diff --git a/REFERENCE.md b/REFERENCE.md
index cf596c2..e4fcc16 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -17,9 +17,9 @@
### Data types
-* [`Hdm::Gitdata`](#hdmgitdata): type to enforce git settings for HDM
-* [`Hdm::Ldap_settings`](#hdmldap_settings): type to enforce ldap settings for HDM
-* [`Hdm::Puppetdb`](#hdmpuppetdb): type to enforce puppetdb settings for HDM
+* [`Hdm::Gitdata`](#Hdm--Gitdata): type to enforce git settings for HDM
+* [`Hdm::Ldap_settings`](#Hdm--Ldap_settings): type to enforce ldap settings for HDM
+* [`Hdm::Puppetdb`](#Hdm--Puppetdb): type to enforce puppetdb settings for HDM
## Classes
@@ -39,27 +39,28 @@ include hdm
The following parameters are available in the `hdm` class:
-* [`method`](#method)
-* [`manage_docker`](#manage_docker)
-* [`version`](#version)
-* [`ruby_version`](#ruby_version)
-* [`port`](#port)
-* [`bind_ip`](#bind_ip)
-* [`hostname`](#hostname)
-* [`timezone`](#timezone)
-* [`hdm_path`](#hdm_path)
-* [`git_url`](#git_url)
-* [`user`](#user)
-* [`group`](#group)
-* [`puppetdb_settings`](#puppetdb_settings)
-* [`puppet_code_dir`](#puppet_code_dir)
-* [`allow_encryption`](#allow_encryption)
-* [`read_only`](#read_only)
-* [`git_data`](#git_data)
-* [`ldap_settings`](#ldap_settings)
-* [`hdm_hiera_config_file`](#hdm_hiera_config_file)
-
-##### `method`
+* [`method`](#-hdm--method)
+* [`manage_docker`](#-hdm--manage_docker)
+* [`version`](#-hdm--version)
+* [`ruby_version`](#-hdm--ruby_version)
+* [`port`](#-hdm--port)
+* [`bind_ip`](#-hdm--bind_ip)
+* [`hostname`](#-hdm--hostname)
+* [`timezone`](#-hdm--timezone)
+* [`hdm_path`](#-hdm--hdm_path)
+* [`secret_key_base`](#-hdm--secret_key_base)
+* [`git_url`](#-hdm--git_url)
+* [`user`](#-hdm--user)
+* [`group`](#-hdm--group)
+* [`puppetdb_settings`](#-hdm--puppetdb_settings)
+* [`puppet_code_dir`](#-hdm--puppet_code_dir)
+* [`allow_encryption`](#-hdm--allow_encryption)
+* [`read_only`](#-hdm--read_only)
+* [`git_data`](#-hdm--git_data)
+* [`ldap_settings`](#-hdm--ldap_settings)
+* [`hdm_hiera_config_file`](#-hdm--hdm_hiera_config_file)
+
+##### `method`
Data type: `Enum['docker', 'rvm']`
@@ -70,7 +71,7 @@ bundler gem.
Default value: `'docker'`
-##### `manage_docker`
+##### `manage_docker`
Data type: `Boolean`
@@ -81,9 +82,9 @@ RedHat and windows systems.
SLES users must install and start docker via puppet package
and service resource.
-Default value: ``true``
+Default value: `true`
-##### `version`
+##### `version`
Data type: `String[1]`
@@ -93,7 +94,7 @@ the git tag when using rvm
Default value: `'main'`
-##### `ruby_version`
+##### `ruby_version`
Data type: `String[1]`
@@ -102,7 +103,7 @@ Please check [hdm ruby version requirement](https://github.com/betadots/hdm/blob
Default value: `'3.1.2'`
-##### `port`
+##### `port`
Data type: `Stdlib::Port`
@@ -110,7 +111,7 @@ The port where HDM should run on
Default value: `3000`
-##### `bind_ip`
+##### `bind_ip`
Data type: `Stdlib::IP::Address::Nosubnet`
@@ -118,7 +119,7 @@ The ip address to bind the process to
Default value: `'0.0.0.0'`
-##### `hostname`
+##### `hostname`
Data type: `String[1]`
@@ -126,7 +127,7 @@ The HDM webservice hostname
Default value: `$facts['networking']['fqdn']`
-##### `timezone`
+##### `timezone`
Data type: `String[1]`
@@ -134,7 +135,7 @@ THe timezone to use when running with docker
Default value: `$facts['timezone']`
-##### `hdm_path`
+##### `hdm_path`
Data type: `Stdlib::Unixpath`
@@ -142,7 +143,15 @@ Path where one wants to install and configure hdm
Default value: `'/etc/hdm'`
-##### `git_url`
+##### `secret_key_base`
+
+Data type: `String[32,32]`
+
+A 32 character key. Key can be generated using `openssl rand -hex32`
+
+Default value: `'7a8509ab31fdb0c15c71c941d089474a'`
+
+##### `git_url`
Data type: `String[1]`
@@ -150,7 +159,7 @@ The git URL to clone the hdm repo from
Default value: `'https://github.com/betadots/hdm.git'`
-##### `user`
+##### `user`
Data type: `String[1]`
@@ -158,7 +167,7 @@ The hdm user name
Default value: `'hdm'`
-##### `group`
+##### `group`
Data type: `String[1]`
@@ -166,7 +175,7 @@ The hdm group name
Default value: `'hdm'`
-##### `puppetdb_settings`
+##### `puppetdb_settings`
Data type: `Hdm::Puppetdb`
@@ -201,7 +210,7 @@ Using SSL cert:
Default value: `{ 'server' => 'http://localhost:8080', }`
-##### `puppet_code_dir`
+##### `puppet_code_dir`
Data type: `Stdlib::Unixpath`
@@ -211,7 +220,7 @@ defaults to '/etc/puppetlabs/code'
Default value: `'/etc/puppetlabs/code'`
-##### `allow_encryption`
+##### `allow_encryption`
Data type: `Boolean`
@@ -220,9 +229,9 @@ Needs HDM access to EYAML keys (public and private)
Values for keys are taken from hiera.yaml file and can
not be set individually.
