Puppet Class: profile::hue

Defined in:
modules/profile/manifests/hue.pp

Overview

Class profile::hue

Installs Hue server.

Parameters:

  • hive_server_host (Any) (defaults to: hiera('profile::hue::hive_server_host'))
  • database_host (Any) (defaults to: hiera('profile::hue::database_host'))
  • ldap_config (Any) (defaults to: lookup('ldap', Hash, hash, {}))
  • ldap_base_dn (Any) (defaults to: hiera('profile::hue::ldap_base_dn', 'dc=wikimedia,dc=org'))
  • database_engine (Any) (defaults to: hiera('profile::hue::database_engine', 'mysql'))
  • database_user (Any) (defaults to: hiera('profile::hue::database_user', 'hue'))
  • database_password (Any) (defaults to: hiera('profile::hue::database_password', 'hue'))
  • session_secret_key (Any) (defaults to: hiera('profile::hue::session_secret_key', undef))
  • database_port (Any) (defaults to: hiera('profile::hue::database_port', 3306))
  • database_name (Any) (defaults to: hiera('profile::hue::database_name', 'hue'))
  • ldap_create_users_on_login (Any) (defaults to: hiera('profile::hue::ldap_create_users_on_login', false))
  • monitoring_enabled (Any) (defaults to: hiera('profile::hue::monitoring_enabled', false))
  • kerberos_keytab (Any) (defaults to: hiera('profile::hue::kerberos_keytab', undef))
  • kerberos_principal (Any) (defaults to: hiera('profile::hue::kerberos_principal', undef))
  • kerberos_kinit_path (Any) (defaults to: hiera('profile::hue::kerberos_kinit_path', undef))
  • use_yarn_ssl_config (Any) (defaults to: hiera('profile::hue::use_yarn_ssl_config', false))
  • use_hdfs_ssl_config (Any) (defaults to: hiera('profile::hue::use_hdfs_ssl_config', false))
  • use_mapred_ssl_config (Any) (defaults to: hiera('profile::hue::use_mapred_ssl_config', false))
  • oozie_security_enabled (Any) (defaults to: hiera('profile::hue::oozie_security_enabled', false))
  • enable_cas (Boolean) (defaults to: lookup('profile::hue::enable_cas'))


5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
# File 'modules/profile/manifests/hue.pp', line 5

class profile::hue (
    $hive_server_host           = hiera('profile::hue::hive_server_host'),
    $database_host              = hiera('profile::hue::database_host'),
    $ldap_config                = lookup('ldap', Hash, hash, {}),
    $ldap_base_dn               = hiera('profile::hue::ldap_base_dn', 'dc=wikimedia,dc=org'),
    $database_engine            = hiera('profile::hue::database_engine', 'mysql'),
    $database_user              = hiera('profile::hue::database_user', 'hue'),
    $database_password          = hiera('profile::hue::database_password', 'hue'),
    $session_secret_key         = hiera('profile::hue::session_secret_key', undef),
    $database_port              = hiera('profile::hue::database_port', 3306),
    $database_name              = hiera('profile::hue::database_name', 'hue'),
    $ldap_create_users_on_login = hiera('profile::hue::ldap_create_users_on_login', false),
    $monitoring_enabled         = hiera('profile::hue::monitoring_enabled', false),
    $kerberos_keytab            = hiera('profile::hue::kerberos_keytab', undef),
    $kerberos_principal         = hiera('profile::hue::kerberos_principal', undef),
    $kerberos_kinit_path        = hiera('profile::hue::kerberos_kinit_path', undef),
    $use_yarn_ssl_config        = hiera('profile::hue::use_yarn_ssl_config', false),
    $use_hdfs_ssl_config        = hiera('profile::hue::use_hdfs_ssl_config', false),
    $use_mapred_ssl_config      = hiera('profile::hue::use_mapred_ssl_config', false),
    $oozie_security_enabled     = hiera('profile::hue::oozie_security_enabled', false),
    Boolean $enable_cas         = lookup('profile::hue::enable_cas'),
){

