Initial commit.

gunicorn/manifests/init.pp

@@ -0,0 +1,29 @@
+class gunicorn(
+  $ensure=present,
+  $owner=undef,
+  $group=undef) {
+
+  $rundir = "/var/run/gunicorn"
+  $logdir = "/var/log/gunicorn"
+  $confdir = "/etc/gunicorn"
+
+  if $ensure == "present" {
+    file {
+      [$rundir, $confdir]:
+        ensure  => directory,
+        owner   => 'root',
+        group   => 'root';
+      $logdir:
+        ensure  => directory,
+        owner   => $owner,
+        group   => $group;
+    }
+
+  } elsif $ensure == 'absent' {
+    file { $rundir:
+      ensure  => $ensure,
+      owner   => 'root',
+      group   => 'root',
+    }
+  }
+}

gunicorn/manifests/instance.pp

@@ -0,0 +1,90 @@
+define gunicorn::instance(
+  $venv,
+  $src,
+  $ensure=present,
+  $wsgi_module="",
+  $django=false,
+  $django_settings="",
+  $version=undef,
+  $workers=1,
+  $timeout_seconds=30) {
+
+  File {
+    owner => 'root',
+    group => 'root',
+    mode  => '0644',
+  }
+
+  $is_present = $ensure == "present"
+
+  $rundir = $gunicorn::rundir
+  $confdir = $gunicorn::confdir
+  $logdir = $gunicorn::logdir
+  $owner = $gunicorn::owner
+  $group = $gunicorn::group
+
+  $proc_name = "gunicorn-${name}"
+  $conffile = "${confdir}/${name}.conf"
+  $pidfile = "${rundir}/${name}.pid"
+  $socket = "unix:${rundir}/${name}.sock"
+  $logfile = "${logdir}/${name}.log"
+
+  if $wsgi_module == "" and !$django {
+    fail("If you're not using Django you have to define a WSGI module.")
+  }
+
+  if $django_settings != "" and !$django {
+    fail("If you're not using Django you can't define a settings file.")
+  }
+
+  if $wsgi_module != "" and $django {
+    fail("If you're using Django you can't define a WSGI module.")
+  }
+
+  $gunicorn_package = $version ? {
+    undef => "gunicorn",
+    default => "gunicorn==${version}",
+  }
+
+  if $is_present {
+    python::pip::install {
+      "$gunicorn_package in $venv":
+        package => $gunicorn_package,
+        ensure  => $ensure,
+        venv    => $venv,
+        owner   => $python::venv::owner,
+        group   => $python::venv::group,
+        require => Python::Venv::Isolate[$venv],
+        before  => File[$conffile];
+
+      # for --name support in gunicorn:
+      "setproctitle in $venv":
+        package => "setproctitle",
+        ensure  => $ensure,
+        venv    => $venv,
+        owner   => $python::venv::owner,
+        group   => $python::venv::group,
+        require => Python::Venv::Isolate[$venv],
+        before  => File[$conffile];
+    }
+  }
+
+  file { $conffile:
+    ensure  => $ensure,
+    content => template("gunicorn/gunicorn.conf.erb"),
+    require => File["/etc/logrotate.d/gunicorn-${name}"],
+  }
+
+  file { "/etc/logrotate.d/gunicorn-${name}":
+    ensure  => $ensure,
+    content => template("gunicorn/logrotate.erb"),
+  }
+
+  supervisor::service { $name:
+    ensure          => $ensure,
+    command         => inline_template("<%= venv %>/bin/gunicorn<% if django %>_django<% end %> -c <%= conffile %> <%= django ? django_settings : wsgi_module %> --log-file=<%= logfile %>"),
+    directory       => $src,
+    stdout_logfile  => $logfile,
+    subscribe       => File[$conffile],
+  }
+}

gunicorn/templates/gunicorn.conf.erb

@@ -0,0 +1,17 @@
+proc_name = "<%= proc_name %>"
+backlog = 2048
+bind = "<%= socket %>"
+pidfile = "<%= pidfile %>"
+daemon = False
+debug = False
+user= "<%= owner %>"
+group = "<%= group %>"
+workers = <%= workers %>
+# preload_app = False
+timeout = <%= timeout_seconds %>
+
+def on_starting(server):
+    import os
+    run_dir = os.path.dirname('<%= pidfile %>')
+    if not os.path.isdir(run_dir):
+        os.mkdir(run_dir)

gunicorn/templates/logrotate.erb

@@ -0,0 +1,12 @@
+<%= logfile %> {
+  weekly
+  missingok
+  rotate 520
+  compress
+  delaycompress
+  notifempty
+  create 640 <%= owner %> <%= group %>
+  postrotate
+    /usr/bin/supervisorctl restart <% name %>
+  endscript
+}

memcached/manifests/init.pp

@@ -0,0 +1,8 @@
+class memcached {
+  package {
+    'memcached':
+      ensure => installed;
+    'libmemcached-dev':
+      ensure => installed;
+  }
+}

