Merge pull request #43 from puppetlabs-seteam/ipcrm_flask_app_gunicorn

Add Pupppet_webapp, Bolt/task examples, Hiera5

Puppetfile

@@ -2,6 +2,7 @@ forge "http://forge.puppetlabs.com"
 
 # Modules from the Puppet Forge
 # Versions should be updated to be the latest at the time you start
+mod 'puppetlabs/exec', '0.1.0'
 mod 'puppetlabs/inifile', '1.6.0'
 mod "puppetlabs/stdlib", '4.17.0'
 mod 'puppetlabs-ciscopuppet', '1.7.0'
@@ -42,7 +43,7 @@ mod 'trlinkin/domain_membership', '1.1.2'
 mod 'ipcrm/echo', '0.1.3'
 mod 'stahnma/epel', '1.2.2'
 mod 'aristanetworks-eos', '1.5.0'
-mod 'puppet-hiera', '3.0.0'
+mod 'puppet-hiera', '3.2.0'
 mod 'puppetlabs-iis', '4.0.0'
 mod 'rtyler/jenkins', '1.7.0'
 mod 'aristanetworks-netdev_stdlib_eos', '1.2.0'
@@ -67,6 +68,7 @@ mod 'jriviere/windows_ad', '0.3.2'
 mod 'crayfishx-purge', '1.2.0'
 mod 'puppet-splunk', '5.1.0'
 mod 'jpadams-puppet_vim_env', '2.3.0'
+mod 'stankevich-python', '1.18.2'
 mod 'gogs',
   :git => 'https://github.com/ipcrm/puppet-gogs.git',
   :ref => '59f7800ad3512cf371c47902996df0b927267805'
@@ -82,3 +84,11 @@ mod 'demo_cis',
 mod 'rgbank',
   :git => 'https://github.com/ipcrm/puppetlabs-rgbank.git',
   :ref => 'master'
+
+mod 'facter_task',
+  :git => '[email protected]:ipcrm/puppetlabs-facter_task.git',
+  :ref => 'master'
+
+mod 'bolt',
+  :git => '[email protected]:puppetlabs/bolt.git',
+  :ref => 'master'

Rakefile

@@ -8,6 +8,7 @@ require 'json'
 require 'rest-client'
 
 PuppetSyntax.app_management = true
+PuppetSyntax.exclude_paths = ["site/**/plans/*"]
 PuppetLint.configuration.fail_on_warnings = true
 PuppetLint.configuration.send('relative')
 PuppetLint.configuration.send('disable_140chars')
@@ -89,7 +90,7 @@ def spec_gen(create=false)
     classes = Array.new
 
     pattern = 'site/profile/manifests/*/*.pp' if m == 'profile'
-    pattern = 'site/role/manifests/*.pp' if m == 'role'
+    pattern = 'site/role/manifests/*/*.pp' if m == 'role'
     Dir.glob("#{pattern}").each do |f|
       File.open(f).read.each_line do |l|
         c = l.scan(/(\s+)?class\s+([a-zA-Z:_]+)\s+[\{,\(]/)

site/profile/functions/failed.pp

@@ -0,0 +1,3 @@
+function profile::failed(Array[Hash] $results) >> Boolean {
+  $results.any |$r| { $r['_error'] }
+}

site/profile/lib/facter/puppet_webapp.rb

@@ -0,0 +1,12 @@
+# Get Webapp version, if installed
+Facter.add(:puppet_webapp) do
+  confine :kernel => 'Linux'
+  setcode do
+    ret = Facter::Util::Resolution.exec('python -c "import pkg_resources; print pkg_resources.get_distribution(\'puppet_webapp\').version" 2>/dev/null')
+    if ret.to_s.strip.empty?
+      nil
+    else
+      ret
+    end
+  end
+end

site/profile/lib/puppet/functions/profile/puts.rb

@@ -0,0 +1,10 @@
+Puppet::Functions.create_function(:'profile::puts') do
+  dispatch :pts do
+    param 'String', :msg
+  end
+
+  def pts(msg)
+    time = Time.new
+    puts "#{time.inspect}: #{msg}"
+  end
+end

