aboutsummaryrefslogtreecommitdiffstats
path: root/modules
diff options
context:
space:
mode:
authorNicolas Lécureuil <neoclust@mageia.org>2017-04-07 23:16:09 +0200
committerNicolas Lécureuil <neoclust@mageia.org>2017-04-07 23:16:09 +0200
commit06238f91353b779808349b395bb7c6b3e0622b90 (patch)
treee6e66ddd2c42ef755a2134a2fd139856b1f81e0f /modules
parenta590e331f575545d7d36a23ead7de3da9cb07a2f (diff)
downloadpuppet-06238f91353b779808349b395bb7c6b3e0622b90.tar
puppet-06238f91353b779808349b395bb7c6b3e0622b90.tar.gz
puppet-06238f91353b779808349b395bb7c6b3e0622b90.tar.bz2
puppet-06238f91353b779808349b395bb7c6b3e0622b90.tar.xz
puppet-06238f91353b779808349b395bb7c6b3e0622b90.zip
Enable new bugzilla
Diffstat (limited to 'modules')
-rwxr-xr-xmodules/bugzilla/manifests/init.pp46
-rw-r--r--modules/bugzilla/templates/localconfig112
-rw-r--r--modules/bugzilla/templates/params.json104
-rw-r--r--modules/bugzilla/templates/webapp_bugzilla.conf40
4 files changed, 226 insertions, 76 deletions
diff --git a/modules/bugzilla/manifests/init.pp b/modules/bugzilla/manifests/init.pp
index ca5e7ea7..eaf12eb6 100755
--- a/modules/bugzilla/manifests/init.pp
+++ b/modules/bugzilla/manifests/init.pp
@@ -1,35 +1,40 @@
class bugzilla {
- $extension_location = '/usr/share/bugzilla/extensions/Mageia'
+ $bugzilla_location = '/usr/share/bugzilla/'
- package {['bugzilla',
- 'bugzilla-extension-sitemap',
- 'graphviz',
+ package {['graphviz',
'perl-Template-GD', # needed for graphical_report support
'perl-Test-Taint',
- 'perl-JSON-RPC']: }
+ 'perl-JSON-RPC',
+ 'perl-Email-MIME',
+ 'perl-Email-Sender',
+ 'Math-Random-ISAAC',
+ 'perl-Chart',
+ 'perl-PatchReader',
+ 'perl-ldap',
+ 'perl-SOAP-Lite',
+ 'perl-XMLRPC-Lite',
+ 'perl-CGI']: }
$pgsql_password = extlookup('bugzilla_pgsql','x')
$ldap_password = extlookup('bugzilla_ldap','x')
- postgresql::remote_db_and_user { 'bugs-dev':
+ postgresql::remote_db_and_user { 'bugs':
description => 'Bugzilla database',
password => $pgsql_password,
}
- file { '/etc/bugzilla/localconfig':
+ file { '/usr/share/bugzilla/localconfig':
group => 'apache',
mode => '0640',
- content => template('bugzilla/localconfig'),
- require => Package['bugzilla'],
+ content => template('bugzilla/localconfig')
}
- file { '/var/lib/bugzilla/params':
+ file { '/usr/share/bugzilla/data/params.json':
group => 'apache',
mode => '0640',
- content => template('bugzilla/params'),
- require => Package['bugzilla'],
+ content => template('bugzilla/params.json')
}
apache::webapp_other { 'bugzilla':
@@ -37,7 +42,7 @@ class bugzilla {
}
$bugs_vhost = "bugs.${::domain}"
- $vhost_root = '/usr/share/bugzilla/www'
+ $vhost_root = '/usr/share/bugzilla'
apache::vhost::redirect_ssl { $bugs_vhost: }
@@ -49,25 +54,22 @@ class bugzilla {
vhost => $bugs_vhost,
}
- git::snapshot { $extension_location:
- source => "git://git.${::domain}/web/templates/bugzilla",
- require => Package['bugzilla'],
+ git::snapshot { $bugzilla_location:
+ source => "git://git.${::domain}/web/bugs"
}
file { 'Mageia':
ensure => directory,
- path => '/usr/share/bugzilla/extensions',
+ path => '/usr/share/bugzilla',
group => 'apache',
- mode => '0640',
recurse => true,
- require => Git::Snapshot[$extension_location],
+ require => Git::Snapshot[$bugzilla_location],
}
- file { '/usr/share/bugzilla/www/robots.txt':
+ file { '/usr/share/bugzilla/robots.txt':
group => 'apache',
mode => '0640',
- content => template('bugzilla/robots.txt'),
- require => Package['bugzilla-extension-sitemap'],
+ content => template('bugzilla/robots.txt')
}
cron { 'collectstats':
diff --git a/modules/bugzilla/templates/localconfig b/modules/bugzilla/templates/localconfig
