Puppet Class: st2

Inherits:
st2::params
Inherited by:
st2::auth
st2::repo
st2::packs
st2::auth::pam
st2::notifier
st2::auth::ldap
st2::scheduler
st2::auth::common
st2::profile::web
st2::rulesengine
st2::auth::mongodb
st2::timersengine
st2::auth::keystone
st2::profile::nginx
st2::profile::redis
st2::auth::flat_file
st2::profile::client
st2::profile::nodejs
st2::profile::python
st2::profile::server
st2::workflowengine
st2::profile::chatops
st2::profile::metrics
st2::profile::mongodb
st2::profile::rabbitmq
st2::profile::fullinstall
st2::server::datastore_keys
Defined in:
manifests/init.pp

Summary

Base class for st2 module. Used as top-level to set parameters via Hiera, this class does not need to be called directly.

Overview

Examples:

Basic Usage

include st2

Variables can be set in Hiera and take advantage of automatic data bindings:

st2::version: 2.10.1

Customizing parameters

# best practice is to change default username/password
class { 'st2::params':
  admin_username => 'st2admin',
  admin_password => 'SuperSecret!',
}

class { 'st2':
  version => '2.10.1',
}

Different passwords for each database (MongoDB, RabbitMQ)

class { 'st2':
  # StackStorm user
  cli_username        => 'st2admin',
  cli_password        => 'SuperSecret!',
  # MongoDB user for StackStorm
  db_username         => 'admin',
  db_password         => 'KLKfp9#!2',
  # RabbitMQ user for StackStorm
  rabbitmq_username   => 'st2',
  rabbitmq_password   => '@!fsdf0#45',
}

Install with python 3.8 (if not default on your system)

$st2_python_version = $facts['os']['family'] ? {
  'RedHat' => '3.8',
  'Debian' => 'python3.8',
}
class { 'st2':
  python_version            => $st2_python_version,
}

Parameters:

  • version (Any) (defaults to: 'present')

    Version of StackStorm package to install (default = ‘present’) See the package ‘ensure’ property: puppet.com/docs/puppet/5.5/types/package.html#package-attribute-ensure

  • python_version (String) (defaults to: 'system')

    Version of Python to install. Default is ‘system’ meaning the system version of Python will be used. To install Python 3.8 on RHEL/CentOS 7 specify ‘3.8’. To install Python 3.8 on Ubuntu 16.05 specify ‘python3.8’.

  • repository (St2::Repository) (defaults to: $st2::params::repository)

    Release repository to enable. ‘stable’, ‘unstable’ (default = ‘stable’)

  • conf_dir (Any) (defaults to: $st2::params::conf_dir)

    The directory where st2 configs are stored

  • conf_file (Any) (defaults to: "${st2::params::conf_dir}/st2.conf")

    The path where st2 config is stored

  • use_ssl (Any) (defaults to: $st2::params::use_ssl)

    Enable/Disable SSL for all st2 APIs

  • ssl_cert_manage (Any) (defaults to: true)

    Boolean to determine if this module should manage the SSL certificate used by nginx.

  • ssl_dir (Any) (defaults to: $st2::params::ssl_dir)

    Directory where st2web will look for its SSL info. (default: /etc/ssl/st2)

  • ssl_cert (Any) (defaults to: $st2::params::ssl_cert)

    Path to the file where the StackStorm SSL cert will be generated. (default: /etc/ssl/st2/st2.crt)

  • ssl_key (Any) (defaults to: $st2::params::ssl_key)

    Path to the file where the StackStorm SSL key will be generated. (default: /etc/ssl/st2/st2.key)

  • auth (Any) (defaults to: true)

    Toggle to enable/disable auth (Default: true)

  • auth_api_url (Any) (defaults to: "http://${st2::params::hostname}:${st2::params::api_port}")

    URL where StackStorm auth service will communicate with the StackStorm API service

  • auth_debug (Any) (defaults to: false)

    Toggle to enable/disable auth debugging (Default: false)

  • auth_mode (Any) (defaults to: $st2::params::auth_mode)

    Auth mode, either ‘standalone’ or ‘backend (default: ’standalone’)

  • auth_backend (Any) (defaults to: $st2::params::auth_backend)

    Determines which auth backend to configure. (default: flat_file) Available backends:

    • flat_file

    • keystone

    • ldap

    • mongodb

    • pam

  • auth_backend_config (Any) (defaults to: $st2::params::auth_backend_config)

    Hash of parameters to pass to the auth backend class when it’s instantiated. This will be different for every backend. Please see the corresponding backend class to determine what the config options should be.

