diff --git a/setup/puppet/modules/odoo/files/wkhtmltox-0.12.2.1_linux-wheezy-amd64.deb b/setup/puppet/modules/odoo/files/wkhtmltox-0.12.2.1_linux-wheezy-amd64.deb new file mode 100644 index 00000000..a6d1895e Binary files /dev/null and b/setup/puppet/modules/odoo/files/wkhtmltox-0.12.2.1_linux-wheezy-amd64.deb differ diff --git a/setup/puppet/modules/odoo/manifests/init.pp b/setup/puppet/modules/odoo/manifests/init.pp new file mode 100644 index 00000000..57ac5ac5 --- /dev/null +++ b/setup/puppet/modules/odoo/manifests/init.pp @@ -0,0 +1,386 @@ +# Agent: sudo puppet agent --test + +class odoo { + + user { odoo: + ensure => present, + shell => '/bin/bash', + managehome => 'true', + } + + $sudo_entry="odoo ALL=NOPASSWD: ALL" + sudo::conf { 'sudo_odoo': + priority => 10, + content => $sudo_entry, + } + + ssh_authorized_key { "andreas@odoo": + user => odoo, + type => 'ssh-rsa', + #key => 'AAAAB3NzaC1yc2EAAAABIwAAAQEAtd8TfqMUhFXsHuWHL0NBPem5V4eLdG4SKe2xTfIMFL7xGGvXjox7BDncUVJ/MSnYS5aWRYEjz1QY80Kj6KIpxqh8imW2EscLKHzMfcOEwzQh+7lcC/nexMrjlPOS2LyAh3KHTqUKbdxq4a6KuGqoydIY6u/pRBDgEAh5y0/YLJwIjTIDmW/lTB6ZlcXIMPTY05QsPG/adL76rN2TowG8qvP45uLoH9EjZ//9nes3lyjegsia2uJ4mVlvA3vEpzRC2Ku2F69ADUV7SVOyzvOvPi6l/RpbXHYJO5XWxyn2NrxZWPGuUCF5+JL3KYElIBTTTTB3gDWzWQAVF/QKXi1eiw==', + key => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDBIg6NZV4tTs+J5qUP4/zQAn+Xi3muKqbaSDV8yYm50mH77PcLwbkZVlxdF0/OFCl5f5FCNp4Ag4Px97M35Nv+BweOTCZNMKOHmvtXY1fCRUQnk6ca3NlipImppL0U47SUzt9KkNIsz0FWxLu74LANgxKwrf8Hgim8Nkq8WrlvuoJCqf+542N15cGrf/9eD6yRm7AmdFi7VIYrP4m7TPbXJBGX+cXOo0bKTyaq8mtinbUN5UCi/eJ08wYkm/CGVxL+9cm6HOABw332A8OadAliCZBWqhFT0rBKdoWLxBbTsILALskrddpKLwBLOUIU79YeT0OfNpLCnVi8u67X9inl', + } + + ssh_authorized_key { "stefan@odoo": + user => odoo, + type => 'ssh-rsa', + key => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDlOWE1x6FF4VsHTRSZ31iQsASlRLqMdIhyIY52ENM46uTOTEOENiyeFrQkRKZfIsic3TBg+u7HedzsCRl4U9Cy9boX46bkeFi1qZFB3iHkcIFDrlqQo0OBIlidNkuQ8fiDVVhjSJGzwRRiwIRp5f7vkBuYAhLMqgOXESXUhKl9RZFYaTAW4fEAQ1rqVAKibwiPaNpwh0zj4GeX8Ab2+NBNfKt8MslvEEbNbUCViH6ZS7DR66p+gYWTtP+Rzyd1F92pmoHam7Lqsk4Qc+5G7HHzDJuidsiu5UQiVaPu2KhzuX7fKEnRC0vDkknwuyYf7hUeuK8j0GpDpDmfWmo36Cyz', + } + + ssh_authorized_key { "kumar@odoo": + user => odoo, + type => 'ssh-rsa', + key => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDA8tPgqD6ZRixJGGypzKgeVUGnK5mGVfT25qQYFChTsjXVeCgfCNnN7IfnN8H7ive+du9Cz/G10hsH4v/1HZ8w0KaEWieWyiBjWDIoOJIdw3mjeLA2G0HR7aZ1Kal0VMh1zteGiHKBro7ASMEn58OVOKzxrGK0s/dTiZ/pAu0yyoD9CDvqAfhhJm+EAh2E9/CG3QfhndSkHZen/AYxhIek1Wv5RwRneKns5iDs/MJyjC9VFuZCVyYHIzshzHtHkAH7O1hxd++pKuvNiI8w0CoeTr+DwpwZRMEpsohIygyRkEgYgVQlGyxf7chHy6Mip91ljzHKNCAVG5VDNtY7ij5P', + } + + class { 'postgresql::server': + listen_addresses => '*', + locale => 'de_AT.UTF-8', + encoding => 'UTF8', + } + + # workaround for http://projects.puppetlabs.com/issues/4695 + # when PostgreSQL is installed with SQL_ASCII encoding instead of UTF8 + exec { 'utf8 postgres': + command => 'sudo -u postgres pg_dropcluster --stop 9.1 main ; pg_createcluster --start --locale en_US.UTF-8 9.1 main', + unless => 'sudo -u postgres psql -t -c "\l" | grep template1 | grep -q UTF', + require => Class['postgresql::server'], + path => ['/bin', '/sbin', '/usr/bin', '/usr/sbin'], + } + + file { "/var/log/odoo": + owner => 'root', + group => 'root', + mode => '0777', + ensure => "directory", + } + + package { ['antiword', + 'bzr', + 'git', + 'nginx', + 'poppler-utils', + 'postgresql', + 'python-dateutil', + 'python-decorator', + 'python-docutils', + 'python-egenix-mxdatetime', + 'python-feedparser', + 'python-gevent', + 'python-imaging', + 'python-jinja2', + 'python-ldap', + 'python-libxslt1', + 'python-lxml', + 'python-mako', + 'python-matplotlib', + 'python-mock', + 'python-openid', + 'python-openssl', + 'python-paramiko', + 'python-pdftools', + 'python-pip', + 'python-psutil', + 'python-psycopg2', + 'python-pybabel', + 'python-pychart', + 'python-pydot', + 'python-pyparsing', + 'python-pypdf', + 'python-reportlab-accel', + 'python-reportlab', + # 'python-requests', ist bei debian version 0.12.1 => daher install mit pip + 'python-setuptools', + 'python-simplejson', + 'python-tz', + 'python-unittest2', + 'python-vatnumber', + 'python-vobject', + 'python-webdav', + 'python-werkzeug', + 'python-xlwt', + 'python-yaml', + 'python-zsi', + 'wget', + # für wkhtmltox + 'xfonts-base', + 'xfonts-75dpi', + ]: + ensure => present, + } + + + file { 'wkhtmltox-0.12.2.1_linux-wheezy-amd64.deb': + name => "/tmp/wkhtmltox-0.12.2.1_linux-wheezy-amd64.deb", + owner => root, + group => root, + source => "puppet:///modules/odoo/wkhtmltox-0.12.2.1_linux-wheezy-amd64.deb" + } + + package { 'wkhtmltox': + provider => dpkg, + ensure => installed, + source => "/tmp/wkhtmltox-0.12.2.1_linux-wheezy-amd64.deb", + require => File['wkhtmltox-0.12.2.1_linux-wheezy-amd64.deb'], + } + + package {['passlib', + 'psycogreen', + 'gdata', + 'requests']: + ensure => installed, + provider => 'pip', + require => Package['python-pip'], + + } + + # Update python lib distribute if required ("sudo easy_install -U distribute") + $upg_cmd = "sudo easy_install -U distribute" + $unless_upg_cmd = "sudo pip freeze | grep distribute==0.7" + exec { 'upgrade_distribute': + command => $upg_cmd, + unless => $unless_upg_cmd, + path => ['/bin', '/sbin', '/usr/bin', '/usr/sbin'], + } + + + # TODO, benötigt: "sudo easy_install -U distribute" + package {'gevent_psycopg2': + ensure => present, + provider => 'pip', + require => [Package['python-pip'],Package['python-psycopg2'],Exec['upgrade_distribute'], Class['postgresql::server']], + + } + + # main directory for odoo backups + file { "/var/pgdump": + owner => 'root', + group => 'root', + mode => '0777', + ensure => "directory", + } + + # Postfix setup + class { '::postfix::server': + myhostname => 'odoo.allomed.at', + mydomain => 'allomed.at', + mydestination => "\$myhostname, localhost.