Puppet Class: profile::puppetboard

Defined in:
modules/profile/manifests/puppetboard.pp

Overview

Actions:

Deploy Puppetboard
Install apache, uwsgi, configure reverse proxy to uwsgi

Sample Usage:

include profile::puppetboard

Parameters:

  • ensure (Wmflib::Ensure) (defaults to: lookup('profile::puppetboard::ensure'))
  • vhost (Stdlib::Fqdn) (defaults to: lookup('profile::puppetboard::vhost'))
  • vhost_staging (Optional[Stdlib::Fqdn]) (defaults to: lookup('profile::puppetboard::vhost_staging'))
  • puppetdb_host (Stdlib::Host) (defaults to: lookup('profile::puppetboard::puppetdb_host'))
  • puppetdb_port (Stdlib::Port) (defaults to: lookup('profile::puppetboard::puppetdb_port'))
  • puppetdb_ssl_verify (Puppetboard::SSL_verify) (defaults to: lookup('profile::puppetboard::puppetdb_ssl_verify'))
  • puppetdb_cert (Optional[Stdlib::Unixpath]) (defaults to: lookup('profile::puppetboard::puppetdb_cert'))
  • puppetdb_key (Optional[Stdlib::Unixpath]) (defaults to: lookup('profile::puppetboard::puppetdb_key'))
  • puppetdb_proto (Optional[Enum['http', 'https']]) (defaults to: lookup('profile::puppetboard::puppetdb_proto'))
  • page_title (String) (defaults to: lookup('profile::puppetboard:page_title'))
  • localise_timestamp (Boolean) (defaults to: lookup('profile::puppetboard::localise_timestamp'))
  • enable_catalog (Boolean) (defaults to: lookup('profile::puppetboard::enable_catalog'))
  • graph_type (String) (defaults to: lookup('profile::puppetboard::graph_type'))
  • graph_facts_override (Array[String]) (defaults to: lookup('profile::puppetboard::graph_facts_override'))
  • query_endpoints_override (Array[String]) (defaults to: lookup('profile::puppetboard::query_endpoints_override'))
  • inventory_facts_override (Hash[String, String]) (defaults to: lookup('profile::puppetboard::inventory_facts_override'))
  • secret_key (Optional[String]) (defaults to: lookup('profile::puppetboard::secret_key'))


12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
# File 'modules/profile/manifests/puppetboard.pp', line 12

class profile::puppetboard (
    Wmflib::Ensure                  $ensure                   = lookup('profile::puppetboard::ensure'),
    Stdlib::Fqdn                    $vhost                    = lookup('profile::puppetboard::vhost'),
    Optional[Stdlib::Fqdn]          $vhost_staging            = lookup('profile::puppetboard::vhost_staging'),
    # puppet db settings
    Stdlib::Host                    $puppetdb_host            = lookup('profile::puppetboard::puppetdb_host'),
    Stdlib::Port                    $puppetdb_port            = lookup('profile::puppetboard::puppetdb_port'),
    Puppetboard::SSL_verify         $puppetdb_ssl_verify      = lookup('profile::puppetboard::puppetdb_ssl_verify'),
    Optional[Stdlib::Unixpath]      $puppetdb_cert            = lookup('profile::puppetboard::puppetdb_cert'),
    Optional[Stdlib::Unixpath]      $puppetdb_key             = lookup('profile::puppetboard::puppetdb_key'),
    Optional[Enum['http', 'https']] $puppetdb_proto           = lookup('profile::puppetboard::puppetdb_proto'),
    # Application settings
    String                          $page_title               = lookup('profile::puppetboard:page_title'),
    Boolean                         $localise_timestamp       = lookup('profile::puppetboard::localise_timestamp'),
    Boolean                         $enable_catalog           = lookup('profile::puppetboard::enable_catalog'),
    String                          $graph_type               = lookup('profile::puppetboard::graph_type'),
    Array[String]                   $graph_facts_override     = lookup('profile::puppetboard::graph_facts_override'),
    Array[String]                   $query_endpoints_override = lookup('profile::puppetboard::query_endpoints_override'),
    Hash[String, String]            $inventory_facts_override = lookup('profile::puppetboard::inventory_facts_override'),
    Optional[String]                $secret_key               = lookup('profile::puppetboard::secret_key'),

