21 | $nginx_location_purge = true, 22 | $nginx_allow_admin_list = ['127.0.0.0/24','127.1.0.0/24'], 23 | $nginx_custom_error_dir = undef, 24 | $nginx_custom_error_codes = {}, 25 | $nginx_intercept_errors = false, 26 | $nginx_local_log = true, 27 | $nginx_syslog_access_server = undef, 28 | $nginx_syslog_access_type = 'classic', 29 | $nginx_syslog_error_server = undef, 30 | $nginx_syslog_access_tag = undef, 31 | $nginx_syslog_error_tag = undef, 32 | $nginx_rpaas_tags = 'rpaas', 33 | $nginx_dhparams = undef, 34 | $nginx_vts_enabled = false, 35 | $nginx_lua = false, 36 | $nginx_admin_locations = false, 37 | $nginx_request_id_enabled = false, 38 | $nginx_disable_response_request_id = false, 39 | $nginx_upstream_keepalive = 100, 40 | $consul_template_version = latest, 41 | $consul_server = undef, 42 | $consul_syslog_enabled = true, 43 | $consul_syslog_facility = 'LOCAL0', 44 | $consul_acl_token = undef, 45 | $rpaas_service_name = undef, 46 | $rpaas_instance_name = undef, 47 | $consul_agent_enable = false, 48 | $consul_agent_encrypt = undef, 49 | $consul_agent_data_dir = '/var/lib/consul', 50 | $consul_agent_version = latest, 51 | $consul_agent_datacenter = 'dc1', 52 | $consul_agent_client_addr = '0.0.0.0', 53 | $consul_agent_bind_addr = '0.0.0.0', 54 | $consul_members = ['127.0.0.1'], 55 | $sysctl_somaxconn = 2048, 56 | $sysctl_max_syn_backlog = 512 57 | 58 | ) inherits rpaas { 59 | 60 | include base 61 | include sudo 62 | 63 | if ($nginx_custom_error_codes != {} and !$nginx_custom_error_dir) { 64 | fail('nginx_custom_error_dir must be set with nginx_custom_error_codes') 65 | } 66 | 67 | if ($nginx_custom_error_codes and !is_hash($nginx_custom_error_codes)) { 68 | fail('nginx_custom_error_codes should be in hash format') 69 | } 70 | 71 | if ($consul_agent_enable) { 72 | 73 | package { 'consul': 74 | ensure => $consul_agent_version 75 | } 76 | 77 | file { $consul_agent_data_dir: 78 | ensure => directory, 79 | owner => 'consul', 80 | group => 'consul', 81 | require => Package['consul'] 82 | } 83 | 84 | service { 'consul': 85 | ensure => running, 86 | enable => true, 87 | require => [ Package['consul'], File[$consul_agent_data_dir] ] 88 | } 89 | 90 | file { '/etc/consul.d/config.json': 91 | ensure => file, 92 | mode => '0644', 93 | content => template('rpaas/consul/agent_config.json.erb'), 94 | require => Package['consul'], 95 | notify => Service['consul'] 96 | } 97 | 98 | file { '/etc/consul.d/service.json': 99 | ensure => file, 100 | mode => '0644', 101 | content => template('rpaas/consul/nginx_service.json.erb'), 102 | require => Package['consul'], 103 | notify => Service['consul'] 104 | } 105 | 106 | file { '/usr/local/bin/check_ro_fs.sh': 107 | ensure => file, 108 | mode => '0755', 109 | source => 'puppet:///modules/rpaas/check_ro_fs.sh' 110 | } 111 | 112 | } 113 | 114 | package { 'consul-template': 115 | ensure => $consul_template_version, 116 | } 117 | 118 | file { '/etc/consul-template.d/templates': 119 | ensure => directory, 120 | require => Package['consul-template'] 121 | } 122 | 123 | file { '/etc/consul-template.d/plugins': 124 | ensure => directory, 125 | require => Package['consul-template'] 126 | } 127 | 128 | file { '/etc/consul-template.d/consul.conf': 129 | ensure => file, 130 | content => template('rpaas/consul/consul.conf.erb'), 131 | require => Package['consul-template'] 132 | } 133 | 134 | file { '/etc/consul-template.d/templates/locations.conf.tpl': 135 | ensure => file, 136 | content => template('rpaas/consul/locations.conf.tpl.erb'), 137 | require => File['/etc/consul-template.d/templates'] 138 | } 139 | 140 | file { '/etc/consul-template.d/templates/upstreams.conf.tpl': 141 | ensure => file, 142 | content => template('rpaas/consul/upstreams.conf.tpl.erb'), 143 | require => File['/etc/consul-template.d/templates'] 144 | } 145 | 146 | file { '/etc/consul-template.d/templates/nginx.key.tpl': 147 | ensure => file, 148 | content => template('rpaas/consul/nginx.key.tpl.erb'), 149 | require => File['/etc/consul-template.d/templates'] 150 | } 151 | 152 | file { '/etc/consul-template.d/templates/nginx.crt.tpl': 153 | ensure => file, 154 | content => template('rpaas/consul/nginx.crt.tpl.erb'), 155 | require => File['/etc/consul-template.d/templates'] 156 | } 157 | 158 | if $nginx_http2 { 159 | $http2_value = 'http2' 160 | } 161 | 162 | file { '/etc/consul-template.d/templates/main_ssl.conf.tpl': 163 | ensure => file, 164 | content => template('rpaas/consul/main_ssl.conf.tpl.erb'), 165 | require => File['/etc/consul-template.d/templates'] 166 | } 167 | 168 | block_file { 'server': 169 | block_type => 'server' 170 | } 171 | 172 | block_file { 'http': 173 | block_type => 'http' 174 | } 175 | 176 | file { '/etc/consul-template.d/plugins/check_nginx_ssl_data.sh': 177 | ensure => file, 178 | source => 'puppet:///modules/rpaas/check_nginx_ssl_data.sh', 179 | require => File['/etc/consul-template.d/plugins'] 180 | } 181 | 182 | file { '/etc/consul-template.d/plugins/check_file.sh': 183 | ensure => file, 184 | source => 'puppet:///modules/rpaas/check_file.sh', 185 | require => File['/etc/consul-template.d/plugins'] 186 | } 187 | 188 | file { '/etc/consul-template.d/plugins/check_and_reload_nginx.sh': 189 | ensure => file, 190 | content => template('rpaas/consul/check_and_reload_nginx.sh.erb'), 191 | require => File['/etc/consul-template.d/plugins'], 192 | mode => '0755' 193 | } 194 | 195 | file { '/etc/nginx/sites-enabled/consul/locations.conf': 196 | ensure => file, 197 | replace => false, 198 | require => File['/etc/nginx/sites-enabled/consul'] 199 | } 200 | 201 | file { '/etc/nginx/sites-enabled/consul/upstreams.conf': 202 | ensure => file, 203 | replace => false, 204 | require => File['/etc/nginx/sites-enabled/consul'] 205 | } 206 | 207 | if $nginx_admin_enable_ssl { 208 | file { '/etc/consul-template.d/templates/nginx_admin.key.tpl': 209 | ensure => file, 210 | content => template('rpaas/consul/nginx_admin.key.tpl.erb'), 211 | require => File['/etc/consul-template.d/templates'] 212 | } 213 | 214 | file { '/etc/consul-template.d/templates/nginx_admin.crt.tpl': 215 | ensure => file, 216 | content => template('rpaas/consul/nginx_admin.crt.tpl.erb'), 217 | require => File['/etc/consul-template.d/templates'] 218 | } 219 | 220 | file { '/etc/consul-template.d/templates/admin_ssl.conf.tpl': 221 | ensure => file, 222 | content => template('rpaas/consul/admin_ssl.conf.tpl.erb'), 223 | require => File['/etc/consul-template.d/templates'] 224 | } 225 | 226 | file { '/etc/nginx/admin_ssl.conf': 227 | ensure => file, 228 | replace => false, 229 | require => File['/etc/nginx'] 230 | } 231 | 232 | $nginx_admin_ssl_templates = [File['/etc/consul-template.d/templates/nginx_admin.key.tpl'], 233 | File['/etc/consul-template.d/templates/nginx_admin.crt.tpl'], 234 | File['/etc/consul-template.d/templates/admin_ssl.conf.tpl']] 235 | } else { 236 | $nginx_admin_ssl_templates = [] 237 | } 238 | 239 | if $nginx_lua { 240 | $lua_templates = [File['/etc/consul-template.d/templates/lua_server.conf.tpl'], 241 | File['/etc/consul-template.d/templates/lua_worker.conf.tpl']] 242 | 243 | lua_file { 'server': 244 | lua_type => 'server' 245 | } 246 | 247 | lua_file { 'worker': 248 | lua_type => 'worker' 249 | } 250 | 251 | file { '/etc/nginx/sites-enabled/consul/blocks/lua_server.conf': 252 | ensure => file, 253 | replace => false, 254 | require => File['/etc/nginx/sites-enabled/consul/blocks'] 255 | } 256 | 257 | file { '/etc/nginx/sites-enabled/consul/blocks/lua_worker.conf': 258 | ensure => file, 259 | replace => false, 260 | require => File['/etc/nginx/sites-enabled/consul/blocks'] 261 | } 262 | } else { 263 | $lua_templates = [] 264 | } 265 | 266 | if $nginx_admin_locations { 267 | file { '/etc/nginx/nginx_admin_locations.conf': 268 | ensure => file, 269 | notify => Service['nginx'], 270 | require => File['/etc/nginx'] 271 | } 272 | } 273 | 274 | $service_consul_template_requirements = concat ([ Package['consul-template'], 275 | File['/etc/consul-template.d/consul.conf'], 276 | File['/etc/consul-template.d/templates/locations.conf.tpl'], 277 | File['/etc/consul-template.d/templates/nginx.key.tpl'], 278 | File['/etc/consul-template.d/templates/nginx.crt.tpl'], 279 | File['/etc/consul-template.d/templates/main_ssl.conf.tpl'], 280 | File['/etc/consul-template.d/templates/block_http.conf.tpl'], 281 | File['/etc/consul-template.d/templates/block_server.conf.tpl'], 282 | File['/etc/consul-template.d/plugins/check_nginx_ssl_data.sh'], 283 | File['/etc/nginx/certs'], 284 | File['/etc/consul-template.d/plugins/check_and_reload_nginx.sh']], 285 | $lua_templates, $nginx_admin_ssl_templates) 286 | 287 | $service_consul_template_subscribe = concat([ Package['consul-template'], 288 | File['/etc/consul-template.d/consul.conf'], 289 | File['/etc/consul-template.d/templates/locations.conf.tpl'], 290 | File['/etc/consul-template.d/templates/nginx.key.tpl'], 291 | File['/etc/consul-template.d/templates/nginx.crt.tpl'], 292 | File['/etc/consul-template.d/templates/block_http.conf.tpl'], 293 | File['/etc/consul-template.d/templates/block_server.conf.tpl'], 294 | File['/etc/consul-template.d/plugins/check_nginx_ssl_data.sh'], 295 | File['/etc/nginx/certs'] ] , $lua_templates, $nginx_admin_ssl_templates) 296 | 297 | service { 'consul-template': 298 | ensure => running, 299 | require => $service_consul_template_requirements, 300 | subscribe => $service_consul_template_subscribe 301 | } 302 | 303 | file { '/etc/nginx/main_ssl.conf': 304 | ensure => file, 305 | replace => false, 306 | require => File['/etc/nginx'] 307 | } 308 | 309 | file { '/etc/nginx/sites-enabled/consul/blocks/http.conf': 310 | ensure => file, 311 | replace => false, 312 | require => File['/etc/nginx/sites-enabled/consul/blocks'] 313 | } 314 | 315 | file { '/etc/nginx/sites-enabled/consul/blocks/server.conf': 316 | ensure => file, 317 | replace => false, 318 | require => File['/etc/nginx/sites-enabled/consul/blocks'] 319 | } 320 | 321 | package { 'nginx-extras': 322 | ensure => $nginx_package, 323 | require => [ Exec['apt_update'], File['/etc/nginx/nginx.conf'] ] 324 | } 325 | 326 | service { 'nginx': 327 | ensure => running, 328 | enable => true, 329 | provider => 'upstart', 330 | restart => '/usr/sbin/service nginx reload', 331 | require => [ Package['nginx-extras'], Service['consul-template']] 332 | } 333 | 334 | file { $rpaas::nginx_dirs: 335 | ensure => directory, 336 | recurse => true, 337 | owner => $nginx_user, 338 | group => $nginx_group 339 | } 340 | 341 | exec { 'session_resumption_random_ticket': 342 | command => 'dd if=/dev/urandom bs=48 count=1 > /etc/nginx/certs/ticket.key', 343 | onlyif => '/usr/bin/test ! -f /etc/nginx/certs/ticket.key', 344 | provider => shell, 345 | require => File['/etc/nginx/certs'], 346 | } 347 | 348 | file { '/etc/nginx/sites-enabled/default': 349 | ensure => absent, 350 | force => true, 351 | require => Package['nginx-extras'] 352 | } 353 | 354 | file { '/etc/nginx/nginx.conf': 355 | content => template('rpaas/nginx.conf.erb'), 356 | notify => Service['nginx'], 357 | require => File['/etc/nginx'] 358 | } 359 | 360 | file { '/etc/sysctl.d/99-nginx_tunnings.conf': 361 | content => template('rpaas/sysctl_nginx_tunnings.conf.erb'), 362 | notify => Exec['invoke-rc.d procps start'] 363 | } 364 | ->exec { 'invoke-rc.d procps start': 365 | path => '/bin:/sbin:/usr/bin:/usr/sbin', 366 | subscribe => File['/etc/sysctl.d/99-nginx_tunnings.conf'], 367 | refreshonly => true 368 | } 369 | ->exec { 'restart sysctl when wrong nginx values': 370 | command => 'invoke-rc.d procps start', 371 | path => '/bin:/sbin:/usr/bin:/usr/sbin', 372 | onlyif => "sysctl net.core.somaxconn | egrep -v '${sysctl_somaxconn}$' || \ 373 | sysctl net.ipv4.tcp_max_syn_backlog | egrep -v '${sysctl_max_syn_backlog}$'" 374 | } 375 | } 376 | -------------------------------------------------------------------------------- /rpaas/manifests/lua_file.pp: -------------------------------------------------------------------------------- 1 | define rpaas::lua_file ($lua_type){ 2 | file { "/etc/consul-template.d/templates/lua_${lua_type}.conf.tpl": 3 | ensure => file, 4 | content => template('rpaas/consul/lua.conf.tpl.erb'), 5 | require => File['/etc/consul-template.d/templates'] 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /rpaas/metadata.