Puppet Class: query_service::common

Defined in:
modules/query_service/manifests/common.pp

Overview

Class: query_service::common

Note: setup environment for query service. Dump data must be loaded manually.

Parameters:

  • $deploy_mode: whether scap deployment is being used or git for autodeployment.

  • $username: Username owning the service.

  • $endpoint: External endpoint name.

  • $package_dir: Directory where the service should be installed.

  • $data_dir: Directory where the database should be stored.

  • $log_dir: Directory where the logs go.

  • $categories_endpoint: Endpoint which category scripts will be using.

Parameters:

  • deploy_mode (Query_service::DeployMode)
  • username (String)
  • deploy_user (String)
  • endpoint (String)
  • deploy_name (String)
  • package_dir (Stdlib::Unixpath)
  • data_dir (Stdlib::Unixpath)
  • log_dir (Stdlib::Unixpath)
  • categories_endpoint (Stdlib::Httpurl)


13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
# File 'modules/query_service/manifests/common.pp', line 13

class query_service::common(
    Query_service::DeployMode $deploy_mode,
    String $username,
    String $deploy_user,
    String $endpoint,
    String $deploy_name,
    Stdlib::Unixpath $package_dir,
    Stdlib::Unixpath $data_dir,
    Stdlib::Unixpath $log_dir,
    Stdlib::Httpurl $categories_endpoint,
) {
    include ::query_service::packages

    $autodeploy_log_dir = "/var/log/${deploy_name}-autodeploy"

    case $deploy_mode {

        'scap3': {
            class {'::query_service::deploy::scap':
                deploy_user => $deploy_user,
                username    => $username,
                package_dir => $package_dir,
                deploy_name => $deploy_name,
            }
        }

        'manual': {
            class {'::query_service::deploy::manual':
                deploy_user => $deploy_user,
                package_dir => $package_dir,
                deploy_name => $deploy_name,
            }
        }

        'autodeploy': {
            class { '::query_service::deploy::autodeploy':
                deploy_user        => $deploy_user,
                package_dir        => $package_dir,
                autodeploy_log_dir => $autodeploy_log_dir,
                deploy_name        => $deploy_name,
            }
        }

        default: { }
    }

    $data_file = "${data_dir}/wikidata.jnl"

    group { $username:
        ensure => present,
        system => true,
    }

    user { $username:
        ensure     => present,
        name       => $username,
        comment    => 'Blazegraph user',
        forcelocal => true,
        system     => true,
        home       => $data_dir,
        managehome => no,
    }

    file { $log_dir:
        ensure => directory,
        owner  => $username,
        group  => 'root',
        mode   => '0775',
    }

    # If we have data in separate dir, make link in package dir
    if $data_dir != $package_dir {
        file { $data_dir:
            ensure => directory,
            owner  => $username,
            group  => 'wikidev',
            mode   => '0775',
        }
    }

    # putting dumps into the data dir since they're large
    file { "${data_dir}/dumps":
        ensure => directory,
        owner  => $username,
        group  => 'wikidev',
        mode   => '0775',
        tag    => 'in-wdqs-data-dir',
    }

    # This is a rather ugly hack to ensure that permissions of $data_file are
    # managed, but that the file is not created by puppet. If that file does
    # not exist, puppet will raise an error and skip the File[$data_file]
    # resource (and only that resource). It means that puppet will be in error
    # until data import is started, but that's a reasonable behaviour.
    # This works as:
    # if $data_file dose not exist then:
    #    * this resource state is not clean so run the command
    #    * command returns false so the resource fales
    #    * file{$data_file} resource dose not run as a dependecy fails
    # else
    #  The file exists so the exec resource state is clean and dose not need to run command
    #  This causes the exec resource to succeed without running command
    #  and so the file can mange permissions
    exec { "${data_file} exists":
        command => '/bin/false',
        creates => $data_file,
    }
    file { $data_file:
        ensure  => file,
        owner   => $username,
        group   => $username,
        mode    => '0664',
        require => Exec["${data_file} exists"],
        tag     => 'in-wdqs-data-dir',
    }

    $config_dir_group = $deploy_mode ? {
        'scap3'    => $deploy_user,
        default => 'root',
    }

    file { "/etc/${deploy_name}":
        ensure => directory,
        owner  => 'root',
        group  => $config_dir_group,
        mode   => '0775',
    }

    file { "/etc/${deploy_name}/vars.yaml":
        ensure  => present,
        content => template('query_service/vars.yaml.erb'),
        owner   => 'root',
        group   => 'root',
        mode    => '0644',
    }

    # GC logs rotation is done by the JVM, but on JVM restart, the logs left by
    # the previous instance are left alone. This cron takes care of cleaning up
    # GC logs older than 30 days.
    cron { 'query-service-gc-log-cleanup':
      ensure  => present,
      minute  => 12,
      hour    => 2,
      command => "find /var/log/${deploy_name} -name '${deploy_name}-*_jvm_gc.*.log*' -mtime +30 -delete",
    }

}