site/profile/manifests/app/haproxy.pp

@@ -0,0 +1,52 @@
+class profile::app::haproxy {
+
+  if $::kernel == 'windows' {
+    fail('Unsupported OS')
+  }
+
+  # Use at least 1.5 on all platforms
+  if $::facts['os']['name'] == 'Ubuntu' {
+
+    include ::apt
+
+    apt::ppa { 'ppa:vbernat/haproxy-1.5':
+      package_manage => true,
+    }
+
+  }
+
+  package {'socat':
+    ensure => present,
+  }
+
+  class { '::haproxy':
+    global_options   => {
+      'log'     => "${::ipaddress} local0",
+      'chroot'  => '/var/lib/haproxy',
+      'pidfile' => '/var/run/haproxy.pid',
+      'maxconn' => '4000',
+      'user'    => 'haproxy',
+      'group'   => 'haproxy',
+      'daemon'  => '',
+      'stats'   => 'socket /var/lib/haproxy/stats level admin',
+    },
+    defaults_options => {
+      'log'     => 'global',
+      'stats'   => 'enable',
+      'option'  => [
+        'redispatch',
+      ],
+      'retries' => '3',
+      'timeout' => [
+        'http-request 10s',
+        'queue 1m',
+        'connect 10s',
+        'client 1m',
+        'server 1m',
+        'check 10s',
+      ],
+      'maxconn' => '8000',
+    },
+  }
+
+}

site/profile/manifests/app/puppet_webapp/lb.pp

@@ -0,0 +1,57 @@
+class profile::app::puppet_webapp::lb (
+  $dev_hostname = 'devapp.puppet.vm',
+  $prod_hostname = 'prodapp.puppet.vm',
+){
+
+  require ::profile::app::haproxy
+
+  haproxy::mapfile { 'domains-to-backends':
+    ensure   => 'present',
+    mappings => [
+      { $dev_hostname  => 'dev_bk' },
+      { $prod_hostname => 'prod_bk' },
+    ],
+  }
+
+  haproxy::frontend { 'allapps':
+    ipaddress => '0.0.0.0',
+    ports     => '80',
+    mode      => 'http',
+    options   => {
+      'use_backend' => [
+        "dev_bk if { hdr(Host) -i ${dev_hostname} }",
+        "prod_bk if { hdr(Host) -i ${prod_hostname} }",
+      ],
+    },
+  }
+
+  haproxy::backend { 'dev_bk':
+    mode    => 'http',
+    options => {
+      'option'  => [
+        'tcplog',
+      ],
+      'balance' => 'roundrobin',
+    },
+  }
+
+  haproxy::backend { 'prod_bk':
+    mode    => 'http',
+    options => {
+      'option'  => [
+        'tcplog',
+      ],
+      'balance' => 'roundrobin',
+    },
+  }
+
+  Haproxy::Balancermember <<| listening_service == 'dev_bk' |>>
+  Haproxy::Balancermember <<| listening_service == 'prod_bk' |>>
+
+  firewall { '111 allow http 80 access':
+    dport  => 80,
+    proto  => tcp,
+    action => accept,
+  }
+
+}

site/profile/manifests/app/puppet_webapp/webhead.pp

@@ -0,0 +1,40 @@
+class profile::app::puppet_webapp::webhead (
+  $app_name    = 'webui',
+  $app_version = '0.1.12',
+  $dist_file   = "https://github.com/ipcrm/puppet_webapp/releases/download/${app_version}/puppet_webapp-${app_version}.tar.gz",
+  $vhost_name  = $::fqdn,
+  $vhost_port  = '8008',
+  $doc_root    = '/var/www/flask',
+  $app_env     = pick_default($::appenv,'dev')
+) {
+
+  $options = {
+    app_name    => $app_name,
+    app_version => $app_version,
+    dist_file   => $dist_file,
+    vhost_name  => $vhost_name,
+    vhost_port  => $vhost_port,
+    doc_root    => $doc_root,
+    app_env     => $app_env,
+  }
+
+  case $::osfamily {
+
+    'Debian': {
+      class {'::profile::app::puppet_webapp::webhead::ubuntu':
+        * => $options,
+      }
+    }
+
+    'RedHat': {
+      class {'::profile::app::puppet_webapp::webhead::rhel':
+        * => $options,
+      }
+    }
+
+    default: {
+      fail('Unsupported OS')
+    }
+
+  }
+}

