Forge Home

st2

Puppet module to manage/configure StackStorm

6,298,364 downloads

1,077 latest version

5.0 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 2.5.0 (latest)
  • 2.4.0
  • 2.3.0
  • 2.2.0
  • 2.1.0
  • 2.0.0
  • 1.7.0
  • 1.6.0
  • 1.5.0
  • 1.4.0
  • 1.3.0
  • 1.2.0
  • 1.1.0
  • 1.0.0
  • 1.0.0-rc2 (pre-release)
  • 1.0.0-rc (pre-release)
  • 1.0.0-beta
  • 0.15.2
  • 0.15.0
  • 0.14.5
  • 0.14.4
  • 0.14.3
  • 0.14.2
  • 0.14.1
  • 0.14.0
  • 0.13.2
  • 0.13.1
  • 0.13.0
  • 0.12.9
  • 0.12.8
  • 0.12.7
  • 0.12.6
  • 0.12.5
  • 0.12.4
  • 0.12.3
  • 0.12.2
  • 0.12.0
  • 0.11.3
  • 0.10.18
  • 0.10.17
  • 0.10.16
  • 0.10.15
  • 0.10.14
  • 0.10.13
  • 0.10.12
  • 0.10.11
  • 0.10.10
  • 0.10.9
  • 0.10.8
  • 0.10.7
  • 0.10.6
  • 0.10.5
  • 0.10.4
  • 0.10.3
  • 0.10.2
  • 0.10.1
  • 0.10.0
  • 0.9.29
  • 0.9.28
  • 0.9.27
  • 0.9.26
  • 0.9.25
  • 0.9.24
  • 0.9.23
  • 0.9.22
  • 0.9.21
  • 0.9.20
  • 0.9.19
  • 0.9.18
  • 0.9.17
  • 0.9.16
  • 0.9.15
  • 0.9.14
  • 0.9.13
  • 0.9.12
  • 0.9.11
  • 0.9.10
  • 0.9.9 (deleted)
  • 0.9.8
  • 0.9.7
  • 0.9.6
  • 0.9.5
  • 0.9.4
  • 0.9.3
  • 0.9.2
  • 0.9.1
  • 0.9.0
  • 0.8.0
  • 0.7.10
  • 0.7.9
  • 0.7.8
  • 0.7.7
  • 0.7.6
  • 0.7.5
  • 0.7.4
  • 0.7.3
  • 0.7.2
  • 0.7.1
  • 0.7.0
  • 0.6.7
  • 0.6.6
  • 0.6.5
  • 0.6.4
  • 0.6.3
  • 0.6.2
  • 0.6.1
  • 0.6.0
  • 0.5.9
  • 0.5.8
  • 0.5.7
  • 0.5.6
  • 0.5.5
  • 0.5.4
  • 0.5.3
  • 0.5.2
  • 0.5.1
  • 0.5.0
  • 0.4.9
  • 0.4.8
  • 0.4.7
  • 0.4.6
  • 0.4.5
  • 0.4.4
  • 0.4.3
  • 0.4.2
  • 0.4.1
  • 0.4.0
  • 0.3.8
  • 0.3.7
  • 0.3.6
  • 0.3.5 (deleted)
  • 0.3.4
  • 0.3.3
  • 0.3.2
  • 0.3.1
  • 0.3.0
  • 0.2.7
  • 0.2.5
  • 0.2.4
  • 0.2.3
  • 0.2.2
  • 0.2.1
  • 0.2.0
  • 0.1.8
  • 0.1.7
  • 0.1.6
  • 0.1.5
  • 0.1.4
  • 0.1.3
  • 0.1.2
  • 0.1.1
  • 0.1.0
released Jun 29th 2022
This version is compatible with:
  • Puppet Enterprise 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x, 2017.3.x
  • Puppet >= 5.0.0 < 8.0.0
  • ,
Tasks:
  • key_decrypt
  • key_get
  • key_load
  • pack_install
  • pack_list
  • pack_register
  • pack_remove
  • and 3 more. See all tasks
Plans:
  • upgrade_mongodb

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'stackstorm-st2', '2.5.0'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add stackstorm-st2
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install stackstorm-st2 --version 2.5.0

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download

Documentation

stackstorm/st2 — version 2.5.0 Jun 29th 2022

Reference

Table of Contents

Classes

Defined types

  • st2::auth_user: Creates and manages StackStorm application users (flat_file auth only)
  • st2::client::settings: Generates a configuration file for the st2 CLI (st2client)
  • st2::kv: Sets a value to the StackStorm Key/Value Store
  • st2::pack: Manages a StackStorm Pack
  • st2::rbac: This defined type creates RBAC resources for users
  • st2::service: Creates additional service for components that can be scaled out
  • st2::user: Creates an system (OS level) user for use with StackStorm

Resource types

Functions

  • st2::urlencode: URL encodes a string
  • st2::version_ge: Determines if the StackStorm version installed or the version requested by the user is greater than or equal to $version.

Data types

  • St2::Repository: Validate the type of system package repository for StackStorm

Tasks

Plans

Classes

st2

Base class for st2 module. Used as top-level to set parameters via Hiera, this class does not need to be called directly.

Examples

Basic Usage
include st2
Variables can be set in Hiera and take advantage of automatic data bindings:
st2::version: 2.10.1
Customizing parameters
# best practice is to change default username/password
class { 'st2::params':
  admin_username => 'st2admin',
  admin_password => 'SuperSecret!',
}

class { 'st2':
  version => '2.10.1',
}
Different passwords for each database (MongoDB, RabbitMQ)
class { 'st2':
  # StackStorm user
  cli_username        => 'st2admin',
  cli_password        => 'SuperSecret!',
  # MongoDB user for StackStorm
  db_username         => 'admin',
  db_password         => 'KLKfp9#!2',
  # RabbitMQ user for StackStorm
  rabbitmq_username   => 'st2',
  rabbitmq_password   => '@!fsdf0#45',
}
Install with python 3.8 (if not default on your system)
$st2_python_version = $facts['os']['family'] ? {
  'RedHat' => '3.8',
  'Debian' => 'python3.8',
}
class { 'st2':
  python_version            => $st2_python_version,
}

Parameters

The following parameters are available in the st2 class:

version

Data type: Any

Version of StackStorm package to install (default = 'present') See the package 'ensure' property: https://puppet.com/docs/puppet/5.5/types/package.html#package-attribute-ensure

Default value: 'present'

python_version

Data type: String

Version of Python to install. Default is 'system' meaning the system version of Python will be used. To install Python 3.8 on RHEL/CentOS 7 specify '3.8'. To install Python 3.8 on Ubuntu 16.05 specify 'python3.8'.

Default value: 'system'

repository

Data type: St2::Repository

Release repository to enable. 'stable', 'unstable' (default = 'stable')

Default value: $st2::params::repository

conf_dir

Data type: Any

The directory where st2 configs are stored

Default value: $st2::params::conf_dir

conf_file

Data type: Any

The path where st2 config is stored

Default value: "${st2::params::conf_dir}/st2.conf"

use_ssl

Data type: Any

Enable/Disable SSL for all st2 APIs

Default value: $st2::params::use_ssl

ssl_cert_manage

Data type: Any

Boolean to determine if this module should manage the SSL certificate used by nginx.

Default value: true

ssl_dir

Data type: Any

Directory where st2web will look for its SSL info. (default: /etc/ssl/st2)

Default value: $st2::params::ssl_dir

ssl_cert

Data type: Any

Path to the file where the StackStorm SSL cert will be generated. (default: /etc/ssl/st2/st2.crt)

Default value: $st2::params::ssl_cert

ssl_key

Data type: Any

Path to the file where the StackStorm SSL key will be generated. (default: /etc/ssl/st2/st2.key)

Default value: $st2::params::ssl_key

auth

Data type: Any

Toggle to enable/disable auth (Default: true)

Default value: true

auth_api_url

Data type: Any

URL where StackStorm auth service will communicate with the StackStorm API service

Default value: "http://${st2::params::hostname}:${st2::params::api_port}"

auth_debug

Data type: Any

Toggle to enable/disable auth debugging (Default: false)

Default value: false

auth_mode

Data type: Any

Auth mode, either 'standalone' or 'backend (default: 'standalone')

Default value: $st2::params::auth_mode

auth_backend

Data type: Any

Determines which auth backend to configure. (default: flat_file) Available backends:

  • flat_file
  • keystone
  • ldap
  • mongodb
  • pam

Default value: $st2::params::auth_backend

auth_backend_config

Data type: Any

Hash of parameters to pass to the auth backend class when it's instantiated. This will be different for every backend. Please see the corresponding backend class to determine what the config options should be.

