echocat · dwerder · Jan 18, 2016 · Jan 14, 2016 · Jan 14, 2016 · Jan 18, 2016
diff --git a/README.md b/README.md
@@ -216,8 +216,8 @@ ones set for the principal instance.
 So in this case you would have 3 cache instances, the first one is `cache` (you can refer to it as `cache:a` too), `cache:b` and `cache:c`. cache:a will listen on ports 2003, 2004 and 7002 for line, pickle and query respectively. But, cache:b will do it on ports 2103, 2104, and 7102, and cache:c on 2203, 2204 and 7202. All other parameters from cache:a will be inherited by cache:b and c.
 
 ###Installing with something other than pip and specifying package names and versions
-If you need to install via something other pip, an internal apt repo with fpm converted packages for instance, you can set `gr_pip_install` to false.
-If you're doing this you'll most likely have to override the default package names and versions as well. 
+If you need to install via something other than pip, an internal apt repo with fpm converted packages for instance, you can set `gr_pip_install` to false.
+If you're doing this you'll most likely have to override the default package names and versions as well.
 ```puppet
   class { '::graphite':
     gr_pip_install        => false,
@@ -400,7 +400,19 @@ The storage aggregation rules.
 
 #####`gr_web_server`
 
-Default is 'apache'. The web server to use. Valid values are 'apache', 'nginx', 'wsgionly' or 'none'. 'nginx' is only supported on Debian-like systems. And 'none' means that you will manage the webserver yourself.
+Default is 'apache'. The web server to configure. Valid values are 'apache', 'nginx', 'wsgionly' or 'none'. 
+
+Apache is configured with mod_wsgi, nginx is configured with gunicorn. 'wsgionly' configures only gunicorn.
+
+The value 'none' means that you will manage the webserver yourself.
+
+#####`gr_web_server_port`
+
+Default is 80. The HTTP port which the web server will use. Only used for $gr_web_server => 'apache' or 'nginx'.
+
+#####`gr_web_server_port_https`
+
+Default is 443. The HTTPS port which the web server will use. Only used for $gr_web_server => 'apache'.
 
 #####`gr_web_servername`
 
@@ -429,19 +441,11 @@ Path to SSL dir containing keys and certs. Default is undef.
 
 #####`gr_web_group`
 
-Default is undef. Group name to chgrp the files that will served by webserver.  Use only with gr_web_server => 'wsgionly' or 'none'.
+Group name to chgrp the files that will served by webserver. Only necessary for gr_web_server => 'wsgionly' or 'none'.
 
 #####`gr_web_user`
 
-Default is undef. Username to chown the files that will served by webserver.  Use only with gr_web_server => 'wsgionly' or 'none'.
-
-#####`gr_apache_port`
-
-Default is 80. The HTTP port apache will use.
-
-#####`gr_apache_port_https`
-
-Default is 443. The HTTPS port apache will use.
+Username to chown the files that will served by webserver. Only necessary for gr_web_server => 'wsgionly' or 'none'.
 
 #####`gr_apache_conf_template`
 
@@ -865,7 +869,7 @@ On Redhat distributions you need the EPEL or RPMforge repository, because Graphi
 
 ##Limitations
 
-This module is tested on CentOS 6.5 and Debian 7 (Wheezy) and should also run without problems on
+This module is tested on CentOS 6.5 and Debian 7 (Wheezy) and should also run on
 
 * RHEL/CentOS/Scientific 6+
 * Debian 6+
@@ -874,8 +878,17 @@ This module is tested on CentOS 6.5 and Debian 7 (Wheezy) and should also run wi
 Most settings of Graphite can be set by parameters. So their can be special configurations for you. In this case you should edit
 the file `templates/opt/graphite/webapp/graphite/local_settings.py.erb`.
 
-The nginx configs are only supported on Debian based systems at the moment.
+###Compatibility Notes
+* There is currently an [open ticket](https://tickets.puppetlabs.com/browse/PUP-3829) with Puppet about broken pip support in CentOS 6/7. The
+workaround for this bug is to create a symlink from `/usr/bin/pip-python` (which doesn't exist) to `/usr/bin/pip` (which does).
