Skip to content

update www_lib for trixie and some cleanup #968

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
umjnega wants to merge 17 commits into
base: production
Choose a base branch
from
Open

update www_lib for trixie and some cleanup #968

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
17 commits
Select commit Hold shift + click to select a range
87024c0
remove shib config and tests
umjnega Mar 27, 2026
be90fd5
remove mpub and libstaff users
umjnega Mar 27, 2026
aed4eff
update java to default-jre-headless to test
umjnega Mar 31, 2026
093c58c
fix quotes
umjnega Mar 31, 2026
0c2b8da
install MDB2 extensions via pear rather than debian
umjnega Mar 31, 2026
6628e7b
fix whitespace
umjnega Mar 31, 2026
9e3c8b4
ensure beta version of MDB2_Driver_mysql
umjnega Mar 31, 2026
c62fca0
remove libdbd-oracle-perl to install via cpan
umjnega Apr 1, 2026
cf0b032
removing to test, might be duplicated
umjnega Apr 1, 2026
0cb6dd2
Remove the www_lib users class entirely
skorner Apr 2, 2026
bd5ad62
Remove vestigial fulcrum support from www_lib
skorner Apr 2, 2026
01918ed
Remove ShibCompatValidUser from www_lib
skorner Apr 2, 2026
a229903
Address linter feedback
skorner Apr 3, 2026
97eb6a2
Take two on the whitespace issue
skorner Apr 3, 2026
59272be
add symlink machine ssl cert
umjnega Apr 7, 2026
81f7a6a
move and fix link code
umjnega Apr 7, 2026
ad81057
replace hostname with fqdn
umjnega Apr 7, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 0 additions & 6 deletions manifests/apache/www_lib_vhost.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,12 +60,6 @@
if($auth_openidc) {
$auth_openidc_fragment = @("EOT")
OIDCRedirectURI ${auth_openidc_redirect_uri}
# For www_lib, we are sure that Shibboleth is installed, and we must
# disable its "compatibility mode" with valid-user, or mod_auth_openidc never
# gets a chance at the request. The name of the option and its docs
# imply the reverse, but we want Compat On.
# https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPApacheConfig#NativeSPApacheConfig-Server/VirtualHostOptions
ShibCompatValidUser On
|EOT
} else {
$auth_openidc_fragment = ''
Expand Down
1 change: 0 additions & 1 deletion manifests/profile/apache/authz_umichlib.pp
View file
Open in desktop
Copy link
Copy Markdown
Contributor Author

@umjnega umjnega Apr 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is probably used somewhere outside of www-lib webservers, but i noticed it was being called twice for the www-lib-testing test server. Removed temporarily since it was installed manually via CPAN for testing.

Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,6 @@
# not in ensure_packages.
ensure_packages (
[
'libdbd-oracle-perl',
'libaprutil1-dbd-oracle',
'oracle-instantclient12.1-basic',
'oracle-instantclient12.1-devel',
Expand Down
15 changes: 1 addition & 14 deletions manifests/profile/www_lib/apache/base.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@

class { 'nebula::profile::monitor_pl':
directory => $nebula::profile::apache::monitoring::monitor_dir,
shibboleth => true,
shibboleth => false,
solr_cores => lookup('nebula::www_lib::monitor::solr_cores'),
http_checks => lookup('nebula::www_lib::monitor::http_checks',
default_value => []),
Expand Down Expand Up @@ -57,18 +57,5 @@
include apache::mod::proxy_http
include apache::mod::reqtimeout
include apache::mod::setenvif
class { 'apache::mod::shib': }
include apache::mod::xsendfile

file { '/etc/apache2/mods-available/shib2.conf':
ensure => 'file',
content => template('nebula/profile/www_lib/shib2.conf.erb'),
require => File['/etc/apache2/mods-available'],
}

file { '/etc/apache2/mods-enabled/shib2.conf':
ensure => 'link',
target => '/etc/apache2/mods-available/shib2.conf',
require => File['/etc/apache2/mods-available/shib2.conf'],
}
}
14 changes: 14 additions & 0 deletions manifests/profile/www_lib/apache/fulcrum.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,4 +74,18 @@
'*.fulcrumservices.net'
],
}

class { 'apache::mod::shib': }

file { '/etc/apache2/mods-available/shib2.conf':
ensure => 'file',
content => template('nebula/profile/www_lib/shib2.conf.erb'),
require => File['/etc/apache2/mods-available'],
}

file { '/etc/apache2/mods-enabled/shib2.conf':
ensure => 'link',
target => '/etc/apache2/mods-available/shib2.conf',
require => File['/etc/apache2/mods-available/shib2.conf'],
}
}
5 changes: 5 additions & 0 deletions manifests/profile/www_lib/apache/misc.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,11 @@
}
}

