puppet-osg

Table of Contents

1. Overview
2. Usage - Configuration examples and options
3. Reference - Parameter and detailed reference to all options
4. Limitations - OS compatibility, etc.
5. Development - Guide for testing and contributing to the module

Overview

The OSG module manages the various components that make up the Open Science Grid software stack.

OSG Compatibility

Currently this module supports OSG 3.5.

The current version support matrix is as follows:

OSG Versions	3.3	3.4	3.5
puppet-osg 1.x	yes	no	no
puppet-osg 2.x	yes	yes	no
puppet-osg 3.x	yes	yes	no
puppet-osg 4.x	no	yes	no
puppet-osg 5.x	no	no	yes

Usage

Classes

The public classes of this module are split into "roles". For example a CE would use the class osg::ce.

osg

The OSG class is required by all the other classes. This class sets parameters that are used by multiple "roles" and is the class responsible for configuring the OSG repos.

    class { 'osg': }

If all systems pull their grid-certificates from a shared filesystem then you instruct this module to install the empty-ca-certs package and symlink /home/osg/grid-certificates to /etc/grid-security/certificates. If this method is used some script must be executed on a regular basis to sync one system's certificates into the shared location. Such a script is currently outside the scope of this module.

    class { 'osg':
      shared_certs_path     => '/home/osg/grid-certificates',
      cacerts_package_name  => 'empty-ca-certs',
    }

The cacerts_package_ensure parameter can be used to ensure the latest CA certs package is installed. This is basically the same functionality as provided by the resources managed under the osg::cacerts::updater class.

    class { 'osg':
      cacerts_package_name   => 'osg-ca-certs',
      cacerts_package_ensure => 'latest',
    }

osg::cacerts::updater

The osg::cacerts::updater class by default will perform the following actions

• Install osg-ca-certs-updater and fetch-crl packages
• Configure /etc/cron.d/osg-ca-certs-updater
• Start the osg-ca-certs-updater-cron service
• Start the fetch-crl-cron service
• Stop the fetch-crl-boot service

Example usage:

    class { 'osg':
      cacerts_package_name => 'osg-ca-certs',
    }
    class { 'osg::cacerts::updater': }

This class essentially performs the same role as setting osg::cacerts_package_ensure and osg::cacerts_other_packages_ensure to latest.

osg::ce

This class by default configures a HTCondor CE. The following example is to configure using HTCondor-CE that uses the SLURM batch system. This example also shows how to setup a host as the system that keeps the shared grid-certificates up-to-date.

    class { 'osg':
      site_info_resource        => 'SITE_CE',
      site_info_resource_group  => 'SITE',
      site_info_sponsor         => 'vo-name-here',
      site_info_site_policy     => '',
      site_info_contact         => 'Full Name'
      site_info_email           => 'admin@site.com'
      site_info_city            => 'Somewhere'
      site_info_country         => 'USA'
      site_info_longitude       => '-0.000000'
      site_info_latitude        => '0.000000'
    }
    class { 'osg::ce':
      batch_system              => 'slurm',
      hostcert_source           => 'file:///home/admin/osg/certs/ce/hostcert.pem',
      hostkey_source            => 'file:///home/admin/osg/certs/ce/hostkey.pem',
    }

osg::client

The osg::client class is intended to configure client systems, such as login nodes, to interact with the OSG software. The example below is a rough idea of how one would configure a client system to send both condor and condor-ce requests to a remote HTCondor-CE instance.

    class { 'osg::client'
      condor_schedd_host    => 'ce.example.tld',
      condor_collector_host => 'ce.example.tld:9619',
    }

The default behavior is to ensure both condor and htcondor-ce are installed but the services for each are disabled.

osg::cvmfs

The osg::cvmfs class will install and configure a system to access the CVMFS wide-area filesystem. The default parameter values should be enough to allow access to the filesystem.

    class { 'osg::cvmfs': }

Any host that needs to access /cvmfs should have this class assigned.

osg::gridftp

The osg::gridftp class by default will configure a system as a standalone OSG GridFTP server. Note that the osg::ce classes declares this class with standalone set to false, so do not include this class if the osg::ce class is assigned.