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "tsuru-rpaas", 3 | "version": "0.3.28", 4 | "author": "Tsuru", 5 | "license": "BSD-style license that can be found in the LICENSE file", 6 | "summary": "Puppet module to Tsuru PaaS rpaas", 7 | "source": "https://github.com/tsuru/puppet-tsuru", 8 | "project_page": "(https://github.com/tsuru/puppet-tsuru)", 9 | "issues_url": "https://github.com/tsuru/puppet-tsuru/issues", 10 | "tags": ["PaaS", "tsuru", "tsuru-rpaas"], 11 | "operatingsystem_support": [ 12 | {"operatingsystem": "Ubuntu", 13 | "operatingsystemrelease": [ "14.04" ]} 14 | ], 15 | "dependencies": [ 16 | { "name": "puppetlabs/stdlib", "version_requirement": ">= 4.17.1" }, 17 | { "name": "saz/sudo", "version_requirement": "> 0.0.1" }, 18 | { "name": "tsuru/base", "version_requirement": "> 0.0.1" } 19 | ] 20 | } 21 | -------------------------------------------------------------------------------- /rpaas/spec/classes/rpaas_install_spec.rb: -------------------------------------------------------------------------------- 1 | require 'spec_helper' 2 | 3 | describe 'rpaas::install' do 4 | 5 | let :facts do 6 | { 7 | :osfamily => 'Debian', 8 | :operatingsystem => 'Ubuntu', 9 | :lsbdistid => 'Ubuntu', 10 | :lsbdistcodename => 'trusty', 11 | :hostname => 'foo.bar', 12 | :zabbix_enable => true, 13 | :vm_id => 'd196717b-bcca-4ab1-8ca3-221b2ac4bf8d' 14 | } 15 | end 16 | 17 | context "on a Ubuntu OS with default params" do 18 | 19 | it do 20 | should contain_anchor('apt_key 383F073D present') 21 | should contain_anchor('apt_key A88D21E9 present') 22 | end 23 | 24 | it do 25 | should contain_class('apt::params') 26 | should contain_class('apt::update') 27 | should contain_class('apt') 28 | should contain_class('base::ubuntu') 29 | should contain_class('base') 30 | should contain_class('rpaas::install') 31 | should contain_class('rpaas') 32 | end 33 | 34 | it do 35 | should contain_apt__key('docker') 36 | should contain_apt__key('tsuru') 37 | should contain_apt__ppa('ppa:tsuru/ppa') 38 | should contain_apt__source('docker') 39 | should contain_apt_key('docker') 40 | should contain_apt_key('tsuru') 41 | end 42 | 43 | it do 44 | should contain_service('nginx') 45 | end 46 | 47 | 48 | it do 49 | should contain_package('nginx-extras') 50 | end 51 | 52 | # test files 53 | it do 54 | should contain_file('/etc/apt/apt.conf.d/15update-stamp') 55 | should contain_file('/etc/apt/sources.list.d/tsuru-ppa-trusty.list') 56 | should contain_file('/etc/nginx/sites-enabled/default') 57 | should contain_file('/etc/nginx/sites-enabled') 58 | should contain_file('preferences.d') 59 | should contain_file('sources.list.d') 60 | should contain_file('sources.list') 61 | end 62 | 63 | context "generating nginx.conf" do 64 | let :params do 65 | { 66 | :nginx_user => "foobar", 67 | :nginx_worker_processes => 10, 68 | :nginx_worker_connections => 10, 69 | :nginx_admin_listen => 8081, 70 | :nginx_listen => 8080, 71 | :nginx_ssl_listen => 8082, 72 | :nginx_allow_admin_list => ['10.0.0.1', '10.0.2.3'], 73 | :nginx_custom_error_codes => {'404.html' => ['404', '403'], '500.html' => [ '500', '502', '503', '504' ]}, 74 | :nginx_custom_error_dir => "/mnt/error_pages", 75 | :nginx_intercept_errors => true, 76 | :nginx_syslog_access_server => '127.0.0.1', 77 | :nginx_syslog_error_server => '10.10.10.10', 78 | :nginx_syslog_access_tag => 'rpaas01', 79 | :nginx_syslog_error_tag => 'rpaas01error', 80 | :nginx_dhparams => '/etc/nginx/dh_params.pem', 81 | } 82 | end 83 | 84 | server_purge_entry = <<"EOF" 85 | server { 86 | listen 8081; 87 | 88 | server_name _tsuru_nginx_admin; 89 | 90 | location /healthcheck { 91 | echo "WORKING"; 92 | } 93 | 94 | location ~ ^/purge/(.+) { 95 | allow 10.0.0.1; 96 | allow 10.0.2.3; 97 | deny all; 98 | proxy_cache_purge rpaas $1$is_args$args; 99 | } 100 | } 101 | EOF 102 | custom_worker_process = <<"EOF" 103 | user foobar; 104 | worker_processes 10; 105 | include /etc/nginx/modules-enabled/*.conf; 106 | 107 | events { 108 | worker_connections 10; 109 | } 110 | EOF 111 | 112 | custom_worker_shutdown_timeout = <<"EOF" 113 | user foobar; 114 | worker_processes 10; 115 | worker_shutdown_timeout 5m; 116 | worker_rlimit_nofile 65536; 117 | include /etc/nginx/modules-enabled/*.conf; 118 | 119 | events { 120 | worker_connections 10; 121 | } 122 | EOF 123 | 124 | 125 | it 'custom user, worker_processes and worker_connections' do 126 | should contain_file('/etc/nginx/nginx.conf').with_content(/#{Regexp.escape(custom_worker_process)}/m) 127 | end 128 | 129 | context "using worker_shutdown timeout and rlimt_nofile" do 130 | let(:params) do 131 | super().merge({ 'nginx_worker_shutdown_timeout' => '5m', 'nginx_worker_rlimit_nofile' => '65536' }) 132 | end 133 | 134 | it 'set worker_shutdown_timeout to 5m' do 135 | should contain_file('/etc/nginx/nginx.conf').with_content(/#{Regexp.escape(custom_worker_shutdown_timeout)}/m) 136 | end 137 | end 138 | 139 | it 'purge custom location with ip restriction' do 140 | should contain_file('/etc/nginx/nginx.conf').with_content(/#{Regexp.escape(server_purge_entry)}/) 141 | end 142 | 143 | it 'custom error pages for 40X and 50X errors with proxy_intercept errors' do 144 | should contain_file('/etc/nginx/nginx.conf').with_content(/error_page 404 403 \/_nginx_errordocument\/404.html;/m) 145 | should contain_file('/etc/nginx/nginx.conf').with_content(/error_page 500 502 503 504 \/_nginx_errordocument\/500.html;/m) 146 | should contain_file('/etc/nginx/nginx.conf').with_content(/proxy_intercept_errors on;/) 147 | end 148 | 149 | it 'custom error location' do 150 | should contain_file('/etc/nginx/nginx.conf').with_content(/\s+location\ ~\ \^\/_nginx_errordocument\/\(.\+\) \{\n\s+internal;\n\s+alias \/mnt\/error_pages\/\$1;\n\s+\}/) 151 | end 152 | 153 | it 'custom syslog server' do 154 | should contain_file('/etc/nginx/nginx.conf').with_content(/\s+access_log\ syslog:server=127.0.0.1,facility=local6,tag=rpaas01\ main;/) 155 | should contain_file('/etc/nginx/nginx.conf').with_content(/\s+error_log\ syslog:server=10.10.10.10,facility=local6,tag=rpaas01error;/) 156 | end 157 | 158 | end 159 | 160 | it 'check if exec exist' do 161 | should contain_exec('apt_update') 162 | should contain_exec('add-apt-repository-ppa:tsuru/ppa') 163 | end 164 | 165 | end 166 | 167 | context 'enabling nginx admin ssl' do 168 | let :params do 169 | { 170 | :nginx_admin_enable_ssl => true 171 | } 172 | end 173 | 174 | nginx_admin_ssl_enabled = <<"EOF" 175 | server { 176 | listen 8089; 177 | include /etc/nginx/admin_ssl.conf; 178 | 179 | server_name _tsuru_nginx_admin; 180 | 181 | location /healthcheck { 182 | echo "WORKING"; 183 | } 184 | EOF 185 | 186 | it 'nginx admin server should bind to the ssl port' do 187 | should contain_file('/etc/nginx/nginx.conf').with_content(/#{Regexp.escape(nginx_admin_ssl_enabled)}/) 188 | end 189 | end 190 | 191 | 192 | context 'enabling nginx custom locations based on consul' do 193 | let :params do 194 | { 195 | :nginx_admin_locations => true 196 | } 197 | end 198 | 199 | nginx_custom_locations = <<"EOF" 200 | server { 201 | listen 8089; 202 | 203 | server_name _tsuru_nginx_admin; 204 | 205 | location /healthcheck { 206 | echo "WORKING"; 207 | } 208 | 209 | location ~ ^/purge/(.