From 0dd12a0c20d21e73e003a98a23fad435657f8c25 Mon Sep 17 00:00:00 2001 From: Ossi Salmi Date: Mon, 18 May 2015 14:58:20 +0300 Subject: [PATCH] ejabberd: Manual merge from parameterize branch --- ejabberd/manifests/init.pp | 302 ++++++++++++------------- ejabberd/templates/ejabberd-backup.erb | 2 +- ejabberd/templates/ejabberd.cfg.erb | 61 +++-- 3 files changed, 180 insertions(+), 185 deletions(-) diff --git a/ejabberd/manifests/init.pp b/ejabberd/manifests/init.pp index 0ddc26a..5defe68 100644 --- a/ejabberd/manifests/init.pp +++ b/ejabberd/manifests/init.pp @@ -1,111 +1,175 @@ # Install ejabberd. # -# === Global variables +# === Parameters # -# $ejabberd_hosts: +# $collab: +# Boolean for enabling collab integration. Defaults to false. +# +# $package: +# Ejabberd package source. Required for collab integration. +# +# $hosts: # Array of domains serverd by ejabberd. Defaults to [ "$homename" ]. # -# $ejabberd_admin: +# $admins: # Array of users with admin privileges. # -# $ejabberd_ssl_key: -# Path to SSL private key. +# $webhosts: +# Array of BOSH virtual hosts. # -# $ejabberd_ssl_cert: -# Path to SSL certificate. -# -# $ejabberd_ssl_chain: -# Path to SSL certificate chain. -# -# $ejabberd_muclog_datadir: -# Path where to store chatroom logs. Disabled by default. -# -# $ejabberd_muclog_format: -# Chatroom log format. Valid values html or plaintext. -# -# $ejabberd_auth: +# $auth: # Authentication method or array of multiple methods. # Valid values internal, external or ldap. Defaults to internal. # -# $ejabberd_extauth: +# $extauth: # Path to external authentication command. # -# $ejabberd_ldap_server: +# $muclog_datadir: +# Path where to store chatroom logs. Disabled by default. +# +# $muclog_format: +# Chatroom log format. Valid values html or plaintext. +# +# $ssl_key: +# Path to SSL private key. +# +# $ssl_cert: +# Path to SSL certificate. +# +# $ssl_chain: +# Path to SSL certificate chain. +# +# $ldap_server: # Array of LDAP authentication servers. # -# $ejabberd_ldap_basedn: +# $ldap_basedn: # LDAP base dn. # -# $ejabberd_ldap_encrypt: +# $ldap_encrypt: # LDAP encryption. Defaults to "tls". # -# $ejabberd_ldap_port: +# $ldap_port: # LDAP port. Defaults to 636. # -# $ejabberd_ldap_uidattr: +# $ldap_uid: # LDAP UID attribute. Defaults to "uid". # -# $ejabberd_ldap_binddn: +# $ldap_rootdn: # Optional bind DN. # -# $ejabberd_ldap_bindpw: +# $ldap_password: # Bind DN password. # -class ejabberd { +class ejabberd( + $collab=false, + $package=undef, + $hosts=[$::homename], + $admins=[], + $webhosts=undef, + $auth="internal", + $extauth=undef, + $muclog_datadir=undef, + $muclog_format="plaintext", + $ssl_key="${::puppet_ssldir}/private_keys/${::homename}.pem", + $ssl_cert="${::puppet_ssldir}/certs/${::homename}.pem", + $ssl_chain=undef, + $ldap_server=undef, + $ldap_basedn=undef, + $ldap_encrypt="tls", + $ldap_port="636", + $ldap_uid="uid", + $ldap_rootdn=undef, + $ldap_password=undef +) { include user::system realize(User["ejabberd"], Group["ejabberd"]) - if !$ejabberd_hosts { - $ejabberd_hosts = [ $homename ] - } - if !$ejabberd_admin { - $ejabberd_admin = [] - } - if !$ejabberd_auth { - $ejabberd_auth = "internal" + if ! ($muclog_format in [ "html", "plaintext" ]) { + fail("Invalid value ${muclog_format} for muclog_format") } - if !$ejabberd_ldap_encrypt { - $ejabberd_ldap_encrypt = "tls" - } - if !$ejabberd_ldap_port { - $ejabberd_ldap_port = "636" - } - if !