Puppet Class: profile::cache::purge

Defined in:
modules/profile/manifests/cache/purge.pp

Overview

Parameters:

  • frontend_addr (Optional[String]) (defaults to: lookup('profile::cache::purge::frontend_addr', {'default_value' => undef}))
  • backend_addr (Optional[String]) (defaults to: lookup('profile::cache::purge::backend_addr', {'default_value' => undef}))
  • host_regex (Optional[String]) (defaults to: lookup('profile::cache::purge::host_regex', {'default_value' => undef}))
  • kafka_topics (Array[String]) (defaults to: lookup('profile::cache::purge::kafka_topics', {'default_value' => []}))
  • kafka_tls (Boolean) (defaults to: lookup('profile::cache::purge::kafka_tls', {'default_value' => false}))
  • kafka_cluster_name (String) (defaults to: lookup('profile::cache::purge::kafka_cluster_name', {'default_value' => 'main-eqiad'}))
  • tls_key_password (Optional[String]) (defaults to: lookup('profile::cache::purge::tls_key_password', {'default_value' => undef}))
  • use_pki (Boolean) (defaults to: lookup('profile::cache::purge::use_pki', {'default_value' => false})) 


4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
 
# File 'modules/profile/manifests/cache/purge.pp', line 4

class profile::cache::purge(
    Optional[String] $frontend_addr = lookup('profile::cache::purge::frontend_addr', {'default_value' => undef}),
    Optional[String] $backend_addr = lookup('profile::cache::purge::backend_addr', {'default_value' => undef}),
    Optional[String] $host_regex = lookup('profile::cache::purge::host_regex', {'default_value' => undef}),
    Array[String] $kafka_topics = lookup('profile::cache::purge::kafka_topics', {'default_value' => []}),
    Boolean $kafka_tls = lookup('profile::cache::purge::kafka_tls', {'default_value' => false}),
    String $kafka_cluster_name = lookup('profile::cache::purge::kafka_cluster_name', {'default_value' => 'main-eqiad'}),
    Optional[String] $tls_key_password = lookup('profile::cache::purge::tls_key_password', {'default_value' => undef}),
    Boolean $use_pki = lookup('profile::cache::purge::use_pki', {'default_value' => false}),
){
    $kafka_ensure = $kafka_topics ? {
        []      => 'absent',
        default => 'present'
    }
    if $kafka_topics != [] {
        $kafka_conf = kafka_config($kafka_cluster_name)

        $brokers = $kafka_tls ? {
            false => $kafka_conf['brokers']['string'].split(','),
            default => $kafka_conf['brokers']['ssl_array']
        }
    } else {
        $brokers = []
    }

    # KAFKA TLS SETUP
    $base_dir = '/etc/purged'
    $tls_dir = "${base_dir}/ssl"
    $tls_private_dir = "${tls_dir}/private"
    file { $base_dir:
        ensure => 'directory',
        owner  => 'root',
        group  => 'root',
        mode   => '0555'
    }
    $cipher_suites = 'ECDHE-ECDSA-AES256-GCM-SHA384'
    $curves_list = 'P-256'
    $sigalgs_list = 'ECDSA+SHA256'
    if $kafka_tls and $kafka_topics != [] {
        if $use_pki {
            file { $tls_dir:
                ensure => 'directory',
                owner  => 'root',
                group  => 'root',
                mode   => '0555'
            }

            file { $tls_private_dir:
                ensure => 'directory',
                owner  => 'root',
                group  => 'root',
                mode   => '0500'
            }

            $tls_paths = profile::pki::get_cert('discovery',
            'purged',
            {
              'owner'           => 'root',
              'group'           => 'root',
              'notify_services' => ['purged'],
              'outdir'          => $tls_dir,
            })

            $tls_key = $tls_paths['key']
            $tls_cert = $tls_paths['cert']
        } else {
            $tls_key = "${tls_private_dir}/purged.key.pem"
            $tls_cert = "${tls_dir}/purged.crt.pem"
            file { $tls_dir:
                ensure => 'directory',
                owner  => 'root',
                group  => 'root',
                mode   => '0555'
            }

            file { $tls_private_dir:
                ensure => 'directory',
                owner  => 'root',
                group  => 'root',
                mode   => '0500'
            }
            file { $tls_key:
                ensure  => 'present',
                content => secret('certificates/purged/purged.key.private.pem'),
                owner   => 'root',
                group   => 'root',
                mode    => '0400',
                before  => Service['purged']
            }

            file { $tls_cert:
                ensure  => 'present',
                content => secret('certificates/purged/purged.crt.pem'),
                owner   => 'root',
                group   => 'root',
                mode    => '0444',
                before  => Service['purged']
            }
        }
    }
    $tls_settings = {
            'ca_location'          => '/etc/ssl/certs/wmf-ca-certificates.crt',
            'key_location'         => $tls_key,
            'key_password'         => $tls_key_password,
            'certificate_location' => $tls_cert,
            'cipher_suites'        => $cipher_suites,
            'curves_list'          => $curves_list,
            'sigalgs_list'         => $sigalgs_list
    }


    $prometheus_port = 2112

    class { 'purged':
        backend_addr     => $backend_addr,
        frontend_addr    => $frontend_addr,
        prometheus_addr  => ":${prometheus_port}",
        frontend_workers => 4,
        backend_workers  => $::processorcount,
        is_active        => true,
        host_regex       => $host_regex,
        kafka_topics     => $kafka_topics,
        brokers          => $brokers,
        tls              => $tls_settings,
        kafka_conf_file  => "${base_dir}/purged-kafka.conf"
    }
}