Puppet Class: phabricator::aphlict

Defined in:
modules/phabricator/manifests/aphlict.pp

Overview

Class: phabricator::aphlict

Aphlict is the phabricator real-time notification relay service. Docs: secure.phabricator.com/book/phabricator/article/notifications/

Parameters

ensure

either present / absent

user

The user account that aphlict runs with

group

Group for the aphlict service

basedir

Phabricator base directory

enable_ssl

should ssl be enabled on the client port. Set to true to terminate tls in aphlict, set to false if tls is terminated in envoy.

sslcert

path to the ssl cert for aphlict

sslkey

path to the ssl certificate private key

sslchain

path to the ssl certificate chain file

client_port

port used for aphlict client connections (default: 22280)

client_listen

IP address to listen on for aphlict client connections (default: 0.0.0.0)

admin_port

port used for the aphlict admin interface (default: 22281)

admin_listen

IP address to listen on for the aphlict admin interface (default: 127.0.0.1)

Parameters:

  • ensure (Wmflib::Ensure)
  • user (String) (defaults to: 'aphlict')
  • group (String) (defaults to: 'aphlict')
  • basedir (Stdlib::Unixpath) (defaults to: '/srv/phab')
  • enable_ssl (Boolean) (defaults to: false)
  • sslcert (Optional[Stdlib::Unixpath]) (defaults to: undef)
  • sslkey (Optional[Stdlib::Unixpath]) (defaults to: undef)
  • sslchain (Optional[Stdlib::Unixpath]) (defaults to: undef)
  • client_port (Stdlib::Port) (defaults to: 22280)
  • client_listen (Stdlib::IP::Address) (defaults to: '0.0.0.0')
  • admin_port (Stdlib::Port) (defaults to: 22281)
  • admin_listen (Stdlib::IP::Address) (defaults to: '127.0.0.1')


44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
# File 'modules/phabricator/manifests/aphlict.pp', line 44

class phabricator::aphlict(
    Wmflib::Ensure $ensure,
    String $user = 'aphlict',
    String $group = 'aphlict',
    Stdlib::Unixpath $basedir = '/srv/phab',
    Boolean $enable_ssl = false,
    Optional[Stdlib::Unixpath] $sslcert = undef,
    Optional[Stdlib::Unixpath] $sslkey = undef,
    Optional[Stdlib::Unixpath] $sslchain = undef,
    Stdlib::Port $client_port = 22280,
    Stdlib::IP::Address $client_listen = '0.0.0.0',
    Stdlib::Port $admin_port = 22281,
    Stdlib::IP::Address $admin_listen = '127.0.0.1',
) {

    # packages
    ensure_packages('nodejs')

    # paths
    $phabdir = "${basedir}/phabricator/"
    $aphlict_dir = "${phabdir}/support/aphlict/server"
    $node_modules = "${aphlict_dir}/node_modules"
    $aphlict_conf = "${basedir}/aphlict/config.json"
    $aphlict_start_cmd = "${phabdir}bin/aphlict start --config ${aphlict_conf}"
    $aphlict_stop_cmd = "${phabdir}bin/aphlict stop --config ${aphlict_conf}"

    # Ordering
    Package['nodejs'] -> File[$aphlict_conf] ~> Service['aphlict']
    File['/var/run/aphlict/'] -> File['/var/log/aphlict/'] -> Service['aphlict']
    User[$user] -> Service['aphlict']
    File[$node_modules] ~> Service['aphlict']

    if $ensure == 'present' {
        $service_ensure = 'running'
    } else {
        $service_ensure = 'stopped'
    }


    # Defines
    file { $node_modules:
        ensure => 'link',
        target => "${basedir}/aphlict/node_modules",
    }

    file { $aphlict_conf:
        ensure  => $ensure,
        content => template('phabricator/aphlict-config.json.erb'),
        owner   => $user,
        group   => $group,
        mode    => '0644',
    }

    file { '/var/run/aphlict/':
        ensure => 'directory',
        owner  => $user,
        group  => $group,
    }

    file { '/var/log/aphlict/':
        ensure => 'directory',
        owner  => $user,
        group  => $group,
    }

    logrotate::conf { 'aphlict':
        ensure  => $ensure,
        source  => 'puppet:///modules/phabricator/logrotate_aphlict',
        require => File['/var/log/aphlict/'],
    }

    # accounts
    group { $group:
        ensure => 'present',
        system => true,
    }

    user { $user:
        gid     => $group,
        shell   => '/bin/false',
        home    => '/var/run/aphlict',
        system  => true,
        require => Group[$group],
    }

    systemd::service { 'aphlict':
        ensure         => $ensure,
        content        => systemd_template('aphlict'),
        require        => User[$user],
        service_params => {
            hasrestart => false,
        },
    }

    profile::auto_restarts::service { 'aphlict':
        ensure => $ensure,
    }
}