/[adm]/puppet/modules/sympa/manifests/init.pp
ViewVC logotype

Contents of /puppet/modules/sympa/manifests/init.pp

Parent Directory Parent Directory | Revision Log Revision Log

Revision 690 - (show annotations) (download)
Fri Jan 7 02:15:53 2011 UTC (13 years, 3 months ago) by misc
File size: 11095 byte(s) 
- disable list creation request by the web interface, as this would bypass puppet
completly
1 class sympa {
2 class variable {
3 $vhost = "ml.$domain"
4 }
5
6 class server inherits variable {
7 # perl-CGI-Fast is needed for fast cgi
8 # perl-Socket6 is required by perl-IO-Socket-SSL
9 # (optional requirement)
10 $package_list = ['sympa', 'sympa-www', 'perl-CGI-Fast',
11 'perl-Socket6']
12
13 package { $package_list:
14 ensure => installed;
15 }
16
17 # sympa script start 5 differents script, I am not
18 # sure that puppet will correctly handle this
19 service { "sympa":
20 ensure => running,
21 hasstatus => true,
22 subscribe => [ Package["sympa"], File['/etc/sympa/sympa.conf']]
23 }
24
25 $pgsql_password = extlookup("sympa_pgsql",'x')
26 $ldap_password = extlookup("sympa_ldap",'x')
27
28 @@postgresql::user { 'sympa':
29 password => $pgsql_password,
30 }
31
32 file { '/etc/sympa/sympa.conf':
33 ensure => present,
34 # should be cleaner to have it root owned, but puppet do not support acl
35 # and in any case, config will be reset if it change
36 owner => sympa,
37 group => apache,
38 mode => 640,
39 content => template("sympa/sympa.conf")
40 }
41
42 file { '/etc/sympa/auth.conf':
43 ensure => present,
44 owner => root,
45 group => root,
46 mode => 644,
47 content => template("sympa/auth.conf"),
48 notify => Service['httpd']
49 }
50
51
52 include apache::mod_fcgid
53 apache::webapp_other{"sympa":
54 webapp_file => "sympa/webapp_sympa.conf",
55 }
56
57 apache::vhost_redirect_ssl { "$vhost": }
58
59 apache::vhost_other_app { "$vhost":
60 vhost_file => "sympa/vhost_ml.conf",
61 }
62
63 openssl::self_signed_cert{ "$vhost":
64 directory => "/etc/ssl/apache/"
65 }
66
67
68 @@postgresql::database { 'sympa':
69 description => "Sympa database",
70 user => "sympa",
71 require => Postgresql::User["sympa"]
72 }
73
74 subversion::snapshot { "/etc/sympa/web_tt2":
75 source => "svn://svn.mageia.org/svn/web/templates/sympa/trunk"
76 }
77
78 file { ["/etc/sympa/lists_xml/",
79 "/etc/sympa/scenari/",
80 "/etc/sympa/data_sources/",
81 "/etc/sympa/search_filters/"]:
82 ensure => directory,
83 owner => root,
84 group => root,
85 mode => 755,
86 purge => true,
87 recurse => true,
88 force => true,
89 }
90
91 file { ["/etc/sympa/scenari/subscribe.open_web_only_notify",
92 "/etc/sympa/scenari/unsubscribe.open_web_only_notify"]:
93 ensure => present,
94 owner => root,
95 group => root,
96 mode => 755,
97 source => "puppet:///modules/sympa/scenari/open_web_only_notify",
98 }
99
100 file { ["/etc/sympa/scenari/send.subscriber_moderated"]:
101 ensure => present,
102 owner => root,
103 group => root,
104 mode => 755,
105 source => "puppet:///modules/sympa/scenari/subscriber_moderated",
106 }
107
108 file { ["/etc/sympa/scenari/create_list.forbidden"]:
109 ensure => present,
110 owner => root,
111 group => root,
112 mode => 755,
113 source => "puppet:///modules/sympa/scenari/forbidden",
114 }
115
116
117 file { ["/etc/sympa/topics.conf"]:
118 ensure => present,
119 owner => root,
120 group => root,
121 mode => 755,
122 source => "puppet:///modules/sympa/topics.conf",
123 }
124
125 define ldap_search_filter {
126 file { "/etc/sympa/search_filters/$name.ldap":
127 ensure => present,
128 owner => root,
129 group => root,
130 mode => 755,
131 content => template('sympa/search_filters/group.ldap')
132 }
133 }
134
135 define ldap_group_datasource {
136 file { "/etc/sympa/data_sources/$name.incl":
137 ensure => present,
138 owner => root,
139 group => root,
140 mode => 755,
141 content => template('sympa/data_sources/ldap_group.incl')
142 }
143 }
144
145 define scenario_sender_ldap_group {
146 file { "/etc/sympa/scenari/send.restricted_$name":
147 ensure => present,
148 owner => root,
149 group => root,
150 mode => 755,
151 content => template('sympa/scenari/sender.ldap_group')
152 }
153 }
154
155 define scenario_sender_email {
156 file { "/etc/sympa/scenari/send.restricted_$name":
157 ensure => present,
158 owner => root,
159 group => root,
160 mode => 755,
161 content => template('sympa/scenari/sender.email')
162 }
163 }
164
165 # add each group that could be used in a sympa ml either as
166 # - owner
167 # - editor ( moderation )
168 ldap_group_datasource { "mga-sysadmin": }
169 ldap_group_datasource { "mga-ml_moderators": }
170
171
172 # directory that will hold the list data
173 # i am not sure of the name ( misc, 09/12/10 )
174 file { "/var/lib/sympa/expl/":
175 ensure => directory,
176 owner => sympa,
177 group => root,
178 mode => 755,
179 }
180 }
181
182 define list($subject,