+) { 210 | allow 127.0.0.0/24; 211 | allow 127.1.0.0/24; 212 | deny all; 213 | proxy_cache_purge rpaas $1$is_args$args; 214 | } 215 | include nginx_admin_locations.conf; 216 | } 217 | EOF 218 | 219 | it 'nginx admin server should include a custom locations file' do 220 | should contain_file('/etc/nginx/nginx.conf').with_content(/#{Regexp.escape(nginx_custom_locations)}/) 221 | end 222 | 223 | it 'nginx admin server should have a custom admin location file to not throw an error' do 224 | should contain_file('/etc/nginx/nginx_admin_locations.conf') 225 | end 226 | end 227 | 228 | 229 | context 'enabling vts' do 230 | let :params do 231 | { 232 | :nginx_vts_enabled => true 233 | } 234 | end 235 | server_vts_enabled = <<"EOF" 236 | vhost_traffic_status_zone; 237 | server { 238 | listen 8089; 239 | 240 | server_name _tsuru_nginx_admin; 241 | 242 | location /healthcheck { 243 | echo "WORKING"; 244 | } 245 | 246 | location ~ ^/purge/(.+) { 247 | allow 127.0.0.0/24; 248 | allow 127.1.0.0/24; 249 | deny all; 250 | proxy_cache_purge rpaas $1$is_args$args; 251 | } 252 | 253 | location /vts_status { 254 | vhost_traffic_status_display; 255 | vhost_traffic_status_display_format json; 256 | } 257 | } 258 | EOF 259 | 260 | it 'add custom location to admin block and enable it at http block' do 261 | should contain_file('/etc/nginx/nginx.conf').with_content(/#{Regexp.escape(server_vts_enabled)}/) 262 | end 263 | 264 | end 265 | 266 | context 'enabling request_id' do 267 | let :params do 268 | { 269 | :nginx_request_id_enabled => true, 270 | :nginx_local_log => false, 271 | :nginx_syslog_access_server => 'localhost', 272 | :nginx_syslog_error_server => 'localhost' 273 | } 274 | end 275 | server_request_id_enabled = <<"EOF" 276 | uuid4 $request_id_uuid; 277 | map $http_x_request_id $request_id_final { 278 | default $request_id_uuid; 279 | "~." $http_x_request_id; 280 | } 281 | 282 | map $http_x_real_ip $real_ip_final { 283 | default $remote_addr; 284 | "~." $http_x_real_ip; 285 | } 286 | 287 | map $http_x_forwarded_proto $forwarded_proto_final { 288 | default $scheme; 289 | "~." $http_x_forwarded_proto; 290 | } 291 | 292 | map $http_x_forwarded_host $forwarded_host_final { 293 | default $host; 294 | "~." $http_x_forwarded_host; 295 | } 296 | 297 | 298 | 299 | log_format main 300 | '${remote_addr}\\t${host}\\t${request_method}\\t${request_uri}\\t${server_protocol}\\t' 301 | '${http_referer}\\t${http_x_mobile_group}\\t' 302 | 'Local:\\t${status}\\t*${connection}\\t${body_bytes_sent}\\t${request_time}\\t' 303 | 'Proxy:\\t${upstream_addr}\\t${upstream_status}\\t${upstream_cache_status}\\t' 304 | '${upstream_response_length}\\t${upstream_response_time}\\t${request_uri}\\t' 305 | 'Agent:\\t${http_user_agent}\\t$request_id_final\\t' 306 | 'Fwd:\\t${http_x_forwarded_for}\\t' 307 | 'SSL:\\t${ssl_server_name}\\t${ssl_protocol}\\t${ssl_cipher}\\t-'; 308 | 309 | access_log syslog:server=localhost,facility=local6,tag=rpaas main; 310 | error_log syslog:server=localhost,facility=local6,tag=rpaas; 311 | EOF 312 | 313 | server_request_id_headers = <<"EOF" 314 | more_set_input_headers "X-Request-ID: $request_id_final"; 315 | more_set_headers "X-Request-ID: $request_id_final"; 316 | EOF 317 | it 'add request_id headers' do 318 | should contain_file('/etc/nginx/nginx.conf').with_content(/#{Regexp.escape(server_request_id_headers)}/) 319 | end 320 | it 'add uuid4 module, generate request_id headers' do 321 | should contain_file('/etc/nginx/nginx.conf').with_content(/#{Regexp.escape(server_request_id_enabled)}/m) 322 | end 323 | 324 | context 'using json log format' do 325 | let :params do 326 | { 327 | :nginx_request_id_enabled => true, 328 | :nginx_syslog_access_type => 'json', 329 | :nginx_syslog_access_server => 'localhost', 330 | :nginx_rpaas_tags => 'RPAAS,TESTING' 331 | } 332 | end 333 | log_format = <<"EOF" 334 | log_format main escape=json '{' 335 | '"@timestamp":"${time_iso8601}",' 336 | '"@version":"1",' 337 | '"host":"${hostname}",' 338 | '"short_message":"This log was generated by Nginx",' 339 | '"remote_addr":"${remote_addr}",' 340 | '"vhost":"${host}",' 341 | '"request_method":"${request_method}",' 342 | '"request_uri":"${request_uri}",' 343 | '"server_protocol":"${server_protocol}",' 344 | '"http_referer":"${http_referer}",' 345 | '"http_x_mobile_group":"${http_x_mobile_group}",' 346 | '"status":"${status}",' 347 | '"connection":"${connection}",' 348 | '"body_bytes_sent":"${body_bytes_sent}",' 349 | '"request_time":"${request_time}",' 350 | '"request_id":"${request_id_final}",' 351 | '"upstream_addr":"${upstream_addr}",' 352 | '"upstream_status":"${upstream_status}",' 353 | '"upstream_response_length":"${upstream_response_length}",' 354 | '"upstream_response_time":"${upstream_response_time}",' 355 | '"upstream_cache_status":"${upstream_cache_status}",' 356 | '"uri":"${uri}",' 357 | '"http_user_agent":"${http_user_agent}",' 358 | '"http_x_forwarded_for":"${http_x_forwarded_for}",' 359 | '"ssl_server_name":"${ssl_server_name}",' 360 | '"ssl_protocol":"${ssl_protocol}",' 361 | '"ssl_cipher":"${ssl_cipher}",' 362 | '"_tags":"RPAAS,TESTING" ' 363 | '}'; 364 | 365 | access_log syslog:server=localhost,facility=local6,tag=rpaas main; 366 | 367 | EOF 368 | 369 | it 'generate custom json access_log' do 370 | should contain_file('/etc/nginx/nginx.conf').with_content(/#{Regexp.escape(log_format)}/m) 371 | end 372 | end 373 | end 374 | 375 | context 'using consul backend' do 376 | let :params do 377 | { 378 | :consul_server => 'foo.bar:8500', 379 | :consul_acl_token => '0000-1111', 380 | :rpaas_service_name => 'rpaas_fe', 381 | :rpaas_instance_name => 'foo_instance', 382 | :nginx_admin_enable_ssl => true, 383 | :nginx_lua => true, 384 | :nginx_http2 => true 385 | } 386 | end 387 | 388 | main_ssl_http2_enabled = <&1 | grep emerg) 596 | consul_nginx_url='http://foo.bar:8500/v1/kv/rpaas_fe/foo_instance/status/foo.bar?token=0000-1111' 597 | EOF 598 | 599 | it 'creates /etc/consul-template.d/plugins/check_and_reload_nginx.sh' do 600 | should contain_file('/etc/consul-template.d/plugins/check_and_reload_nginx.sh').with_content(/#{Regexp.escape(check_and_reload_nginx_content)}/) 601 | end 602 | 603 | end 604 | 