Version information
This version is compatible with:
- Puppet Enterprise 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x, 2017.3.x
- Puppet >= 5.0.0 < 8.0.0
- ,
Tasks:
- key_decrypt
- key_get
- key_load
- pack_install
Plans:
- upgrade_mongodb
Start using this module
Add this module to your Puppetfile:
mod 'stackstorm-st2', '2.3.0'
Learn more about managing modules with a PuppetfileDocumentation
puppet-st2
Table of Contents
- Description
- Setup - The basics of getting started with st2
- Usage - Configuration options and additional functionality
- Limitations - OS compatibility, etc.
- Development - Guide for contributing to the module
Description
Module to manage StackStorm with Puppet.
Setup
What st2 Affects
The st2
module configures the existing into a complete and dedicated StackStorm node with the following components:
- StackStorm
- MongoDB
- Postgres
- RabbitMQ
- Redis
- Nginx
- NodeJS
Setup Requirements
This module, similar to normal StackStorm installs, expects to be run on a blank system without any existing configurations. The only hard requirements are on the Operating System and machine specs. See Limitations and the official StackStorm system requirements.
Module Dependencies
This module installs and configures all of the components required for StackStorm.
In order to not repeat others work, we've utilized many existing modules from the
forge. We manage the module dependenies using a Puppetfile
for each OS we support.
These Puppetfile
can be used both with r10k
and librarian-puppet.
- RHEL/CentOS 7 - Puppet 6 - build/centos7-puppet6/Puppetfile
- RHEL/CentOS 7 - Puppet 7 - build/centos7-puppet7/Puppetfile
- Ubuntu 18.04 - Puppet 6 - build/ubuntu18-puppet6/Puppetfile
- Ubuntu 18.04 - Puppet 7 - build/ubuntu18-puppet7/Puppetfile
- Ubuntu 20.04 - Puppet 6 - build/ubuntu20-puppet6/Puppetfile
- Ubuntu 20.04 - Puppet 7 - build/ubuntu20-puppet7/Puppetfile
Beginning with st2
For a full installation on a single node, a profile already exists to get you setup and going with minimal effort. Simply:
puppet module install stackstorm-st2
puppet apply -e "include st2::profile::fullinstall"
Usage
Reference Documentation
This module uses Puppet Strings as the documentation standard. An live version is available online at puppetmodule.info/m/stackstorm-st2. A markdown version is available directly in this repo in REFERENCE.md.
Configuration
This module aims to provide sane default configurations, but also stay out of your way in the event you need something more custom. To accomplish this, this module uses the Roles/Profiles pattern. Included in this module are several modules that come with sane defaults that you can use directly or use to compose your own site-specific profile for StackStorm installation.
Configuration can be done directly via code composition, or set via Hiera data bindings. A few notable parameters to take note of:
-
st2::version
- Version of ST2 to install. This will be set as theensure
value on thest2
packages. The default ispresent
resulting in the most up to date packages being installed initially. If you would like to hard code to an older version you can specify that here (ex:2.6.0
). Note Setting this tolatest
is NOT recommended. It will cause the StackStorm packages to be automatically updated without the proper upgrade steps being taken (proper steps detailed here: https://docs.stackstorm.com/install/upgrades.html) -
st2::python_version
- Version to Python to use. The default is'system'
and the systempython
package will be installed, whatever version that is for your OS. To explicitly install Python 3.6 specify'3.6'
if on RHEL/CentOS 7. If on Ubuntu 16.04 specify'python3.6'
. Notes- RHEL 7 - The Red Hat subscription repo
'rhel-7-server-optional-rpms'
will need to be enabled prior to running this module.
# CentOS/RHEL 7 class { 'st2': python_version => '3.6', } # Ubuntu 18.04/20.04 class { 'st2': python_version => 'python3.6', } contain st2::profile::fullinstall
- RHEL 7 - The Red Hat subscription repo
All other classes are documented with Puppetdoc. Please refer to specific classes for use and configuration.
Profiles
st2::profile::client
- Profile to install all client libraries for st2st2::profile::fullinstall
- Full installation of StackStorm and dependenciesst2::profile::mistral
- Install of OpenStack Mistralst2::profile::mongodb
- st2 configured MongoDB installationst2::profile::nodejs
- st2 configured NodeJS installationst2::profile::python
- Python installed and configured for st2st2::profile::rabbitmq
- st2 configured RabbitMQ installationst2::profile::redis
- st2 configured Redis installationst2::proflle::server
- st2 server componentsst2::profile::web
- st2 web componentsst2::profile::chatops
- st2 chatops components
Installing and Configuring Packs
StackStorm packs can be installed and configured directly from Puppet. This
can be done via the st2::pack
and st2::pack::config
defined types.
Installation/Configuration via modules:
# install pack from the exchange
st2::pack { 'linux': }
# install pack from a git URL
st2::pack { 'private':
repo_url => 'https://private.domain.tld/git/stackstorm-private.git',
}
# install pack and apply configuration
st2::pack { 'slack':
config => {
'post_message_action' => {
'webhook_url' => 'XXX',
},
},
}
Installation/Configuration via Hiera:
st2::packs:
linux:
ensure: present
private:
ensure: present
repo_url: https://private.domain.tld/git/stackstorm-private.git
slack:
ensure: present
config:
post_message_action:
webhook_url: XXX
Configuring Authentication
StackStorm uses a pluggable authentication system where auth is delegated to
an external service called a "backend". The st2auth
service can be configured
to use various backends (only one active). For more information on StackStorm
authentication see the
authentication documentation
page.
The following backends are currently available:
flat_file
- Authenticates against an htpasswd file (default) linkkeystone
- Authenticates against an OpenStack Keystone service linkldap
- Authenticates against an LDAP server such as OpenLDAP or Active Directory linkmongodb
- Authenticates against a collection namedusers
in MongoDB linkpam
- Authenticates against the PAM Linux service link
By default the flat_file
backend is used. To change this you can configure it
when instantiating the st2
class in a manifest file:
class { 'st2':
auth_backend => 'ldap',
}
Or in Hiera:
st2::auth_backend: ldap
Each backend has their own custom configuration settings. The settings can be
found by looking at the backend class in the manifests/st2/auth/
directory.
These parameters map 1-for-1 to the configuration options defined in each
backends GitHub page (links above). Backend configurations are passed in as a hash
using the auth_backend_config
option. This option can be changed when instantiating
the st2
class in a manifest file:
class { 'st2':
auth_backend => 'ldap',
auth_backend_config => {
host => 'ldap.domain.tld',
bind_dn => 'cn=ldap_stackstorm,ou=service accounts,dc=domain,dc=tld',
base_dn => 'dc=domain,dc=tld',
scope => 'subtree',
id_attr => 'username',
bind_pw => 'some_password',
group_dns => ['"cn=stackstorm_users,ou=groups,dc=domain,dc=tld"'],
account_pattern => 'userPrincipalName={username}',
},
}
Or in Hiera:
st2::auth_backend: "ldap"
st2::auth_backend_config:
host: "ldaps.domain.tld"
use_tls: false
use_ssl: true
port: 636
bind_dn: 'cn=ldap_stackstorm,ou=service accounts,dc=domain,dc=tld'
bind_pw: 'some_password'
chase_referrals: false
base_dn: 'dc=domain,dc=tld'
group_dns:
- '"cn=stackstorm_users,ou=groups,dc=domain,dc=tld"'
scope: "subtree"
id_attr: "username"
account_pattern: "userPrincipalName={username}"
Configuring ChatOps
Configuration via Hiera:
# character to trigger the bot that the message is a command
# example: !help
st2::chatops_hubot_alias: "'!'"
# name of the bot in chat, sometimes requires special characters like @
st2::chatops_hubot_name: '"@RosieRobot"'
# API key generated by: st2 apikey create
st2::chatops_api_key: '"xxxxyyyyy123abc"'
# Public URL used by ChatOps to offer links to execution details via the WebUI.
st2::chatops_web_url: '"stackstorm.domain.tld"'
# install and configure hubot adapter (rocketchat, nodejs module installed by nodejs)
st2::chatops_adapter:
hubot-adapter:
package: 'hubot-rocketchat'
source: 'git+ssh://git@git.company.com:npm/hubot-rocketchat#master'
# adapter configuration (hash)
st2::chatops_adapter_conf:
HUBOT_ADAPTER: rocketchat
ROCKETCHAT_URL: "https://chat.company.com:443"
ROCKETCHAT_ROOM: 'stackstorm'
LISTEN_ON_ALL_PUBLIC: true
ROCKETCHAT_USER: st2
ROCKETCHAT_PASSWORD: secret123
ROCKETCHAT_AUTH: password
RESPOND_TO_DM: true
Scaling out services
This module supports scaling out workflowengine, scheduler, rulesengine, and notifier services per the ST2 Documentation.
This would be something that you might consider doing if you have alot of rules running or if you have alot of workflows running in parrallel and/or you have alot of nested workflows and have a server that can be higher on CPU and Memory to allow more processes to run at the same time.
Configuration all services:
class { 'st2':
python_version => '3.6',
workflowengine_num => 4,
scheduler_num => 2,
rulesengine_num => 1,
notifier_num => 1,
}
Or configure individual:
class { 'st2::workflowengine':
workflowengine_num => 4,
}
Tasks
This module provides several tasks for interacting with StackStorm. These tasks
are modeled after the st2
CLI command, names of the tasks and parameters reflect this.
Under the hood, the tasks invoke the st2
CLI command so they must be executed on
a node where StackStorm is installed.
Task List
st2::key_decrypt
- Decrypts an encrypted key/value pairst2::key_get
- Retrieves the value for a key from the datastorest2::key_load
- Loads a list of key/value pairs into the datastorest2::pack_install
- Installs a list of packsst2::pack_list
- Get a list of installed packsst2::pack_register
: Registers a list of packs based from paths on the filesystemst2::pack_remove
- Removes a list of packsst2::rule_disable
: Disables a rulest2::rule_list
: Lists all rules, or just the rules in a given packst2::run
: Runs a StackStorm action
Task Authentication
Tasks that interact with the st2
CLI command require authentication with the StackStorm
instance. There are three options for authentication:
- API Key
- Auth token
- Username/password
Using Tasks With API Key
API keys are the recommended way for systems to authenticate with StackStorm. To do this via a task, you would first create an API key in StackStorm:
$ st2 apikey create -m '{"used_by": "bolt"}'
Copy the API key
parameter in the output, and then use it when invoking one of
the tasks in this module via the api_key
parameter:
Usage via command line:
bolt task run st2::key_get key="testkey" api_key='xyz123'
Usage in a plan:
$res = run_task('st2::key_get', $stackstorm_target,
key => 'testkey',
api_key => $api_key)
Using Tasks With Auth Tokens
Auth tokens can be used by bolt
to communicate with StackStorm. First, the user
needs to create an auth token, then pass it in via the auth_token
parameter
$ st2 auth myuser
Copy the auth token in the output, and then use it when invoking one of the tasks in this module:
Usage via command line:
bolt task run st2::key_get key="testkey" auth_token='xyz123'
Usage in a plan:
$res = run_task('st2::key_get', $stackstorm_target,
key => 'testkey',
auth_token => $auth_token)
Using Tasks With Username and Password
Finally bolt
can accept username/passwords to communicate with StackStorm.
Usage via command line:
bolt task run st2::key_get key="testkey" username="myuser" password="xyz123"
Usage in a plan:
$res = run_task('st2::key_get', $stackstorm_target,
key => 'testkey',
username => $username,
password => $password)
Limitations
Supported platforms
- Ubuntu 18.04
- Ubuntu 20.04
- RHEL/CentOS 7
Supported Puppet versions
- Puppet 6
- Puppet 7
:warning: End-of-Support Notice - Mistral
Support for Mistral has been dropped as of StackStorm 3.3.0
.
As of version 1.8
this module no longer supports Mistral (and subsequently PostgreSQL)
Neither Mistral nor Postgresql will be installed or managed by this module.
:warning: End-of-Support Notice - Ubuntu 16.04
Support for Ubuntu 16.04 has been dropped as of StackStorm 3.5.0
As of version 2.3
this module no longer supports Ubuntu 16.04
:warning: End-of-Support Notice - CentOS 6
Support for CentOS 6 has been dropped as of StackStorm 3.3.0
.
As of version 1.8
this module no longer supports CentOS 6, so changes will not be tested against this platform.
:warning: Deprecation Notice - Puppet 5
Puppet 5 reaches End of Life on 2021-12-31. As of version 2.0
use of Puppet 5 with this module
is officially deprecated.
- This module no longer tests against Puppet 5 in its build matrix.
- The next major release of the module will drop support for Puppet 5 by adjusting the
minimum supported Puppet version in
metadata.json
.
:warning: Deprecation Notice - Puppet 4
Puppet 4 reached End of Life on 2018-12-31. As of version 1.4
use of Puppet 4 with this module
is officially deprecated.
- As of version
1.5.0
this module no longer tests against Puppet 4 in its build matrix. - The next major release of the module will drop support for Puppet 4 by adjusting the
minimum supported Puppet version in
metadata.json
.
:warning: Deprecation Notice - Puppet 3
This module no longer supports Puppet 3 as of version 1.1
Upgrading StackStorm
By default this module does NOT handle upgrades of StackStorm. It is the responsiblity of the end user to upgrade StackStorm according to the upgrade documenation.
In a future release a Puppet task may be included to perform these update on demand using bolt.
Development
Contributions to this module are more than welcome! If you have a problem with the module or would like to see a new feature, please raise an issue. If you are amazing, find a bug or implement a new feature and want to add it to the module, please submit a Pull Request.