) {
    $uwsgi_port = 8001
    # rsyslog forwards json messages sent to localhost along to logstash via kafka
    include profile::rsyslog::udp_json_logback_compat
    class {'puppetboard':
        ensure                   => $ensure,
        puppetdb_host            => $puppetdb_host,
        puppetdb_port            => $puppetdb_port,
        puppetdb_ssl_verify      => $puppetdb_ssl_verify,
        puppetdb_cert            => $puppetdb_cert,
        puppetdb_key             => $puppetdb_key,
        puppetdb_proto           => $puppetdb_proto,
        page_title               => $page_title,
        localise_timestamp       => $localise_timestamp,
        enable_catalog           => $enable_catalog,
        graph_type               => $graph_type,
        graph_facts_override     => $graph_facts_override,
        query_endpoints_override => $query_endpoints_override,
        inventory_facts_override => $inventory_facts_override,
        secret_key               => $secret_key,
    }


    # Puppetboard is controlled via a custom systemd unit (uwsgi-puppetboard),
    # so avoid the generic uwsgi sysvinit script shipped in the Debian package
    systemd::mask { 'mask_default_uwsgi_puppetboard':
        unit => 'uwsgi.service',
    }
    $nrpe_check_http = {
        'hostname' => 'localhost',
        'port'     => $uwsgi_port,
    }

    service::uwsgi { 'puppetboard':
        port            => $uwsgi_port,
        deployment      => 'No Deploy',
        nrpe_check_http => $nrpe_check_http,
        no_workers      => 4,
        config          => {
            need-plugins => 'python3',
            wsgi         => 'puppetboard.wsgi',
            buffer-size  => 8096,
            vacuum       => true,
            http-socket  => "127.0.0.1:${uwsgi_port}",
            # T164034: make sure Python has a sane default encoding
            env          => [
                'LANG=C.UTF-8',
                'LC_ALL=C.UTF-8',
                'PYTHONENCODING=utf-8',
            ],
        },
    }

    # Service::Uwsgi['puppetboard'] ultimately creates Service['uwsgi-puppetboard']
    File[$puppetboard::config_file] ~> Service['uwsgi-puppetboard']
    profile::auto_restarts::service { 'uwsgi-puppetboard': }
    profile::auto_restarts::service { 'apache2': }

    ferm::service { 'apache2-http':
        proto => 'tcp',
        port  => '80',
    }

    class { 'httpd':
        modules => ['headers', 'rewrite', 'proxy', 'proxy_http'],
    }

    profile::idp::client::httpd::site { $vhost:
        # TODO: move template to hiera config
        vhost_content    => 'profile/idp/client/httpd-puppetboard-ng.erb',
        required_groups  => [
            'cn=ops,ou=groups,dc=wikimedia,dc=org',
            'cn=sre-admins,ou=groups,dc=wikimedia,dc=org',
        ],
        proxied_as_https => true,
        vhost_settings   => {'uwsgi_port' => $uwsgi_port},
    }

    if $vhost_staging {
        profile::idp::client::httpd::site { $vhost_staging:
            # TODO: move template to hiera config
            vhost_content    => 'profile/idp/client/httpd-puppetboard-ng.erb',
            required_groups  => [
                'cn=ops,ou=groups,dc=wikimedia,dc=org',
                'cn=sre-admins,ou=groups,dc=wikimedia,dc=org',
            ],
            proxied_as_https => true,
            vhost_settings   => {'uwsgi_port' => $uwsgi_port},
            environment      => 'staging',
        }
    }
}