183 $profile = false,
184 $language = 'en',
185 $topics = false,
186 $reply_to = false,
187 $sender_email = false,
188 $sender_ldap_group = false,
189 $subscriber_ldap_group = false,
190 $public_archive = true ) {
191
192 include sympa::variable
193
194 $xml_file = "/etc/sympa/lists_xml/$name.xml"
195
196 if $sender_email {
197 $sender_email_file = regsubst($sender_email,'\@','-at-')
198 } else {
199 $sender_email_file = ''
200 }
201
202 file { "$xml_file":
203 owner => root,
204 group => root,
205 content => template('sympa/list.xml')
206 }
207
208 exec { "sympa.pl --create_list --robot=$sympa::variable::vhost --input_file=$xml_file":
209 require => File["$xml_file"],
210 creates => "/var/lib/sympa/expl/$name",
211 before => File["/var/lib/sympa/expl/$name/config"],
212 }
213
214 file { "/var/lib/sympa/expl/$name/config":
215 ensure => present,
216 owner => sympa,
217 group => sympa,
218 mode => 750,
219 content => template("sympa/config"),
220 notify => Service['sympa'],
221 }
222
223 if $sender_ldap_group {
224 if ! defined(Sympa::Server::Scenario_sender_ldap_group[$sender_ldap_group]) {
225 sympa::server::scenario_sender_ldap_group { $sender_ldap_group: }
226 }
227 }
228
229 if $sender_email {
230 if ! defined(Sympa::Server::Scenario_sender_email[$sender_email_file]) {
231 sympa::server::scenario_sender_email { $sender_email_file: }
232 }
233 }
234
235 if $subscriber_ldap_group {
236 if ! defined(Sympa::Server::Ldap_search_filter[$subscriber_ldap_group]) {
237 sympa::server::ldap_search_filter { $subscriber_ldap_group: }
238 }
239 }
240 }
241
242 #
243 # various types of list that can be directly used
244 #
245 #
246 define public_list($subject, $language = 'en', $topics = false) {
247 list { $name:
248 subject => $subject,
249 # profile => "public",
250 language => $language,
251 topics => $topics,
252 }
253 }
254
255 # list where announce are sent by member of ldap_group
256 # reply_to is set to $reply_to
257 define announce_list_group($subject, $reply_to, $sender_ldap_group, $language = 'en', $topics = false) {
258 # profile + scenario
259 list{ $name:
260 subject => $subject,
261 profile => "",
262 language => $language,
263 topics => $topics,
264 reply_to => $reply_to,
265 sender_ldap_group => $sender_ldap_group,
266 }
267 }
268
269
270 # list where announce are sent by $email only
271 # reply_to is set to $reply_to
272 define announce_list_email($subject, $reply_to, $sender_email, $language = 'en', $topics = false) {
273 list{ $name:
274 subject => $subject,
275 profile => "",
276 language => $language,
277 topics => $topics,
278 reply_to => $reply_to,
279 sender_email => $sender_email,
280 }
281 }
282
283 # list where people cannot subscribe, where people from $ldap_group receive
284 # mail, with public archive
285 define restricted_list($subject, $subscriber_ldap_group, $language = 'en', $topics = false) {
286 list{ $name:
287 subject => $subject,
288 profile => "",
289 topics => $topics,
290 language => $language,
291 subscriber_ldap_group => $subscriber_ldap_group,
292 sender_ldap_group => $subscriber_ldap_group,
293 }
294 }
295
296 # same as restricted list, but anybody can post
297 define restricted_list_open($subject, $subscriber_ldap_group, $language = 'en', $topics = false) {
298 list{ $name:
299 subject => $subject,
300 profile => "",
301 language => $language,
302 topics => $topics,
303 subscriber_ldap_group => $subscriber_ldap_group,
304 sender_ldap_group => $subscriber_ldap_group,
305 }
306 }
307
308 # list with private archive, restricted to member of $ldap_group
309 define private_list($subject, $subscriber_ldap_group, $language ='en', $topics = false) {
310 list{ $name:
311 subject => $subject,
312 profile => "",
313 language => $language,
314 topics => $topics,
315 subscriber_ldap_group => $subscriber_ldap_group,
316 sender_ldap_group => $subscriber_ldap_group,
317 public_archive => false,
318 }
319 }
320
321 # list with private archive, restricted to member of $ldap_group
322 # everybody can post
323 # used for contact alias
324 define private_list_open($subject, $subscriber_ldap_group, $language ='en', $topics = false) {
325 list{ $name:
326 subject => $subject,
327 profile => "",
328 language => $language,
329 topics => $topics,
330 subscriber_ldap_group => $subscriber_ldap_group,
331 public_archive => false,
332 }
333 }
334
335 # same as private_list, but post are restricted to $email
336 # ( scripting )
337 define private_list_email($subject, $subscriber_ldap_group, $sender_email, $language ='en', $topics = false) {
338 list{ $name:
339 subject => $subject,
340 profile => "",
341 language => $language,
342 topics => $topics,
343 subscriber_ldap_group => $subscriber_ldap_group,
344 sender_email => $sender_email,
345 public_archive => false,
346 }
347 }
348 }
349
  ViewVC Help
Powered by ViewVC 1.1.30