Maintainers
- Nick Maludy
- GitHub - @nmaludy
- StackStorm info@stackstorm.com
- James Fryman
- Patrick Hoolboom
- Bradley Bishop
- GitHub - @nmaludy
Help
If you're in stuck, our community always ready to help, feel free to:
- Ask questions in our public Slack channel in channel
#puppet
- Report bug, provide feature request or just give us a ✮ star
Your contribution is more than welcome!
Reference
Table of Contents
Classes
st2
: Base class for st2 module. Used as top-level to set parameters via Hiera, this class does not need to be called directly.st2::auth
: Class to configure authentication for StackStorm.st2::auth::common
: Class that contains all of the "common" settings for auth.st2::auth::flat_file
: Auth class to configure and setup Flat File (htpasswd) Authenticationst2::auth::keystone
: Auth class to configure and setup Keystone Based Authenticationst2::auth::ldap
: Auth class to configure and setup LDAP Based Authenticationst2::auth::mongodb
: Auth class to configure and setup MongoDB Based Authenticationst2::auth::pam
: Auth class to configure and setup PAM authentication.st2::kvs
: Automatically loads Key/Value pairs for StackStorm DB from Hierast2::logging::rsyslog
: Helper class to route syslog messages when using rsyslogst2::notices
: This is a private class used to store long strings to limit down on lint problems.st2::packs
: Install and configure st2 packages in bulk and via Hiera.st2::params
: Main parameters to manage the st2 modulest2::profile::chatops
: Profile to install and configure chatops for st2st2::profile::client
: Profile to install, configure and manage all client libraries for st2st2::profile::facter
: Setup custom fact locationsst2::profile::fullinstall
: This class performs a full default install of StackStorm and all its components on a single node.st2::profile::mongodb
: StackStorm compatable installation of MongoDB and dependencies.st2::profile::nginx
: StackStorm compatible installation of nginx and dependencies.st2::profile::nodejs
: st2 compatable installation of NodeJS and dependencies for use with StackStorm.st2::profile::python
: StackStorm compatable installation of Python and dependencies.st2::profile::rabbitmq
: StackStorm compatable installation of RabbitMQ and dependencies.st2::profile::selinux
: Configure SELinux so that StackStorm services run properlyst2::profile::server
: Profile to install, configure and manage all server components for st2st2::profile::web
: Profile to install, configure and manage StackStorm web UI (st2web).st2::repo
: Manages the installation of st2 required repos for installing the StackStorm packages.st2::repo::apt
: Apt repo for StackStormst2::repo::yum
: Yum repo for StackStormst2::scheduler
: Manages the st2scheduler service.st2::server::datastore_keys
: Generates and manages crypto keys for use with the StackStorm datastorest2::stanley
: Installs the default admin user for st2 (stanley).st2::timersengine
: Manages the st2timersengine service.st2::workflowengine
: Manages the st2workflowengine service (Orquesta)
Defined types
st2::auth_user
: Creates and manages StackStorm application users (flat_file auth only)st2::client::settings
: Generates a configuration file for the st2 CLI (st2client)st2::kv
: Sets a value to the StackStorm Key/Value Storest2::pack
: Manages a StackStorm Packst2::rbac
: This defined type creates RBAC resources for usersst2::user
: Creates an system (OS level) user for use with StackStorm
Resource types
st2_pack
: Manage st2 packs
Functions
st2::urlencode
: URL encodes a stringst2::version_ge
: Determines if the StackStorm version installed or the version requested by the user is greater than or equal to $version.
Data types
St2::Repository
: Validate the type of system package repository for StackStorm
Tasks
key_decrypt
: Decrypt a StackStorm key/value pair. TODO - Remove this when the following is closed: https://github.com/StackStorm/st2/issues/4545key_get
: Retrieve the value for a key from the StackStorm datastorekey_load
: Load a list of a StackStorm key/value pairs into the datastorepack_install
: Install a list of packspack_list
: Get a list of packspack_register
: Registers a pack that exists on the filesystempack_remove
: Remove a list of packsrule_disable
: Disable a given rulerule_list
: Return a list of rules.run
: Runs a StackStorm action
Plans
st2::upgrade_mongodb
: Upgrades a standalone MongoDB database between versions.
Classes
st2
Base class for st2 module. Used as top-level to set parameters via Hiera, this class does not need to be called directly.
Examples
Basic Usage
include st2
Variables can be set in Hiera and take advantage of automatic data bindings:
st2::version: 2.10.1
Customizing parameters
# best practice is to change default username/password
class { 'st2::params':
admin_username => 'st2admin',
admin_password => 'SuperSecret!',
}
class { 'st2':
version => '2.10.1',
}
Different passwords for each database (MongoDB, RabbitMQ)
class { 'st2':
# StackStorm user
cli_username => 'st2admin',
cli_password => 'SuperSecret!',
# MongoDB user for StackStorm
db_username => 'admin',
db_password => 'KLKfp9#!2',
# RabbitMQ user for StackStorm
rabbitmq_username => 'st2',
rabbitmq_password => '@!fsdf0#45',
}
Install with python 3.6 (if not default on your system)
$st2_python_version = $facts['os']['family'] ? {
'RedHat' => '3.6',
'Debian' => 'python3.6',
}
class { 'st2':
python_version => $st2_python_version,
}
Parameters
The following parameters are available in the st2
class.
version
Data type: Any
Version of StackStorm package to install (default = 'present') See the package 'ensure' property: https://puppet.com/docs/puppet/5.5/types/package.html#package-attribute-ensure
Default value: 'present'
python_version
Data type: String
Version of Python to install. Default is 'system' meaning the system version of Python will be used. To install Python 3.6 on RHEL/CentOS 7 specify '3.6'. To install Python 3.6 on Ubuntu 16.05 specify 'python3.6'.
Default value: 'system'
repository
Data type: St2::Repository
Release repository to enable. 'stable', 'unstable' (default = 'stable')
Default value: $st2::params::repository
conf_dir
Data type: Any
The directory where st2 configs are stored
Default value: $st2::params::conf_dir
conf_file
Data type: Any
The path where st2 config is stored
Default value: "${st2::params::conf_dir}/st2.conf"
use_ssl
Data type: Any
Enable/Disable SSL for all st2 APIs
Default value: $st2::params::use_ssl
ssl_cert_manage
Data type: Any
Boolean to determine if this module should manage the SSL certificate used by nginx.
Default value: true
ssl_dir
Data type: Any
Directory where st2web will look for its SSL info. (default: /etc/ssl/st2)
Default value: $st2::params::ssl_dir
ssl_cert
Data type: Any
Path to the file where the StackStorm SSL cert will be generated. (default: /etc/ssl/st2/st2.crt)
Default value: $st2::params::ssl_cert
ssl_key
Data type: Any
Path to the file where the StackStorm SSL key will be generated. (default: /etc/ssl/st2/st2.key)
Default value: $st2::params::ssl_key
auth
Data type: Any
Toggle to enable/disable auth (Default: true)
Default value: true
auth_api_url
Data type: Any
URL where StackStorm auth service will communicate with the StackStorm API service
Default value: "http://${st2::params::hostname}:${st2::params::api_port}"
auth_debug
Data type: Any
Toggle to enable/disable auth debugging (Default: false)
Default value: false
auth_mode
Data type: Any
Auth mode, either 'standalone' or 'backend (default: 'standalone')
Default value: $st2::params::auth_mode
auth_backend
Data type: Any
Determines which auth backend to configure. (default: flat_file) Available backends:
- flat_file
- keystone
- ldap
- mongodb
- pam
Default value: $st2::params::auth_backend
auth_backend_config
Data type: Any
Hash of parameters to pass to the auth backend class when it's instantiated. This will be different for every backend. Please see the corresponding backend class to determine what the config options should be.
Default value: $st2::params::auth_backend_config
cli_base_url
Data type: Any
CLI config - Base URL lives
Default value: "http://${st2::params::hostname}"
cli_api_version
Data type: Any
CLI config - API Version
Default value: 'v1'
cli_debug
Data type: Any
CLI config - Enable/Disable Debug
Default value: false
cli_cache_token
Data type: Any
CLI config - True to cache auth token until expries
Default value: true
cli_username
Data type: Any
CLI config - Auth Username
Default value: $st2::params::admin_username
cli_password
Data type: Any
CLI config - Auth Password
Default value: $st2::params::admin_password
cli_api_url
Data type: Any
CLI config - API URL
Default value: "http://${st2::params::hostname}:${st2::params::api_port}"
cli_auth_url
Data type: Any
CLI config - Auth URL
Default value: "http://${st2::params::hostname}:${st2::params::auth_port}"
actionrunner_workers
Data type: Any
Set the number of actionrunner processes to start
Default value: $st2::params::actionrunner_workers
packs
Data type: Any
Hash of st2 packages to be installed
Default value: {}
packs_group
Data type: Any
Name of the group that will own the /opt/stackstorm/packs directory (default: st2packs)
Default value: $st2::params::packs_group_name
index_url
Data type: Any
Url to the StackStorm Exchange index file. (default undef)
Default value: undef
syslog
Data type: Any
Routes all log messages to syslog
Default value: false
syslog_host
Data type: Any
Syslog host. Default: localhost
Default value: 'localhost'
syslog_protocol
Data type: Any
Syslog protocol. Default: udp
Default value: 'udp'
syslog_port
Data type: Any
Syslog port. Default: 514
Default value: 514
syslog_facility
Data type: Any
Syslog facility. Default: local7
Default value: 'local7'
ssh_key_location
Data type: Any
Location on filesystem of Admin SSH key for remote runner
Default value: '/home/stanley/.ssh/st2_stanley_key'
db_host
Data type: Any
Hostname to talk to st2 db
Default value: $st2::params::hostname
db_port
Data type: Any
Port for db server for st2 to talk to
Default value: $st2::params::mongodb_port
db_bind_ips
Data type: Any
Array of bind IP addresses for MongoDB to listen on
Default value: $st2::params::mongodb_bind_ips
db_name
Data type: Any
Name of db to connect to (default: 'st2')
Default value: $st2::params::mongodb_st2_db
db_username
Data type: Any
Username to connect to db with (default: 'stackstorm')
Default value: $st2::params::mongodb_st2_username
db_password
Data type: Any
Password for 'admin' and 'stackstorm' users in MongDB. If 'undef' then use $cli_password
Default value: $st2::params::admin_password
mongodb_version
Data type: Any
Version of MongoDB to install. If not provided it will be auto-calcuated based on $version (default: undef)
Default value: undef
mongodb_manage_repo
Data type: Any
Set this to false when you have your own repositories for MongoDB (default: true)
Default value: true
mongodb_auth
Data type: Any
Boolean determining if auth should be enabled for MongoDB. Note: On new versions of Puppet (4.0+) you'll need to disable this setting. (default: true)
Default value: true
nginx_manage_repo
Data type: Any
Set this to false when you have your own repositories for nginx (default: true)
Default value: true
nginx_ssl_ciphers
Data type: Any
String or list of strings of acceptable SSL ciphers to configure nginx with. @see http://nginx.org/en/docs/http/ngx_http_ssl_module.html Note: the defaults are setup to restrict to TLSv1.2 and TLSv1.3 secure ciphers only (secure by default). The secure ciphers for each protocol were obtained via: @see https://wiki.mozilla.org/Security/Server_Side_TLS
Default value: $st2::params::nginx_ssl_ciphers
nginx_ssl_protocols
Data type: Any
String or list of strings of acceptable SSL protocols to configure nginx with. @see http://nginx.org/en/docs/http/ngx_http_ssl_module.html Note: the defaults are setup to restrict to TLSv1.2 and TLSv1.3 only (secure by default)
Default value: $st2::params::nginx_ssl_protocols
nginx_ssl_port
Data type: Any
What port should nginx listen on publicly for new connections (default: 443)
Default value: $st2::params::nginx_ssl_port
nginx_client_max_body_size
Data type: Any
The maximum size of the body for a request allow through nginx. We default this to '0' to allow for large messages/payloads/inputs/results to be passed through nginx as is normal in the StackStorm context. @see http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size
Default value: $st2::params::nginx_client_max_body_size
web_root
Data type: Any
Directory where the StackStorm WebUI site lives on the filesystem
Default value: $st2::params::web_root
timersengine_enabled
Data type: Any
Set to true if the st2timersengine service should be enabled on this node (default: true)
Default value: $st2::params::timersengine_enabled
timersengine_timezone
Data type: Any
The local timezone for this node. (default: 'America/Los_Angeles')
Default value: $st2::params::timersengine_timezone
scheduler_sleep_interval
Data type: Any
How long (in seconds) to sleep between each action scheduler main loop run interval. (default = 0.1)
Default value: $st2::params::scheduler_sleep_interval
scheduler_gc_interval
Data type: Any
How often (in seconds) to look for zombie execution requests before rescheduling them. (default = 10)
Default value: $st2::params::scheduler_gc_interval
scheduler_pool_size
Data type: Any
The size of the pool used by the scheduler for scheduling executions. (default = 10)
Default value: $st2::params::scheduler_pool_size
chatops_adapter
Data type: Any
Adapter package(s) to be installed with npm. List of hashes.
Default value: $st2::params::chatops_adapter
chatops_adapter_conf
Data type: Any
Configuration parameters for Hubot adapter (hash)
Default value: $st2::params::chatops_adapter_conf
chatops_hubot_log_level
Data type: Any
Logging level for hubot (string)
Default value: $st2::params::hubot_log_level
chatops_hubot_express_port
Data type: Any
Port that hubot operates on (integer or string)
Default value: $st2::params::hubot_express_port
chatops_tls_cert_reject_unauthorized
Data type: Any
Should hubot validate SSL certs Set to 1 when using self signed certs
Default value: $st2::params::tls_cert_reject_unauthorized
chatops_hubot_name
Data type: Any
Name of the bot in chat. Should be properly quoted if it has special characters, example: '"MyBot!"'
