-
-
Notifications
You must be signed in to change notification settings - Fork 27
Expand file tree
/
Copy pathinit.pp
More file actions
387 lines (385 loc) · 16.6 KB
/
init.pp
File metadata and controls
387 lines (385 loc) · 16.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
# @summary Base class for st2 module. Used as top-level to set parameters via Hiera, this class does not need to be called directly.
#
# @param version
# Version of StackStorm package to install (default = 'present')
# See the package 'ensure' property:
# https://puppet.com/docs/puppet/5.5/types/package.html#package-attribute-ensure
#
# @param [String] python_version
# Version of Python to install. Default is 'system' meaning the system version
# of Python will be used.
# To install Python 3.8 on RHEL/CentOS 7 specify '3.8'.
# To install Python 3.8 on Ubuntu 16.05 specify 'python3.8'.
#
# @param [St2::Repository] repository
# Release repository to enable. 'stable', 'unstable'
# (default = 'stable')
# @param conf_dir
# The directory where st2 configs are stored
# @param conf_file
# The path where st2 config is stored
# @param use_ssl
# Enable/Disable SSL for all st2 APIs
# @param ssl_cert_manage
# Boolean to determine if this module should manage the SSL certificate used by nginx.
# @param ssl_dir
# Directory where st2web will look for its SSL info.
# (default: /etc/ssl/st2)
# @param ssl_cert
# Path to the file where the StackStorm SSL cert will
# be generated. (default: /etc/ssl/st2/st2.crt)
# @param ssl_key
# Path to the file where the StackStorm SSL key will
# be generated. (default: /etc/ssl/st2/st2.key)
# @param auth
# Toggle to enable/disable auth (Default: true)
# @param auth_api_url
# URL where StackStorm auth service will communicate
# with the StackStorm API service
# @param auth_debug
# Toggle to enable/disable auth debugging (Default: false)
# @param auth_mode
# Auth mode, either 'standalone' or 'backend (default: 'standalone')
# @param auth_backend
# Determines which auth backend to configure. (default: flat_file)
# Available backends:
# - flat_file
# - keystone
# - ldap
# - mongodb
# - pam
# @param auth_backend_config
# Hash of parameters to pass to the auth backend
# class when it's instantiated. This will be different
# for every backend. Please see the corresponding
# backend class to determine what the config options
# should be.
# @param cli_base_url
# CLI config - Base URL lives
# @param cli_api_version
# CLI config - API Version
# @param cli_debug
# CLI config - Enable/Disable Debug
# @param cli_cache_token
# CLI config - True to cache auth token until expries
# @param cli_username
# CLI config - Auth Username
# @param cli_password
# CLI config - Auth Password
# @param cli_apikey
# CLI config - StackStorm API Key to use for pack and k/v installation, instead of user/pass
# @param cli_api_url
# CLI config - API URL
# @param cli_auth_url
# CLI config - Auth URL
# @param actionrunner_workers
# Set the number of actionrunner processes to start
# @param packs
# Hash of st2 packages to be installed
# @param packs_group
# Name of the group that will own the /opt/stackstorm/packs directory (default: st2packs)
# @param index_url
# Url to the StackStorm Exchange index file. (default undef)
# @param syslog
# Routes all log messages to syslog
# @param syslog_host
# Syslog host. Default: localhost
# @param syslog_protocol
# Syslog protocol. Default: udp
# @param syslog_port
# Syslog port. Default: 514
# @param syslog_facility
# Syslog facility. Default: local7
# @param ssh_key_location
# Location on filesystem of Admin SSH key for remote runner
# @param db_host
# Hostname to talk to st2 db
# @param db_port
# Port for db server for st2 to talk to
# @param db_bind_ips
# Array of bind IP addresses for MongoDB to listen on
# @param db_name
# Name of db to connect to (default: 'st2')
# @param db_username
# Username to connect to db with (default: 'stackstorm')
# @param db_password
# Password for 'admin' and 'stackstorm' users in MongDB.
