osg
: Class for common OSG parameters and common resourcesosg::cacerts::updater
: Manage OSG CA certs updaterosg::ce
: Manage OSG CEosg::client
: Manage OSG clientosg::cvmfs
: Manage OSG CVMFSosg::fetchcrl
: Manage OSG fetchcrlosg::gridftp
: Manage OSG GridFTP.osg::lcmaps_voms
: Manage lcmaps VOMsosg::squid
: Manage OSG squidosg::utils
: Manage OSG utilsosg::wn
: Manage OSG worker node resources
osg::cacerts
: Manage OSG CA certsosg::ce::config
: Manage OSG CE configsosg::ce::install
: Install OSG CEosg::ce::service
: Manage OSG CE Servicesosg::ce::users
: Manage OSG CE Usersosg::client::config
: Manage OSG client configsosg::client::install
: Install OSG clientosg::client::service
: Manage OSG client servicesosg::configure
: Manage osg-configureosg::configure::misc
: Manage osg-configure-miscosg::configure::site_info
: Manage OSG configuration site infoosg::cvmfs::config
: Manage OSG CVMFS configsosg::cvmfs::install
: Install CVMFSosg::cvmfs::service
: Manage CVMFS serviceosg::cvmfs::user
: Manage CVMFS usersosg::gridftp::config
: Manage GridFTP configsosg::gridftp::install
: Install GridFTPosg::gridftp::service
: Manage GridFTP serviceosg::lcmaps_voms::config
: Manage lcmaps voms configsosg::lcmaps_voms::install
: Install lcmaps voms supportosg::repos
: Manage OSG repos
osg::lcmaps_voms::user
: Manage lcmaps VOMs userosg::lcmaps_voms::vo
: Manage lcmaps VOMs VO entry
osg_gip_config
: This type writes values to/etc/osg/config.d/30-gip.ini
osg_local_site_settings
: This type writes values to/etc/osg/config.d/99-local-site-settings.ini
.
Class for common OSG parameters and common resources
The following parameters are available in the osg
class:
osg_release
repo_baseurl_bit
repo_development_baseurl_bit
repo_testing_baseurl_bit
repo_upcoming_baseurl_bit
repo_use_mirrors
repo_gpgkey
enable_osg
enable_osg_empty
enable_osg_contrib
manage_epel
auth_type
cacerts_package_name
cacerts_package_ensure
shared_certs_path
globus_tcp_port_range_min
globus_tcp_port_range_max
globus_tcp_source_range_min
globus_tcp_source_range_max
enable_exported_resources
exported_resources_export_tag
exported_resource_collect_tag
site_info_group
site_info_host_name
site_info_resource
site_info_resource_group
site_info_sponsor
site_info_site_policy
site_info_contact
site_info_email
site_info_city
site_info_country
site_info_longitude
site_info_latitude
squid_location
purge_local_site_settings
purge_gip_config
Data type: Enum['3.5']
OSG release
Default value: '3.5'
Data type: Optional[String]
Base URL for osg repo, eg: https://repo.opensciencegrid.org
Default value: 'https://repo.opensciencegrid.org'
Data type: Optional[String]
Base URL for osg-development repo, default: https://repo.opensciencegrid.org
Default value: undef
Data type: Optional[String]
Base URL for osg-testubg repo, default: https://repo.opensciencegrid.org
Default value: undef
Data type: Optional[String]
Base URL for osg-upcoming repo, default: https://repo.opensciencegrid.org
Default value: undef
Data type: Boolean
Sets if repos should use mirrors
Default value: true
Data type: Optional[String]
Path to repo GPG key
Default value: undef
Data type: Boolean
Enable the osg repo
Default value: true
Data type: Boolean
Enable the osg-empty repo
Default value: true
Data type: Boolean
Enable the osg-contrib repo
Default value: false
Data type: Boolean
Manage the EPEL repo
Default value: true
Data type: Enum['lcmaps_voms']
Grid authentication type
Default value: 'lcmaps_voms'
Data type: Enum['osg-ca-certs', 'igtf-ca-certs', 'empty-ca-certs']
Package name for osg-ca-certs
Default value: 'osg-ca-certs'
Data type: String
CA certs package ensure
Default value: 'installed'
Data type: String
Path to location of shared certs, for example if storing certs on NFS
Default value: '/opt/grid-certificates'