\$mydomain, localhost, $fqdn", + inet_interfaces => 'localhost', + } +} + +define odoo::instance ($db_pw,$ssl = false, $servername, $odooport, $odooport_logpolling) { + + $instance = $title + + include odoo + + user {$instance: + ensure => present, + groups => ["sudo"], + shell => '/bin/bash', + managehome => 'true', + } + + $key_andreas="andreas@$instance" + ssh_authorized_key { $key_andreas: + user => $instance, + type => 'ssh-rsa', + #key => 'AAAAB3NzaC1yc2EAAAABIwAAAQEAtd8TfqMUhFXsHuWHL0NBPem5V4eLdG4SKe2xTfIMFL7xGGvXjox7BDncUVJ/MSnYS5aWRYEjz1QY80Kj6KIpxqh8imW2EscLKHzMfcOEwzQh+7lcC/nexMrjlPOS2LyAh3KHTqUKbdxq4a6KuGqoydIY6u/pRBDgEAh5y0/YLJwIjTIDmW/lTB6ZlcXIMPTY05QsPG/adL76rN2TowG8qvP45uLoH9EjZ//9nes3lyjegsia2uJ4mVlvA3vEpzRC2Ku2F69ADUV7SVOyzvOvPi6l/RpbXHYJO5XWxyn2NrxZWPGuUCF5+JL3KYElIBTTTTB3gDWzWQAVF/QKXi1eiw==', + key => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDBIg6NZV4tTs+J5qUP4/zQAn+Xi3muKqbaSDV8yYm50mH77PcLwbkZVlxdF0/OFCl5f5FCNp4Ag4Px97M35Nv+BweOTCZNMKOHmvtXY1fCRUQnk6ca3NlipImppL0U47SUzt9KkNIsz0FWxLu74LANgxKwrf8Hgim8Nkq8WrlvuoJCqf+542N15cGrf/9eD6yRm7AmdFi7VIYrP4m7TPbXJBGX+cXOo0bKTyaq8mtinbUN5UCi/eJ08wYkm/CGVxL+9cm6HOABw332A8OadAliCZBWqhFT0rBKdoWLxBbTsILALskrddpKLwBLOUIU79YeT0OfNpLCnVi8u67X9inl', + } + + $key_stefan="stefan@$instance" + ssh_authorized_key { $key_stefan: + user => $instance, + type => 'ssh-rsa', + key => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDlOWE1x6FF4VsHTRSZ31iQsASlRLqMdIhyIY52ENM46uTOTEOENiyeFrQkRKZfIsic3TBg+u7HedzsCRl4U9Cy9boX46bkeFi1qZFB3iHkcIFDrlqQo0OBIlidNkuQ8fiDVVhjSJGzwRRiwIRp5f7vkBuYAhLMqgOXESXUhKl9RZFYaTAW4fEAQ1rqVAKibwiPaNpwh0zj4GeX8Ab2+NBNfKt8MslvEEbNbUCViH6ZS7DR66p+gYWTtP+Rzyd1F92pmoHam7Lqsk4Qc+5G7HHzDJuidsiu5UQiVaPu2KhzuX7fKEnRC0vDkknwuyYf7hUeuK8j0GpDpDmfWmo36Cyz', + } + + $key_kumar="kumar@$instance" + ssh_authorized_key { $key_kumar: + user => $instance, + type => 'ssh-rsa', + key => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDA8tPgqD6ZRixJGGypzKgeVUGnK5mGVfT25qQYFChTsjXVeCgfCNnN7IfnN8H7ive+du9Cz/G10hsH4v/1HZ8w0KaEWieWyiBjWDIoOJIdw3mjeLA2G0HR7aZ1Kal0VMh1zteGiHKBro7ASMEn58OVOKzxrGK0s/dTiZ/pAu0yyoD9CDvqAfhhJm+EAh2E9/CG3QfhndSkHZen/AYxhIek1Wv5RwRneKns5iDs/MJyjC9VFuZCVyYHIzshzHtHkAH7O1hxd++pKuvNiI8w0CoeTr+DwpwZRMEpsohIygyRkEgYgVQlGyxf7chHy6Mip91ljzHKNCAVG5VDNtY7ij5P', + } + + + + $sudo_entry="$instance ALL = (root) NOPASSWD: /etc/init.d/odoo-server-$instance, /usr/sbin/service odoo-server-$instance *" + sudo::conf { $instance: + priority => 10, + content => $sudo_entry, + } + + # Logfile + file { "/var/log/odoo/$instance": + owner => $instance, + group => $instance, + mode => '0700', + ensure => "directory", + #require => file['/var/log/odoo'], + } + + file { "/home/$instance/logs": + ensure => "link", + owner => $instance, + group => $instance, + mode => '0600', + target => "/var/log/odoo/$instance/odoo-server.log", + } + + + $require_log = "file[/var/log/odoo/$instance]" + file { "/var/log/odoo/$instance/odoo-server.log": + owner => $instance, + group => $instance, + mode => '0600', + ensure => present, + require => $require_log, + } + + $logrotate_file = "/etc/logrotate.d/odoo-$instance" + file { $logrotate_file: + owner => 'root', + group => 'root', + mode => '0644', + ensure => present, + content => template('odoo/logrotate.erb'), + } + + # init file + # sudo ln -s /opt/odoo/odoo/config/odoo-server.init /etc/init.d/odoo-server + $init_odoo_notify = "Service[odoo-server-$instance]" + file { "/etc/init.d/odoo-server-$instance": + owner => $instance, + group => $instance, + mode => '0755', + ensure => present, + content => template('odoo/odoo-server.init.erb'), + notify => $init_odoo_notify, + } + + file { "/home/$instance/restart.sh": + owner => $instance, + group => $instance, + mode => '0755', + ensure => present, + content => template('odoo/restart.sh.erb'), + } + + file { "/home/$instance/ext.git": + owner => $instance, + group => $instance, + mode => '0600', + ensure => "directory", + recurse => true, + require => Package[git], + } + + file { "/home/$instance/ext": + owner => $instance, + group => $instance, + mode => '0700', + ensure => "directory", + } + + $git_requires = "File[/home/$instance/ext.git]" + $git_create_cmd = "sudo -u $instance git init --bare /home/$instance/ext.git" + $git_unless_cmd = "sudo -u $instance test -e /home/$instance/ext.git/HEAD" + $git_repo = "git_repo_$instance" + exec { $git_repo: + command => $git_create_cmd, + unless => $git_unless_cmd, + path => ['/bin', '/sbin', '/usr/bin', '/usr/sbin'], + require => $git_requires, + } + + file { "/home/$instance/ext.git/hooks/post-receive": + owner => $instance, + group => $instance, + mode => '0700', + ensure => present, + content => "#!/bin/bash +git --work-tree=/home/$instance/ext --git-dir=/home/$instance/ext.git checkout -f", + require => Exec[$git_repo], + } + + + + # backup + file { "/home/$instance/odoo-backup.sh": + owner => $instance, + group => $instance, + mode => '0700', + ensure => present, + content => template('odoo/odoo-backup.sh.erb'), + } + + + $cron_cmd = "/home/$instance/odoo-backup.sh" + $cron_require = "file[/home/$instance/odoo-backup.sh]" + $odoo_backup = "odoo-backup-$instance" + cron { $odoo_backup: + command => $cron_cmd, + user => $instance, + hour => 1, + minute => 30, + require => $cron_require, + } + + # dictionaly for odoo backups + file { "/var/pgdump/$instance": + owner => $instance, + group => $instance, + mode => '0700', + ensure => "directory", + } + + $odoo_service = "odoo-server-$instance" + $odoo_service_req = "file[/etc/init.d/odoo-server-$instance]" + # Run server + service {$odoo_service: + ensure => running, + require => $odoo_service_req, + enable => true, + } + + # Postgresql User + # sudo su - postgres -c "createuser -s $OE_USER" 2> /dev/null || true + postgresql::server::role { "$instance": + password_hash => postgresql_password($instance, $db_pw), + createdb => true, + require => Exec['utf8 postgres'], + } + + # NGINX + # Run server + service {'nginx': + ensure => running, + require => Package['nginx'], + enable => true, + } + + if str2bool("$ssl") { + $key_file_test = "test -e /etc/nginx/ssl/$instance.key" + $key_file_cmd = "sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/nginx/ssl/$instance.key -out /etc/nginx/ssl/$instance.crt -subj \"/C=AT/ST=Vienna/L=Vienna/O= Security/OU=IT Department/CN=dummy\"" + $certname = "ssl_cert_$instance" + exec { $certname: + command => $key_file_cmd, + unless => $key_file_test, + path => ['/bin', '/sbin', '/usr/bin', '/usr/sbin'], + notify => Service['nginx'], + } + } + + # Conf file + file { "/etc/nginx/conf.d/odoo-$instance.conf": + owner => 'www-data', + group => 'www-data', + mode => '0600', + ensure => present, + content => template('odoo/odoo.nginx.erb'), + notify => Service['nginx'], + } +} + diff --git a/setup/puppet/modules/odoo/templates/logrotate.erb