    class { 'osg':
      site_info_resource        => 'SITE_GRIDFTP',
      site_info_resource_group  => 'SITE',
      site_info_sponsor         => 'vo-name-here',
      site_info_site_policy     => '',
      site_info_contact         => 'Full Name'
      site_info_email           => 'admin@site.com'
      site_info_city            => 'Somewhere'
      site_info_country         => 'USA'
      site_info_longitude       => '-0.000000'
      site_info_latitude        => '0.000000'
    }
    class { 'osg::gridftp':
      hostcert_source       => 'file:///home/admin/osg/certs/gridftp/hostcert.pem',
      hostkey_source        => 'file:///home/admin/osg/certs/gridftp/hostkey.pem',
    }

osg::lcmaps_voms

The following example will setup LCMAPS VOMS to authenticate the GLOW VO and ban CMS production. The vo parameter will create osg::lcmaps_voms::vo resources and the users parameter will create osg::lcmaps_voms::user resources.

    class { 'osg::lcmaps_voms':
      ban_voms => ['/cms/Role=production/*'],
      ban_users => ['/foo/baz'],
      vos       => {
        'glow' => '/GLOW/*',
        'glow1 => '['/GLOW/chtc/*', '/GLOW/Role=htpc/*'],
      },
      users     => {
        'foo'   => '/fooDN',
        'foobar => ['/foo', '/bar'],
      }
    }

osg::lcmaps_voms::vo

This defined type populates /etc/grid-security/voms-mapfile. The dn value can be an Array or a String.

    osg::lcmaps_voms::vo { 'nova':
      dn => '/fermilab/nova/Role=pilot',
    }

osg::lcmaps_voms::user

This defined type populates /etc/grid-security/grid-mapfile. The dn value can be an Array or a String.

    osg::lcmaps_voms::user { 'rsv':
      dn => '/DC=org/DC=opensciencegrid/O=Open Science Grid/OU=Services/CN=rsv/ce.example.com',
    }

osg::squid

The osg::squid class will configure a system to run the Frontier Squid service. The example below installs squid and configures the firewall to allow access to squid on the host's eth0 private interface and allows squid monitoring on the eth1 public interface.

    class { 'osg::squid':
      private_interface => 'eth0',
      public_interface  => 'eth1',
    }

Be sure to define squid_location that points to the location of the squid server

    class { 'osg':
      squid_location => 'squid.site.com',
    }

The customize_template can be used to pass a site-specific template used to customize squid. The template provided by this module is very basic. The value in the example below will look in the site_osg Puppet module under templates/squid for the file customize.sh.erb. The value of customize_template is passed directly to the Puppet template function.

    class { 'osg::squid':
      customize_template  => 'site_osg/squid/customize.sh.erb',
    }

osg::utils

The osg::utils class will install utility packages from OSG.

Example:

    class { 'osg::utils':}

osg::wn

The osg::wn class will configure a worker node to work with the OSG software. This class currently has no parameters and performs the following actions:

• Ensures the osg class is included (repo)
• Ensures the osg::cacerts class is included
• Installs osg-wn-client package
• Installs xrootd-client

Example:

    class { 'osg::wn': }

Types

osg_local_site_settings

The osg_local_site_settings custom type will configure values in /etc/osg/config.d/99-local-site-settings.ini. Some of the values are set in this module's classes. One example of a value not currently managed (though may be in the future):

    osg_local_site_settings { 'Storage/se_available':
      value   => true,
    }

Note that boolean values of true and false are converted to the Python bool values of True and False.

osg_gip_config

The osg_gip_config custom type will configure values in /etc/osg/config.d/30-gip.ini. Example of setting your batch system to SLURM.

    osg_gip_config { 'GIP/batch':
      value => 'slurm',
    }

You can also remove the settings defined in 30-gip.ini and use the osg_local_site_settings type to define all configs in /etc/osg/config.d/99-local-site-settings.ini

    resources { 'osg_gip_config': purge => true }
    osg_local_site_settings { 'GIP/batch':
      value => 'slurm',
    }

This can be useful as the 99-local-site-settings.ini does not take precedence in GIP like it does with osg-configure (ref).

Reference

http://treydock.github.io/puppet-osg/

Limitations

Tested operating systems:

• RedHat/CentOS 7

This module has only been thoroughly tested using OSG 3.5.

