tmakinen/puppet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

ejabberd: Manual merge from parameterize branch

Browse source
This commit is contained in:
Ossi Salmi 2015-05-18 14:58:20 +03:00
parent 16b1b084e6
commit 0dd12a0c20
3 changed files with 180 additions and 185 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

302
ejabberd/manifests/init.pp
View file

@ -1,111 +1,175 @@
# Install ejabberd.
#
# === Global variables
# === Parameters
#
# $ejabberd_hosts:
# $collab:
# Boolean for enabling collab integration. Defaults to false.
#
# $package:
# Ejabberd package source. Required for collab integration.
#
# $hosts:
# Array of domains serverd by ejabberd. Defaults to [ "$homename" ].
#
# $ejabberd_admin:
# $admins:
# Array of users with admin privileges.
#
# $ejabberd_ssl_key:
# Path to SSL private key.
# $webhosts:
# Array of BOSH virtual hosts.
#
# $ejabberd_ssl_cert:
# Path to SSL certificate.
#
# $ejabberd_ssl_chain:
# Path to SSL certificate chain.
#
# $ejabberd_muclog_datadir:
# Path where to store chatroom logs. Disabled by default.
#
# $ejabberd_muclog_format:
# Chatroom log format. Valid values html or plaintext.
#
# $ejabberd_auth:
# $auth:
# Authentication method or array of multiple methods.
# Valid values internal, external or ldap. Defaults to internal.
#
# $ejabberd_extauth:
# $extauth:
# Path to external authentication command.
#
# $ejabberd_ldap_server:
# $muclog_datadir:
# Path where to store chatroom logs. Disabled by default.
#
# $muclog_format:
# Chatroom log format. Valid values html or plaintext.
#
# $ssl_key:
# Path to SSL private key.
#
# $ssl_cert:
# Path to SSL certificate.
#
# $ssl_chain:
# Path to SSL certificate chain.
#
# $ldap_server:
# Array of LDAP authentication servers.
#
# $ejabberd_ldap_basedn:
# $ldap_basedn:
# LDAP base dn.
#
# $ejabberd_ldap_encrypt:
# $ldap_encrypt:
# LDAP encryption. Defaults to "tls".
#
# $ejabberd_ldap_port:
# $ldap_port:
# LDAP port. Defaults to 636.
#
# $ejabberd_ldap_uidattr:
# $ldap_uid:
# LDAP UID attribute. Defaults to "uid".
#
# $ejabberd_ldap_binddn:
# $ldap_rootdn:
# Optional bind DN.
#
# $ejabberd_ldap_bindpw:
# $ldap_password:
# Bind DN password.
#
class ejabberd {
class ejabberd(
$collab=false,
$package=undef,
$hosts=[$::homename],
$admins=[],
$webhosts=undef,
$auth="internal",
$extauth=undef,
$muclog_datadir=undef,
$muclog_format="plaintext",
$ssl_key="${::puppet_ssldir}/private_keys/${::homename}.pem",
$ssl_cert="${::puppet_ssldir}/certs/${::homename}.pem",
$ssl_chain=undef,
$ldap_server=undef,
$ldap_basedn=undef,
$ldap_encrypt="tls",
$ldap_port="636",
$ldap_uid="uid",
$ldap_rootdn=undef,
$ldap_password=undef
) {
include user::system
realize(User["ejabberd"], Group["ejabberd"])
if !$ejabberd_hosts {
$ejabberd_hosts = [ $homename ]
}
if !$ejabberd_admin {
$ejabberd_admin = []
}
if !$ejabberd_auth {
$ejabberd_auth = "internal"
if ! ($muclog_format in [ "html", "plaintext" ]) {
fail("Invalid value ${muclog_format} for muclog_format")
}
if !$ejabberd_ldap_encrypt {
$ejabberd_ldap_encrypt = "tls"
}
if !$ejabberd_ldap_port {
