Puppet Class: profile::puppetboard

Defined in:
modules/profile/manifests/puppetboard.pp

Overview

Class: profile::puppetboard

This profile installs all the Puppetboard related parts as WMF requires it

Actions:

Deploy Puppetboard
Install apache, uwsgi, configure reverse proxy to uwsgi

Sample Usage:

include ::profile::puppetboard

Parameters:

  • puppetdb_host (String) (defaults to: hiera('puppetdb_host'))
  • flask_secret_key (String) (defaults to: hiera('profile::puppetboard::flask_secret_key')) 


12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
 
# File 'modules/profile/manifests/puppetboard.pp', line 12

class profile::puppetboard (
    String $puppetdb_host    = hiera('puppetdb_host'),
    String $flask_secret_key = hiera('profile::puppetboard::flask_secret_key'),
) {
    $port = 8001
    $base_path = '/srv/deployment/puppetboard'
    $config_path = "${base_path}/deploy"
    $venv_path = "${base_path}/venv"
    $directory = "${venv_path}/lib/python3.5/site-packages/puppetboard"
    $puppet_ssl_dir = puppet_ssldir()

    require_package('make', 'python3-pip', 'virtualenv')

    # rsyslog forwards json messages sent to localhost along to logstash via kafka
    class { '::profile::rsyslog::udp_json_logback_compat': }


    file { "${base_path}/settings.py":
        ensure  => present,
        owner   => 'deploy-puppetboard',
        group   => 'www-data',
        mode    => '0440',
        content => template('profile/puppetboard/settings.py.erb'),
        before  => Uwsgi::App['puppetboard'],
        notify  => Service['uwsgi-puppetboard'],
    }

    # Puppetboard is controlled via a custom systemd unit (uwsgi-puppetboard),
    # so avoid the generic uwsgi sysvinit script shipped in the Debian package
    exec { 'mask_default_uwsgi_puppetboard':
        command => '/bin/systemctl mask uwsgi.service',
        creates => '/etc/systemd/system/uwsgi.service',
    }

    service::uwsgi { 'puppetboard':
        port            => $port,
        no_workers      => 4,
        deployment_user => 'deploy-puppetboard',
        config          => {
            need-plugins => 'python3',
            chdir        => $directory,
            venv         => $venv_path,
            wsgi         => 'puppetboard.wsgi',
            buffer-size  => 8096,
            vacuum       => true,
            http-socket  => "127.0.0.1:${port}",
            # T164034: make sure Python has a sane default encoding
            env          => [
                'LANG=C.UTF-8',
                'LC_ALL=C.UTF-8',
                'PYTHONENCODING=utf-8',
            ],
        },
        healthcheck_url => '/',
        icinga_check    => false,
        sudo_rules      => [
            'ALL=(root) NOPASSWD: /usr/sbin/service uwsgi-puppetboard restart',
            'ALL=(root) NOPASSWD: /usr/sbin/service uwsgi-puppetboard start',
            'ALL=(root) NOPASSWD: /usr/sbin/service uwsgi-puppetboard status',
            'ALL=(root) NOPASSWD: /usr/sbin/service uwsgi-puppetboard stop',
        ],
    }

    base::service_auto_restart { 'uwsgi-puppetboard': }

    ferm::service { 'apache2-http':
        proto => 'tcp',
        port  => '80',
    }

    class { '::httpd':
        modules => ['headers', 'rewrite', 'proxy', 'proxy_http'],
    }

    class {'profile::idp::client::httpd':
        document_root => $directory,
    }
}