Development

Testing

Testing requires the following dependencies:

• rake
• bundler

Install gem dependencies

bundle install

Run unit tests

bundle exec rake spec

If you have Docker installed you can run system tests.

bundle exec rake beaker

Reference

Table of Contents

Classes

Public Classes

• osg: Class for common OSG parameters and common resources
• osg::cacerts::updater: Manage OSG CA certs updater
• osg::ce: Manage OSG CE
• osg::client: Manage OSG client
• osg::cvmfs: Manage OSG CVMFS
• osg::fetchcrl: Manage OSG fetchcrl
• osg::gridftp: Manage OSG GridFTP.
• osg::lcmaps_voms: Manage lcmaps VOMs
• osg::squid: Manage OSG squid
• osg::utils: Manage OSG utils
• osg::wn: Manage OSG worker node resources

Private Classes

• osg::cacerts: Manage OSG CA certs
• osg::ce::config: Manage OSG CE configs
• osg::ce::install: Install OSG CE
• osg::ce::service: Manage OSG CE Services
• osg::ce::users: Manage OSG CE Users
• osg::client::config: Manage OSG client configs
• osg::client::install: Install OSG client
• osg::client::service: Manage OSG client services
• osg::configure: Manage osg-configure
• osg::configure::misc: Manage osg-configure-misc
• osg::configure::site_info: Manage OSG configuration site info
• osg::cvmfs::config: Manage OSG CVMFS configs
• osg::cvmfs::install: Install CVMFS
• osg::cvmfs::service: Manage CVMFS service
• osg::cvmfs::user: Manage CVMFS users
• osg::gridftp::config: Manage GridFTP configs
• osg::gridftp::install: Install GridFTP
• osg::gridftp::service: Manage GridFTP service
• osg::lcmaps_voms::config: Manage lcmaps voms configs
• osg::lcmaps_voms::install: Install lcmaps voms support
• osg::repos: Manage OSG repos

Defined types

• osg::lcmaps_voms::user: Manage lcmaps VOMs user
• osg::lcmaps_voms::vo: Manage lcmaps VOMs VO entry

Resource types

• osg_gip_config: This type writes values to /etc/osg/config.d/30-gip.ini
• osg_local_site_settings: This type writes values to /etc/osg/config.d/99-local-site-settings.ini.

Classes

osg

Class for common OSG parameters and common resources

Parameters

The following parameters are available in the osg class:

• osg_release
• repo_baseurl_bit
• repo_development_baseurl_bit
• repo_testing_baseurl_bit
• repo_upcoming_baseurl_bit
• repo_use_mirrors
• repo_gpgkey
• enable_osg
• enable_osg_empty
• enable_osg_contrib
• manage_epel
• auth_type
• cacerts_package_name
• cacerts_package_ensure
• shared_certs_path
• globus_tcp_port_range_min
• globus_tcp_port_range_max
• globus_tcp_source_range_min
• globus_tcp_source_range_max
• enable_exported_resources
• exported_resources_export_tag
• exported_resource_collect_tag
• site_info_group
• site_info_host_name
• site_info_resource
• site_info_resource_group
• site_info_sponsor
• site_info_site_policy
• site_info_contact
• site_info_email
• site_info_city
• site_info_country
• site_info_longitude
• site_info_latitude
• squid_location
• purge_local_site_settings
• purge_gip_config

osg_release

Data type: Enum['3.5']

OSG release

Default value: '3.5'

repo_baseurl_bit

Data type: Optional[String]

Base URL for osg repo, eg: https://repo.opensciencegrid.org

Default value: 'https://repo.opensciencegrid.org'

repo_development_baseurl_bit

Data type: Optional[String]

Base URL for osg-development repo, default: https://repo.opensciencegrid.org

Default value: undef

repo_testing_baseurl_bit

Data type: Optional[String]

Base URL for osg-testubg repo, default: https://repo.opensciencegrid.org

Default value: undef

repo_upcoming_baseurl_bit

Data type: Optional[String]

Base URL for osg-upcoming repo, default: https://repo.opensciencegrid.org

Default value: undef

repo_use_mirrors

Data type: Boolean

Sets if repos should use mirrors

Default value: true

repo_gpgkey

Data type: Optional[String]

Path to repo GPG key

Default value: undef

enable_osg

Data type: Boolean

Enable the osg repo

Default value: true

enable_osg_empty

Data type: Boolean

Enable the osg-empty repo

Default value: true

enable_osg_contrib

Data type: Boolean

Enable the osg-contrib repo

Default value: false

manage_epel

Data type: Boolean

Manage the EPEL repo

Default value: true

auth_type

Data type: Enum['lcmaps_voms']

Grid authentication type

Default value: 'lcmaps_voms'

cacerts_package_name

Data type: Enum['osg-ca-certs', 'igtf-ca-certs', 'empty-ca-certs']

Package name for osg-ca-certs

Default value: 'osg-ca-certs'

cacerts_package_ensure

Data type: String

CA certs package ensure

Default value: 'installed'

shared_certs_path

Data type: String

Path to location of shared certs, for example if storing certs on NFS

Default value: '/opt/grid-certificates'

globus_tcp_port_range_min

Data type: Integer[0, 65535]