mysql/manifests/client.pp

@@ -0,0 +1,24 @@
+class mysql::client {
+  package {
+    'mysql-client':
+      ensure => installed;
+    'libmysqlclient-dev':
+      ensure => installed;
+  }
+
+  define create_db($user, $password) {
+    $options = "-h ${::mysql_host} -P ${::mysql_port} -u${::mysql_username} -p${::mysql_password}"
+
+    exec { "create-db-${name}":
+      unless  => "/usr/bin/mysql $options ${name}",
+      command => "/usr/bin/mysql $options -e \"CREATE DATABASE IF NOT EXISTS ${name} CHARSET utf8 COLLATE utf8_unicode_ci;\"",
+    }
+
+    exec { "grant-db-${name}":
+      unless  => "/usr/bin/mysql -h ${::mysql_host} -P ${::mysql_port} -u${user} -p${password} ${name}",
+      command => "/usr/bin/mysql $options -e \"GRANT ALL ON ${name}.* TO '${user}'@'%' IDENTIFIED BY '$password';UPDATE mysql.user SET Password=PASSWORD('$password') where USER='$user';FLUSH PRIVILEGES;\"",
+    }
+
+    Package['mysql-client'] -> Exec["create-db-${name}"] -> Exec["grant-db-${name}"]
+  }
+}

nginx/LICENSE

@@ -0,0 +1,19 @@
+Copyright (C) 2011 by Eivind Uggedal <eivind@uggedal.com>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

nginx/README.md

@@ -0,0 +1,121 @@
+Puppet Nginx Module
+===================
+
+Module for configuring Nginx and virtual hosts.
+
+Tested on Debian GNU/Linux 6.0 Squeeze and Ubuntu 10.4 LTS with
+Puppet 2.6. Patches for other operating systems welcome.
+
+This module can be used to serve both static sites and
+proxy to backend application servers while serving static
+media through Nginx.
+
+
+Installation
+------------
+
+Clone this repo to a nginx directory under your Puppet
+modules directory:
+
+    git clone git://github.com/uggedal/puppet-module-nginx.git nginx
+
+If you don't have a Puppet Master you can create a manifest file
+based on the notes below and run Puppet in stand-alone mode
+providing the module directory you cloned this repo to:
+
+    puppet apply --modulepath=modules test_nginx.pp
+
+
+Usage
+-----
+
+To install and configure Nginx, include the module:
+
+    include nginx
+
+You can override defaults in the Nginx config by including
+the module with this special syntax:
+
+    class { nginx: workers => 4 }
+
+Setting up virtual hosts is done with the nginx::site resource:
+
+    nginx::site { "home":
+      domain => "uggedal.com",
+      aliases => ["www.uggedal.com", "ugg.is"],
+      default_vhost => true,
+      root => "/var/www/home",
+    }
+
+If you use a static site generator which needs requests to /some-slug
+rewritten to the actual /some-slug.html file:
+
+    nginx::site { "journal":
+      domain => "journal.uggedal.com",
+      rewrite_missing_html_extension => true,
+      root => "/var/www/journal",
+    }
+
+You can provide IP addresses or unix sockets to backend application
+servers which should be proxied to:
+
+    nginx::site { "mediaqueri.es":
+      domain => "mediaqueri.es",
+      aliases => ["www.mediaqueri.es"],
+      root => "/var/www/mediaqueri.es/static",
+      upstreams => ["unix:/var/run/mediaqueri.es.sock"],
+    }
+
+Provide a URL media prefix and media root directory if you have a
+media directory of static files which should be served directly by
+Nginx and not by your application servers. These files will be
+cached indefinitely:
+
+    nginx::site { "mediaqueri.es":
+      domain => "mediaqueri.es",
+      aliases => ["www.mediaqueri.es"],
+      root => "/var/www/mediaqueri.es/static",
+      mediaroot => "/var/www/mediaqueri.es/mediaqueries/static",
+      mediaprefix => "/static",
+      upstreams => ["unix:/var/run/mediaqueri.es.sock"],
+    }
+
+If you provide a relative `mediaroot` it will be relative to the
+`root` directory:
+
+    nginx::site { "journal":
+      domain => "journal.uggedal.com",
+      root => "/var/www/journal",
+      mediaroot => "files/media",
+      mediaprefix => "/media",
+    }
+
+You can also provide a owner and group which will be the owner of the
+virtual host's root directory:
+
+    nginx::site { "journal":
+      domain => "journal.uggedal.com",
+      rewrite_missing_html_extension => true,
+      root => "/var/www/journal",
+      owner => "www-mgr",
+      group => "www-mgr",
+    }
+
+Enable SSL by using the `ssl` argument and providing the location of a
+certificate and key. This will also redirect all HTTP requests to HTTPS:
+
+    nginx::site { "home":
+      domain => "uggedal.com",
+      root => "/var/www/home",
+      ssl => true,
+      ssl_certificate => "/etc/nginx/cert/uggedal.com.pem",
+      ssl_certificate_key => "/etc/nginx/cert/uggedal.com.key",
+    }
+
+    file {
+      "/etc/nginx/cert/uggedal.com.pem":
+        content => "...";
+      "/etc/nginx/cert/uggedal.com.key":
+        content => "...",
+        mode => 600;
+    }