Puppet Class: puppetmaster::geoip

Defined in:
modules/puppetmaster/manifests/geoip.pp

Overview

Fetch the GeoIP databases into puppet's volatile dir, so that other hosts can then just sync that directory into their own /usr/share/GeoIP via a normal puppet File resource (see the geoip module for more)

Parameters:

  • fetch_private (Boolean) (defaults to: true)
  • use_proxy (Boolean) (defaults to: true)
  • ca_server (Stdlib::Host) (defaults to: $facts['fqdn'])


4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
# File 'modules/puppetmaster/manifests/geoip.pp', line 4

class puppetmaster::geoip(
    Boolean $fetch_private = true,
    Boolean $use_proxy = true,
    Stdlib::Host $ca_server = $facts['fqdn'],
){

    $geoip_destdir = "${puppetmaster::volatiledir}/GeoIP"

    # geoip::data classes depend on this
    file { $geoip_destdir:
        ensure => directory,
    }

    if $use_proxy {
        $webproxy = "http://webproxy.${::site}.wmnet:8080"
    } else {
        $webproxy = undef
    }

    # Fetch the proprietary paid-for MaxMind database
    if $fetch_private {

        # FIXME: password classes should not be used within other modules
        include ::passwords::geoip # lint:ignore:wmf_styleguide

        class { '::geoip::data::maxmind':
            data_directory => $geoip_destdir,
            proxy          => $webproxy,
            ca_server      => $ca_server,
            user_id        => $passwords::geoip::user_id,
            license_key    => $passwords::geoip::license_key,
            product_ids    => [
                'GeoIP2-City',
                'GeoIP2-Connection-Type',
                'GeoIP2-Country',
                'GeoIP2-ISP',
                ],
        }

        # T288844
        $geoip_destdir_ipinfo = "${puppetmaster::volatiledir}/GeoIPInfo"

        file { $geoip_destdir_ipinfo:
            ensure => directory,
        }

        # FIXME: modules should not use other modules directly
        class { 'geoip::data::maxmind::ipinfo': # lint:ignore:wmf_styleguide
            data_directory => $geoip_destdir_ipinfo,
            proxy          => $webproxy,
            ca_server      => $ca_server,
            user_id        => $passwords::geoip::user_id_ipinfo,
            license_key    => $passwords::geoip::license_key_ipinfo,
            product_ids    => [
                'GeoIP2-Anonymous-IP',
                'GeoIP2-Enterprise',
                ],
        }

    } else {
    # fall back to public legacy databases
        class { '::geoip::data::maxmind':
            data_directory => $geoip_destdir,
            proxy          => $webproxy,
            product_ids    => [
                'GeoLite2-Country',
                'GeoLite2-City',
                ],
        }

        # If using public databases also install compatibility symlinks so that users
        # can use the stable paths GeoIP.dat/GeoIPCity.dat between labs and production
        file { "${geoip_destdir}/GeoIP.dat":
            ensure => link,
            target => 'GeoLiteCountry.dat',
        }
        file { "${geoip_destdir}/GeoIPCity.dat":
            ensure => link,
            target => 'GeoLiteCity.dat',
        }
        file { "${geoip_destdir}/GeoIP2-Country.mmdb":
            ensure => link,
            target => 'GeoLite2-Country.mmdb',
        }
        file { "${geoip_destdir}/GeoIP2-City.mmdb":
            ensure => link,
            target => 'GeoLite2-City.mmdb',
        }
    }
}