Min for GLOBUS_TCP_PORT_RANGE

Default value: 40000

globus_tcp_port_range_max

Data type: Integer[0, 65535]

Max for GLOBUS_TCP_PORT_RANGE

Default value: 41999

globus_tcp_source_range_min

Data type: Integer[0, 65535]

Min for GLOBUS_TCP_SOURCE_RANGE

Default value: 40000

globus_tcp_source_range_max

Data type: Integer[0, 65535]

Max for GLOBUS_TCP_SOURCE_RANGE

Default value: 41999

enable_exported_resources

Data type: Boolean

Enable exported resources, useful when services like Squid and CE live on different hosts

Default value: false

exported_resources_export_tag

Data type: String

Exported resources export tag

Default value: $facts['domain']

exported_resource_collect_tag

Data type: String

Exported resources collect tag

Default value: $facts['domain']

site_info_group

Data type: String

osg-configure Site Information/group

Default value: 'OSG'

site_info_host_name

Data type: String

osg-configure Site Information/host_name

Default value: $::fqdn

site_info_resource

Data type: String

osg-configure Site Information/resource

Default value: 'UNAVAILABLE'

site_info_resource_group

Data type: String

osg-configure Site Information/resource_group

Default value: 'UNAVAILABLE'

site_info_sponsor

Data type: String

osg-configure Site Information/sponsor

Default value: 'UNAVAILABLE'

site_info_site_policy

Data type: String

osg-configure Site Information/site_policy

Default value: 'UNAVAILABLE'

site_info_contact

Data type: String

osg-configure Site Information/contact

Default value: 'UNAVAILABLE'

site_info_email

Data type: String

osg-configure Site Information/email

Default value: 'UNAVAILABLE'

site_info_city

Data type: String

osg-configure Site Information/city

Default value: 'UNAVAILABLE'

site_info_country

Data type: String

osg-configure Site Information/country

Default value: 'UNAVAILABLE'

site_info_longitude

Data type: String

osg-configure Site Information/longitude

Default value: 'UNAVAILABLE'

site_info_latitude

Data type: String

osg-configure Site Information/latitude

Default value: 'UNAVAILABLE'

squid_location

Data type: Optional[String]

osg-confgiure Squid/location

Default value: undef

purge_local_site_settings

Data type: Boolean

Purge unmanaged osg_local_site_settings resources

Default value: true

purge_gip_config

Data type: Boolean

Purge unmanaged osg_gip_config

Default value: true

osg::cacerts::updater

Manage OSG CA certs updater

Parameters

The following parameters are available in the osg::cacerts::updater class:

• ensure
• min_age
• max_age
• random_wait
• quiet
• logfile
• package_name
• package_ensure
• service_name
• service_ensure
• service_enable
• config_replace

ensure

Data type: Enum['present', 'absent', 'disabled']

State of the resources managed by this class disabled will install the necessary packages but disable the service

Default value: 'present'

min_age

Data type: Integer

Min time between running updater

Default value: 23

max_age

Data type: Integer

Max time between running updater

Default value: 72

random_wait

Data type: Integer

Random wait time

Default value: 30

quiet

Data type: Boolean

Only display errors

Default value: true

logfile

Data type: Variant[Boolean,Undef,String]

Path to logfile

Default value: false

package_name

Data type: String

Package name

Default value: 'osg-ca-certs-updater'

package_ensure

Data type: String

Package ensure value

Default value: 'UNSET'

service_name

Data type: String

Service name

Default value: 'osg-ca-certs-updater-cron'

service_ensure

Data type: String

Service ensure value

Default value: 'UNSET'

service_enable

Data type: String

Service enable value

Default value: 'UNSET'

config_replace

Data type: Boolean

Should the cron config be replaced

Default value: true

osg::ce

Manage OSG CE

Parameters

The following parameters are available in the osg::ce class:

• storage_grid_dir
• storage_app_dir
• storage_data_dir
• storage_worker_node_temp
• storage_site_read
• storage_site_write
• batch_system
• batch_system_prefix
• pbs_server
• manage_hostcert
• hostcert_source
• hostkey_source
• htcondor_ce_port
• htcondor_ce_shared_port
• manage_firewall
• osg_local_site_settings
• osg_gip_configs
• manage_users
• condor_uid
• condor_gid
• gratia_uid
• gratia_gid
• condor_ce_config_content
• condor_ce_config_source
• blahp_local_submit_content
• blahp_local_submit_source
• include_view
• view_port
• per_job_history_dir
• gratia_probes_cron_service_ensure
• gratia_probes_cron_service_enable

