Version information
This version is compatible with:
- Puppet Enterprise >= 3.0.0 < 2015.4.0
- Puppet >= 3.0.0 < 5.0.0
- , ,
Start using this module
Add this module to your Puppetfile:
mod 'infnpd-ocpattrauth', '0.0.2'
Learn more about managing modules with a PuppetfileDocumentation
Puppet module for OCP Attribute Authority
This module installs and configures the OCP Attribute Authority service
Dependencies
Supported OS
- RedHat, CentOS (version >= 7)
- Ubuntu (version >= 14.04)
Configuration
Hiera parameters (mandatory):
ocp::aa::db::password
: password for accessing the application databaseocp::aa::db::root_password
: password for msyql administratorocp::tomcat::keystore::alias
: the alias of the service credential inside the keystore fileocp::tomcat::keystore::file
: location of the keystore file containing the service credentials (format: PKCS12 or JKS)ocp::tomcat::keystore::password
: password protecting the keystore file
Hiera parameters (optional):
ocp::aa::entityid
: SAML entity id for the application, default<host>:<port>:it.infn.security.saml
ocp::aa::host
: host name for tomcat installation, default fully qualify host name from facterocp::aa::port
: port for tomcat installation, default443
ocp::aa::contacts
: list of contact published via metadata, default empty listocp::aa::metadata_expiration
: metadata lifetime in seconds, default432000
ocp::aa::organization
: hash table of the localized organization data, one key per language identifier (such as en), default empty hashocp::aa::war_file::url
: URL of the application war file, defaulthttp://igi-01.pd.infn.it/mrepo/OCP/AttributeAuthority/saml2-attribute-authority.war
ocp::aa::db::host
: host name of the application database, default fully qualify host name from facterocp::aa::db::name
: name of the application database, defaultsaml2aadb
ocp::aa::db::port
: port of the application database, default3306
ocp::aa::db::user
: user for accessing the application database, defaultsrvuser
ocp::aa::db::bind_address
: bind address for the application database, default0.0.0.0
ocp::aa::db::max_conn
: maximun number of connections allowed for the application database, default500
ocp::tomcat::keystore::type
: type of the keystore, defaultJKS
ocp::tomcat::truststore::file
: location of the truststore, default/etc/pki/ca-trust/extracted/java/cacerts
ocp::tomcat::truststore::password
: password for the truststore, defaultchangeit
ocp::tomcat::truststore::type
: type of the truststore, defaultJKS
The contact object published via metadata is a hash table with the following keys:
type
: object type (support, technical, administrative, billing), defaultsupport
givenname
: contact first name, defaultunknown
surname
: contact family name, defaultunknown
email
: contact email address, defaultunknown
phone
: contact phone number, defaultunknown
The localized organization data is a hash table with the following keys:
name
: Short name for the organizationdisplayname
: Description for the organizationurl
: URL of the organization home page
Example of stand-alone installation and configuration
Puppet setup
Check if the hostname and FQDN is correctly detected by puppet:
facter | grep hostname
facter | grep fqdn
In the following examples the FQHN will be myhost.mydomain
Install the OCP Attribute Authority module for puppet: puppet module install infnpd-ocpattrauth
Create the required directories: mkdir -p /etc/puppet/manifests /var/lib/hiera/node
Edit the file /etc/puppet/manifests/site.pp
as:
node 'myhost.mydomain' {
require ocpattrauth
}
Edit the file /etc/hiera.yaml
as:
---
:backends:
- yaml
:hierarchy:
- "node/%{fqdn}"
:yaml:
:datadir: /var/lib/hiera
Link the hiera configuration to puppet: ln -s /etc/hiera.yaml /etc/puppet/hiera.yaml
Edit the OCP Attribute Authority description file /var/lib/hiera/node/myhost.mydomain.yaml
,
an example of minimal configuration is:
---
ocp::aa::port : 8443
ocp::aa::db::password : aadb_pa$$word
ocp::aa::db::root_password : rootdb_pa$$word
ocp::tomcat::keystore::file : /etc/security/servicekeys.p12
ocp::tomcat::keystore::password : keystore_pa$$phrase
ocp::tomcat::keystore::alias : tomcat
ocp::tomcat::keystore::type : PKCS12
ocp::aa::contacts : [
{
givenname : Michael,
surname : Knight,
email : micheal.night@example.com,
phone : +01 54235738543
}
]
ocp::aa::organization : {
en : {
name : "OCP",
displayname : "OpenCityPlatform",
url : "http://www.opencityplatform.it"
}
}
Dependencies
- puppetlabs-stdlib (>= 3.2.0 < 5.0.0)
- puppetlabs-mysql (>= 3.6.0)