Puppet Class: hdm

Defined in:
manifests/init.pp

Summary

HDM installation main class

Overview

This class controls the installation of HDM

Examples:

include hdm

Parameters:

  • method (Enum['docker', 'rvm']) (defaults to: 'docker')

    Select the installation method. Available methods: docker, rvm When using rvm we install rvm into system and add the bundler gem.

  • manage_docker (Boolean) (defaults to: true)

    Set to false if this module should NOT also include the docker class (without any arguments) Please note that the docker module only works on Debian, RedHat and windows systems. SLES users must install and start docker via puppet package and service resource.

  • version (String[1]) (defaults to: 'main')

    Select the version to deploy. Version is the image tag name when using docker and the git tag when using rvm

  • ruby_version (String[1]) (defaults to: '3.1.2')

    Select the ruby version when installing using rvm Please check [hdm ruby version requirement](github.com/betadots/hdm/blob/main/.ruby-version)

  • port (Stdlib::Port) (defaults to: 3000)

    The port where HDM should run on

  • bind_ip (Stdlib::IP::Address::Nosubnet) (defaults to: '0.0.0.0')

    The ip address to bind the process to

  • hostname (String[1]) (defaults to: $facts['networking']['fqdn'])

    The HDM webservice hostname

  • timezone (String[1]) (defaults to: $facts['timezone'])

    THe timezone to use when running with docker

  • hdm_path (Stdlib::Unixpath) (defaults to: '/etc/hdm')

    Path where one wants to install and configure hdm

  • secret_key_base (String[1]) (defaults to: '7a8509ab31fdb0c15c71c941d089474a')

    A secret key. Key can be generated using ‘openssl rand -hex 16`

  • git_url (String[1]) (defaults to: 'https://github.com/betadots/hdm.git')

    The git URL to clone the hdm repo from

  • user (String[1]) (defaults to: 'hdm')

    The hdm user name

  • group (String[1]) (defaults to: 'hdm')

    The hdm group name

  • puppetdb_settings (Hdm::Puppetdb) (defaults to: { 'server' => 'http://localhost:8080', })

    A hash to provide information on how HDM can connect to puppetdb The following options are possible: Plain text (default) “‘

    {
      'server'           => 'http://localhost:8080',
    }
    

    “‘ Using PE token: “`

    {
      'server'           => 'https://localhost:8081',
      'token'            => '/etc/hdm/puppetdb.token',
      'cacert'           => '<path to cacert>',
    }
    

    “‘ Using SSL cert: “`

    {
      'server'           => 'https://localhost:8081',
      'pem'              => {
        'key'            => '/etc/hdm/ssl.key',
        'cert'           => '/etc/hdm/ssl.cert',
        'ca_file'        => '/etc/hdm/ssl.ca',
      },
    }
    

    “‘

  • puppet_code_dir (Stdlib::Unixpath) (defaults to: '/etc/puppetlabs/code')

    The path where HDM can find deployed Puppet environments (similar to puppet config code_dir) defaults to ‘/etc/puppetlabs/code’

  • allow_encryption (Boolean) (defaults to: false)

    Specify if HDM should use EYAML Needs HDM access to EYAML keys (public and private) Values for keys are taken from hiera.yaml file and can not be set individually.

  • read_only (Boolean) (defaults to: true)

    Set to false if you want the ability to change data via HDM webfrontend. WARNING!! setting to true is untested!!! Changes are stored via GIT. Setting this to true also needs the git_data Array parameter

  • git_data (Optional[Hdm::Gitdata]) (defaults to: undef)

    Configure several settings related to the option to modify data via Webfrontend. WARNING!! untested!! Required Array of hash data: “‘

    [
      {
        'datadir'        => 'modules/hieradata/data',
        'git_url'        => 'git@server:path/repo.git',
        'path_in_repo'   => 'data',
        'ssh_priv_key'   => '.ssh/id_rsa',
      }
    ]
    

    “‘

  • ldap_settings (Optional[Hdm::Ldap_settings]) (defaults to: undef)

    Config for LDAP integration Needs the following Hash: “‘

    {
      'host'             => 'localhost',
      'port'             => 389,
      'base_dn'          => 'ou=hdm,dc=nodomain',
      'bind_dn'          => 'cn=admin,dc=nodomain',
      'bind_dn_password' => 'openldap', # clear text
      'ldaps'            =>  false,
    }
    

    “‘

  • ldap_bind_dn_password (Optional[Sensitive[String[1]]]) (defaults to: undef)

    set sensitive password for ldap bind

  • hdm_hiera_config_file (String[1]) (defaults to: 'hiera.yaml')

    Set to another file if you want HDM to not use hiera.yaml.



120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
# File 'manifests/init.pp', line 120

class hdm (
  # installation parameter
  Enum['docker', 'rvm']         $method                = 'docker',
  Boolean                       $manage_docker         = true,
  String[1]                     $version               = 'main',
  String[1]                     $ruby_version          = '3.1.2',
  # required application parameter
  Stdlib::Port                  $port                  = 3000,
  Stdlib::IP::Address::Nosubnet $bind_ip               = '0.0.0.0',
  String[1]                     $hostname              = $facts['networking']['fqdn'],
  String[1]                     $timezone              = $facts['timezone'],
  Stdlib::Unixpath              $hdm_path              = '/etc/hdm',
  String[1]                     $secret_key_base       = '7a8509ab31fdb0c15c71c941d089474a',
  String[1]                     $user                  = 'hdm',
  String[1]                     $group                 = 'hdm',
  String[1]                     $git_url               = 'https://github.com/betadots/hdm.git',
  Hdm::Puppetdb                 $puppetdb_settings     = { 'server' => 'http://localhost:8080', },
  Stdlib::Unixpath              $puppet_code_dir       = '/etc/puppetlabs/code',
  String[1]                     $hdm_hiera_config_file = 'hiera.yaml',
  # additional application parameter
  Boolean                        $allow_encryption      = false,
  Boolean                        $read_only             = true,
  Optional[Hdm::Gitdata]         $git_data              = undef,
  Optional[Hdm::Ldap_settings]   $ldap_settings         = undef,
  Optional[Sensitive[String[1]]] $ldap_bind_dn_password = undef,
) {
  if $ldap_settings {
    if $ldap_bind_dn_password {
      $final_ldap_settings = $ldap_settings + { bind_dn_password => $ldap_bind_dn_password }
    } else {
      $final_ldap_settings = $ldap_settings
    }
  } else {
    $final_ldap_settings = {}
  }

  case $method {
    'docker': {
      $run_mode = 'production'
      include hdm::docker
    }
    'rvm': {
      $run_mode = 'development'
      include hdm::rvm
    }
    default: {
      fail('Unknown HDM installation method.')
    }
  }
}