$ejabberd_ldap_uidattr { - $ejabberd_ldap_uidattr = "uid" + case $::operatingsystem { + "centos","redhat","fedora": { + $package_provider = "rpm" + package { ["erlang", "erlang-esasl"]: + ensure => installed, + before => Package["ejabberd"], + } + } + "debian","ubuntu": { + $package_provider = "dpkg" + package { ["erlang", "erlang-base"]: + ensure => installed, + before => Package["ejabberd"], + } + } + default: { } } - case $ejabberd_muclog_format { - "","html","plaintext": { } - default: { - fail("Invalid value ${ejabberd_muclog_format} for \$ejabberd_muclog_format.") + if $collab == true { + if ! $package { + fail("Must define package for collab integration") + } + + file { "/usr/local/src/${package}": + ensure => present, + mode => "0644", + owner => "root", + group => "root", + source => "puppet:///files/packages/${package}", + before => Package["ejabberd"], + } + + Package["ejabberd"] { + provider => $package_provider, + source => "/usr/local/src/${package}", + } + + exec { "usermod-ejabberd": + path => "/bin:/usr/bin:/sbin:/usr/sbin", + command => "usermod -a -G collab ejabberd", + unless => "id -n -G ejabberd | grep '\\bcollab\\b'", + require => [ User["ejabberd"], Group["collab"] ], + notify => Service["ejabberd"], + } + + Service["ejabberd"] { + require => Class["wiki::collab"], + } + + if $muclog_datadir { + file { $muclog_datadir: + ensure => directory, + mode => "2770", + owner => "collab", + group => "collab", + require => User["collab"], + before => Service["ejabberd"], + } } } package { "ejabberd": - ensure => installed, + ensure => $collab ? { + true => latest, + default => installed, + }, require => [ User["ejabberd"], Group["ejabberd"] ], } service { "ejabberd": - ensure => running, - enable => true, - status => "ejabberdctl status >/dev/null", + ensure => running, + enable => true, + status => "ejabberdctl status >/dev/null", + restart => "ejabberdctl restart >/dev/null", } include ssl - if !$ejabberd_ssl_key { - $ejabberd_ssl_key = "${puppet_ssldir}/private_keys/${homename}.pem" - } - if !$ejabberd_ssl_cert { - $ejabberd_ssl_cert = "${puppet_ssldir}/certs/${homename}.pem" - } - file { "${ssl::private}/ejabberd.key": ensure => present, - source => $ejabberd_ssl_key, + source => $ssl_key, mode => "0600", owner => "root", group => "root", @@ -113,16 +177,16 @@ class ejabberd { } file { "${ssl::certs}/ejabberd.crt": ensure => present, - source => $ejabberd_ssl_cert, + source => $ssl_cert, mode => "0644", owner => "root", group => "root", notify => Exec["generate-ejabberd-pem"], } - if $ejabberd_ssl_chain { + if $ssl_chain { file { "${ssl::certs}/ejabberd.chain.crt": ensure => present, - source => $ejabberd_ssl_chain, + source => $ssl_chain, mode => "0644", owner => "root", group => "root", @@ -164,24 +228,17 @@ class ejabberd { "debian", "ubuntu": { augeas { "set-ejabberd-default": context => "/files/etc/default/ejabberd", - changes => [ "set POLL true", - "set SMP auto", ], + changes => [ "set POLL true", "set SMP auto" ], + require => Package["ejabberd"], notify => Service["ejabberd"], } } + default: { } } $htdocs = "/usr/share/ejabberd/htdocs" - define configwebhost($htdocs) { - file { "/srv/www/https/${name}/bosh": - ensure => link, - target => $htdocs, - require => File["/srv/www/https/${name}"], - } - } - - if $ejabberd_webhosts { + if $webhosts { include apache::mod::proxy include apache::mod::proxy_http include apache::mod::rewrite @@ -213,7 +270,7 @@ class ejabberd { proto => "tcp", } - configwebhost { $ejabberd_webhosts: + ejabberd::configwebhost { $webhosts: htdocs => $htdocs, } } @@ -221,68 +278,14 @@ class ejabberd { } -# Install ejabberd with collab customizations. +# Enable bosh on virtual host. # -# === Global variables -# -# $ejabberd_package: -# Name of ejabberd package with collab patches. -# -class ejabberd::collab inherits ejabberd { +define ejabberd::configwebhost($htdocs) { - if !