Project

General

Profile

Download (22.7 KB) Statistics
| Branch: | Tag: | Revision:

puppet-pulp/manifests/init.pp @ b4c90011

# == Class: pulp
#
# Install and configure pulp
#
# === Parameters:
#
# $version:: pulp package version, it's passed to ensure parameter of package resource
# can be set to specific version number, 'latest', 'present' etc.
#
# $crane_debug:: Enable crane debug logging
# type:boolean
#
# $crane_port:: Port for Crane to run on
# type:integer
#
# $crane_data_dir:: Directory containing docker v1/v2 artifacts published by pulp
#
# $oauth_key:: string; key to enable OAuth style authentication
#
# $oauth_secret:: string; shared secret that can be used for OAuth style
# authentication
#
# $oauth_enabled:: boolean; controls whether OAuth authentication is enabled
#
# $messaging_url:: the url used to contact the broker: <protocol>://<host>:<port>/<virtual-host>
# Supported <protocol> values are 'tcp' or 'ssl' depending on if SSL should be used or not.
# The <virtual-host> is optional, and is only applicable to RabbitMQ broker environments.
#
# $messaging_transport:: The type of broker you are connecting to. The default is 'qpid'.
# For RabbitMQ, 'rabbitmq' should be used.
#
# $messaging_ca_cert:: Absolute path to PEM encoded CA certificate file, used by Pulp to validate the identity
# of the broker using SSL.
#
# $messaging_client_cert:: Absolute path to PEM encoded file containing both the private key and
# certificate Pulp should present to the broker to be authenticated by the broker.
#
# $messaging_version:: Determines the version of packages related to the 'messaging transport protocol'.
#
#
# $broker_url:: A URL to a broker that Celery can use to queue tasks:
# qpid://<username>:<password>@<hostname>:<port>/
#
# $broker_use_ssl:: Require SSL if set to 'true', otherwise do not require SSL.
#
# $tasks_login_method:: Select the SASL login method used to connect to the broker. This should be left
# unset except in special cases such as SSL client certificate authentication.
#
# $ca_cert:: full path to the CA certificate that will be used to sign consumer
# and admin identification certificates; this must match the value of
# SSLCACertificateFile in /etc/httpd/conf.d/pulp.conf
#
# $ca_key:: path to the private key for the above CA certificate
#
# $db_name:: name of the database to use
#
# $db_seeds:: comma-separated list of hostname:port of database replica seed hosts
#
# $db_username:: The user name to use for authenticating to the MongoDB server
#
# $db_password:: The password to use for authenticating to the MongoDB server
#
# $db_replica_set:: and set this value to the name of replica set configured in MongoDB,
# if one is in use
#
# $db_ssl:: If True, create the connection to the server using SSL.
#
# $db_ssl_keyfile:: A path to the private keyfile used to identify the local connection against
# mongod. If included with the certfile then only the ssl_certfile is needed.
#
# $db_ssl_certfile:: The certificate file used to identify the local connection against mongod.
#
# $db_verify_ssl:: Specifies whether a certificate is required from the other side of the
# connection, and whether it will be validated if provided. If it is true, then
# the ca_certs parameter must point to a file of CA certificates used to
# validate the connection.
#
# $db_ca_path:: The ca_certs file contains a set of concatenated "certification authority"
# certificates, which are used to validate certificates passed from the other end
# of the connection.
#
# $db_unsafe_autoretry:: If true, retry commands to the database if there is a connection error.
# Warning: if set to true, this setting can result in duplicate records.
#
# $db_write_concern:: Write concern of 'majority' or 'all'. When 'all' is specified, 'w' is set to
# number of seeds specified. For version of MongoDB < 2.6, replica_set must also
# be specified. Please note that 'all' will cause Pulp to halt if any of the
# replica set members is not available. 'majority' is used by defau
#
# $server_name:: hostname the admin client and consumers should use when accessing
# the server; if not specified, this is defaulted to the server's hostname
#
# $key_url:: URL to use for GPG keys
#
# $ks_url:: URL to use for kickstart trees
#
# $debugging_mode:: boolean; toggles Pulp's debugging capabilities
#
# $log_level:: The desired logging level. Options are: CRITICAL, ERROR, WARNING, INFO, DEBUG,
# and NOTSET. Pulp will default to INFO.
