Puppet Class: globus

Defined in:
manifests/init.pp

Summary

Manage Globus

Overview

Examples:

Install and setup a Globus v5.4 endpoint

class { 'globus':
  display_name  => 'REPLACE My Site Globus',
  client_id     => 'REPLACE-client-id-from-globus',
  client_secret => 'REPLACE-client-id-from-globus',
  owner         => 'REPLACE-user@example.com',
}

Parameters:

  • version (Variant[Enum['4','5'],Integer[4,5]]) (defaults to: '5')

    Major version of Globus to install. Only needed to install Globus v4

  • include_io_server (Boolean) (defaults to: true)

    Setup Globus v4 IO server Globus v4 only

  • include_id_server (Boolean) (defaults to: true)

    Setup Globus v4 ID server Globus v4 only

  • include_oauth_server (Boolean) (defaults to: false)

    Setup Globus v4 OAuth server Globus v4 only

  • release_url (Variant[Stdlib::Httpsurl, Stdlib::Httpurl]) (defaults to: 'https://downloads.globus.org/toolkit/globus-connect-server/globus-connect-server-repo-latest.noarch.rpm')

    Release URL of Globus release RPM Globus v4 & v5

  • toolkit_repo_baseurl (Variant[Stdlib::Httpsurl, Stdlib::Httpurl]) (defaults to: "https://downloads.globus.org/toolkit/gt6/stable/rpm/el/${facts['os']['release']['major']}/\$basearch/")

    Globus Toolkit RPM repo baseurl Globus v4 & v5

  • toolkit_repo_testing_baseurl (Variant[Stdlib::Httpsurl, Stdlib::Httpurl]) (defaults to: "https://downloads.globus.org/toolkit/gt6/testing/rpm/el/${facts['os']['release']['major']}/\$basearch/")

    Globus Toolkit testing RPM repo baseurl Globus v4 & v5

  • gcs_repo_baseurl (Variant[Stdlib::Httpsurl, Stdlib::Httpurl]) (defaults to: "https://downloads.globus.org/globus-connect-server/stable/rpm/el/${facts['os']['release']['major']}/\$basearch/")

    Globus Connect Server repo baseurl Globus v4 & v5

  • gcs_repo_testing_baseurl (Variant[Stdlib::Httpsurl, Stdlib::Httpurl]) (defaults to: "https://downloads.globus.org/globus-connect-server/testing/rpm/el/${facts['os']['release']['major']}/\$basearch/")

    Globus v5 testing repo baseurl Globus v4 & v5

  • enable_testing_repos (Boolean) (defaults to: false)

    Boolean that sets if testing repos should be added

  • extra_gridftp_settings (Array) (defaults to: [])

    Additional settings for GridFTP Globus v4 & v5

  • first_gridftp_callback (Optional[String]) (defaults to: undef)

    Used when running GridFTP from Globus with OSG, see README. Globus v4 only

  • manage_service (Boolean) (defaults to: true)

    Boolean to set if globus-gridftp-server service is managed Globus v4 & v5

  • run_setup_commands (Boolean) (defaults to: true)

    Boolean to set if the commands to setup Globus are run (v4 and v5) Globus v4 & v5

  • manage_firewall (Boolean) (defaults to: true)

    Boolean to set if firewall rules are managed by this module Globus v4 & v5

  • manage_epel (Boolean) (defaults to: true)

    Boolean to set if EPEL is managed by this repo Globus v4 & v5

  • repo_dependencies (Array) (defaults to: ['yum-plugin-priorities'])

    Additional repo dependencies Globus v4 only

  • manage_user (Boolean) (defaults to: true)

    Boolean to set if the gcsweb user and group are managed by this module Globus v5 only

  • group_gid (Optional[Integer]) (defaults to: undef)

    The gcsweb group GID Globus v5 only

  • user_uid (Optional[Integer]) (defaults to: undef)

    The gcsweb user UID Globus v5 only

  • package_name (String) (defaults to: 'globus-connect-server54')

    Globus v5 package name

  • display_name (Optional[String]) (defaults to: undef)

    Display name to use when running 'globus-connect-server endpoint setup' Globus v5 only

  • client_id (Optional[String]) (defaults to: undef)

    –client-id use when running 'globus-connect-server endpoint setup' Globus v5 only

  • client_secret (Optional[String]) (defaults to: undef)

    –client-secret use when running 'globus-connect-server endpoint setup' Globus v5 only

