Puppet Class: profile::wmcs::services::toolsdb_replica_cnf

Defined in:
modules/profile/manifests/wmcs/services/toolsdb_replica_cnf.pp

Overview

SPDX-License-Identifier: Apache-2.0

Parameters:

  • user (String) (defaults to: lookup('profile::wmcs::services::toolsdb_replica_cnf::user'))
  • secret_key (String) (defaults to: lookup('profile::wmcs::services::toolsdb_replica_cnf::secret_key'))
  • tools_replica_cnf_path (String) (defaults to: lookup('profile::wmcs::services::toolsdb_replica_cnf::tools_replica_cnf_path'))
  • paws_replica_cnf_path (String) (defaults to: lookup('profile::wmcs::services::toolsdb_replica_cnf::paws_replica_cnf_path'))
  • others_replica_cnf_path (String) (defaults to: lookup('profile::wmcs::services::toolsdb_replica_cnf::others_replica_cnf_path'))
  • htpassword (String) (defaults to: lookup('profile::wmcs::services::toolsdb_replica_cnf::htpassword'))
  • htpassword_salt (String) (defaults to: lookup('profile::wmcs::services::toolsdb_replica_cnf::htpassword_salt'))


2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
# File 'modules/profile/manifests/wmcs/services/toolsdb_replica_cnf.pp', line 2

class profile::wmcs::services::toolsdb_replica_cnf(
    String $user                    = lookup('profile::wmcs::services::toolsdb_replica_cnf::user'),
    String $secret_key              = lookup('profile::wmcs::services::toolsdb_replica_cnf::secret_key'),
    String $tools_replica_cnf_path  = lookup('profile::wmcs::services::toolsdb_replica_cnf::tools_replica_cnf_path'),
    String $paws_replica_cnf_path   = lookup('profile::wmcs::services::toolsdb_replica_cnf::paws_replica_cnf_path'),
    String $others_replica_cnf_path = lookup('profile::wmcs::services::toolsdb_replica_cnf::others_replica_cnf_path'),
    String $htpassword              = lookup('profile::wmcs::services::toolsdb_replica_cnf::htpassword'),
    String $htpassword_salt         = lookup('profile::wmcs::services::toolsdb_replica_cnf::htpassword_salt')
) {

    $www_data                      = 'www-data'
    $modules_uri                   = 'puppet:///modules/'
    $base_path                     = "/home/${user}"
    $api_service_base_path         = "${base_path}/replica_cnf_api_service"
    $api_service_app_path          = "${api_service_base_path}/replica_cnf_api_service"
    $api_service_app_path_in_repo  = "${modules_uri}profile/wmcs/nfs/replica_cnf_api_service/replica_cnf_api_service"
    $api_service_app_instance_path = "${api_service_app_path}/instance"
    $api_service_app_config_path   = "${api_service_app_instance_path}/config.py"
    $executables_paths             = '/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin'
    $metrics_dir                   = '/run/toolsdb-replica-cnf-metrics'
    $htpassword_file               = '/etc/nginx/toolsdb-replica-cnf.htpasswd';
    $htpassword_hash               = htpasswd($htpassword, $htpassword_salt);

    package { 'flask':
        ensure   => installed,
        name     => 'Flask>=2.0.0,<2.1.0',
        provider => 'pip3',
    }

    user { $user:
        ensure => present,
        system => true,
    }

    file { [$base_path, $api_service_base_path]:
        ensure  => 'directory',
        owner   => $user,
        group   => $www_data,
        require => User[ $user ],
    }

    file { $api_service_app_path:
        ensure  => 'directory',
        owner   => $user,
        group   => $www_data,
        require => File[ $base_path, $api_service_base_path ],
        recurse => true,
        source  => $api_service_app_path_in_repo,
        }

    file { $api_service_app_instance_path:
        ensure  => 'directory',
        owner   => $user,
        group   => $www_data,
        require => File[ $api_service_app_path ]
    }

    file { $api_service_app_config_path:
        ensure  => 'file',
        owner   => $user,
        group   => $www_data,
        require => File[ $api_service_app_path ],
        content => join([
                        "SECRET_KEY = '${secret_key}'",
                        "TOOLS_REPLICA_CNF_PATH = '${tools_replica_cnf_path}'",
                        "PAWS_REPLICA_CNF_PATH = '${paws_replica_cnf_path}'",
                        "OTHERS_REPLICA_CNF_PATH = '${others_replica_cnf_path}'"
                        ], "\n")
    }

    # ensure that auth files folders exist
    wmflib::dir::mkdir_p([
        $tools_replica_cnf_path,
        $paws_replica_cnf_path,
        $others_replica_cnf_path], {
        owner => $user,
        group => $www_data,
    })

    # Needed for prometheus exporter to share metrics between uwsgi processes
    file { $metrics_dir:
        ensure => 'directory',
        owner  => $www_data,
        group  => $www_data,
    }

    systemd::tmpfile { 'toolsdb-replica-cnf-shared-metrics':
        content => "d ${metrics_dir} 0755 ${www_data} ${www_data}",
    }

    uwsgi::app { 'toolsdb-replica-cnf-web':
        ensure             => 'present',
        subscribe          => [
            Package['flask'],
            File[ $api_service_base_path ],
            ],
        settings           => {
            uwsgi              => {
                'plugins'      => 'python3',
                'socket'       => '/run/uwsgi/toolsdb-replica-cnf-web.sock',
                'module'       => 'views:app',
                'chmod-socket' => 664,
                'die-on-term'  => true,
                'vacuum'       => true,
                'master'       => true,
                'processes'    => 8,
                'chdir'        => $api_service_app_path,
                'env'          => [
                    # fix prometheus exporter for multiple uwsgi processes/workers
                    "PROMETHEUS_MULTIPROC_DIR=${metrics_dir}",
                ],
            },
        },
        extra_systemd_opts => {
            'ExecStartPre' => [
                # Clear out metrics caches for previous runs
                "/bin/bash -c \"rm -rf ${metrics_dir}/*\"",
            ],
        },
    }

    file { $htpassword_file:
            content => "${user}:${htpassword_hash}",
            owner   => $www_data,
            group   => $www_data,
            mode    => '0440',
            before  => Service['nginx'],
            require => Package['nginx-common'],
    }

    nginx::site { 'toolsdb-replica-cnf-web-nginx':
        require => Uwsgi::App['toolsdb-replica-cnf-web'],
        content => template('profile/wmcs/nfs/toolsdb-replica-cnf-web.nginx.erb'),
    }

#    Install tmpreaper to clean up tempfiles leaked by xlsxwriter
#    T238375
#    package { 'tmpreaper':
#        ensure => 'installed',
#    }
#    file { '/etc/tmpreaper.conf':
#        owner   => 'root',
#        group   => 'root',
#        mode    => '0444',
#        source  => 'puppet:///modules/profile/toolsdb_replica_cnf/tmpreaper.conf',
#        require => Package['tmpreaper'],
#    }
}