#
# $server_working_directory:: Path to where pulp workers can create working directories needed to complete tasks
#
# $rsa_key:: The RSA private key used for authentication.
#
# $rsa_pub:: The RSA public key used for authentication.
#
# $https_cert:: apache public certificate for ssl
#
# $https_key:: apache private certificate for ssl
#
# $https_chain:: apache chain file for ssl
#
# $ssl_username:: Value to use for SSLUsername directive in apache vhost. Defaults to
# SSL_CLIENT_S_DN_CN. Set false to unset directive.
#
# $consumers_crl:: Certificate revocation list for consumers which
# are no valid (have had their client certs
# revoked)
#
# $user_cert_expiration:: number of days a user certificate is valid
#
# $default_login:: default admin username of the Pulp server; this user will be
# the first time the server is started
#
# $default_password:: default password for admin when it is first created; this
# should be changed once the server is operational
#
# $repo_auth:: Boolean to determine whether repos managed by
# pulp will require authentication. Defaults
# to true
# type:boolean
#
# $consumer_cert_expiration:: number of days a consumer certificate is valid
#
# $disabled_authenticators:: List of repo authenticators to disable.
# type:array
#
# $additional_wsgi_scripts:: Hash of additional paths and WSGI script locations for Pulp vhost
# type:hash
#
# $reset_cache:: Boolean to flush the cache. Defaults to false
# type:boolean
#
# $ssl_verify_client:: Enforce use of SSL authentication for yum repos access
#
# $ssl_protocol:: List which versions of the SSL/TLS protocol will be accepted in new connections
#
# $serial_number_path:: Path to the serial number file
#
# $consumer_history_lifetime:: number of days to store consumer events; events older
# than this will be purged; set to -1 to disable
#
# $messaging_url:: the url used to contact the broker: <protocol>://<host>:<port>/<virtual-host>
# Supported <protocol> values are 'tcp' or 'ssl' depending on if SSL should be used or not.
# The <virtual-host> is optional, and is only applicable to RabbitMQ broker environments.
#
# $messaging_auth_enabled:: Message authentication enabled flag. The default is 'true' which enables authentication.
# To disable authentication, use 'false'.
#
# $messaging_topic_exchange:: The name of the exchange to use. The exchange must be a topic exchange. The
# default is 'amq.topic', which is a default exchange that is guaranteed to exist on a Qpid broker.
#
# $messaging_event_notifications_enabled:: Enables or disables Pulp event notfications on the message bus. Defaults to 'false'.
#
# $messaging_event_notification_url:: The AMQP URL for event notifications. Defaults to 'qpid://localhost:5672/'.
#
# $email_host:: host name of the MTA pulp should relay through
#
# $email_port:: destination port to connect on
#
# $email_from:: the "From" address of each email the system sends
#
# $email_enabled:: boolean controls whether or not emails will be sent
# type:boolean
#
# $manage_squid:: boolean controls whether squid configuration is managed or manual
#
# $lazy_redirect_host:: The host FQDN or IP to which requests are redirected.
#
# $lazy_redirect_port:: The TCP port to which requests are redirected
#
# $lazy_redirect_path:: The base path to which requests are redirected
#
# $lazy_https_retrieval:: boolean; controls whether Pulp uses HTTPS or HTTP to
# retrieve content from the streamer.
# WARNING: Setting this to 'false' is not safe if you wish
# to use Pulp to provide repository entitlement
# enforcement. It is strongly recommended to keep
# this set to 'true' and use certificates that are
# signed by a trusted authority on the web server
# that serves as the streamer reverse proxy.
#
# $lazy_download_interval:: The interval in minutes between checks for content cached
# by the Squid proxy.
#
# $lazy_download_concurrency:: The number of downloads to perform concurrently when
# downloading content from the Squid cache.
