Puppet Class: profile::archiva
- Defined in:
- modules/profile/manifests/archiva.pp
Overview
SPDX-License-Identifier: Apache-2.0 Class: profile::archiva
Installs Apache Archiva and sets up a systemd timer to symlink .jar files to a git-fat store.
6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 |
# File 'modules/profile/manifests/archiva.pp', line 6
class profile::archiva(
$enable_backup = lookup('profile::archiva::enable_backup', { 'default_value' => false }),
$contact_groups = lookup('profile::archiva::contact_groups', { 'default_value' => 'team-data-platform' }),
) {
# needed by ssl_ciphersuite() used in ::archiva::proxy
class { '::sslcert::dhparam': }
class { '::archiva':
user_database_base_dir => '/srv/archiva',
}
# The rsync daemon module will chroot to this directory
$archiva_path = '/var/lib/archiva'
# git-fat symlinks will be created here.
$archiva_gitfat_path = "${archiva_path}/git-fat"
# We want symlinks to be created with relative paths
# so that the rsync daemon module's chroot will work
# properly with symlinks. All symlinks and targets
# must be relative and within the rsync module for
# this to work. This path is relative to the
# directory in which git-fat links are created
# ($archiva_git_fat_path).
$archiva_repository_path = '../repositories'
file { $archiva_gitfat_path:
ensure => 'directory',
owner => 'archiva',
group => 'archiva',
}
# install script to symlink archiva .jars into a git-fat store
file { '/usr/local/bin/archiva-gitfat-link':
source => 'puppet:///modules/archiva/archiva-gitfat-link',
mode => '0555',
}
$link_command = "cd ${archiva_gitfat_path} && /usr/local/bin/archiva-gitfat-link ${archiva_repository_path} ."
systemd::timer::job { 'archiva-gitfat-link':
description => 'Archiva tool to create jar symlinks using their sha1 checksum as filename.',
command => "/bin/bash -c '${link_command}'",
interval => {
'start' => 'OnCalendar',
'interval' => '*-*-* *:00/5:00',
},
logfile_basedir => '/var/log/archiva',
logfile_name => 'archiva-gitfat-link.log',
syslog_identifier => 'archiva-gitfat-link',
user => 'archiva',
monitoring_enabled => true,
monitoring_contact_groups => $contact_groups,
}
# This uses modules/rsync to set up an rsync daemon service.
# An empty address field will allow rsync to bind to IPv6/4
# interfaces.
class { '::rsync::server':
address => '',
}
# Set up an rsync module so that anybody
# can rsync read from $gitfat_archiva_path.
# The git fat store will be available at:
# hostname::archiva/git-fat
rsync::server::module { 'archiva':
path => $archiva_path,
read_only => 'yes',
uid => 'nobody',
gid => 'nogroup',
}
# Bacula backups for /var/lib/archiva.
if $enable_backup {
include ::profile::backup::host
backup::set { 'var-lib-archiva':
require => Class['::archiva']
}
}
# Archiva's rsync has no srange restrictions since git-fat uses rsync,
# and it must be (read-only) reachable from everywhere. This is particularly
# noticeable in set ups where Archiva is exposed to the public Internet,
# since local set ups would not be able to pull dependencies if rsync
# wasn't properly exposed.
ferm::service { 'archiva_rsync':
proto => 'tcp',
port => '873',
}
}
|