Puppet Plan: cd4peadm::generate_config

Defined in:
plans/generate_config.pp

Summary

Generate a Hiera data file with config settings required for install

Overview

Creates a Hiera file at ‘data/common.yaml` with all of the config settings that are required to install CD4PE. Defaults are provided where possible, but the user must supply at least the target to install CD4PE on, the admin password, and the hostname where the console can be reached.

All sensitive data in the resulting Hiera file will be encrypted with hiera-eyaml. It will generate keys in none exist, and it will also write a ‘hiera.yaml` config file if the user does not already have one.

This plan can be invoked independently by the user to generate the Hiera config from the supplied parameters. In this workflow, the user would then run the ‘cd4peadm::install_from_config` plan afterwards, to install the app from the config that was just generated. Both of these plans also called implicitly as part of the prompt-based `cd4peadm::install` plan.

Parameters:

  • admin_password (Sensitive[String])

    Password for logging into the CD4PE Admin Console

  • inventory_aio_target (String)

    The target to install CD4PE on

  • resolvable_hostname (String)

    The hostname users will be able to access the CD4PE console at

  • admin_username (String) (defaults to: 'admin')

    The first CD4PE user of the installation. It is also sometimes referred to as the root user.

  • admin_db_password (Sensitive[String]) (defaults to: Sensitive(cd4peadm::secure_random(32)))

    Used by the admin/superuser of the Postgres instance. It’s only used in setup.

  • cd4pe_db_username (Optional[String]) (defaults to: 'cd4pe')

    Overrides the default database user which is used by the backend service.

  • cd4pe_db_password (Sensitive[String]) (defaults to: Sensitive(cd4peadm::secure_random(32)))

    Password of the database used by the backend service.

  • query_db_username (Optional[String]) (defaults to: 'query')

    Overrides the default database user used by the query service.

  • query_db_password (Sensitive[String]) (defaults to: Sensitive(cd4peadm::secure_random(32)))

    Password of the database used by the query service.

  • secret_key (Sensitive[String]) (defaults to: Sensitive(cd4peadm::secure_random(16)))

    Used to encrypt secret data stored in the backend database.

  • runtime (Optional[Cd4peadm::Runtime]) (defaults to: 'docker')

    determines which container runtime should be used for the installation.

  • hiera_config_file_path (String) (defaults to: 'hiera.yaml')

    Determines where the Hiera config file is written.

  • hiera_data_file_path (String) (defaults to: 'data/common.yaml')

    Determines where the CD4PE config is written.

  • pkcs7_private_key_path (String) (defaults to: 'keys/private_key.pkcs7.pem')

    Path to the private key used to decrypt Hiera data encrypted with eyaml.

  • pkcs7_public_key_path (String) (defaults to: 'keys/public_key.pkcs7.pem')

    Path to the public key used to encrypt Hiera data with eyaml.

  • optional_settings (Hash[String, Any]) (defaults to: {}) 


35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
 
# File 'plans/generate_config.pp', line 35

plan cd4peadm::generate_config(
  Sensitive[String] $admin_password,
  String $inventory_aio_target,
  String $resolvable_hostname,
  String $admin_username = 'admin',
  Sensitive[String] $admin_db_password = Sensitive(cd4peadm::secure_random(32)),
  Optional[String] $cd4pe_db_username = 'cd4pe',
  Sensitive[String] $cd4pe_db_password = Sensitive(cd4peadm::secure_random(32)),
  Optional[String] $query_db_username = 'query',
  Sensitive[String] $query_db_password = Sensitive(cd4peadm::secure_random(32)),
  Sensitive[String] $secret_key = Sensitive(cd4peadm::secure_random(16)),
  Optional[Cd4peadm::Runtime] $runtime = 'docker',
  Hash[String, Any] $optional_settings = {},
  String $hiera_config_file_path = 'hiera.yaml',
  String $hiera_data_file_path = 'data/common.yaml',
  String $pkcs7_private_key_path = 'keys/private_key.pkcs7.pem',
  String $pkcs7_public_key_path = 'keys/public_key.pkcs7.pem',
) {
  out::message('Checking if keys exist for encrypting sensitive data')
  if file::exists(file::join(cd4peadm::bolt_project_dir(), $pkcs7_public_key_path)) {
    out::message('Found existing PKCS7 public key, skipping creation of new key pair')
  } else {
    out::message('Secret keys do not exist yet, creating')
    run_task('pkcs7::secret_createkeys', 'localhost', {
        public_key  => file::join(cd4peadm::bolt_project_dir(), $pkcs7_public_key_path),
        private_key => file::join(cd4peadm::bolt_project_dir(), $pkcs7_private_key_path)
    })
  }

  # TODO accept user certs here alternatively?
  $ssl_objects = cd4peadm::generate_cert_chain($resolvable_hostname)

  $basic_config = {
    targets             => {
      backend  => [$inventory_aio_target],
      database => [$inventory_aio_target],
      ui       => [$inventory_aio_target],
    },
    admin_db_password   => regsubst(cd4peadm::encrypt($admin_db_password, $pkcs7_public_key_path), '\n', ' ', 'MG'),
    cd4pe_db_password   => regsubst(cd4peadm::encrypt($cd4pe_db_password, $pkcs7_public_key_path), '\n', ' ', 'MG'),
    cd4pe_db_username   => $cd4pe_db_username,
    query_db_password   => regsubst(cd4peadm::encrypt($query_db_password, $pkcs7_public_key_path), '\n', ' ', 'MG'),
    query_db_username   => $query_db_username,
    resolvable_hostname => $resolvable_hostname,
    root_password       => regsubst(cd4peadm::encrypt($admin_password, $pkcs7_public_key_path), '\n', ' ', 'MG'),
    root_username       => $admin_username,
    runtime             => $runtime,
    secret_key          => regsubst(cd4peadm::encrypt($secret_key, $pkcs7_public_key_path), '\n', ' ', 'MG'),
    ssl_cert_chain      => $ssl_objects['cert_chain'],
    ssl_crl             => $ssl_objects['crl'],
    ssl_private_key     => regsubst(
      cd4peadm::encrypt(Sensitive($ssl_objects['private_key']), $pkcs7_public_key_path),
      '\n', ' ', 'MG'
    ),
    java_args           => '-Xmx1024M -Xms1024M',
  }

  $full_config = $basic_config + $optional_settings

  $hiera_data = {
    'cd4peadm::config' => Cd4peadm::Hiera_config.new($full_config)
  }

  $hiera_data_path = cd4peadm::save_yaml_file($hiera_data, $hiera_data_file_path)
  out::message("Saved Hiera data file to ${hiera_data_path}")

  run_plan('cd4peadm::install::create_hiera_config', {
    hiera_config_file_path => $hiera_config_file_path,
    hiera_data_file_path   => $hiera_data_file_path,
    pkcs7_private_key_path => $pkcs7_private_key_path,
    pkcs7_public_key_path  => $pkcs7_public_key_path,
  })
}