# If 'undef' then use $cli_password
# @param mongodb_version
# Version of MongoDB to install. If not provided it
# will be auto-calcuated based on $version
# (default: undef)
# @param mongodb_manage_repo
# Set this to false when you have your own repositories
# for MongoDB (default: true)
# @param mongodb_auth
# Boolean determining if auth should be enabled for
# MongoDB. Note: On new versions of Puppet (4.0+)
# you'll need to disable this setting.
# (default: true)
# @param nginx_manage_repo
# Set this to false when you have your own repositories for nginx
# (default: true)
# @param nginx_ssl_ciphers
# String or list of strings of acceptable SSL ciphers to configure nginx with.
# @see http://nginx.org/en/docs/http/ngx_http_ssl_module.html
# Note: the defaults are setup to restrict to TLSv1.2 and TLSv1.3 secure ciphers only
# (secure by default). The secure ciphers for each protocol were obtained via:
# @see https://wiki.mozilla.org/Security/Server_Side_TLS
# @param nginx_ssl_protocols
# String or list of strings of acceptable SSL protocols to configure nginx with.
# @see http://nginx.org/en/docs/http/ngx_http_ssl_module.html
# Note: the defaults are setup to restrict to TLSv1.2 and TLSv1.3 only (secure by default)
# @param nginx_ssl_port
# What port should nginx listen on publicly for new connections (default: 443)
# @param nginx_client_max_body_size
# The maximum size of the body for a request allow through nginx.
# We default this to '0' to allow for large messages/payloads/inputs/results
# to be passed through nginx as is normal in the StackStorm context.
# @see http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size
# @param web_root
# Directory where the StackStorm WebUI site lives on the filesystem
# @param timersengine_enabled
# Set to true if the st2timersengine service should be enabled
# on this node (default: true)
# @param timersengine_timezone
# The local timezone for this node. (default: 'America/Los_Angeles')
# @param scheduler_sleep_interval
# How long (in seconds) to sleep between each action
# scheduler main loop run interval. (default = 0.1)
# @param scheduler_gc_interval
# How often (in seconds) to look for zombie execution requests
# before rescheduling them. (default = 10)
# @param scheduler_pool_size
# The size of the pool used by the scheduler for scheduling
# executions. (default = 10)
# @param chatops_adapter
# Adapter package(s) to be installed with npm. List of hashes.
# @param chatops_adapter_conf
# Configuration parameters for Hubot adapter (hash)
# @param chatops_hubot_log_level
# Logging level for hubot (string)
# @param chatops_hubot_express_port
# Port that hubot operates on (integer or string)
# @param chatops_tls_cert_reject_unauthorized
# Should hubot validate SSL certs
# Set to 1 when using self signed certs
# @param chatops_hubot_name
# Name of the bot in chat. Should be
# properly quoted if it has special characters,
# example: '"MyBot!"'
# @param chatops_hubot_alias
# Character to trigger the bot at the
# beginning of a message. Must be properly
# quoted of it's a special character,
# example: "'!'"
# @param chatops_api_key
# API key generated by `st2 apikey create`
# that hubot will use to post data back
# to StackStorm.
# (default: undef)
# @param chatops_st2_hostname
# Hostname of the StackStorm instance
# that chatops will connect to for
# API and Auth. If unspecified it will
# use the default in /opt/stackstorm/chatops/st2chatops.env
# (default: undef)
# @param chatops_api_url
# ChatOps config - API URL
# @param chatops_auth_url
# ChatOps config - Auth URL
# @param chatops_web_url
# Public URL of StackStorm instance.