Data type: Integer[0, 65535]
Min for GLOBUS_TCP_PORT_RANGE
Default value: 40000
Data type: Integer[0, 65535]
Max for GLOBUS_TCP_PORT_RANGE
Default value: 41999
Data type: Integer[0, 65535]
Min for GLOBUS_TCP_SOURCE_RANGE
Default value: 40000
Data type: Integer[0, 65535]
Max for GLOBUS_TCP_SOURCE_RANGE
Default value: 41999
Data type: Boolean
Enable exported resources, useful when services like Squid and CE live on different hosts
Default value: false
Data type: String
Exported resources export tag
Default value: $facts['domain']
Data type: String
Exported resources collect tag
Default value: $facts['domain']
Data type: String
osg-configure Site Information/group
Default value: 'OSG'
Data type: String
osg-configure Site Information/host_name
Default value: $::fqdn
Data type: String
osg-configure Site Information/resource
Default value: 'UNAVAILABLE'
Data type: String
osg-configure Site Information/resource_group
Default value: 'UNAVAILABLE'
Data type: String
osg-configure Site Information/sponsor
Default value: 'UNAVAILABLE'
Data type: String
osg-configure Site Information/site_policy
Default value: 'UNAVAILABLE'
Data type: String
osg-configure Site Information/contact
Default value: 'UNAVAILABLE'
Data type: String
osg-configure Site Information/email
Default value: 'UNAVAILABLE'
Data type: String
osg-configure Site Information/city
Default value: 'UNAVAILABLE'
Data type: String
osg-configure Site Information/country
Default value: 'UNAVAILABLE'
Data type: String
osg-configure Site Information/longitude
Default value: 'UNAVAILABLE'
Data type: String
osg-configure Site Information/latitude
Default value: 'UNAVAILABLE'
Data type: Optional[String]
osg-confgiure Squid/location
Default value: undef
Data type: Boolean
Purge unmanaged osg_local_site_settings resources
Default value: true
Data type: Boolean
Purge unmanaged osg_gip_config
Default value: true
Manage OSG CA certs updater
The following parameters are available in the osg::cacerts::updater
class:
ensure
min_age
max_age
random_wait
quiet
logfile
package_name
package_ensure
service_name
service_ensure
service_enable
config_replace
Data type: Enum['present', 'absent', 'disabled']
State of the resources managed by this class
disabled
will install the necessary packages but disable the service
Default value: 'present'
Data type: Integer
Min time between running updater
Default value: 23
Data type: Integer
Max time between running updater
Default value: 72
Data type: Integer
Random wait time
Default value: 30
Data type: Boolean
Only display errors
Default value: true
Data type: Variant[Boolean,Undef,String]
Path to logfile
Default value: false
Data type: String
Package name
Default value: 'osg-ca-certs-updater'
Data type: String
Package ensure value
Default value: 'UNSET'
Data type: String
Service name
Default value: 'osg-ca-certs-updater-cron'
Data type: String
Service ensure value
Default value: 'UNSET'
Data type: String
Service enable value
Default value: 'UNSET'
Data type: Boolean
Should the cron config be replaced
Default value: true
Manage OSG CE
The following parameters are available in the osg::ce
class:
storage_grid_dir
storage_app_dir
storage_data_dir
storage_worker_node_temp
storage_site_read
storage_site_write
batch_system
batch_system_prefix
pbs_server
manage_hostcert
hostcert_source
hostkey_source
htcondor_ce_port
htcondor_ce_shared_port
manage_firewall
osg_local_site_settings
osg_gip_configs
manage_users
condor_uid
condor_gid
gratia_uid
gratia_gid
condor_ce_config_content
condor_ce_config_source
blahp_local_submit_content
blahp_local_submit_source
include_view
view_port
per_job_history_dir
gratia_probes_cron_service_ensure
gratia_probes_cron_service_enable
Data type: String
osg-configure Storage/grid_dir
Default value: '/etc/osg/wn-client/'
