Recommit for updates in build 39

2026-03-14 13:20:39 +01:00
5 changed files with 95 additions and 245 deletions
--- a/126
+++ b/126
@@ -1,126 +0,0 @@
 pipeline {
    agent {
      label 'puppet'
    }
    post {
        always {
            deleteDir() /* clean up our workspace */
        }
        success {
            updateGitlabCommitStatus state: 'success'
        }
        failure {
            updateGitlabCommitStatus state: 'failed'
            step([$class: 'Mailer', notifyEveryUnstableBuild: true, recipients: 'support@confdroid.com', sendToIndividuals: true])
        }
    }
    options {
          gitLabConnection('gitlab.confdroid.com')
    }
    stages {
      stage('pull master') {
        steps {
          sshagent(['edd05eb6-26b5-4c7b-a5cc-ea2ab899f4fa']) {
            sh '''
                git config user.name "Jenkins Server"
                git config user.email jenkins@confdroid.com
                # Ensure we're on the development branch (triggered by push)
                git checkout development
                # Create jenkins branch from development
                git checkout -b jenkins-build-$BUILD_NUMBER
                # Optionally merge master into jenkins to ensure compatibility
                git merge origin/master --no-ff || { echo "Merge conflict detected"; exit 1; }
            '''
        }
      }
    }
      stage('puppet parser') {
        steps {
          sh '''for file in $(find . -iname \'*.pp\'); do
            /opt/puppetlabs/bin/puppet parser validate --color false --render-as s --modulepath=modules $file || exit 1;
            done;'''
          }
        }
      stage('check templates') {
        steps{
          sh '''for file in $(find . -iname \'*.erb\');
            do erb -P -x -T "-" $file | ruby -c || exit 1;
            done;'''
        }
      }
      stage('puppet-lint') {
        steps {
          sh '''/usr/local/bin/puppet-lint . \\
                --no-variable_scope-check \\
                || { echo "Puppet lint failed"; exit 1; }
            '''
          }
        }
      stage('SonarScan') {
         steps {
            withCredentials([string(credentialsId: 'sonar-token', variable: 'SONAR_TOKEN')]) {
              sh '''
              /opt/sonar-scanner/bin/sonar-scanner \
                -Dsonar.projectKey=confdroid_apache \
                -Dsonar.sources=. \
                -Dsonar.host.url=https://sonarqube.confdroid.com \
                -Dsonar.token=$SONAR_TOKEN
                '''
              }
            }
          }
      stage('create Puppet documentation') {
        steps {
          sh '/opt/puppetlabs/bin/puppet strings'
        }
      }
      stage('update repo') {
        steps {
          sshagent(['edd05eb6-26b5-4c7b-a5cc-ea2ab899f4fa']) {
            sh '''
                git config user.name "Jenkins Server"
                git config user.email jenkins@confdroid.com
                git rm -r --cached .vscode || echo "No .vscode to remove from git"
                git add -A && git commit -am "Recommit for updates in build $BUILD_NUMBER" || echo "No changes to commit"
                git push origin HEAD:master
            '''
        }
      }
    }
      stage('Mirror to Gitea') {
        steps {
          withCredentials([usernamePassword(
            credentialsId: 'Jenkins-gitea',
            usernameVariable: 'GITEA_USER',
            passwordVariable: 'GITEA_TOKEN')]) {
            script {
              // Checkout from GitLab (already done implicitly)
                sh '''
                  git checkout master
                  git pull origin master
                  git branch -D development
                  git branch -D jenkins-build-$BUILD_NUMBER
                  git rm -f Jenkinsfile
                  git rm -r --cached .vscode || echo "No .vscode to remove from git"
                  git commit --amend --no-edit --allow-empty
                  git remote add master https://sourcecode.confdroid.com/confdroid/confdroid_apache.git
