Puppet Class: profile::puppetserver::volatile

Defined in:
modules/profile/manifests/puppetserver/volatile.pp

Overview

Parameters:

  • http_proxy (Optional[Stdlib::HTTPUrl]) (defaults to: lookup('http_proxy'))
  • geoip_fetch_private (Boolean) (defaults to: lookup('profile::puppetserver::volatile::geoip_fetch_private'))
  • ip_reputation_config (Hash[String, Any]) (defaults to: lookup('profile::puppetserver::volatile::ip_reputation_config'))
  • ip_reputation_proxies (Array[String]) (defaults to: lookup('profile::puppetserver::volatile::ip_reputation_proxies')) 


12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
 
# File 'modules/profile/manifests/puppetserver/volatile.pp', line 12

class profile::puppetserver::volatile (
    Optional[Stdlib::HTTPUrl] $http_proxy            = lookup('http_proxy'),
    Boolean                   $geoip_fetch_private   = lookup('profile::puppetserver::volatile::geoip_fetch_private'),
    # Should be defined in the private repo.
    Hash[String, Any]         $ip_reputation_config  = lookup('profile::puppetserver::volatile::ip_reputation_config'),
    Array[String]             $ip_reputation_proxies = lookup('profile::puppetserver::volatile::ip_reputation_proxies'),

){
    include profile::puppetserver
    unless $profile::puppetserver::extra_mounts.has_key('volatile') {
        fail("Must define a volatile entry in profile::puppetserver::extra_mounts to use ${title}")
    }
    include profile::puppetserver::git
    unless $profile::puppetserver::git::repos.has_key('private') {
        fail("Must define a private entry in profile::puppetserver::git::repos to use ${title}")
    }
    $private_repo_path = "${profile::puppetserver::git::basedir}/private"
    $base_path            = $profile::puppetserver::extra_mounts['volatile']
    $geoip_destdir        = "${base_path}/GeoIP"
    $geoip_destdir_ipinfo = "${base_path}/GeoIPInfo"

    # Files in this folder are managed manually
    file { "${base_path}/tftpboot":
        ensure => directory,
    }

    file { '/usr/local/sbin/update-netboot-image':
        ensure => present,
        source => 'puppet:///modules/profile/puppetmaster/update-netboot-image.sh',
        mode   => '0544',
    }

    # Needed by update-netboot-image
    ensure_packages('pax')

    class { 'external_clouds_vendors':
        user         => 'root',
        manage_user  => false,
        outfile      => "${base_path}/external_cloud_vendors/public_clouds.json",
        # TODO: when puppet 7 production set to $profile::puppetserver::enable_ca
        conftool     => false,
        http_proxy   => $http_proxy,
        private_repo => $private_repo_path,
    }
    class { 'ip_reputation_vendors':
        ensure         => stdlib::ensure(!$ip_reputation_proxies.empty()),
        user           => 'root',
        manage_user    => false,
        outfile        => "${base_path}/ip_reputation_vendors/proxies.json",
        proxy_families => $ip_reputation_proxies,
        configuration  => $ip_reputation_config,
        http_proxy     => $http_proxy,
    }
    class { 'profile::swift::fetch_rings':
        volatile_dir => $base_path,
    }
    # TODO: this should probably be handeled in the geoip classes
    file { [$geoip_destdir, $geoip_destdir_ipinfo]:
        ensure => directory,
    }
    if $geoip_fetch_private {
        include passwords::geoip
        class { 'geoip::data::maxmind':
            data_directory => $geoip_destdir,
            proxy          => $http_proxy,
            ca_server      => $profile::puppetserver::ca_server,
            user_id        => $passwords::geoip::user_id,
            license_key    => $passwords::geoip::license_key,
            product_ids    => [
                'GeoIP2-City',
                'GeoIP2-Connection-Type',
                'GeoIP2-Country',
                'GeoIP2-ISP',
            ],
        }
        class { 'geoip::data::maxmind::ipinfo':
            data_directory => $geoip_destdir_ipinfo,
            proxy          => $http_proxy,
            ca_server      => $profile::puppetserver::ca_server,
            user_id        => $passwords::geoip::user_id_ipinfo,
            license_key    => $passwords::geoip::license_key_ipinfo,
            product_ids    => ['GeoIP2-Enterprise'],
        }
    } else {
        class { 'geoip::data::maxmind':
            data_directory => $geoip_destdir,
            proxy          => $http_proxy,
            product_ids    => [
                'GeoIP2-City',
                'GeoIP2-Connection-Type',
            ],
        }
    }

    puppetserver::rsync_module { 'volatile':
        path     => $base_path,
        hosts    => wmflib::class::hosts('profile::puppetserver::volatile'),
        interval => {'start' => 'OnUnitInactiveSec', 'interval' => '15m'},
    }
}