$ejabberd_package { - fail("Must define \$ejabberd_package") - } - - exec { "usermod-ejabberd": - path => "/bin:/usr/bin:/sbin:/usr/sbin", - command => "usermod -a -G collab ejabberd", - unless => "id -n -G ejabberd | grep '\\bcollab\\b'", - require => [ User["ejabberd"], Group["collab"] ], - } - - case $::operatingsystem { - "centos","redhat","fedora": { - package { ["erlang", "erlang-esasl"]: - ensure => installed, - before => Package["ejabberd"], - } - } - "debian","ubuntu": { - package { ["erlang", "erlang-base"]: - ensure => installed, - before => Package["ejabberd"], - } - } - } - file { "/usr/local/src/${ejabberd_package}": - ensure => present, - mode => "0644", - owner => "root", - group => "root", - source => "puppet:///files/packages/${ejabberd_package}", - before => Package["ejabberd"], - } - Package["ejabberd"] { - provider => $::operatingsystem ? { - "centos" => "rpm", - "redhat" => "rpm", - "fedora" => "rpm", - "debian" => "dpkg", - "ubuntu" => "dpkg", - }, - source => "/usr/local/src/${ejabberd_package}", - } - - if $ejabberd_muclog_datadir { - file { $ejabberd_muclog_datadir: - ensure => directory, - mode => "2770", - owner => "collab", - group => "collab", - require => User["collab"], - before => Service["ejabberd"], - } + file { "/srv/www/https/${name}/bosh": + ensure => link, + target => $htdocs, + require => File["/srv/www/https/${name}"], } } @@ -290,40 +293,35 @@ class ejabberd::collab inherits ejabberd { # Install ejabberd backup cron script. # -# === Global variables +# === Parameters # -# $ejabberd_backup_datadir: -# Path where to store the backups. +# $datadir: +# Path where to store the backups. Defaults to "/srv/ejabberd-backup". # -class ejabberd::backup { +class ejabberd::backup($datadir="/srv/ejabberd-backup") { - if ! $ejabberd_backup_datadir { - $ejabberd_backup_datadir = "/srv/ejabberd-backup" - } - - file { $ejabberd_backup_datadir: - ensure => directory, - mode => "0700", - owner => "root", - group => "root", + file { $datadir: + ensure => directory, + mode => "0700", + owner => "root", + group => "root", } file { "/usr/local/sbin/ejabberd-backup": ensure => present, - content => template("ejabberd/ejabberd-backup.erb"), mode => "0755", owner => "root", group => "root", + content => template("ejabberd/ejabberd-backup.erb"), } cron { "ejabberd-backup": ensure => present, command => "/usr/local/sbin/ejabberd-backup", user => "root", - minute => 15, - hour => 21, - require => File[ $ejabberd_backup_datadir, - "/usr/local/sbin/ejabberd-backup" ], + minute => "15", + hour => "21", + require => File[$datadir, "/usr/local/sbin/ejabberd-backup"], } } diff --git a/ejabberd/templates/ejabberd-backup.erb b/ejabberd/templates/ejabberd-backup.erb index 62fc8cd..4173197 100755 --- a/ejabberd/templates/ejabberd-backup.erb +++ b/ejabberd/templates/ejabberd-backup.erb @@ -25,7 +25,7 @@ # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF # THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -DESTDIR="<%= @ejabberd_backup_datadir %>" +DESTDIR="<%= @datadir %>" if [ ! -d ${DESTDIR} ]; then echo "ERR: ejabberd backup directory [${DESTDIR}] does not exist" 1>&2 diff --git a/ejabberd/templates/ejabberd.cfg.erb b/ejabberd/templates/ejabberd.cfg.erb index 67f7ab4..77d0979 100644 --- a/ejabberd/templates/ejabberd.cfg.erb +++ b/ejabberd/templates/ejabberd.cfg.erb @@ -89,8 +89,8 @@ override_acls. %% You can define one or several, for example: %% {hosts, ["example.net", "example.com", "example.org"]}. %% -<% @ejabberd_hosts.map! { |host| '"%s"' % host } -%> -{hosts, [<%= @ejabberd_hosts.join(", ") %>]}. +<% @hosts.map! { |host| '"%s"' % host } -%> +{hosts, [<%= @hosts.join(", ") %>]}. %% %% route_subdomains: Delegate subdomains to other XMPP servers. @@ -213,25 +213,25 @@ override_acls. %%%. ============== %%%' AUTHENTICATION -<% if @ejabberd_auth.is_a?(Array) -%> -{auth_method, [<%= @ejabberd_auth.join(", ") %>]}. +<% if @auth.is_a?(Array) -%> +{auth_method, [<%= @auth.join(", ") %>]}. <% else -%> -{auth_method, <%= @ejabberd_auth %>}. +{auth_method, <%= @auth %>}. <% end -%> -<% if @ejabberd_extauth -%> -{extauth_program, "<%= @ejabberd_extauth %>"}. +<% if @extauth -%> +{extauth_program, "<%= @extauth %>"}. <% end -%> -<% if @ejabberd_ldap_server -%> -<% @ejabberd_ldap_server.map! { |server| '"%s"' % server } -%> -{ldap_servers, [<%= @ejabberd_ldap_server.join(", ") %>]}. -{ldap_base, "<%= @ejabberd_ldap_basedn %>"}. -{ldap_encrypt, <%= @ejabberd_ldap_encrypt %>}. -{ldap_port, <%= @ejabberd_ldap_port %>}. -{ldap_uids, [{"<%= @ejabberd_ldap_uidattr %>", "%u"}]}. +<% if @ldap_server -%> +<% @ldap_server.map! { |server| '"%s"' % server } -%> +{ldap_servers, [<%= @ldap_server.join(", ") %>]}. +{ldap_base, "<%= @ldap_basedn %>"}. +{ldap_encrypt, <%= @ldap_encrypt %>}. +{ldap_port, <%= @ldap_port %>}. +{ldap_uids, [{"<%= @ldap_uid %>", "%u"}]}. {ldap_filter, "(!(loginShell=/sbin/nologin))"}. -<% if @ejabberd_ldap_binddn -%> -{ldap_rootdn, "<%= @ejabberd_ldap_binddn %>"}. -{ldap_password, "<%= @ejabberd_ldap_bindpw %>"}. +<% if @ldap_rootdn and @ldap_password -%> +{ldap_rootdn, "<%= @ldap_rootdn %>"}. +{ldap_password, "<%= @ldap_password %>"}. <% end -%> <% end -%> @@ -391,7 +391,7 @@ override_acls. %% %%{acl, admin, {user, "aleksey", "localhost"}}. %%{acl, admin, {user, "ermine", "example.org"}}. -<% @ejabberd_admin.each do |admin| +<% @admins.each do |admin| user, host = admin.split("@") -%> {acl, admin, {user, "<%= user %>", "<%= host %>"}}. <% end -%> @@ -429,7 +429,7 @@ user, host = admin.split("@") -%> %%%' ACCESS RULES %% Maximum number of simultaneous sessions allowed for a single user: -{access, max_user_sessions, [{100, all}]}. +{access, max_user_sessions, [{1000, all}]}. %% Maximum number of offline messages that users can have: {access, max_user_offline_messages, [{5000, admin}, {100, all}]}. @@ -554,29 +554,26 @@ user, host = admin.split("@") -%> {max_users, 1000}, {max_user_conferences, 2500}, {default_room_options, - [ + [ {allow_user_invites, true}, {anonymous, false}, {public, false}, -<% if @ejabberd_muclog_datadir -%> - {logging, true} +<% if @muclog_datadir -%> + {logging, true}, <% else -%> - {logging, false} + {logging, false}, <% end -%> + {max_users, 1000} ] } ]}, %%{mod_muc_log,[]}, -<% if @ejabberd_muclog_datadir -%> +<% if @muclog_datadir -%> {mod_muc_log, [ - {access_log, muc}, - {outdir, "<%= @ejabberd_muclog_datadir %>"}, - {dirtype, subdirs}, -<% if @ejabberd_muclog_format -%> - {file_format, <%= @ejabberd_muclog_format %>}, -<% end -%> - {cssfile, false}, - {top_link, {"/jabber-logs/", "Back to Logs"}} + {access_log, muc_admin}, + {file_format, <%= @muclog_format %>}, + {outdir, "<%= @muclog_datadir %>"}, + {timezone, universal} ]}, <% end -%> {mod_offline, [{access_max_user_messages, max_user_offline_messages}]},