storyboard: Work in progress on production deployment

3 files changed, 84 insertions, 19 deletions

diff --git a/README.mdwn b/README.mdwn
index 06412fe6..119f89a3 100644
--- a/README.mdwn
+++ b/README.mdwn
@@ -135,6 +135,27 @@ the database migrations, before the app will work:
 
     python /srv/baserock_openid_provider/manage.py migrate
 
+FIXME: I guess this could be done with cloud-init.
+
+
+Storyboard
+----------
+
+We use a slightly adapted version of
+<https://github.com/openstack-infra/puppet-storyboard> to deploy Storyboard.
+
+There's no development deployment for Storyboard at this time: the Puppet
+script expects to start services using systemd, and that doesn't work by
+default in a Docker container.
+
+To deploy the production version:
+
+    packer build -only=production baserock_storyboard/packer_template.json
+    nova boot openid_provider
+        --flavor dc1.1x1 --image 'baserock_storyboard' \
+        --key-name=<your-keypair> storyboard.baserock.org \
+        --nic='net-id=d079fa3e-2558-4bcb-ad5a-279040c202b5'
+
 
 Deployment to DataCentred
 -------------------------
diff --git a/baserock_storyboard/packer_template.json b/baserock_storyboard/packer_template.json
index 0c735f90..dc7cc95a 100644
--- a/baserock_storyboard/packer_template.json
+++ b/baserock_storyboard/packer_template.json
@@ -6,27 +6,47 @@
             "image": "fedora:20",
             "commit": true,
             "run_command": ["-d", "-i", "-t", "{{.Image}}", "/bin/sh"]
+        },
+        {
+            "name": "production",
+            "type": "openstack",
+            "image_name": "baserock_storyboard",
+            "flavor": "f0577618-9125-4948-b450-474e225bbc4c",
+            "source_image": "742e0414-c985-4994-b307-4aafade942b3",
+            "networks": ["d079fa3e-2558-4bcb-ad5a-279040c202b5"],
+            "floating_ip": "85.199.252.159",
+            "use_floating_ip": true,
+            "ssh_username": "fedora"
         }
     ],
     "provisioners": [
         {
             "type": "shell",
             "inline": [
-                "yum install -y ruby gem",
-                "gem install puppet"
+                "sudo yum install -y ruby gem",
+                "sudo gem install puppet"
             ]
         },
-        {   "type": "shell",
+        {
+            "type": "shell",
             "inline": [
-                "cd /src/test-baserock-infrastructure/baserock_storyboard",
-                "puppet module build puppet-storyboard",
-                "puppet module install puppet-storyboard/pkg/openstack-storyboard-*.*.*.tar.gz",
-                "puppet module install camptocamp-openssl"
-            ]
+               "sudo chown fedora:fedora /srv"
+            ],
+            "only": ["production"]
         },
         {
-            "type": "puppet-masterless",
-            "manifest_file": "baserock_storyboard/site.pp"
+            "type": "file",
+            "source": "baserock_storyboard",
+            "destination": "/srv",
+            "only": ["production"]
+        },
+        {   "type": "shell",
+            "inline": [
+                "cd /srv/baserock_storyboard",
+                "sudo /usr/local/bin/puppet module build puppet-storyboard",
+                "sudo /usr/local/bin/puppet module install puppet-storyboard/pkg/openstack-storyboard-*.*.*.tar.gz",
+                "sudo /usr/local/bin/puppet module install camptocamp-openssl"
+            ]
         }
     ],
     "post-processors": [
diff --git a/baserock_storyboard/site.pp b/baserock_storyboard/site.pp
index c91d5d5c..d062f817 100644
--- a/baserock_storyboard/site.pp
+++ b/baserock_storyboard/site.pp
@@ -3,20 +3,44 @@ node default {
     ensure => 'present'
   }
 
+  # This directory doesn't seem to exist by default in Fedora
+  file { '/etc/ssl/private':
+    ensure => directory
+    before => Class['storyboard::cert']
+  }
+
   # TEMPORARY SSL private key
   openssl::certificate::x509 { 'storyboard_dummy':
     country => 'UK',
     organization => 'The Baserock Project',
     commonname => 'baserock.org',
-    base_dir => '/etc/ssl',
-    password => 'insecure'
-  } ->
+    base_dir => '/tmp/',
+    password => 'insecure',
+    before => Class['storyboard::cert']
+  }
+
+  class { 'storyboard::cert':
+    ssl_cert_file => '/tmp/storyboard_dummy.crt',
+    ssl_key_file => '/tmp/storyboard_dummy.key',
+    ssl_ca_file => '/etc/ssl/certs/ca-bundle.crt'
+  }
+
+  # need class storyboard::rabbitmq too
+
+  class { 'storyboard::application':
+    openid_url => 'http://openid.baserock.org/',
+
+    mysql_host => '192.168.222.30',
+    mysql_database => 'storyboard',
+    mysql_user => 'storyboard',
+    # FIXME: need to read this from a file in /var/lib
+    mysql_user_password => 'storyboard_insecure',
 
-  class { 'storyboard':
-    mysql_user_password => 'insecure',
-    rabbitmq_user_password => 'insecure',
-    ssl_cert_file => '/etc/ssl/certs/storyboard_dummy.crt',
-    ssl_key_file => '/etc/ssl/certs/storyboard_dummy.key',
-    require => Group['ssl-cert']
+    rabbitmq_host => 'localhost',
+    rabbitmq_port => 5672,
+    rabbitmq_vhost => '/',
+    rabbitmq_user => 'storyboard',
+    # FIXME: need to read this from a file in /var/lib
+    rabbitmq_user_password => 'storyboard_insecure'
   }
 }