Default value: $st2::params::hubot_name
chatops_hubot_alias
Data type: Any
Character to trigger the bot at the beginning of a message. Must be properly quoted of it's a special character, example: "'!'"
Default value: $st2::params::hubot_alias
chatops_api_key
Data type: Any
API key generated by st2 apikey create
that hubot will use to post data back
to StackStorm.
(default: undef)
Default value: undef
chatops_st2_hostname
Data type: Any
Hostname of the StackStorm instance that chatops will connect to for API and Auth. If unspecified it will use the default in /opt/stackstorm/chatops/st2chatops.env (default: undef)
Default value: $st2::params::hostname
chatops_api_url
Data type: Any
ChatOps config - API URL
Default value: "https://${st2::params::hostname}/api"
chatops_auth_url
Data type: Any
ChatOps config - Auth URL
Default value: "https://${st2::params::hostname}/auth"
chatops_web_url
Data type: Any
Public URL of StackStorm instance. used by chatops to offer links to execution details in a chat. If unspecified it will use the default in /opt/stackstorm/chatops/st2chatops.env (default: undef)
Default value: undef
nodejs_version
Data type: Any
Version of NodeJS to install. If not provided it will be auto-calcuated based on $version (default: undef)
Default value: undef
nodejs_manage_repo
Data type: Any
Set this to false when you have your own repositories for NodeJS (default: true)
Default value: true
cli_silence_ssl_warnings
Data type: Any
Default value: false
ng_init
Data type: Any
Default value: true
datastore_keys_dir
Data type: Any
Default value: $st2::params::datstore_keys_dir
datastore_key_path
Data type: Any
Default value: "${st2::params::datstore_keys_dir}/datastore_key.json"
rabbitmq_username
Data type: Any
Default value: $st2::params::rabbitmq_username
rabbitmq_password
Data type: Any
Default value: $st2::params::rabbitmq_password
rabbitmq_hostname
Data type: Any
Default value: $st2::params::rabbitmq_hostname
rabbitmq_port
Data type: Any
Default value: $st2::params::rabbitmq_port
rabbitmq_bind_ip
Data type: Any
Default value: $st2::params::rabbitmq_bind_ip
rabbitmq_vhost
Data type: Any
Default value: $st2::params::rabbitmq_vhost
st2::auth
StackStorn st2auth service provides a framework for authenticating with various sources. Plugins to this framework that provide authentication implementations are called 'backends'. This generic class can be used to configure the st2auth service and also instantiate a proper backend. The auth backend implementations are in the manifests/auth/ directory.
Examples
Basic usage (via st2)
class { 'st2':
auth_backend => 'flat_file',
auth_backend_config => {
htpasswd_file => '/etc/something/htpasswd',
},
}
Instantiate via Hiera
st2::auth_backend: "flat_file"
st2::auth_backend_config"
htpasswd_file: "/etc/something/htpasswd"
Direct usage (default Flat File auth backend)
include st2::auth
Direct usage to configure a specific auth backend
class { 'st2::auth':
backend => 'mongodb',
backend_config => {
db_host => 'mongodb.stackstorm.net',
}
use_ssl => true,
ssl_cert => '/etc/ssl/cert.crt',
ssl_key => '/etc/ssl/cert.key',
}
Parameters
The following parameters are available in the st2::auth
class.
backend
Data type: Any
Determines which auth backend to configure. (default: flat_file) Available backends:
- flat_file
- keystone
- ldap
- mongodb
- pam
Default value: $st2::auth_backend
backend_config
Data type: Any
Hash of parameters to pass to the backend class when it's instantiated. This will be different for every backend. Please see the corresponding backend class to determine what the config options should be.
Default value: $st2::auth_backend_config
debug
Data type: Any
Enable Debug (default: false)
Default value: $st2::auth_debug
mode
Data type: Any
Authentication mode, either 'standalone' or 'proxy' (default: standalone)
Default value: $st2::auth_mode
use_ssl
Data type: Any
Enable SSL (default: false)
Default value: $st2::use_ssl
ssl_cert
Data type: Any
Path to SSL Certificate file (default: '/etc/ssl/st2/st2.crt')
Default value: $st2::ssl_cert
ssl_key
Data type: Any
Path to SSL Key file (default: '/etc/ssl/st2/st2.key')
Default value: $st2::ssl_key
st2::auth::common
Class that contains all of the "common" settings for auth.
- Note Don't use directly
Parameters
The following parameters are available in the st2::auth::common
class.
api_url
Data type: Any
URL to the StackStorm API
Default value: $st2::auth_api_url
conf_file
Data type: Any
The path where st2 config is stored
Default value: $st2::conf_file
debug
Data type: Any
Enable Debug (default: false)
Default value: $st2::auth_debug
mode
Data type: Any
Authentication mode, either 'standalone' or 'proxy' (default: standalone)
Default value: $st2::auth_mode
use_ssl
Data type: Any
Enable SSL (default: false)
Default value: $st2::use_ssl
ssl_cert
Data type: Any
Path to SSL Certificate file (default: '/etc/ssl/st2/st2.crt')
Default value: $st2::ssl_cert
ssl_key
Data type: Any
Path to SSL Key file (default: '/etc/ssl/st2/st2.key')
Default value: $st2::ssl_key
st2::auth::flat_file
Auth class to configure and setup Flat File (htpasswd) Authentication
Examples
Instantiate via st2
class { 'st2':
auth_backend => 'flat_file',
auth_backend_config => {
htpasswd_file => '/etc/something/htpasswd',
},
}
Instantiate via Hiera
st2::auth_backend: "flat_file"
st2::auth_backend_config"
htpasswd_file: "/etc/something/htpasswd"
Parameters
The following parameters are available in the st2::auth::flat_file
class.
cli_username
Data type: Any
CLI config - Auth Username
Default value: $st2::cli_username
cli_password
Data type: Any
CLI config - Auth Password
Default value: $st2::cli_password
conf_file
Data type: Any
The path where st2 config is stored
Default value: $st2::conf_file
htpasswd_file
Data type: Any
Path to htpasswd file (default: /etc/st2/htpasswd)
Default value: $st2::params::auth_htpasswd_file
st2::auth::keystone
For information on parameters see the {backend documentation}[https://github.com/StackStorm/st2-auth-backend-keystone#configuration-options]
Examples
Instantiate via st2
class { 'st2':
auth_backend => 'keystone',
auth_backend_config => {
keystone_url => 'http://keystone.domain.tld:5000',
keystone_version => '3',
},
}
Instantiate via Hiera
st2::auth_backend: "keystone"
st2::auth_backend_config:
keystone_url: "http://keystone.domain.tld:5000"
keystone_version: "3"
Parameters
The following parameters are available in the st2::auth::keystone
class.
conf_file
Data type: Any
The path where st2 config is stored
Default value: $st2::conf_file
keystone_url
Data type: Any
Keystone URL to connect to (default: '127.0.0.1')
Default value: 'http://127.0.0.1:5000'
keystone_version
Data type: Any
Keystone API version (default: '2')
Default value: '2'
st2::auth::ldap
For information on parameters see the {backend documentation}[https://github.com/StackStorm/st2-auth-backend-ldap#configuration-options]
Examples
Instantiate via st2 (Active Directory)
class { 'st2':
auth_backend => 'ldap',
auth_backend_config => {
ldap_uri => 'ldaps://ldap.domain.tld',
bind_dn => 'cn=ldap_stackstorm,ou=service accounts,dc=domain,dc=tld',
bind_pw => 'some_password',
ref_hop_limit => 100,
user => {
base_dn => "ou=domain_users,dc=domain,dc=tld",
search_filter => "(&(objectClass=user)(sAMAccountName={username})(memberOf=cn=stackstorm_users,ou=groups,dc=domain,dc=tld))",
scope => "subtree"
},
},
}
Instantiate via Hiera (Active Directory)
st2::auth_backend: "ldap"
st2::auth_backend_config:
ldap_uri: "ldaps://ldap.domain.tld"
bind_dn: "cn=ldap_stackstorm,ou=service accounts,dc=domain,dc=tld"
bind_pw: "some_password"
ref_hop_limit: 100
user:
base_dn: "ou=domain_users,dc=domain,dc=tld"
search_filter: "(&(objectClass=user)(sAMAccountName={username})(memberOf=cn=stackstorm_users,ou=groups,dc=domain,dc=tld))"
scope: "subtree"
Parameters
The following parameters are available in the st2::auth::ldap
class.
conf_file
Data type: Any
The path where st2 config is stored
Default value: $st2::conf_file
ldap_uri
Data type: Any
URI of the LDAP server. Format: ://[:port] (protocol: ldap or ldaps)
Default value: ''
use_tls
Data type: Any
Boolean parameter to set if tls is required. Should be set to false using ldaps in the uri. (default: false)
Default value: false
bind_dn
Data type: Any
DN user to bind to LDAP. If an empty string, an anonymous bind is performed. To use the user supplied username in the bind_dn, use the {username} placeholder in string.
Default value: ''
bind_pw
Data type: Any
DN password. Use the {password} placeholder in the string to use the user supplied password.
Default value: ''
user
Data type: Any
Search parameters for user authentication
- base_dn - Base DN on the LDAP server to be used when looking up the user account.
- search_filter - LDAP search filter for finding the user in the directory. Should contain the placeholder {username} for the username.
- scope - The scope of the search to be performed. Available choices: base, onelevel, subtree
Default value: undef
group
Data type: Any
Search parameters for user's group membership:
- base_dn - Base DN on the LDAP server to be used when looking up the group.
- search_filter - DAP search filter for finding the group in the directory. Should contain the placeholder {username} for the username.
- scope - The scope of the search to be performed. Available choices: base, onelevel, subtree
Default value: undef
chase_referrals
Data type: Any
Boolean parameter to set whether to chase referrals. (default: true)
Default value: true
ref_hop_limit
Data type: Any
The maximum number to refer Referrals recursively (default: 0)
Default value: 0
st2::auth::mongodb
For information on parameters see the {backend documentation}[https://github.com/StackStorm/st2-auth-backend-mongodb#configuration-options]
Examples
Instantiate via st2
class { 'st2':
auth_backend => 'mongodb',
auth_backend_config => {
db_host => 'mongodb.stackstorm.net',
db_port => '1234',
db_name => 'myauthdb',
},
}
Instantiate via Hiera
st2::auth_backend: "mongodb"
st2::auth_backend_config:
db_host: "mongodb.stackstorm.net"
db_port: "1234"
db_name: "myauthdb"
Parameters
The following parameters are available in the st2::auth::mongodb
class.
conf_file
Data type: Any
The path where st2 config is stored
Default value: $st2::conf_file
db_host
Data type: Any
Hostname for the MongoDB server (default: 127.0.0.1)
Default value: $st2::db_host
db_port
Data type: Any
Port for the MongoDB server (default: 27017)
Default value: $st2::db_port
db_name
Data type: Any
Database name in MongoDB (default: st2auth)
Default value: 'st2auth'
db_auth
Data type: Any
Enable authentication with MongoDB (required for MongoDB installs with auth enabled)
Default value: $st2::mongodb_auth
db_username
Data type: Any
Username for MongoDB login (default: st2auth)
Default value: $st2::db_username
db_password
Data type: Any
Password for MongoDB login (default: st2auth)
Default value: $st2::db_password
st2::auth::pam
Auth class to configure and setup PAM authentication.
-
TODO Need to configure st2auth service to run as root
-
Note This backend will NOT allow you to auth with PAM for the 'root' user. You will need to auth a non-root user on the Linux host.
Examples
Instantiate via st2
class { 'st2':
backend => 'pam',
}
Instantiate via Hiera
st2::auth_backend: "pam"
st2::auth_backend_config: {}
Parameters
The following parameters are available in the st2::auth::pam
class.
conf_file
Data type: Any
The path where st2 config is stored
Default value: $st2::conf_file
st2::kvs
Automatically loads Key/Value pairs for StackStorm DB from Hiera
- See also st2::kv
Examples
Key/value pairs defined in Hiera
st2::kvs:
keyname:
value: 'blah'
mysupercoolkey:
value: 'xyz123'
st2::logging::rsyslog
This class bootstraps a system configured with rsyslog and st2::syslog enabled to route messages to all the right places.
Examples
Basic usage
include st2::logging::rsyslog
st2::notices
This is a private class used to store long strings to limit down on lint problems.
- Note Please do not call directly
st2::packs
Install and configure st2 packages in bulk and via Hiera.
- See also st2::pack and st2::pack::config for usage
Examples
Basic Usage
class { 'st2::packs':
packs => {
puppet => {},
influxdb => {
config => {
server => 'influxdb.domain.tld',
},
},
}
Created via Hiera
st2::packs:
puppet: {}
influxdb:
config:
server => 'influxdb.domain.tld'
Parameters
The following parameters are available in the st2::packs
class.
packs
Data type: Any
Default value: $st2::packs
st2::params
Main parameters to manage the st2 module
Examples
Best Practice
class { 'st2::params':
admin_username => 'myuser',
admin_password => 'SuperSecret!',
}
include st2::profile::fullinstall
Parameters
The following parameters are available in the st2::params
class.
packs_group_name
Data type: Any
The name of the group created to hold the st2 admin user
Default value: 'st2packs'
hostname
Data type: Any
Hostname of the StackStorm box. This is used as the default to drive a lot of other parameters in the st2 class such as auth URL, MongoDB host, RabbitMQ host, etc.
Default value: '127.0.0.1'
admin_username
Data type: Any
Username of the StackStorm admin user. Best practice is to change this to a unique username.
Default value: 'st2admin'
admin_password
Data type: Any
Password of the StackStorm admin user. Best practice is to change this to a unique password.