+* CentOS 7's default `nginx.conf` includes a `server` section listening on port 80. Thus, it is not possible to set up graphite without modifying 
+the package-provided configuration file. You will have to either manually remove the `server` section, or provide a `gr_web_server_port` other
+than port 80.
+* nginx/gunicorn requires a `systemctl restart gunicorn` after installing on Ubuntu 15.10
+* SELinux must be disabled
 
 ##Contributing
 
 Echocat modules are open projects. So if you want to make this module even better, you can contribute to this module on [Github](https://github.com/echocat/puppet-graphite).
+
+Make sure to read the repository's `DEVELOP.md` file first.
diff --git a/files/fix-graphite-race-condition.py b/files/fix-graphite-race-condition.py
@@ -0,0 +1,18 @@
+import sys
+sys.path.append('/opt/graphite/webapp')
+from django.contrib.auth.models import User
+from graphite.account.models import Profile
+from graphite.logger import log
+try:
+  defaultUser = User.objects.get(username='default')
+except User.DoesNotExist:
+  randomPassword = User.objects.make_random_password(length=16)
+  defaultUser = User.objects.create_user('default','default@localhost.localdomain',randomPassword)
+  defaultUser.save()
+
+try:
+  defaultProfile = Profile.objects.get(user=defaultUser)
+except Profile.DoesNotExist:
+  defaultProfile = Profile(user=defaultUser)
+  defaultProfile.save()
+
diff --git a/manifests/config.pp b/manifests/config.pp
@@ -15,29 +15,55 @@
   #            python-django-tagging, python-simplejson
   # optional:  python-ldap, python-memcache, memcached, python-sqlite
 
+  if $::service_provider == 'systemd' or ($::service_provider == 'debian' and $::operatingsystemmajrelease =~ /8|15\.10/) {
+    $initscript_notify = [Exec['graphite-reload-systemd'],]
+    exec { 'graphite-reload-systemd':
+      command     => 'systemctl daemon-reload',
+      path        => ['/usr/bin', '/usr/sbin', '/bin', '/sbin'],
+      refreshonly => true,
+    }
+  }
+  else {
+    $initscript_notify = []
+  }
+
   # we need an web server with python support
   # apache with mod_wsgi or nginx with gunicorn
   case $graphite::gr_web_server {
     'apache': {
+      $gr_web_user_REAL  = pick($::graphite::gr_web_user, $::graphite::params::apache_web_user)
+      $gr_web_group_REAL = pick($::graphite::gr_web_group, $::graphite::params::apache_web_group)
       include graphite::config_apache
       $web_server_package_require = [Package[$::graphite::params::apache_pkg]]
     }
 
     'nginx': {
       # Configure gunicorn and nginx.
+      $gr_web_user_REAL  = pick($::graphite::gr_web_user, $::graphite::params::nginx_web_user)
+      $gr_web_group_REAL = pick($::graphite::gr_web_group, $::graphite::params::nginx_web_group)
       include graphite::config_gunicorn
       include graphite::config_nginx
       $web_server_package_require = [Package['nginx']]
     }
 
     'wsgionly': {
       # Configure gunicorn only without nginx.
+      if !$::graphite::gr_web_user or !$::graphite::gr_web_group {
+        fail('having $gr_web_server => \'wsgionly\' requires use of $gr_web_user and $gr_web_group')
+      }
+      $gr_web_user_REAL  = pick($::graphite::gr_web_user)
+      $gr_web_group_REAL = pick($::graphite::gr_web_group)
       include graphite::config_gunicorn
       $web_server_package_require = undef
     }
 