Default value: $st2::params::auth_backend_config

cli_base_url

Data type: Any

CLI config - Base URL lives

Default value: "http://${st2::params::hostname}"

cli_api_version

Data type: Any

CLI config - API Version

Default value: 'v1'

cli_debug

Data type: Any

CLI config - Enable/Disable Debug

Default value: false

cli_cache_token

Data type: Any

CLI config - True to cache auth token until expries

Default value: true

cli_username

Data type: Any

CLI config - Auth Username

Default value: $st2::params::admin_username

cli_password

Data type: Any

CLI config - Auth Password

Default value: $st2::params::admin_password

cli_apikey

Data type: Any

CLI config - StackStorm API Key to use for pack and k/v installation, instead of user/pass

Default value: undef

cli_api_url

Data type: Any

CLI config - API URL

Default value: "http://${st2::params::hostname}:${st2::params::api_port}"

cli_auth_url

Data type: Any

CLI config - Auth URL

Default value: "http://${st2::params::hostname}:${st2::params::auth_port}"

actionrunner_workers

Data type: Any

Set the number of actionrunner processes to start

Default value: $st2::params::actionrunner_workers

packs

Data type: Any

Hash of st2 packages to be installed

Default value: {}

packs_group

Data type: Any

Name of the group that will own the /opt/stackstorm/packs directory (default: st2packs)

Default value: $st2::params::packs_group_name

index_url

Data type: Any

Url to the StackStorm Exchange index file. (default undef)

Default value: undef

syslog

Data type: Any

Routes all log messages to syslog

Default value: false

syslog_host

Data type: Any

Syslog host. Default: localhost

Default value: 'localhost'

syslog_protocol

Data type: Any

Syslog protocol. Default: udp

Default value: 'udp'

syslog_port

Data type: Any

Syslog port. Default: 514

Default value: 514

syslog_facility

Data type: Any

Syslog facility. Default: local7

Default value: 'local7'

ssh_key_location

Data type: Any

Location on filesystem of Admin SSH key for remote runner

Default value: '/home/stanley/.ssh/st2_stanley_key'

db_host

Data type: Any

Hostname to talk to st2 db

Default value: $st2::params::hostname

db_port

Data type: Any

Port for db server for st2 to talk to

Default value: $st2::params::mongodb_port

db_bind_ips

Data type: Any

Array of bind IP addresses for MongoDB to listen on

Default value: $st2::params::mongodb_bind_ips

db_name

Data type: Any

Name of db to connect to (default: 'st2')

Default value: $st2::params::mongodb_st2_db

db_username

Data type: Any

Username to connect to db with (default: 'stackstorm')

Default value: $st2::params::mongodb_st2_username

db_password

Data type: Any

Password for 'admin' and 'stackstorm' users in MongDB. If 'undef' then use $cli_password

Default value: $st2::params::admin_password

mongodb_version

Data type: Any

Version of MongoDB to install. If not provided it will be auto-calcuated based on $version (default: undef)

Default value: undef

mongodb_manage_repo

Data type: Any

Set this to false when you have your own repositories for MongoDB (default: true)

Default value: true

mongodb_auth

Data type: Any

Boolean determining if auth should be enabled for MongoDB. Note: On new versions of Puppet (4.0+) you'll need to disable this setting. (default: true)

Default value: true

nginx_manage_repo

Data type: Any

Set this to false when you have your own repositories for nginx (default: true)

Default value: true

nginx_ssl_ciphers

Data type: Any

String or list of strings of acceptable SSL ciphers to configure nginx with. @see http://nginx.org/en/docs/http/ngx_http_ssl_module.html Note: the defaults are setup to restrict to TLSv1.2 and TLSv1.3 secure ciphers only (secure by default). The secure ciphers for each protocol were obtained via: @see https://wiki.mozilla.org/Security/Server_Side_TLS

Default value: $st2::params::nginx_ssl_ciphers

nginx_ssl_protocols

Data type: Any

String or list of strings of acceptable SSL protocols to configure nginx with. @see http://nginx.org/en/docs/http/ngx_http_ssl_module.html Note: the defaults are setup to restrict to TLSv1.2 and TLSv1.3 only (secure by default)

Default value: $st2::params::nginx_ssl_protocols

nginx_ssl_port

Data type: Any

What port should nginx listen on publicly for new connections (default: 443)

Default value: $st2::params::nginx_ssl_port

nginx_client_max_body_size

Data type: Any

The maximum size of the body for a request allow through nginx. We default this to '0' to allow for large messages/payloads/inputs/results to be passed through nginx as is normal in the StackStorm context. @see http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size

Default value: $st2::params::nginx_client_max_body_size

web_root

Data type: Any

Directory where the StackStorm WebUI site lives on the filesystem

Default value: $st2::params::web_root

timersengine_enabled

Data type: Any

Set to true if the st2timersengine service should be enabled on this node (default: true)

Default value: $st2::params::timersengine_enabled

timersengine_timezone

Data type: Any

The local timezone for this node. (default: 'America/Los_Angeles')

Default value: $st2::params::timersengine_timezone

scheduler_sleep_interval

Data type: Any

How long (in seconds) to sleep between each action scheduler main loop run interval. (default = 0.1)

Default value: $st2::params::scheduler_sleep_interval

scheduler_gc_interval

Data type: Any

How often (in seconds) to look for zombie execution requests before rescheduling them. (default = 10)

Default value: $st2::params::scheduler_gc_interval

scheduler_pool_size

Data type: Any

The size of the pool used by the scheduler for scheduling executions. (default = 10)

Default value: $st2::params::scheduler_pool_size

chatops_adapter

Data type: Any

Adapter package(s) to be installed with npm. List of hashes.

Default value: $st2::params::chatops_adapter

chatops_adapter_conf

Data type: Any

Configuration parameters for Hubot adapter (hash)

Default value: $st2::params::chatops_adapter_conf

chatops_hubot_log_level

Data type: Any

Logging level for hubot (string)

Default value: $st2::params::hubot_log_level

chatops_hubot_express_port

Data type: Any

Port that hubot operates on (integer or string)

Default value: $st2::params::hubot_express_port

chatops_tls_cert_reject_unauthorized

Data type: Any

Should hubot validate SSL certs Set to 1 when using self signed certs

Default value: $st2::params::tls_cert_reject_unauthorized

chatops_hubot_name

Data type: Any

Name of the bot in chat. Should be properly quoted if it has special characters, example: '"MyBot!"'

Default value: $st2::params::hubot_name

chatops_hubot_alias

Data type: Any

Character to trigger the bot at the beginning of a message. Must be properly quoted of it's a special character, example: "'!'"