    # Require that all Hue applications
    # have their corresponding clients
    # and configs installed.
    # Include Hadoop ecosystem client classes.
    require ::profile::hadoop::common
    require ::profile::hadoop::httpd
    require ::profile::hive::client
    require ::profile::oozie::client

    require ::profile::analytics::httpd::utils

    # These don't require any extra configuration,
    # so no role class is needed.
    class { '::cdh::sqoop': }
    class { '::cdh::mahout': }

    class { '::passwords::ldap::production': }

    # For snappy support with Hue.
    require_package('python-snappy')

    class { '::cdh::hue':
        # We always host hive-server on the same node as hive-metastore.
        hive_server_host           => $hive_server_host,
        smtp_host                  => 'localhost',
        database_host              => $database_host,
        database_user              => $database_user,
        database_password          => $database_password,
        database_engine            => $database_engine,
        database_name              => $database_name,
        database_port              => $database_port,
        secret_key                 => $session_secret_key,
        smtp_from_email            => "hue@${::fqdn}",
        ldap_url                   => "ldaps://${ldap_config[ro-server]}",
        ldap_bind_dn               => "cn=proxyagent,ou=profile,${ldap_base_dn}",
        ldap_bind_password         => $passwords::ldap::production::proxypass,
        ldap_base_dn               => $ldap_base_dn,
        ldap_username_pattern      => 'uid=<username>,ou=people,dc=wikimedia,dc=org',
        ldap_user_filter           => 'objectclass=person',
        ldap_user_name_attr        => 'uid',
        ldap_group_filter          => 'objectclass=posixgroup',
        ldap_group_member_attr     => 'member',
        ldap_create_users_on_login => $ldap_create_users_on_login,
        # Disable hue's SSL.  SSL terminiation is handled by an upstream proxy.
        ssl_private_key            => false,
        ssl_certificate            => false,
        secure_proxy_ssl_header    => true,
        oozie_security_enabled     => $oozie_security_enabled,
        kerberos_keytab            => $kerberos_keytab,
        kerberos_principal         => $kerberos_principal,
        kerberos_kinit_path        => $kerberos_kinit_path,
        use_yarn_ssl_config        => $use_yarn_ssl_config,
        use_hdfs_ssl_config        => $use_hdfs_ssl_config,
        use_mapred_ssl_config      => $use_mapred_ssl_config,
    }

    # Include icinga alerts if production realm.
    if $monitoring_enabled {
        nrpe::monitor_service { 'hue-cherrypy':
            description   => 'Hue CherryPy python server',
            nrpe_command  => '/usr/lib/nagios/plugins/check_procs -c 1:1 -C python2.7 -a "/usr/lib/hue/build/env/bin/hue runcherrypyserver"',
            contact_group => 'analytics',
            require       => Class['cdh::hue'],
            notes_url     => 'https://wikitech.wikimedia.org/wiki/Analytics/Cluster/Hue/Administration',
        }
        if $kerberos_kinit_path {
            nrpe::monitor_service { 'hue-kt-renewer':
                description   => 'Hue Kerberos keytab renewer',
                nrpe_command  => '/usr/lib/nagios/plugins/check_procs -c 1:1 -C python2.7 -a "/usr/lib/hue/build/env/bin/hue kt_renewer"',
                contact_group => 'analytics',
                require       => Class['cdh::hue'],
                notes_url     => 'https://wikitech.wikimedia.org/wiki/Analytics/Cluster/Hue/Administration',
            }
        }
    }

    # Vhost proxy to Hue app server.
    # This is not for LDAP auth, LDAP is done by Hue itself.

    $server_name = $::realm ? {
        'production' => 'hue.wikimedia.org',
        'labs'       => "hue-${::labsproject}.${::site}.wmflabs",
    }

    $hue_port = $::cdh::hue::http_port

    if $enable_cas {
        class {'profile::idp::client::httpd':
            vhost_settings => { 'hue_port' => $hue_port },
        }
    } else {
        httpd::site { $server_name:
            content => template('profile/hue/hue.vhost.erb'),
            require => File['/var/www/health_check'],
        }
    }
}