index 169f55ed..2b7d6035 100644
--- a/modules/bugzilla/templates/localconfig
+++ b/modules/bugzilla/templates/localconfig
@@ -1,51 +1,59 @@
-
# If you are using Apache as your web server, Bugzilla can create .htaccess
-# files for you that will instruct Apache not to serve files that shouldn't
-# be accessed from the web browser (like your local configuration data and non-cgi
-# executable files). For this to work, the directory your Bugzilla
-# installation is in must be within the jurisdiction of a <Directory> block
-# in the httpd.conf file that has 'AllowOverride Limit' in it. If it has
-# 'AllowOverride All' or other options with Limit, that's fine.
-# (Older Apache installations may use an access.conf file to store these
-# <Directory> blocks.)
-# If this is set to 1, Bugzilla will create these files if they don't exist.
-# If this is set to 0, Bugzilla will not create these files.
+# files for you, which will keep this file (localconfig) and other
+# confidential files from being read over the web.
+#
+# If this is set to 1, checksetup.pl will create .htaccess files if
+# they don't exist.
+#
+# If this is set to 0, checksetup.pl will not create .htaccess files.
$create_htaccess = 0;
-# Usually, this is the group your web server runs as.
-# If you have a Windows box, ignore this setting.
-# If you have use_suexec switched on below, this is the group Apache switches
-# to in order to run Bugzilla scripts.
+# The name of the group that your web server runs as. On Red Hat
+# distributions, this is usually "apache". On Debian/Ubuntu, it is
+# usually "www-data".
+#
+# If you have use_suexec turned on below, then this is instead the name
+# of the group that your web server switches to to run cgi files.
+#
+# If this is a Windows machine, ignore this setting, as it does nothing.
+#
# If you do not have access to the group your scripts will run under,
# set this to "". If you do set this to "", then your Bugzilla installation
# will be _VERY_ insecure, because some files will be world readable/writable,
# and so anyone who can get local access to your machine can do whatever they
# want. You should only have this set to "" if this is a testing installation
# and you cannot set this up any other way. YOU HAVE BEEN WARNED!
+#
# If you set this to anything other than "", you will need to run checksetup.pl
-# asroot, or as a user who is a member of the specified group.
+# as root or as a user who is a member of the specified group.
$webservergroup = 'apache';
-# Set this if Bugzilla runs in an Apache SuexecUserGroup environment.
-# (If your web server runs control panel software (cPanel, Plesk or similar),
+# Set this to 1 if Bugzilla runs in an Apache SuexecUserGroup environment.
+#
+# If your web server runs control panel software (cPanel, Plesk or similar),
# or if your Bugzilla is to run in a shared hosting environment, then you are
-# almost certainly in an Apache SuexecUserGroup environment.)
-# If you have a Windows box, ignore this setting.
-# If set to 0, Bugzilla will set file permissions as tightly as possible.
-# If set to 1, Bugzilla will set file permissions so that it may work in an
-# SuexecUserGroup environment. The difference is that static files (CSS,
-# JavaScript and so on) will receive world read permissions.
+# almost certainly in an Apache SuexecUserGroup environment.
+#
+# If this is a Windows box, ignore this setting, as it does nothing.
+#
+# If set to 0, checksetup.pl will set file permissions appropriately for
+# a normal webserver environment.
+#
+# If set to 1, checksetup.pl will set file permissions so that Bugzilla
+# works in a SuexecUserGroup environment.