storage_grid_dir

Data type: String

osg-configure Storage/grid_dir

Default value: '/etc/osg/wn-client/'

storage_app_dir

Data type: String

osg-configure Storage/app_dir

Default value: 'UNAVAILABLE'

storage_data_dir

Data type: String

osg-configure Storage/data_dir

Default value: 'UNAVAILABLE'

storage_worker_node_temp

Data type: String

osg-configure Storage/worker_node_temp

Default value: 'UNAVAILABLE'

storage_site_read

Data type: String

osg-configure Storage/site_read

Default value: 'UNAVAILABLE'

storage_site_write

Data type: String

osg-configure Storage/site_write

Default value: 'UNAVAILABLE'

batch_system

Data type: Enum['torque', 'pbs', 'slurm']

Batch system used to submit jobs

Default value: 'torque'

batch_system_prefix

Data type: String

Prefix of where batch system commands are installed

Default value: '/usr'

pbs_server

Data type: String

PBS server address when batch_system is torque or pbs

Default value: 'UNAVAILABLE'

manage_hostcert

Data type: Boolean

Boolean that determines if hostcert is managed

Default value: true

hostcert_source

Data type: Optional[String]

The source of the hostcert

Default value: undef

hostkey_source

Data type: Optional[String]

The source of the hostkey

Default value: undef

htcondor_ce_port

Data type: Integer[0, 65535]

HTCondor CE port

Default value: 9619

htcondor_ce_shared_port

Data type: Integer[0, 65535]

HTCondor CE shared port

Default value: 9620

manage_firewall

Data type: Boolean

Boolean taht determines if firewall rules should be managed

Default value: true

osg_local_site_settings

Data type: Hash

Extra configs for osg-configure local site settings Example: { 'Local Settings/PATH' => { 'value' => '/opt/singularity/bin:$PATH' } }

Default value: {}

osg_gip_configs

Data type: Hash

Extra configs for osg-configure GIP configs Example: { 'Subcluster owens/ram_mb' => { 'value' => 128000 } }

Default value: {}

manage_users

Data type: Boolean

Boolean of whether to manage users and groups

Default value: true

condor_uid

Data type: Optional[Integer]

The UID of condor user

Default value: undef

condor_gid

Data type: Optional[Integer]

The GID of condor group

Default value: undef

gratia_uid

Data type: Optional[Integer]

The UID of gratia user

Default value: undef

gratia_gid

Data type: Optional[Integer]

The GID of gratia group

Default value: undef

condor_ce_config_content

Data type: Optional[String]

Content for /etc/condor-ce/config.d/99-local.conf

Default value: undef

condor_ce_config_source

Data type: Optional[String]

Source for /etc/condor-ce/config.d/99-local.conf

Default value: undef

blahp_local_submit_content

Data type: Optional[String]

Content for blahp local submit attributes

Default value: undef

blahp_local_submit_source

Data type: Optional[String]

Source for blahp local submit attributes

Default value: undef

include_view

Data type: Boolean

Boolean to determine if adding Condor CE View

Default value: false

view_port

Data type: Integer[0, 65535]

Port for Condor CE View

Default value: 8080

per_job_history_dir

Data type: Stdlib::Absolutepath

Path used for Gratia probe DataFolder

Default value: '/var/lib/gratia/data'

gratia_probes_cron_service_ensure

Data type: String

Service ensure for gratia-probes-cron service

Default value: 'running'

gratia_probes_cron_service_enable

Data type: Boolean

Service enable for gratia-probes-cron service

Default value: true

osg::client

Manage OSG client

Parameters

The following parameters are available in the osg::client class:

• with_condor
• with_condor_ce
• condor_lowport
• condor_highport
• condor_schedd_host
• condor_collector_host
• manage_firewall
• enable_condor_service
• enable_condor_ce_service
• condor_configs_override
• condor_ce_configs_override

with_condor

Data type: Boolean

Include Condor support

Default value: true

with_condor_ce

Data type: Boolean

Include Condor CE support

Default value: true

condor_lowport

Data type: Integer[0, 65535]

Condor lowport

Default value: 40000

condor_highport

Data type: Integer[0, 65535]

Condor highport

Default value: 41999

condor_schedd_host

Data type: Optional[String]

Condor schedd host

Default value: undef

condor_collector_host

Data type: Optional[String]