                  git -c credential.helper="!f() { echo username=${GITEA_USER}; echo password=${GITEA_TOKEN}; }; f" \
                  push master --mirror
                  '''
          }
        }
      }
    }
  }
 }
--- a/doc/file.README.html
+++ b/doc/file.README.html
@@ -122,6 +122,11 @@
 <p>manage nagios monitoring for the service (optional)</p>
 </li></ul>
 <p>Optional</p>
 <ul><li>
 <p>manage remoteIP logging if running behind a Loadbalancer like HAproxy: if <code>ae_use_lb</code> is set to <code>true</code>, a configuration file <code>etc/httpd/conf.d/loadbalancer-remoteip.conf</code>is created and configures apache/httpd to use the remote header. This allows proper fail2ban protection even behind the Loadbalancer. Make sure to set <code>ae_trusted_proxy</code>to the proper IP or range for the loadbalancer!</p>
 </li></ul>
 <p>Maintenance</p>
 <ul><li>
 <p>manage the service</p>
--- a/doc/index.html
+++ b/doc/index.html
@@ -122,6 +122,11 @@
 <p>manage nagios monitoring for the service (optional)</p>
 </li></ul>
 <p>Optional</p>
 <ul><li>
 <p>manage remoteIP logging if running behind a Loadbalancer like HAproxy: if <code>ae_use_lb</code> is set to <code>true</code>, a configuration file <code>etc/httpd/conf.d/loadbalancer-remoteip.conf</code>is created and configures apache/httpd to use the remote header. This allows proper fail2ban protection even behind the Loadbalancer. Make sure to set <code>ae_trusted_proxy</code>to the proper IP or range for the loadbalancer!</p>
 </li></ul>
 <p>Maintenance</p>
 <ul><li>
 <p>manage the service</p>
--- a/doc/puppet_classes/confdroid_apache_3A_3Aparams.html
+++ b/doc/puppet_classes/confdroid_apache_3A_3Aparams.html
@@ -129,118 +129,6 @@ inherited by all classes except defines.
    </li>
    <li>
        <span class='name'>ae_manage_user</span>
        <span class='type'>(<tt>Boolean</tt>)</span>
        &mdash;
        <div class='inline'>
 <p>Whether or not to manage details for the httpd service user. This is generally only required when using httpd on a number of servers sharing storage resources, i.e. NFS, where UID and GID settings must be same across all nodes.</p>
 </div>
    </li>
    <li>
        <span class='name'>ae_user_name</span>
        <span class='type'>(<tt>String</tt>)</span>
        &mdash;
        <div class='inline'>
 <p>Specify the user name for the httpd user. only active if ae_manage_user is set to true.</p>
 </div>
    </li>
    <li>
        <span class='name'>ae_user_uid</span>
        <span class='type'>(<tt>String</tt>)</span>
        &mdash;
        <div class='inline'>
 <p>Specify the UID for the httpd service user. only active if <code>ae_manage_user</code> is set to true.</p>
 </div>
    </li>
    <li>
        <span class='name'>ae_u_comment</span>
        <span class='type'>(<tt>String</tt>)</span>
        &mdash;
        <div class='inline'>
 <p>Specify the user comment for /etc/passwd. Shows up in email notifications as sender information. only active if <code>ae_manage_user</code> is set to true.</p>
 </div>
    </li>
    <li>
        <span class='name'>ae_u_groups</span>
        <span class='type'>(<tt>String</tt>)</span>
        &mdash;
        <div class='inline'>
 <p>Specify any secondary groups the httpd service user should be in. Must not contain the primary group. only active if <code>ae_manage_user</code> is set to true.</p>
 </div>
    </li>
    <li>
        <span class='name'>ae_user_home</span>
        <span class='type'>(<tt>String</tt>)</span>
        &mdash;
        <div class='inline'>
 <p>Specify the home of the httpd service user. only active if <code>ae_manage_user</code> is set to true.</p>
 </div>
    </li>
    <li>
        <span class='name'>ae_user_shell</span>
        <span class='type'>(<tt>String</tt>)</span>
        &mdash;
        <div class='inline'>
 <p>Specify the shell for the httpd service user, which normally should not be allowed to log in . only active if <code>ae_manage_user</code> is set to true.</p>
 </div>
    </li>
    <li>
        <span class='name'>ae_manage_cfg</span>
@@ -435,6 +323,42 @@ inherited by all classes except defines.