$use_suexec = 0;
# What SQL database to use. Default is mysql. List of supported databases
# can be obtained by listing Bugzilla/DB directory - every module corresponds
-# to one supported database and the name corresponds to a driver name.
+# to one supported database and the name of the module (before ".pm")
+# corresponds to a valid value for this variable.
$db_driver = 'pg';
-# The DNS name of the host that the database server runs on.
-$db_host = 'pgsql.<%= domain %>';
+# The DNS name or IP address of the host that the database server runs on.
+$db_host = 'pg.mageia.org';
-# The name of the database
+# The name of the database. For Oracle, this is the database's SID. For
+# SQLite, this is a name (or path) for the DB file.
$db_name = 'bugs';
# Who we connect to the database as.
@@ -55,7 +63,7 @@ $db_user = 'bugs';
# a password for your bugzilla database user.
# If you use apostrophe (') or a backslash (\) in your password, you'll
# need to escape it by preceding it with a '\' character. (\') or (\)
-# (Far simpler just not to use those characters.)
+# (It is far simpler to just not use those characters.)
$db_pass = '<%= pgsql_password %>';
# Sometimes the database server is running on a non-standard port. If that's
@@ -70,34 +78,44 @@ $db_port = 0;
$db_sock = '';
# Should checksetup.pl try to verify that your database setup is correct?
-# (with some combinations of database servers/Perl modules/moonphase this
-# doesn't work)
+# With some combinations of database servers/Perl modules/moonphase this
+# doesn't work, and so you can try setting this to 0 to make checksetup.pl
+# run.
$db_check = 1;
-# With the introduction of a configurable index page using the
-# template toolkit, Bugzilla's main index page is now index.cgi.
+# Path to a PEM file with a list of trusted SSL CA certificates.
+# The file must be readable by web server user.
+$db_mysql_ssl_ca_file = '';
+
+# Path to a directory containing trusted SSL CA certificates in PEM format.
+# Directory and files inside must be readable by the web server user.
+$db_mysql_ssl_ca_path = '';
+
+# Full path to the client SSL certificate in PEM format we will present to the DB server.
+# The file must be readable by web server user.
+$db_mysql_ssl_client_cert = '';
+
+# Full path to the private key corresponding to the client SSL certificate.
+# The file must not be password-protected and must be readable by web server user.
+$db_mysql_ssl_client_key = '';
+
# Most web servers will allow you to use index.cgi as a directory
# index, and many come preconfigured that way, but if yours doesn't
# then you'll need an index.html file that provides redirection
# to index.cgi. Setting $index_html to 1 below will allow
-# checksetup.pl to create one for you if it doesn't exist.
+# checksetup.pl to create an index.html for you if it doesn't exist.
# NOTE: checksetup.pl will not replace an existing file, so if you
# wish to have checksetup.pl create one for you, you must
-# make sure that index.html doesn't already exist
+# make sure that index.html doesn't already exist.
$index_html = 0;
-# For some optional functions of Bugzilla (such as the pretty-print patch
-# viewer), we need the cvs binary to access files and revisions.
-# Because it's possible that this program is not in your path, you can specify
-# its location here. Please specify the full path to the executable.
-$cvsbin = '/usr/bin/cvs';
-
-# For some optional functions of Bugzilla (such as the pretty-print patch
-# viewer), we need the interdiff binary to make diffs between two patches.
-# Because it's possible that this program is not in your path, you can specify
-# its location here. Please specify the full path to the executable.
+# If you want to use the "Difference Between Two Patches" feature of the
+# Patch Viewer, please specify the full path to the "interdiff" executable
+# here.
$interdiffbin = '/usr/bin/interdiff';
-# The interdiff feature needs diff, so we have to have that path.
-# Please specify the directory name only; do not use trailing slash.
+# For the "Difference Between Two Patches" feature to work, we need to know
+# what directory the "diff" bin is in. (You only need to set this if you
+# are using that feature of the Patch Viewer.)