Condor collector host

Default value: undef

manage_firewall

Data type: Boolean

Manage the firewall rules

Default value: true

enable_condor_service

Data type: Boolean

Enable Condor service

Default value: false

enable_condor_ce_service

Data type: Boolean

Enable Condor CE service

Default value: false

condor_configs_override

Data type: Hash

Config overrides for Condor

Default value: {}

condor_ce_configs_override

Data type: Hash

Config overrides for Condor CE

Default value: {}

osg::cvmfs

Manage OSG CVMFS

Parameters

The following parameters are available in the osg::cvmfs class:

• manage_user
• user_name
• user_uid
• user_home
• user_shell
• user_system
• user_comment
• user_managehome
• manage_group
• group_name
• group_gid
• group_system
• manage_fuse_group
• fuse_group_name
• fuse_group_gid
• fuse_group_system
• package_ensure
• repositories
• strict_mount
• cache_base
• quota_limit
• http_proxies
• cern_server_urls
• glite_version
• cms_local_site

manage_user

Data type: Boolean

Boolean to set if CVMFS user is managed

Default value: true

user_name

Data type: String

CVMFS user name

Default value: 'cvmfs'

user_uid

Data type: Optional[Integer]

CVMFS user UID

Default value: undef

user_home

Data type: String

CVMFS user home

Default value: '/var/lib/cvmfs'

user_shell

Data type: String

CVMFS user shell

Default value: '/sbin/nologin'

user_system

Data type: Boolean

Sets if CVMFS user is a system account

Default value: true

user_comment

Data type: String

CVMFS user comment

Default value: 'CernVM-FS service account'

user_managehome

Data type: Boolean

Sets if CVMFS user home is managed

Default value: false

manage_group

Data type: Boolean

Boolean to set if CVMFS group is managed

Default value: true

group_name

Data type: String

CVMFS group name

Default value: 'cvmfs'

group_gid

Data type: Optional[Integer]

CVMFS group GID

Default value: undef

group_system

Data type: Boolean

Sets if CVMFS group is a system account

Default value: true

manage_fuse_group

Data type: Boolean

Manage FUSE group

Default value: true

fuse_group_name

Data type: String

FUSE group name

Default value: 'fuse'

fuse_group_gid

Data type: Optional[Integer]

FUSE group GID

Default value: undef

fuse_group_system

Data type: Boolean

Sets if FUSE group is a system account

Default value: true

package_ensure

Data type: String

Ensure property for CVMFS package

Default value: 'installed'

repositories

Data type: Optional[Array]

CVMFS repositories to enable, eg: grid.cern.ch

Default value: undef

strict_mount

Data type: Boolean

Enable CVMFS strict mount, only allow mounting repositories from repositories parameter

Default value: false

cache_base

Data type: String

Base directory for CVMFS cache

Default value: '/var/cache/cvmfs'

quota_limit

Data type: Integer

Quota limit for CVMFS cache

Default value: 20000

http_proxies

Data type: Array

Squid HTTP proxies for CVMFS

Default value: ["http://squid.${facts['networking']['domain']}:3128"]

cern_server_urls

Data type: Array

Value for CVMFS_SERVER_URL

Default value: []

glite_version

Data type: String

glite version

Default value: ''

cms_local_site

Data type: Optional[String]

Value for CMS_LOCAL_SITE

Default value: undef

osg::fetchcrl

Manage OSG fetchcrl

Parameters

The following parameters are available in the osg::fetchcrl class:

• ensure
• crl_package_name
• crl_package_ensure
• crl_boot_service_name
• crl_boot_service_ensure
• crl_boot_service_enable
• crl_cron_service_name
• crl_cron_service_ensure
• crl_cron_service_enable
• use_syslog

ensure

Data type: Enum['present', 'absent', 'disabled']

State of OSG fetchcrl disabled will install but disable service

Default value: 'present'

crl_package_name

Data type: String

fetch-crl package name

Default value: 'fetch-crl'

crl_package_ensure

Data type: String

Ensure property for fetch-crl package

Default value: 'UNSET'

crl_boot_service_name

Data type: String

fetch-crl-boot package name

Default value: 'fetch-crl-boot'

crl_boot_service_ensure

Data type: String

fetch-crl-boot service ensure

Default value: 'stopped'

crl_boot_service_enable

Data type: Boolean

fetch-crl-boot service enable

Default value: false

crl_cron_service_name

Data type: String

fetch-crl-cron service name

Default value: 'fetch-crl-cron'

crl_cron_service_ensure

Data type: String

fetch-crl-cron service ensure

Default value: 'UNSET'

crl_cron_service_enable

Data type: Variant[Boolean, Enum['UNSET']]

fetch-crl-cron service enable

Default value: 'UNSET'

use_syslog

Data type: Boolean

Boolean to set if syslog should be used

Default value: true

osg::gridftp

Manage OSG GridFTP.