605 | end 606 | -------------------------------------------------------------------------------- /rpaas/spec/spec_helper.rb: -------------------------------------------------------------------------------- 1 | dir = File.expand_path(File.dirname(__FILE__)) 2 | $LOAD_PATH.unshift File.join(dir, 'lib') 3 | 4 | require 'puppetlabs_spec_helper/module_spec_helper' 5 | require 'mocha' 6 | 7 | fixture_path = File.expand_path(File.join(__FILE__, '..', 'fixtures')) 8 | RSpec.configure do |c| 9 | c.mock_with :mocha 10 | c.module_path = File.join(fixture_path, 'modules') 11 | c.manifest_dir = File.join(fixture_path, 'manifests') 12 | end 13 | 14 | at_exit { RSpec::Puppet::Coverage.report! } 15 | 16 | # We need this because the RAL uses 'should' as a method. This 17 | # allows us the same behaviour but with a different method name. 18 | class Object 19 | alias :must :should 20 | end 21 | -------------------------------------------------------------------------------- /rpaas/templates/consul/admin_ssl.conf.tpl.erb: -------------------------------------------------------------------------------- 1 | {{ with $cert := key_or_default "<%= @rpaas_service_name %>/<%= @rpaas_instance_name %>/ssl/<%= @vm_id %>/cert" "" }} 2 | {{ if $cert }} 3 | listen <%= @nginx_admin_ssl_listen %> ssl; 4 | ssl_certificate /etc/nginx/certs/nginx_admin.crt; 5 | ssl_certificate_key /etc/nginx/certs/nginx_admin.key; 6 | ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 7 | ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS'; 8 | ssl_prefer_server_ciphers on; 9 | ssl_session_cache shared:SSL:200m; 10 | ssl_session_timeout 1h; 11 | <% if @nginx_dhparams -%> 12 | ssl_dhparam <%= @nginx_dhparams %>; 13 | <% end -%> 14 | {{ else }} 15 | {{ plugin "check_file.sh" "/etc/nginx/admin_ssl.conf" }} 16 | {{ end }} 17 | {{ else }} 18 | {{ plugin "check_file.sh" "/etc/nginx/admin_ssl.conf" }} 19 | {{ end }} -------------------------------------------------------------------------------- /rpaas/templates/consul/agent_config.json.erb: -------------------------------------------------------------------------------- 1 | <% require 'json' -%> 2 | { 3 | "client_addr": "<%= @consul_agent_client_addr %>", 4 | "bind_addr": "<%= @consul_agent_bind_addr %>", 5 | "datacenter": "<%= @consul_agent_datacenter %>", 6 | "data_dir": "<%= @consul_agent_data_dir %>", 7 | <%= @consul_agent_encrypt ? "\"encrypt\": \"#{consul_agent_encrypt}\"" : '' %>, 8 | "rejoin_after_leave": true, 9 | "skip_leave_on_interrupt": true, 10 | "log_level": "INFO", 11 | "enable_syslog": true, 12 | "acl_token":"<%= @consul_acl_token %>", 13 | "start_join": <%= @consul_members.to_json %>, 14 | "disable_update_check": true 15 | } 16 | -------------------------------------------------------------------------------- /rpaas/templates/consul/block.conf.tpl.erb: -------------------------------------------------------------------------------- 1 | {{ with $custom_block := key_or_default "<%= @rpaas_service_name %>/<%= @rpaas_instance_name %>/blocks/<%= name %>/ROOT" "" }} 2 | {{ if $custom_block | regexMatch "(?ms)## Begin custom RpaaS <%= name %> block ##.+## End custom RpaaS <%= name %> block ##" }} 3 | {{ $custom_block }} 4 | {{ else }} 5 | {{ plugin "check_file.sh" "/etc/nginx/sites-enabled/consul/blocks/<%= name %>.conf" }} 6 | {{ end }} 7 | {{ else }} 8 | {{ plugin "check_file.sh" "/etc/nginx/sites-enabled/consul/blocks/<%= name %>.conf" }} 9 | {{ end }} 10 | -------------------------------------------------------------------------------- /rpaas/templates/consul/check_and_reload_nginx.sh.erb: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | nginx_error=$(nginx -t 2>&1 | grep emerg) 4 | <% 5 | consul_token = '' 6 | if not @consul_acl_token.nil? 7 | consul_token = "?token=#{@consul_acl_token}" 8 | end 9 | -%> 10 | consul_nginx_url='http://<%= @consul_server %>/v1/kv/<%= @rpaas_service_name %>/<%= @rpaas_instance_name %>/status/<%= @hostname %><%= consul_token %>' 11 | 12 | if [ ! -z "$nginx_error" ]; then 13 | echo $nginx_error | curl -XPUT -d @- $consul_nginx_url 14 | else 15 | nginx_reload_output=`service nginx reload 2>&1` 16 | if [ -z $nginx_reload_output ]; then 17 | nginx_reload_output='Nginx reload successfully!' 18 | fi 19 | curl -XPUT -d "$nginx_reload_output" $consul_nginx_url 20 | fi 21 | -------------------------------------------------------------------------------- /rpaas/templates/consul/consul.conf.erb: -------------------------------------------------------------------------------- 1 | consul = "<%= @consul_server %>" 2 | <%= @consul_acl_token ? "token = \"#{@consul_acl_token}\"" : "" -%> 3 | 4 | syslog { 5 | enabled = <%= @consul_syslog_enabled %> 6 | facility = "<%= @consul_syslog_facility %>" 7 | } 8 | 9 | template { 10 | source = "/etc/consul-template.d/templates/locations.conf.tpl" 11 | destination = "/etc/nginx/sites-enabled/consul/locations.conf" 12 | command = "/etc/consul-template.d/plugins/check_and_reload_nginx.sh" 13 | perms = 0644 14 | } 15 | 16 | template { 17 | source = "/etc/consul-template.d/templates/upstreams.conf.tpl" 18 | destination = "/etc/nginx/sites-enabled/consul/upstreams.conf" 19 | command = "/etc/consul-template.d/plugins/check_and_reload_nginx.sh" 20 | perms = 0644 21 | } 22 | 23 | template { 24 | source = "/etc/consul-template.d/templates/nginx.key.tpl" 25 | destination = "/etc/nginx/certs/nginx_main.key" 26 | command = "/etc/consul-template.d/plugins/check_and_reload_nginx.sh" 27 | perms = 0644 28 | } 29 | 30 | template { 31 | source = "/etc/consul-template.d/templates/nginx.crt.tpl" 32 | destination = "/etc/nginx/certs/nginx_main.crt" 33 | command = "/etc/consul-template.d/plugins/check_and_reload_nginx.sh" 34 | perms = 0644 35 | } 36 | 37 | template { 38 | source = "/etc/consul-template.d/templates/main_ssl.conf.tpl" 39 | destination = "/etc/nginx/main_ssl.conf" 40 | command = "/etc/consul-template.d/plugins/check_and_reload_nginx.sh" 41 | perms = 0644 42 | } 43 | 44 | template { 45 | source = "/etc/consul-template.d/templates/block_http.conf.tpl" 46 | destination = "/etc/nginx/sites-enabled/consul/blocks/http.conf" 47 | command = "/etc/consul-template.d/plugins/check_and_reload_nginx.sh" 48 | perms = 0644 49 | } 50 | 51 | template { 52 | source = "/etc/consul-template.d/templates/block_server.conf.tpl" 53 | destination = "/etc/nginx/sites-enabled/consul/blocks/server.conf" 54 | command = "/etc/consul-template.d/plugins/check_and_reload_nginx.sh" 