Fulcrum demo

.gitignore

@@ -24,3 +24,4 @@
 .DS_Store
 /modules/
 Puppetfile.lock
+.tool-versions

manifests/profile/fulcrum/app.pp

@@ -26,7 +26,7 @@
     'libreoffice',
     'libjemalloc2',
     'netpbm-sf',
-    "openjdk-${jdk_version}-jre-headless",
+    "temurin-${jdk_version}-jre",
     'pdftk',
     'qpdf',
     'shared-mime-info',

manifests/profile/fulcrum/fedora.pp

@@ -8,46 +8,56 @@
   String $fedora_username = 'fedora',
   String $fedora_password = lookup('nebula::profile::fulcrum::mysql::fedora_password'),
 ) {
+  $jdk_version = lookup('nebula::jdk_version')
+  # used in erb file
+  $java_home = "/usr/lib/jvm/temurin-${jdk_version}-jre-amd64"
+
   ensure_packages([
-    'tomcat8-user',
+    'tomcat9-user',
   ])
 
   file { '/etc/sudoers.d/fedora':
     content => template('nebula/profile/fulcrum/sudoers-fedora.erb'),
   }
 
+  exec { 'create fedora tomcat':
+    command => '/usr/bin/tomcat9-instance-create fedora',
+    cwd     => '/opt',
+    creates => '/opt/fedora',
+    require => [
+      User['fulcrum'],
+      Package['tomcat9-user'],
+    ],
+  }
+
   file {
     ['/var/lib/fedora', '/var/log/fedora', '/opt/fedora', '/tmp/fedora']:
       ensure => directory,
       owner  => 'fulcrum',
       group  => 'fulcrum',
+      require => Exec['create fedora tomcat'],
     ;
   }
 
-  exec { 'create fedora tomcat':
-    command => '/usr/bin/tomcat8-instance-create fedora',
-    cwd     => '/opt',
-    user    => 'fulcrum',
-    creates => '/opt/fedora',
-    require => [
-      User['fulcrum'],
-      Package['tomcat8-user'],
-    ],
+  exec { 'chown -r /opt/fedora':
+    command => '/usr/bin/chown -R fulcrum:fulcrum /opt/fedora',
+    require => Exec['create fedora tomcat'],
   }
 
   file { '/opt/fedora/logs':
     ensure  => 'symlink',
     owner   => 'fulcrum',
     group   => 'fulcrum',
+    force   => true,
     target  => '/var/log/fedora',
     require => Exec['create fedora tomcat'],
   }
 
   archive { '/opt/fedora/webapps/fedora.war':
     ensure        => present,
     extract       => false,
-    source        => 'https://github.com/fcrepo/fcrepo/releases/download/fcrepo-4.7.4/fcrepo-webapp-4.7.4.war',
-    checksum      => '11e06c843f40cf2b9f26bda94ddfe6d85d69a591',
+    source        => 'https://github.com/fcrepo/fcrepo/releases/download/fcrepo-4.7.6/fcrepo-webapp-4.7.6.war',
+    checksum      => '5882d8a4dc8b3817374503dff2043be79d9bbd72',
     checksum_type => 'sha1',
     cleanup       => false,
     user          => 'fulcrum',
@@ -81,7 +91,7 @@
       File['/etc/systemd/system/fedora.service'],
       File['/var/lib/fedora'],
       Archive['/opt/fedora/webapps/fedora.war'],
-      Mysql::Db['fedora'],
+      Service['mysqld'],
     ],
   }
 }

manifests/profile/fulcrum/hosts.pp

@@ -6,6 +6,7 @@
 class nebula::profile::fulcrum::hosts (
   $fedora = '127.0.0.1',
   $mysql = '127.0.0.1',
+  $keycard = '127.0.0.1',
   $redis = '127.0.0.1',
   $solr = '127.0.0.1',
 ) {
@@ -17,6 +18,10 @@
     ip => $mysql,
   }
 
+  host { 'keycard':
+    ip => $keycard,
+  }
+
   host { 'redis':
     ip => $redis,
   }

manifests/profile/fulcrum/mysql.pp

@@ -7,32 +7,51 @@
 class nebula::profile::fulcrum::mysql (
   String $fedora_password,
   String $fulcrum_password,
-  String $checkpoint_password,
   String $shibd_password,
+  String $root_password,
 ) {
-  include nebula::profile::mysql
 
-  mysql::db { 'fedora':
-    user     => 'fedora',
-    password => $fedora_password,
-    host     => 'localhost',
+  # Install and configure mysql server
+  ensure_packages(['mariadb-common','mariadb-server', 'mariadb-client'])
+
+# at some point need to do equivalent to `mysql_install_db --user=mysql --ldata=/var/lib/mysql`
+
+  service { 'mysqld':
+    enable  => true,
+    ensure  => running,
+    require => Package['mariadb-server'],
+  }
+
+  file { "/etc/mysql/conf.d":
+    ensure => "directory"
   }
 
-  mysql::db { 'fulcrum':
-    user     => 'fulcrum',
-    password => $fulcrum_password,
-    host     => 'localhost',
+  file { "/etc/mysql/my.cnf":
+    owner => "mysql", group => "mysql",
+    content => template('nebula/mysql/my.cnf.erb'),
+    notify => Service["mysqld"],
+    require => Package["mariadb-server"],
   }
 
-  mysql::db { 'checkpoint':
-    user     => 'checkpoint',
-    password => $checkpoint_password,
-    host     => 'localhost',
+  exec { "set-mysql-password":
+    unless => "mysqladmin -uroot -p$root_password status",
+    path => ["/bin", "/usr/bin"],
+    command => "mysqladmin -uroot password $root_password",
+    require => Service["mysqld"],
   }
 
-  mysql::db { 'shibd':
-    user     => 'shibd',
-    password => $shibd_password,
-    host     => 'localhost',
+  $dbs = [['fedora', 'fedora', $fedora_password], ['fulcrum', 'fulcrum', $fulcrum_password],
+  ['checkpoint', 'fulcrum', $fulcrum_password], ['shibd', 'shibd', $shibd_password]]
+
+  $dbs.each |$db| {
+    $name = $db[0]
+    $user = $db[1]
+    $password = $db[2]
+    exec { "create-${name}-db":
+      unless => "/usr/bin/mysql -u${user} -p${password} ${name}",
+      command => "/usr/bin/mysql -uroot -p${root_password} -e \"create database ${name}; grant all on ${name}.* to ${user}@localhost identified by '${password}';\"",
+      require => Service["mysqld"],
+    }
   }
+
 }

manifests/profile/fulcrum/nginx.pp

@@ -197,6 +197,6 @@
     proto  => 'tcp',
     dport  => 443,
     state  => 'NEW',
-    jump   => 'accept',
+    action => 'accept',
   }
 }

manifests/profile/fulcrum/perl.pp

@@ -0,0 +1,37 @@
+# The perl profile is needed for monitor_pl to work, but it pulls in a
+# ton of stuff. We should probably allow for different haproxy http checks
+# for a service, and eliminate the perl/monitor_pl dependency here.
+
+class nebula::profile::fulcrum::perl (
+  Hash $hosts = {}
+) {
+
+  include nebula::profile::www_lib::perl
+
+  create_resources('host',$hosts)
+
+  include nebula::profile::www_lib::apache::base
+  include nebula::profile::www_lib::apache::fulcrum
+
+  cron {
+    default:
+      user => 'root',
+    ;
+
+    'purge apache access logs 1/2':
+      hour    => 1,
+      minute  => 7,
+      command => '/usr/bin/find /var/log/apache2 -type f -mtime +14 -name "*log*" -exec /bin/rm {} \; > /dev/null 2>&1',
+    ;
+
+    'purge apache access logs 2/2':
+      hour    => 1,
+      minute  => 17,
+      command => '/usr/bin/find /var/log/apache2 -type f -mtime +2  -name "*log*" ! -name "*log*gz" -exec /usr/bin/pigz {} \; > /dev/null 2>&1',
+      require => Package['pigz'],
+    ;
+  }
+
+  ensure_packages(['pigz'])
+
+}

manifests/profile/fulcrum/shibboleth.pp

@@ -7,8 +7,8 @@
 class nebula::profile::fulcrum::shibboleth {
   ensure_packages([
     'unixodbc',
-    'shibboleth-sp2-common',
-    'shibboleth-sp2-utils',
+    'shibboleth-sp-common',
+    'shibboleth-sp-utils',
     'mariadb-unixodbc',
   ])
 
@@ -52,7 +52,7 @@
     ensure     => 'running',
     enable     => true,
     hasrestart => true,
-    require    => [Package['shibboleth-sp2-utils'], Package['mariadb-unixodbc']]
+    require    => [Package['shibboleth-sp-utils'], Package['mariadb-unixodbc']]
   }
 
   service { 'shibauthorizer.socket':

manifests/profile/shibboleth.pp

@@ -35,7 +35,7 @@
     [
       'shibboleth-sp-common',
       'shibboleth-sp-utils',
-      'odbc-mariadb'
+      'mariadb-unixodbc'
     ]:
   }
 
@@ -50,7 +50,7 @@
     ensure     => 'running',
     enable     => true,
     hasrestart => true,
-    require    => [Package['shibboleth-sp-utils'], Package['odbc-mariadb']]
+    require    => [Package['shibboleth-sp-utils'], Package['mariadb-unixodbc']]
   }
 
   file { '/etc/odbcinst.ini':

manifests/profile/solr.pp

@@ -19,10 +19,17 @@
 ) {
   $jdk_version = lookup('nebula::jdk_version')
 
-  ensure_packages(["openjdk-${jdk_version}-jre-headless",'solr','lsof'])
+  ensure_packages(["temurin-${jdk_version}-jre",'solr','lsof'])
+
+  class { 'nebula::profile::openjdk_java':
+    jdk_packages => ["temurin-${jdk_version}-jre"],
+    default_jdk => "temurin-${jdk_version}-jre",
+    base_alternative => "/usr/lib/jvm/temurin-${jdk_version}-jre-amd64/bin/java",
+    java_alternative => "temurin-${jdk_version}-jre-amd64",
+  }
 