#
# $proxy_url:: URL of the proxy server
#
# $proxy_port:: Port the proxy is running on
# type:integer
#
# $proxy_username:: Proxy username for authentication
#
# $proxy_password:: Proxy password for authentication
#
# $yum_max_speed:: The maximum download speed for a Pulp task, such as a sync. (e.g. "4 Kb" or 1Gb")
# type:string
#
# $num_workers:: Number of Pulp workers to use
# defaults to number of processors and maxs at 8
# type:integer
#
# $enable_katello:: Boolean to enable pulp katello plugin. Defaults
# to false
# type:boolean
#
# $enable_crane:: Boolean to enable crane docker repository
# type:boolean
#
# $max_tasks_per_child:: Number of tasks after which the worker is restarted
# and the memory it allocated is returned to the system
# type:integer
#
# $enable_rpm:: Boolean to enable rpm plugin. Defaults
# to true
# type:boolean
#
# $enable_docker:: Boolean to enable docker plugin. Defaults
# to false
# type:boolean
#
# $enable_puppet:: Boolean to enable puppet plugin. Defaults
# to false
# type:boolean
#
# $enable_python:: Boolean to enable python plugin. Defaults
# to false
# type:boolean
#
# $enable_ostree:: Boolean to enable ostree plugin. Defaults
# to false
# type:boolean
#
# $enable_parent_node:: Boolean to enable pulp parent nodes. Defaults
# to false
# type:boolean
#
# $enable_http:: Boolean to enable http access to rpm repos. Defaults
# to false
# type:boolean
#
#
# $manage_httpd:: Boolean to install and configure the httpd server. Defaults
# to true
# type:boolean
#
# $manage_plugins_httpd:: Boolean whether to install the enabled pulp plugins apache configs
# even if $manage_httpd is false. Defaults to true.
# type:boolean
#
# $manage_broker:: Boolean to install and configure the qpid or rabbitmq broker.
# Defaults to true
# type:boolean
#
# $manage_db:: Boolean to install and configure the mongodb. Defaults
# to true
# type:boolean
#
# $node_certificate:: The absolute path to the node SSL certificate
#
# $node_verify_ssl:: Verify node SSL
# type:boolean
#
# $node_server_ca_cert:: Server cert for pulp node
#
# $node_oauth_effective_user:: Effective user for node OAuth
#
# $node_oauth_key:: The oauth key used to authenticate to the parent node
#
# $node_oauth_secret:: The oauth secret used to authenticate to the parent node
#
# $max_keep_alive:: Configuration value for apache MaxKeepAliveRequests
# type:integer
#
# $puppet_wsgi_processes:: Number of WSGI processes to spawn for the puppet webapp
#
# $migrate_db_timeout:: Change the timeout for pulp-manage-db
# type:integer
#
# $show_conf_diff:: Allow showing diff for changes in server.conf and importer.json;
# Warning: may display and log passwords contained in these files.
# Defaults to false
# type:boolean
#
# $enable_profiling:: Turns on cProfiling of tasks in Pulp
# type:boolean
#
# $profiling_directory:: Directory to store task profiling data in
#
class pulp (
$version = $pulp::params::version,
$crane_debug = $pulp::params::crane_debug,
$crane_port = $pulp::params::crane_port,
$crane_data_dir = $pulp::params::crane_data_dir,
$db_name = $pulp::params::db_name,
$db_seeds = $pulp::params::db_seeds,
$db_username = $pulp::params::db_username,
$db_password = $pulp::params::db_password,
$db_replica_set = $pulp::params::db_replica_set,
$db_ssl = $pulp::params::db_ssl,
$db_ssl_keyfile = $pulp::params::db_ssl_keyfile,
$db_ssl_certfile = $pulp::params::db_ssl_certfile,
$db_verify_ssl = $pulp::params::db_verify_ssl,
$db_ca_path = $pulp::params::db_ca_path,
$db_unsafe_autoretry = $pulp::params::db_unsafe_autoretry,
$db_write_concern = $pulp::params::db_write_concern,
$server_name = $pulp::params::server_name,
$key_url = $pulp::params::key_url,
$ks_url = $pulp::params::ks_url,
$default_login = $pulp::params::default_login,
$default_password = $pulp::params::default_password,
$debugging_mode = $pulp::params::debugging_mode,
$log_level = $pulp::params::log_level,
$server_working_directory = $pulp::params::server_working_directory,
$rsa_key = $pulp::params::rsa_key,
$rsa_pub = $pulp::params::rsa_pub,
$ca_cert = $pulp::params::ca_cert,
$ca_key = $pulp::params::ca_key,
$https_cert = $pulp::params::https_cert,
$https_key = $pulp::params::https_key,
$https_chain = $pulp::params::https_chain,
$ssl_username = $pulp::params::ssl_username,
$user_cert_expiration = $pulp::params::user_cert_expiration,
$consumer_cert_expiration = $pulp::params::consumer_cert_expiration,
$serial_number_path = $pulp::params::serial_number_path,
$consumer_history_lifetime = $pulp::params::consumer_history_lifetime,
$oauth_enabled = $pulp::params::oauth_enabled,
$oauth_key = $pulp::params::oauth_key,
$oauth_secret = $pulp::params::oauth_secret,
$max_keep_alive = $pulp::params::max_keep_alive,
$messaging_url = $pulp::params::messaging_url,
$messaging_transport = $pulp::params::messaging_transport,
$messaging_auth_enabled = $pulp::params::messaging_auth_enabled,
$messaging_ca_cert = $pulp::params::messaging_ca_cert,
$messaging_client_cert = $pulp::params::messaging_client_cert,
$messaging_topic_exchange = $pulp::params::messaging_topic_exchange,
$messaging_event_notifications_enabled = $pulp::params::messaging_event_notifications_enabled,
