Puppet Class: complyadm::component::mtls_proxy

Defined in:
manifests/component/mtls_proxy.pp

Summary

installs and configures the main backend component

Overview

docker run -d -v /etc/puppetlabs/comply/mtls_proxy_nginx.conf:/etc/nginx/nginx.conf -v /etc/puppetlabs/comply/pe:/etc/ssl/certs -p 30303:80 nginx

Parameters:

  • config (Complyadm::Config::Comply_mtls_proxy)

    subset of Complyadm::Config specific to mtls_proxy



5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
 
# File 'manifests/component/mtls_proxy.pp', line 5

class complyadm::component::mtls_proxy (
  Complyadm::Config::Comply_mtls_proxy $config,
) {
  $container = $config['container']

  $conf_file = '/etc/puppetlabs/comply/mtls_proxy_nginx.conf'
  file { $conf_file:
    ensure  => 'file',
    content => epp('complyadm/mtls_proxy/nginx_conf.epp', {
        'runtime'                 => $container['runtime'],
        'pe_cert_checks_disabled' => $config['pe_cert_checks_disabled'],
    }),
    owner   => 'root',
    group   => 'root',
    seltype => 'container_file_t',
    notify  => Complyadm::Runtime::Run[$container['name']],
  }

  $tls_crt = '/etc/puppetlabs/comply/pe_certs/tls.crt'
  file { $tls_crt:
    ensure  => 'file',
    content => $config['tls_crt'],
    owner   => 'root',
    group   => 'root',
    seltype => 'container_file_t',
    notify  => Complyadm::Runtime::Run[$container['name']],
  }

  $tls_key = '/etc/puppetlabs/comply/pe_certs/tls.key'
  file { $tls_key:
    ensure  => 'file',
    content => $config['tls_key'],
    owner   => 'root',
    group   => 'root',
    seltype => 'container_file_t',
    notify  => Complyadm::Runtime::Run[$container['name']],
  }

  $healthcheck_file = "/etc/puppetlabs/comply/${container['name']}-healthcheck.sh"
  file { $healthcheck_file:
    ensure    => file,
    owner     => 'root',
    group     => 'root',
    mode      => '+x',
    seltype   => 'container_file_t',
    show_diff => false,
    content   => epp('complyadm/runtime/service-watchdog.epp', { healthcheck => "${container['runtime']} exec ${container['name']} ${container['healthcheck']}" }),
    notify    => Complyadm::Runtime::Run[$container['name']],
  }

  complyadm::runtime::run { $container['name']:
    runtime                  => $container['runtime'],
    install_runtime          => $container['install_runtime'],
    image                    => $container['image'],
    net                      => $container['net'],
    extra_parameters         => $container['extra_parameters'],
    after_create             => $healthcheck_file,
    extra_systemd_parameters => $container['extra_systemd_parameters'],
    ports                    => $container['ports'],
    pull_on_start            => false,
    volumes                  => [
      "${conf_file}:/opt/bitnami/nginx/conf/nginx.conf",
      '/etc/puppetlabs/comply/pe_certs:/certs',
      '/etc/puppetlabs/comply/nginx_healthcheck.sh:/health/nginx_healthcheck.sh',
    ],
    require                  => [
      File[$conf_file],
      File[$tls_crt],
      File[$tls_key],
    ],
    cmd                      => $container['cmd'],
    after                    => $container['after'],
  }
}