file { '/etc/ssl/private/machine-cert-deepblue.lib.pem':
ensure => 'link',
target => "/etc/ssl/private/${facts['networking']['fqdn']}.pem",
}

include nebula::profile::www_lib::vhosts::midaily
include nebula::profile::www_lib::vhosts::publishing
include nebula::profile::www_lib::vhosts::med
Expand Down
2 changes: 1 addition & 1 deletion manifests/profile/www_lib/dependencies.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@
'git',
'emacs',
'imagemagick',
"${java_source}-${jdk_version}-jre",
'default-jre-headless',
]
)
}
1 change: 0 additions & 1 deletion manifests/profile/www_lib/perl.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,6 @@
'libdata-section-simple-perl',
'libdate-manip-perl',
'libdbd-mysql-perl',
'libdbd-oracle-perl',
'libdbi-perl',
'libdbix-class-perl',
'libdigest-sha-perl',
Expand Down
12 changes: 2 additions & 10 deletions manifests/profile/www_lib/php.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,14 +83,6 @@
]
)

# Pear and database packages
ensure_packages (
[
'php-mdb2',
'php-mdb2-driver-mysql'
]
)

# Configure FPM config file
php::config { 'fpm php.ini':
file => "/etc/php/${default_php_version}/fpm/php.ini",
Expand Down Expand Up @@ -168,8 +160,8 @@
'HTTP_Request2' => { package_prefix => '', provider => 'pear' },
'HTTP_Session2' => { ensure => 'beta', package_prefix => '', provider => 'pear' },
'Log' => { package_prefix => '', provider => 'pear' },
# MDB2
# MDB2_Driver_mysql
'MDB2' => { package_prefix => '', provider => 'pear' },
'MDB2_Driver_mysql' => { ensure => 'beta', package_prefix => '', provider => 'pear' },
'Mail' => { package_prefix => '', provider => 'pear' },
'Net_SMTP' => { package_prefix => '', provider => 'pear' },
'Net_Socket' => { package_prefix => '', provider => 'pear' },
Expand Down
8 changes: 0 additions & 8 deletions manifests/profile/www_lib/users.pp
View file
Open in desktop

This file was deleted.

8 changes: 0 additions & 8 deletions manifests/role/webhost/www_lib_vm.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@
# include nebula::role::webhost::www_lib_vm
class nebula::role::webhost::www_lib_vm (
String $private_address_template = '192.168.0.%s',
String $shibboleth_config_source = 'puppet:///shibboleth-www-lib',
Hash $hosts = {}
) {
include nebula::role::umich
Expand All @@ -30,18 +29,11 @@

include nebula::profile::krb5
include nebula::profile::afs
include nebula::profile::www_lib::users

# This is only for the global constant of $default_access, used in the more
# specific profiles, where all of the resources are defined.
include nebula::profile::www_lib::apache

include nebula::profile::www_lib::apache::base
include nebula::profile::www_lib::apache::misc
include nebula::profile::www_lib::apache::fulcrum

class { 'nebula::profile::shibboleth':
config_source => $shibboleth_config_source,
watchdog_minutes => '*/30',
}
}
18 changes: 0 additions & 18 deletions spec/classes/role/www_lib_vm_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,23 +25,6 @@

it { is_expected.to contain_apache__vhost("000-default-ssl").with(ssl: true, ssl_cert: "/etc/ssl/certs/lib.umich.edu.crt") }

it "configures shibboleth" do
expect(subject).to contain_class("nebula::profile::shibboleth")
.with(startup_timeout: 900)
.with(watchdog_minutes: "*/30")
end

it do
expect(subject).to contain_file("/etc/apache2/mods-available/shib2.conf")
.with_content(%r{SetHandler shib-handler})
end

it do
expect(subject).to contain_file("/etc/apache2/mods-enabled/shib2.conf")
.with_ensure("link")
.with_target("/etc/apache2/mods-available/shib2.conf")
end

it do
expect(subject).to contain_apache__vhost("www.lib-ssl")
.with(servername: "www.lib.umich.edu",
Expand Down Expand Up @@ -198,7 +181,6 @@

it { is_expected.to contain_cron("purge apache access logs 1/2") }
it { is_expected.to contain_cron("purge apache access logs 2/2") }
it { is_expected.to contain_cron("shibd existence check") }
it { is_expected.to contain_cron("staff.lib parse") }
it { is_expected.to contain_cron("Proactively scan the log files for suspcious activity") }
end
Expand Down