Data type: String
osg-configure Storage/app_dir
Default value: 'UNAVAILABLE'
Data type: String
osg-configure Storage/data_dir
Default value: 'UNAVAILABLE'
Data type: String
osg-configure Storage/worker_node_temp
Default value: 'UNAVAILABLE'
Data type: String
osg-configure Storage/site_read
Default value: 'UNAVAILABLE'
Data type: String
osg-configure Storage/site_write
Default value: 'UNAVAILABLE'
Data type: Enum['torque', 'pbs', 'slurm']
Batch system used to submit jobs
Default value: 'torque'
Data type: String
Prefix of where batch system commands are installed
Default value: '/usr'
Data type: String
PBS server address when batch_system
is torque
or pbs
Default value: 'UNAVAILABLE'
Data type: Boolean
Boolean that determines if hostcert is managed
Default value: true
Data type: Optional[String]
The source of the hostcert
Default value: undef
Data type: Optional[String]
The source of the hostkey
Default value: undef
Data type: Integer[0, 65535]
HTCondor CE port
Default value: 9619
Data type: Integer[0, 65535]
HTCondor CE shared port
Default value: 9620
Data type: Boolean
Boolean taht determines if firewall rules should be managed
Default value: true
Data type: Hash
Extra configs for osg-configure local site settings
Example: { 'Local Settings/PATH' => { 'value' => '/opt/singularity/bin:$PATH' } }
Default value: {}
Data type: Hash
Extra configs for osg-configure GIP configs
Example: { 'Subcluster owens/ram_mb' => { 'value' => 128000 } }
Default value: {}
Data type: Boolean
Boolean of whether to manage users and groups
Default value: true
Data type: Optional[Integer]
The UID of condor user
Default value: undef
Data type: Optional[Integer]
The GID of condor group
Default value: undef
Data type: Optional[Integer]
The UID of gratia user
Default value: undef
Data type: Optional[Integer]
The GID of gratia group
Default value: undef
Data type: Optional[String]
Content for /etc/condor-ce/config.d/99-local.conf
Default value: undef
Data type: Optional[String]
Source for /etc/condor-ce/config.d/99-local.conf
Default value: undef
Data type: Optional[String]
Content for blahp local submit attributes
Default value: undef
Data type: Optional[String]
Source for blahp local submit attributes
Default value: undef
Data type: Boolean
Boolean to determine if adding Condor CE View
Default value: false
Data type: Integer[0, 65535]
Port for Condor CE View
Default value: 8080
Data type: Stdlib::Absolutepath
Path used for Gratia probe DataFolder
Default value: '/var/lib/gratia/data'
Data type: String
Service ensure for gratia-probes-cron service
Default value: 'running'
Data type: Boolean
Service enable for gratia-probes-cron service
Default value: true
Manage OSG client
The following parameters are available in the osg::client
class:
with_condor
with_condor_ce
condor_lowport
condor_highport
condor_schedd_host
condor_collector_host
manage_firewall
enable_condor_service
enable_condor_ce_service
condor_configs_override
condor_ce_configs_override
Data type: Boolean
Include Condor support
Default value: true
Data type: Boolean
Include Condor CE support
Default value: true
Data type: Integer[0, 65535]
Condor lowport
Default value: 40000
Data type: Integer[0, 65535]
Condor highport
Default value: 41999
Data type: Optional[String]
Condor schedd host
Default value: undef
Data type: Optional[String]
Condor collector host
Default value: undef
Data type: Boolean
Manage the firewall rules
Default value: true
Data type: Boolean
Enable Condor service
Default value: false
Data type: Boolean
Enable Condor CE service
Default value: false
Data type: Hash
Config overrides for Condor
Default value: {}
Data type: Hash
Config overrides for Condor CE
Default value: {}
Manage OSG CVMFS
The following parameters are available in the osg::cvmfs