$diffpath = '/usr/bin';
+
diff --git a/modules/bugzilla/templates/params.json b/modules/bugzilla/templates/params.json
new file mode 100644
index 00000000..f5d709e4
--- /dev/null
+++ b/modules/bugzilla/templates/params.json
@@ -0,0 +1,104 @@
+{
+ "LDAPBaseDN" : "ou=People,<%= dc_suffix %>",
+ "LDAPbinddn" : "cn=bugzilla-alamut,ou=System Accounts,<%= dc_suffix %>:<%= ldap_password %>",
+ "LDAPfilter" : "",
+ "LDAPmailattribute" : "mail",
+ "LDAPserver" : "ldap.<%= domain %>",
+ "LDAPstarttls" : "1",
+ "LDAPuidattribute" : "uid",
+ "RADIUS_NAS_IP" : "",
+ "RADIUS_email_suffix" : "",
+ "RADIUS_secret" : "",
+ "RADIUS_server" : "",
+ "ajax_user_autocompletion" : "1",
+ "allow_attachment_deletion" : "0",
+ "allow_attachment_display" : "1",
+ "allowbugdeletion" : "0",
+ "allowemailchange" : "0",
+ "allowuserdeletion" : "0",
+ "announcehtml" : "",
+ "attachment_base" : "",
+ "auth_env_email" : "",
+ "auth_env_id" : "",
+ "auth_env_realname" : "",
+ "chartgroup" : "editbugs",
+ "collapsed_comment_tags" : "obsolete, spam",
+ "comment_taggers_group" : "editbugs",
+ "commentonchange_resolution" : "1",
+ "commentonduplicate" : "0",
+ "confirmuniqueusermatch" : "1",
+ "cookiedomain" : "",
+ "cookiepath" : "/",
+ "createemailregexp" : ".*",
+ "debug_group" : "editbugs",
+ "default_search_limit" : "500",
+ "defaultopsys" : "Linux",
+ "defaultplatform" : "All",
+ "defaultpriority" : "Normal",
+ "defaultquery" : "bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&emailassigned_to1=1&emailassigned_to2=1&emailreporter2=1&emailcc2=1&emailqa_contact2=1&order=Importance&long_desc_type=substring",
+ "defaultseverity" : "normal",
+ "duplicate_or_move_bug_status" : "RESOLVED",
+ "emailregexp" : "^[\\w\\.\\+\\-=]+@[\\w\\.\\-]+\\.[\\w\\-]+$",
+ "emailregexpdesc" : "A legal address must contain exactly one '@', and at least one '.' after the @.",
+ "emailsuffix" : "",
+ "font_file" : "",
+ "globalwatchers" : "bugs@ml.mageia.org",
+ "inbound_proxies" : "",
+ "insidergroup" : "secteam",
+ "last_visit_keep_days" : "10",
+ "letsubmitterchoosemilestone" : "1",
+ "letsubmitterchoosepriority" : "1",
+ "mail_delivery_method" : "SMTP",
+ "mailfrom" : "bugzilla-daemon@<%= domain %>",
+ "maintainer" : "sysadmin@group.<%= domain %>",
+ "makeproductgroups" : "0",
+ "max_search_results" : "10000",
+ "maxattachmentsize" : "1000",
+ "maxlocalattachment" : "0",
+ "maxusermatches" : "1000",
+ "memcached_namespace" : "bugzilla:",
+ "memcached_servers" : "",
+ "musthavemilestoneonaccept" : "0",
+ "mybugstemplate" : "buglist.cgi?bug_status=UNCONFIRMED&amp;bug_status=NEW&amp;bug_status=ASSIGNED&amp;bug_status=REOPENED&amp;emailassigned_to1=1&amp;emailreporter1=1&amp;emailtype1=exact&amp;email1=%userid%&amp;field0-0-0=bug_status&amp;type0-0-0=notequals&amp;value0-0-0=UNCONFIRMED&amp;field0-0-1=reporter&amp;type0-0-1=equals&amp;value0-0-1=%userid%",
+ "noresolveonopenblockers" : "0",
+ "or_groups" : "0",
+ "password_check_on_login" : "1",
+ "password_complexity" : "no_constraints",
+ "proxy_url" : "",
+ "querysharegroup" : "editbugs",
+ "quip_list_entry_control" : "open",
