Puppet Class: profile::kibana::httpd_proxy

Defined in:
modules/profile/manifests/kibana/httpd_proxy.pp

Overview

Class: profile::kibana::httpd_proxy

Provisions Authentication for Kibana

Parameters:

  • $vhost: Apache vhost name

  • $serveradmin: Email address for contacting server administrator

  • $auth_type: Vhost auth type. One of ldap, local, none

  • $require_ssl: Require SSL connection to vhost?

  • $auth_realm: HTTP basic auth realm description

  • $auth_file: Path to htpasswd file for $auth_type == 'local'

  • $ldap_authurl: AuthLDAPURL for $auth_type == 'ldap'

  • $ldap_binddn: AuthLDAPBindDN for $auth_type == 'ldap'

  • $ldap_groups: List of ldap-group names for $auth_type == 'ldap'

filtertags: labs-project-deployment-prep

Parameters:

  • vhost (String) (defaults to: lookup('profile::kibana::httpd_proxy::vhost'))
  • serveradmin (String) (defaults to: lookup('profile::kibana::httpd_proxy::serveradmin'))
  • auth_type (Enum['ldap','local','none']) (defaults to: lookup('profile::kibana::httpd_proxy::auth_type'))
  • require_ssl (Boolean) (defaults to: lookup('profile::kibana::httpd_proxy::require_ssl', { 'default_value' => true }))
  • auth_realm (Optional[String]) (defaults to: lookup('profile::kibana::httpd_proxy::auth_realm', { 'default_value' => undef }))
  • auth_file (Optional[String]) (defaults to: lookup('profile::kibana::httpd_proxy::auth_file', { 'default_value' => undef }))
  • ldap_authurl (Optional[String]) (defaults to: lookup('profile::kibana::httpd_proxy::ldap_authurl', { 'default_value' => undef }))
  • ldap_binddn (Optional[String]) (defaults to: lookup('profile::kibana::httpd_proxy::ldap_binddn', { 'default_value' => undef }))
  • ldap_groups (Optional[Array[String]]) (defaults to: lookup('profile::kibana::httpd_proxy::ldap_groups', { 'default_value' => [] }))


19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
# File 'modules/profile/manifests/kibana/httpd_proxy.pp', line 19

class profile::kibana::httpd_proxy (
    String $vhost                          = lookup('profile::kibana::httpd_proxy::vhost'),
    String $serveradmin                    = lookup('profile::kibana::httpd_proxy::serveradmin'),
    Enum['ldap','local','none'] $auth_type = lookup('profile::kibana::httpd_proxy::auth_type'),
    Boolean $require_ssl                   = lookup('profile::kibana::httpd_proxy::require_ssl', { 'default_value' => true }),
    Optional[String] $auth_realm           = lookup('profile::kibana::httpd_proxy::auth_realm', { 'default_value' => undef }),
    Optional[String] $auth_file            = lookup('profile::kibana::httpd_proxy::auth_file', { 'default_value' => undef }),
    Optional[String] $ldap_authurl         = lookup('profile::kibana::httpd_proxy::ldap_authurl', { 'default_value' => undef }),
    Optional[String] $ldap_binddn          = lookup('profile::kibana::httpd_proxy::ldap_binddn', { 'default_value' => undef }),
    Optional[Array[String]] $ldap_groups   = lookup('profile::kibana::httpd_proxy::ldap_groups', { 'default_value' => [] }),
) {

    include profile::idp::client::httpd

    $httpd_base_modules = ['proxy_http',
                        'proxy',
                        'alias',
                        'headers',
                        'rewrite']

    if $auth_type == 'ldap' {
        $httpd_extra_modules = ['authnz_ldap']
        include ::passwords::ldap::production

        # FIXME: move this into hiera config
        $ldap_bindpass = $passwords::ldap::production::proxypass

    } elsif $auth_type == 'local' {
        $httpd_extra_modules = ['authz_groupfile', 'authz_user']

    } elsif $auth_type == 'none' {
        $httpd_extra_modules = []

    }

    $httpd_modules = concat($httpd_base_modules, $httpd_extra_modules)

    class { '::httpd':
        modules => $httpd_modules,
    }

    $apache_auth = template("profile/kibana/httpd_proxy/apache-auth-${auth_type}.erb")

    if $auth_type != 'none' {
      ferm::service { 'kibana_frontend':
          proto   => 'tcp',
          port    => 80,
          notrack => true,
          srange  => '$DOMAIN_NETWORKS',
      }
    }

    httpd::site { $vhost:
        content => template('profile/kibana/httpd_proxy/apache.conf.erb'),
    }
}