Default value: 'Ch@ngeMe'
st2::profile::chatops
Profile to install and configure chatops for st2
- Note This class doesn't need to be invoked directly, instead it's best to customize it through the main +st2+ class
Examples
Basic Usage
class { 'st2':
chatops_hubot_name => '"@RosieRobot"',
chatops_api_key => '"xxxxyyyyy123abc"',
chatops_adapter => {
hubot-adapter => {
package => 'hubot-rocketchat',
source => 'git+ssh://git@git.company.com:npm/hubot-rocketchat#master',
},
},
chatops_adapter_conf => {
HUBOT_ADAPTER => 'rocketchat',
ROCKETCHAT_URL => 'https://chat.company.com',
ROCKETCHAT_ROOM => 'stackstorm',
LISTEN_ON_ALL_PUBLIC => 'true',
ROCKETCHAT_USER => 'st2',
ROCKETCHAT_PASSWORD => 'secret123',
ROCKETCHAT_AUTH => 'password',
RESPOND_TO_DM => 'true',
},
}
Parameters
The following parameters are available in the st2::profile::chatops
class.
version
Data type: Any
Version of the st2chatops package to install
Default value: $st2::version
hubot_log_level
Data type: Any
Hubot log level
Default value: $st2::chatops_hubot_log_level
hubot_express_port
Data type: Any
Express port hubot listens to
Default value: $st2::chatops_hubot_express_port
tls_cert_reject_unauthorized
Data type: Any
Set to 1 when using self signed certs
Default value: $st2::chatops_tls_cert_reject_unauthorized
hubot_name
Data type: Any
Name of the bot in chat. Should be properly quoted if it has special characters, example: '"MyBot!"'
Default value: $st2::chatops_hubot_name
hubot_alias
Data type: Any
Character to trigger the bot at the beginning of a message. Must be properly quoted of it's a special character, example: "'!'"
Default value: $st2::chatops_hubot_alias
npm_packages
Data type: Any
NodeJS packages to be installed (usually a hubot adapter)
Default value: $st2::chatops_adapter
adapter_config
Data type: Any
Configuration parameters for Hubot adapter (hash)
Default value: $st2::chatops_adapter_conf
api_key
Data type: Any
API key generated by st2 apikey create that hubot will use to post data back to StackStorm.
Default value: $st2::chatops_api_key
st2_hostname
Data type: Any
Hostname of the StackStorm instance that chatops will connect to for API and Auth. If unspecified it will use the default in /opt/stackstorm/chatops/st2chatops.env
Default value: $st2::chatops_st2_hostname
web_url
Data type: Any
Public URL of StackStorm instance. Used by chatops to offer links to execution details in a chat. If unspecified it will use the default in /opt/stackstorm/chatops/st2chatops.env
Default value: $st2::chatops_web_url
api_url
Data type: Any
URL of the StackStorm API service
Default value: $st2::chatops_api_url
auth_url
Data type: Any
URL of the StackStorm Auth service
Default value: $st2::chatops_auth_url
auth_username
Data type: Any
StackStorm auth Username for ChatOps to communicate back with StackStorm. Used if +api_key+ is not specified (optional)
Default value: $st2::cli_username
auth_password
Data type: Any
StackStorm auth Password for ChatOps to communicate back with StackStorm. Used if +api_key+ is not specified (optional)
Default value: $st2::cli_password
st2::profile::client
Profile to install, configure and manage all client libraries for st2
Examples
Basic Usage
include st2::profile::client
Parameters
The following parameters are available in the st2::profile::client
class.
auth
Data type: Any
Is auth enabled or not.
Default value: $st2::auth
api_url
Data type: Any
URL of the StackStorm API service
Default value: $st2::cli_api_url
auth_url
Data type: Any
URL of the StackStorm Auth service
Default value: $st2::cli_auth_url
base_url
Data type: Any
Base URL for other StackStorm services
Default value: $st2::cli_base_url
username
Data type: Any
Username for auth on the CLI
Default value: $st2::cli_username
password
Data type: Any
Password for auth on the CLI
Default value: $st2::cli_password
api_version
Data type: Any
Version of the StackStorm API
Default value: $st2::cli_api_version
cacert
Data type: Any
Path to the SSL CA certficate for the StackStorm services
Default value: $st2::cli_cacert
debug
Data type: Any
Enable debug mode
Default value: $st2::cli_debug
cache_token
Data type: Any
Enable cacheing authentication tokens until they expire
Default value: $st2::cli_cache_token
silence_ssl_warnings
Data type: Any
Enable silencing SSL warnings for self-signed certs
Default value: $st2::cli_silence_ssl_warnings
st2::profile::facter
Setup custom fact locations
Examples
Basic Usage
include st2::profile::facter
st2::profile::fullinstall
Components:
- RabbitMQ
- Python
- MongoDB
- NodeJS
- nginx
Examples
Basic Usage
include st2::profile::fullinstall
Customizing parameters
# Customizations are done via the main st2 class
class { 'st2':
# ... assign custom parameters
}
include st2::profile::fullinstall
st2::profile::mongodb
StackStorm compatable installation of MongoDB and dependencies.
Examples
Basic Usage
include st2::profile::mongodb
Customize (done via st2)
class { 'st2':
db_name => 'stackstormdb',
db_username => 'abc',
db_password => 'xyz123',
db_port => 12345,
}
include st2::profile::mongodb
Parameters
The following parameters are available in the st2::profile::mongodb
class.
db_name
Data type: Any
Name of the StackStorm database
Default value: $st2::db_name
db_username
Data type: Any
Username to connect to db with
Default value: $st2::db_username
db_password
Data type: Any
Password for 'admin' and 'stackstorm' users in MongDB. If 'undef' then use $cli_password
Default value: $st2::db_password
db_port
Data type: Any
Port for db server for st2 to talk to
Default value: $st2::db_port
db_bind_ips
Data type: Any
Array of bind IP addresses for MongoDB to listen on
Default value: $st2::db_bind_ips
version
Data type: Any
Version of MongoDB to install. If not provided it will be auto-calcuated based on $st2::version.
Default value: $st2::mongodb_version
manage_repo
Data type: Any
Set this to +false+ when you have your own repositories for mongodb
Default value: $st2::mongodb_manage_repo
auth
Data type: Any
Boolean determining if auth should be enabled for MongoDB.
Default value: $st2::mongodb_auth
st2::profile::nginx
StackStorm compatible installation of nginx and dependencies.
Examples
Basic Usage
include st2::profile::nginx
Disable managing the nginx repo so you can manage it yourself
class { 'st2::profile::nginx':
manage_repo => false,
}
Parameters
The following parameters are available in the st2::profile::nginx
class.
manage_repo
Data type: Any
Set this to false when you have your own repository for nginx
Default value: $st2::nginx_manage_repo
st2::profile::nodejs
This class is needed for StackStorm ChatOps +st2::profile::chatops::. Normally this class is instantiated by +st2::profile::fullinstall+. However, advanced users can instantiate this class directly to configure and manage just the NodeJS installation on a single node.
Examples
Basic Usage
include st2::profile::nodejs
Custom Parameters
class { 'st2::profile::nodejs':
}
Parameters
The following parameters are available in the st2::profile::nodejs
class.
manage_repo
Data type: Any
Set this to false when you have your own repositories for NodeJS.
Default value: $st2::nodejs_manage_repo
version
Data type: Any
Version of NodeJS to install. If not provided it will be auto-calcuated based on $st2::version
Default value: $st2::nodejs_version
st2::profile::python
include st2::profile::python
Examples
Basic Usage
include st2::profile::python
Install with python 3.6 (if not default on your system)
$st2_python_version = $facts['os']['family'] ? {
'RedHat' => '3.6',
'Debian' => 'python3.6',
}
class { 'st2':
python_version => $st2_python_version,
}
Parameters
The following parameters are available in the st2::profile::python
class.
version
Data type: String
Version of Python to install. Default is 'system' meaning the system version of Python will be used. To install Python 3.6 on RHEL/CentOS 7 specify '3.6'. To install Python 3.6 on Ubuntu 16.05 specify 'python3.6'.
Default value: $st2::python_version
st2::profile::rabbitmq
StackStorm compatable installation of RabbitMQ and dependencies.
Examples
Basic Usage
include st2::profile::rabbitmq
Authentication enabled (configured vi st2)
class { 'st2':
rabbitmq_username => 'rabbitst2',
rabbitmq_password => 'secret123',
}
include st2::profile::rabbitmq
Parameters
The following parameters are available in the st2::profile::rabbitmq
class.
username
Data type: Any
User to create within RabbitMQ for authentication.
Default value: $st2::rabbitmq_username
password
Data type: Any
Password of +username+ for RabbitMQ authentication.
Default value: $st2::rabbitmq_password
port
Data type: Any
Port to bind to for the RabbitMQ server
Default value: $st2::rabbitmq_port
bind_ip
Data type: Any
IP address to bind to for the RabbitMQ server
Default value: $st2::rabbitmq_bind_ip
vhost
Data type: Any
RabbitMQ virtual host to create for StackStorm
Default value: $st2::rabbitmq_vhost
st2::profile::selinux
Configure SELinux so that StackStorm services run properly
Examples
Basic Usage
include st2::profile::selinux
st2::profile::server
Profile to install, configure and manage all server components for st2
Examples
Basic usage
include st2::profile::server
Parameters
The following parameters are available in the st2::profile::server
class.
version
Data type: Any
Version of StackStorm to install
Default value: $st2::version
conf_dir
Data type: Any
The directory where st2 configs are stored
Default value: $st2::conf_dir
conf_file
Data type: Any
The path where st2 config is stored
Default value: $st2::conf_file
auth
Data type: Any
Toggle Auth
Default value: $st2::auth
actionrunner_workers
Data type: Any
Set the number of actionrunner processes to start
Default value: $st2::actionrunner_workers
st2api_listen_ip
Data type: Any
Listen IP for st2api process
Default value: '0.0.0.0'
st2api_listen_port
Data type: Any
Listen port for st2api process
Default value: '9101'
st2auth_listen_ip
Data type: Any
Listen IP for st2auth process
Default value: '0.0.0.0'
st2auth_listen_port
Data type: Any
Listen port for st2auth process
Default value: '9100'
syslog
Data type: Any
Routes all log messages to syslog
Default value: $st2::syslog
syslog_host
Data type: Any
Syslog host.
Default value: $st2::syslog_host
syslog_protocol
Data type: Any
Syslog protocol.
Default value: $st2::syslog_protocol
syslog_port
Data type: Any
Syslog port.
Default value: $st2::syslog_port
syslog_facility
Data type: Any
Syslog facility.
Default value: $st2::syslog_facility
ssh_key_location
Data type: Any
Location on filesystem of Admin SSH key for remote runner
Default value: $st2::ssh_key_location
db_username
Data type: Any
Username to connect to MongoDB with (default: 'stackstorm')
Default value: $st2::db_username
db_password
Data type: Any
Password for 'stackstorm' user in MongDB.
Default value: $st2::db_password
index_url
Data type: Any
Url to the StackStorm Exchange index file. (default undef)
Default value: $st2::index_url
ng_init
Data type: Any
Default value: $st2::ng_init
rabbitmq_username
Data type: Any
Default value: $st2::rabbitmq_username
rabbitmq_password
Data type: Any
Default value: $st2::rabbitmq_password
rabbitmq_hostname
Data type: Any
Default value: $st2::rabbitmq_hostname
rabbitmq_port
Data type: Any
Default value: $st2::rabbitmq_port
rabbitmq_vhost
Data type: Any
Default value: $st2::rabbitmq_vhost
packs_group
Data type: Any
Default value: $st2::packs_group_name
st2::profile::web
Profile to install, configure and manage StackStorm web UI (st2web).
Examples
Basic Usage
include st2::profile::web'
Managing your own certificate
# create your own certificate and key in the correct locations
file { '/etc/ssl/st2/st2.crt':
content => 'my cert data',
}
file { '/etc/ssl/st2/st2.key':
content => 'my privatekey data',
}
# instantiate this profile with ssl_cert_manage false
class { 'st2::profile::web':
ssl_cert_manage => false,
}
Change the SSL protocols and ciphers
class { 'st2::profile::web':
nginx_ssl_protocols => ['TLSv1.2'],
nginx_ssl_ciphers => [
'ECDHE-ECDSA-AES256-GCM-SHA384',
'ECDHE-ECDSA-AES256-SHA384',
],
}
Parameters
The following parameters are available in the st2::profile::web
class.
nginx_ssl_ciphers
Data type: Variant[Array[String], String]
String or list of strings of acceptable SSL ciphers to configure nginx with. @see http://nginx.org/en/docs/http/ngx_http_ssl_module.html Note: the defaults are setup to restrict to TLSv1.2 and TLSv1.3 secure ciphers only (secure by default). The secure ciphers for each protocol were obtained via: @see https://wiki.mozilla.org/Security/Server_Side_TLS
Default value: $st2::nginx_ssl_ciphers
nginx_ssl_protocols
Data type: Variant[Array[String], String]
String or list of strings of acceptable SSL protocols to configure nginx with. @see http://nginx.org/en/docs/http/ngx_http_ssl_module.html Note: the defaults are setup to restrict to TLSv1.2 and TLSv1.3 only (secure by default)
Default value: $st2::nginx_ssl_protocols
nginx_ssl_port
Data type: Stdlib::Port
What port should nginx listen on publicly for new connections (default: 443)
Default value: $st2::nginx_ssl_port
nginx_client_max_body_size
Data type: String
The maximum size of the body for a request allow through nginx. We default this to '0' to allow for large messages/payloads/inputs/results to be passed through nginx as is normal in the StackStorm context. @see http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size
Default value: $st2::nginx_client_max_body_size
ssl_cert_manage
Data type: Boolean
Boolean to determine if this module should manage the SSL certificate used by nginx.
