Puppet Class: profile::superset
- Defined in:
- modules/profile/manifests/superset.pp
Overview
- secret_key
-
flask secret key
- password_mapping
-
Hash of sqlalchemy URIs to passwords. This will be used for the SQLALCHEMY_CUSTOM_PASSWORD_STORE, to allow for passwords to external databases to be provided via configuration, rather than the web UI.
- ldap_proxy_enabled
-
If true, an Apache HTTP proxy will be configured to authenticate users with WMF (labs) LDAP. Only users in the 'wmf' and 'nda' LDAP groups will be allowed to authenticate. This will configure superset with AUTH_TYPE = AUTH_REMOTE_USER, and the authenticated HTTP remote user will be used to log into superset.
- statsd
-
statsd host:port
- metadata_cache_uri
-
If set, this is used to configure the superset metadata cache. Multiple backends are available but only memcached is supported here.
- data_cache_uri
-
If set, this is used to configure the superset data cache with the results of queries. Multiple backends are available but only memcached is supported here.
46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 |
# File 'modules/profile/manifests/superset.pp', line 46
class profile::superset(
Integer $workers = lookup('profile::superset::workers', { 'default_value' => 1 }),
String $database_uri = lookup('profile::superset::database_uri', { 'default_value' => 'sqlite:////var/lib/superset/superset.db' }),
Optional[String] $database_password = lookup('profile::superset::database_password', { 'default_value' => undef }),
String $admin_user = lookup('profile::superset::admin_user', { 'default_value' => 'admin' }),
String $admin_password = lookup('profile::superset::admin_password', { 'default_value' => 'admin' }),
String $secret_key = lookup('profile::superset::secret_key', { 'default_value' => 'not_really_a_secret_key' }),
Boolean $ldap_proxy_enabled = lookup('profile::superset::ldap_proxy_enabled', { 'default_value' => false }),
Optional[String] $statsd = lookup('statsd', { 'default_value' => undef }),
String $gunicorn_app = lookup('profile::superset::gunicorn_app', { 'default_value' => 'superset.app:create_app()' }),
Boolean $enable_cas = lookup('profile::superset::enable_cas'),
Optional[String] $metadata_cache_uri = lookup('profile::superset::metadata_cache_uri', { 'default_value' => undef }),
Optional[String] $data_cache_uri = lookup('profile::superset::data_cache_uri', { 'default_value' => undef })
) {
ensure_packages('libmariadb3')
# If given $database_password, insert it into $database_uri.
$full_database_uri = $database_password ? {
undef => $database_uri,
default => regsubst($database_uri, '(\w+)://(\w*)@(.*)', "\\1://\\2:${database_password}@\\3")
}
if $ldap_proxy_enabled {
# Include the Superset HTTP WMF LDAP auth proxy
include ::profile::superset::proxy
# Use AUTH_REMOTE_USER if we are using
# LDAP authenticated HTTP proxy.
$auth_type = 'AUTH_REMOTE_USER'
# Allow authenticated users (via ldap) to auto register
# for superset in the 'Alpha' role.
$auth_settings = {
'AUTH_USER_REGISTRATION' => 'True',
'AUTH_USER_REGISTRATION_ROLE' => 'Alpha',
}
}
else {
$auth_type = undef
$auth_settings = undef
}
if $::realm == 'production' {
# Use MySQL research user to access mysql DBs.
include ::passwords::mysql::research
$password_mapping = {
# MediaWiki analytics slave database.
"mysql://${::passwords::mysql::research::user}@analytics-store.eqiad.wmnet" =>
$::passwords::mysql::research::pass,
# EventLogging mysql slave database.
"mysql://${::passwords::mysql::research::user}@analytics-slave.eqiad.wmnet/log" =>
$::passwords::mysql::research::pass,
# new cluster, staging
"mysql://${::passwords::mysql::research::user}@staging-db-analytics.eqiad.wmnet:3350/staging" =>
$::passwords::mysql::research::pass,
# new cluster, wikishared
"mysql://${::passwords::mysql::research::user}@dbstore1005.eqiad.wmnet:3320/wikishared" =>
$::passwords::mysql::research::pass,
}
}
else {
$password_mapping = undef
}
class { '::superset':
workers => $workers,
worker_class => 'gevent',
database_uri => $full_database_uri,
secret_key => $secret_key,
admin_user => $admin_user,
admin_password => $admin_password,
auth_type => $auth_type,
auth_settings => $auth_settings,
password_mapping => $password_mapping,
statsd => $statsd,
gunicorn_app => $gunicorn_app,
enable_cas => $enable_cas,
metadata_cache_uri => $metadata_cache_uri,
data_cache_uri => $data_cache_uri,
}
monitoring::service { 'superset':
description => 'superset',
check_command => "check_tcp!${::superset::port}",
require => Class['::superset'],
contact_group => 'victorops-analytics',
notes_url => 'https://wikitech.wikimedia.org/wiki/Analytics/Systems/Superset',
}
file { '/usr/local/bin/check_superset_http':
ensure => present,
mode => '0555',
owner => 'root',
group => 'root',
source => 'puppet:///modules/superset/check_superset_http.sh',
}
if $enable_cas {
$user_header = 'X-Cas-Uid'
} else {
$user_header = 'X-Remote-User'
}
nrpe::monitor_service { 'check_superset_http':
nrpe_command => "/usr/local/bin/check_superset_http ${user_header}",
description => 'Check that superset http server is responding ok',
require => File['/usr/local/bin/check_superset_http'],
contact_group => 'victorops-analytics',
notes_url => 'https://wikitech.wikimedia.org/wiki/Analytics/Systems/Superset',
}
}
|