$ejabberd_ldap_port = "636"
}
if !$ejabberd_ldap_uidattr {
$ejabberd_ldap_uidattr = "uid"
case $::operatingsystem {
"centos","redhat","fedora": {
$package_provider = "rpm"
package { ["erlang", "erlang-esasl"]:
ensure => installed,
before => Package["ejabberd"],
}
}
"debian","ubuntu": {
$package_provider = "dpkg"
package { ["erlang", "erlang-base"]:
ensure => installed,
before => Package["ejabberd"],
}
}
default: { }
}
case $ejabberd_muclog_format {
"","html","plaintext": { }
default: {
fail("Invalid value ${ejabberd_muclog_format} for \$ejabberd_muclog_format.")
if $collab == true {
if ! $package {
fail("Must define package for collab integration")
}
file { "/usr/local/src/${package}":
ensure => present,
mode => "0644",
owner => "root",
group => "root",
source => "puppet:///files/packages/${package}",
before => Package["ejabberd"],
}
Package["ejabberd"] {
provider => $package_provider,
source => "/usr/local/src/${package}",
}
exec { "usermod-ejabberd":
path => "/bin:/usr/bin:/sbin:/usr/sbin",
command => "usermod -a -G collab ejabberd",
unless => "id -n -G ejabberd | grep '\\bcollab\\b'",
require => [ User["ejabberd"], Group["collab"] ],
notify => Service["ejabberd"],
}
Service["ejabberd"] {
require => Class["wiki::collab"],
}
if $muclog_datadir {
file { $muclog_datadir:
ensure => directory,
mode => "2770",
owner => "collab",
group => "collab",
require => User["collab"],
before => Service["ejabberd"],
}
}
}
package { "ejabberd":
ensure => installed,
ensure => $collab ? {
true => latest,
default => installed,
},
require => [ User["ejabberd"], Group["ejabberd"] ],
}
service { "ejabberd":
ensure => running,
enable => true,
status => "ejabberdctl status >/dev/null",
ensure => running,
enable => true,
status => "ejabberdctl status >/dev/null",
restart => "ejabberdctl restart >/dev/null",
}
include ssl
if !$ejabberd_ssl_key {
$ejabberd_ssl_key = "${puppet_ssldir}/private_keys/${homename}.pem"
}
if !$ejabberd_ssl_cert {
$ejabberd_ssl_cert = "${puppet_ssldir}/certs/${homename}.pem"
}
file { "${ssl::private}/ejabberd.key":
ensure => present,
source => $ejabberd_ssl_key,
source => $ssl_key,
mode => "0600",
owner => "root",
group => "root",
@ -113,16 +177,16 @@ class ejabberd {
}
file { "${ssl::certs}/ejabberd.crt":
ensure => present,
source => $ejabberd_ssl_cert,
source => $ssl_cert,
mode => "0644",
owner => "root",
group => "root",
notify => Exec["generate-ejabberd-pem"],
}
if $ejabberd_ssl_chain {
if $ssl_chain {
file { "${ssl::certs}/ejabberd.chain.crt":
ensure => present,
source => $ejabberd_ssl_chain,
source => $ssl_chain,
mode => "0644",
owner => "root",
group => "root",
@ -164,24 +228,17 @@ class ejabberd {
"debian", "ubuntu": {
augeas { "set-ejabberd-default":
context => "/files/etc/default/ejabberd",
changes => [ "set POLL true",
"set SMP auto", ],
changes => [ "set POLL true", "set SMP auto" ],
require => Package["ejabberd"],
notify => Service["ejabberd"],
}
}
default: { }
}
$htdocs = "/usr/share/ejabberd/htdocs"
define configwebhost($htdocs) {
file { "/srv/www/https/${name}/bosh":
ensure => link,
target => $htdocs,