  • owner (Optional[String]) (defaults to: undef)

    –owner use when running 'globus-connect-server endpoint setup' Globus v5 only

  • organization (Optional[String]) (defaults to: undef)

    –organization use when running 'globus-connect-server endpoint setup' Globus v5 only

  • deployment_key (Stdlib::Absolutepath) (defaults to: '/var/lib/globus-connect-server/gcs-manager/deployment-key.json')

    –deployment-key use when running 'globus-connect-server endpoint setup' The parent directory of this path must be writable by gcsweb user Globus v5 only

  • keywords (Optional[Array]) (defaults to: undef)

    –keywords use when running 'globus-connect-server endpoint setup' Globus v5 only

  • department (Optional[String]) (defaults to: undef)

    –department use when running 'globus-connect-server endpoint setup' Globus v5 only

  • contact_email (Optional[String]) (defaults to: undef)

    –contact-email use when running 'globus-connect-server endpoint setup' Globus v5 only

  • contact_info (Optional[String]) (defaults to: undef)

    –contact-info use when running 'globus-connect-server endpoint setup' Globus v5 only

  • info_link (Optional[String]) (defaults to: undef)

    –info-link use when running 'globus-connect-server endpoint setup' Globus v5 only

  • description (Optional[String]) (defaults to: undef)

    –description use when running 'globus-connect-server endpoint setup' Globus v5 only

  • public (Boolean) (defaults to: true)

    When false pass –private flag to 'globus-connect-server endpoint setup' Globus v5 only

  • incoming_port_range (Array[Stdlib::Port, 2, 2]) (defaults to: [50000, 51000])

    –incoming-port-range use when running 'globus-connect-server node setup' Globus v5 only

  • outgoing_port_range (Optional[Array[Stdlib::Port, 2, 2]]) (defaults to: undef)

    –outgoing-port-range use when running 'globus-connect-server node setup' Globus v5 only

  • ip_address (Optional[Stdlib::IP::Address]) (defaults to: undef)

    –ip-address use when running 'globus-connect-server node setup' Globus v5 only

  • export_node (Optional[Stdlib::Absolutepath]) (defaults to: undef)

    –export-node use when running 'globus-connect-server node setup' Globus v5 only

  • import_node (Optional[Stdlib::Absolutepath]) (defaults to: undef)

    –import-node use when running 'globus-connect-server node setup' Globus v5 only

  • globus_user (String) (defaults to: '%(GLOBUS_USER)s')

    See globus-connect-server.conf Globus/User Globus v4 only

  • globus_password (String) (defaults to: '%(GLOBUS_PASSWORD)s')

    See globus-connect-server.conf Globus/Password Globus v4 only

  • endpoint_name (String) (defaults to: $facts['networking']['hostname'])

    See globus-connect-server.conf Endpoint/Name Globus v4 only

  • endpoint_public (Boolean) (defaults to: false)

    See globus-connect-server.conf Endpoint/Public Globus v4 only

  • endpoint_default_directory (String) (defaults to: '/~/')

    See globus-connect-server.conf Endpoint/DefaultDirectory Globus v4 only

  • security_fetch_credentials_from_relay (Boolean) (defaults to: true)

    See globus-connect-server.conf Security/FetchCredentialFromRelay Globus v4 only

  • security_certificate_file (Stdlib::Absolutepath) (defaults to: '/var/lib/globus-connect-server/grid-security/hostcert.pem')

    See globus-connect-server.conf Security/CertificateFile Globus v4 only

  • security_key_file (Stdlib::Absolutepath) (defaults to: '/var/lib/globus-connect-server/grid-security/hostkey.pem')

    See globus-connect-server.conf Security/KeyFile Globus v4 only

  • security_trusted_certificate_directory (Stdlib::Absolutepath) (defaults to: '/var/lib/globus-connect-server/grid-security/certificates/')

    See globus-connect-server.conf Security/TrustedCertificateDirectory Globus v4 only

  • security_identity_method (Enum['MyProxy', 'OAuth', 'CILogon']) (defaults to: 'MyProxy')

    See globus-connect-server.conf Security/IdentityMethod Globus v4 only

  • security_authorization_method (Optional[Enum['MyProxyGridmapCallout','CILogon','Gridmap']]) (defaults to: undef)

    See globus-connect-server.conf Security/AuthorizationMethod Globus v4 only

  • security_gridmap (Optional[Stdlib::Absolutepath]) (defaults to: undef)

    See globus-connect-server.conf Security/Gridmap Globus v4 only

  • security_cilogon_identity_provider (Optional[String]) (defaults to: undef)

    See globus-connect-server.conf Security/IdentityProvider Globus v4 only

  • gridftp_server (Optional[String]) (defaults to: undef)

    See globus-connect-server.conf GridFTP/Server Globus v4 only

  • gridftp_server_port (Stdlib::Port) (defaults to: 2811)

    See globus-connect-server.conf GridFTP/ServerPort Globus v4

  • gridftp_server_behind_nat (Boolean) (defaults to: false)

    See globus-connect-server.conf GridFTP/ServerBehindNat Globus v4 only

  • gridftp_incoming_port_range (Array[Stdlib::Port, 2, 2]) (defaults to: [50000, 51000])

    See globus-connect-server.conf GridFTP/IncomingPortRange Globus v4 only

  • gridftp_outgoing_port_range (Optional[Array[Stdlib::Port, 2, 2]]) (defaults to: undef)

    See globus-connect-server.conf GridFTP/OutgoingPortRange Globus v4 only

  • gridftp_data_interface (Optional[String]) (defaults to: undef)

    See globus-connect-server.conf GridFTP/DataInterface Globus v4 only

  • gridftp_restrict_paths (Array) (defaults to: ['RW~', 'N~/.*'])

    See globus-connect-server.conf GridFTP/RestrictPaths Globus v4 only

  • gridftp_sharing (Boolean) (defaults to: false)

    See globus-connect-server.conf GridFTP/Sharing Globus v4 only

  • gridftp_sharing_restrict_paths (Optional[Array]) (defaults to: undef)

    See globus-connect-server.conf GridFTP/SharingRestrictPaths Globus v4 only

  • gridftp_sharing_state_dir (String) (defaults to: '$HOME/.globus/sharing')

    See globus-connect-server.conf GridFTP/SharingStateDir Globus v4 only

  • gridftp_sharing_users_allow (Optional[Array]) (defaults to: undef)

    See globus-connect-server.conf GridFTP/UsersAllow Globus v4 only

  • gridftp_sharing_groups_allow (Optional[Array]) (defaults to: undef)

    See globus-connect-server.conf GridFTP/GroupsAllow Globus v4 only

  • gridftp_sharing_users_deny (Optional[Array]) (defaults to: undef)

    See globus-connect-server.conf GridFTP/UsersDeny Globus v4 only

  • gridftp_sharing_groups_deny (Optional[Array]) (defaults to: undef)

    See globus-connect-server.conf GridFTP/GroupsDeny Globus v4 only

  • myproxy_server (Optional[String]) (defaults to: undef)

    See globus-connect-server.conf MyProxy/Server Globus v4 only

  • myproxy_server_port (Stdlib::Port) (defaults to: 7512)

    See globus-connect-server.conf MyProxy/ServerPort Globus v4 only

  • myproxy_server_behind_nat (Boolean) (defaults to: false)

    See globus-connect-server.conf MyProxy/ServerBehindNAT Globus v4 only

  • myproxy_ca_directory (Stdlib::Absolutepath) (defaults to: '/var/lib/globus-connect-server/myproxy-ca')

    See globus-connect-server.conf MyProxy/CADirectory Globus v4 only

  • myproxy_config_file (Stdlib::Absolutepath) (defaults to: '/var/lib/globus-connect-server/myproxy-server.conf')

    See globus-connect-server.conf MyProxy/ConfigFile Globus v4 only

  • myproxy_ca_subject_dn (Optional[String]) (defaults to: undef)

    See globus-connect-server.conf MyProxy/CaSubjectDN Globus v4 only

  • myproxy_firewall_sources (Array) (defaults to: ['174.129.226.69', '54.237.254.192/29'])

    Sources to open in firewall for MyProxy Globus v4 only

  • oauth_server (Optional[String]) (defaults to: undef)

    See globus-connect-server.conf OAuth/Server Globus v4 only

  • oauth_server_behind_firewall (Boolean) (defaults to: false)

    See globus-connect-server.conf OAuth/ServerBehindFirewall Globus v4 only

  • oauth_stylesheet (Optional[String]) (defaults to: undef)

    See globus-connect-server.conf OAuth/Stylesheet Globus v4 only

  • oauth_logo (Optional[String]) (defaults to: undef)