class:
manage_user
user_name
user_uid
user_home
user_shell
user_system
user_comment
user_managehome
manage_group
group_name
group_gid
group_system
manage_fuse_group
fuse_group_name
fuse_group_gid
fuse_group_system
package_ensure
repositories
strict_mount
cache_base
quota_limit
http_proxies
cern_server_urls
glite_version
cms_local_site
Data type: Boolean
Boolean to set if CVMFS user is managed
Default value: true
Data type: String
CVMFS user name
Default value: 'cvmfs'
Data type: Optional[Integer]
CVMFS user UID
Default value: undef
Data type: String
CVMFS user home
Default value: '/var/lib/cvmfs'
Data type: String
CVMFS user shell
Default value: '/sbin/nologin'
Data type: Boolean
Sets if CVMFS user is a system account
Default value: true
Data type: String
CVMFS user comment
Default value: 'CernVM-FS service account'
Data type: Boolean
Sets if CVMFS user home is managed
Default value: false
Data type: Boolean
Boolean to set if CVMFS group is managed
Default value: true
Data type: String
CVMFS group name
Default value: 'cvmfs'
Data type: Optional[Integer]
CVMFS group GID
Default value: undef
Data type: Boolean
Sets if CVMFS group is a system account
Default value: true
Data type: Boolean
Manage FUSE group
Default value: true
Data type: String
FUSE group name
Default value: 'fuse'
Data type: Optional[Integer]
FUSE group GID
Default value: undef
Data type: Boolean
Sets if FUSE group is a system account
Default value: true
Data type: String
Ensure property for CVMFS package
Default value: 'installed'
Data type: Optional[Array]
CVMFS repositories to enable, eg: grid.cern.ch
Default value: undef
Data type: Boolean
Enable CVMFS strict mount, only allow mounting repositories from repositories
parameter
Default value: false
Data type: String
Base directory for CVMFS cache
Default value: '/var/cache/cvmfs'
Data type: Integer
Quota limit for CVMFS cache
Default value: 20000
Data type: Array
Squid HTTP proxies for CVMFS
Default value: ["http://squid.${facts['networking']['domain']}:3128"]
Data type: Array
Value for CVMFS_SERVER_URL
Default value: []
Data type: String
glite version
Default value: ''
Data type: Optional[String]
Value for CMS_LOCAL_SITE
Default value: undef
Manage OSG fetchcrl
The following parameters are available in the osg::fetchcrl
class:
ensure
crl_package_name
crl_package_ensure
crl_boot_service_name
crl_boot_service_ensure
crl_boot_service_enable
crl_cron_service_name
crl_cron_service_ensure
crl_cron_service_enable
use_syslog
Data type: Enum['present', 'absent', 'disabled']
State of OSG fetchcrl
disabled
will install but disable service
Default value: 'present'
Data type: String
fetch-crl package name
Default value: 'fetch-crl'
Data type: String
Ensure property for fetch-crl package
Default value: 'UNSET'
Data type: String
fetch-crl-boot package name
Default value: 'fetch-crl-boot'
Data type: String
fetch-crl-boot service ensure
Default value: 'stopped'
Data type: Boolean
fetch-crl-boot service enable
Default value: false
Data type: String
fetch-crl-cron service name
Default value: 'fetch-crl-cron'
Data type: String
fetch-crl-cron service ensure
Default value: 'UNSET'
Data type: Variant[Boolean, Enum['UNSET']]
fetch-crl-cron service enable
Default value: 'UNSET'
Data type: Boolean
Boolean to set if syslog should be used
Default value: true
Manage OSG GridFTP.
The following parameters are available in the osg::gridftp
class:
Data type: Boolean
Boolean to set if hostcert should be managed
Default value: true
Data type: Optional[String]
Source for hostcert
Default value: undef
Data type: Optional[String]
Source for hostkey
Default value: undef
Data type: Boolean
Boolean to set if the firewall resources should be managed
Default value: true
Data type: Boolean
Sets if the GridFTP server is standalone.
