Puppet Class: profile::superset::proxy

Defined in:
modules/profile/manifests/superset/proxy.pp

Overview

Class profile::superset::proxy

Sets up a WMF HTTP LDAP auth proxy.

Parameters:

  • ldap_config (Hash) (defaults to: lookup('ldap', Hash, hash, {}))
  • x_forwarded_proto (String) (defaults to: lookup('profile::superset::proxy::x_forwarded_proto', {'default_value' => 'https'}))
  • enable_cas (Boolean) (defaults to: lookup('profile::superset::enable_cas'))


5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
# File 'modules/profile/manifests/superset/proxy.pp', line 5

class profile::superset::proxy (
    Hash $ldap_config          = lookup('ldap', Hash, hash, {}),
    String $x_forwarded_proto  = lookup('profile::superset::proxy::x_forwarded_proto', {'default_value' => 'https'}),
    Boolean $enable_cas        = lookup('profile::superset::enable_cas'),
) {

    require ::profile::analytics::httpd::utils

    include ::profile::prometheus::apache_exporter

    class { '::httpd':
        modules => ['proxy_http',
                    'proxy',
                    'headers',
                    'auth_basic',
                    'authnz_ldap']
    }

    if $enable_cas {
        class {'profile::idp::client::httpd':
            vhost_settings => { 'x-forwarded-proto' => $x_forwarded_proto },
        }
    } else {
        class { '::passwords::ldap::production': }
        $proxypass = $passwords::ldap::production::proxypass
        $ldap_server_primary = $ldap_config['ro-server']
        $ldap_server_fallback = $ldap_config['ro-server-fallback']

        httpd::site { 'superset.wikimedia.org':
            content => template('profile/superset/proxy/superset.wikimedia.org.erb'),
            require => File['/var/www/health_check'],
        }
    }

    ferm::service { 'superset-http':
        proto  => 'tcp',
        port   => '80',
        srange => '$CACHES',
    }
}