b/setup/puppet/modules/odoo/templates/logrotate.erb new file mode 100644 index 00000000..d008e6d8 --- /dev/null +++ b/setup/puppet/modules/odoo/templates/logrotate.erb @@ -0,0 +1,7 @@ +/var/log/odoo/<%= @instance %>/*.log { + copytruncate + missingok + notifempty + size 5M + rotate 10 +} diff --git a/setup/puppet/modules/odoo/templates/odoo-backup.sh.erb b/setup/puppet/modules/odoo/templates/odoo-backup.sh.erb new file mode 100755 index 00000000..142d8036 --- /dev/null +++ b/setup/puppet/modules/odoo/templates/odoo-backup.sh.erb @@ -0,0 +1,33 @@ +#!/bin/sh +#dump the OpenERP DB (postgreSQL) +#author: Camadeus GmbH + +hostname=`/bin/hostname` + + +dbnames=`psql -d postgres -c "SELECT datname FROM pg_database WHERE NOT datistemplate AND datname <> 'postgres' AND datname like '<%= @instance %>%'" --tuples-only` + +# Dump DBs +for db in $dbnames +do + echo "creating backup for db: " $db + date=`date +"%Y%m%d_%H%M%N"` + filename="/var/pgdump/<%= @instance %>/${hostname}_${db}_${date}.sql" + pg_dump -E UTF-8 -F p -b -f $filename $db + chmod 600 $filename + gzip $filename +done + + +########################################## +## Housekeeping +########################################## +for file in `find /var/pgdump/<%= @instance %> -mtime +30 -type f -name '*.sql.gz'` +do + echo "deleting: " $file + rm $file +done + + +exit 0 + diff --git a/setup/puppet/modules/odoo/templates/odoo-server.conf.erb b/setup/puppet/modules/odoo/templates/odoo-server.conf.erb new file mode 100644 index 00000000..06a57feb --- /dev/null +++ b/setup/puppet/modules/odoo/templates/odoo-server.conf.erb @@ -0,0 +1,36 @@ +[options] +addons_path = /opt/odoo/ext/odoo/addons,/opt/odoo/ext/custom-addons +admin_passwd = <%= @master_pw %> + +db_host = False +db_name = False +db_password = False +db_port = False +db_user = odoo + +debug_mode = False +list_db = True +log_level = error +logfile = /var/log/odoo/<%= @master_pw %>/odoo-server.log + +max_cron_threads = 1 +workers = 1 + +#xmlrpc_interface = 127.0.0.1 +xmlrpc_port = 8069 + +timezone = Europe/Brussels + +# 5 min +#limit_time_cpu = 300 +# 10 min +#limit_time_real = 600 + +# input DMI: +limit_time_cpu = 3000 +limit_time_real = 6000 + +# if DB > 150MB, otherwise "AccessDenied" error occurs +# 10 GB +limit_memory_hard = 10000000000 + diff --git a/setup/puppet/modules/odoo/templates/odoo-server.init.erb b/setup/puppet/modules/odoo/templates/odoo-server.init.erb new file mode 100644 index 00000000..af543537 --- /dev/null +++ b/setup/puppet/modules/odoo/templates/odoo-server.init.erb @@ -0,0 +1,91 @@ +#!/bin/sh + +### BEGIN INIT INFO +# Provides: odoo-server-<%= @instance %> +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Should-Start: $network +# Should-Stop: $network +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Enterprise Resource Management software +# Description: Open ERP is a complete ERP and CRM software. +### END INIT INFO + +PATH=/bin:/sbin:/usr/bin:/usr/local/bin +DAEMON=/home/<%= @instance %>/ext/ext/odoo/odoo.py +NAME=odoo-server-<%= @instance %> +DESC=odoo-server-<%= @instance %> +WORKING_DIR=/home/<%= @instance %>/ext/ext/odoo + +FILTER="^<%= @instance %>" +# Specify