55 | perms = 0644 56 | } 57 | <% if @nginx_lua %> 58 | template { 59 | source = "/etc/consul-template.d/templates/lua_server.conf.tpl" 60 | destination = "/etc/nginx/sites-enabled/consul/blocks/lua_server.conf" 61 | command = "/etc/consul-template.d/plugins/check_and_reload_nginx.sh" 62 | perms = 0644 63 | } 64 | 65 | template { 66 | source = "/etc/consul-template.d/templates/lua_worker.conf.tpl" 67 | destination = "/etc/nginx/sites-enabled/consul/blocks/lua_worker.conf" 68 | command = "/etc/consul-template.d/plugins/check_and_reload_nginx.sh" 69 | perms = 0644 70 | } 71 | <% end %> 72 | <% if @nginx_admin_enable_ssl %> 73 | template { 74 | source = "/etc/consul-template.d/templates/nginx_admin.key.tpl" 75 | destination = "/etc/nginx/certs/nginx_admin.key" 76 | command = "/etc/consul-template.d/plugins/check_and_reload_nginx.sh" 77 | perms = 0644 78 | } 79 | 80 | template { 81 | source = "/etc/consul-template.d/templates/nginx_admin.crt.tpl" 82 | destination = "/etc/nginx/certs/nginx_admin.crt" 83 | command = "/etc/consul-template.d/plugins/check_and_reload_nginx.sh" 84 | perms = 0644 85 | } 86 | 87 | template { 88 | source = "/etc/consul-template.d/templates/admin_ssl.conf.tpl" 89 | destination = "/etc/nginx/admin_ssl.conf" 90 | command = "/etc/consul-template.d/plugins/check_and_reload_nginx.sh" 91 | perms = 0644 92 | } 93 | <% end %> 94 | -------------------------------------------------------------------------------- /rpaas/templates/consul/locations.conf.tpl.erb: -------------------------------------------------------------------------------- 1 | {{ with $healthcheck_value := key_or_default "<%= @rpaas_service_name %>/<%= @rpaas_instance_name %>/healthcheck" "" }} 2 | {{ with $locations := ls "<%= @rpaas_service_name %>/<%= @rpaas_instance_name %>/locations" }} 3 | {{ if eq $healthcheck_value "true" }} 4 | location /_nginx_healthcheck/ { 5 | echo "WORKING"; 6 | } 7 | {{ end }} 8 | {{ range $locations }} 9 | {{ .Value }} 10 | {{ end }} 11 | {{ else }} 12 | {{ plugin "check_file.sh" "/etc/nginx/sites-enabled/consul/locations.conf" }} 13 | {{ end }} 14 | {{ else }} 15 | {{ plugin "check_file.sh" "/etc/nginx/sites-enabled/consul/locations.conf" }} 16 | {{ end }} 17 | -------------------------------------------------------------------------------- /rpaas/templates/consul/lua.conf.tpl.erb: -------------------------------------------------------------------------------- 1 | <% if @name == "server" -%> 2 | init_by_lua_block { 3 | <% else -%> 4 | <% if @name == "worker" -%> 5 | init_worker_by_lua_block { 6 | <% end -%> 7 | <% end -%> 8 | ngx_rpaas_service = "<%= @rpaas_service_name %>" 9 | ngx_rpaas_instance = "<%= @rpaas_instance_name %>" 10 | ngx_consul_token = "<%= @consul_acl_token %>" 11 | {{ with $locations := ls "<%= @rpaas_service_name %>/<%= @rpaas_instance_name %>/lua_module/<%= @name %>" }} 12 | {{ range $locations }} 13 | {{if .Value | regexMatch "(?ms)-- Begin custom RpaaS .+ lua module --.+-- End custom RpaaS .+ lua module --" }} 14 | {{ .Value }} 15 | {{ end }} 16 | {{ end }} 17 | {{ end }} 18 | } 19 | -------------------------------------------------------------------------------- /rpaas/templates/consul/main_ssl.conf.tpl.erb: -------------------------------------------------------------------------------- 1 | {{ with $cert := key_or_default "<%= @rpaas_service_name %>/<%= @rpaas_instance_name %>/ssl/cert" "" }} 2 | {{ if $cert }} 3 | listen <%= @nginx_ssl_listen %> ssl default_server backlog=<%= @sysctl_somaxconn %> <%= @http2_value %>; 4 | 5 | ssl_certificate /etc/nginx/certs/nginx_main.crt; 6 | ssl_certificate_key /etc/nginx/certs/nginx_main.key; 7 | ssl_session_ticket_key /etc/nginx/certs/ticket.key; 8 | ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 9 | ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS'; 10 | ssl_prefer_server_ciphers on; 11 | ssl_session_cache shared:SSL:200m; 12 | ssl_session_timeout 1h; 13 | <% if @nginx_dhparams -%> 14 | ssl_dhparam <%= @nginx_dhparams %>; 15 | <% end -%> 16 | {{ else }} 17 | {{ plugin "check_file.sh" "/etc/nginx/main_ssl.conf" }} 18 | {{ end }} 19 | {{ else }} 20 | {{ plugin "check_file.sh" "/etc/nginx/main_ssl.conf" }} 21 | {{ end }} -------------------------------------------------------------------------------- /rpaas/templates/consul/nginx.crt.tpl.erb: -------------------------------------------------------------------------------- 1 | {{ key_or_default "<%= @rpaas_service_name %>/<%= @rpaas_instance_name %>/ssl/cert" "" | plugin "check_nginx_ssl_data.sh" "main" "crt" }} 2 | -------------------------------------------------------------------------------- /rpaas/templates/consul/nginx.key.tpl.erb: -------------------------------------------------------------------------------- 1 | {{ key_or_default "<%= @rpaas_service_name %>/<%= @rpaas_instance_name %>/ssl/key" "" | plugin "check_nginx_ssl_data.sh" "main" "key" }} 2 | -------------------------------------------------------------------------------- /rpaas/templates/consul/nginx_admin.crt.tpl.erb: -------------------------------------------------------------------------------- 1 | {{ key_or_default "<%= @rpaas_service_name %>/<%= @rpaas_instance_name %>/ssl/<%= @vm_id %>/cert" "" | plugin "check_nginx_ssl_data.sh" "admin" "crt" }} 2 | -------------------------------------------------------------------------------- /rpaas/templates/consul/nginx_admin.key.tpl.erb: -------------------------------------------------------------------------------- 1 | {{ key_or_default "<%= @rpaas_service_name %>/<%= @rpaas_instance_name %>/ssl/<%= @vm_id %>/key" "" | plugin "check_nginx_ssl_data.sh" "admin" "key" }} 2 | -------------------------------------------------------------------------------- /rpaas/templates/consul/nginx_service.json.erb: -------------------------------------------------------------------------------- 1 | { 2 | "service": { 3 | "name": "nginx", 4 | "tags": ["<%= @rpaas_service_name %>", "<%= @rpaas_instance_name %>"], 5 | "address": "127.0.0.1", 6 | "port": <%= @nginx_listen.to_i %>, 7 | "enableTagOverride": true, 8 | "checks": [ 9 | { 10 | "name": "nginx_admin", 11 | "http": "http://127.0.0.1:8089/healthcheck", 12 | "interval": "10s" 13 | }, 14 | { 15 | "name": "check_ro_fs", 16 | "script": "/usr/local/bin/check_ro_fs.sh", 17 | "interval": "30s" 18 | } 19 | ] 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /rpaas/templates/consul/upstreams.conf.tpl.erb: -------------------------------------------------------------------------------- 1 | {{- $fail := false }} 2 | {{ with $upstreams := ls "<%= @rpaas_service_name %>/<%= @rpaas_instance_name %>/upstream" }} 3 | {{ range $upstreams}} 4 | {{ if .Value | regexMatch "(?ms)## Begin custom RpaaS .