Puppet Class: profile::openstack::main::cumin::target

Defined in:
modules/profile/manifests/openstack/main/cumin/target.pp

Overview

profile::openstack::main::cumin::target

Profile to allow a Cumin master for WMCS or a specific Cloud VPS project to connect to this Cloud VPS instance.

Hiera Parameters required for a project-specific Cumin target

profile::openstack::main::cumin::project_masters

An array with the list of IPs of the Cumin master(s)

profile::openstack::main::cumin::project_pub_key

The SSH public key used by Cumin master

Parameters:

  • auth_group (Any) (defaults to: hiera('profile::openstack::main::cumin::auth_group'))
  • project_masters (Any) (defaults to: hiera('profile::openstack::main::cumin::project_masters'))
  • project_pub_key (Any) (defaults to: hiera('profile::openstack::main::cumin::project_pub_key'))
  • cluster (Any) (defaults to: hiera('cluster', 'misc'))
  • site (Any) (defaults to: $::site)


14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
# File 'modules/profile/manifests/openstack/main/cumin/target.pp', line 14

class profile::openstack::main::cumin::target(
    $auth_group = hiera('profile::openstack::main::cumin::auth_group'),
    $project_masters = hiera('profile::openstack::main::cumin::project_masters'),
    $project_pub_key = hiera('profile::openstack::main::cumin::project_pub_key'),
    $cluster = hiera('cluster', 'misc'),
    $site = $::site,  # lint:ignore:wmf_styleguide
) {
    require ::network::constants

    # Include cumin::selector on all cumin targets so that
    # the get_clusters puppet function will get results when calling
    # query_resources.
    class { '::cumin::selector':
        cluster => $cluster,
        site    => $site,
    }

    validate_array($project_masters)

    if $auth_group == 'cumin_masters' {
        $ssh_authorized_sources_list = $::network::constants::special_hosts[$::realm][$auth_group]
    } else {
        # Authorize both the default cumin masters and the custom config, required for proxies.
        $ssh_authorized_sources_list = concat(
            $::network::constants::special_hosts[$::realm]['cumin_masters'],
            $::network::constants::special_hosts[$::realm][$auth_group])
    }

    $ssh_authorized_sources = join($ssh_authorized_sources_list, ',')
    $ssh_project_authorized_sources = join($project_masters, ',')
    $ssh_project_ferm_sources = join($project_masters, ' ')
    $pub_key = secret('keyholder/cumin_openstack_master.pub')

    ssh::userkey { 'root-cumin':
        ensure  => present,
        user    => 'root',
        skey    => 'cumin',
        content => template('profile/openstack/main/cumin/userkey.erb'),
    }

    if $ssh_project_ferm_sources != '' {
        ::ferm::service { 'ssh-from-cumin-project-masters':
            proto  => 'tcp',
            port   => '22',
            srange => "(${ssh_project_ferm_sources})",
        }
    }
}