the user name (Default: openerp). +USER=<%= @instance %> + +# Specify an alternate config file (Default: /etc/openerp-server.conf). +CONFIGFILE="/home/<%= @instance %>/ext/ext/config/odoo-server.conf" + +PIDFILE=/var/run/$NAME.pid +LOGFILE=/var/log/odoo/<%= @instance %>/odoo-server.log + +# Additional options that are passed to the Daemon. +DAEMON_OPTS="-c $CONFIGFILE --db-filter $FILTER --xmlrpc-port <%= @odooport %> --longpolling-port <%= @odooport_logpolling %> --logfile $LOGFILE" + +[ -x $DAEMON ] || exit 0 +[ -f $CONFIGFILE ] || exit 0 + +checkpid() { + [ -f $PIDFILE ] || return 1 + pid=`cat $PIDFILE` + [ -d /proc/$pid ] && return 0 + return 1 +} + +# Required, otherwise there are problems with sudoers-File, +# see file "Odoo_sudo_Startup_Error_20510316.odt" on Share +export LOGNAME=<%= @instance %> + +case "${1}" in + start) + echo -n "Starting ${DESC}: " + + start-stop-daemon --start --quiet --pidfile ${PIDFILE} \ + --chuid ${USER} --background --make-pidfile \ + --exec ${DAEMON} -d $WORKING_DIR -- ${DAEMON_OPTS} + + echo "${NAME}." + ;; + + stop) + echo -n "Stopping ${DESC}: " + + start-stop-daemon --stop --quiet --pidfile ${PIDFILE} \ + --oknodo + + echo "${NAME}." + ;; + + restart|force-reload) + echo -n "Restarting ${DESC}: " + + start-stop-daemon --stop --quiet --pidfile ${PIDFILE} \ + --oknodo + + sleep 1 + + start-stop-daemon --start --quiet --pidfile ${PIDFILE} \ + --chuid ${USER} --background --make-pidfile \ + --exec ${DAEMON} -d $WORKING_DIR -- ${DAEMON_OPTS} + + echo "${NAME}." + ;; + + *) + N=/etc/init.d/${NAME} + echo "Usage: ${NAME} {start|stop|restart|force-reload}" >&2 + exit 1 + ;; +esac + +exit 0 + diff --git a/setup/puppet/modules/odoo/templates/odoo.nginx.erb b/setup/puppet/modules/odoo/templates/odoo.nginx.erb new file mode 100644 index 00000000..3cb8a0df --- /dev/null +++ b/setup/puppet/modules/odoo/templates/odoo.nginx.erb @@ -0,0 +1,78 @@ +<% if ssl == true %> +server { + listen 80; + server_name <%= @servername %>; + return 301 https://$host$request_uri; +} +<% end %> + +# Should be higher for DMI! +upstream odoo-server-<%= @instance %> { + server 127.0.0.1:<%= @odooport %> fail_timeout=3000s; +} + +server { + <% if ssl == true %> + listen 443 ssl; + <% else %> + listen 80; + <% end %> + + server_name <%= @servername %>; + + # Specifies the maximum accepted body size of a client request, + # as indicated by the request header Content-Length. + client_max_body_size 200m; + + # log files + access_log /var/log/nginx/odoo-access-<%= @instance %>.log; + error_log /var/log/nginx/odoo-error-<%= @instance %>.log; + + # increase proxy buffer to handle some OpenERP web requests + proxy_buffers 16 64k; + proxy_buffer_size 128k; + + <% if ssl == true %> + # SSL config + ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers HIGH:!aNULL:!MD5; + + <% if servername =~ /.