     'none': {
       # Don't configure apache, gunicorn or nginx. Leave all webserver configuration to something external.
+      if !$::graphite::gr_web_user or !$::graphite::gr_web_group {
+        fail('having $gr_web_server => \'wsgionly\' requires use of $gr_web_user and $gr_web_group')
+      }
+      $gr_web_user_REAL  = pick($::graphite::gr_web_user)
+      $gr_web_group_REAL = pick($::graphite::gr_web_group)
       $web_server_package_require = undef
     }
 
@@ -54,8 +80,7 @@
     refreshonly => true,
     require     => File['/opt/graphite/webapp/graphite/local_settings.py'],
     subscribe   => Class['graphite::install'],
-  }~>
-
+  }
   # change access permissions for web server
 
   file {
@@ -67,10 +92,11 @@
       '/opt/graphite/storage/rrd',
       '/opt/graphite/storage/run'
     ]:
-      ensure  => directory,
-      group   => $::graphite::gr_web_group,
-      mode    => '0755',
-      owner   => $::graphite::gr_web_user;
+      ensure    => directory,
+      group     => $gr_web_group_REAL,
+      mode      => '0755',
+      owner     => $gr_web_user_REAL,
+      subscribe => Exec['Initial django db creation'],
   }
 
   # change access permissions for carbon-cache to align with gr_user
@@ -80,8 +106,8 @@
     $carbon_user  = $::graphite::gr_user
     $carbon_group = $::graphite::gr_group
   } else {
-    $carbon_user  = $::graphite::gr_web_user
-    $carbon_group = $::graphite::gr_web_group
+    $carbon_user  = $gr_web_user_REAL
+    $carbon_group = $gr_web_group_REAL
   }
 
   file {
@@ -99,41 +125,41 @@
       owner   => $carbon_user;
   }
 
-  # Lets ensure graphite.db owner is the same as gr_web_user
+  # Lets ensure graphite.db owner is the same as gr_web_user_REAL
   file {
     '/opt/graphite/storage/graphite.db':
       ensure  => file,
-      group   => $::graphite::gr_web_group,
+      group   => $gr_web_group_REAL,
       mode    => '0644',
-      owner   => $::graphite::gr_web_user;
+      owner   => $gr_web_user_REAL;
   }
 
   # Deploy configfiles
   file {
     '/opt/graphite/webapp/graphite/local_settings.py':
       ensure  => file,
       content => template('graphite/opt/graphite/webapp/graphite/local_settings.py.erb'),
-      group   => $::graphite::gr_web_group,
+      group   => $gr_web_group_REAL,
       mode    => '0644',
-      owner   => $::graphite::gr_web_user,
+      owner   => $gr_web_user_REAL,
       require => $web_server_package_require;
 
     '/opt/graphite/conf/graphite.wsgi':
       ensure  => file,
       content => template('graphite/opt/graphite/conf/graphite.wsgi.erb'),
-      group   => $::graphite::gr_web_group,
+      group   => $gr_web_group_REAL,
       mode    => '0644',
-      owner   => $::graphite::gr_web_user,
+      owner   => $gr_web_user_REAL,
       require => $web_server_package_require;
   }
 
   if $::graphite::gr_remote_user_header_name {
     file { '/opt/graphite/webapp/graphite/custom_auth.py':
       ensure  => file,
       content => template('graphite/opt/graphite/webapp/graphite/custom_auth.py.erb'),
-      group   => $::graphite::gr_web_group,
+      group   => $gr_web_group_REAL,
       mode    => '0644',
-      owner   => $::graphite::gr_web_user,
+      owner   => $gr_web_user_REAL,
       require => $web_server_package_require,
     }
   }
@@ -241,6 +267,7 @@
       content => template("graphite/etc/init.d/${::osfamily}/carbon-cache.erb"),
       mode    => '0750',
       require => File['/opt/graphite/conf/carbon.conf'],
+      notify  => $initscript_notify,
     }
   }
 
@@ -258,6 +285,7 @@
       content => template("graphite/etc/init.d/${::osfamily}/carbon-relay.erb"),
       mode    => '0750',
       require => File['/opt/graphite/conf/carbon.conf'],
+      notify  => $initscript_notify,
     }
   }
 
@@ -275,6 +303,8 @@
       content => template("graphite/etc/init.d/${::osfamily}/carbon-aggregator.erb"),
       mode    => '0750',
       require => File['/opt/graphite/conf/carbon.conf'],
+      notify  => $initscript_notify,
     }
   }
+
 }
diff --git a/manifests/config_apache.pp b/manifests/config_apache.pp