This parameter is considered private.
This parameter is intended for when installing GridFTP on a CE and is handled by osg::ce
class
Default value: true
Manage lcmaps VOMs
The following parameters are available in the osg::lcmaps_voms
class:
Data type: Array
VOMs to ban
Default value: []
Data type: Array
Users to ban
Default value: []
Data type: Hash[String, Variant[String, Array, Hash]]
Define osg::lcmaps_voms::vo resources
Example: { 'vo' => '/DN' }
Example: { 'vo' => { 'dn' => '/DN' } }
Default value: {}
Data type: Hash[String, Variant[String, Array, Hash]]
Define osg::lcmaps_voms::user resources
Example: { 'user' => '/DN' }
Example: { 'user' => { 'dn' => '/DN' } }
Default value: {}
Manage OSG squid
The following parameters are available in the osg::squid
class:
customize_template
net_local
monitor_addresses
allow_major_cvmfs
max_filedescriptors
manage_firewall
squid_firewall_ensure
monitoring_firewall_ensure
private_interface
public_interface
Data type: String
Path to template used to customize squid
Default value: 'osg/squid/customize.sh.erb'
Data type: Array
Local networks
Default value: ['10.0.0.0/8', '172.16.0.0/12', '192.168.0.0/16']
Data type: Array
Monitor addresses
Default value: ['128.142.0.0/16', '188.184.128.0/17', '188.185.128.0/17']
Data type: Boolean
Enables and allows MAJOR_CVMFS
Default value: true
Data type: Integer
Sets max_filedescriptors
Default value: 0
Data type: Boolean
Manage firewall resources
Default value: true
Data type: Enum['present', 'absent']
Ensure property for squid firewall
Default value: 'present'
Data type: Enum['present', 'absent']
Ensure property for monitoring firewall
Default value: 'present'
Data type: Optional[String]
Private interface, used by firewall rules to allow squid access
Default value: undef
Data type: Optional[String]
Public interface, used by firewall rules to allow monitor addresses
Default value: undef
Manage OSG utils
The following parameters are available in the osg::utils
class:
Data type: Array
Packages to install
Default value: [ 'globus-proxy-utils', 'osg-pki-tools', ]
Manage OSG worker node resources
Manage lcmaps VOMs user
The following parameters are available in the osg::lcmaps_voms::user
defined type:
Data type: Variant[Array, String]
DN of the user
Data type: String
Name of the user
Default value: $name
Data type: Integer
Order in the grid-mapfile
Default value: 50
Manage lcmaps VOMs VO entry
The following parameters are available in the osg::lcmaps_voms::vo
defined type:
Data type: Variant[Array, String]
DN of the VO
Data type: String
User name
Default value: $name
Data type: Integer
Order in voms-mapfile
Default value: 50
This type writes values to /etc/osg/config.d/30-gip.ini
The following properties are available in the osg_gip_config
type.
Valid values: present
, absent
The basic property that the resource should be in.
Default value: present
The value to assign.
A value of true
is converted to the string True
.
A value of false
is converted to the string False
.
All other values are converted to a string.
The following parameters are available in the osg_gip_config
type.
namevar
The name must be in the format of SECTION/SETTING
[GIP]
batch = slurm
The above would have the name GIP/batch
.
The specific backend to use for this osg_gip_config
resource. You will seldom need to specify this --- Puppet will
usually discover the appropriate provider for your platform.
This type writes values to /etc/osg/config.d/99-local-site-settings.ini
.
The following properties are available in the osg_local_site_settings
type.
Valid values: present
, absent
The basic property that the resource should be in.
Default value: present
The value to assign.
A value of true
is converted to the string True
.
A value of false
is converted to the string False
.
All other values are converted to a string.
The following parameters are available in the osg_local_site_settings
type.
namevar
The name must be in the format of SECTION/SETTING
[Squid]
location = squid.example.tld
The above would have the name Squid/location
.
The specific backend to use for this osg_local_site_settings
resource. You will seldom need to specify this --- Puppet
will usually discover the appropriate provider for your platform.