Puppet Class: profile::terraform::registry

Defined in:
modules/profile/manifests/terraform/registry.pp

Summary

Server to host terraform.wmcloud.org/registry

Overview

SPDX-License-Identifier: Apache-2.0

Parameters:

  • $uploader_group

    Unix group of users who can upload new files

  • uploader_group (String) (defaults to: lookup('profile::terraform::registry::uploader_group', {default_value => 'root'})) 


4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
 
# File 'modules/profile/manifests/terraform/registry.pp', line 4

class profile::terraform::registry (
  String $uploader_group = lookup('profile::terraform::registry::uploader_group', {default_value => 'root'}),
) {
  class { 'httpd':
    modules => ['proxy', 'proxy_uwsgi'],
  }

  httpd::site { 'terraform.wmcloud.org':
    content => template('profile/terraform/registry/vhost.conf.erb'),
  }

  ensure_packages(['python3-flask', 'python3-semver'])

  file { '/usr/local/bin/tf-registry-uwsgi.py':
    source => 'puppet:///modules/profile/terraform/registry/tf-registry-uwsgi.py',
    mode   => '0555',
  }

  uwsgi::app { 'tf-registry':
    settings  => {
      uwsgi => {
        plugins            => 'python3',
        master             => true,
        socket             => '/run/uwsgi/tf-registry.sock',
        mount              => '/tf-registry=/usr/local/bin/tf-registry-uwsgi.py',
        callable           => 'app',
        manage-script-name => true,
        workers            => 4,
      },
    },
    subscribe => File['/usr/local/bin/tf-registry-uwsgi.py'],
  }

  wmflib::dir::mkdir_p([
    '/srv/terraform-registry/config',
    '/srv/terraform-registry/config/providers',
    '/srv/terraform-registry/files',
  ], {
    owner => 'root',
    group => $uploader_group,
    # enable setgid to ensure people can edit the config files created by others
    mode  => '2775',
  })
}