Puppet Class: phabricator::almanac

Defined in:
manifests/almanac.pp

Summary

This class can be used to register an Almanac device using

Overview

Class for registering an Almanac device.

‘./bin/almanac register`. See the / Almanac User Guide for further information.

Parameters:

  • device (String)

    The name of the Almanac device to register.

  • identity (Optional[String])

    The name of the Almanac device to identify as.

  • private_key (String)

    The contents of an SSH private key that has been associated with the specified Almanac device. This SSH key must be manually marked as trusted using the ‘./bin/almanac trust-key` command.



14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
 
# File 'manifests/almanac.pp', line 14

class phabricator::almanac(
  String           $device,
  Optional[String] $identity,
  String           $private_key,
) {
  $device_id_path   = "${phabricator::install_dir}/phabricator/conf/keys/device.id"
  $private_key_path = "${phabricator::install_dir}/phabricator/conf/keys/device.key"

  file { 'phabricator/conf/device.key':
    ensure  => 'file',
    path    => $private_key_path,
    content => $private_key,
    owner   => $phabricator::daemon_user,
    group   => $phabricator::group,
    mode    => '0600',
    notify  => Exec['almanac register'],
    require => Vcsrepo['phabricator'],
  }

  $_options = [
    "--device ${device}",
    '--force',
    "--private-key ${private_key_path}",
  ]

  if $identity == undef {
    $identity_option = undef
  } else {
    $identity_option = "--identify-as ${identity}"
  }

  $options = delete_undef_values(concat($_options, [$identity_option]))

  # TODO: The `strict_indent` check doesn't seem to work properly here. See
  # https://github.com/relud/puppet-lint-strict_indent-check/issues/11.
  #
  # lint:ignore:strict_indent
  exec { 'almanac register':
    command => "${phabricator::install_dir}/phabricator/bin/almanac register ${join($options, ' ')}",
    creates => $device_id_path,
    user    => $phabricator::daemon_user,
    group   => $phabricator::group,
    require => [
      Class['php::cli'],
      File['phabricator/conf/local.json'],
      Php::Extension['mysql'],
      Vcsrepo['libphutil'],
      Vcsrepo['phabricator'],
    ],
  }
  # lint:endignore

  if $phabricator::storage_upgrade {
    Exec['bin/storage upgrade'] -> Exec['almanac register']
  }

  # TODO: This is dirty, but there's no way that we can accurately determine
  # whether `Class[phabricator::daemons]` exists in the catalogue. I think that
  # the solution here is to make the `phabricator::almanac` and
  # `phabricator::daemons` classes private (using `assert_private()`), and to
  # instead use flags to determine whether these classes should be included
  # (e.g. `$phabricator::almanac = true` and `$phabricator::daemons = true`).
  Exec['almanac register'] -> Service <| title == 'phd' |>
}