Default value: $st2::params::hubot_alias

chatops_api_key

Data type: Any

API key generated by st2 apikey create that hubot will use to post data back to StackStorm. (default: undef)

Default value: undef

chatops_st2_hostname

Data type: Any

Hostname of the StackStorm instance that chatops will connect to for API and Auth. If unspecified it will use the default in /opt/stackstorm/chatops/st2chatops.env (default: undef)

Default value: $st2::params::hostname

chatops_api_url

Data type: Any

ChatOps config - API URL

Default value: "https://${st2::params::hostname}/api"

chatops_auth_url

Data type: Any

ChatOps config - Auth URL

Default value: "https://${st2::params::hostname}/auth"

chatops_web_url

Data type: Any

Public URL of StackStorm instance. used by chatops to offer links to execution details in a chat. If unspecified it will use the default in /opt/stackstorm/chatops/st2chatops.env (default: undef)

Default value: undef

nodejs_version

Data type: Any

Version of NodeJS to install. If not provided it will be auto-calcuated based on $version (default: undef)

Default value: undef

nodejs_manage_repo

Data type: Any

Set this to false when you have your own repositories for NodeJS (default: true)

Default value: true

redis_bind_ip

Data type: Any

Bind IP of the Redis server. Default is 127.0.0.1

Default value: $st2::params::redis_bind_ip

workflowengine_num

Data type: Any

The number of workflowengines to have in an active active state (default: 1)

Default value: $st2::params::workflowengine_num

scheduler_num

Data type: Any

The number of schedulers to have in an active active state (default: 1)

Default value: $st2::params::scheduler_num

rulesengine_num

Data type: Any

The number of rulesengines to have in an active active state (default: 1)

Default value: $st2::params::rulesengine_num

notifier_num

Data type: Any

The number of notifiers to have in an active active state (default: 1)

Default value: $st2::params::notifier_num

erlang_url

Data type: Any

The url for the erlang repositiory to be used for rabbitmq

Default value: $st2::params::erlang_url

erlang_key

Data type: Any

The gpg key for the erlang repositiory to be used for rabbitmq

Default value: $st2::params::erlang_key

validate_output_schema

Data type: Any

Enable/disable output schema validation in StackStorm

Default value: $st2::params::validate_output_schema

cli_silence_ssl_warnings

Data type: Any

Default value: false

ng_init

Data type: Any

Default value: true

datastore_keys_dir

Data type: Any

Default value: $st2::params::datstore_keys_dir

datastore_key_path

Data type: Any

Default value: "${st2::params::datstore_keys_dir}/datastore_key.json"

rabbitmq_username

Data type: Any

Default value: $st2::params::rabbitmq_username

rabbitmq_password

Data type: Any

Default value: $st2::params::rabbitmq_password

rabbitmq_hostname

Data type: Any

Default value: $st2::params::rabbitmq_hostname

rabbitmq_port

Data type: Any

Default value: $st2::params::rabbitmq_port

rabbitmq_bind_ip

Data type: Any

Default value: $st2::params::rabbitmq_bind_ip

rabbitmq_vhost

Data type: Any

Default value: $st2::params::rabbitmq_vhost

redis_hostname

Data type: Any

Default value: $st2::params::redis_hostname

redis_port

Data type: Any

Default value: $st2::params::redis_port

redis_password

Data type: Any

Default value: $st2::params::redis_password

st2::auth

StackStorn st2auth service provides a framework for authenticating with various sources. Plugins to this framework that provide authentication implementations are called 'backends'. This generic class can be used to configure the st2auth service and also instantiate a proper backend. The auth backend implementations are in the manifests/auth/ directory.

Examples

Basic usage (via st2)
class { 'st2':
  auth_backend        => 'flat_file',
  auth_backend_config => {
    htpasswd_file => '/etc/something/htpasswd',
  },
}
Instantiate via Hiera
st2::auth_backend: "flat_file"
st2::auth_backend_config"
  htpasswd_file: "/etc/something/htpasswd"
Direct usage (default Flat File auth backend)
include st2::auth
Direct usage to configure a specific auth backend
class { 'st2::auth':
  backend  => 'mongodb',
  backend_config => {
    db_host => 'mongodb.stackstorm.net',
  }
  use_ssl  => true,
  ssl_cert => '/etc/ssl/cert.crt',
  ssl_key  => '/etc/ssl/cert.key',
}

Parameters

The following parameters are available in the st2::auth class:

backend

Data type: Any

Determines which auth backend to configure. (default: flat_file) Available backends:

  • flat_file
  • keystone
  • ldap
  • mongodb
  • pam

Default value: $st2::auth_backend

backend_config

Data type: Any

Hash of parameters to pass to the backend class when it's instantiated. This will be different for every backend. Please see the corresponding backend class to determine what the config options should be.

Default value: $st2::auth_backend_config

debug

Data type: Any

Enable Debug (default: false)

Default value: $st2::auth_debug

mode

Data type: Any

Authentication mode, either 'standalone' or 'proxy' (default: standalone)

Default value: $st2::auth_mode

use_ssl

Data type: Any

Enable SSL (default: false)

Default value: $st2::use_ssl

ssl_cert

Data type: Any

Path to SSL Certificate file (default: '/etc/ssl/st2/st2.crt')

Default value: $st2::ssl_cert

ssl_key

Data type: Any

Path to SSL Key file (default: '/etc/ssl/st2/st2.key')

Default value: $st2::ssl_key

st2::auth::common

Class that contains all of the "common" settings for auth.

  • Note Don't use directly

Parameters

The following parameters are available in the st2::auth::common class:

api_url

Data type: Any

URL to the StackStorm API

Default value: $st2::auth_api_url

conf_file

Data type: Any

The path where st2 config is stored

Default value: $st2::conf_file

debug

Data type: Any

Enable Debug (default: false)

Default value: $st2::auth_debug

mode

Data type: Any

Authentication mode, either 'standalone' or 'proxy' (default: standalone)

Default value: $st2::auth_mode

use_ssl

Data type: Any

Enable SSL (default: false)

Default value: $st2::use_ssl

ssl_cert

Data type: Any

Path to SSL Certificate file (default: '/etc/ssl/st2/st2.crt')

Default value: $st2::ssl_cert

ssl_key

Data type: Any

Path to SSL Key file (default: '/etc/ssl/st2/st2.key')

Default value: $st2::ssl_key

st2::auth::flat_file

Auth class to configure and setup Flat File (htpasswd) Authentication

Examples

Instantiate via st2
class { 'st2':
  auth_backend        => 'flat_file',
  auth_backend_config => {
    htpasswd_file => '/etc/something/htpasswd',
  },
}
Instantiate via Hiera
st2::auth_backend: "flat_file"
st2::auth_backend_config"
  htpasswd_file: "/etc/something/htpasswd"

Parameters

The following parameters are available in the st2::auth::flat_file class:

cli_username

Data type: Any

CLI config - Auth Username

Default value: $st2::cli_username

cli_password

Data type: Any

CLI config - Auth Password

Default value: $st2::cli_password

conf_file

Data type: Any

The path where st2 config is stored

Default value: $st2::conf_file

htpasswd_file

Data type: Any

Path to htpasswd file (default: /etc/st2/htpasswd)

Default value: $st2::params::auth_htpasswd_file

st2::auth::keystone

For information on parameters see the {backend documentation}[https://github.com/StackStorm/st2-auth-backend-keystone#configuration-options]

Examples

Instantiate via st2
class { 'st2':
  auth_backend        => 'keystone',
  auth_backend_config => {
    keystone_url     => 'http://keystone.domain.tld:5000',
    keystone_version => '3',
  },
}
Instantiate via Hiera
st2::auth_backend: "keystone"
st2::auth_backend_config:
  keystone_url: "http://keystone.domain.tld:5000"
  keystone_version: "3"

Parameters

The following parameters are available in the st2::auth::keystone class:

conf_file

Data type: Any

The path where st2 config is stored

Default value: $st2::conf_file

keystone_url

Data type: Any

Keystone URL to connect to (default: '127.0.0.1')

Default value: 'http://127.0.0.1:5000'

keystone_version

Data type: Any

Keystone API version (default: '2')

Default value: '2'

st2::auth::ldap

For information on parameters see the {backend documentation}[https://docs.stackstorm.com/authentication.html#ldap]

Examples

Instantiate via st2 (Active Directory)
class { 'st2':
  auth_backend        => 'ldap',
  auth_backend_config => {
    host            => 'ldap.domain.tld',
    bind_dn         => 'cn=ldap_stackstorm,ou=service accounts,dc=domain,dc=tld',
    base_dn         => 'dc=domain,dc=tld',
    scope           => 'subtree',
    id_attr         => 'username',
    bind_pw         => 'some_password',
    group_dns       => ['"cn=stackstorm_users,ou=groups,dc=domain,dc=tld"'],
    account_pattern => 'userPrincipalName={username}',
  },
}
Instantiate via Hiera (Active Directory)
st2::auth_backend: "ldap"
st2::auth_backend_config:
  host: "ldaps.domain.tld"
  use_tls: false
  use_ssl: true
  port: 636
  bind_dn: 'cn=ldap_stackstorm,ou=service accounts,dc=domain,dc=tld'
  bind_pw: 'some_password'
  chase_referrals: false
  base_dn: 'dc=domain,dc=tld'
  group_dns:
    - '"cn=stackstorm_users,ou=groups,dc=domain,dc=tld"'
  scope: "subtree"
  id_attr: "username"
  account_pattern: "userPrincipalName={username}"

Parameters

The following parameters are available in the st2::auth::ldap class:

conf_file

Data type: Any

The path where st2 config is stored

Default value: $st2::conf_file

host

Data type: Any

URI of the LDAP server. Format: ://[:port] (protocol: ldap or ldaps)

Default value: ''

use_tls

Data type: Any

Boolean parameter to set if tls is required. Should be set to false using ldaps in the uri. (default: false)

Default value: false

use_ssl

Data type: Any

Boolean parameter to set if ssl is required. Should be set to true using ldaps in the uri. (default: false)

Default value: false

port

Data type: Any

Integer port to be used for LDAP connection Should be set to false using ldaps in the uri. (default: 389)

Default value: 389

bind_dn

Data type: Any

DN user to bind to LDAP. If an empty string, an anonymous bind is performed. To use the user supplied username in the bind_dn, use the {username} placeholder in string.