  • cli_base_url (Any) (defaults to: "http://${st2::params::hostname}")

    CLI config - Base URL lives

  • cli_api_version (Any) (defaults to: 'v1')

    CLI config - API Version

  • cli_debug (Any) (defaults to: false)

    CLI config - Enable/Disable Debug

  • cli_cache_token (Any) (defaults to: true)

    CLI config - True to cache auth token until expries

  • cli_username (Any) (defaults to: $st2::params::admin_username)

    CLI config - Auth Username

  • cli_password (Any) (defaults to: $st2::params::admin_password)

    CLI config - Auth Password

  • cli_apikey (Any) (defaults to: undef)

    CLI config - StackStorm API Key to use for pack and k/v installation, instead of user/pass

  • cli_api_url (Any) (defaults to: "http://${st2::params::hostname}:${st2::params::api_port}")

    CLI config - API URL

  • cli_auth_url (Any) (defaults to: "http://${st2::params::hostname}:${st2::params::auth_port}")

    CLI config - Auth URL

  • actionrunner_workers (Any) (defaults to: $st2::params::actionrunner_workers)

    Set the number of actionrunner processes to start

  • packs (Any) (defaults to: {})

    Hash of st2 packages to be installed

  • packs_group (Any) (defaults to: $st2::params::packs_group_name)

    Name of the group that will own the /opt/stackstorm/packs directory (default: st2packs)

  • index_url (Any) (defaults to: undef)

    Url to the StackStorm Exchange index file. (default undef)

  • syslog (Any) (defaults to: false)

    Routes all log messages to syslog

  • syslog_host (Any) (defaults to: 'localhost')

    Syslog host. Default: localhost

  • syslog_protocol (Any) (defaults to: 'udp')

    Syslog protocol. Default: udp

  • syslog_port (Any) (defaults to: 514)

    Syslog port. Default: 514

  • syslog_facility (Any) (defaults to: 'local7')

    Syslog facility. Default: local7

  • ssh_key_location (Any) (defaults to: '/home/stanley/.ssh/st2_stanley_key')

    Location on filesystem of Admin SSH key for remote runner

  • db_host (Any) (defaults to: $st2::params::hostname)

    Hostname to talk to st2 db

  • db_port (Any) (defaults to: $st2::params::mongodb_port)

    Port for db server for st2 to talk to

  • db_bind_ips (Any) (defaults to: $st2::params::mongodb_bind_ips)

    Array of bind IP addresses for MongoDB to listen on

  • db_name (Any) (defaults to: $st2::params::mongodb_st2_db)

    Name of db to connect to (default: ‘st2’)

  • db_username (Any) (defaults to: $st2::params::mongodb_st2_username)

    Username to connect to db with (default: ‘stackstorm’)

  • db_password (Any) (defaults to: $st2::params::admin_password)

    Password for ‘admin’ and ‘stackstorm’ users in MongDB. If ‘undef’ then use $cli_password

  • mongodb_version (Any) (defaults to: undef)

    Version of MongoDB to install. If not provided it will be auto-calcuated based on $version (default: undef)

  • mongodb_manage_repo (Any) (defaults to: true)

    Set this to false when you have your own repositories for MongoDB (default: true)

  • mongodb_auth (Any) (defaults to: true)

    Boolean determining if auth should be enabled for MongoDB. Note: On new versions of Puppet (4.0+) you’ll need to disable this setting. (default: true)

  • nginx_manage_repo (Any) (defaults to: true)

    Set this to false when you have your own repositories for nginx (default: true)

  • nginx_ssl_ciphers (Any) (defaults to: $st2::params::nginx_ssl_ciphers)

    String or list of strings of acceptable SSL ciphers to configure nginx with. @see nginx.org/en/docs/http/ngx_http_ssl_module.html Note: the defaults are setup to restrict to TLSv1.2 and TLSv1.3 secure ciphers only

    (secure by default). The secure ciphers for each protocol were obtained via:
@see https://wiki.mozilla.org/Security/Server_Side_TLS
  • nginx_ssl_protocols (Any) (defaults to: $st2::params::nginx_ssl_protocols)

    String or list of strings of acceptable SSL protocols to configure nginx with. @see nginx.org/en/docs/http/ngx_http_ssl_module.html Note: the defaults are setup to restrict to TLSv1.2 and TLSv1.3 only (secure by default)

  • nginx_ssl_port (Any) (defaults to: $st2::params::nginx_ssl_port)

    What port should nginx listen on publicly for new connections (default: 443)

  • nginx_client_max_body_size (Any) (defaults to: $st2::params::nginx_client_max_body_size)

