Puppet Class: phabricator::almanac

Defined in:
manifests/almanac.pp

Summary

This class can be used to register an Almanac device using

Overview

Class for registering an Almanac device.

./bin/almanac register. See the Almanac User Guide for further information.

Parameters:

  • device (String)

    The name of the Almanac device to register.

  • identity (Optional[String])

    The name of the Almanac device to identify as.

  • private_key (String)

    The contents of an SSH private key that has been associated with the specified Almanac device. This SSH key must be manually marked as trusted using the ./bin/almanac trust-key command.



14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
 
# File 'manifests/almanac.pp', line 14

class phabricator::almanac(
  String           $device,
  Optional[String] $identity,
  String           $private_key,
) {
  $device_id_path   = "${phabricator::install_dir}/phabricator/conf/keys/device.id"
  $private_key_path = "${phabricator::install_dir}/phabricator/conf/keys/device.key"

  file { 'phabricator/conf/device.key':
    ensure  => 'file',
    path    => $private_key_path,
    content => $private_key,
    owner   => $phabricator::daemon_user,
    group   => $phabricator::group,
    mode    => '0600',
    notify  => Exec['almanac register'],
    require => Vcsrepo['phabricator'],
  }

  $_options = [
    "--device ${device}",
    '--force',
    "--private-key ${private_key_path}",
  ]

  if $identity == undef {
    $identity_option = undef
  } else {
    $identity_option = "--identify-as ${identity}"
  }

  $options = delete_undef_values(concat($_options, [$identity_option]))

  # TODO: The `strict_indent` check doesn't seem to work properly here. See
  # https://github.com/relud/puppet-lint-strict_indent-check/issues/11.
  #
  # lint:ignore:strict_indent
  exec { 'almanac register':
    command => "${phabricator::install_dir}/phabricator/bin/almanac register ${join($options, ' ')}",
    creates => $device_id_path,
    user    => $phabricator::daemon_user,
    group   => $phabricator::group,
    require => [
      Class['php::cli'],
      File['phabricator/conf/local.json'],
      Php::Extension['mysql'],
      Vcsrepo['libphutil'],
      Vcsrepo['phabricator'],
    ],
  }
  # lint:endignore

  if $phabricator::storage_upgrade {
    Exec['bin/storage upgrade'] -> Exec['almanac register']
  }

  # TODO: This is dirty, but there's no way that we can accurately determine
  # whether `Class[phabricator::daemons]` exists in the catalogue. I think that
  # the solution here is to make the `phabricator::almanac` and
  # `phabricator::daemons` classes private (using `assert_private()`), and to
  # instead use flags to determine whether these classes should be included
  # (e.g. `$phabricator::almanac = true` and `$phabricator::daemons = true`).
  Exec['almanac register'] -> Service <| title == 'phd' |>
}