Puppet Class: psick::remediate

Defined in:
manifests/remediate.pp

Overview

This class manages Puppet remediate installation

Parameters:

  • manage (Boolean) (defaults to: $::psick::manage)

    If to actually manage any resource in this profile or not#

  • compose_yml_source (String) (defaults to: 'https://storage.googleapis.com/remediate/stable/latest/docker-compose.yml')

    remediate_file_template The path of the template (with erb or epp suffix) to use for the content of /etc/remediate/config. If empty or remediate is missing the file is not managed.

  • state

    The value of the SELINUX parameter in /etc/remediate/config

  • type

    The value of the SELINUXTYPE parameter in /etc/remediate/config

  • remediate_dir_source

    The source of the contents of /etc/remediate dir (format: puppet:///modules/…) If empty or remediate is missing the dir is not managed.

  • remediate_dir_recurse

    The recurse param of the /etc/remediate dir resource

  • remediate_dir_force

    The force param of the /etc/remediate dir resource

  • remediate_dir_purge

    The purge param of the /etc/remediate dir resource

  • auto_prereq (Boolean) (defaults to: true)

    If to automatically install docker and docker compose, as they are needed prerequisites for Puppet Remediate. If set to false you have to care about their installation in other profiles.

  • silence_notify (Boolean) (defaults to: false)

    Set to true to disable notify resources.

  • no_noop (Boolean) (defaults to: false)

    Set noop metaparameter to false to all the resources of this class.

  • license_json_source (Optional[String]) (defaults to: undef)
  • base_dir (Optional[String]) (defaults to: undef)
  • user (String) (defaults to: 'remediate')
  • user_manage (Boolean) (defaults to: true)
  • user_options (Hash) (defaults to: {})
  • admin_password (Optional[String]) (defaults to: undef)
  • swarm_init (Boolean) (defaults to: true) 


21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
 
# File 'manifests/remediate.pp', line 21

class psick::remediate (
  Boolean $manage            = $::psick::manage,
  String $compose_yml_source = 'https://storage.googleapis.com/remediate/stable/latest/docker-compose.yml',
  Optional[String] $license_json_source = undef,
  Optional[String] $base_dir = undef,
  String $user               = 'remediate',
  Boolean $user_manage       = true,
  Hash $user_options         = {},
  Optional[String] $admin_password = undef,
  Boolean $swarm_init        = true,
  Boolean $auto_prereq       = true,
  Boolean $silence_notify    = false,
  Boolean $no_noop           = false,
) {
  if $manage {
    if !$::psick::noop_mode and $no_noop {
      info('Forced no-noop mode in psick::icinga2')
      noop(false)
    }

    if $auto_prereq {
      include psick::docker
      include psick::docker::compose
      Class['psick::docker']
      -> Class['psick::docker::compose']
      -> Exec['docker swarm init remediate']
      -> Exec['docker-compose run remediate']
    }

    if $user_manage {
      psick::users::managed { $user:
        groups => ['docker'],
        *      => $user_options,
      }
    }

    $user_home = psick::get_user_home($user)
    $remediate_dir = pick($base_dir,"${user_home}/remediate")
    psick::tools::create_dir { 'psick::remediate::remediate_dir':
      path  => $remediate_dir,
      owner => $user,
    }
    file { "${remediate_dir}/docker-compose.yml":
      ensure  => present,
      source  => $compose_yml_source,
      owner   => $user,
      require => Psick::Tools::Create_dir['psick::remediate::remediate_dir'],
    }
    if $license_json_source {
      file { "${remediate_dir}/license.json":
        ensure  => present,
        source  => $license_json_source,
        owner   => $user,
        require => Psick::Tools::Create_dir['psick::remediate::remediate_dir'],
      }
    } else {
      if ! $silence_notify {
        notify { 'psick::remediate::license warning':
          message => 'Missing $license_json_source. You need to provide a valid license.json to start the application',
        }
      }
    }
    if $swarm_init {
      exec { 'docker swarm init remediate':
        command => "docker swarm init ; touch ${remediate_dir}/.docker-swarn-init-remediate.lock",
        path    => $::path,
        user    => $user,
        cwd     => $remediate_dir,
        creates => "${remediate_dir}/.docker-swarn-init-remediate.lock",
      }
    }
    exec { 'docker-compose run remediate':
      command  => 'docker-compose run remediate start --license-file license.json', # lint:ignore:140char
      path     => $::path,
      cwd      => $remediate_dir,
      user     => $user,
      provider => 'shell',
      unless   => 'if [[ $(docker ps | grep puppet-discover  | grep healthy | wc -l) < 10 ]] ; then false ; else true ; fi' # lint:ignore:140chars # 10 remediate instances by default (as in 201909),
    }
  }

}