   # Note: Along with variables above these are used in erb files also.
-  $java_home = "/usr/lib/jvm/java-${jdk_version}-openjdk-amd64/jre"
+  $java_home = "/usr/lib/jvm/temurin-${jdk_version}-jre-amd64"
   $solr_bin = '/opt/solr/bin/solr'
 
   nebula::usergroup { 'solr': }
@@ -53,6 +60,11 @@
     ;
   }
 
+  file { "/etc/environment":
+      content => inline_template("JAVA_HOME=${java_home}")
+  }
+
+
   file { '/etc/systemd/system/solr.service':
     owner   => 'root',
     group   => 'root',

manifests/profile/www_lib/dependencies.pp

@@ -17,7 +17,7 @@
       'git',
       'emacs',
       'imagemagick',
-      "openjdk-${jdk_version}-jre",
+      "temurin-${jdk_version}-jre",
     ]
   )
 

manifests/role/fulcrum/standalone.pp

@@ -7,15 +7,21 @@
 # This is desiged to manage a Debian Server that hosts the Fulcrum project, with all of the dependencies and services included.
 
 class nebula::role::fulcrum::standalone {
+
   include nebula::role::minimum
   include nebula::profile::ruby
   include nebula::profile::fulcrum::base
   include nebula::profile::fulcrum::hosts
+  include nebula::profile::fulcrum::mounts
+  include nebula::profile::fulcrum::symlinks
   include nebula::profile::fulcrum::app
-  include nebula::profile::fulcrum::fedora
   include nebula::profile::fulcrum::logrotate
-  include nebula::profile::fulcrum::mysql
   include nebula::profile::fulcrum::redis
-  include nebula::profile::fulcrum::shibboleth
+  include nebula::profile::fulcrum::perl
+
   include nebula::profile::fulcrum::solr
+  include nebula::profile::fulcrum::mysql
+
+  include nebula::profile::fulcrum::shibboleth
+  include nebula::profile::fulcrum::fedora
 }

spec/classes/profile/solr_spec.rb

@@ -14,7 +14,7 @@
 
       # Packages
       [
-        'openjdk-8-jre-headless',
+        'temurin-11-jre',
         'solr',
         'lsof',
       ].each do |package|

spec/fixtures/hiera/default.yaml

@@ -163,7 +163,7 @@ umich::networks::private_blocks:
 nebula::profile::falcon::cid: default-invalid-cid
 nebula::profile::tsm::servername: tsmserver
 nebula::profile::tsm::serveraddress: tsm.default.invalid
-nebula::jdk_version: '8'
+nebula::jdk_version: '11'
 
 nebula::profile::kubelet::kubelet_version: default.invalid
 

spec/fixtures/hiera/fulcrum.yaml

@@ -1,4 +1,5 @@
 nebula::profile::mysql::password: changeme
+nebula::profile::fulcrum::mysql::root_password: changeme
 nebula::profile::fulcrum::mysql::fedora_password: changeme
 nebula::profile::fulcrum::mysql::fulcrum_password: changeme
 nebula::profile::fulcrum::mysql::checkpoint_password: changeme

templates/mysql/my.cnf.erb

@@ -0,0 +1,30 @@
+# The MariaDB configuration file
+#
+# The MariaDB/MySQL tools read configuration files in the following order:
+# 0. "/etc/mysql/my.cnf" symlinks to this file, reason why all the rest is read.
+# 1. "/etc/mysql/mariadb.cnf" (this file) to set global defaults,
+# 2. "/etc/mysql/conf.d/*.cnf" to set global options.
+# 3. "/etc/mysql/mariadb.conf.d/*.cnf" to set MariaDB-only options.
+# 4. "~/.my.cnf" to set user-specific options.
+#
+# If the same option is defined multiple times, the last one will apply.
+#
+# One can use all long options that the program supports.
+# Run program with --help to get a list of available options and with
+# --print-defaults to see which it would actually understand and use.
+#
+# If you are new to MariaDB, check out https://mariadb.com/kb/en/basic-mariadb-articles/
+
+#
+# This group is read both by the client and the server
+# use it for options that affect everything
+#
+[client-server]
+# Port or socket location where to connect
+# port = 3306
+socket = /run/mysqld/mysqld.sock
+
+# Import all .cnf files from configuration directory
+!includedir /etc/mysql/conf.d/
+!includedir /etc/mysql/mariadb.conf.d/
+

templates/profile/fulcrum/fedora.env.erb

@@ -1,4 +1,5 @@
 CATALINA_BASE="/opt/fedora"
+JAVA_HOME="<%= @java_home %>"
 JAVA_OPTS="-Djava.awt.headless=true \
            -Djava.io.tmpdir=/tmp/fedora \
            -Xmx8g \