    The maximum size of the body for a request allow through nginx. We default this to ‘0’ to allow for large messages/payloads/inputs/results to be passed through nginx as is normal in the StackStorm context. @see nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size

  • web_root (Any) (defaults to: $st2::params::web_root)

    Directory where the StackStorm WebUI site lives on the filesystem

  • timersengine_enabled (Any) (defaults to: $st2::params::timersengine_enabled)

    Set to true if the st2timersengine service should be enabled on this node (default: true)

  • timersengine_timezone (Any) (defaults to: $st2::params::timersengine_timezone)

    The local timezone for this node. (default: ‘America/Los_Angeles’)

  • scheduler_sleep_interval (Any) (defaults to: $st2::params::scheduler_sleep_interval)

    How long (in seconds) to sleep between each action scheduler main loop run interval. (default = 0.1)

  • scheduler_gc_interval (Any) (defaults to: $st2::params::scheduler_gc_interval)

    How often (in seconds) to look for zombie execution requests before rescheduling them. (default = 10)

  • scheduler_pool_size (Any) (defaults to: $st2::params::scheduler_pool_size)

    The size of the pool used by the scheduler for scheduling executions. (default = 10)

  • chatops_adapter (Any) (defaults to: $st2::params::chatops_adapter)

    Adapter package(s) to be installed with npm. List of hashes.

  • chatops_adapter_conf (Any) (defaults to: $st2::params::chatops_adapter_conf)

    Configuration parameters for Hubot adapter (hash)

  • chatops_hubot_log_level (Any) (defaults to: $st2::params::hubot_log_level)

    Logging level for hubot (string)

  • chatops_hubot_express_port (Any) (defaults to: $st2::params::hubot_express_port)

    Port that hubot operates on (integer or string)

  • chatops_tls_cert_reject_unauthorized (Any) (defaults to: $st2::params::tls_cert_reject_unauthorized)

    Should hubot validate SSL certs Set to 1 when using self signed certs

  • chatops_hubot_name (Any) (defaults to: $st2::params::hubot_name)

    Name of the bot in chat. Should be properly quoted if it has special characters, example: ‘“MyBot!”’

  • chatops_hubot_alias (Any) (defaults to: $st2::params::hubot_alias)

    Character to trigger the bot at the beginning of a message. Must be properly quoted of it’s a special character, example: “‘!’”

  • chatops_api_key (Any) (defaults to: undef)

    API key generated by ‘st2 apikey create` that hubot will use to post data back to StackStorm. (default: undef)

  • chatops_st2_hostname (Any) (defaults to: $st2::params::hostname)

    Hostname of the StackStorm instance that chatops will connect to for API and Auth. If unspecified it will use the default in /opt/stackstorm/chatops/st2chatops.env (default: undef)

  • chatops_api_url (Any) (defaults to: "https://${st2::params::hostname}/api")

    ChatOps config - API URL

  • chatops_auth_url (Any) (defaults to: "https://${st2::params::hostname}/auth")

    ChatOps config - Auth URL

  • chatops_web_url (Any) (defaults to: undef)

    Public URL of StackStorm instance. used by chatops to offer links to execution details in a chat. If unspecified it will use the default in /opt/stackstorm/chatops/st2chatops.env (default: undef)

  • nodejs_version (Any) (defaults to: undef)

    Version of NodeJS to install. If not provided it will be auto-calcuated based on $version (default: undef)

  • nodejs_manage_repo (Any) (defaults to: true)

    Set this to false when you have your own repositories for NodeJS (default: true)

  • redis_bind_ip (Any) (defaults to: $st2::params::redis_bind_ip)

    Bind IP of the Redis server. Default is 127.0.0.1

  • workflowengine_num (Any) (defaults to: $st2::params::workflowengine_num)

    The number of workflowengines to have in an active active state (default: 1)

  • scheduler_num (Any) (defaults to: $st2::params::scheduler_num)

    The number of schedulers to have in an active active state (default: 1)

  • rulesengine_num (Any) (defaults to: $st2::params::rulesengine_num)

    The number of rulesengines to have in an active active state (default: 1)

  • notifier_num (Any) (defaults to: $st2::params::notifier_num)

    The number of notifiers to have in an active active state (default: 1)

  • erlang_url (Any) (defaults to: $st2::params::erlang_url)

    The url for the erlang repositiory to be used for rabbitmq

  • erlang_key (Any) (defaults to: $st2::params::erlang_key)

    The gpg key for the erlang repositiory to be used for rabbitmq

  • validate_output_schema (Any) (defaults to: $st2::params::validate_output_schema)

    Enable/disable output schema validation in StackStorm

  • cli_silence_ssl_warnings (Any) (defaults to: false)
  • ng_init (Any) (defaults to: true)
  • datastore_keys_dir (Any) (defaults to: $st2::params::datstore_keys_dir)
  • datastore_key_path (Any) (defaults to: "${st2::params::datstore_keys_dir}/datastore_key.json")
  • nginx_basicstatus_enabled (Any) (defaults to: $st2::params::basicstatus_enabled)
  • nginx_basicstatus_port (Any) (defaults to: $st2::params::basicstatus_port)
  • rabbitmq_username (Any) (defaults to: $st2::params::rabbitmq_username)
  • rabbitmq_password (Any) (defaults to: $st2::params::rabbitmq_password)
  • rabbitmq_hostname (Any) (defaults to: $st2::params::rabbitmq_hostname)
  • rabbitmq_port (Any) (defaults to: $st2::params::rabbitmq_port)
  • rabbitmq_bind_ip (Any) (defaults to: $st2::params::rabbitmq_bind_ip)
  • rabbitmq_vhost (Any) (defaults to: $st2::params::rabbitmq_vhost)
  • erlang_key_id (Any) (defaults to: $st2::params::erlang_key_id)
  • erlang_key_source (Any) (defaults to: $st2::params::erlang_key_source)
  • erlang_packages (Any) (defaults to: $st2::params::erlang_packages)
  • erlang_rhel_sslcacert_location (Any) (defaults to: $st2::params::erlang_rhel_sslcacert_location)
  • erlang_rhel_sslverify (Any) (defaults to: $st2::params::erlang_rhel_sslverify)
  • erlang_rhel_gpgcheck (Any) (defaults to: $st2::params::erlang_rhel_gpgcheck)
  • erlang_rhel_repo_gpgcheck (Any) (defaults to: $st2::params::erlang_rhel_repo_gpgcheck)
  • redis_hostname (Any) (defaults to: $st2::params::redis_hostname)
  • redis_port (Any) (defaults to: $st2::params::redis_port)
  • redis_password (Any) (defaults to: $st2::params::redis_password)
  • metrics_include (Any) (defaults to: $st2::params::metrics_include)
  • metric_driver (Any) (defaults to: $st2::params::metric_driver)
  • metric_host (Any) (defaults to: $st2::params::metric_host)
  • metric_port (Any) (defaults to: $st2::params::metric_port) 


261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
 
# File 'manifests/init.pp', line 261

class st2(
  $version                    = 'present',
  String  $python_version     = 'system',
  St2::Repository $repository = $st2::params::repository,
  $conf_dir                   = $st2::params::conf_dir,
  $conf_file                  = "${st2::params::conf_dir}/st2.conf",
  $use_ssl                    = $st2::params::use_ssl,
  $ssl_cert_manage            = true,
  $ssl_dir                    = $st2::params::ssl_dir,
  $ssl_cert                   = $st2::params::ssl_cert,
  $ssl_key                    = $st2::params::ssl_key,
  $auth                       = true,
  $auth_api_url               = "http://${st2::params::hostname}:${st2::params::api_port}",
  $auth_debug                 = false,
  $auth_mode                  = $st2::params::auth_mode,
  $auth_backend               = $st2::params::auth_backend,
  $auth_backend_config        = $st2::params::auth_backend_config,
  $cli_base_url               = "http://${st2::params::hostname}",
  $cli_api_version            = 'v1',
  $cli_debug                  = false,
  $cli_cache_token            = true,
  $cli_silence_ssl_warnings   = false,
  $cli_username               = $st2::params::admin_username,
  $cli_password               = $st2::params::admin_password,
  $cli_apikey                 = undef,
  $cli_api_url                = "http://${st2::params::hostname}:${st2::params::api_port}",
  $cli_auth_url               = "http://${st2::params::hostname}:${st2::params::auth_port}",
  $actionrunner_workers       = $st2::params::actionrunner_workers,
  $packs                      = {},
  $packs_group                = $st2::params::packs_group_name,
  $index_url                  = undef,
  $syslog                     = false,
  $syslog_host                = 'localhost',
  $syslog_protocol            = 'udp',
  $syslog_port                = 514,
  $syslog_facility            = 'local7',
  $ssh_key_location           = '/home/stanley/.ssh/st2_stanley_key',
  $db_host                    = $st2::params::hostname,
  $db_port                    = $st2::params::mongodb_port,
  $db_bind_ips                = $st2::params::mongodb_bind_ips,
  $db_name                    = $st2::params::mongodb_st2_db,
  $db_username                = $st2::params::mongodb_st2_username,
  $db_password                = $st2::params::admin_password,
  $mongodb_version            = undef,
  $mongodb_manage_repo        = true,
  $mongodb_auth               = true,
  $ng_init                    = true,
  $datastore_keys_dir         = $st2::params::datstore_keys_dir,
  $datastore_key_path         = "${st2::params::datstore_keys_dir}/datastore_key.json",
  $nginx_basicstatus_enabled  = $st2::params::basicstatus_enabled,
  $nginx_basicstatus_port     = $st2::params::basicstatus_port,
  $nginx_manage_repo          = true,
  $nginx_client_max_body_size = $st2::params::nginx_client_max_body_size,
  $nginx_ssl_ciphers          = $st2::params::nginx_ssl_ciphers,
  $nginx_ssl_port             = $st2::params::nginx_ssl_port,
  $nginx_ssl_protocols        = $st2::params::nginx_ssl_protocols,
  $web_root                   = $st2::params::web_root,
  $rabbitmq_username          = $st2::params::rabbitmq_username,
  $rabbitmq_password          = $st2::params::rabbitmq_password,
  $rabbitmq_hostname          = $st2::params::rabbitmq_hostname,
  $rabbitmq_port              = $st2::params::rabbitmq_port,
  $rabbitmq_bind_ip           = $st2::params::rabbitmq_bind_ip,
  $rabbitmq_vhost             = $st2::params::rabbitmq_vhost,
  $erlang_url                 = $st2::params::erlang_url,
  $erlang_key                 = $st2::params::erlang_key,
  $erlang_key_id              = $st2::params::erlang_key_id,
  $erlang_key_source          = $st2::params::erlang_key_source,
  $erlang_packages            = $st2::params::erlang_packages,
  $erlang_rhel_sslcacert_location = $st2::params::erlang_rhel_sslcacert_location,
  $erlang_rhel_sslverify      = $st2::params::erlang_rhel_sslverify,
  $erlang_rhel_gpgcheck       = $st2::params::erlang_rhel_gpgcheck,
  $erlang_rhel_repo_gpgcheck  = $st2::params::erlang_rhel_repo_gpgcheck,
  $redis_bind_ip              = $st2::params::redis_bind_ip,
  $redis_hostname             = $st2::params::redis_hostname,
  $redis_port                 = $st2::params::redis_port,
  $redis_password             = $st2::params::redis_password,
  $timersengine_enabled       = $st2::params::timersengine_enabled,
  $timersengine_timezone      = $st2::params::timersengine_timezone,
  $scheduler_sleep_interval   = $st2::params::scheduler_sleep_interval,
  $scheduler_gc_interval      = $st2::params::scheduler_gc_interval,
  $scheduler_pool_size        = $st2::params::scheduler_pool_size,
  $chatops_adapter            = $st2::params::chatops_adapter,
  $chatops_adapter_conf       = $st2::params::chatops_adapter_conf,
  $chatops_hubot_log_level              = $st2::params::hubot_log_level,
  $chatops_hubot_express_port           = $st2::params::hubot_express_port,
  $chatops_tls_cert_reject_unauthorized = $st2::params::tls_cert_reject_unauthorized,
  $chatops_hubot_name                   = $st2::params::hubot_name,
  $chatops_hubot_alias                  = $st2::params::hubot_alias,
  $chatops_api_key                      = undef,
  $chatops_st2_hostname                 = $st2::params::hostname,
  $chatops_api_url                      = "https://${st2::params::hostname}/api",
  $chatops_auth_url                     = "https://${st2::params::hostname}/auth",
  $chatops_web_url                      = undef,
  $nodejs_version             = undef,
  $nodejs_manage_repo         = true,
  $workflowengine_num         = $st2::params::workflowengine_num,
  $scheduler_num              = $st2::params::scheduler_num,
  $rulesengine_num            = $st2::params::rulesengine_num,
  $notifier_num               = $st2::params::notifier_num,
  $metrics_include            = $st2::params::metrics_include,
  $metric_driver              = $st2::params::metric_driver,
  $metric_host                = $st2::params::metric_host,
  $metric_port                = $st2::params::metric_port,
  $validate_output_schema     = $st2::params::validate_output_schema,
) inherits st2::params {

  ########################################
  ## Control commands
  exec {'/usr/bin/st2ctl reload --register-all':
    tag         => 'st2::reload',
    refreshonly => true,
  }

  exec {'/usr/bin/st2ctl reload --register-configs':
    tag         => 'st2::register-configs',
    refreshonly => true,
  }
}