        &mdash;
        <div class='inline'>
 <p>List of packages to install.</p>
 </div>
    </li>
    <li>
        <span class='name'>ae_use_lb</span>
        <span class='type'>(<tt>Boolean</tt>)</span>
        <em class="default">(defaults to: <tt>false</tt>)</em>
        &mdash;
        <div class='inline'>
 <p>whether to use load balancer or not. If true, a configuration file will be created to allow reading the client ips from the X-Forwarded-For header, and the httpd service will be restarted to apply the changes. This is required when using httpd behind a load balancer like haproxy, otherwise all client ips will be logged as the load balancer ip.</p>
 </div>
    </li>
    <li>
        <span class='name'>ae_trusted_proxy</span>
        <span class='type'>(<tt>String</tt>)</span>
        <em class="default">(defaults to: <tt>&#39;10.0.1.0/24&#39;</tt>)</em>
        &mdash;
        <div class='inline'>
 <p>the IP address of the trusted proxy, i.e. the load balancer. This is required when <code>ae_use_lb</code> is set to true, and defaults to ‘10.0.1.0/24’.</p>
 </div>
    </li>
@@ -450,6 +374,16 @@ inherited by all classes except defines.
        <pre class="lines">
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
@@ -509,14 +443,10 @@ inherited by all classes except defines.
 103
 104
 105
-106
+106</pre>
 107
 108
 109
 110</pre>
      </td>
      <td>
-        <pre class="code"><span class="info file"># File 'manifests/params.pp', line 47</span>
+        <pre class="code"><span class="info file"># File 'manifests/params.pp', line 37</span>
 class confdroid_apache::params (
@@ -540,6 +470,10 @@ class confdroid_apache::params (
  String $ae_http_port        = &#39;80&#39;,
  String $ae_https_port       = &#39;443&#39;,
 # loadbalancer
  Boolean $ae_use_lb          = false,
  String $ae_trusted_proxy    = &#39;10.0.1.0/24&#39;,
 ) {
 # facts
  $fqdn                             = $facts[&#39;networking&#39;][&#39;fqdn&#39;]
@@ -578,6 +512,8 @@ class confdroid_apache::params (
  $ae_userdir_erb     = &#39;confdroid_apache/userdir_conf.erb&#39;
  $ae_index_file      = &#39;/var/www/html/index.html&#39;
  $ae_index_erb       = &#39;confdroid_apache/index_html.erb&#39;
  $ae_remoteip_file   = &#39;/etc/httpd/conf.d/loadbalancer-remoteip.conf&#39;
  $ae_remoteip_erb    = &#39;confdroid_apache/loadbalancer_remoteip_conf.erb&#39;
 # includes must be last
  include confdroid_apache::main::config
--- a/doc/puppet_classes/confdroid_apache_3A_3Aserver_3A_3Afiles.html
+++ b/doc/puppet_classes/confdroid_apache_3A_3Aserver_3A_3Afiles.html
@@ -205,7 +205,22 @@
 107
 108
 109
-110</pre>
+110
 111
 112
 113
 114
 115
 116
 117
 118
 119
 120
 121
 122
 123
 124
 125</pre>
      </td>
      <td>
        <pre class="code"><span class="info file"># File 'manifests/server/files.pp', line 6</span>
@@ -299,6 +314,21 @@ class confdroid_apache::server::files (
    }
  }
  if $ae_use_lb == true {
    file { $ae_remoteip_file:
      ensure   =&gt; file,
      owner    =&gt; &#39;root&#39;,
      group    =&gt; &#39;root&#39;,
      mode     =&gt; &#39;0644&#39;,
      selrange =&gt; s0,
      selrole  =&gt; object_r,
      seltype  =&gt; httpd_conf_t,
      seluser  =&gt; system_u,
      content  =&gt; template($ae_remoteip_erb),
      notify   =&gt; Service[&#39;httpd&#39;],
    }
  }
  # manage index.html
  file { $ae_index_file: