Puppet Class: superset

Defined in:
modules/superset/manifests/init.pp

Overview

An admin user with $admin_user and $admin_password will be created for you in the database. However, if you are using a custom $auth_type, this admin user will not be useable. To set up an admin user for your auth type,, run the fabmanager create-user command and add a user with details that match the user's account in whatever alternative auth you are using, minus the password. E.g.: /srv/deployment/analytics/superset/venv/bin/fabmanager create-admin –app superset –username Ottomata –email otto@wikimedia.org –firstname Andrew –lastname Otto –password BLANK This should match exactly the user in your alternative auth (e.g. LDAP), except for the password. The password here does not matter, as the value stored in the database will not be used for authentication with your alternative auth type.

Parameters

port

Port on which superset will listen for HTTP connections.

database_uri

SQL Alchemy database URI.

workers

Number of gevent workers

worker_class

Gunicorn worker-class. Default: sync

admin_user

Web UI admin user

admin_password

Web UI admin user password

secret_key

flask secret key

password_mapping

Hash of sqlalchemy URIs to passwords. This will be used for the SQLALCHEMY_CUSTOM_PASSWORD_STORE, to allow for passwords to external databases to be provided via configuration, rather than the web UI.

auth_type

An auth type from flask_appbuilder.security.manager.

auth_settings

Hash of additional auth settings to render in superset_config.py

statsd

statsd host:port

deployment_user

scap deployment user

gunicorn_app

In Superset 0.36.0+ gunicorn needs a different appname for Superset. Default is still for older releases, up to 0.35.x Default: 'superset.app'

enable_cas

Enable authentication via CAS instead of LDAP

Parameters:

  • port (Any) (defaults to: 9080)
  • database_uri (Any) (defaults to: 'sqlite:////var/lib/superset/superset.db')
  • workers (Any) (defaults to: 1)
  • worker_class (Any) (defaults to: 'sync')
  • admin_user (Any) (defaults to: 'admin')
  • admin_password (Any) (defaults to: 'admin')
  • secret_key (Any) (defaults to: 'not_really_a_secret_key')
  • password_mapping (Any) (defaults to: undef)
  • auth_type (Any) (defaults to: undef)
  • auth_settings (Any) (defaults to: undef)
  • statsd (Any) (defaults to: undef)
  • deployment_user (Any) (defaults to: 'analytics_deploy')
  • gunicorn_app (Any) (defaults to: 'superset:app')
  • enable_cas (Any) (defaults to: false)


67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
# File 'modules/superset/manifests/init.pp', line 67

class superset(
    $port              = 9080,
    $database_uri      = 'sqlite:////var/lib/superset/superset.db',
    $workers           = 1,
    $worker_class      = 'sync',
    $admin_user        = 'admin',
    $admin_password    = 'admin',
    $secret_key        = 'not_really_a_secret_key',
    $password_mapping  = undef,
    $auth_type         = undef,
    $auth_settings     = undef,
    $statsd            = undef,
    $deployment_user   = 'analytics_deploy',
    $gunicorn_app      = 'superset:app',
    $enable_cas        = false,
) {
    require_package(
        'virtualenv',
        'firejail',
    )
    if $worker_class == 'gevent' {
        require_package('python-gevent')
    }

    $deployment_dir = '/srv/deployment/analytics/superset/deploy'
    $virtualenv_dir = '/srv/deployment/analytics/superset/venv'


    scap::target { 'analytics/superset/deploy':
        deploy_user  => $deployment_user,
        service_name => 'superset',
    }

    group { 'superset':
        ensure => present,
        system => true,
    }

    user { 'superset':
        gid        => 'superset',
        shell      => '/bin/bash',
        system     => true,
        managehome => true,
        home       => '/var/lib/superset',
        require    => Group['superset'],
    }

    file { '/etc/firejail/superset.profile':
        ensure => 'present',
        owner  => 'root',
        group  => 'root',
        mode   => '0444',
        source => 'puppet:///modules/superset/superset.profile.firejail',
    }

    file { '/etc/superset':
        ensure => 'directory',
        owner  => 'root',
        group  => 'root',
        mode   => '0755',
    }

    if $enable_cas {
        $remote_user = 'HTTP_X_CAS_UID'
    } else {
        $remote_user = 'HTTP_X_REMOTE_USER'
    }

    file { '/etc/superset/gunicorn_config.py':
        ensure  => 'present',
        owner   => 'root',
        group   => 'superset',
        mode    => '0444',
        content => template('superset/gunicorn_config.py.erb'),
    }

    file { '/etc/superset/superset_config.py':
        ensure  => 'present',
        owner   => 'root',
        group   => 'superset',
        mode    => '0440',
        content => template('superset/superset_config.py.erb'),
    }

    # This will create tables in the superset database and add the web GUI admin user.
    exec { 'init_superset':
        command     => "${deployment_dir}/init_superset.sh ${admin_user} ${admin_password}",
        # Don't run init_superset.sh if superset database exists.
        unless      => "${virtualenv_dir}/bin/python ${deployment_dir}/superset_database_exists.py ${database_uri}",
        user        => 'superset',
        # Set PYTHONPATH to read superset_config.py
        environment => ['PYTHONPATH=/etc/superset', 'SUPERSET_HOME=/var/lib/superset'],
        require     => [
            Scap::Target['analytics/superset/deploy'],
            File['/etc/superset/superset_config.py'],
        ],
    }

    systemd::syslog { 'superset':
        readable_by => 'all',
        base_dir    => '/var/log',
        group       => 'root',
    }

    base::service_auto_restart { 'apache2': }

    systemd::service { 'superset':
        ensure  => 'present',
        content => systemd_template('superset'),
        restart => true,
        require => [
            File['/etc/firejail/superset.profile'],
            File['/etc/superset/gunicorn_config.py'],
            Exec['init_superset'],
            Systemd::Syslog['superset'],
        ],
    }
}