Parameters

The following parameters are available in the osg::gridftp class:

• manage_hostcert
• hostcert_source
• hostkey_source
• manage_firewall
• standalone

manage_hostcert

Data type: Boolean

Boolean to set if hostcert should be managed

Default value: true

hostcert_source

Data type: Optional[String]

Source for hostcert

Default value: undef

hostkey_source

Data type: Optional[String]

Source for hostkey

Default value: undef

manage_firewall

Data type: Boolean

Boolean to set if the firewall resources should be managed

Default value: true

standalone

Data type: Boolean

Sets if the GridFTP server is standalone. This parameter is considered private. This parameter is intended for when installing GridFTP on a CE and is handled by osg::ce class

Default value: true

osg::lcmaps_voms

Manage lcmaps VOMs

Parameters

The following parameters are available in the osg::lcmaps_voms class:

• ban_voms
• ban_users
• vos
• users

ban_voms

Data type: Array

VOMs to ban

Default value: []

ban_users

Data type: Array

Users to ban

Default value: []

vos

Data type: Hash[String, Variant[String, Array, Hash]]

Define osg::lcmaps_voms::vo resources Example: { 'vo' => '/DN' } Example: { 'vo' => { 'dn' => '/DN' } }

Default value: {}

users

Data type: Hash[String, Variant[String, Array, Hash]]

Define osg::lcmaps_voms::user resources Example: { 'user' => '/DN' } Example: { 'user' => { 'dn' => '/DN' } }

Default value: {}

osg::squid

Manage OSG squid

Parameters

The following parameters are available in the osg::squid class:

• customize_template
• net_local
• monitor_addresses
• allow_major_cvmfs
• max_filedescriptors
• manage_firewall
• squid_firewall_ensure
• monitoring_firewall_ensure
• private_interface
• public_interface

customize_template

Data type: String

Path to template used to customize squid

Default value: 'osg/squid/customize.sh.erb'

net_local

Data type: Array

Local networks

Default value: ['10.0.0.0/8', '172.16.0.0/12', '192.168.0.0/16']

monitor_addresses

Data type: Array

Monitor addresses

Default value: ['128.142.0.0/16', '188.184.128.0/17', '188.185.128.0/17']

allow_major_cvmfs

Data type: Boolean

Enables and allows MAJOR_CVMFS

Default value: true

max_filedescriptors

Data type: Integer

Sets max_filedescriptors

Default value: 0

manage_firewall

Data type: Boolean

Manage firewall resources

Default value: true

squid_firewall_ensure

Data type: Enum['present', 'absent']

Ensure property for squid firewall

Default value: 'present'

monitoring_firewall_ensure

Data type: Enum['present', 'absent']

Ensure property for monitoring firewall

Default value: 'present'

private_interface

Data type: Optional[String]

Private interface, used by firewall rules to allow squid access

Default value: undef

public_interface

Data type: Optional[String]

Public interface, used by firewall rules to allow monitor addresses

Default value: undef

osg::utils

Manage OSG utils

Parameters

The following parameters are available in the osg::utils class:

• packages

packages

Data type: Array

Packages to install

Default value: [ 'globus-proxy-utils', 'osg-pki-tools', ]

osg::wn

Manage OSG worker node resources

Defined types

osg::lcmaps_voms::user

Manage lcmaps VOMs user

Parameters

The following parameters are available in the osg::lcmaps_voms::user defined type:

• dn
• user
• order

dn

Data type: Variant[Array, String]

DN of the user

user

Data type: String

Name of the user

Default value: $name

order

Data type: Integer

Order in the grid-mapfile

Default value: 50

osg::lcmaps_voms::vo

Manage lcmaps VOMs VO entry

Parameters

The following parameters are available in the osg::lcmaps_voms::vo defined type:

• dn
• user
• order

dn

Data type: Variant[Array, String]

DN of the VO

user

Data type: String

User name

Default value: $name

order

Data type: Integer

Order in voms-mapfile

Default value: 50

Resource types

osg_gip_config

This type writes values to /etc/osg/config.d/30-gip.ini

Properties

The following properties are available in the osg_gip_config type.

ensure

Valid values: present, absent

The basic property that the resource should be in.

Default value: present

value

The value to assign. A value of true is converted to the string True. A value of false is converted to the string False. All other values are converted to a string.

Parameters

The following parameters are available in the osg_gip_config type.

• name
• provider

name

namevar

The name must be in the format of SECTION/SETTING

[GIP]
batch = slurm

The above would have the name GIP/batch.

provider

The specific backend to use for this osg_gip_config resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform.

osg_local_site_settings

This type writes values to /etc/osg/config.d/99-local-site-settings.ini.