Default value: $st2::ssl_cert_manage
ssl_dir
Data type: Stdlib::Absolutepath
Directory where st2web will look for its SSL info. (default: /etc/ssl/st2)
Default value: $st2::ssl_dir
ssl_cert
Data type: String
Path to the file where the StackStorm SSL cert will be generated. (default: /etc/ssl/st2/st2.crt)
Default value: $st2::ssl_cert
ssl_key
Data type: String
Path to the file where the StackStorm SSL key will be generated. (default: /etc/ssl/st2/st2.key)
Default value: $st2::ssl_key
version
Data type: String
Version of StackStorm WebUI to install
Default value: $st2::version
web_root
Data type: String
Directory where the StackStorm WebUI site lives on the filesystem
Default value: $st2::web_root
st2::repo
Manages the installation of st2 required repos for installing the StackStorm packages.
Examples
Basic usage
include st2::repo
Installing from unstable
class { 'st2::repo':
repository => 'unstable',
}
Parameters
The following parameters are available in the st2::repo
class.
ensure
Data type: Enum['present', 'absent']
The basic state the repo should be in
Default value: 'present'
repository
Data type: St2::Repository
Release repository to enable
Default value: $st2::repository
st2::repo::apt
Apt repo for StackStorm
st2::repo::yum
Yum repo for StackStorm
st2::scheduler
Normally this class is instantiated by st2::profile::fullinstall. However, advanced users can instantiate this class directly to configure and manage just the st2scheduler service on a single node. Parameters for this class mirror the parameters in the st2 config.
Examples
Basic usage
include st2::scheduler
Customizing parameters
class { 'st2::scheduler':
sleep_interval => 60,
gc_interval => 120,
}
Parameters
The following parameters are available in the st2::scheduler
class.
sleep_interval
Data type: Any
How long (in seconds) to sleep between each action scheduler main loop run interval.
Default value: $st2::scheduler_sleep_interval
gc_interval
Data type: Any
How often (in seconds) to look for zombie execution requests before rescheduling them.
Default value: $st2::scheduler_gc_interval
pool_size
Data type: Any
The size of the pool used by the scheduler for scheduling executions.
Default value: $st2::scheduler_pool_size
st2::server::datastore_keys
Generates and manages crypto keys for use with the StackStorm datastore
Examples
Basic Usage
include st2::server::datastore_keys
Custom key path
class { 'st2::server::datastore_keys':
keys_dir => '/path/to/custom/keys',
key_path => '/path/to/custom/keys/datastore_key.json.',
}
Parameters
The following parameters are available in the st2::server::datastore_keys
class.
conf_file
Data type: Any
The path where st2 config is stored
Default value: $st2::conf_file
keys_dir
Data type: Any
The directory where the datastore keys will be stored
Default value: $st2::datastore_keys_dir
key_path
Data type: Any
Path to the key file
Default value: $st2::datastore_key_path
st2::stanley
Installs the default admin user for st2 (stanley).
- Note Will install auto-generate SSH keys of none are provided.
Examples
Basic Usage
include st2::stanley
Custom SSH keys
class { 'st2::stanley':
ssh_key_type => 'ssh-rsa',
ssh_public_key => 'AAAAAWESOMEKEY==',
ssh_private_key => '----- BEGIN RSA PRIVATE KEY -----\nDEADBEEF\n----- END RSA PRIVATE KEY -----',
}
Parameters
The following parameters are available in the st2::stanley
class.
username
Data type: Any
Name of the stanley user
Default value: 'stanley'
ssh_public_key
Data type: Any
SSH Public Key without leading key-type and end email
Default value: undef
ssh_key_type
Data type: Any
Type of SSH Key (ssh-dsa/ssh-rsa)
Default value: undef
ssh_private_key
Data type: Any
Private key
Default value: undef
client
Data type: Any
Allow incoming connections from the defined user
Default value: true
server
Data type: Any
Server where connection requests originate (usually st2 server)
Default value: true
st2::timersengine
Normally this class is instantiated by +st2::profile::fullinstall+. However, advanced users can instantiate this class directly to configure and manage just the st2timersengine service on a single node. Parameters for this class mirror the parameters in the st2 config.
Examples
Basic usage
include st2::timersengine
Customizing parameters
class { 'st2::timersengine':
enabled => true,
timezone => 'America/Los_Angeles',
}
Parameters
The following parameters are available in the st2::timersengine
class.
enabled
Data type: Any
Specify to enable timer service.
Default value: $st2::timersengine_enabled
timezone
Data type: Any
Timezone pertaining to the location where st2 is run.
Default value: $st2::timersengine_timezone
st2::workflowengine
Normally this class is instantiated by +st2::profile::fullinstall+. However, advanced users can instantiate this class directly to configure and manage just the st2workflowengine service on a single node. Parameters for this class mirror the parameters in the st2 config.
Examples
Basic usage
include st2::workflowengine
Defined types
st2::auth_user
Creates and manages StackStorm application users (flat_file auth only)
Examples
Basic usage
st2::auth_user { 'st2admin':
password => 'neato!',
}
Parameters
The following parameters are available in the st2::auth_user
defined type.
name
Name of the user
ensure
Data type: Any
Ensure user exists or not
Default value: present
password
Data type: Any
User's password
Default value: undef
st2::client::settings
Generates a configuration file for the st2 CLI (st2client)
Examples
Basic usage
st2::client::settings { 'john':
username => 'st2_john',
password => 'xyz123',
}
Parameters
The following parameters are available in the st2::client::settings
defined type.
name
OS-level username. Used to determine where the config file will be placed.
user
Data type: Any
See name
Default value: $name
homedir
Data type: Any
Path to home directory of the user.
Default value: "/home/${name}"
auth
Data type: Any
Is auth enabled or not.
Default value: $st2::auth
api_url
Data type: Any
URL of the StackStorm API service
Default value: $st2::cli_api_url
auth_url
Data type: Any
URL of the StackStorm Auth service
Default value: $st2::cli_auth_url
base_url
Data type: Any
Base URL for other StackStorm services
Default value: $st2::cli_base_url
username
Data type: Any
Username for auth on the CLI
Default value: $st2::cli_username
password
Data type: Any
Password for auth on the CLI
Default value: $st2::cli_password
disable_credentials
Data type: Any
Prevents credentials (username, password) from being written to the config file
Default value: false
api_version
Data type: Any
Version of the StackStorm API
Default value: $st2::cli_api_version
cacert
Data type: Any
Path to the SSL CA certficate for the StackStorm services
Default value: $st2::cli_cacert
debug
Data type: Any
Enable debug mode
Default value: $st2::cli_debug
cache_token
Data type: Any
Enable cacheing authentication tokens until they expire
Default value: $st2::cli_cache_token
silence_ssl_warnings
Data type: Any
Enable silencing SSL warnings for self-signed certs
Default value: $st2::cli_silence_ssl_warnings
st2::kv
Sets a value to the StackStorm Key/Value Store
Examples
Basic usage
st2::kv { 'install_uuid':
value => $_uuid,
}
Parameters
The following parameters are available in the st2::kv
defined type.
key
Data type: Any
Key to set
Default value: $name
value
Data type: Any
Value of key
ensure
Data type: Any
Default value: present
st2::pack
Manages a StackStorm Pack
Examples
Basic Usage
st2::pack { 'puppet': }
Install from a custom URL
st2::pack { 'custom':
repo_url => 'http://github.com/myorg/stackstorm-custom.git',
}
Parameters
The following parameters are available in the st2::pack
defined type.
pack
Data type: Any
Name of the pack to install.
Default value: $name
repo_url
Data type: Any
URL of the package to install when not installing from the exchange.
Default value: undef
config
Data type: Any
Hash that will be translated into YAML in the pack's config file after installation.
Default value: undef
ensure
Data type: Any
Default value: present
st2::rbac
This defined type creates RBAC resources for users
- Note This is an enterprise feature, and requires a license to be used.
Examples
st2::rbac { 'admin':
description => "Administrative user",
roles => [
'observer',
'my_test_role',
],
}
Parameters
The following parameters are available in the st2::rbac
defined type.
ensure
Data type: Any
Default value: 'present'
user
Data type: Any
Default value: $name
description
Data type: Any
Default value: 'Created and managed by Puppet'
roles
Data type: Any
Default value: []
st2::user
Creates an system (OS level) user for use with StackStorm
Examples
Custom SSH keys
st2::user { 'stanley':
ssh_key_type => 'ssh-rsa',
ssh_public_key => 'AAAAAWESOMEKEY==',
ssh_private_key => '----- BEGIN RSA PRIVATE KEY -----\nDEADBEEF\n----- END RSA PRIVATE KEY -----',
}
Parameters
The following parameters are available in the st2::user
defined type.
client
Data type: Any
Allow incoming connections from the defined user
Default value: true
server
Data type: Any
Server where connection requests originate (usually st2 server)
Default value: false
create_sudo_entry
Data type: Any
Manage the sudoers entry (default: false)
Default value: false
ssh_public_key
Data type: Any
SSH Public Key without leading key-type and end email.
Default value: undef
ssh_key_type
Data type: Any
Type of SSH Key (ssh-dsa/ssh-rsa)
Default value: undef
ssh_private_key
Data type: Any
SSH Private key. If not specified, then one will be generated.
Default value: undef
groups
Data type: Any
List of groups (OS level) that this user should be a member of
Default value: undef
ssh_dir
Data type: Any
Directory where SSH keys will be stored
Default value: "/home/${name}/.ssh"
Resource types
st2_pack
Manage st2 packs
Properties
The following properties are available in the st2_pack
type.
ensure
Valid values: present, absent
The basic property that the resource should be in.
Default value: present
Parameters
The following parameters are available in the st2_pack
type.
name
namevar
Name of the pack.
user
St2 cli user
password
St2 cli password
source
Git URL for st2 pack
Functions
st2::urlencode
Type: Ruby 4.x API
URL encodes a string
Examples
Basic usage
st2::urlencode('xyz!123')
st2::urlencode(String $url)
URL encodes a string
Returns: String
URL encoded data
Examples
Basic usage
st2::urlencode('xyz!123')
url
Data type: String
Raw URL data to encode
st2::version_ge
Type: Puppet Language
Determines if the StackStorm version installed on the system $facts['st2_version'] or the version requested by the user $st2::version is greater than or equal to $version.
This is used to determine if this Puppet module should enable features for managing specific versions of StackStorm. Older versions of StackStorm will not have new features and we don't want this module to try and manage them if they're not present on the system.
Users who have old version of StackStorm installed may have $st2::version = 'present' or $st2::version = 'installed'. In this case, we don't want to assume the user has a new version of StackStorm or wants to upgrade. Instead, we should assume that this the installed version of StackStorm is the version we should be using to compare.
Examples
Basic Usage
if st2::version_ge('2.4.0') {
# ... do something only for StackStorm version >= 2.4.0
}
st2::version_ge(String $version)
Determines if the StackStorm version installed on the system $facts['st2_version'] or the version requested by the user $st2::version is greater than or equal to $version.
This is used to determine if this Puppet module should enable features for managing specific versions of StackStorm. Older versions of StackStorm will not have new features and we don't want this module to try and manage them if they're not present on the system.
Users who have old version of StackStorm installed may have $st2::version = 'present' or $st2::version = 'installed'. In this case, we don't want to assume the user has a new version of StackStorm or wants to upgrade. Instead, we should assume that this the installed version of StackStorm is the version we should be using to compare.
Returns: Boolean
True if the StackStorm version on the system or $st2::version is
= to the +version+ parameter.
Examples
Basic Usage
if st2::version_ge('2.4.0') {
# ... do something only for StackStorm version >= 2.4.0
}
version
Data type: String
Version string to compare against. This should be in SemVer format
Data types
St2::Repository
Validate the type of system package repository for StackStorm
Alias of Enum['stable', 'unstable', 'staging-stable', 'staging-unstable']
Tasks
key_decrypt
Decrypt a StackStorm key/value pair. TODO - Remove this when the following is closed: https://github.com/StackStorm/st2/issues/4545
Supports noop? false
Parameters
crypto_key_path
Data type: String
Path to StackStorm crypto key
keys
Data type: Array[Hash]
List of key value pairs
key_get
Retrieve the value for a key from the StackStorm datastore
Supports noop? false
Parameters
key
Data type: String[1]
Key to get
scope
Data type: Optional[String]
Scope to retrieve the data from. Default = 'system'
decrypt
Data type: Optional[Boolean]
Decrypt secret if encrypted. Default = false
convert
Data type: Optional[Boolean]
Attempt to convert the string into a hash, array, etc by parsing it as JSON. If an error occurs the string data will be returned. Default = true
api_key
Data type: Optional[String]
StackStorm API key to use for authentication (prefer this over username/password).
auth_token
Data type: Optional[String]
StackStorm auth token. Use this if username/password auth has already been established in a previous task and auth token is being passed around.
username
Data type: Optional[String]
Username to use for StackStorm authentication.
password
Data type: Optional[String]
Password to use for StackStorm authentication.
key_load
Load a list of a StackStorm key/value pairs into the datastore
Supports noop? false
Parameters
keys
Data type: Array[Hash]
List of key value pairs. Each hash should have a 'name' and 'value' key. Example: {'name': 'mydatastorkey', 'value': 'valueinthedatastore'} . For more details , see: https://docs.stackstorm.com/datastore.html#loading-key-value-pairs-from-a-file
convert
Data type: Optional[Boolean]
Convert non-string types (hash, array, boolean, int, float) to a JSON string before loading it into the datastore.
api_key
Data type: Optional[String]
StackStorm API key to use for authentication (prefer this over username/password).
auth_token
Data type: Optional[String]
StackStorm auth token. Use this if username/password auth has already been established in a previous task and auth token is being passed around.