require => File["/srv/www/https/${name}"],
}
}
if $ejabberd_webhosts {
if $webhosts {
include apache::mod::proxy
include apache::mod::proxy_http
include apache::mod::rewrite
@ -213,7 +270,7 @@ class ejabberd {
proto => "tcp",
}
configwebhost { $ejabberd_webhosts:
ejabberd::configwebhost { $webhosts:
htdocs => $htdocs,
}
}
@ -221,68 +278,14 @@ class ejabberd {
}
# Install ejabberd with collab customizations.
# Enable bosh on virtual host.
#
# === Global variables
#
# $ejabberd_package:
# Name of ejabberd package with collab patches.
#
class ejabberd::collab inherits ejabberd {
define ejabberd::configwebhost($htdocs) {
if !$ejabberd_package {
fail("Must define \$ejabberd_package")
}
exec { "usermod-ejabberd":
path => "/bin:/usr/bin:/sbin:/usr/sbin",
command => "usermod -a -G collab ejabberd",
unless => "id -n -G ejabberd | grep '\\bcollab\\b'",
require => [ User["ejabberd"], Group["collab"] ],
}
case $::operatingsystem {
"centos","redhat","fedora": {
package { ["erlang", "erlang-esasl"]:
ensure => installed,
before => Package["ejabberd"],
}
}
"debian","ubuntu": {
package { ["erlang", "erlang-base"]:
ensure => installed,
before => Package["ejabberd"],
}
}
}
file { "/usr/local/src/${ejabberd_package}":
ensure => present,
mode => "0644",
owner => "root",
group => "root",
source => "puppet:///files/packages/${ejabberd_package}",
before => Package["ejabberd"],
}
Package["ejabberd"] {
provider => $::operatingsystem ? {
"centos" => "rpm",
"redhat" => "rpm",
"fedora" => "rpm",
"debian" => "dpkg",
"ubuntu" => "dpkg",
},
source => "/usr/local/src/${ejabberd_package}",
}
if $ejabberd_muclog_datadir {
file { $ejabberd_muclog_datadir:
ensure => directory,
mode => "2770",
owner => "collab",
group => "collab",
require => User["collab"],
before => Service["ejabberd"],
}
file { "/srv/www/https/${name}/bosh":
ensure => link,
target => $htdocs,
require => File["/srv/www/https/${name}"],
}
}
@ -290,40 +293,35 @@ class ejabberd::collab inherits ejabberd {
# Install ejabberd backup cron script.
#
# === Global variables
# === Parameters
#
# $ejabberd_backup_datadir:
# Path where to store the backups.
# $datadir:
# Path where to store the backups. Defaults to "/srv/ejabberd-backup".
#
class ejabberd::backup {
class ejabberd::backup($datadir="/srv/ejabberd-backup") {
if ! $ejabberd_backup_datadir {
$ejabberd_backup_datadir = "/srv/ejabberd-backup"
}
file { $ejabberd_backup_datadir:
ensure => directory,
mode => "0700",
owner => "root",
group => "root",
file { $datadir:
ensure => directory,
mode => "0700",
owner => "root",
group => "root",
}
file { "/usr/local/sbin/ejabberd-backup":
ensure => present,
content => template("ejabberd/ejabberd-backup.erb"),
mode => "0755",
owner => "root",
group => "root",
content => template("ejabberd/ejabberd-backup.erb"),
}
cron { "ejabberd-backup":
ensure => present,
command => "/usr/local/sbin/ejabberd-backup",
user => "root",
minute => 15,
hour => 21,
require => File[ $ejabberd_backup_datadir,
"/usr/local/sbin/ejabberd-backup" ],
minute => "15",
hour => "21",
require => File[$datadir, "/usr/local/sbin/ejabberd-backup"],
}
}

