Puppet Class: hdm

Defined in:
manifests/init.pp

Summary

HDM installation main class

Overview

This class controls the installation of HDM

Examples:

include hdm

Parameters:

  • method (Enum['docker', 'rvm']) (defaults to: 'docker')

    Select the installation method. Available methods: docker, rvm When using rvm we install rvm into system and add the bundler gem.

  • manage_docker (Boolean) (defaults to: true)

    Set to false if this module should NOT also include the docker class (without any arguments) Please note that the docker module only works on Debian, RedHat and windows systems. SLES users must install and start docker via puppet package and service resource.

  • version (String[1]) (defaults to: '3.0.0')

    Select the version to deploy. Version is the image tag name when using docker and the git tag when using rvm Please find the releases on HDM website: github.com/betadots/hdm/releases

  • container_registry_url (String[1]) (defaults to: 'ghcr.io/betadots/hdm')

    Configure another registry. Contains the host, path and container name. The version is set via the version parameter. e.g. ghcr.io/betadots/hdm

  • ruby_version (String[1]) (defaults to: '3.3.1')

    Select the ruby version when installing using rvm Please check [hdm ruby version requirement](github.com/betadots/hdm/blob/main/.ruby-version)

  • port (Stdlib::Port) (defaults to: 3000)

    The port where HDM should run on

  • bind_ip (Stdlib::IP::Address::Nosubnet) (defaults to: '0.0.0.0')

    The ip address to bind the process to

  • hostname (String[1]) (defaults to: $facts['networking']['fqdn'])

    The HDM webservice hostname

  • timezone (String[1]) (defaults to: $facts['timezone'])

    THe timezone to use when running with docker

  • hdm_path (Stdlib::Unixpath) (defaults to: '/etc/hdm')

    Path where one wants to install and configure hdm

  • secret_key_base (String[1]) (defaults to: '7a8509ab31fdb0c15c71c941d089474a')

    A secret key. Key can be generated using ‘openssl rand -hex 16`

  • git_url (String[1]) (defaults to: 'https://github.com/betadots/hdm.git')

    The git URL to clone the hdm repo from

  • user (String[1]) (defaults to: 'hdm')

    The hdm user name

  • group (String[1]) (defaults to: 'hdm')

    The hdm group name

  • puppetdb_settings (Hdm::Puppetdb) (defaults to: { 'server' => 'http://localhost:8080', })

    A hash to provide information on how HDM can connect to puppetdb The following options are possible: Plain text (default) “‘

    {
  'server'           => 'http://localhost:8080',
}

    “‘ Using PE token: “`

    {
  'server'           => 'https://localhost:8081',
  'token'            => '/etc/hdm/puppetdb.token',
  'cacert'           => '<path to cacert>',
}

    “‘ Using SSL cert: “`

    {
  'server'           => 'https://localhost:8081',
  'pem'              => {
    'key'            => '/etc/hdm/ssl.key',
    'cert'           => '/etc/hdm/ssl.cert',
    'ca_file'        => '/etc/hdm/ssl.ca',
  },
}

    “‘

  • puppet_dir (Stdlib::Unixpath) (defaults to: '/etc/puppetlabs')

    The path where HDM can find the global hiera.yaml file defaults to ‘/etc/puppetlabs’

  • puppet_code_dir (Stdlib::Unixpath) (defaults to: '/etc/puppetlabs/code')

    The path where HDM can find deployed Puppet environments (similar to puppet config code_dir) defaults to ‘/etc/puppetlabs/code’

  • disable_authentication (Boolean) (defaults to: false)

    Disable user and login This makes HDM available to anyone.

  • allow_encryption (Boolean) (defaults to: false)

    Specify if HDM should use EYAML Needs HDM access to EYAML keys (public and private) Values for keys are taken from hiera.yaml file and can not be set individually.