username
Data type: Optional[String]
Username to use for StackStorm authentication.
password
Data type: Optional[String]
Password to use for StackStorm authentication.
pack_install
Install a list of packs
Supports noop? false
Parameters
packs
Data type: Array[String]
List of packs to install. This can either be the name of a pack to install from the exchange, a URL to a pack to install from git://user@domain/pack.git or https://github.com/org/pack.git, or the path to a local git repo file:///path/to/local/pack
api_key
Data type: Optional[String]
StackStorm API key to use for authentication (prefer this over username/password).
auth_token
Data type: Optional[String]
StackStorm auth token. Use this if username/password auth has already been established in a previous task and auth token is being passed around.
username
Data type: Optional[String]
Username to use for StackStorm authentication.
password
Data type: Optional[String]
Password to use for StackStorm authentication.
pack_list
Get a list of packs
Supports noop? false
Parameters
api_key
Data type: Optional[String]
StackStorm API key to use for authentication (prefer this over username/password).
auth_token
Data type: Optional[String]
StackStorm auth token. Use this if username/password auth has already been established in a previous task and auth token is being passed around.
username
Data type: Optional[String]
Username to use for StackStorm authentication.
password
Data type: Optional[String]
Password to use for StackStorm authentication.
pack_register
Registers a pack that exists on the filesystem
Supports noop? false
Parameters
paths
Data type: Array[String]
Array of directories on the local StackStorm filesystem where the pack contents currently exist and will be used to register from.
api_key
Data type: Optional[String]
StackStorm API key to use for authentication (prefer this over username/password).
auth_token
Data type: Optional[String]
StackStorm auth token. Use this if username/password auth has already been established in a previous task and auth token is being passed around.
username
Data type: Optional[String]
Username to use for StackStorm authentication.
password
Data type: Optional[String]
Password to use for StackStorm authentication.
pack_remove
Remove a list of packs
Supports noop? false
Parameters
packs
Data type: Array[String]
List of packs names to remove
api_key
Data type: Optional[String]
StackStorm API key to use for authentication (prefer this over username/password).
auth_token
Data type: Optional[String]
StackStorm auth token. Use this if username/password auth has already been established in a previous task and auth token is being passed around.
username
Data type: Optional[String]
Username to use for StackStorm authentication.
password
Data type: Optional[String]
Password to use for StackStorm authentication.
rule_disable
Disable a given rule
Supports noop? false
Parameters
rule
Data type: String
Name of a rule to disable (format: pack_name.rule_name)
api_key
Data type: Optional[String]
StackStorm API key to use for authentication (prefer this over username/password).
auth_token
Data type: Optional[String]
StackStorm auth token. Use this if username/password auth has already been established in a previous task and auth token is being passed around.
username
Data type: Optional[String]
Username to use for StackStorm authentication.
password
Data type: Optional[String]
Password to use for StackStorm authentication.
rule_list
Return a list of rules.
Supports noop? false
Parameters
pack
Data type: Optional[String]
Name of a pack if you want to return rules only for a given pack.
api_key
Data type: Optional[String]
StackStorm API key to use for authentication (prefer this over username/password).
auth_token
Data type: Optional[String]
StackStorm auth token. Use this if username/password auth has already been established in a previous task and auth token is being passed around.
username
Data type: Optional[String]
Username to use for StackStorm authentication.
password
Data type: Optional[String]
Password to use for StackStorm authentication.
run
Runs a StackStorm action
Supports noop? false
Parameters
action
Data type: String
Name of the action to execute
parameters
Data type: Optional[Array[String]]
Array of parameter strings to pass to the execution. Named arguments should be of the format 'param=value' positional parameters can be put in their normal order as strings.
api_key
Data type: Optional[String]
StackStorm API key to use for authentication (prefer this over username/password).
auth_token
Data type: Optional[String]
StackStorm auth token. Use this if username/password auth has already been established in a previous task and auth token is being passed around.
username
Data type: Optional[String]
Username to use for StackStorm authentication.
password
Data type: Optional[String]
Password to use for StackStorm authentication.
Plans
st2::upgrade_mongodb
The default upgrade for this plan goes from 3.4 to 3.6 and ultimately to 4.0
High level steps:
- stop stackstorm
https://docs.mongodb.com/manual/release-notes/3.6-upgrade-standalone/
- set MongoDB feature compatibility to 3.4
- change package repo to 3.6
- upgrade packages
- set MongoDB feature compatibility to 3.6
https://docs.mongodb.com/manual/release-notes/4.0-upgrade-standalone/
- change package repo to 4.0
- upgrade packages
- set MongoDB feature compatibility to 4.0
- start stackstorm
Examples
Basic usage
bolt plan run st2::upgrade_mongodb --targets ssh_nodes --params '{"mongo_password": "xxx"}'
Upgrading enterprise packages
bolt plan run st2::upgrade_mongodb --targets ssh_nodes --params '{"mongo_password": "xxx", "mongo_packages": ["mongodb-enterprise-server", "mongodb-enterprise-shell", "mongodb-enterprise-tools"], "mongo_edition": "enterprise"}'
Upgrading from 3.6 to 4.0
bolt plan run st2::upgrade_mongodb --targets ssh_nodes --params '{"mongo_password": "xxx", "upgrade_version_start": "3.6", "upgrade_version_path": ["4.0"]}'
Upgrading from 3.4 to 3.6 to 4.0
bolt plan run st2::upgrade_mongodb --targets ssh_nodes --params '{"mongo_password": "xxx", "upgrade_version_start": "3.4", "upgrade_version_path": ["3.6", "4.0"]}'
Parameters
The following parameters are available in the st2::upgrade_mongodb
plan.
targets
Data type: TargetSpec
Set of targets (MongoDB hosts) that this plan will be executed on.
mongo_admin_db
Data type: String
Name of the admin database for MongoDB
Default value: 'admin'
mongo_username
Data type: String
Name of the admin user on the admin database
Default value: 'admin'
mongo_password
Data type: String
Password of the admin user on the admin database
mongo_packages
Data type: Array[String]
List of MongoDB packages that will be upgraded
Default value: ['mongodb-org-server', 'mongodb-org-shell', 'mongodb-org-tools']
mongo_edition
Data type: Enum['enterprise', 'org']
What edition of MongoDB should be setup from a repo perspective, either 'org' for community edition, or 'enterprise' for enterprise edition.
Default value: 'org'
upgrade_version_start
Data type: String
Version of MongoDB that the database is currently on, ie. where we are starting from.
Default value: '3.4'
upgrade_version_path
Data type: Array[String]
List of versions that we will upgrade through along our path to success!
Default value: ['3.6', '4.0']
What are tasks?
Modules can contain tasks that take action outside of a desired state managed by Puppet. It’s perfect for troubleshooting or deploying one-off changes, distributing scripts to run across your infrastructure, or automating changes that need to happen in a particular order as part of an application deployment.
Tasks in this module release
What are plans?
Modules can contain plans that take action outside of a desired state managed by Puppet. It’s perfect for troubleshooting or deploying one-off changes, distributing scripts to run across your infrastructure, or automating changes that need to happen in a particular order as part of an application deployment.
Changelog
Development
2.3.0 (Sep 15, 2021)
-
Remove tests for Ubuntu 18.04 and Python3.6, since it's already default. Contributed by @rush-skills.
-
Drop support for ubuntu 16.04 and add support for ubuntu 20.04. Contributed by @rush-skills
-
Update build docs. Contributed by @rush-skills
-
Change old style fact reference in selinux profile. Contributed by @rush-skills
-
Cleaned up old style
::
references. Contributed by @rush-skills -
Removed travis references after switch to GitHub Actions. Contributed by @rush-skills
-
Removed
files/etc/st2/st2.conf
as the template was no longer used. Contributed by @rush-skills
2.2.0 (Jul 14, 2021)
- Added the ability to scale out workflowengine, scheduler, rulesengine, and notifier services so that they run in an active-active configuration Contributed by @bishopbm1
- Added the Redis configuration for a Coordination backend Contributed by @bishopbm1
- Added neccessary erlang package required for RHEL 8 rabbitmq Contributed by @bishopbm1
2.1.0 (Mar 6, 2021)
Note: This version only supports the 'integrated' LDAP plugin.
- Added the RabbitMQ repo manage flag to the RabbitMQ install because it no longer exists in EPEL for CentOS/Rhel 8
- Stackstorm 3.4 change the way they process LDAP and moved the pip install into the requirements file so we do not need to install the extra module. Also updated the ldap backend config to be consistent with new structure.
- Stackstorm 3.4 removed resultstracker so we took that out of the services list and all tests and configs. Contributed by @bishopbm1
2.0.0 (Feb 15, 2020)
-
Added new parameter
st2::python_version
that controls the version of python to install. This was added so that OSes that don't come with Python 3 by default, can install Python 3. The default is'system'
and the systempython
package will be installed, whatever version that is for your OS. To explicitly install Python 3.6 on CentOS 7, pass in'3.6'
. To install Python 3.6 on Ubuntu 16.04 pass in'python3.6'
. On Ubuntu 16.04 you'll also need to pass inst2::python_enable_unsafe_repo: true
in order to enable the deadsnakes PPA (Feature) Contributed by @nmaludy -
Removed tags for auth system development dependencies (PAM and LDAP) that caused issues when declaring packages such as
gcc
. (Bug Fix) Contributed by @nmaludy -
Added `Strict-Transport-Security' SSL header (HSTS) and set max-age to 1 year for nginx server resource. This will force browsers to always use https connections to the server. Contributed by @paxri01
-
Fixed issue with upgrade mongodb bolt plan to handle passwords with special characters. (Bugfix) Contributed by @bishopbm
-
Drop support for CentOS 6 #304 (Enhancement) Contributed by @nmaludy
-
Drop support for Mistral and PostgreSQL #312 (Enhancement) Contributed by @nmaludy
-
Corrected
logging
setting forapi
,auth
andstream
to point at the/etc/st2/logging.<service>.gunicorn.conf
logging config files, the current default. (Bugfix) Contributed by @nmaludy -
Add new parameter
st2::ssl_cert_manage
to allow users to disable this module from managing the SSL certificate used by nginx. This flag defaults to the old behavior oftrue
, and generates a self-signed certificate. If a users sets this tofalse
they will need to generate their own certificate and place it in/etc/ssl/st2/st2.crt
and private key in/etc/ssl/st2/st2.key
. There is a future improvement to allow these paths to be configurable. (Enhancement) Contributed by @nmaludy -
Add support for using MongoDB
4.0
when installing latest StackStorn (>= 3.3.0
) #298 (Enhancement) Contributed by @nmaludy -
Add dependency to
yumrepo_core
to this module that was missed when adding repo support previously. (Bugfix) Contributed by @nmaludy -
Change the way we handle the
nginx
config from just copying a config file to using the native resource types provided by thepuppet-nginx
module. Users can now configure the utilized SSL protocol and ciphers along with client max body size directly from thest2
class using the following new parameters:nginx_client_max_body_size
nginx_ssl_ciphers
nginx_ssl_port
nginx_ssl_protocols
Contributed by @nmaludy
-
Added a new plan
st2::upgrade_mongodb
that can be used to upgrade a standalone MongoDB database between versions. (Feature) Contributed by @nmaludy -
PDK Sync to 1.18.1 (Enhancement) Contributed by @nmaludy
-
Added support for Puppet 7 (Enhancement) Contributed by @nmaludy
-
Deprecated Puppet 5. Removed Puppet 5 from build matrix (Enhancement) Contributed by @nmaludy
1.7.0 (Jun 26, 2020)
-
Refactored the system StackStorm repository handling. This replaces the
PackageCloud
Puppet module because it was not idempotent. At the same time we've moved the repository handling from the old-schoolst2::profile::repos
to the new idiomaticst2::repo
(base) andst2::repo::apt
orst2::repo::yum
based on OS type. This is considered a minor breaking change if you were using the internal classst2::profile::repos
. The replacement class isst2::repo
and is a direct replacement. (Enhancement) Contributed by @nmaludy -
Fixed
/opt/stackstorm/packs
and/opt/stackstorm/virtualenv
resources to be idempotent and manage the ownership of these directories recursively in a much more efficient manner. Instead of using thefile
resource withrecurse => true
we now utilize the modulenpwalker/recursive_file_permissions
. #278 (Bugfix) (Enhancement) Contributed by @nmaludy -
Added Puppet Forge Endorsement badge to show that this is an Approved Puppet module. (Enhancement) Contributed by @nmaludy
-
Fixed bug in
st2::key_get
task where non-JSON output from the command would throw an exception. (Bugfix) Contributed by @nmaludy -
Fixed bug in
st2::key_decrypt
causing it to be incompatible with Python 3. (Bugfix) Contributed by @nmaludy -
Added an override for the
LC_ALL
environment variable in all Bolt tasks, so that the locale is set to UTF-8, preventing a WARNING from being output from thest2
command line. Without this override, new versions of Bolt set the locale toC
causing a warning and preventing the JSON Output from thest2
command from being parsed properly. (Bugfix) Contributed by @nmaludy -
Added new Bolt tasks:
st2::pack_register
: Registers a list of packs based from paths on the filesystemst2::rule_disable
: Disables a rulest2::rule_list
: Lists all rules, or just the rules in a given packst2::run
: Runs a StackStorm action
(Enhancement) Contributed by @nmaludy
-
Replaced deprecated
stahnma-epel
module withpuppet-epel
. (Enhancement) Contributed by @nmaludy
1.6.0 (Feb 17, 2020)
-
Updated to new Puppet style guide where the leading
::
in class names is no longer acceptable. (Bugfix) Contributed by @nmaludy -
Removed unused
puppet-wget
module dependency. (Enhancement) Contributed by @nmaludy -
Define upper-bounds for puppet module dependencies. #282 (Enhancement) Contributed by @nmaludy
-
Reorganized README.md to conform to the Puppet module README template #283 (Enhancement) Contributed by @nmaludy
-
Added support for Ubuntu 18.04 (Feature) Contributed by @nmaludy
-
Dropped support for Ubuntu 14.04 (Enhancement) Contributed by @nmaludy
1.5.0 (Oct 2, 2019)
-
Fixed a bug in the
mistral
Postrgres connection string where passwords weren't being URL encoded / escaped. This could lead to potentially bad URL parsing when passwords contained certain special characters. To fix this, the password in the mistralconnection
parameter is now URL encoded / escaped. (Bugfix) Contributed by @nmaludy -
Fixed a bug in the
st2_pack
resource so that when authentication fails, the error message about why it failed is shown to the user. (Bugfix) Contributed by @nmaludy -
Fixed a bug in the
st2_pack
resource where usernames and passwords were not being escaped properly. This only manifested itself with certain special characters. (Bugfix) Contributed by @nmaludy -
Modified the build system to utilize
r10k
instead oflibrarian-puppet
. This change requires thePuppetfile
using during CI to explicitly call out all dependencies, but will result in less maintenance of thePuppetfile
due to releases of dependent modules. (Enhancement) Contributed by @nmaludy -
Removed Puppet 4 from build matrix. Puppet 4 has been end-of-life since 2018-12-31. (Enhancement) Contributed by @nmaludy
-
Already installed packs are now recognized by their configured "ref" variable instead of "name" (Enhancement) Contributed by @ruriky
1.4.0 (Feb 13, 2019)
-
Added new tasks to communicate with the StackStorm CLI. The naming standard and parameters are modeled after the
st2
CLI command and must be run on the StackStorm node:st2::key_decrypt
- Decrypts an encrypted key/value pairst2::key_get
- Retrieves the value for a key from the datastorest2::key_load
- Loads a list of key/value pairs into the datastorest2::pack_install
- Installs a list of packsst2::pack_list
- Get a list of installed packsst2::pack_remove
- Removes a list of packs (Feature)
-
Fixed build for new release of
puppet/nginx
causing conflict withpuppetlabs/stdlib
. The new version0.16.0
ofpuppet/nginx
requirespuppetlabs/stdlib >= 5.0.0
. Several other modules we depend on requirepuppetlabs/stdlib < 5.0.0
causing a conflict. To fix this, we've pinnedpuppet/nginx
to0.15.0
in the Puppetfiles used for testing. (Bugfix) Contributed by @nmaludy -
Removed the dependencies because they're no longer used.
puppet/staging
puppetlabs/gcc
(Enhancement) Contributed by @nmaludy
-
Puppet 4 is officially deprecated due to it being End of Life on 2018-12-31. Support will be removed in a future version. (Enhancement) Contributed by @nmaludy
-
Fixed build for Puppet 4. New version of rubygem-update requires Ruby 2.3.0 and Puppet 4 requires 2.1.x. When running
gem update --system
this updated the gem past the installed ruby version, breaking the build. Instead, we simply leave the system gems alone during the build. Contributed by @nmaludy -
Removed the following unused variables from
::st2
:mistral_git_branch
st2web_ssl_cert
st2web_ssl_key
api_url
api_logging_file
flow_url
global_env
workers
(actually implemented below withactionrunner_workers
) (Enhancement) Contributed by @nmaludy
-
Added the following variables to
::st2
:auth_api_url
: URL of the StackStorm API for use by thest2auth
service.actionrunner_workers
: Number ofst2actionrunner
processes to start.mistral_db_host
: Hostname/IP of the Mistral Postgres databasemistral_db_name
: Database name of the Mistral Postgres databamistral_db_username
: Username for authentication to the Mistral Postgres databasemistral_db_password
: Password for authentication to the Mistral Postgres databasemistral_db_bind_ips
: String of IPs (csv) that the Mistral Postgres database will accept connections on (default: 127.0.0.1)chatops_api_url
: URL of the StackStorm API service for use byst2chatops
chatops_auth_url
: URL of the StackStorm Auth service for use byst2chatops
(Enhancement) Contributed by @nmaludy
-
Added documentation for variables in many of the classes. (Enhancement) Contributed by @nmaludy
-
Converted entire module over to Puppet Strings documentation. (Enhancement) Contributed by @nmaludy
-
Added CI check for documentation warnings/errors. (Enhancement) Contributed by @nmaludy
-
Fixed
st2_pack
resouce not escaping username/password arguments, leading to errors when authenticating with usernames/passwords that contain special characters. (Bugfix) Contributed by @nmaludy
1.3.0 (Dec 17, 2018)
-
Added authentication for RabbitMQ, by default. The authentication options are available in the
::st2
class:rabbitmq_username
: Username for the new RabbitMQ user (default:st2admin
)rabbitmq_password
: Password for the new RabbitMQ user (default:Ch@ngMe
) When upgrading to this new version, this will force a restart of all StackStorm and Mistral services as the new password is applied. (Feature) Contributed by @nmaludy
-
Remove the insecure RabbitMQ default
guest
user on RabbitMQ instances. Note: this will remove this user on new AND existing instances. (Enhancement) Contributed by @nmaludy -
Added support for additional RabbitMQ configuration options:
rabbitmq_hostname
: Hostname of the RabbitMQ server (default:127.0.0.1
)rabbitmq_port
: Port to connect to the RabbitMQ server (default:5672
)rabbitmq_bind_ip
: IP address to bind the RabbitMQ server to (default:127.0.0.1
)rabbitmq_vhost
: Virtual Host for the StackStorm content on RabbitMQ (default:/
) (Feature) Contributed by @nmaludy
-
Added support for
st2scheduler
service in StackStorm >=2.10.0
. Two new options were added to::st2
:scheduler_sleep_interval
- How long (in seconds) to sleep between each action scheduler main loop run interval. (default = 0.1)scheduler_gc_interval
- How often (in seconds) to look for zombie execution requests before rescheduling them. (default = 10)scheduler_pool_size
- The size of the pool used by the scheduler for scheduling executions. (default = 10) #251 (Enhancement) Contributed by @nmaludy
-
Added a new fact
st2_version
that reports the installed version of StackStorm. If StackStorm is not installed then the fact will not be present (default behavior of Facter). Contributed by @nmaludy -
Installs NodeJS 10, by default, when installing StackStorm >=
2.10.0
. This is now also the default when running a brand new installation with a::st2::version
oflatest
,installed
orpresent
(default). Existing installations are also upgraded to NodeJS 10 if their::st2::version
is set tolatest
(default) or to a version >=2.10.0
. #219 (Enhancement) Contributed by @nmaludy -
Added new parameter to
::st2
classrepository
that allows configuring a different release repository from PackageCloud for Yum/Apt. Available options are:- `'stable'` (default) - `'unstable'`
(Enhancement) Contributed by @nmaludy
1.2.0 (Sep 25, 2018)
-
Removed
manifests/container.pp
andmanifests/profile/source.pp
. These files were unused and unmaintained. Also removed module dependenciespuppetlabs/vcsrepo
andjfryman/tiller
that are no longer used because these two files have been removed. (Change) Contributed by @nmaludy -
Removed archived build files from Puppet 3. (Clean up) Contributed by @nmaludy
-
Added support for Puppet 6 on all platforms. (Enhancement) Contributed by @nmaludy
-
Added default ChatOps config (
'HUBOT_ADAPTER' => 'slack'
), so that the ChatOps service starts cleanly without the user needing to provide any variables into the::st2
class. #233 (Enhancement) Contributed by @nmaludy -
Added support for
st2timersengine
service on StackStorm >=2.9.0
. Two new options were added to::st2
:timersengine_enabled
- Set to true if the st2timersengine service should be enabled on this node (default: true)timersengine_timezone
- The local timezone for this node. (default: 'America/Los_Angeles') #221 (Enhancement) Contributed by @nmaludy
-
Changed integration tests to test for HTTP
308
redirect on when redirecting from http:// to https:// (Enhancement) Contributed by @nmaludy -
Fixed bug where the default nginx splash page was not being removed on RHEL/CentOS installs. (Bugfix) Contributed by @nmaludy
1.1.0 (Sep 07, 2018)
-
DEPRECATION WARNING - Dropped support for Puppet 3. (Enhancement) Contributed by @nmaludy
-
Added tests for Puppet 4 and Puppet 5 on all platforms:
- RHEL/CentOS 6
- RHEL/CentOS 7
- Ubunut 14.04
- Ubunut 16.04 Contributed by @nmaludy
-
Re-ordered dependencies in the Puppetfile for Puppet 4 and Puppet 5.
puppetlabs/stdlib
andpuppetlabs/concat
are now at the bottom in order to letlibrarian-puppet
choose the version of these based on other dependencies defined throughout the rest of the file. (Bugfix) Contributed by @nmaludy -
Fixed MongoDB race condition when enabling auth. Now we try to establish a connection to the database in a loop (using
mongodb_conn_validator
). Once the database connection is established the provisioning continues. (Bugfix) Contributed by @nmaludy -
Fixed Ubuntu 14 issue where adding the PackageCloud repo corrupted the
apt
cache. Now, after the PackageCloud repo is added, the apt-cache is complete cleaned and rebuilt. (Bugfix) Contributed by @nmaludy -
Added
puppetmodule.info
badge to README. (Enhancement) Contributed by @nmaludy -
Removed Puppet 3 references from README. (Enhancement) Contributed by @nmaludy
-
Converted module over to PDK (Puppet Development Kit) for unit testing and module templating. (Enhancement) Contributed by @nmaludy
-
Rubocop linting is now enforced. As part of the conversion to PDK we're now running the standard testing and verification tasks, which includes Rubocop. (Enhancement) Contributed by @nmaludy
1.0.0 (Jul 23, 2018)
-
Added an implementation for every auth backend available (at the time). All auth backends can be configured with every parameter detailed on their GitHub page. The following backends are supported:
flat_file
(default),keystone
,ldap
,mongodb
,pam
. (Feature) Contributed by @nmaludy -
Changed the behavior of
st2
packages. Previously they were automatically updating due to the package resources havingensure latest
set. Going forward, packages will haveensure => present
set by default and it will be the responsibility of the end user to update the packages. (Change) Contributed by @nmaludy -
Fixed
st2_pack
type to properly pass the locale settings of the system to thest2
CLI command. (Bugfix) Contributed by @nmaludy -
Added support for new
st2workflowengine
(Orchestra) service (Feature)! Contributed by @nmaludy -
Fixed bug where CentOS 7 would sometimes fail to install NodeJS properly. (Bugfix) Contributed by @nmaludy
-
DEPRECATION WARNING - Support for Puppet 3 will be dropped in the next minor release! Contributed by @nmaludy
-
Added integration tests using InSpec. Contributed by @nmaludy
-
Added ability to utilize MongoDB auth with Puppet >= 4.0. Contributed by @nmaludy
-
Changed facts for Mistral and now MongoDB to use ghoneycutt/facter. This moves the fact for Mistral from
/etc/facter/facts.d/mistral_bootstrapped.txt
to/etc/facter/facts.d/facts.txt
. Contributed by @nmaludy -
Added RabbitMQ not listen address to be
127.0.0.1
. Contributed by @nmaludy -
Fixed
st2::user
so that it properly create~/.ssh/authorized_keys
. Contributed by @nmaludy -
Fixed group ownership of
st2::user
SSH keys to be$name
instead ofroot
. Contributed by @nmaludy
-
Added integration tests using InSpec. Contributed by @nmaludy
-
Added ability to utilize MongoDB auth with Puppet >= 4.0. Contributed by @nmaludy
-
Changed facts for Mistral and now MongoDB to use ghoneycutt/facter. This moves the fact for Mistral from
/etc/facter/facts.d/mistral_bootstrapped.txt
to/etc/facter/facts.d/facts.txt
. Contributed by @nmaludy -
Added RabbitMQ not listen address to be
127.0.0.1
. Contributed by @nmaludy -
Fixed
st2::user
so that it properly create~/.ssh/authorized_keys
. Contributed by @nmaludy -
Fixed group ownership of
st2::user
SSH keys to be$name
instead ofroot
. Contributed by @nmaludy
1.0.0-rc2 (Jan 9, 2018)
-
Fixed a bug in st2chatops configuration where the wrong URLs for ST2_API and ST2_AUTH were specified. (Bugfix) Contributed by @nmaludy
-
Changed the MongoDB port value from a String to an Integer. This makes it compatible with the latest version of the
puppet-mongodb
module in Puppet 4 and Puppet 5. (Bugfix) Contributed by @nmaludy
1.0.0-rc (Dec 19, 2017)
-
Added new chatops parameters to
::st
and::st2::profile::chataops
. A majority of the settings in chatops are now configurable.- chatops_hubot_log_level - Logging level for hubot (string)
- chatops_hubot_express_port - Port that hubot operates on (integer or string)
- chatops_tls_cert_reject_unauthorized - Should hubot validate SSL certs. Set to 1 when using self signed certs
- chatops_hubot_name - Name of the bot in chat. Should be properly quoted if it has special characters, example: '"MyBot!"'
- chatops_hubot_alias - Character to trigger the bot at the beginning of a message. Must be properly quoted of it's a special character, example: "'!'"
- chatops_api_key - API key generated by
st2 apikey create
that hubot will use to post data back to StackStorm. - chatops_st2_hostname - Hostname of the StackStorm instance that chatops will connect to for API and Auth
- chatops_web_url - Public URL of StackStorm WebUI instance used by chatops to offer links to execution details in a chat.
