Puppet Class: profile::thanos::httpd

Defined in:
modules/profile/manifests/thanos/httpd.pp

Overview

Parameters:

  • query_port (Stdlib::Port::Unprivileged) (defaults to: lookup('profile::thanos::httpd::query_port'))
  • maxconn (Integer) (defaults to: lookup('profile::thanos::httpd::maxconn'))
  • rule_hosts (Hash[Stdlib::Fqdn, Hash]) (defaults to: lookup('profile::thanos::rule_hosts'))
  • oidc_sso (Boolean) (defaults to: lookup('profile::thanos::oidc_sso_enabled', { 'default_value' => false }))


16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
# File 'modules/profile/manifests/thanos/httpd.pp', line 16

class profile::thanos::httpd (
    Stdlib::Port::Unprivileged $query_port = lookup('profile::thanos::httpd::query_port'),
    Integer                    $maxconn    = lookup('profile::thanos::httpd::maxconn'),
    Hash[Stdlib::Fqdn, Hash]   $rule_hosts = lookup('profile::thanos::rule_hosts'),
    Boolean                    $oidc_sso   = lookup('profile::thanos::oidc_sso_enabled', { 'default_value' => false }),
) {
    class { 'httpd':
        modules => ['proxy_http', 'lbmethod_byrequests', 'allowmethods', 'rewrite'],
    }

    if ($oidc_sso) {
        # auth_cas needs to be disabled for $oidc_sso to go
        # from false to true (i.e. opting in to OIDC SSO)
        httpd::mod_conf { 'auth_cas':
            ensure => absent,
        }

        include profile::thanos::oidc
    } else {
        profile::idp::client::httpd::site {'thanos.wikimedia.org':
            vhost_content    => 'profile/idp/client/httpd-thanos.erb',
            proxied_as_https => true,
            document_root    => '/var/www/html',
            required_groups  => [
                'cn=wmf,ou=groups,dc=wikimedia,dc=org',
                'cn=nda,ou=groups,dc=wikimedia,dc=org',
            ],
            vhost_settings   => {
                query_port      => $query_port,
                maxconn         => $maxconn,
                bucket_web_port => 15902,
                rule_hosts      => $rule_hosts,
                rule_port       => 17902,
            }
        }
    }

    httpd::site { 'thanos-query':
        content => template('profile/thanos/httpd.conf.erb'),
    }

    ferm::service { 'thanos_httpd':
        proto  => 'tcp',
        port   => 80,
        srange => '$DOMAIN_NETWORKS',
    }

    profile::auto_restarts::service { 'apache2': }
    profile::auto_restarts::service { 'envoyproxy': }
}