2
ejabberd/templates/ejabberd-backup.erb
View file

@ -25,7 +25,7 @@
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
DESTDIR="<%= @ejabberd_backup_datadir %>"
DESTDIR="<%= @datadir %>"
if [ ! -d ${DESTDIR} ]; then
echo "ERR: ejabberd backup directory [${DESTDIR}] does not exist" 1>&2

59
ejabberd/templates/ejabberd.cfg.erb
View file

@ -89,8 +89,8 @@ override_acls.
%% You can define one or several, for example:
%% {hosts, ["example.net", "example.com", "example.org"]}.
%%
<% @ejabberd_hosts.map! { |host| '"%s"' % host } -%>
{hosts, [<%= @ejabberd_hosts.join(", ") %>]}.
<% @hosts.map! { |host| '"%s"' % host } -%>
{hosts, [<%= @hosts.join(", ") %>]}.
%%
%% route_subdomains: Delegate subdomains to other XMPP servers.
@ -213,25 +213,25 @@ override_acls.
%%%. ==============
%%%' AUTHENTICATION
<% if @ejabberd_auth.is_a?(Array) -%>
{auth_method, [<%= @ejabberd_auth.join(", ") %>]}.
<% if @auth.is_a?(Array) -%>
{auth_method, [<%= @auth.join(", ") %>]}.
<% else -%>
{auth_method, <%= @ejabberd_auth %>}.
{auth_method, <%= @auth %>}.
<% end -%>
<% if @ejabberd_extauth -%>
{extauth_program, "<%= @ejabberd_extauth %>"}.
<% if @extauth -%>
{extauth_program, "<%= @extauth %>"}.
<% end -%>
<% if @ejabberd_ldap_server -%>
<% @ejabberd_ldap_server.map! { |server| '"%s"' % server } -%>
{ldap_servers, [<%= @ejabberd_ldap_server.join(", ") %>]}.
{ldap_base, "<%= @ejabberd_ldap_basedn %>"}.
{ldap_encrypt, <%= @ejabberd_ldap_encrypt %>}.
{ldap_port, <%= @ejabberd_ldap_port %>}.
{ldap_uids, [{"<%= @ejabberd_ldap_uidattr %>", "%u"}]}.
<% if @ldap_server -%>
<% @ldap_server.map! { |server| '"%s"' % server } -%>
{ldap_servers, [<%= @ldap_server.join(", ") %>]}.
{ldap_base, "<%= @ldap_basedn %>"}.
{ldap_encrypt, <%= @ldap_encrypt %>}.
{ldap_port, <%= @ldap_port %>}.
{ldap_uids, [{"<%= @ldap_uid %>", "%u"}]}.
{ldap_filter, "(!(loginShell=/sbin/nologin))"}.
<% if @ejabberd_ldap_binddn -%>
{ldap_rootdn, "<%= @ejabberd_ldap_binddn %>"}.
{ldap_password, "<%= @ejabberd_ldap_bindpw %>"}.
<% if @ldap_rootdn and @ldap_password -%>
{ldap_rootdn, "<%= @ldap_rootdn %>"}.
{ldap_password, "<%= @ldap_password %>"}.
<% end -%>
<% end -%>
@ -391,7 +391,7 @@ override_acls.
%%
%%{acl, admin, {user, "aleksey", "localhost"}}.
%%{acl, admin, {user, "ermine", "example.org"}}.
<% @ejabberd_admin.each do |admin|
<% @admins.each do |admin|
user, host = admin.split("@") -%>
{acl, admin, {user, "<%= user %>", "<%= host %>"}}.
<% end -%>
@ -429,7 +429,7 @@ user, host = admin.split("@") -%>
%%%' ACCESS RULES
%% Maximum number of simultaneous sessions allowed for a single user:
{access, max_user_sessions, [{100, all}]}.
{access, max_user_sessions, [{1000, all}]}.
%% Maximum number of offline messages that users can have:
{access, max_user_offline_messages, [{5000, admin}, {100, all}]}.
@ -558,25 +558,22 @@ user, host = admin.split("@") -%>
{allow_user_invites, true},
{anonymous, false},
{public, false},
<% if @ejabberd_muclog_datadir -%>
{logging, true}
<% if @muclog_datadir -%>
{logging, true},
<% else -%>
{logging, false}
{logging, false},
<% end -%>
{max_users, 1000}
]
}
]},
%%{mod_muc_log,[]},
<% if @ejabberd_muclog_datadir -%>
<% if @muclog_datadir -%>
{mod_muc_log, [
{access_log, muc},
{outdir, "<%= @ejabberd_muclog_datadir %>"},
{dirtype, subdirs},
<% if @ejabberd_muclog_format -%>
{file_format, <%= @ejabberd_muclog_format %>},
<% end -%>
{cssfile, false},
{top_link, {"/jabber-logs/", "Back to Logs"}}
{access_log, muc_admin},
{file_format, <%= @muclog_format %>},
{outdir, "<%= @muclog_datadir %>"},
{timezone, universal}
]},
<% end -%>
{mod_offline, [{access_max_user_messages, max_user_offline_messages}]},