Puppet Class: profile::toolforge::harbor

Defined in:
modules/profile/manifests/toolforge/harbor.pp

Overview

Parameters:

  • data_volume (Stdlib::Unixpath) (defaults to: lookup('profile::toolforge::harbor::data_volume', {default_value => '/srv/harbor/data'}))
  • tlscert (String) (defaults to: lookup('profile::toolforge::harbor::tlscert', {default_value => 'ec-prime256v1.chained.crt'}))
  • tlskey (String) (defaults to: lookup('profile::toolforge::harbor::tlskey', {default_value => 'ec-prime256v1.key'}))
  • tlscertdir (Stdlib::Unixpath) (defaults to: lookup('profile::toolforge::harbor::tlscertdir', {default_value => '/etc/acmecerts/toolforge/live'}))
  • cinder_attached (Boolean) (defaults to: lookup('profile::toolforge::harbor::cinder_attached', {default_value => false}))
  • harbor_init_pwd (String) (defaults to: lookup('profile::toolforge::harbor::init_pwd', {default_value => 'insecurityrules'}))
  • harbor_db_pwd (String) (defaults to: lookup('profile::toolforge::harbor::db::harbor_pwd'))
  • harbor_db_host (Stdlib::Host) (defaults to: lookup('profile::toolforge::harbor::db::primary'))
  • harbor_url (Stdlib::Fqdn) (defaults to: lookup('profile::toolforge::harbor::url'))


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
# File 'modules/profile/manifests/toolforge/harbor.pp', line 1

class profile::toolforge::harbor (
    Stdlib::Unixpath $data_volume = lookup('profile::toolforge::harbor::data_volume', {default_value => '/srv/harbor/data'}),
    String $tlscert = lookup('profile::toolforge::harbor::tlscert', {default_value => 'ec-prime256v1.chained.crt'}),
    String $tlskey = lookup('profile::toolforge::harbor::tlskey', {default_value => 'ec-prime256v1.key'}),
    Stdlib::Unixpath $tlscertdir = lookup('profile::toolforge::harbor::tlscertdir', {default_value => '/etc/acmecerts/toolforge/live'}),
    Boolean $cinder_attached = lookup('profile::toolforge::harbor::cinder_attached', {default_value => false}),
    String $harbor_init_pwd = lookup('profile::toolforge::harbor::init_pwd', {default_value => 'insecurityrules'}),
    String $harbor_db_pwd = lookup('profile::toolforge::harbor::db::harbor_pwd'),
    Stdlib::Host $harbor_db_host = lookup('profile::toolforge::harbor::db::primary'),
    Stdlib::Fqdn $harbor_url = lookup('profile::toolforge::harbor::url'),
) {
    # Easy way to get docker and such from our repos.
    require profile::wmcs::kubeadm::client
    class { 'kubeadm::docker': }

    # Useful packages and harbor runs in docker-compose
    ensure_packages(['postgresql-client', 'redis-tools', 'docker-compose'])

    acme_chief::cert { 'toolforge': }

    $tlscertfile = "${tlscertdir}/${tlscert}"
    $tlskeyfile = "${tlscertdir}/${tlskey}"
    # There must be some kind of puppet fact for this?
    if $cinder_attached {
        file { '/srv/ops':
            ensure => directory,
            owner  => 'root',
            group  => 'root',
            mode   => '0755',
        } -> file { '/srv/ops/harbor':
            ensure => directory,
            owner  => 'root',
            group  => 'root',
            mode   => '0755',
        } -> file { '/srv/ops/harbor/harbor.yml':
            ensure  => present,
            mode    => '0600',
            content => template('profile/toolforge/harbor/harbor-docker.yaml.erb'),
        }

        # The downloaded default prepare script tries to get certs by
        # mounting / and fails. We just change the volume mount. This only matters
        # on a new install, normally. New versions may need an update here.
        file { '/srv/ops/harbor/prepare':
            ensure  => present,
            mode    => '0655',
            owner   => 'root',
            group   => 'root',
            content => template('profile/toolforge/harbor/prepare.erb'),
            require => File['/srv/ops/harbor'],
        }
    }
}