Puppet Class: profile::openstack::eqiad1::cumin::target

Defined in:
modules/profile/manifests/openstack/eqiad1/cumin/target.pp

Overview

profile::openstack::eqiad1::cumin::target

Profile to allow a Cumin master for WMCS or a specific Cloud VPS project to connect to this Cloud VPS instance.

Hiera Parameters required for a project-specific Cumin target

profile::openstack::eqiad1::cumin::project_masters

An array with the list of IPs of the Cumin master(s)

profile::openstack::eqiad1::cumin::project_pub_key

The SSH public key used by Cumin master

Parameters:

  • project_masters (Array) (defaults to: lookup('profile::openstack::eqiad1::cumin::project_masters'))
  • project_pub_key (Any) (defaults to: lookup('profile::openstack::eqiad1::cumin::project_pub_key'))
  • cluster (Any) (defaults to: lookup('cluster'))
  • site (Any) (defaults to: $::site)
  • cumin_masters (Array[Stdlib::IP::Address]) (defaults to: lookup('cumin_masters', {'default_value' => []}))
  • permit_port_forwarding (Boolean) (defaults to: lookup('profile::openstack::eqiad1::cumin::permit_port_forwarding', {'default_value' => false}))


14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
# File 'modules/profile/manifests/openstack/eqiad1/cumin/target.pp', line 14

class profile::openstack::eqiad1::cumin::target(
    Array $project_masters = lookup('profile::openstack::eqiad1::cumin::project_masters'),
    $project_pub_key = lookup('profile::openstack::eqiad1::cumin::project_pub_key'),
    $cluster = lookup('cluster'),
    $site = $::site,  # lint:ignore:wmf_styleguide
    Array[Stdlib::IP::Address] $cumin_masters = lookup('cumin_masters', {'default_value' => []}),
    Boolean $permit_port_forwarding = lookup('profile::openstack::eqiad1::cumin::permit_port_forwarding',
                                            {'default_value' => false}),
) {
    require ::network::constants

    # Include cumin::selector on all cumin targets so that
    # the get_clusters puppet function will get results when calling
    # query_resources.
    class { '::cumin::selector':
        cluster => $cluster,
        site    => $site,
    }

    $ssh_authorized_sources = join($cumin_masters, ',')
    $ssh_project_authorized_sources = join($project_masters, ',')
    $ssh_project_ferm_sources = join($project_masters, ' ')
    $pub_key = secret('keyholder/cumin_openstack_master.pub')

    ssh::userkey { 'root-cumin':
        ensure  => present,
        user    => 'root',
        skey    => 'cumin',
        content => template('profile/openstack/eqiad1/cumin/userkey.erb'),
    }

    if $ssh_project_ferm_sources != '' {
        ::ferm::service { 'ssh-from-cumin-project-masters':
            proto  => 'tcp',
            port   => '22',
            srange => "(${ssh_project_ferm_sources})",
        }
    }

    # Wrapper used by cumin to reboot hosts without losing the ssh connection
    file { '/usr/local/sbin/reboot-host':
        ensure => 'present',
        owner  => 'root',
        group  => 'root',
        mode   => '0550',
        source => 'puppet:///modules/cumin/reboot-host',
    }
}