+ "rememberlogin" : "on",
+ "requirelogin" : "0",
+ "search_allow_no_criteria" : "0",
+ "shadowdb" : "",
+ "shadowdbhost" : "",
+ "shadowdbport" : "3306",
+ "shadowdbsock" : "",
+ "shutdownhtml" : "",
+ "smtp_debug" : "0",
+ "smtp_password" : "",
+ "smtp_ssl" : "0",
+ "smtp_username" : "",
+ "smtpserver" : "localhost",
+ "ssl_redirect" : "1",
+ "sslbase" : "https://bugs.<%= domain %>/",
+ "strict_isolation" : "0",
+ "strict_transport_security" : "off",
+ "timetrackinggroup" : "",
+ "upgrade_notification" : "latest_stable_release",
+ "urlbase" : "http://bugs.<%= domain %>/",
+ "use_mailer_queue" : "0",
+ "use_see_also" : "1",
+ "useclassification" : "0",
+ "usemenuforusers" : "0",
+ "useqacontact" : "1",
+ "user_info_class" : "CGI",
+ "user_verify_class" : "LDAP",
+ "usestatuswhiteboard" : "1",
+ "usetargetmilestone" : "1",
+ "usevisibilitygroups" : "0",
+ "utf8" : "1",
+ "webdotbase" : "/usr/bin/dot",
+ "webservice_email_filter" : "0",
+ "whinedays" : "0"
+}
diff --git a/modules/bugzilla/templates/webapp_bugzilla.conf b/modules/bugzilla/templates/webapp_bugzilla.conf
index 9446ce4f..a8f37a00 100644
--- a/modules/bugzilla/templates/webapp_bugzilla.conf
+++ b/modules/bugzilla/templates/webapp_bugzilla.conf
@@ -2,37 +2,56 @@
path_data_directory = "/var/lib/bugzilla"
%>
-<Directory /usr/share/bugzilla/www>
- Order allow,deny
- Allow from all
- AllowOverride Limit FileInfo Indexes Options
-
- Options ExecCGI
- DirectoryIndex index.cgi
+<Directory /usr/share/bugzilla/>
+ AddHandler cgi-script .cgi
+ Options +ExecCGI +FollowSymLinks
+ DirectoryIndex index.cgi index.html
+ AllowOverride All
</Directory>
# The duplicates.rdf must be accessible, as it is used by
# duplicates.xul
<Directory <%= path_data_directory %>>
<Files duplicates.rdf>
+ <IfModule mod_authz_core.c>
+ # Apache 2.4
+ Require all granted
+ </IfModule>
+ <IfModule !mod_authz_core.c>
+ # Apache 2.2
Order allow,deny
Allow from all
+ </IfModule>
</Files>
</Directory>
# The png files locally created locally must be accessible
<Directory <%= path_data_directory %>/webdot>
<FilesMatch \.png$>
+ <IfModule mod_authz_core.c>
+ # Apache 2.4
+ Require all granted
+ </IfModule>
+ <IfModule !mod_authz_core.c>
+ # Apache 2.2
Order allow,deny
Allow from all
+ </IfModule>
</FilesMatch>
</Directory>
Alias /graphs/ <%= path_data_directory %>/graphs/
<Directory <%= path_data_directory %>/graphs>
<FilesMatch \.png$>
+ <IfModule mod_authz_core.c>
+ # Apache 2.4
+ Require all granted
+ </IfModule>
+ <IfModule !mod_authz_core.c>
+ # Apache 2.2
Order allow,deny
Allow from all
+ </IfModule>
</FilesMatch>
</Directory>
@@ -41,7 +60,14 @@ Alias /graphs/ <%= path_data_directory %>/graphs/
Alias /extensions/Mageia/web/ <%= scope.lookupvar("bugzilla::extension_location") %>/web/
<Directory <%= scope.lookupvar("bugzilla::extension_location") %>/web/>
<FilesMatch \.png$>
+ <IfModule mod_authz_core.c>
+ # Apache 2.4
+ Require all granted
+ </IfModule>
+ <IfModule !mod_authz_core.c>
+ # Apache 2.2
Order allow,deny
Allow from all
+ </IfModule>
</FilesMatch>
</Directory>