Default value: ''

bind_pw

Data type: Any

DN password. Use the {password} placeholder in the string to use the user supplied password.

Default value: ''

base_dn

Data type: Any

Base DN to search for all users/groups entries.

Default value: ''

group_dns

Data type: Any

DN of groups user must be member of to be granted access

Default value: undef

chase_referrals

Data type: Any

Boolean parameter to set whether to chase referrals. (default: true)

Default value: true

scope

Data type: Any

Search scope (base, onelevel, or subtree) (default: subtree)

Default value: 'subtree'

id_attr

Data type: Any

Field name of the user ID attribute (default: uid)

Default value: 'uid'

account_pattern

Data type: Any

LDAP subtree pattern to match user. The user’s username is escaped and interpolated into this string

Default value: undef

group_pattern

Data type: Any

LDAP subtree pattern for user groups. Both user_dn and username are escaped and then interpolated into this string

Default value: undef

st2::auth::mongodb

For information on parameters see the {backend documentation}[https://github.com/StackStorm/st2-auth-backend-mongodb#configuration-options]

Examples

Instantiate via st2
class { 'st2':
  auth_backend        => 'mongodb',
  auth_backend_config => {
    db_host => 'mongodb.stackstorm.net',
    db_port => '1234',
    db_name => 'myauthdb',
  },
}
Instantiate via Hiera
st2::auth_backend: "mongodb"
st2::auth_backend_config:
  db_host: "mongodb.stackstorm.net"
  db_port: "1234"
  db_name: "myauthdb"

Parameters

The following parameters are available in the st2::auth::mongodb class:

conf_file

Data type: Any

The path where st2 config is stored

Default value: $st2::conf_file

db_host

Data type: Any

Hostname for the MongoDB server (default: 127.0.0.1)

Default value: $st2::db_host

db_port

Data type: Any

Port for the MongoDB server (default: 27017)

Default value: $st2::db_port

db_name

Data type: Any

Database name in MongoDB (default: st2auth)

Default value: 'st2auth'

db_auth

Data type: Any

Enable authentication with MongoDB (required for MongoDB installs with auth enabled)

Default value: $st2::mongodb_auth

db_username

Data type: Any

Username for MongoDB login (default: st2auth)

Default value: $st2::db_username

db_password

Data type: Any

Password for MongoDB login (default: st2auth)

Default value: $st2::db_password

st2::auth::pam

Auth class to configure and setup PAM authentication.

  • TODO Need to configure st2auth service to run as root

  • Note This backend will NOT allow you to auth with PAM for the 'root' user. You will need to auth a non-root user on the Linux host.

Examples

Instantiate via st2
class { 'st2':
  backend => 'pam',
}
Instantiate via Hiera
st2::auth_backend: "pam"
st2::auth_backend_config: {}

Parameters

The following parameters are available in the st2::auth::pam class:

conf_file

Data type: Any

The path where st2 config is stored

Default value: $st2::conf_file

st2::kvs

Automatically loads Key/Value pairs for StackStorm DB from Hiera

  • See also
    • st2::kv

Examples

Key/value pairs defined in Hiera
st2::kvs:
  keyname:
    value: 'blah'
  mysupercoolkey:
    value: 'xyz123'

st2::logging::rsyslog

This class bootstraps a system configured with rsyslog and st2::syslog enabled to route messages to all the right places.

Examples

Basic usage
include st2::logging::rsyslog

st2::notices

This is a private class used to store long strings to limit down on lint problems.

  • Note Please do not call directly

st2::notifier

Normally this class is instantiated by +st2::profile::fullinstall+. However, advanced users can instantiate this class directly to configure and manage just the st2notifier service on a single node. Parameters for this class mirror the parameters in the st2 config.

Examples

Basic usage
include st2::notifier

Parameters

The following parameters are available in the st2::notifier class:

notifier_num

Data type: Any

The number of notifiers to have in an active active state

Default value: $st2::notifier_num

notifier_services

Data type: Any

Name of all the notifier services

Default value: $st2::params::notifier_services

st2::packs

Install and configure st2 packages in bulk and via Hiera.

  • See also
    • st2::pack
      • and st2::pack::config for usage

Examples

Basic Usage
class { 'st2::packs':
  packs => {
    puppet => {},
    influxdb => {
      config => {
        server => 'influxdb.domain.tld',
    },
  },
}
Created via Hiera
st2::packs:
  puppet: {}
  influxdb:
    config:
      server => 'influxdb.domain.tld'

Parameters

The following parameters are available in the st2::packs class:

packs

Data type: Any

Default value: $st2::packs

st2::params

Main parameters to manage the st2 module

Examples

Best Practice
class { 'st2::params':
  admin_username => 'myuser',
  admin_password => 'SuperSecret!',
}
include st2::profile::fullinstall

Parameters

The following parameters are available in the st2::params class:

packs_group_name

Data type: Any

The name of the group created to hold the st2 admin user

Default value: 'st2packs'

hostname

Data type: Any

Hostname of the StackStorm box. This is used as the default to drive a lot of other parameters in the st2 class such as auth URL, MongoDB host, RabbitMQ host, etc.

Default value: '127.0.0.1'

admin_username

Data type: Any

Username of the StackStorm admin user. Best practice is to change this to a unique username.

Default value: 'st2admin'

admin_password

Data type: Any

Password of the StackStorm admin user. Best practice is to change this to a unique password.

Default value: 'Ch@ngeMe'

st2::profile::chatops

Profile to install and configure chatops for st2

  • Note This class doesn't need to be invoked directly, instead it's best to customize it through the main +st2+ class

Examples

Basic Usage
class { 'st2':
  chatops_hubot_name => '"@RosieRobot"',
  chatops_api_key    => '"xxxxyyyyy123abc"',
  chatops_adapter    => {
    hubot-adapter => {
      package => 'hubot-rocketchat',
      source  => 'git+ssh://git@git.company.com:npm/hubot-rocketchat#master',
    },
  },
  chatops_adapter_conf => {
    HUBOT_ADAPTER        => 'rocketchat',
    ROCKETCHAT_URL       => 'https://chat.company.com',
    ROCKETCHAT_ROOM      => 'stackstorm',
    LISTEN_ON_ALL_PUBLIC => 'true',
    ROCKETCHAT_USER      => 'st2',
    ROCKETCHAT_PASSWORD  => 'secret123',
    ROCKETCHAT_AUTH      => 'password',
    RESPOND_TO_DM        => 'true',
  },
}

Parameters

The following parameters are available in the st2::profile::chatops class:

version

Data type: Any

Version of the st2chatops package to install

Default value: $st2::version

hubot_log_level

Data type: Any

Hubot log level

Default value: $st2::chatops_hubot_log_level

hubot_express_port

Data type: Any

Express port hubot listens to

Default value: $st2::chatops_hubot_express_port

tls_cert_reject_unauthorized

Data type: Any

Set to 1 when using self signed certs

Default value: $st2::chatops_tls_cert_reject_unauthorized

hubot_name

Data type: Any

Name of the bot in chat. Should be properly quoted if it has special characters, example: '"MyBot!"'

