Puppet Class: profile::phabricator::aphlict

Defined in:
modules/profile/manifests/phabricator/aphlict.pp

Overview

aphlict for phabricator

Parameters:

  • ensure (Wmflib::Ensure) (defaults to: lookup('profile::phabricator::aphlict::ensure', { 'default_value' => absent }))
  • base_dir (Stdlib::Unixpath) (defaults to: lookup('aphlict_base_dir', { 'default_value' => '/srv/aphlict' }))
  • aphlict_ssl (Boolean) (defaults to: lookup('phabricator_aphlict_enable_ssl', { 'default_value' => false }))
  • aphlict_cert (Optional[Stdlib::Unixpath]) (defaults to: lookup('phabricator_aphlict_cert', { 'default_value' => undef }))
  • aphlict_key (Optional[Stdlib::Unixpath]) (defaults to: lookup('phabricator_aphlict_key', { 'default_value' => undef }))
  • aphlict_chain (Optional[Stdlib::Unixpath]) (defaults to: lookup('phabricator_aphlict_chain', { 'default_value' => undef }))
  • deploy_target (String) (defaults to: lookup('phabricator_deploy_target', { 'default_value' => 'phabricator/deployment'}))
  • deploy_user (Optional[String]) (defaults to: lookup('phabricator_deploy_user', { 'default_value' => 'phab-deploy' }))
  • manage_scap_user (Boolean) (defaults to: lookup('profile::phabricator::main::manage_scap_user', { 'default_value' => true }))
  • phabricator_server (Optional[String]) (defaults to: lookup('phabricator_server', { 'default_value' => undef }))
  • client_port (Optional[Stdlib::Port]) (defaults to: lookup('profile::phabricator::aphlict::client_port', { 'default_value' => undef }))
  • client_listen (Optional[Stdlib::IP::Address]) (defaults to: lookup('profile::phabricator::aphlict::client_listen', { 'default_value' => undef }))
  • admin_port (Optional[Stdlib::Port]) (defaults to: lookup('profile::phabricator::aphlict::admin_port', { 'default_value' => undef }))
  • admin_listen (Optional[Stdlib::IP::Address]) (defaults to: lookup('profile::phabricator::aphlict::admin_listen', { 'default_value' => undef }))


3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
# File 'modules/profile/manifests/phabricator/aphlict.pp', line 3

class profile::phabricator::aphlict (
    Wmflib::Ensure $ensure = lookup('profile::phabricator::aphlict::ensure', { 'default_value' => absent }),
    Stdlib::Unixpath $base_dir = lookup('aphlict_base_dir', { 'default_value' => '/srv/aphlict' }),
    Boolean $aphlict_ssl = lookup('phabricator_aphlict_enable_ssl', { 'default_value' => false }),
    Optional[Stdlib::Unixpath] $aphlict_cert  = lookup('phabricator_aphlict_cert', { 'default_value' => undef }),
    Optional[Stdlib::Unixpath] $aphlict_key   = lookup('phabricator_aphlict_key', { 'default_value' => undef }),
    Optional[Stdlib::Unixpath] $aphlict_chain = lookup('phabricator_aphlict_chain', { 'default_value' => undef }),
    String $deploy_target = lookup('phabricator_deploy_target', { 'default_value' => 'phabricator/deployment'}),
    Optional[String] $deploy_user = lookup('phabricator_deploy_user', { 'default_value' => 'phab-deploy' }),
    Boolean $manage_scap_user = lookup('profile::phabricator::main::manage_scap_user', { 'default_value' => true }),
    Optional[String] $phabricator_server = lookup('phabricator_server', { 'default_value' => undef }),
    Optional[Stdlib::Port] $client_port = lookup('profile::phabricator::aphlict::client_port', { 'default_value' => undef }),
    Optional[Stdlib::IP::Address] $client_listen = lookup('profile::phabricator::aphlict::client_listen', { 'default_value' => undef }),
    Optional[Stdlib::Port] $admin_port = lookup('profile::phabricator::aphlict::admin_port', { 'default_value' => undef }),
    Optional[Stdlib::IP::Address] $admin_listen = lookup('profile::phabricator::aphlict::admin_listen', { 'default_value' => undef }),
) {

    $deploy_root = "/srv/deployment/${deploy_target}"

    class { '::phabricator::aphlict':
        ensure        => $ensure,
        enable_ssl    => $aphlict_ssl,
        sslcert       => $aphlict_cert,
        sslkey        => $aphlict_key,
        sslchain      => $aphlict_chain,
        basedir       => $base_dir,
        client_port   => $client_port,
        client_listen => $client_listen,
        admin_port    => $admin_port,
        admin_listen  => $admin_listen,
    }

    ferm::service { 'notification_server':
        ensure => present,
        proto  => 'tcp',
        port   => $client_port,
    }

    scap::target { $deploy_target:
        deploy_user => $deploy_user,
        key_name    => 'phabricator',
        manage_user => $manage_scap_user,
        sudo_rules  => [
            'ALL=(root) NOPASSWD: /usr/local/sbin/phab_deploy_promote',
            'ALL=(root) NOPASSWD: /usr/local/sbin/phab_deploy_rollback',
            'ALL=(root) NOPASSWD: /usr/local/sbin/phab_deploy_finalize',
        ],
    }

    file { $base_dir:
        ensure  => 'link',
        target  => $deploy_root,
        require => Package[$deploy_target],
    }

    # needed by deployment scripts only
    ensure_packages('php-cli')

    # phabricator server needs to connect to the aphlict admin port
    ferm::service { 'phab_aphlict_admin_port':
        proto  => 'tcp',
        port   => "(${admin_port})",
        srange => "@resolve(${phabricator_server})",
    }
}