# used by chatops to offer links to
# execution details in a chat.
# If unspecified it will use the
# default in /opt/stackstorm/chatops/st2chatops.env
# (default: undef)
# @param nodejs_version
# Version of NodeJS to install. If not provided it
# will be auto-calcuated based on $version
# (default: undef)
# @param nodejs_manage_repo
# Set this to false when you have your own repositories
# for NodeJS (default: true)
# @param redis_bind_ip
# Bind IP of the Redis server. Default is 127.0.0.1
# @param workflowengine_num
# The number of workflowengines to have in an active active state (default: 1)
# @param scheduler_num
# The number of schedulers to have in an active active state (default: 1)
# @param rulesengine_num
# The number of rulesengines to have in an active active state (default: 1)
# @param notifier_num
# The number of notifiers to have in an active active state (default: 1)
# @param erlang_url
# The url for the erlang repositiory to be used for rabbitmq
# @param erlang_key
# The gpg key for the erlang repositiory to be used for rabbitmq
# @param validate_output_schema
# Enable/disable output schema validation in StackStorm
#
#
# @example Basic Usage
# include st2
#
# @example Variables can be set in Hiera and take advantage of automatic data bindings:
# st2::version: 2.10.1
#
# @example Customizing parameters
# # best practice is to change default username/password
# class { 'st2::params':
# admin_username => 'st2admin',
# admin_password => 'SuperSecret!',
# }
#
# class { 'st2':
# version => '2.10.1',
# }
#
# @example Different passwords for each database (MongoDB, RabbitMQ)
# class { 'st2':
# # StackStorm user
# cli_username => 'st2admin',
# cli_password => 'SuperSecret!',
# # MongoDB user for StackStorm
# db_username => 'admin',
# db_password => 'KLKfp9#!2',
# # RabbitMQ user for StackStorm
# rabbitmq_username => 'st2',
# rabbitmq_password => '@!fsdf0#45',
# }
#
# @example Install with python 3.8 (if not default on your system)
# $st2_python_version = $facts['os']['family'] ? {
# 'RedHat' => '3.8',
# 'Debian' => 'python3.8',
# }
# class { 'st2':
# python_version => $st2_python_version,
# }
class st2(
$version = 'present',
String $python_version = 'system',
St2::Repository $repository = $st2::params::repository,
$manage_epel_repo = $st2::params::manage_epel_repo,
$python_use_epel_repo = $st2::params::python_use_epel_repo,
$redis_manage_repo = $st2::params::redis_manage_repo,
$conf_dir = $st2::params::conf_dir,
$conf_file = "${st2::params::conf_dir}/st2.conf",
$use_ssl = $st2::params::use_ssl,
$ssl_cert_manage = true,
$ssl_dir = $st2::params::ssl_dir,
$ssl_cert = $st2::params::ssl_cert,
$ssl_key = $st2::params::ssl_key,
$auth = true,
$auth_api_url = "http://${st2::params::hostname}:${st2::params::api_port}",
$auth_debug = false,
$auth_mode = $st2::params::auth_mode,
$auth_backend = $st2::params::auth_backend,
$auth_backend_config = $st2::params::auth_backend_config,
$cli_base_url = "http://${st2::params::hostname}",
$cli_api_version = 'v1',
$cli_debug = false,
$cli_cache_token = true,
$cli_silence_ssl_warnings = false,
$cli_username = $st2::params::admin_username,
$cli_password = $st2::params::admin_password,
$cli_apikey = undef,
$cli_api_url = "http://${st2::params::hostname}:${st2::params::api_port}",
$cli_auth_url = "http://${st2::params::hostname}:${st2::params::auth_port}",
$actionrunner_workers = $st2::params::actionrunner_workers,
$packs = {},
$packs_group = $st2::params::packs_group_name,
$index_url = undef,
$syslog = false,
$syslog_host = 'localhost',
$syslog_protocol = 'udp',
$syslog_port = 514,
$syslog_facility = 'local7',
$ssh_key_location = '/home/stanley/.ssh/st2_stanley_key',
$db_host = $st2::params::hostname,
$db_port = $st2::params::mongodb_port,
$db_bind_ips = $st2::params::mongodb_bind_ips,
$db_name = $st2::params::mongodb_st2_db,