    See globus-connect-server.conf OAuth/Logo Globus v4 only



241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
# File 'manifests/init.pp', line 241

class globus (
  Variant[Enum['4','5'],Integer[4,5]] $version = '5',

  Boolean $include_io_server = true,
  Boolean $include_id_server = true,
  Boolean $include_oauth_server = false,
  Variant[Stdlib::Httpsurl, Stdlib::Httpurl] $release_url = 'https://downloads.globus.org/toolkit/globus-connect-server/globus-connect-server-repo-latest.noarch.rpm',
  Variant[Stdlib::Httpsurl, Stdlib::Httpurl] $toolkit_repo_baseurl = "https://downloads.globus.org/toolkit/gt6/stable/rpm/el/${facts['os']['release']['major']}/\$basearch/",
  Variant[Stdlib::Httpsurl, Stdlib::Httpurl] $toolkit_repo_testing_baseurl = "https://downloads.globus.org/toolkit/gt6/testing/rpm/el/${facts['os']['release']['major']}/\$basearch/",
  Variant[Stdlib::Httpsurl, Stdlib::Httpurl] $gcs_repo_baseurl = "https://downloads.globus.org/globus-connect-server/stable/rpm/el/${facts['os']['release']['major']}/\$basearch/",
  Variant[Stdlib::Httpsurl, Stdlib::Httpurl] $gcs_repo_testing_baseurl = "https://downloads.globus.org/globus-connect-server/testing/rpm/el/${facts['os']['release']['major']}/\$basearch/",
  Boolean $enable_testing_repos = false,
  Array $extra_gridftp_settings = [],
  Optional[String] $first_gridftp_callback = undef,
  Boolean $manage_service = true,
  Boolean $run_setup_commands = true,
  Boolean $manage_firewall = true,
  Boolean $manage_epel = true,
  Array $repo_dependencies = ['yum-plugin-priorities'],

  Boolean $manage_user = true,
  Optional[Integer] $group_gid = undef,
  Optional[Integer] $user_uid = undef,
  String $package_name = 'globus-connect-server54',

  # Required - v5
  Optional[String] $display_name = undef,
  Optional[String] $client_id = undef,
  Optional[String] $client_secret = undef,
  Optional[String] $owner = undef,
  Optional[String] $organization = undef,
  Stdlib::Absolutepath $deployment_key = '/var/lib/globus-connect-server/gcs-manager/deployment-key.json',
  # endpoint setup - v5
  Optional[Array] $keywords = undef,
  Optional[String] $department = undef,
  Optional[String] $contact_email = undef,
  Optional[String] $contact_info = undef,
  Optional[String] $info_link = undef,
  Optional[String] $description = undef,
  Boolean $public = true,
  # node setup - v5
  Array[Stdlib::Port, 2, 2] $incoming_port_range = [50000, 51000],
  Optional[Array[Stdlib::Port, 2, 2]] $outgoing_port_range = undef,
  Optional[Stdlib::IP::Address] $ip_address = undef,
  Optional[Stdlib::Absolutepath] $export_node = undef,
  Optional[Stdlib::Absolutepath] $import_node = undef,

  # Globus Config - v4
  String $globus_user = '%(GLOBUS_USER)s',
  String $globus_password = '%(GLOBUS_PASSWORD)s',

  # Endpoint Config - v4
  Boolean $endpoint_public = false,
  String $endpoint_default_directory = '/~/',
  String $endpoint_name = $facts['networking']['hostname'],

  # Security Config - v4
  Boolean $security_fetch_credentials_from_relay = true,
  Stdlib::Absolutepath $security_certificate_file = '/var/lib/globus-connect-server/grid-security/hostcert.pem',
  Stdlib::Absolutepath $security_key_file = '/var/lib/globus-connect-server/grid-security/hostkey.pem',
  Stdlib::Absolutepath $security_trusted_certificate_directory = '/var/lib/globus-connect-server/grid-security/certificates/',
  Enum['MyProxy', 'OAuth', 'CILogon'] $security_identity_method = 'MyProxy',
  Optional[Enum['MyProxyGridmapCallout','CILogon','Gridmap']] $security_authorization_method = undef,
  Optional[Stdlib::Absolutepath] $security_gridmap = undef,
  Optional[String] $security_cilogon_identity_provider = undef,

  # GridFTP Config - v4
  Stdlib::Port $gridftp_server_port = 2811,
  Array[Stdlib::Port, 2, 2] $gridftp_incoming_port_range = [50000, 51000],
  Optional[Array[Stdlib::Port, 2, 2]] $gridftp_outgoing_port_range = undef,
  Optional[String] $gridftp_data_interface = undef,

