Puppet Class: profile::phabricator::aphlict

Defined in:
modules/profile/manifests/phabricator/aphlict.pp

Overview

SPDX-License-Identifier: Apache-2.0 aphlict for phabricator

Parameters:

  • ensure (Wmflib::Ensure) (defaults to: lookup('profile::phabricator::aphlict::ensure', { 'default_value' => absent }))
  • base_dir (Stdlib::Unixpath) (defaults to: lookup('aphlict_base_dir', { 'default_value' => '/srv/aphlict' }))
  • aphlict_ssl (Boolean) (defaults to: lookup('phabricator_aphlict_enable_ssl', { 'default_value' => false }))
  • aphlict_cert (Optional[Stdlib::Unixpath]) (defaults to: lookup('phabricator_aphlict_cert', { 'default_value' => undef }))
  • aphlict_key (Optional[Stdlib::Unixpath]) (defaults to: lookup('phabricator_aphlict_key', { 'default_value' => undef }))
  • aphlict_chain (Optional[Stdlib::Unixpath]) (defaults to: lookup('phabricator_aphlict_chain', { 'default_value' => undef }))
  • deploy_target (String) (defaults to: lookup('phabricator_deploy_target', { 'default_value' => 'phabricator/deployment'}))
  • deploy_user (Optional[String]) (defaults to: lookup('phabricator_deploy_user', { 'default_value' => 'phab-deploy' }))
  • manage_scap_user (Boolean) (defaults to: lookup('profile::phabricator::main::manage_scap_user', { 'default_value' => true }))
  • phabricator_active_server (Optional[Stdlib::Host]) (defaults to: lookup('phabricator_active_server', { 'default_value' => undef }))
  • client_port (Optional[Stdlib::Port]) (defaults to: lookup('profile::phabricator::aphlict::client_port', { 'default_value' => undef }))
  • client_listen (Optional[Stdlib::IP::Address]) (defaults to: lookup('profile::phabricator::aphlict::client_listen', { 'default_value' => undef }))
  • admin_port (Optional[Stdlib::Port]) (defaults to: lookup('profile::phabricator::aphlict::admin_port', { 'default_value' => undef }))
  • admin_listen (Optional[Stdlib::IP::Address]) (defaults to: lookup('profile::phabricator::aphlict::admin_listen', { 'default_value' => undef }))
  • puppet_managed_config (Boolean) (defaults to: lookup('profile::phabricator::aphlict::puppet_controlled_phabricator_config', { 'default_value' => false })) 


4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
 
# File 'modules/profile/manifests/phabricator/aphlict.pp', line 4

class profile::phabricator::aphlict (
    Wmflib::Ensure $ensure = lookup('profile::phabricator::aphlict::ensure', { 'default_value' => absent }),
    Stdlib::Unixpath $base_dir = lookup('aphlict_base_dir', { 'default_value' => '/srv/aphlict' }),
    Boolean $aphlict_ssl = lookup('phabricator_aphlict_enable_ssl', { 'default_value' => false }),
    Optional[Stdlib::Unixpath] $aphlict_cert  = lookup('phabricator_aphlict_cert', { 'default_value' => undef }),
    Optional[Stdlib::Unixpath] $aphlict_key   = lookup('phabricator_aphlict_key', { 'default_value' => undef }),
    Optional[Stdlib::Unixpath] $aphlict_chain = lookup('phabricator_aphlict_chain', { 'default_value' => undef }),
    String $deploy_target = lookup('phabricator_deploy_target', { 'default_value' => 'phabricator/deployment'}),
    Optional[String] $deploy_user = lookup('phabricator_deploy_user', { 'default_value' => 'phab-deploy' }),
    Boolean $manage_scap_user = lookup('profile::phabricator::main::manage_scap_user', { 'default_value' => true }),
    Optional[Stdlib::Host] $phabricator_active_server = lookup('phabricator_active_server', { 'default_value' => undef }),
    Optional[Stdlib::Port] $client_port = lookup('profile::phabricator::aphlict::client_port', { 'default_value' => undef }),
    Optional[Stdlib::IP::Address] $client_listen = lookup('profile::phabricator::aphlict::client_listen', { 'default_value' => undef }),
    Optional[Stdlib::Port] $admin_port = lookup('profile::phabricator::aphlict::admin_port', { 'default_value' => undef }),
    Optional[Stdlib::IP::Address] $admin_listen = lookup('profile::phabricator::aphlict::admin_listen', { 'default_value' => undef }),
    Boolean $puppet_managed_config = lookup('profile::phabricator::aphlict::puppet_controlled_phabricator_config', { 'default_value' => false }),
) {

    $deploy_root = "/srv/deployment/${deploy_target}"

    class { '::phabricator::aphlict':
        ensure        => $ensure,
        enable_ssl    => $aphlict_ssl,
        sslcert       => $aphlict_cert,
        sslkey        => $aphlict_key,
        sslchain      => $aphlict_chain,
        basedir       => $base_dir,
        client_port   => $client_port,
        client_listen => $client_listen,
        admin_port    => $admin_port,
        admin_listen  => $admin_listen,
    }

    $dummy_phab_config_deploy_vars = {
        'phabricator' => {
            'www'       => {
                'database_username' => '',
                'database_password' => '',
            },
            'mail'      => {
                'database_username' => '',
                'database_password' => '',
            },
            'phd'       => {
                'database_username' => '',
                'database_password' => '',
            },
            'vcs'       => {
                'database_username' => '',
                'database_password' => '',
            },
            'redirects' => {
                'database_username' => '',
                'database_password' => '',
                'database_host'     => '',
                'field_index'       => '',
            },
            'local'     => {
                'base_uri'                  => '',
                'alternate_file_domain'     => '',
                'mail_default_address'      => '',
                'mail_reply_handler_domain' => '',
                'phd_taskmasters'           => '',
                'ssh_host'                  => '',
                'notification_servers'      => '',
                'cluster_search'            => '',
                'cluster_mailers'           => '',
                'database_host'             => '',
                'database_port'             => '',
                'gitlab_api_key'            => '',
            },
        },
    }

    if $puppet_managed_config {
        class { '::phabricator::config':
            manage_scap_user   => $manage_scap_user,
            deploy_user        => $deploy_user,
            deploy_root        => $deploy_root,
            storage_user       => 'dummy_user',
            storage_pass       => 'dummy_pass',
            config_deploy_vars => $dummy_phab_config_deploy_vars,
        }
    } else {
        # This is managed in the phabricator::config class, so we can elide this if we're including that class
        scap::target { $deploy_target:
            deploy_user => $deploy_user,
            key_name    => 'phabricator',
            manage_user => $manage_scap_user,
            sudo_rules  => [
                'ALL=(root) NOPASSWD: /usr/local/sbin/phab_deploy_promote',
                'ALL=(root) NOPASSWD: /usr/local/sbin/phab_deploy_rollback',
                'ALL=(root) NOPASSWD: /usr/local/sbin/phab_deploy_finalize',
            ],
        }
    }

    ferm::service { 'notification_server':
        ensure => present,
        proto  => 'tcp',
        port   => $client_port,
    }

    file { $base_dir:
        ensure  => link,
        target  => $deploy_root,
        require => Package[$deploy_target],
    }

    # needed by deployment scripts only
    ensure_packages('php-cli')

    # phabricator server needs to connect to the aphlict admin port
    ferm::service { 'phab_aphlict_admin_port':
        proto  => 'tcp',
        port   => $admin_port,
        srange => [$phabricator_active_server],
    }
}