$db_username = $st2::params::mongodb_st2_username,
$db_password = $st2::params::admin_password,
$mongodb_version = undef,
$mongodb_manage_repo = true,
$mongodb_auth = true,
$ng_init = true,
$datastore_keys_dir = $st2::params::datstore_keys_dir,
$datastore_key_path = "${st2::params::datstore_keys_dir}/datastore_key.json",
$manage_datastore_key = $st2::params::manage_datastore_key,
$datastore_hmac_size = $st2::params::datastore_hmac_size,
$datastore_hmac_key = $st2::params::datastore_hmac_key,
$datastore_aes_key = $st2::params::datastore_aes_key,
$datastore_aes_mode = $st2::params::datastore_aes_mode,
$datastore_aes_size = $st2::params::datastore_aes_size,
$nginx_basicstatus_enabled = $st2::params::basicstatus_enabled,
$nginx_basicstatus_port = $st2::params::basicstatus_port,
$nginx_manage_repo = true,
$nginx_client_max_body_size = $st2::params::nginx_client_max_body_size,
$nginx_ssl_ciphers = $st2::params::nginx_ssl_ciphers,
$nginx_ssl_port = $st2::params::nginx_ssl_port,
$nginx_ssl_protocols = $st2::params::nginx_ssl_protocols,
$web_root = $st2::params::web_root,
$rabbitmq_username = $st2::params::rabbitmq_username,
$rabbitmq_password = $st2::params::rabbitmq_password,
$rabbitmq_hostname = $st2::params::rabbitmq_hostname,
$rabbitmq_port = $st2::params::rabbitmq_port,
$rabbitmq_bind_ip = $st2::params::rabbitmq_bind_ip,
$rabbitmq_vhost = $st2::params::rabbitmq_vhost,
$erlang_url = $st2::params::erlang_url,
$erlang_key = $st2::params::erlang_key,
$erlang_key_id = $st2::params::erlang_key_id,
$erlang_key_source = $st2::params::erlang_key_source,
$erlang_packages = $st2::params::erlang_packages,
$erlang_rhel_sslcacert_location = $st2::params::erlang_rhel_sslcacert_location,
$erlang_rhel_sslverify = $st2::params::erlang_rhel_sslverify,
$erlang_rhel_gpgcheck = $st2::params::erlang_rhel_gpgcheck,
$erlang_rhel_repo_gpgcheck = $st2::params::erlang_rhel_repo_gpgcheck,
$redis_bind_ip = $st2::params::redis_bind_ip,
$redis_hostname = $st2::params::redis_hostname,
$redis_port = $st2::params::redis_port,
$redis_password = $st2::params::redis_password,
$timersengine_enabled = $st2::params::timersengine_enabled,
$timersengine_timezone = $st2::params::timersengine_timezone,
$scheduler_sleep_interval = $st2::params::scheduler_sleep_interval,
$scheduler_gc_interval = $st2::params::scheduler_gc_interval,
$scheduler_pool_size = $st2::params::scheduler_pool_size,
$chatops_adapter = $st2::params::chatops_adapter,
$chatops_adapter_conf = $st2::params::chatops_adapter_conf,
$chatops_hubot_log_level = $st2::params::hubot_log_level,
$chatops_hubot_express_port = $st2::params::hubot_express_port,
$chatops_tls_cert_reject_unauthorized = $st2::params::tls_cert_reject_unauthorized,
$chatops_hubot_name = $st2::params::hubot_name,
$chatops_hubot_alias = $st2::params::hubot_alias,
$chatops_api_key = undef,
$chatops_st2_hostname = $st2::params::hostname,
$chatops_api_url = "https://${st2::params::hostname}/api",
$chatops_auth_url = "https://${st2::params::hostname}/auth",
$chatops_web_url = undef,
$nodejs_version = undef,
$nodejs_manage_repo = true,
$workflowengine_num = $st2::params::workflowengine_num,
$scheduler_num = $st2::params::scheduler_num,
$rulesengine_num = $st2::params::rulesengine_num,
$notifier_num = $st2::params::notifier_num,
$metrics_include = $st2::params::metrics_include,
$metric_driver = $st2::params::metric_driver,
$metric_host = $st2::params::metric_host,
$metric_port = $st2::params::metric_port,
$validate_output_schema = $st2::params::validate_output_schema,
) inherits st2::params {
########################################
## Control commands
exec {'/usr/bin/st2ctl reload --register-all':
tag => 'st2::reload',
refreshonly => true,
}
exec {'/usr/bin/st2ctl reload --register-configs':
tag => 'st2::register-configs',
refreshonly => true,
}
}