+ block ##\n## End custom RpaaS .+ block ##" }} 5 | {{ else }} 6 | {{ if .Value | regexMatch "(?ms)## Begin custom RpaaS .+ block ##.+## End custom RpaaS .+ block ##" }} 7 | upstream {{ .Key }} { 8 | {{- range $server := .Value | regexReplaceAll "(?ms)## Begin custom RpaaS .+ block ##(.+)## End custom RpaaS .+ block ##" "$1" | split "," }} 9 | server {{ $server }}; 10 | {{- end }} 11 | keepalive <%= @nginx_upstream_keepalive %>; 12 | } 13 | {{ else }} 14 | {{- $fail := true }} 15 | {{ end }} 16 | {{ end }} 17 | {{ end }} 18 | {{ else }} 19 | {{- $fail := true }} 20 | {{ end }} 21 | {{- if $fail }} 22 | {{ plugin "check_file.sh" "/etc/nginx/sites-enabled/consul/upstreams.conf" }} 23 | {{- end }} -------------------------------------------------------------------------------- /rpaas/templates/nginx.conf.erb: -------------------------------------------------------------------------------- 1 | user <%= @nginx_user %>; 2 | worker_processes <%= @nginx_worker_processes %>; 3 | <% if @nginx_worker_shutdown_timeout -%> 4 | worker_shutdown_timeout <%= @nginx_worker_shutdown_timeout %>; 5 | <% end -%> 6 | <% if @nginx_worker_rlimit_nofile -%> 7 | worker_rlimit_nofile <%= @nginx_worker_rlimit_nofile %>; 8 | <% end -%> 9 | include /etc/nginx/modules-enabled/*.conf; 10 | 11 | events { 12 | worker_connections <%= @nginx_worker_connections %>; 13 | } 14 | 15 | 16 | http { 17 | include mime.types; 18 | default_type application/octet-stream; 19 | server_tokens off; 20 | 21 | sendfile on; 22 | keepalive_timeout 65; 23 | 24 | <% if @nginx_request_id_enabled -%> 25 | uuid4 $request_id_uuid; 26 | map $http_x_request_id $request_id_final { 27 | default $request_id_uuid; 28 | "~." $http_x_request_id; 29 | } 30 | <% end -%> 31 | 32 | map $http_x_real_ip $real_ip_final { 33 | default $remote_addr; 34 | "~." $http_x_real_ip; 35 | } 36 | 37 | map $http_x_forwarded_proto $forwarded_proto_final { 38 | default $scheme; 39 | "~." $http_x_forwarded_proto; 40 | } 41 | 42 | map $http_x_forwarded_host $forwarded_host_final { 43 | default $host; 44 | "~." $http_x_forwarded_host; 45 | } 46 | 47 | <% if @nginx_local_log -%> 48 | access_log /var/log/nginx/access.log main; 49 | error_log /var/log/nginx/error.log; 50 | <% end -%> 51 | 52 | <% if @nginx_syslog_access_type == 'classic'%> 53 | log_format main 54 | '${remote_addr}\t${host}\t${request_method}\t${request_uri}\t${server_protocol}\t' 55 | '${http_referer}\t${http_x_mobile_group}\t' 56 | 'Local:\t${status}\t*${connection}\t${body_bytes_sent}\t${request_time}\t' 57 | 'Proxy:\t${upstream_addr}\t${upstream_status}\t${upstream_cache_status}\t' 58 | '${upstream_response_length}\t${upstream_response_time}\t${request_uri}\t' 59 | <% if @nginx_request_id_enabled -%> 60 | 'Agent:\t${http_user_agent}\t$request_id_final\t' 61 | <% else -%> 62 | 'Agent:\t${http_user_agent}\t' 63 | <% end -%> 64 | 'Fwd:\t${http_x_forwarded_for}\t' 65 | 'SSL:\t${ssl_server_name}\t${ssl_protocol}\t${ssl_cipher}\t-'; 66 | <% else %> 67 | log_format main escape=json '{' 68 | '"@timestamp":"${time_iso8601}",' 69 | '"@version":"1",' 70 | '"host":"${hostname}",' 71 | '"short_message":"This log was generated by Nginx",' 72 | '"remote_addr":"${remote_addr}",' 73 | '"vhost":"${host}",' 74 | '"request_method":"${request_method}",' 75 | '"request_uri":"${request_uri}",' 76 | '"server_protocol":"${server_protocol}",' 77 | '"http_referer":"${http_referer}",' 78 | '"http_x_mobile_group":"${http_x_mobile_group}",' 79 | '"status":"${status}",' 80 | '"connection":"${connection}",' 81 | '"body_bytes_sent":"${body_bytes_sent}",' 82 | '"request_time":"${request_time}",' 83 | <% if @nginx_request_id_enabled -%> 84 | '"request_id":"${request_id_final}",' 85 | <% end -%> 86 | '"upstream_addr":"${upstream_addr}",' 87 | '"upstream_status":"${upstream_status}",' 88 | '"upstream_response_length":"${upstream_response_length}",' 89 | '"upstream_response_time":"${upstream_response_time}",' 90 | '"upstream_cache_status":"${upstream_cache_status}",' 91 | '"uri":"${uri}",' 92 | '"http_user_agent":"${http_user_agent}",' 93 | '"http_x_forwarded_for":"${http_x_forwarded_for}",' 94 | '"ssl_server_name":"${ssl_server_name}",' 95 | '"ssl_protocol":"${ssl_protocol}",' 96 | '"ssl_cipher":"${ssl_cipher}",' 97 | '"_tags":"<%= @nginx_rpaas_tags%>" ' 98 | '}'; 99 | <% end -%> 100 | 101 | <% if @nginx_syslog_access_server -%> 102 | access_log syslog:server=<%= @nginx_syslog_access_server %>,facility=local6,tag=<%= @nginx_syslog_access_tag ? @nginx_syslog_access_tag : 'rpaas' %> main; 103 | <% end -%> 104 | <% if @nginx_syslog_error_server -%> 105 | error_log syslog:server=<%= @nginx_syslog_error_server %>,facility=local6,tag=<%= @nginx_syslog_error_tag ? @nginx_syslog_error_tag : 'rpaas' %>; 106 | <% end -%> 107 | 108 | <% @nginx_custom_error_codes.each do |file, codes| -%> 109 | error_page <%= codes.join(" ") %> /_nginx_errordocument/<%= file %>; 110 | <% end -%> 111 | 112 | proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=rpaas:<%= @nginx_key_zone_size %> inactive=<%= @nginx_cache_inactive %> max_size=<%= @nginx_cache_size %> loader_files=<%= @nginx_loader_files %>; 113 | proxy_temp_path /var/cache/nginx_temp 1 2; 114 | 115 | gzip on; 116 | gzip_buffers 128 4k; 117 | gzip_comp_level 5; 118 | gzip_http_version 1.0; 119 | gzip_min_length 20; 120 | gzip_proxied any; 121 | gzip_vary on; 122 | # Additional types, "text/html" is always compressed: 123 | gzip_types application/atom+xml application/javascript 124 | application/json application/rss+xml 125 | application/xml application/x-javascript 126 | text/css text/javascript text/plain text/xml; 127 | <% if @nginx_vts_enabled -%> 128 | vhost_traffic_status_zone; 129 | <% end -%> 130 | server { 131 | listen <%= @nginx_admin_listen %>; 132 | <% if @nginx_admin_enable_ssl -%> 133 | include /etc/nginx/admin_ssl.conf; 134 | <% end -%> 135 | 136 | server_name _tsuru_nginx_admin; 137 | 138 | location /healthcheck { 139 | echo "WORKING"; 140 | } 141 | 142 | <% if @nginx_location_purge -%> 143 | location ~ ^/purge/(.