  # GridFTP Config - v4
  Optional[String] $gridftp_server = undef,
  Boolean $gridftp_server_behind_nat = false,
  Array $gridftp_restrict_paths = ['RW~', 'N~/.*'],
  Boolean $gridftp_sharing = false,
  Optional[Array] $gridftp_sharing_restrict_paths = undef,
  String $gridftp_sharing_state_dir = '$HOME/.globus/sharing',
  Optional[Array] $gridftp_sharing_users_allow = undef,
  Optional[Array] $gridftp_sharing_groups_allow = undef,
  Optional[Array] $gridftp_sharing_users_deny = undef,
  Optional[Array] $gridftp_sharing_groups_deny = undef,

  # MyProxy Config - v4
  Optional[String] $myproxy_server = undef,
  Stdlib::Port $myproxy_server_port = 7512,
  Boolean $myproxy_server_behind_nat = false,
  Stdlib::Absolutepath $myproxy_ca_directory = '/var/lib/globus-connect-server/myproxy-ca',
  Stdlib::Absolutepath $myproxy_config_file = '/var/lib/globus-connect-server/myproxy-server.conf',
  Optional[String] $myproxy_ca_subject_dn = undef,
  Array $myproxy_firewall_sources = ['174.129.226.69', '54.237.254.192/29'],

  # OAuth Config - v4
  Optional[String] $oauth_server = undef,
  Boolean $oauth_server_behind_firewall = false,
  Optional[String] $oauth_stylesheet = undef,
  Optional[String] $oauth_logo = undef,
) {
  $osfamily = $facts.dig('os', 'family')
  $osmajor = $facts.dig('os', 'release', 'major')
  $os = "${osfamily}-${osmajor}"

  if String($version) == '4' and $os == 'RedHat-8' {
    fail("${module_name}: Version 4 is not support on OS ${os}")
  }

  if String($version) == '5' {
    if ! $display_name {
      fail("${module_name}: display_name is required with version 5")
    }
    if ! $client_id {
      fail("${module_name}: client_id is required with version 5")
    }
    if ! $client_secret {
      fail("${module_name}: client_secret is required with version 5")
    }
    if ! $owner {
      fail("${module_name}: owner is required with version 5")
    }
    if ! $organization {
      fail("${module_name}: organization is required with version 5")
    }
  }

  if $include_io_server {
    $_gridftp_server    = pick($gridftp_server, "${facts['networking']['fqdn']}:${gridftp_server_port}")
    $_io_setup_command  = 'globus-connect-server-io-setup'
  } else {
    $_gridftp_server    = $gridftp_server
    $_io_setup_command  = undef
  }

  if $include_id_server {
    $_myproxy_server    = pick($myproxy_server, "${facts['networking']['fqdn']}:${myproxy_server_port}")
    $_id_setup_command  = 'globus-connect-server-id-setup'
  } else {
    $_myproxy_server    = $myproxy_server
    $_id_setup_command  = undef
  }

  if $include_oauth_server {
    $_oauth_server        = pick($oauth_server, $facts['networking']['fqdn'])
    $_oauth_setup_command = 'globus-connect-server-web-setup'
  } else {
    $_oauth_server        = $oauth_server
    $_oauth_setup_command = undef
  }

  # For v5
  if ! $ip_address {
    $_ip_address = $facts.dig('networking','ip')
  } else {
    $_ip_address = $ip_address
  }

  # For v4
  $_setup_commands  = delete_undef_values([$_io_setup_command, $_id_setup_command, $_oauth_setup_command])
  $_setup_command   = join($_setup_commands, ' && ')

  if $manage_service {
    $notify_service = Service['globus-gridftp-server']
  } else {
    $notify_service = undef
  }

  contain globus::user
  contain globus::install
  contain globus::config
  contain globus::service

  Class['globus::user']
  -> Class['globus::install']
  -> Class['globus::config']
  -> Class['globus::service']

  case $osfamily {
    'RedHat': {
      if $manage_epel {
        include epel
        Class['epel'] -> Class['globus::repo::el']
      }
      contain globus::repo::el

      Class['globus::repo::el'] -> Class['globus::install']
    }
    'Debian': {
      contain globus::repo::deb

      Class['globus::repo::deb'] -> Class['globus::install']
    }
    default: {
      # Do nothing
    }
  }
}