*camadeus.at$/ %> + ssl_certificate /etc/nginx/ssl/camadeus.at.crt; + ssl_certificate_key /etc/nginx/ssl/camadeus.at.key; + <% else %> + ssl_certificate /etc/nginx/ssl/<%= @instance %>.crt; + ssl_certificate_key /etc/nginx/ssl/<%= @instance %>.key; + <% end %> + <% end %> + + location / { + proxy_pass http://odoo-server-<%= @instance %>; + # force timeouts if the backend dies + proxy_next_upstream error timeout invalid_header http_500 http_502 http_503; + proxy_read_timeout 300s; + + # set headers + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forward-For $proxy_add_x_forwarded_for; + + # Let the OpenERP web service know that we're using HTTPS, otherwise + # it will generate URL using http:// and not https:// + # proxy_set_header X-Forwarded-Proto https; + + # by default, do not forward anything + proxy_redirect off; + } + + # cache some static data in memory for 60mins. + # under heavy load this should relieve stress on the OpenERP web interface a bit. + location ~* /web/static/ { + proxy_cache_valid 200 60m; + proxy_buffering on; + expires 864000; + proxy_pass http://odoo-server-<%= @instance %>; + } + +} + diff --git a/setup/puppet/modules/odoo/templates/restart.sh.erb b/setup/puppet/modules/odoo/templates/restart.sh.erb new file mode 100755 index 00000000..da793ff2 --- /dev/null +++ b/setup/puppet/modules/odoo/templates/restart.sh.erb @@ -0,0 +1,5 @@ +#!/bin/sh +# info: restart Odoo server +# author: Camadeus GmbH + +sudo /etc/init.d/odoo-server-<%= @instance %> restart \ No newline at end of file diff --git a/setup/puppet/modules/odoo/tests/init.pp b/setup/puppet/modules/odoo/tests/init.pp new file mode 100644 index 00000000..a73dd27a --- /dev/null +++ b/setup/puppet/modules/odoo/tests/init.pp @@ -0,0 +1 @@ +class { 'odoo': } diff --git a/setup/puppet/setup_server.sh b/setup/puppet/setup_server.sh new file mode 100755 index 00000000..054fada8 --- /dev/null +++ b/setup/puppet/setup_server.sh @@ -0,0 +1,42 @@ +#!/bin/bash + + +HOST='tbd' + +if [ $# -lt 1 ] || [ $# -gt 1 ]; then + echo "Usage: ./setup_server.sh " + exit 1 +fi + +echo "Are you sure? [Press Y to confirm!]" +read ANSWER + +if [ "$ANSWER" != "Y" ]; then + echo "Ok, good bye!" + exit 1 +fi + + +TYPE=$1 +USER=root + +if [ "$TYPE" = "init" ]; then + ssh ${USER}@$HOST "sudo echo '$HOST' > /etc/hostname; sudo /etc/init.d/hostname.sh start; sudo apt-get update; sudo apt-get install puppet;" + ssh ${USER}@${HOST} "sudo apt-get install rsync" + ssh ${USER}@${HOST} "sudo puppet module install puppetlabs-postgresql" + ssh ${USER}@${HOST} "sudo puppet module install saz-sudo" + ssh ${USER}@${HOST} "sudo puppet module install thias-postfix" +fi + +if [ "$TYPE" = "update" ]; then + USER=odoo +fi + +# Copy to server +rsync -av --copy-links "site.pp" "${USER}@${HOST}:/tmp/site.pp" +rsync -arv --copy-links "modules" "${USER}@${HOST}:/tmp" + +ssh ${USER}@${HOST} "sudo mv -f /tmp/site.pp /etc/puppet/manifests/site.pp" +ssh ${USER}@${HOST} "sudo rm -rf /etc/puppet/modules/odoo; sudo mv /tmp/modules/odoo /etc/puppet/modules; sudo rm -rf /tmp/modules" + +ssh ${USER}@${HOST} "sudo puppet apply /etc/puppet/manifests/site.pp" diff --git a/setup/puppet/site.pp b/setup/puppet/site.pp new file mode 100644 index 00000000..4f090557 --- /dev/null +++ b/setup/puppet/site.pp @@ -0,0 +1,13 @@ + +node default { + + TODO + odoo::instance {'TODO': + db_pw => 'x54ef6t77t6ZZul3', + ssl => true, + servername => 'TODO', + odooport => 8069, + odooport_logpolling => 8070, + } + +} \ No newline at end of file