site/profile/manifests/app/puppet_webapp/webhead/rhel.pp

@@ -0,0 +1,106 @@
+class profile::app::puppet_webapp::webhead::rhel (
+  $app_name = 'webui',
+  $app_version = '0.1.12',
+  $dist_file = "https://github.com/ipcrm/puppet_webapp/releases/download/${app_version}/puppet_webapp-${app_version}.tar.gz",
+  $vhost_name = $::fqdn,
+  $vhost_port = '8008',
+  $doc_root = '/var/www/flask',
+  $app_env  = pick_default($::appenv,'dev')
+){
+
+  require ::profile::platform::baseline
+
+  class {'::profile::app::webserver::apache':
+    default_vhost => false,
+  }
+
+  $_local_archive = basename($dist_file)
+
+  package{'python-pip':
+    ensure => present,
+  }
+
+  package{'flask':
+    ensure   => present,
+    provider => 'pip',
+    require  => Package['python-pip'],
+  }
+
+  file {'/var/www':
+    ensure => directory,
+    mode   => '0755',
+  }
+
+  file {$doc_root:
+    ensure => directory,
+    mode   => '0755',
+  }
+
+  file { "${doc_root}/wsgi.py":
+    ensure  => file,
+    mode    => '0755',
+    content => template('profile/app/puppet_webapp_wsgi.py.erb'),
+  }
+
+  apache::vhost { $vhost_name:
+    port                        => $vhost_port,
+    docroot                     => $doc_root,
+    wsgi_application_group      => '%{GLOBAL}',
+    wsgi_daemon_process         => 'wsgi',
+    wsgi_daemon_process_options => {
+      processes    => '2',
+      threads      => '15',
+      display-name => '%{GROUP}',
+    },
+    wsgi_import_script          => "${doc_root}/wsgi.py",
+    wsgi_import_script_options  => {
+      process-group     => 'wsgi',
+      application-group => '%{GLOBAL}',
+    },
+    wsgi_process_group          => 'wsgi',
+    wsgi_script_aliases         => {
+      '/' => "${doc_root}/wsgi.py",
+    },
+  }
+
+  exec {'retrieve sdist':
+    path    => $::path,
+    command => "curl -L -o /usr/local/src/${_local_archive} \'${dist_file}\'",
+    creates => "/usr/local/src/${_local_archive}",
+  }
+
+  exec { 'remove puppet-webapp if wrong version':
+    path    => '/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin',
+    command => 'pip uninstall --yes puppet-webapp',
+    unless  => "pip list | grep puppet-webapp | grep ${app_version}",
+    onlyif  => 'pip list | grep puppet-webapp',
+    notify  => Exec["pip install ${_local_archive}"],
+  }
+
+  exec { "pip install ${_local_archive}":
+    path    => '/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin',
+    command => "pip install /usr/local/src/${_local_archive} --ignore-installed --no-deps",
+    unless  => 'pip list | grep puppet-webapp',
+    require => [
+      Exec['retrieve sdist'],
+      Exec['remove puppet-webapp if wrong version'],
+      Class['apache'],
+    ],
+    notify  => Class['Apache::Service'],
+  }
+
+  firewall { "110 allow http ${vhost_port}  access":
+    dport  => $vhost_port,
+    proto  => tcp,
+    action => accept,
+  }
+
+  @@haproxy::balancermember { "haproxy-${::fqdn}":
+    listening_service => "${app_env}_bk",
+    ports             => $vhost_port,
+    server_names      => $::hostname,
+    ipaddresses       => $::ipaddress,
+    options           => 'check',
+  }
+
+}