Default value: $st2::chatops_hubot_name

hubot_alias

Data type: Any

Character to trigger the bot at the beginning of a message. Must be properly quoted of it's a special character, example: "'!'"

Default value: $st2::chatops_hubot_alias

npm_packages

Data type: Any

NodeJS packages to be installed (usually a hubot adapter)

Default value: $st2::chatops_adapter

adapter_config

Data type: Any

Configuration parameters for Hubot adapter (hash)

Default value: $st2::chatops_adapter_conf

api_key

Data type: Any

API key generated by st2 apikey create that hubot will use to post data back to StackStorm.

Default value: $st2::chatops_api_key

st2_hostname

Data type: Any

Hostname of the StackStorm instance that chatops will connect to for API and Auth. If unspecified it will use the default in /opt/stackstorm/chatops/st2chatops.env

Default value: $st2::chatops_st2_hostname

web_url

Data type: Any

Public URL of StackStorm instance. Used by chatops to offer links to execution details in a chat. If unspecified it will use the default in /opt/stackstorm/chatops/st2chatops.env

Default value: $st2::chatops_web_url

api_url

Data type: Any

URL of the StackStorm API service

Default value: $st2::chatops_api_url

auth_url

Data type: Any

URL of the StackStorm Auth service

Default value: $st2::chatops_auth_url

auth_username

Data type: Any

StackStorm auth Username for ChatOps to communicate back with StackStorm. Used if +api_key+ is not specified (optional)

Default value: $st2::cli_username

auth_password

Data type: Any

StackStorm auth Password for ChatOps to communicate back with StackStorm. Used if +api_key+ is not specified (optional)

Default value: $st2::cli_password

st2::profile::client

Profile to install, configure and manage all client libraries for st2

Examples

Basic Usage
include st2::profile::client

Parameters

The following parameters are available in the st2::profile::client class:

auth

Data type: Any

Is auth enabled or not.

Default value: $st2::auth

api_url

Data type: Any

URL of the StackStorm API service

Default value: $st2::cli_api_url

auth_url

Data type: Any

URL of the StackStorm Auth service

Default value: $st2::cli_auth_url

base_url

Data type: Any

Base URL for other StackStorm services

Default value: $st2::cli_base_url

username

Data type: Any

Username for auth on the CLI

Default value: $st2::cli_username

password

Data type: Any

Password for auth on the CLI

Default value: $st2::cli_password

api_version

Data type: Any

Version of the StackStorm API

Default value: $st2::cli_api_version

cacert

Data type: Any

Path to the SSL CA certficate for the StackStorm services

Default value: $st2::cli_cacert

debug

Data type: Any

Enable debug mode

Default value: $st2::cli_debug

cache_token

Data type: Any

Enable cacheing authentication tokens until they expire

Default value: $st2::cli_cache_token

silence_ssl_warnings

Data type: Any

Enable silencing SSL warnings for self-signed certs

Default value: $st2::cli_silence_ssl_warnings

st2::profile::facter

Setup custom fact locations

Examples

Basic Usage
include st2::profile::facter

st2::profile::fullinstall

Components:

  • RabbitMQ
  • Python
  • MongoDB
  • NodeJS
  • nginx

Examples

Basic Usage
include st2::profile::fullinstall
Customizing parameters
# Customizations are done via the main st2 class
class { 'st2':
  # ... assign custom parameters
}

include st2::profile::fullinstall

st2::profile::mongodb

StackStorm compatable installation of MongoDB and dependencies.

Examples

Basic Usage
include st2::profile::mongodb
Customize (done via st2)
class { 'st2':
  db_name     => 'stackstormdb',
  db_username => 'abc',
  db_password => 'xyz123',
  db_port     => 12345,
}
include st2::profile::mongodb

Parameters

The following parameters are available in the st2::profile::mongodb class:

db_name

Data type: Any

Name of the StackStorm database

Default value: $st2::db_name

db_username

Data type: Any

Username to connect to db with

Default value: $st2::db_username

db_password

Data type: Any

Password for 'admin' and 'stackstorm' users in MongDB. If 'undef' then use $cli_password

Default value: $st2::db_password

db_port

Data type: Any

Port for db server for st2 to talk to

Default value: $st2::db_port

db_bind_ips

Data type: Any

Array of bind IP addresses for MongoDB to listen on

Default value: $st2::db_bind_ips

version

Data type: Any

Version of MongoDB to install. If not provided it will be auto-calcuated based on $st2::version.

Default value: $st2::mongodb_version

manage_repo

Data type: Any

Set this to +false+ when you have your own repositories for mongodb

Default value: $st2::mongodb_manage_repo

auth

Data type: Any

Boolean determining if auth should be enabled for MongoDB.

Default value: $st2::mongodb_auth

st2::profile::nginx

StackStorm compatible installation of nginx and dependencies.

Examples

Basic Usage
include st2::profile::nginx
Disable managing the nginx repo so you can manage it yourself
class { 'st2::profile::nginx':
  manage_repo => false,
}

Parameters

The following parameters are available in the st2::profile::nginx class:

manage_repo

Data type: Any

Set this to false when you have your own repository for nginx

Default value: $st2::nginx_manage_repo

st2::profile::nodejs

This class is needed for StackStorm ChatOps +st2::profile::chatops::. Normally this class is instantiated by +st2::profile::fullinstall+. However, advanced users can instantiate this class directly to configure and manage just the NodeJS installation on a single node.

Examples

Basic Usage
include st2::profile::nodejs
Custom Parameters
class { 'st2::profile::nodejs':
}

Parameters

The following parameters are available in the st2::profile::nodejs class:

manage_repo

Data type: Any

Set this to false when you have your own repositories for NodeJS.

Default value: $st2::nodejs_manage_repo

version

Data type: Any

Version of NodeJS to install. If not provided it will be auto-calcuated based on $st2::version

Default value: $st2::nodejs_version

st2::profile::python

include st2::profile::python

Examples

Basic Usage
include st2::profile::python
Install with python 3.8 (if not default on your system)
$st2_python_version = $facts['os']['family'] ? {
  'RedHat' => '3.8',
  'Debian' => 'python3.8',
}
class { 'st2':
  python_version            => $st2_python_version,
}

Parameters

The following parameters are available in the st2::profile::python class:

version

Data type: String

Version of Python to install. Default is 'system' meaning the system version of Python will be used. To install Python 3.8 on RHEL/CentOS/Rocky 7/8 specify '3.8'. To install Python 3.8 on Ubuntu 18.04/20.04 specify 'python3.8'.

Default value: $st2::python_version

st2::profile::rabbitmq

StackStorm compatable installation of RabbitMQ and dependencies.

Examples

Basic Usage
include st2::profile::rabbitmq
Authentication enabled (configured vi st2)
class { 'st2':
  rabbitmq_username => 'rabbitst2',
  rabbitmq_password => 'secret123',
}
include st2::profile::rabbitmq

Parameters

The following parameters are available in the st2::profile::rabbitmq class:

username

Data type: Any

User to create within RabbitMQ for authentication.

Default value: $st2::rabbitmq_username

password

Data type: Any

Password of +username+ for RabbitMQ authentication.

Default value: $st2::rabbitmq_password

port

Data type: Any

Port to bind to for the RabbitMQ server

Default value: $st2::rabbitmq_port

bind_ip

Data type: Any

IP address to bind to for the RabbitMQ server

Default value: $st2::rabbitmq_bind_ip

vhost

Data type: Any

RabbitMQ virtual host to create for StackStorm

Default value: $st2::rabbitmq_vhost

erlang_url

Data type: Any

Default value: $st2::erlang_url

erlang_key

Data type: Any

Default value: $st2::erlang_key

st2::profile::redis

StackStorm compatable installation of Redis.