  • read_only (Boolean) (defaults to: true)

    Set to false if you want the ability to change data via HDM webfrontend. WARNING!! setting to true is untested!!! Changes are stored via GIT. Setting this to true also needs the git_data Array parameter

  • git_data (Optional[Hdm::Gitdata]) (defaults to: undef)

    Configure several settings related to the option to modify data via Webfrontend. WARNING!! untested!! Required Array of hash data: “‘

    [
  {
    'datadir'        => 'modules/hieradata/data',
    'git_url'        => 'git@server:path/repo.git',
    'path_in_repo'   => 'data',
    'ssh_priv_key'   => '.ssh/id_rsa',
  }
]

    “‘

  • ldap_settings (Optional[Hdm::Ldap_settings]) (defaults to: undef)

    Config for LDAP integration Needs the following Hash: “‘

    {
  'host'             => 'localhost',
  'port'             => 389,
  'base_dn'          => 'ou=hdm,dc=nodomain',
  'bind_dn'          => 'cn=admin,dc=nodomain',
  'bind_dn_password' => 'openldap', # clear text
  'ldaps'            =>  false,
}

    “‘

  • ldap_bind_dn_password (Optional[Sensitive[String[1]]]) (defaults to: undef)

    set sensitive password for ldap bind

  • hdm_hiera_config_file (String[1]) (defaults to: 'hiera.yaml')

    Set to another file if you want HDM to not use hiera.yaml.

  • custom_lookup_function (Hash[String[1],Enum['yaml', 'eyaml']]) (defaults to: {})

    If you use your own developed hiera lookup function, HDM needs to know if the function returns yaml or eyaml data. Example: “‘

    {
  'functon_name' => '<yaml|eyaml>'
}



141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
 
# File 'manifests/init.pp', line 141

class hdm (
  # installation parameter
  String[1]                     $version               = '3.0.0',
  Enum['docker', 'rvm']         $method                = 'docker',
  String[1]                     $container_registry_url = 'ghcr.io/betadots/hdm',
  Boolean                       $manage_docker         = true,
  String[1]                     $ruby_version          = '3.3.1',
  # required application parameter
  Stdlib::Port                  $port                  = 3000,
  Stdlib::IP::Address::Nosubnet $bind_ip               = '0.0.0.0',
  String[1]                     $hostname              = $facts['networking']['fqdn'],
  String[1]                     $timezone              = $facts['timezone'],
  Stdlib::Unixpath              $hdm_path              = '/etc/hdm',
  String[1]                     $secret_key_base       = '7a8509ab31fdb0c15c71c941d089474a',
  String[1]                     $user                  = 'hdm',
  String[1]                     $group                 = 'hdm',
  String[1]                     $git_url               = 'https://github.com/betadots/hdm.git',
  Hdm::Puppetdb                 $puppetdb_settings     = { 'server' => 'http://localhost:8080', },
  Stdlib::Unixpath              $puppet_code_dir       = '/etc/puppetlabs/code',
  Stdlib::Unixpath              $puppet_dir            = '/etc/puppetlabs',
  String[1]                     $hdm_hiera_config_file = 'hiera.yaml',
  # additional application parameter
  Boolean                        $disable_authentication = false,
  Boolean                        $allow_encryption       = false,
  Boolean                        $read_only              = true,
  Optional[Hdm::Gitdata]         $git_data               = undef,
  Optional[Hdm::Ldap_settings]   $ldap_settings          = undef,
  Optional[Sensitive[String[1]]] $ldap_bind_dn_password  = undef,
  Hash[String[1],Enum['yaml', 'eyaml']]  $custom_lookup_function = {},
) {
  if $ldap_settings {
    if $ldap_bind_dn_password {
      $final_ldap_settings = $ldap_settings + { bind_dn_password => $ldap_bind_dn_password }
    } else {
      $final_ldap_settings = $ldap_settings
    }
  } else {
    $final_ldap_settings = {}
  }

  case $method {
    'docker': {
      $run_mode = 'production'
      include hdm::docker
    }
    'rvm': {
      $run_mode = 'development'
      include hdm::rvm
    }
    default: {
      fail('Unknown HDM installation method.')
    }
  }
}