Puppet Class: dragonfly::dfdaemon

Defined in:
modules/dragonfly/manifests/dfdaemon.pp

Summary

Install and configures Dragonfly dfdaemon and dfget to be used as HTTPS proxy by local docker.

Overview

SPDX-License-Identifier: Apache-2.0

Parameters:

  • supernodes (Array[String])

    List of dragonfly supernodes in the format: “host:port(default:8002)=weight(default:1)”.

  • dfdaemon_ssl_cert (Stdlib::Absolutepath)

    The certificate used to secure connections to dfdaemon (needs alt names 127.0.0.1, ::1 and localhost). It is also used to hijack TLS connections to the source registry, so it needs to include an alt name for @docker_registry_fqdn as well.

  • dfdaemon_ssl_key (Stdlib::Absolutepath)

    Key for the @dfdaemon_ssl_cert.

  • docker_registry_fqdn (Stdlib::Fqdn)

    FQDN of the source docker registry. dfdaemon will hijack connections to this registry when used as HTTPS_PROXY.

  • proxy_urls_regex (Array[String]) (defaults to: ['blobs/sha256.*'])

    A list of URL regexes for that requests should be send though the P2P network-

  • ratelimit (String) (defaults to: '100M')

    Rate network bandwith rate limit for the dfget calls in format of G(B)/g/M(B)/m/K(B)/k/B, pure number will also be parsed as Byte.

  • ensure (Wmflib::Ensure) 


26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
 
# File 'modules/dragonfly/manifests/dfdaemon.pp', line 26

class dragonfly::dfdaemon (
  Wmflib::Ensure       $ensure,
  Array[String]        $supernodes,
  Stdlib::Absolutepath $dfdaemon_ssl_cert,
  Stdlib::Absolutepath $dfdaemon_ssl_key,
  Stdlib::Fqdn         $docker_registry_fqdn,
  Array[String]        $proxy_urls_regex = ['blobs/sha256.*'],
  String               $ratelimit = '100M',
) {
  ensure_packages(['dragonfly-dfdaemon', 'dragonfly-dfget'], { 'ensure' => $ensure })

  # TODO: Custom type for supernode list
  #       host:port(default:8002)=weight(default:1)
  file { '/etc/dragonfly/dfget.yml':
    ensure  => stdlib::ensure($ensure, 'file'),
    owner   => 'root',
    group   => 'root',
    mode    => '0644',
    content => template('dragonfly/dfget.yml.erb'),
    notify  => Service['dragonfly-dfdaemon'],
  }
  file { '/etc/dragonfly/dfdaemon.yml':
    ensure  => stdlib::ensure($ensure, 'file'),
    owner   => 'root',
    group   => 'root',
    mode    => '0644',
    content => template('dragonfly/dfdaemon.yml.erb'),
    notify  => Service['dragonfly-dfdaemon'],
  }

  # Configure the docker daemon to use the local dfdaemon as https_proxy
  $proxy_host = '127.0.0.1:65001'
  systemd::unit { 'docker':
    ensure   => $ensure,
    override => true,
    restart  => true,
    content  => "[Service]\nEnvironment=\"HTTPS_PROXY=https://${proxy_host}\"",
  }

  service { 'dragonfly-dfdaemon':
    ensure  => stdlib::ensure($ensure, 'service'),
  }
}