$messaging_event_notification_url = $pulp::params::messaging_event_notification_url,
$messaging_version = $pulp::params::messaging_version,
$broker_url = $pulp::params::broker_url,
$broker_use_ssl = $pulp::params::broker_use_ssl,
$tasks_login_method = $pulp::params::tasks_login_method,
$email_host = $pulp::params::email_host,
$email_port = $pulp::params::email_port,
$email_from = $pulp::params::email_from,
$email_enabled = $pulp::params::email_enabled,
$manage_squid = $pulp::params::manage_squid,
$lazy_redirect_host = $pulp::params::lazy_redirect_host,
$lazy_redirect_port = $pulp::params::lazy_redirect_port,
$lazy_redirect_path = $pulp::params::lazy_redirect_path,
$lazy_https_retrieval = $pulp::params::lazy_https_retrieval,
$lazy_download_interval = $pulp::params::lazy_download_interval,
$lazy_download_concurrency = $pulp::params::lazy_download_concurrency,
$consumers_crl = $pulp::params::consumers_crl,
$reset_cache = $pulp::params::reset_cache,
$ssl_verify_client = $pulp::params::ssl_verify_client,
$ssl_protocol = $pulp::params::ssl_protocol,
$repo_auth = $pulp::params::repo_auth,
$proxy_url = $pulp::params::proxy_url,
$proxy_port = $pulp::params::proxy_port,
$proxy_username = $pulp::params::proxy_username,
$proxy_password = $pulp::params::proxy_password,
$yum_max_speed = $pulp::params::yum_max_speed,
$num_workers = $pulp::params::num_workers,
$enable_katello = $pulp::params::enable_katello,
$enable_crane = $pulp::params::enable_crane,
$max_tasks_per_child = $pulp::params::max_tasks_per_child,
$enable_docker = $pulp::params::enable_docker,
$enable_rpm = $pulp::params::enable_rpm,
$enable_puppet = $pulp::params::enable_puppet,
$enable_python = $pulp::params::enable_python,
$enable_ostree = $pulp::params::enable_ostree,
$enable_parent_node = $pulp::params::enable_parent_node,
$enable_http = $pulp::params::enable_http,
$manage_broker = $pulp::params::manage_broker,
$manage_db = $pulp::params::manage_db,
$manage_httpd = $pulp::params::manage_httpd,
$manage_plugins_httpd = $pulp::params::manage_plugins_httpd,
$node_certificate = $pulp::params::node_certificate,
$node_verify_ssl = $pulp::params::node_verify_ssl,
$node_server_ca_cert = $pulp::params::node_server_ca_cert,
$node_oauth_effective_user = $pulp::params::node_oauth_effective_user,
$node_oauth_key = $pulp::params::node_oauth_key,
$node_oauth_secret = $pulp::params::node_oauth_secret,
$disabled_authenticators = $pulp::params::disabled_authenticators,
$additional_wsgi_scripts = $pulp::params::additional_wsgi_scripts,
$puppet_wsgi_processes = $pulp::params::puppet_wsgi_processes,
$migrate_db_timeout = $pulp::params::migrate_db_timeout,
$show_conf_diff = $pulp::params::show_conf_diff,
$enable_profiling = $pulp::params::enable_profiling,
$profiling_directory = $pulp::params::profiling_directory,
) inherits pulp::params {
validate_bool($enable_katello)
validate_bool($enable_crane)
validate_bool($enable_docker)
validate_bool($enable_rpm)
validate_bool($enable_puppet)
validate_bool($enable_python)
validate_bool($enable_ostree)
validate_bool($enable_http)
validate_bool($manage_db)
validate_bool($manage_broker)
validate_bool($manage_httpd)
validate_bool($manage_plugins_httpd)
validate_bool($enable_parent_node)
validate_bool($repo_auth)
validate_bool($reset_cache)
validate_bool($db_unsafe_autoretry)
validate_bool($messaging_event_notifications_enabled)
validate_bool($manage_squid)
validate_bool($lazy_https_retrieval)
validate_bool($show_conf_diff)
validate_array($disabled_authenticators)
validate_hash($additional_wsgi_scripts)
validate_integer($max_keep_alive)
validate_bool($enable_profiling)
validate_absolute_path($profiling_directory)

if $max_tasks_per_child {
validate_integer($max_tasks_per_child)
}

if $https_cert {
validate_absolute_path($https_cert)
}
if $https_key {
validate_absolute_path($https_key)
}
if $https_chain {
validate_absolute_path($https_chain)
}
if $ssl_protocol != undef {
validate_string($ssl_protocol)
}

if $yum_max_speed {
validate_string($yum_max_speed)
$real_yum_max_speed = to_bytes($yum_max_speed)
} else {
$real_yum_max_speed = undef
}

include ::mongodb::client
include ::pulp::apache
include ::pulp::database
include ::pulp::broker

if $enable_crane {
class { '::pulp::crane':
cert => $https_cert,
key => $https_key,
ca_cert => $ca_cert,
port => $crane_port,
data_dir => $crane_data_dir,
debug => $crane_debug,
}
}

class { '::pulp::install': } ->
class { '::pulp::config': } ~>
class { '::pulp::service': } ->
Class[pulp] ~>
Service['httpd']
}
(10-10/13)