Examples

Basic Usage
include st2::profile::redis
Install with redis
class { '::redis':
   bind_ip => '127.0.0.1',
 }

Parameters

The following parameters are available in the st2::profile::redis class:

bind_ip

Data type: String

Bind IP of the Redis server. Default is 127.0.0.1

Default value: $st2::redis_bind_ip

st2::profile::selinux

Configure SELinux so that StackStorm services run properly

Examples

Basic Usage
include st2::profile::selinux

st2::profile::server

Profile to install, configure and manage all server components for st2

Examples

Basic usage
include st2::profile::server

Parameters

The following parameters are available in the st2::profile::server class:

version

Data type: Any

Version of StackStorm to install

Default value: $st2::version

conf_dir

Data type: Any

The directory where st2 configs are stored

Default value: $st2::conf_dir

conf_file

Data type: Any

The path where st2 config is stored

Default value: $st2::conf_file

auth

Data type: Any

Toggle Auth

Default value: $st2::auth

actionrunner_workers

Data type: Any

Set the number of actionrunner processes to start

Default value: $st2::actionrunner_workers

st2api_listen_ip

Data type: Any

Listen IP for st2api process

Default value: '127.0.0.1'

st2api_listen_port

Data type: Any

Listen port for st2api process

Default value: '9101'

st2auth_listen_ip

Data type: Any

Listen IP for st2auth process

Default value: '127.0.0.1'

st2auth_listen_port

Data type: Any

Listen port for st2auth process

Default value: '9100'

syslog

Data type: Any

Routes all log messages to syslog

Default value: $st2::syslog

syslog_host

Data type: Any

Syslog host.

Default value: $st2::syslog_host

syslog_protocol

Data type: Any

Syslog protocol.

Default value: $st2::syslog_protocol

syslog_port

Data type: Any

Syslog port.

Default value: $st2::syslog_port

syslog_facility

Data type: Any

Syslog facility.

Default value: $st2::syslog_facility

ssh_key_location

Data type: Any

Location on filesystem of Admin SSH key for remote runner

Default value: $st2::ssh_key_location

db_username

Data type: Any

Username to connect to MongoDB with (default: 'stackstorm')

Default value: $st2::db_username

db_password

Data type: Any

Password for 'stackstorm' user in MongDB.

Default value: $st2::db_password

index_url

Data type: Any

Url to the StackStorm Exchange index file. (default undef)

Default value: $st2::index_url

ng_init

Data type: Any

Default value: $st2::ng_init

rabbitmq_username

Data type: Any

Default value: $st2::rabbitmq_username

rabbitmq_password

Data type: Any

Default value: $st2::rabbitmq_password

rabbitmq_hostname

Data type: Any

Default value: $st2::rabbitmq_hostname

rabbitmq_port

Data type: Any

Default value: $st2::rabbitmq_port

rabbitmq_vhost

Data type: Any

Default value: $st2::rabbitmq_vhost

redis_hostname

Data type: Any

Default value: $st2::redis_hostname

redis_port

Data type: Any

Default value: $st2::redis_port

redis_password

Data type: Any

Default value: $st2::redis_password

packs_group

Data type: Any

Default value: $st2::packs_group_name

validate_output_schema

Data type: Any

Default value: $st2::validate_output_schema

st2::profile::web

Profile to install, configure and manage StackStorm web UI (st2web).

Examples

Basic Usage
include st2::profile::web'
Managing your own certificate
# create your own certificate and key in the correct locations
file { '/etc/ssl/st2/st2.crt':
  content => 'my cert data',
}
file { '/etc/ssl/st2/st2.key':
  content => 'my privatekey data',
}

# instantiate this profile with ssl_cert_manage false
class { 'st2::profile::web':
  ssl_cert_manage => false,
}
Change the SSL protocols and ciphers
class { 'st2::profile::web':
  nginx_ssl_protocols => ['TLSv1.2'],
  nginx_ssl_ciphers => [
    'ECDHE-ECDSA-AES256-GCM-SHA384',
    'ECDHE-ECDSA-AES256-SHA384',
  ],
}

Parameters

The following parameters are available in the st2::profile::web class:

nginx_ssl_ciphers

Data type: Variant[Array[String], String]

String or list of strings of acceptable SSL ciphers to configure nginx with. @see http://nginx.org/en/docs/http/ngx_http_ssl_module.html Note: the defaults are setup to restrict to TLSv1.2 and TLSv1.3 secure ciphers only (secure by default). The secure ciphers for each protocol were obtained via: @see https://wiki.mozilla.org/Security/Server_Side_TLS

Default value: $st2::nginx_ssl_ciphers

nginx_ssl_protocols

Data type: Variant[Array[String], String]

String or list of strings of acceptable SSL protocols to configure nginx with. @see http://nginx.org/en/docs/http/ngx_http_ssl_module.html Note: the defaults are setup to restrict to TLSv1.2 and TLSv1.3 only (secure by default)

Default value: $st2::nginx_ssl_protocols

nginx_ssl_port

Data type: Stdlib::Port

What port should nginx listen on publicly for new connections (default: 443)

Default value: $st2::nginx_ssl_port

nginx_client_max_body_size

Data type: String

The maximum size of the body for a request allow through nginx. We default this to '0' to allow for large messages/payloads/inputs/results to be passed through nginx as is normal in the StackStorm context. @see http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size

Default value: $st2::nginx_client_max_body_size

ssl_cert_manage

Data type: Boolean

Boolean to determine if this module should manage the SSL certificate used by nginx.

Default value: $st2::ssl_cert_manage

ssl_dir

Data type: Stdlib::Absolutepath

Directory where st2web will look for its SSL info. (default: /etc/ssl/st2)

Default value: $st2::ssl_dir

ssl_cert

Data type: String

Path to the file where the StackStorm SSL cert will be generated. (default: /etc/ssl/st2/st2.crt)

Default value: $st2::ssl_cert

ssl_key

Data type: String

Path to the file where the StackStorm SSL key will be generated. (default: /etc/ssl/st2/st2.key)

Default value: $st2::ssl_key

version

Data type: String

Version of StackStorm WebUI to install

Default value: $st2::version

web_root

Data type: String

Directory where the StackStorm WebUI site lives on the filesystem

Default value: $st2::web_root

st2::repo

Manages the installation of st2 required repos for installing the StackStorm packages.

Examples

Basic usage
include st2::repo
Installing from unstable
class { 'st2::repo':
  repository => 'unstable',
}

Parameters

The following parameters are available in the st2::repo class:

ensure

Data type: Enum['present', 'absent']

The basic state the repo should be in

Default value: 'present'

repository

Data type: St2::Repository

Release repository to enable

Default value: $st2::repository

manage_epel_repo

Data type: Boolean

Default value: true

st2::repo::apt

Apt repo for StackStorm

st2::repo::yum

Yum repo for StackStorm

st2::rulesengine

Normally this class is instantiated by +st2::profile::fullinstall+. However, advanced users can instantiate this class directly to configure and manage just the st2rulesengine service on a single node. Parameters for this class mirror the parameters in the st2 config.

Examples

Basic usage
include st2::rulesengine

Parameters

The following parameters are available in the st2::rulesengine class:

rulesengine_num

Data type: Any

The number of rulesengines to have in an active active state

Default value: $st2::rulesengine_num

rulesengine_services

Data type: Any

Name of all the rulesengine services

Default value: $st2::params::rulesengine_services

st2::scheduler

Normally this class is instantiated by st2::profile::fullinstall. However, advanced users can instantiate this class directly to configure and manage just the st2scheduler service on a single node. Parameters for this class mirror the parameters in the st2 config.

Examples

Basic usage
include st2::scheduler
Customizing parameters
class { 'st2::scheduler':
  sleep_interval => 60,
  gc_interval    => 120,
}

Parameters

The following parameters are available in the st2::scheduler class:

sleep_interval

Data type: Any

How long (in seconds) to sleep between each action scheduler main loop run interval.

Default value: $st2::scheduler_sleep_interval

gc_interval

Data type: Any

How often (in seconds) to look for zombie execution requests before rescheduling them.

Default value: $st2::scheduler_gc_interval

pool_size

Data type: Any

The size of the pool used by the scheduler for scheduling executions.

Default value: $st2::scheduler_pool_size

scheduler_num

Data type: Any

The number of schedulers to have in an active active state

Default value: $st2::scheduler_num

scheduler_services

Data type: Any

Name of all the scheduler services.