Contributed by @nmaludy
-
Complete rewrite of the build and testing system. Everything is now based on Docker, running in an isolated environment. Implemented integration tests that install StackStorm within a Docker container. #178 (Enhancement) Contributed by @nmaludy
-
Migrated to voxpupuli puppet/rabbitmq module and puppet/mongodb modules as the puppetlabs/rabbitmq and puppetlabs/mongodb modules are deprecated. Contributed by @nmaludy
-
Upgraded NodeJS to 6.x when installing StackStorm >= 2.4.0. If you're currently running a version of StackStorm 2.4.0 with NodeJS 4.x installed, the repo will be updated to point at 6.x. To upgrade NodeJS go through the normal upgrade process on your system, example for RHEL:
yum clean all; yum upgrade -y
Contributed by @nmaludy -
Upgraded MongoDB to 3.4 when installing StackStorm >= 2.4.0. If you're currently running a version of StackStorm 2.4.0 with MongoDB 3.2 installed, the repo will be updated to point at 3.4. To upgrade MongoDB go through the normal upgrade process on your system, example for RHEL:
yum clean all; yum upgrade -y
Contributed by @nmaludy -
New type and provider for managing st2 packs:
st2_pack
. Added new parameterindex_url
to::st2
allowing custom st2 Exchange index file location. Profilefullinstall
does not force installation of packagest2
anymore. -
Added a new class
chatops
to manage the chatops package, service and configuration. Added new parameterschatops_adapter
andchatops_adapter_conf
to::st2
for allowing user to manage the hubot adapter packages and configuration. #187 Contributed by @ruriky -
Added new parameter
mongodb_manage_repo
to::st2
so that themongodb
install will not manage the repository files, allowing for installations from locally cached repos. #184 Contributed by @ruriky -
Added new parameter
nginx_manage_repo
to::st2
so that thenginx
install will not manage the repository files, allowing for installations from locally cached repos. #182 Contributed by @ruriky -
Make sure key type is defined for user public ssh key. #189 (Bugfix) Contributed by @bdandoy
-
Ensure group creation. #188 (Enhancement) Contributed by @bdandoy
-
Added more puppet-lint checks. #181 Contributed by @bdandoy
-
Added Slack notifications to https://stackstorm-community.slack.com
#puppet
for Travis build failures. #180 Contributed by @armab
1.0.0-beta (Aug 14, 2017)
files/repo/nodesource/NODESOURCE-GPG-SIGNING-KEY-EL
- Removed unused file after cleaning up nodejs profiel (Enhancement)
manifests/auth/standalone.pp
- Did not have access to the
::st2
variables (Bugfix). - Had a dependency issue where (on some platforms) allowed the
htpasswd
file to be created after the st2 services were starting (Bugfix) - Created an unnecessary "test user" (Bugfix)
manifests/auth_user.pp
- Dependency issues here where the
htpasswd
file was sometimes trying to be created before the/etc/st2
directory was created, and other times it was trying to be created after the st2 services had started. (Bugfix)
manifests/init.pp
- Needed extra variables for SSL setup in st2web. (Feature)
- Needed extra variables for proper database setup (mongodb and postgres) (Enhancement)
- Needed path to the st2auth logging config file (Enhancement)
- Needed variables about the datastore encryption keys (Feature)
manifests/kv.pp
- Some puppet lint problems (notice the whitespace fix and reordering of class params) (Bugfix)
- Dependency issues where the tag being used for the
Service
resource was incorrect (Bugfix) - Dependency issues where sometimes st2 hadn't been reloaded so the k/v loads would fail (Bugfix)
manifests/notices.pp
- Puppet lint fixes for using double quotes without variable interpolation in the string. (Bugfix)
manifests/pack.pp
- Unit tests revealed that many of the dependencies of this resource were not declared (group and directories) (Bugfix)
- Pointing at old location for config directory (Bugfix)
- Needed lots of dependency work to ensure resources were created in the proper order (Bugfix)
manifests/params.pp
- Broke down the old
st2_server_packages
variable into various components to align more with what ansible-st2 and the "one liner" shell scripts do in their functions. (Enhancement) - Removed some unused code in the "init provider" section (Enhancement)
- Broke down the old
st2_services
into its components similar tost2_server_packages
. FYI: The mistral services are handled by the mistral install instead of being grouped together intost2 server
. (Enhancement) - Added lots of new parameters for services that were not configured in the past like (nginx, st2web, mongodb, rabbitmq) (Feature)
manifests/profile/client.pp
- Removed stale comment (Enhancement)
manifests/profile/fullinstall.pp
- Mainly dependency cleanup here. (Bugfix)
- Ensure that packages are installed in the correct order and that there are meaningful anchors in place in case others need to execute tasks at certain points during the install. (Bugfix)
manifests/profile/mistral.pp
- This was completely re-written (Enhancement)
- Previously it was performing a lot of tasks manually that i believe st2mistral package now handles for us (Enhancement)
manifests/profile/mongodb.pp
- Completely re-written (Enhancement)
- It now handles auth (did not previously) (Enhancement)
- It also deals with several deficiencies in the puppetlabs-mongodb module. This module has lots of annoying bugs. I'm not at the point where i want to code up a new module myself yet, but we do have to work around several quirks for this to even work (sorry!). (Bugfix)
manifests/profile/nginx.pp
- New profile that installs and configures nginx (does not setup st2web config, that is left to the st2web profile) (Feature)
- Utilizes the nginx puppet module to do all of the heavy lifting here (Feature)
manifests/profile/nodejs.pp
- Completely re-written (Enhancement)
- Utilizes the nodejs puppet module to do all of the heavy lifting instead of doing it ourselves (Enhancement)
- Works around a small quirk of the module on RedHat distributions (BugFix)
manifests/profile/postgresql.pp
- Expanded this to properly configure postgres for listening according to the standard installs (shell scripts and ansible-st2) (Enhancement)
- Also ensured that 9.4 is installed on RHEL6 (Bugfix)
manifests/profile/rabbitmq.pp
- Greatly simplified by allowing the rabbitmq module to do all of the heavy lifting for us (Enhancement)
manifests/profile/repos.pp
- Fixed a bug where we were pointing to an all lowercase URL which caused st2 package installs to fail (Bugfix)
manifests/profile/selinux.pp
- Added a class that configures SELinux on RHEL hosts (Feature)
manifests/profile/server.pp
- Small changes here related to adding database auth capability (Enhancement)
- Added stanley user creation (Feature)
- Added datastore crypto creation (Feature)
- Added additional dependency management (Bugfix)
manifests/profile/web.pp
- Completely re-written (Enhancement)
- I don't believe that st2web was complete when this module was last touched, so this class got a complete overhaul (Enhancement)
manifests/rbac.pp
- Fixed a few puppet lint errors (Bugfix)
- Fixed an error where the RBAC rules were executed every puppet run (Bugfix)
manifests/server/datastore_keys.pp
- New manifest that manages the datastore crypto keys (Feature)
manifests/stanley.pp
- Removed unnecessary warning about ssh keys (Bugfix)
manifests/user.pp
- Fixed a couple small bugs related to a legacy "robots" group. (Bugfix)
- This got a pretty big overhaul with regards to SSH key creation. Now, if SSH keys are not present new ones will be created (just like the shell scripts and ansible-st2) (Bugfix)
metadata.json
- Reformatted the whole file to standard JSON formatting scheme (Enhancement)
- Updated module dependencies (some were missing) (Bugfix)
- Added supported OS block (Enhancement)
- Added supported puppet versions block (Enhancement)
spec/*
- Lots of small fixes here related to running the tests on various versions of ruby. (Bugfix)
- Finally found a happy medium where all tests now pass (Bugfix)
- Removed tests for the "st2::package::debian" type that no longer exists (Bugfix)
templates/*
- Removed the following unused templates due to code cleanup and modernizaiton (Enhancement)
- templates/etc/init.d/mistral-api.erb
- templates/etc/init.d/mistral.erb
- templates/etc/init/mistral-api.conf.erb
- templates/etc/init/mistral.conf.erb
- templates/etc/init/st2actionrunner-worker.conf.erb
- templates/etc/systemd/system/mistral-api.service.erb
- templates/etc/systemd/system/mistral.service.erb
- templates/etc/systemd/system/st2actionrunner.service.erb
- templates/etc/systemd/system/st2service_multi.service.erb
- templates/etc/systemd/system/st2service_single.service.erb
- templates/opt/st2web/config.js.erb
0.14.1 (Jan 15, 2015)
- Fix typo - st2garbagecollector is part of st2reactor package.
0.14.0 (Jan 15, 2015)
- Add services files for the new
st2garbagecollector
service.
0.13.0 (Jan 8, 2015)
- Don't install a default SSH key for
stanley
user if one is not explicitly provided.
0.12.3 (Dec 15, 2015)
- Adding tests around bintray repo feature
0.12.2 (Dec 11, 2015)
- Fixing error where WebUI fails because of missing resource
0.12.1 (Dec 9, 2015)
- Adding ability to download packages from testing bintray repos
0.11.1 (Dec 9, 2015)
- Extract a new version of st2web on update
0.11.0 (Dec 4, 2015)
- Force rewrite of webui/config.js on every provision
0.10.18 (Nov 11, 2015)
- Disable upstart logging for st2 services.
- Make sure that st2web logs on Ubuntu under upstart are written to /var/log/st2web.log
0.10.17 (Nov 2, 2015)
- Parameterized download server to CI
0.10.16 (Oct 30, 2015)
- Set sticky bit on Group, not User for stackstorm packs dir
0.10.15 (Oct 28, 2015)
- Remove DAG errors with fullinstall profile
0.10.14 (Oct 26, 2015)
- Ensure /opt/stackstorm/packs directory is SGID for pack group
0.10.13 (Oct 22, 2015)
- Add st2packs to default deploy and ensure Stanley exists
- Limit setting of
api_url
to st2::helper::auth_manager
0.10.8 (Oct 21, 2015)
- Adding api_url parameter to server profile
0.10.7 (Oct 21, 2015)
- Adding backend kwargs attribute to st2::helper::auth_manager
- Disable static UID for auto-generated users
0.10.4 (Oct 19. 2015)
- Fix for RHEL 6 client package installation
- Re-enable
ng_init
env flag to compat withst2ctl
- Fix issue with actionrunners outputting to STDOUT/STDERR
- All SysV init scripts ensure sourcing from /etc/environment
0.10.1 (Oct 16. 2015)
- Init scripts default install now
0.10.0 (Oct 15, 2015)
- Bug fixes
- Service restart with
Ini_setting { tag => 'st2::config' }
0.9.19 (Oct 14, 2015)
- Repair init scripts for Mistral on RHEL 6/7 and Debian
0.9.17 (Oct 14, 2015)
- Repair package map with CentOS 7 systems
0.9.15 (Oct 13, 2015)
- Support for SysV and SystemD Init types
0.9.14 (Oct 2, 2015)
- Ensure postgresql is setup and running before starting Mistral service.
0.9.12 (Oct 1, 2015)
- Refresh services on ini setting change.
0.9.11 (Oct 1, 2015)
- Add ability for user to change SSH key location in /etc/st2/st2.conf
0.9.10 (Sept 28, 2015)
- Fix typo in RBAC type.
0.9.8 (Sept 25, 2015)
- Add ability to manage StackStorm RBAC roles (improvement)
0.9.7 (Sept 22, 2015)
- Restart mistral on init script update
0.9.6 (Sept 22, 2015)
- Add
silence_ssl_warnings
option to the client profile.
0.9.5 (Sept 21, 2015)
- pin stahnma-epel to 1.1.0
0.9.4 (Sept 18, 2015)
- Restart services on package update (bugfix)
0.9.3 (Sept 17, 2015)
- Fix condition where
autoupdate: false
would result in missing resources (bugfix)
0.9.2 (Sept 17, 2015)
- Configure WebUI to integrate with Flow (feature)
- Configure st2client CLI settings for any user (improvement)
0.9.0 (Sept 16, 2015)
- Add support for RHEL/CentOS 6 & 7
0.8.0 (Sept 10, 2015)
- Release StackStorm v0.13.2
- Stop
st2::pack
resource restarting StackStorm (improvement)
0.7.10 (Sept 2, 2015)
- Fix
manage_mysql
->manage_postgresql
in st2::profile::server (bugfix) - Fix error with stanley user UID change (bugfix)
0.7.9 (Sept 1, 2015)
- Fix path for logging config with st2auth subsystem (bugfix)
0.7.8 (Aug 30, 2015)
- Allow user to adjust username of 'st2::stanley' resource (improvement)
0.7.7 (Aug 29, 2015)
- Bump default StackStorm version to 0.13.1 (upgrade)
Dependencies
- jamtur01/httpauth (>= 0.0.3 < 1.0.0)
- puppetlabs/stdlib (>= 4.6.0 < 7.0.0)
- puppetlabs/apt (>= 1.7.0 < 8.0.0)
- puppetlabs/yumrepo_core (>= 1.0.0 < 2.0.0)
- puppet/epel (>= 3.0.0 < 4.0.0)
- saz/sudo (>= 3.0.9 < 7.0.0)
- puppet/python (>= 5.0.0 < 7.0.0)
- puppetlabs/inifile (>= 1.2.0 < 5.0.0)
- puppet/mongodb (>= 3.1.0 < 4.0.0)
- puppet/rabbitmq (>= 4.1.0 < 11.0.0)
- ghoneycutt/facter (>= 3.0.0 < 4.0.0)
- puppet/selinux (>= 0.5.0 < 4.0.0)
- puppet/nginx (>= 0.5.0 < 2.0.0)
- puppet/nodejs (>= 1.3.0 < 8.0.0)
- npwalker/recursive_file_permissions (>= 0.6.0 < 1.0.0)
- puppet/redis (>= 7.0.0 < 8.0.0)
- camptocamp/systemd (>= 3.0.0 < 4.0.0)
Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS APPENDIX: How to apply the Apache License to your work. To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. Copyright [yyyy] [name of copyright owner] Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.