Puppet Class: profile::homer

Defined in:

modules/profile/manifests/homer.pp

Overview

Parameters:

• nb_ro_token (String) (defaults to: lookup('profile::netbox::ro_token'))
• nb_api (Stdlib::HTTPSUrl) (defaults to: lookup('netbox_api_url'))
• private_git_peer (Optional[Stdlib::Host]) (defaults to: lookup('profile::homer::private_git_peer'))
• diff_timer_interval (Optional[String[1]]) (defaults to: lookup('profile::homer::diff_timer_interval'))
• disable_homer (Optional[Boolean]) (defaults to: lookup('profile::homer::disable', {'default_value' => false}))

# File 'modules/profile/manifests/homer.pp', line 6

class profile::homer (
    String $nb_ro_token = lookup('profile::netbox::ro_token'),
    Stdlib::HTTPSUrl $nb_api = lookup('netbox_api_url'),
    Optional[Stdlib::Host] $private_git_peer = lookup('profile::homer::private_git_peer'),
    Optional[String[1]] $diff_timer_interval = lookup('profile::homer::diff_timer_interval'),
    Optional[Boolean] $disable_homer = lookup('profile::homer::disable', {'default_value' => false}),
){

    unless $disable_homer {

        class { 'python_deploy::venv':
            project_name => 'homer',
            deploy_user  => 'deploy-homer',
        }

        keyholder::agent { 'homer':
            trusted_groups => ['ops', 'root'],
        }

        class { 'homer':
            private_git_peer => $private_git_peer,
            nb_token         => $nb_ro_token,
            nb_api           => $nb_api,
        }

        file { '/usr/local/sbin/check-homer-diff':
            ensure  => present,
            owner   => 'root',
            group   => 'root',
            mode    => '0544',
            source  => 'puppet:///modules/profile/homer/check_homer_diff.sh',
            require => Class['homer'],
        }

        if $disable_homer {
            $check_homer_diff_ensure = absent
        } else {
            $check_homer_diff_ensure = $diff_timer_interval  ? {
                undef   => absent,
                default => present,
            }
        }

        # If unset set a fixed value in the past just to pass validation by systemd-analyze calendar
        # as the timer will be absented in this case and interval is a required parameter.
        $effective_diff_timer_interval = pick($diff_timer_interval, '2021-01-01')

        systemd::timer::job { 'check-homer-diff':
            ensure      => $check_homer_diff_ensure,
            description => 'Check if any network device has a live config that differs from the code-defined one',
            command     => '/usr/local/sbin/check-homer-diff',
            interval    => {
                'start'    => 'OnCalendar',
                'interval' => $effective_diff_timer_interval,
            },
            user        => 'root',  # Needed to access the keyholder SSH key
            require     => File['/usr/local/sbin/check-homer-diff'],
        }
    }
}