+) { 144 | <% @nginx_allow_admin_list.each do |ip| -%> 145 | allow <%= ip %>; 146 | <% end -%> 147 | deny all; 148 | proxy_cache_purge rpaas $1$is_args$args; 149 | } 150 | <% end -%> 151 | <% if @nginx_vts_enabled -%> 152 | 153 | location /vts_status { 154 | vhost_traffic_status_display; 155 | vhost_traffic_status_display_format json; 156 | } 157 | <% end -%> 158 | <% if @nginx_admin_locations -%> 159 | include nginx_admin_locations.conf; 160 | <% end -%> 161 | } 162 | 163 | include sites-enabled/consul/upstreams.conf; 164 | include sites-enabled/consul/blocks/http.conf; 165 | 166 | <% if @nginx_lua -%> 167 | lua_package_path "/usr/local/share/lualib/?.lua;;"; 168 | lua_shared_dict my_cache 10m; 169 | lua_shared_dict locks 1m; 170 | include sites-enabled/consul/blocks/lua_*.conf; 171 | <% end -%> 172 | 173 | server { 174 | <% if @nginx_listen -%> 175 | listen <%= @nginx_listen %> default_server backlog=<%= @sysctl_somaxconn %>; 176 | <% end -%> 177 | include /etc/nginx/main_ssl.conf; 178 | 179 | server_name _tsuru_nginx_app; 180 | port_in_redirect off; 181 | 182 | proxy_cache rpaas; 183 | proxy_cache_use_stale error timeout updating invalid_header http_500 http_502 http_503 http_504; 184 | proxy_cache_lock on; 185 | proxy_cache_lock_age 60s; 186 | proxy_cache_lock_timeout 60s; 187 | set $xx_real_ip_final $real_ip_final; 188 | set $xx_proxy_add_x_forwarded_for $proxy_add_x_forwarded_for; 189 | set $xx_forwarded_proto_final $forwarded_proto_final; 190 | set $xx_forwarded_host_final $forwarded_host_final; 191 | more_set_input_headers "X-Real-IP: $real_ip_final"; 192 | more_set_input_headers "X-Forwarded-For: $proxy_add_x_forwarded_for"; 193 | more_set_input_headers "X-Forwarded-Proto: $forwarded_proto_final"; 194 | more_set_input_headers "X-Forwarded-Host: $forwarded_host_final"; 195 | <% if @nginx_request_id_enabled -%> 196 | set $xx_request_id_final $request_id_final; 197 | more_set_input_headers "X-Request-ID: $request_id_final"; 198 | <% if not @nginx_disable_response_request_id -%> 199 | more_set_headers "X-Request-ID: $request_id_final"; 200 | <% end -%> 201 | <% end -%> 202 | more_clear_input_headers "X-Debug-Router"; 203 | proxy_read_timeout 20s; 204 | proxy_connect_timeout 10s; 205 | proxy_send_timeout 20s; 206 | proxy_http_version 1.1; 207 | <% if @nginx_location_purge -%> 208 | proxy_cache_key $scheme$request_uri; 209 | <% end -%> 210 | <% if @nginx_custom_error_dir and @nginx_intercept_errors -%> 211 | proxy_intercept_errors on; 212 | <% end -%> 213 | 214 | <% if @nginx_custom_error_dir -%> 215 | location ~ ^/_nginx_errordocument/(.+) { 216 | internal; 217 | alias <%= @nginx_custom_error_dir %>/$1; 218 | } 219 | <% end -%> 220 | 221 | include sites-enabled/consul/locations.conf; 222 | include sites-enabled/consul/blocks/server.conf; 223 | } 224 | } 225 | -------------------------------------------------------------------------------- /rpaas/templates/sysctl_nginx_tunnings.conf.erb: -------------------------------------------------------------------------------- 1 | # conntrack flags for nginx 2 | net.core.somaxconn = <%= @sysctl_somaxconn %> 3 | net.ipv4.tcp_max_syn_backlog = <%= @sysctl_max_syn_backlog %> 4 | -------------------------------------------------------------------------------- /spec/classes/api_install_spec.rb: -------------------------------------------------------------------------------- 1 | ../../api/spec/classes/api_install_spec.rb -------------------------------------------------------------------------------- /spec/classes/base_ubuntu_spec.rb: -------------------------------------------------------------------------------- 1 | ../../base/spec/classes/base_ubuntu_spec.rb -------------------------------------------------------------------------------- /spec/classes/bs_spec.rb: -------------------------------------------------------------------------------- 1 | ../../bs/spec/classes/bs_spec.rb -------------------------------------------------------------------------------- /spec/classes/docker_spec.rb: -------------------------------------------------------------------------------- 1 | ../../docker/spec/classes/docker_spec.rb -------------------------------------------------------------------------------- /spec/classes/gandalf_spec.rb: -------------------------------------------------------------------------------- 1 | ../../gandalf/spec/classes/gandalf_spec.rb -------------------------------------------------------------------------------- /spec/classes/router_install_spec.rb: -------------------------------------------------------------------------------- 1 | ../../router/spec/classes/router_install_spec.rb -------------------------------------------------------------------------------- /spec/classes/rpaas_install_spec.rb: -------------------------------------------------------------------------------- 1 | ../../rpaas/spec/classes/rpaas_install_spec.rb -------------------------------------------------------------------------------- /spec/functions/mkdir_p_spec.rb: -------------------------------------------------------------------------------- 1 | require 'spec_helper' 2 | 3 | describe 'mkdir_p' do 4 | 5 | before (:all) do 6 | FileUtils.stubs(:mkdir_p).returns(true).then.raises(Errno::EACCES) 7 | end 8 | 9 | it { should run.with_params('/foo/bar').and_return(true) } 10 | 11 | it { should run.with_params('/var/lib/bar').and_return(false) } 12 | 13 | it { should run.with_params().and_raise_error(Puppet::ParseError, /number of arguments/) } 14 | 15 | it { should run.with_params('/foo/bar','/foo/bar/bla').and_raise_error(Puppet::ParseError, /number of arguments/) } 16 | 17 | end 18 | -------------------------------------------------------------------------------- /spec/spec_helper.rb: -------------------------------------------------------------------------------- 1 | dir = File.expand_path(File.dirname(__FILE__)) 2 | $LOAD_PATH.unshift File.join(dir, 'lib') 3 | 4 | require 'puppetlabs_spec_helper/module_spec_helper' 5 | require 'mocha' 6 | 7 | fixture_path = File.expand_path(File.join(__FILE__, '..', 'fixtures')) 8 | RSpec.configure do |c| 9 | c.mock_with :mocha 10 | c.module_path = File.join(fixture_path, 'modules') 11 | c.manifest_dir = File.join(fixture_path, 'manifests') 12 | end 13 | 14 | at_exit { RSpec::Puppet::Coverage.report! } 15 | 16 | # We need this because the RAL uses 'should' as a method. This 17 | # allows us the same behaviour but with a different method name. 18 | class Object 19 | alias :must :should 20 | end 21 | --------------------------------------------------------------------------------