Default value: $st2::params::scheduler_services

st2::server::datastore_keys

Generates and manages crypto keys for use with the StackStorm datastore

Examples

Basic Usage
include st2::server::datastore_keys
Custom key path
class { 'st2::server::datastore_keys':
  keys_dir => '/path/to/custom/keys',
  key_path => '/path/to/custom/keys/datastore_key.json.',
}

Parameters

The following parameters are available in the st2::server::datastore_keys class:

conf_file

Data type: Any

The path where st2 config is stored

Default value: $st2::conf_file

keys_dir

Data type: Any

The directory where the datastore keys will be stored

Default value: $st2::datastore_keys_dir

key_path

Data type: Any

Path to the key file

Default value: $st2::datastore_key_path

st2::stanley

Installs the default admin user for st2 (stanley).

  • Note Will install auto-generate SSH keys of none are provided.

Examples

Basic Usage
include st2::stanley
Custom SSH keys
class { 'st2::stanley':
  ssh_key_type => 'ssh-rsa',
  ssh_public_key => 'AAAAAWESOMEKEY==',
  ssh_private_key => '----- BEGIN RSA PRIVATE KEY -----\nDEADBEEF\n----- END RSA PRIVATE KEY -----',
}

Parameters

The following parameters are available in the st2::stanley class:

username

Data type: Any

Name of the stanley user

Default value: 'stanley'

ssh_public_key

Data type: Any

SSH Public Key without leading key-type and end email

Default value: undef

ssh_key_type

Data type: Any

Type of SSH Key (ssh-dsa/ssh-rsa)

Default value: undef

ssh_private_key

Data type: Any

Private key

Default value: undef

client

Data type: Any

Allow incoming connections from the defined user

Default value: true

server

Data type: Any

Server where connection requests originate (usually st2 server)

Default value: true

st2::timersengine

Normally this class is instantiated by +st2::profile::fullinstall+. However, advanced users can instantiate this class directly to configure and manage just the st2timersengine service on a single node. Parameters for this class mirror the parameters in the st2 config.

Examples

Basic usage
include st2::timersengine
Customizing parameters
class { 'st2::timersengine':
  enabled  => true,
  timezone => 'America/Los_Angeles',
}

Parameters

The following parameters are available in the st2::timersengine class:

enabled

Data type: Any

Specify to enable timer service.

Default value: $st2::timersengine_enabled

timezone

Data type: Any

Timezone pertaining to the location where st2 is run.

Default value: $st2::timersengine_timezone

st2::workflowengine

Normally this class is instantiated by +st2::profile::fullinstall+. However, advanced users can instantiate this class directly to configure and manage just the st2workflowengine service on a single node. Parameters for this class mirror the parameters in the st2 config.

Examples

Basic usage
include st2::workflowengine

Parameters

The following parameters are available in the st2::workflowengine class:

workflowengine_num

Data type: Any

The number of workflowengines to have in an active active state

Default value: $st2::workflowengine_num

workflowengine_services

Data type: Any

Name of all the workflowengine services.

Default value: $st2::params::workflowengine_services

Defined types

st2::auth_user

Creates and manages StackStorm application users (flat_file auth only)

Examples

Basic usage
st2::auth_user { 'st2admin':
  password => 'neato!',
}

Parameters

The following parameters are available in the st2::auth_user defined type:

name

Name of the user

ensure

Data type: Any

Ensure user exists or not

Default value: present

password

Data type: Any

User's password

Default value: undef

st2::client::settings

Generates a configuration file for the st2 CLI (st2client)

Examples

Basic usage
st2::client::settings { 'john':
  username => 'st2_john',
  password => 'xyz123',
}

Parameters

The following parameters are available in the st2::client::settings defined type:

name

OS-level username. Used to determine where the config file will be placed.

user

Data type: Any

See name

Default value: $name

homedir

Data type: Any

Path to home directory of the user.

Default value: "/home/${name}"

auth

Data type: Any

Is auth enabled or not.

Default value: $st2::auth

api_url

Data type: Any

URL of the StackStorm API service

Default value: $st2::cli_api_url

auth_url

Data type: Any

URL of the StackStorm Auth service

Default value: $st2::cli_auth_url

base_url

Data type: Any

Base URL for other StackStorm services

Default value: $st2::cli_base_url

username

Data type: Any

Username for auth on the CLI

Default value: $st2::cli_username

password

Data type: Any

Password for auth on the CLI

Default value: $st2::cli_password

disable_credentials

Data type: Any

Prevents credentials (username, password) from being written to the config file

Default value: false

api_version

Data type: Any

Version of the StackStorm API

Default value: $st2::cli_api_version

cacert

Data type: Any

Path to the SSL CA certficate for the StackStorm services

Default value: $st2::cli_cacert

debug

Data type: Any

Enable debug mode

Default value: $st2::cli_debug

cache_token

Data type: Any

Enable cacheing authentication tokens until they expire

Default value: $st2::cli_cache_token

silence_ssl_warnings

Data type: Any

Enable silencing SSL warnings for self-signed certs

Default value: $st2::cli_silence_ssl_warnings

st2::kv

Sets a value to the StackStorm Key/Value Store

Examples

Basic usage
st2::kv { 'install_uuid':
  value => $_uuid,
}

Parameters

The following parameters are available in the st2::kv defined type:

key

Data type: Any

Key to set

Default value: $name

value

Data type: Any

Value of key

ensure

Data type: Any

Default value: present

apikey

Data type: Any

Default value: $st2::cli_apikey

st2::pack

Manages a StackStorm Pack

Examples

Basic Usage
st2::pack { 'puppet': }
Install from a custom URL
st2::pack { 'custom':
  repo_url => 'http://github.com/myorg/stackstorm-custom.git',
}

Parameters

The following parameters are available in the st2::pack defined type:

pack

Data type: Any

Name of the pack to install.

Default value: $name

repo_url

Data type: Any

URL of the package to install when not installing from the exchange.

Default value: undef

config

Data type: Any

Hash that will be translated into YAML in the pack's config file after installation.

Default value: undef

ensure

Data type: Any

Default value: present

version

Data type: Any

Default value: undef

st2::rbac

This defined type creates RBAC resources for users

  • Note This is an enterprise feature, and requires a license to be used.

Examples

st2::rbac { 'admin':
  description => "Administrative user",
  roles       => [
    'observer',
    'my_test_role',
  ],
}

Parameters

The following parameters are available in the st2::rbac defined type:

ensure

Data type: Any

Default value: 'present'

user

Data type: Any

Default value: $name

description

Data type: Any

Default value: 'Created and managed by Puppet'

roles

Data type: Any

Default value: []

st2::service

Creates additional service for components that can be scaled out

Examples

build st2workflowengine service
st2::service { 'st2workflowengine':
  service_name => 'st2workflowengine-rsa',
  service_num => '2',
  existing_services => ['st2workflowengine'],
}

Parameters

The following parameters are available in the st2::service defined type:

service_name

Data type: Any

The service name that we are attempting to scale

service_num

Data type: Any

The number of servicees that should be scaled out

existing_services

Data type: Any

The service to make sure are enabled and running. All new service are automatically added to this.

st2::user

Creates an system (OS level) user for use with StackStorm

Examples

Custom SSH keys
st2::user { 'stanley':
  ssh_key_type => 'ssh-rsa',
  ssh_public_key => 'AAAAAWESOMEKEY==',
  ssh_private_key => '----- BEGIN RSA PRIVATE KEY -----\nDEADBEEF\n----- END RSA PRIVATE KEY -----',
}

Parameters

The following parameters are available in the st2::user defined type:

client

Data type: Any

Allow incoming connections from the defined user

Default value: true

server

Data type: Any

Server where connection requests originate (usually st2 server)

Default value: false

create_sudo_entry

Data type: Any

Manage the sudoers entry (default: false)

Default value: false

ssh_public_key

Data type: Any

SSH Public Key without leading key-type and end email.

Default value: undef

ssh_key_type

Data type: Any

Type of SSH Key (ssh-dsa/ssh-rsa)

Default value: undef

ssh_private_key

Data type: Any

SSH Private key. If not specified, then one will be generated.

Default value: undef

groups

Data type: Any

List of groups (OS level) that this user should be a member of

Default value: undef

ssh_dir

Data type: Any

Directory where SSH keys will be stored

Default value: "/home/${name}/.ssh"

Resource types

st2_pack

Manage st2 packs

Properties

The following properties are available in the st2_pack type.

ensure

Valid values: present, absent

The basic property that the resource should be in.

