Puppet Class: ip_reputation_vendors

Defined in:: modules/ip_reputation_vendors/manifests/init.pp

Summary

class to install automatic updataing of the public_clous.json netmapper file

Overview

SPDX-License-Identifier: Apache-2.0

Parameters:

ensure (Wmflib::Ensure) (defaults to: 'present') —

ensurable
user (String[1]) (defaults to: 'ip-reputation-fetcher') —

user to use for downloading file
group (String[1]) (defaults to: 'root') —

to use for file permissions
manage_user (Boolean) (defaults to: true) —

set to false if the user is managed elsewhere
proxy_families (Array[String]) (defaults to: []) —

the proxy families to donwload information about
outfile (Stdlib::Unixpath) (defaults to: '/srv/ip_reputation_vendors/proxies.json') —

location to write the results
http_proxy (Optional[Stdlib::HTTPUrl]) (defaults to: undef) —

http proxy server to use will be used for both http and https
configuration (Hash[String, Any]) (defaults to: {})

# File 'modules/ip_reputation_vendors/manifests/init.pp', line 10

class ip_reputation_vendors (
    Wmflib::Ensure            $ensure         = 'present',
    String[1]                 $user           = 'ip-reputation-fetcher',
    String[1]                 $group          = 'root',
    Boolean                   $manage_user    = true,
    Array[String]             $proxy_families = [],
    Hash[String, Any]         $configuration  = {},
    Stdlib::Unixpath          $outfile        = '/srv/ip_reputation_vendors/proxies.json',
    Optional[Stdlib::HTTPUrl] $http_proxy     = undef,
) {
    ensure_packages(['python3-netaddr', 'python3-requests'])
    if $manage_user {
        systemd::sysuser { $user:
            description => 'User designed for downloading external ip reputation data',
            before      => [
                File[$outfile.dirname(), $outfile, '/usr/local/bin/fetch-ip-reputation-vendors'],
                Systemd::Timer::Job['dump_ip_reputation']
            ],
        }
    }
    $environment = $http_proxy ? {
        undef   => {},
        default => Hash( ['http_proxy', 'https_proxy' ].map |$env| {[$env, $http_proxy, $env.upcase, $http_proxy]}.flatten)
    }
    file { $outfile.dirname():
        ensure => stdlib::ensure($ensure, 'directory'),
        owner  => $user,
        group  => $group,
    }
    file { '/usr/local/bin/fetch-ip-reputation-vendors':
        ensure => stdlib::ensure($ensure, 'file'),
        mode   => '0554',
        owner  => $user,
        group  => $group,
        source => 'puppet:///modules/ip_reputation_vendors/fetch_ip_reputation_vendors.py',
    }

    $config_file = '/etc/fetch-ip-reputation-vendors.config'
    file { $config_file:
        ensure  => stdlib::ensure($ensure, 'file'),
        mode    => '0554',
        owner   => $user,
        group   => $group,
        content => to_json($configuration),
        before  => Systemd::Timer::Job['dump_ip_reputation']
    }

    # Directory where to download and uncompress the feed
    $datadir = '/srv/dataimport'
    file { $datadir:
        ensure => stdlib::ensure($ensure, 'directory'),
        owner  => $user,
        group  => $group,
    }

    file { $outfile:
        ensure  => stdlib::ensure($ensure, 'file'),
        mode    => '0644',
        owner   => $user,
        group   => $group,
        # set replace false to ensure we only create content if no file already exists
        replace => false,
        content => '{}',
    }
    $opts = $proxy_families.join(' ')
    $command = "/usr/local/bin/fetch-ip-reputation-vendors -vv --datadir ${datadir} -c ${config_file} -o ${outfile} ${opts}"
    systemd::timer::job { 'dump_ip_reputation':
        ensure            => $ensure,
        command           => $command,
        description       => 'Job to update ip reputation data',
        user              => $user,
        logging_enabled   => true,
        syslog_identifier => 'fetch-ip-reputation-vendors',
        environment       => $environment,
        interval          => {'start' => 'OnCalendar', 'interval' => 'daily'},
    }
}