Puppet Class: profile::conftool::client

Defined in:
modules/profile/manifests/conftool/client.pp

Overview

Class profile::conftool::client

Configures a server to be a conftool client, setting up

  • The etcd client configuration in /etc/etcd/etcdrc

  • The conftool client configuration

  • The etcd credentials for the root user in /root/.etcdrc

Parameters

Parameters:

  • srv_domain (Stdlib::Host) (defaults to: lookup('etcd_client_srv_domain'))
  • namespace (Stdlib::Unixpath) (defaults to: dirname(lookup('conftool_prefix')))
  • tcpircbot_host (Stdlib::Host) (defaults to: lookup('tcpircbot_host'))
  • tcpircbot_port (Stdlib::Port) (defaults to: lookup('tcpircbot_port'))
  • host (Optional[Stdlib::Host]) (defaults to: lookup('etcd_host', {'default_value' => undef}))
  • port (Optional[Stdlib::Port]) (defaults to: lookup('etcd_port', {'default_value' => undef}))
  • pool_pwd_seed (String) (defaults to: lookup('etcd::autogen_pwd_seed'))
  • etcd_user (String) (defaults to: lookup('profile::conftool::client::etcd_user', {'default_value' => '__auto__'}))


21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
# File 'modules/profile/manifests/conftool/client.pp', line 21

class profile::conftool::client(
    Stdlib::Host           $srv_domain     = lookup('etcd_client_srv_domain'),
    Stdlib::Unixpath       $namespace      = dirname(lookup('conftool_prefix')),
    Stdlib::Host           $tcpircbot_host = lookup('tcpircbot_host'),
    Stdlib::Port           $tcpircbot_port = lookup('tcpircbot_port'),
    Optional[Stdlib::Host] $host           = lookup('etcd_host', {'default_value' => undef}),
    Optional[Stdlib::Port] $port           = lookup('etcd_port', {'default_value' => undef}),
    String                 $pool_pwd_seed  = lookup('etcd::autogen_pwd_seed'),
    String                 $etcd_user      = lookup('profile::conftool::client::etcd_user', {'default_value' => '__auto__'})
) {
    if os_version('debian >= stretch') {
        $socks_pkg = 'python-socks'
    } else {
        $socks_pkg = 'python-pysocks'
    }

    $conftool_pkg = 'python3-conftool'

    require_package(
        $conftool_pkg,
        $socks_pkg,
    )

    require ::passwords::etcd

    # This is the configuration shared by all users.
    class { '::etcd::client::globalconfig':
        srv_domain => $srv_domain,
        host       => $host,
        port       => $port,
    }

    if $etcd_user != '__auto__' {
        $user = $etcd_user
        $pwd = $::passwords::etcd::accounts[$etcd_user]
        $conftool_cluster = undef
    } else {
        # When autogenerating the password, use conftool as a fallback if we're not in a LVS cluster.
        $user = 'conftool'
        $pwd = $::passwords::etcd::accounts['conftool']
        # determine which conftool cluster we're part of, if any.
        $module_path = get_module_path('profile')
        $site_nodes = loadyaml("${module_path}/../../conftool-data/node/${::site}.yaml")[$::site]
        $conftool_clusters = $site_nodes.filter |$cl, $pools| {
            $::fqdn in $pools.keys()
        }
        .map |$cl, $pools| { $cl }.unique()
        # if we found one and only one cluster, install the cluster-site specifc credentials
        if $conftool_clusters.length() == 1 {
            $conftool_cluster = $conftool_clusters[0]
        } else {
            $conftool_cluster = undef
        }
    }

    # This is the configuration for the user root will access.
    ::etcd::client::config { '/root/.etcdrc':
        settings => conftool::cluster_credentials($user, $pwd, $pool_pwd_seed, $conftool_cluster)
    }

    class  { '::conftool::config':
        namespace      => $namespace,
        tcpircbot_host => $tcpircbot_host,
        tcpircbot_port => $tcpircbot_port,
        hosts          => [],
    }

    # Conftool schema. Let's assume we will only have one.
    file { '/etc/conftool/schema.yaml':
        ensure => present,
        source => 'puppet:///modules/profile/conftool/schema.yaml',
        owner  => 'root',
        group  => 'root',
        mode   => '0444',
    }

    # json schemas container
    file {'/etc/conftool/json-schema/':
        ensure  => directory,
        source  => 'puppet:///modules/profile/conftool/json-schema/',
        owner   => 'root',
        group   => 'root',
        mode    => '0555',
        recurse => true,
    }
}