64 lines
2.1 KiB
Puppet
64 lines
2.1 KiB
Puppet
# @summary Manages the configuration of the SRI v2 (NI) service for CNAAS.
|
|
#
|
|
class streams::mongo_db(
|
|
$run_id = true,
|
|
Optional[Array[String]] $allow_nets = undef,
|
|
) {
|
|
$mongo_username = safe_hiera('mongo_username', 'mongo_admin_db')
|
|
$mongo_password = safe_hiera('mongo_password', 'f48f8')
|
|
$mongo_express_username = safe_hiera('mongo_express_username', 'mongo_admin_express')
|
|
$mongo_express_password = safe_hiera('mongo_express_password', 'f48f8')
|
|
$net_interfaces_keys = $facts['networking']['interfaces'].keys
|
|
# $me_config_mongodb_url = safe_hiera('mongo_express_username', 'mongodb://root:example@mongo:27017/')
|
|
|
|
$customer_hostname = $facts['networking']['hostname']
|
|
sunet::misc::create_dir { '/opt/mongo_db/': owner => 'root', group => 'root', mode => '0755', }
|
|
sunet::misc::create_dir { '/opt/mongo_db/compose/': owner => 'root', group => 'root', mode => '0755', }
|
|
|
|
|
|
sunet::misc::create_cfgfile { '/opt/mongo_db/.env':
|
|
content => template('streams/mongo_db/dotenv.erb'),
|
|
group => 'root',
|
|
mode => '0644',
|
|
}
|
|
|
|
file { '/opt/mongo_db/mongo-init.js':
|
|
ensure => file,
|
|
content => template('streams/mongo_db/mongo-init.js.erb')
|
|
}
|
|
|
|
sunet::misc::create_cfgfile { '/opt/mongo_db/nginx.conf':
|
|
content => template('streams/mongo_db/nginx.conf.erb'),
|
|
group => 'root',
|
|
mode => '0644',
|
|
}
|
|
|
|
sunet::docker_compose {'mongo_db_docker_compose':
|
|
service_name => 'mongo_db',
|
|
description => 'Mongo_db application',
|
|
compose_dir => '/opt/mongo_db/compose',
|
|
content => template('streams/mongo_db/docker-compose.yml.erb'),
|
|
}
|
|
|
|
sunet::nftables::allow { 'mongo_allow_http' :
|
|
from => $allow_nets,
|
|
port => 80,
|
|
}
|
|
|
|
sunet::nftables::allow { 'mongo_allow_https' :
|
|
from => $allow_nets,
|
|
port => 443,
|
|
}
|
|
|
|
sunet::nftables::allow { 'mongo_database_allow_access' :
|
|
from => $allow_nets,
|
|
port => 27017,
|
|
}
|
|
|
|
# if 'wg0' in $facts['networking']['interfaces'].keys {
|
|
# sunet::nftables::allow { 'firmware_http' :
|
|
# from => lookup({'name' => "cnaas_nets.${cnaas_instance}.service_nets", 'default_value' => []}),
|
|
# port => 80,
|
|
# }
|
|
# }
|
|
}
|