Properties

The following properties are available in the osg_local_site_settings type.

ensure

Valid values: present, absent

The basic property that the resource should be in.

Default value: present

value

The value to assign. A value of true is converted to the string True. A value of false is converted to the string False. All other values are converted to a string.

Parameters

The following parameters are available in the osg_local_site_settings type.

• name
• provider

name

namevar

The name must be in the format of SECTION/SETTING

[Squid]
location = squid.example.tld

The above would have the name Squid/location.

provider

The specific backend to use for this osg_local_site_settings resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform.

Change log

All notable changes to this project will be documented in this file. The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

v6.1.0 (2022-06-27)

Full Changelog

Added

• Enable upcoming repository by default #39 (treydock)

v6.0.0 (2022-04-18)

Full Changelog

Changed

• Drop Puppet 5, Add Puppet 7 , bump module dependencies #38 (treydock)

v5.2.1 (2021-01-15)

Full Changelog

Fixed

• Do not set SuppressNODNRecords, not needed #36 (treydock)

v5.2.0 (2021-01-07)

Full Changelog

Added

• Use HTCondor-CE gratia probe by default #35 (treydock)

v5.1.0 (2020-12-16)

Full Changelog

Added

• Remove unused OSG configurations and allow gratia-probes-cron to be turned off #34 (treydock)

v5.0.0 (2020-03-09)

Full Changelog

Changed

• BREAKING: Misc changes #31 (treydock)
• BREAKING: Switch to OSG 3.5 #30 (treydock)

v4.4.0 (2020-03-05)

Full Changelog

Added

• PDK convert and update dependencies #29 (treydock)
• Allow repos to be disabled #28 (wmoore28)

4.3.1 (2019-11-12)

Full Changelog

Fixed

• Re-release 4.3.0 #27 (treydock)
• Add work around for OSG-SEC-2019-11-11 #26 (treydock)

4.3.0 (2019-11-11)

Full Changelog

Added

• Support Puppet 5 & 6 and bump module dependencies #25 (treydock)

Fixed

• Remove old autofs parameter mapfile_manage #24 (wmoore28)

4.2.2 (2018-07-05)

Full Changelog

Fixed

• Update rsv apache template to match upstream #23 (treydock)

4.2.1 (2018-05-02)

Full Changelog

Fixed

• Fix permissions for /bin/fusermount on EL6 #22 (treydock)

4.2.0 (2018-04-24)

Full Changelog

Added

• Make repo URLs match what is defined in latest osg-release RPMs #20 (treydock)

Fixed

• Limit osg-empty repo to packages installed #21 (treydock)

4.1.1 (2018-01-09)

Full Changelog

Fixed

• Allow autofs 4.x, apache 2.x and concat 4.x dependencies #19 (treydock)

4.1.0 (2017-11-09)

Full Changelog

Added

• Set RSV cert and key path for osg-configure and ensure the files exist before the values are set #17 (treydock)
• Fully drop support for Puppet 3 #16 (treydock)

Fixed

• Fix rsv service resource to check status instead of presence of file #18 (treydock)
• Remove unused variables #14 (treydock)
• Remove sudo and logrotate dependencies, these modules are not used by this module #13 (treydock)

4.0.0 (2017-10-02)

Full Changelog

Changed

• Remove support for OSG 3.3 components #12 (treydock)

Added

• Move storage INI configurations to osg::ce #11 (treydock)

3.0.0 (2017-10-02)

Full Changelog

Changed

• Remove GRAM resources and only support HTCondor-CE gateway #10 (treydock)
• Remove deprecated osg::lcmaps class #5 (treydock)

Added

• Switch all parameters to use proper data types #9 (treydock)
• Set defaults for osg::osg_release to 3.4 and osg::auth_type to lcmaps_voms #3 (treydock)

Fixed

• Only manage osg::ce http cert/key on OSG 3.3 #8 (treydock)
• Do not manage tomcat user/group for OSG 3.4 for osg::ce #7 (treydock)
• Puppet syntax cleanup #6 (treydock)
• Add notify to resources that purge configs #4 (treydock)
• Do not install empty-torque, no longer needed. #2 (treydock)

2.0.0 (2017-09-26)

Full Changelog

1.0.0 (2017-05-04)

Full Changelog

v0.0.3 (2013-06-14)

Full Changelog

v0.0.2 (2013-06-11)

Full Changelog

* This Changelog was automatically generated by github_changelog_generator