Puppet Class: profile::acme_chief::cloud
- Defined in:
- modules/profile/manifests/acme_chief/cloud.pp
Overview
SPDX-License-Identifier: Apache-2.0
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 |
# File 'modules/profile/manifests/acme_chief/cloud.pp', line 2
class profile::acme_chief::cloud (
String $active_host = lookup('profile::acme_chief::active'),
Variant[String, Array[Stdlib::Fqdn]] $passive_host = lookup('profile::acme_chief::passive'),
String $designate_sync_auth_url = lookup('profile::acme_chief::cloud::designate_sync_auth_url'),
String $designate_sync_username = lookup('profile::acme_chief::cloud::designate_sync_username'),
String $designate_sync_password = lookup('profile::acme_chief::cloud::designate_sync_password'),
Array[String] $designate_sync_project_names = lookup('profile::acme_chief::cloud::designate_sync_project_names'),
String $designate_sync_region_name = lookup('profile::acme_chief::cloud::designate_sync_region_name'),
Boolean $designate_sync_tidyup_enabled = lookup('profile::acme_chief::cloud::designate_sync_tidyup_enabled'),
) {
$passive_hosts = [$passive_host].flatten()
if $::fqdn in $passive_hosts {
$active_host_ip = ipresolve($active_host, 4, $::nameservers[0])
security::access::config { 'acme-chief':
content => "+ : acme-chief : ${active_host_ip}\n",
priority => 60,
}
}
ensure_packages(['python3-keystoneauth1', 'python3-designateclient'])
file { '/usr/local/bin/acme-chief-designate-sync.py':
ensure => present,
owner => 'acme-chief',
group => 'acme-chief',
mode => '0544',
require => [
Package['acme-chief'],
Package['python3-keystoneauth1'],
Package['python3-designateclient'],
],
source => 'puppet:///modules/acme_chief/designate-sync.py'
}
file { '/usr/local/bin/acme-chief-designate-tidyup.py':
ensure => present,
owner => 'acme-chief',
group => 'acme-chief',
mode => '0544',
require => [
Package['acme-chief'],
Package['python3-keystoneauth1'],
Package['python3-designateclient'],
],
source => 'puppet:///modules/acme_chief/designate-tidyup.py'
}
file { '/usr/local/bin/acme-chief-designate-tidyup.sh':
ensure => present,
owner => 'acme-chief',
group => 'acme-chief',
mode => '0544',
source => 'puppet:///modules/acme_chief/designate-tidyup.sh'
}
$ensure_tidyup = ($designate_sync_tidyup_enabled and $::fqdn == $active_host)? {
true => present,
default => absent,
}
systemd::timer::job { 'acme-chief-designate-tidyup':
ensure => $ensure_tidyup,
description => 'Regular jobs to run the designate tidyup script',
user => 'acme-chief',
command => '/usr/local/bin/acme-chief-designate-tidyup.sh',
interval => {'start' => 'OnCalendar', 'interval' => '*-*-* *:00:00'},
require => [
File['/usr/local/bin/acme-chief-designate-tidyup.py'],
File['/usr/local/bin/acme-chief-designate-tidyup.sh'],
],
}
file { '/etc/acme-chief/designate-sync-config.yaml':
ensure => present,
owner => 'acme-chief',
group => 'acme-chief',
mode => '0400',
content => to_yaml({
'OS_AUTH_URL' => $designate_sync_auth_url,
'OS_USERNAME' => $designate_sync_username,
'OS_PASSWORD' => $designate_sync_password,
'OS_PROJECT_NAMES' => $designate_sync_project_names,
'OS_REGION_NAME' => $designate_sync_region_name
})
}
file { '/usr/local/bin/create_acme_le_account.py':
ensure => present,
owner => 'root',
group => 'root',
mode => '0544',
require => [
Package['acme-chief'],
Package['python3-keystoneauth1'],
Package['python3-designateclient'],
],
content => template('acme_chief/create_acme_le_account.py.erb'),
}
}
|