Puppet Class: simp_grafana::params

Defined in:
manifests/params.pp

Overview

Class: simp_grafana::params

This class is meant to be called from simp_grafana. It sets variables according to platform.



8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
 
# File 'manifests/params.pp', line 8

class simp_grafana::params {

  $trusted_nets = simplib::lookup('simp_options::trusted_nets', { 'default_value' => ['127.0.0.0/8'] })
  $firewall     = simplib::lookup('simp_options::firewall', { 'default_value' => false })
  $ldap         = simplib::lookup('simp_options::ldap', { 'default_value' => false })

  $admin_pw = passgen('grafana')

  $app_pki_dir             = '/etc/pki/simp_apps/grafana/x509'
  $app_pki_key             = "${app_pki_dir}/private/${facts['fqdn']}.pem"
  $app_pki_cert            = "${app_pki_dir}/public/${facts['fqdn']}.pub"

  $base_dn = simplib::lookup('simp_options::ldap::base_dn', { 'default_value' => simplib::ldap::domain_to_dn() } )
  $bind_dn = simplib::lookup('simp_options::ldap::bind_dn', { 'default_value' => "uid=%s,${base_dn}" } )
  $bind_pw = simplib::lookup('simp_options::ldap::bind_pw', { 'default_value' => undef } )

  $ldap_urls   = simplib::lookup('simp_options::ldap::uri', { 'default_value' => [''] } )
  $ldap_url    = $ldap_urls[0]
  $ldap_server = inline_template(
    '<%= @ldap_url.match(/(([[:alnum:]][[:alnum:]-]{0,254})?[[:alnum:]]\.)+(([[:alnum:]][[:alnum:]-]{0,254})?[[:alnum:]])\.?/) %>'
  )

  case $facts['osfamily'] {
    'RedHat': { }
    default: {
      fail("${::operatingsystem} not supported")
    }
  }

  # Static defaults
  $cfg = {
    server       => {
      http_port => 8443,
      protocol  => 'https',
      cert_file => $app_pki_cert,
      cert_key  => $app_pki_key,
    },
    security     => {
      admin_password   => $admin_pw,
      disable_gravatar => true,
    },
    users        => {
      allow_sign_up    => false,
      allow_org_create => true,
      auto_assign_org  => true,
    },
    'auth.basic' => { enabled => false },
    'auth.ldap'  => { enabled => $ldap },
    #Allows SIMP dashboards to be read from the file system
    'dashboards.json' => { enabled => true },
    analytics   => { reporting_enabled => false },
    snapshot    => { external_enabled => false },
  }

  $ldap_group_mapping_defaults = [
    { group_dn => 'simp_grafana_admins',     org_role => 'Admin'  },
    { group_dn => 'simp_grafana_editors',    org_role => 'Editor' },
    { group_dn => 'simp_grafana_editors_ro', org_role => 'Read Only Editor' },
    { group_dn => 'simp_grafana_viewers',    org_role => 'Viewer' },
  ]

  $ldap_server_defaults = {
    host                  => $ldap_server,
    port                  => 636,
    use_ssl               => true,
    ssl_skip_verify       => true,
    bind_dn               => $bind_dn,
    bind_password         => $bind_pw,
    search_filter         => '(uid=%s)',
    search_base_dns       => ["ou=People,${base_dn}"],
    group_search_filter   => '(&(objectClass=posixGroup)(memberUid=%s))',
    group_search_base_dns => ["ou=Group,${base_dn}"],
    attributes            => {
      name      => 'givenName',
      surname   => 'sn',
      username  => 'uid',
      member_of => 'cn',
      email     => 'mail',
    },
    group_mappings => $ldap_group_mapping_defaults,
  }

  $ldap_cfg = {
    verbose_logging => true,
    servers         => [ $ldap_server_defaults ],
  }
}