-Default value: ``false``
+Default value: `false`
-##### `read_only`
+##### `read_only`
Data type: `Boolean`
@@ -232,9 +241,9 @@ WARNING!! setting to true is untested!!!
Changes are stored via GIT.
Setting this to true also needs the git_data Array parameter
-Default value: ``true``
+Default value: `true`
-##### `git_data`
+##### `git_data`
Data type: `Optional[Hdm::Gitdata]`
@@ -252,9 +261,9 @@ Required Array of hash data:
]
```
-Default value: ``undef``
+Default value: `undef`
-##### `ldap_settings`
+##### `ldap_settings`
Data type: `Optional[Hdm::Ldap_settings]`
@@ -271,9 +280,9 @@ Needs the following Hash:
}
```
-Default value: ``undef``
+Default value: `undef`
-##### `hdm_hiera_config_file`
+##### `hdm_hiera_config_file`
Data type: `String[1]`
@@ -284,24 +293,24 @@ Default value: `'hiera.yaml'`
## Data types
-### `Hdm::Gitdata`
+### `Hdm::Gitdata`
type to enforce git settings for HDM
Alias of
```puppet
-Array[Optional[Struct[
+Array[Struct[
{
datadir => Stdlib::Unixpath,
git_url => String[1],
path_in_repo => String[1],
Optional[ssh_priv_key] => String[1],
}
- ]]]
+ ]]
```
-### `Hdm::Ldap_settings`
+### `Hdm::Ldap_settings`
type to enforce ldap settings for HDM
@@ -309,16 +318,16 @@ Alias of
```puppet
Struct[{
- Optional[host] => Stdlib::Host,
- Optional[port] => Stdlib::Port,
- Optional[base_dn] => String[1],
- Optional[bind_dn] => String[1],
- Optional[bind_dn_password] => String[1],
- 'ldaps' => Boolean,
+ 'host' => Stdlib::Host,
+ 'port' => Stdlib::Port,
+ 'base_dn' => String[1],
+ 'bind_dn' => String[1],
+ 'bind_dn_password' => Sensitive,
+ 'ldaps' => Boolean,
}]
```
-### `Hdm::Puppetdb`
+### `Hdm::Puppetdb`
type to enforce puppetdb settings for HDM
diff --git a/manifests/docker.pp b/manifests/docker.pp
index dcfb80d..debbf31 100644
--- a/manifests/docker.pp
+++ b/manifests/docker.pp
@@ -58,6 +58,7 @@
env => [
"TZ=${$hdm::timezone}",
"RAILS_DEVELOPMENT_HOSTS=${hdm::hostname}",
+ "SECRET_KEY_BASE=${hdm::secret_key_base}",
],
volumes => [
"${hdm::hdm_path}:${hdm::hdm_path}",
diff --git a/manifests/init.pp b/manifests/init.pp
index c5077b2..eba3946 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -31,6 +31,8 @@
#
# @param hdm_path Path where one wants to install and configure hdm
#
+# @param secret_key_base A secret key. Key can be generated using `openssl rand -hex 16`
+#
# @param git_url The git URL to clone the hdm repo from
#
# @param user The hdm user name
@@ -125,6 +127,7 @@
String[1] $hostname = $facts['networking']['fqdn'],
String[1] $timezone = $facts['timezone'],
Stdlib::Unixpath $hdm_path = '/etc/hdm',
+ String[1] $secret_key_base = '7a8509ab31fdb0c15c71c941d089474a',
String[1] $user = 'hdm',
String[1] $group = 'hdm',
String[1] $git_url = 'https://github.com/betadots/hdm.git',
@@ -139,9 +142,11 @@
) {
case $method {
'docker': {
+ $run_mode = 'production'
include hdm::docker
}
'rvm': {
+ $run_mode = 'development'
include hdm::rvm
}
default: {
diff --git a/metadata.json b/metadata.json
index 108a2ae..143979c 100644
--- a/metadata.json
+++ b/metadata.json
@@ -1,6 +1,6 @@
{
"name": "betadots-hdm",
- "version": "2.0.2",
+ "version": "2.1.0",
"author": "betadots GmbH",
"summary": "Manage Hiera Data Manager application",
"license": "Apache-2.0",
diff --git a/templates/hdm.yml.epp b/templates/hdm.yml.epp
index e750ea0..8a4c74d 100644
--- a/templates/hdm.yml.epp
+++ b/templates/hdm.yml.epp
@@ -1,5 +1,5 @@
---
-development:
+<%= $hdm::run_mode %>:
read_only: <%= $hdm::read_only %>
allow_encryption: <%= $hdm::allow_encryption %>
puppet_db: