Puppet Class: iop

Inherits:
iop::params
Defined in:
manifests/init.pp

Overview

Class: iop

Install and configure IOP services

Advanced parameters:

$register_as_smartproxy

Whether to register as a smart proxy

$enable_vulnerability

Enable vulnerability services

$enable_advisor

Enable advisor services

$foreman_base_url

Base URL for Foreman connection

Database parameters:

$database_host

Shared database host for all services

$database_port

Shared database port for all services

$inventory_database_name

Database name for host inventory service

$inventory_database_user

Database user for host inventory service

$inventory_database_password

Database password for host inventory service

$vulnerability_database_name

Database name for vulnerability service

$vulnerability_database_user

Database user for vulnerability service

$vulnerability_database_password

Database password for vulnerability service

$vmaas_database_name

Database name for vmaas service

$vmaas_database_user

Database user for vmaas service

$vmaas_database_password

Database password for vmaas service

$advisor_database_name

Database name for advisor service

$advisor_database_user

Database user for advisor service

$advisor_database_password

Database password for advisor service

$remediations_database_name

Database name for remediations service

$remediations_database_user

Database user for remediations service

$remediations_database_password

Database password for remediations service

Parameters:

  • register_as_smartproxy (Boolean) (defaults to: true)
  • enable_vulnerability (Boolean) (defaults to: true)
  • enable_advisor (Boolean) (defaults to: true)
  • foreman_base_url (Optional[Stdlib::HTTPUrl]) (defaults to: undef)
  • database_host (String[1]) (defaults to: '/var/run/postgresql/')
  • database_port (Stdlib::Port) (defaults to: 5432)
  • inventory_database_name (String[1]) (defaults to: 'inventory_db')
  • inventory_database_user (String[1]) (defaults to: 'inventory_user')
  • inventory_database_password (String[1]) (defaults to: $iop::params::inventory_database_password)
  • vulnerability_database_name (String[1]) (defaults to: 'vulnerability_db')
  • vulnerability_database_user (String[1]) (defaults to: 'vulnerability_admin')
  • vulnerability_database_password (String[1]) (defaults to: $iop::params::vulnerability_database_password)
  • vmaas_database_name (String[1]) (defaults to: 'vmaas_db')
  • vmaas_database_user (String[1]) (defaults to: 'vmaas_admin')
  • vmaas_database_password (String[1]) (defaults to: extlib::cache_data('iop_cache_data', 'vmaas_db_password', extlib::random_password(32)))
  • advisor_database_name (String[1]) (defaults to: 'advisor_db')
  • advisor_database_user (String[1]) (defaults to: 'advisor_user')
  • advisor_database_password (String[1]) (defaults to: extlib::cache_data('iop_cache_data', 'advisor_db_password', extlib::random_password(32)))
  • remediations_database_name (String[1]) (defaults to: 'remediations_db')
  • remediations_database_user (String[1]) (defaults to: 'remediations_user')
  • remediations_database_password (String[1]) (defaults to: extlib::cache_data('iop_cache_data', 'remediations_db_password', extlib::random_password(32))) 


51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
 
# File 'manifests/init.pp', line 51

class iop (
  Boolean $register_as_smartproxy = true,
  Boolean $enable_vulnerability = true,
  Boolean $enable_advisor = true,
  Optional[Stdlib::HTTPUrl] $foreman_base_url = undef,
  String[1] $database_host = '/var/run/postgresql/',
  Stdlib::Port $database_port = 5432,
  String[1] $inventory_database_name = 'inventory_db',
  String[1] $inventory_database_user = 'inventory_user',
  String[1] $inventory_database_password = $iop::params::inventory_database_password,
  String[1] $vulnerability_database_name = 'vulnerability_db',
  String[1] $vulnerability_database_user = 'vulnerability_admin',
  String[1] $vulnerability_database_password = $iop::params::vulnerability_database_password,
  String[1] $vmaas_database_name = 'vmaas_db',
  String[1] $vmaas_database_user = 'vmaas_admin',
  String[1] $vmaas_database_password = extlib::cache_data('iop_cache_data', 'vmaas_db_password', extlib::random_password(32)),
  String[1] $advisor_database_name = 'advisor_db',
  String[1] $advisor_database_user = 'advisor_user',
  String[1] $advisor_database_password = extlib::cache_data('iop_cache_data', 'advisor_db_password', extlib::random_password(32)),
  String[1] $remediations_database_name = 'remediations_db',
  String[1] $remediations_database_user = 'remediations_user',
  String[1] $remediations_database_password = extlib::cache_data('iop_cache_data', 'remediations_db_password', extlib::random_password(32)),
) inherits iop::params {
  include iop::core_ingress
  include iop::core_puptoo
  include iop::core_yuptoo
  include iop::core_engine
  include iop::core_gateway
  class { 'iop::core_host_inventory':
    database_host     => $database_host,
    database_port     => $database_port,
    database_name     => $inventory_database_name,
    database_user     => $inventory_database_user,
    database_password => $inventory_database_password,
  }
  include iop::core_host_inventory_frontend

  if $enable_vulnerability {
    class { 'iop::service_vmaas':
      database_host     => $database_host,
      database_port     => $database_port,
      database_name     => $vmaas_database_name,
      database_user     => $vmaas_database_user,
      database_password => $vmaas_database_password,
    }
    include iop::service_vulnerability_frontend
    class { 'iop::service_vulnerability':
      database_host     => $database_host,
      database_port     => $database_port,
      database_name     => $vulnerability_database_name,
      database_user     => $vulnerability_database_user,
      database_password => $vulnerability_database_password,
    }
  }

  if $enable_advisor {
    include iop::service_advisor_frontend
    class { 'iop::service_advisor':
      database_host     => $database_host,
      database_port     => $database_port,
      database_name     => $advisor_database_name,
      database_user     => $advisor_database_user,
      database_password => $advisor_database_password,
    }
    class { 'iop::service_remediations':
      database_host     => $database_host,
      database_port     => $database_port,
      database_name     => $remediations_database_name,
      database_user     => $remediations_database_user,
      database_password => $remediations_database_password,
    }
  }

  if $register_as_smartproxy {
    $oauth_consumer_key = extlib::cache_data('foreman_cache_data', 'oauth_consumer_key', extlib::random_password(32))
    $oauth_consumer_secret = extlib::cache_data('foreman_cache_data', 'oauth_consumer_secret', extlib::random_password(32))

    $_foreman_base_url_real = pick($foreman_base_url, "https://${facts['networking']['fqdn']}")

    foreman_smartproxy { 'iop-gateway':
      ensure          => present,
      base_url        => $_foreman_base_url_real,
      consumer_key    => $oauth_consumer_key,
      consumer_secret => $oauth_consumer_secret,
      effective_user  => 'admin',
      ssl_ca          => $certs::iop::client_ca_cert,
      url             => 'https://localhost:24443',
      require         => [
        Class['iop::core_gateway'],
      ],
    }
  }

  class { 'iop_advisor_engine':
    ensure => 'absent',
  }
}