@@ -36,19 +36,23 @@
         }
       }
 
-      exec { 'Disable default apache site':
-        command => 'a2dissite 000-default',
-        notify  => Service[$::graphite::params::apache_service_name],
-        onlyif  => 'test -f /etc/apache2/sites-enabled/000-default -o -f /etc/apache2/sites-enabled/000-default.conf',
-        require => Package[$::graphite::params::apache_wsgi_pkg],
+      if ($::graphite::gr_web_server_port == 80 and $::graphite::gr_web_server_remove_default == undef) or ($::graphite::gr_web_server_remove_default == true) {
+        exec { 'Disable default apache site':
+          command => 'a2dissite 000-default',
+          notify  => Service[$::graphite::params::apache_service_name],
+          onlyif  => 'test -f /etc/apache2/sites-enabled/000-default -o -f /etc/apache2/sites-enabled/000-default.conf',
+          require => Package[$::graphite::params::apache_wsgi_pkg],
+        }
       }
     }
 
     'RedHat': {
-      file { "${::graphite::params::apacheconf_dir}/welcome.conf":
-        ensure  => absent,
-        notify  => Service[$::graphite::params::apache_service_name],
-        require => Package[$::graphite::params::apache_wsgi_pkg],
+      if ($::graphite::gr_web_server_port == 80 and $::graphite::gr_web_server_remove_default == undef) or ($::graphite::gr_web_server_remove_default == true) {
+        file { "${::graphite::params::apacheconf_dir}/welcome.conf":
+          ensure  => absent,
+          notify  => Service[$::graphite::params::apache_service_name],
+          require => Package[$::graphite::params::apache_wsgi_pkg],
+        }
       }
     }
 
@@ -57,6 +61,29 @@
     }
   }
 
+  # fix graphite's race condition on start
+  # if the exec fails, assume we're using a version of graphite that doesn't need it
+  file { '/tmp/fix-graphite-race-condition.py':
+    ensure => file,
+    source => 'puppet:///modules/graphite/fix-graphite-race-condition.py',
+    mode   => '0755',
+  }
+  exec { 'fix graphite race condition':
+    command     => 'python /tmp/fix-graphite-race-condition.py',
+    cwd         => '/opt/graphite/webapp',
+    environment => 'DJANGO_SETTINGS_MODULE=graphite.settings',
+    user        => $graphite::config::gr_web_user_REAL,
+    logoutput   => true,
+    group       => $graphite::config::gr_web_group_REAL,
+    returns     => [0, 1],
+    require     => [
+      File['/tmp/fix-graphite-race-condition.py'],
+      Exec['Initial django db creation'],
+      Service['carbon-cache'],
+    ],
+    before      => Service[$::graphite::params::apache_service_name],
+  }
+
   service { $::graphite::params::apache_service_name:
     ensure     => running,
     enable     => true,
@@ -69,9 +96,9 @@
     "${::graphite::params::apache_dir}/ports.conf":
       ensure  => file,
       content => template('graphite/etc/apache2/ports.conf.erb'),
-      group   => $::graphite::params::web_group,
+      group   => $::graphite::config::gr_web_group_REAL,
       mode    => '0644',
-      owner   => $::graphite::params::web_user,
+      owner   => $::graphite::config::gr_web_user_REAL,
       require => [
         Exec['Initial django db creation'],
         Package[$::graphite::params::apache_wsgi_pkg],
@@ -80,9 +107,9 @@
     "${::graphite::params::apacheconf_dir}/graphite.conf":
       ensure  => file,
       content => template($::graphite::gr_apache_conf_template),
-      group   => $::graphite::params::web_group,
+      group   => $::graphite::config::gr_web_group_REAL,
       mode    => '0644',
-      owner   => $::graphite::params::web_user,
+      owner   => $::graphite::config::gr_web_user_REAL,
       require => [
         File['/opt/graphite/storage'],
         File["${::graphite::params::apache_dir}/ports.conf"],
@@ -101,7 +128,7 @@
     }
 
     'RedHat': {
-      if $::graphite::gr_apache_port != 80 {
+      if $::graphite::gr_web_server_port != 80 {
         file { "${::graphite::params::apacheconf_dir}/${::graphite::params::apacheports_file}":
           ensure  => link,
           notify  => Service[$::graphite::params::apache_service_name],