Puppet Class: profile::idp::standalone

Defined in:
modules/profile/manifests/idp/standalone.pp

Summary

Standalone IDP class for creating an instance in WM cloud

Overview

SPDX-LicensekIdentifier: Apache-2.0

Parameters:

  • oidc_endpoint (Stdlib::HTTPSUrl) (defaults to: lookup('apereo_cas.production.oidc_endpoint'))

    the oidc endpoint to use

  • django_secret_key (String) (defaults to: lookup('profile::idp::standalone::django_secret_key'))

    the secret key used by django

  • oidc_key (String) (defaults to: lookup('profile::idp::standalone::oidc_key'))

    the oidc key

  • oidc_secret (String) (defaults to: lookup('profile::idp::standalone::oidc_secret'))

    the oidc secret



7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
# File 'modules/profile/manifests/idp/standalone.pp', line 7

class profile::idp::standalone (
    Stdlib::HTTPSUrl $oidc_endpoint     = lookup('apereo_cas.production.oidc_endpoint'),
    String           $django_secret_key = lookup('profile::idp::standalone::django_secret_key'),
    String           $oidc_key          = lookup('profile::idp::standalone::oidc_key'),
    String           $oidc_secret       = lookup('profile::idp::standalone::oidc_secret'),
) {
  ensure_packages(['python3-venv'])
  # Standard stuff
  include profile::base::production
  include profile::base::firewall

  # configure database
  include profile::mariadb::packages_wmf
  class { 'mariadb::service': }
  class { 'mariadb::config':
    basedir => '/usr',
    config  => 'role/mariadb/mysqld_config/misc.my.cnf.erb',
    datadir => '/srv/sqldata',
  }
  # TODO: configure openldap
  #  https://wikitech.wikimedia.org/wiki/Standalone-slapd

  # configure IDP
  include profile::idp
  include profile::java
  # Set up test web application
  ['idp_test_login', 'django_oidc'].each |$idx, $app| {
    $wsgi_file = "/srv/${app}/wsgi.py"
    $venv_path = $wsgi_file.dirname

    file { $venv_path:
        ensure  => directory,
        recurse => remote,
        owner   => 'www-data',
        source  => "puppet:///modules/profile/idp/standalone/${app}",
    }
    exec { "create virtual environment ${venv_path}":
        command => "/usr/bin/python3 -m venv ${venv_path}",
        creates => "${venv_path}/bin/activate",
        require => [
            File[$venv_path],
            Package['python3-venv'],
        ],
    }
    exec { "install requirements to ${venv_path}":
        command => "${venv_path}/bin/pip3 install -r ${venv_path}/requirements.txt",
        creates => "${venv_path}/lib/python3.9/site-packages/social_core/__init__.py",
        require => Exec["create virtual environment ${venv_path}"],
    }
    $port = 8081 + $idx
    uwsgi::app { $app:
        settings => {
        uwsgi => {
            'plugins'     => 'python3',
            'chdir'       => $venv_path,
            'venv'        => $venv_path,
            'master'      => true,
            'http-socket' => "127.0.0.1:${port}",
            'wsgi-file'   => $wsgi_file,
            'die-on-term' => true,
        },
        },
    }
  }
  $config = @("CONFIG")
  ALLOWED_HOSTS = ['localhost', 'sso-django-login.wmcloud.org']
  SECRET_KEY = "${django_secret_key}"
  SOCIAL_AUTH_OIDC_OIDC_ENDPOINT = "${oidc_endpoint}"
  SOCIAL_AUTH_OIDC_KEY = "${oidc_key}"
  SOCIAL_AUTH_OIDC_SECRET = "${oidc_secret}"
  | CONFIG
  file { '/srv/django_oidc/oidc_auth/db.sqlite3':
      ensure => file,
      owner  => 'www-data',
  }
  file { '/srv/django_oidc/oidc_auth/local_settings.py':
      ensure  => file,
      content => $config,
      notify  => Service['uwsgi-django_oidc'],
  }

  class { 'httpd': modules => ['proxy_http', 'proxy'] }
  include profile::idp::client::httpd
  ferm::service { 'http-idp-test-login':
    proto => 'tcp',
    port  => 80,
  }
}