Default value: present

Parameters

The following parameters are available in the st2_pack type.

apikey

St2 apikey

name

namevar

Name of the pack.

password

St2 cli password

provider

The specific backend to use for this st2_pack resource. You will seldom need to specify this --- Puppet will usually discover the appropriate provider for your platform.

source

Git URL for st2 pack

user

St2 cli user

version

Specific pack version to install

Functions

st2::urlencode

Type: Ruby 4.x API

URL encodes a string

Examples

Basic usage
st2::urlencode('xyz!123')

st2::urlencode(String $url)

URL encodes a string

Returns: String URL encoded data

Examples
Basic usage
st2::urlencode('xyz!123')
url

Data type: String

Raw URL data to encode

st2::version_ge

Type: Puppet Language

Determines if the StackStorm version installed on the system $facts['st2_version'] or the version requested by the user $st2::version is greater than or equal to $version.

This is used to determine if this Puppet module should enable features for managing specific versions of StackStorm. Older versions of StackStorm will not have new features and we don't want this module to try and manage them if they're not present on the system.

Users who have old version of StackStorm installed may have $st2::version = 'present' or $st2::version = 'installed'. In this case, we don't want to assume the user has a new version of StackStorm or wants to upgrade. Instead, we should assume that this the installed version of StackStorm is the version we should be using to compare.

Examples

Basic Usage
if st2::version_ge('2.4.0') {
  # ... do something only for StackStorm version >= 2.4.0
}

st2::version_ge(String $version)

Determines if the StackStorm version installed on the system $facts['st2_version'] or the version requested by the user $st2::version is greater than or equal to $version.

This is used to determine if this Puppet module should enable features for managing specific versions of StackStorm. Older versions of StackStorm will not have new features and we don't want this module to try and manage them if they're not present on the system.

Users who have old version of StackStorm installed may have $st2::version = 'present' or $st2::version = 'installed'. In this case, we don't want to assume the user has a new version of StackStorm or wants to upgrade. Instead, we should assume that this the installed version of StackStorm is the version we should be using to compare.

Returns: Boolean True if the StackStorm version on the system or $st2::version is

= to the +version+ parameter.

Examples
Basic Usage
if st2::version_ge('2.4.0') {
  # ... do something only for StackStorm version >= 2.4.0
}
version

Data type: String

Version string to compare against. This should be in SemVer format

Data types

St2::Repository

Validate the type of system package repository for StackStorm

Alias of

Enum['stable', 'unstable', 'staging-stable', 'staging-unstable']

Tasks

key_decrypt

Decrypt a StackStorm key/value pair. TODO - Remove this when the following is closed: https://github.com/StackStorm/st2/issues/4545

Supports noop? false

Parameters

crypto_key_path

Data type: String

Path to StackStorm crypto key

keys

Data type: Array[Hash]

List of key value pairs

key_get

Retrieve the value for a key from the StackStorm datastore

Supports noop? false

Parameters

key

Data type: String[1]

Key to get

scope

Data type: Optional[String]

Scope to retrieve the data from. Default = 'system'

decrypt

Data type: Optional[Boolean]

Decrypt secret if encrypted. Default = false

convert

Data type: Optional[Boolean]

Attempt to convert the string into a hash, array, etc by parsing it as JSON. If an error occurs the string data will be returned. Default = true

api_key

Data type: Optional[String]

StackStorm API key to use for authentication (prefer this over username/password).

auth_token

Data type: Optional[String]

StackStorm auth token. Use this if username/password auth has already been established in a previous task and auth token is being passed around.

username

Data type: Optional[String]

Username to use for StackStorm authentication.

password

Data type: Optional[String]

Password to use for StackStorm authentication.

key_load

Load a list of a StackStorm key/value pairs into the datastore

Supports noop? false

Parameters

keys

Data type: Array[Hash]

List of key value pairs. Each hash should have a 'name' and 'value' key. Example: {'name': 'mydatastorkey', 'value': 'valueinthedatastore'} . For more details , see: https://docs.stackstorm.com/datastore.html#loading-key-value-pairs-from-a-file

convert

Data type: Optional[Boolean]

Convert non-string types (hash, array, boolean, int, float) to a JSON string before loading it into the datastore.

api_key

Data type: Optional[String]

StackStorm API key to use for authentication (prefer this over username/password).

auth_token

Data type: Optional[String]

StackStorm auth token. Use this if username/password auth has already been established in a previous task and auth token is being passed around.

username

Data type: Optional[String]

Username to use for StackStorm authentication.

password

Data type: Optional[String]

Password to use for StackStorm authentication.

pack_install

Install a list of packs

Supports noop? false

Parameters

packs

Data type: Array[String]

List of packs to install. This can either be the name of a pack to install from the exchange, a URL to a pack to install from git://user@domain/pack.git or https://github.com/org/pack.git, or the path to a local git repo file:///path/to/local/pack

api_key

Data type: Optional[String]

StackStorm API key to use for authentication (prefer this over username/password).

auth_token

Data type: Optional[String]

StackStorm auth token. Use this if username/password auth has already been established in a previous task and auth token is being passed around.

username

Data type: Optional[String]

Username to use for StackStorm authentication.

password

Data type: Optional[String]

Password to use for StackStorm authentication.

pack_list

Get a list of packs

Supports noop? false

Parameters

api_key

Data type: Optional[String]

StackStorm API key to use for authentication (prefer this over username/password).

auth_token

Data type: Optional[String]

StackStorm auth token. Use this if username/password auth has already been established in a previous task and auth token is being passed around.

username

Data type: Optional[String]

Username to use for StackStorm authentication.

password

Data type: Optional[String]

Password to use for StackStorm authentication.

pack_register

Registers a pack that exists on the filesystem

Supports noop? false

Parameters

paths

Data type: Array[String]

Array of directories on the local StackStorm filesystem where the pack contents currently exist and will be used to register from.

api_key

Data type: Optional[String]

StackStorm API key to use for authentication (prefer this over username/password).

auth_token

Data type: Optional[String]

StackStorm auth token. Use this if username/password auth has already been established in a previous task and auth token is being passed around.

username

Data type: Optional[String]

Username to use for StackStorm authentication.

password

Data type: Optional[String]

Password to use for StackStorm authentication.

pack_remove

Remove a list of packs

Supports noop? false

Parameters

packs

Data type: Array[String]

List of packs names to remove

api_key

Data type: Optional[String]

StackStorm API key to use for authentication (prefer this over username/password).

auth_token

Data type: Optional[String]

StackStorm auth token. Use this if username/password auth has already been established in a previous task and auth token is being passed around.

username

Data type: Optional[String]

Username to use for StackStorm authentication.

password

Data type: Optional[String]

Password to use for StackStorm authentication.

rule_disable

Disable a given rule

Supports noop? false

Parameters

rule

Data type: String

Name of a rule to disable (format: pack_name.rule_name)

api_key

Data type: Optional[String]

StackStorm API key to use for authentication (prefer this over username/password).

auth_token

Data type: Optional[String]

StackStorm auth token. Use this if username/password auth has already been established in a previous task and auth token is being passed around.

username

Data type: Optional[String]

Username to use for StackStorm authentication.

password

Data type: Optional[String]

Password to use for StackStorm authentication.

rule_list

Return a list of rules.

Supports noop? false

Parameters

pack

Data type: Optional[String]

Name of a pack if you want to return rules only for a given pack.

api_key

Data type: Optional[String]

StackStorm API key to use for authentication (prefer this over username/password).

auth_token

Data type: Optional[String]

StackStorm auth token. Use this if username/password auth has already been established in a previous task and auth token is being passed around.

username

Data type: Optional[String]

Username to use for StackStorm authentication.

password

Data type: Optional[String]

Password to use for StackStorm authentication.

run

Runs a StackStorm action

Supports noop? false

Parameters

action

Data type: String

Name of the action to execute

parameters

Data type: Optional[Array[String]]

Array of parameter strings to pass to the execution. Named arguments should be of the format 'param=value' positional parameters can be put in their normal order as strings.

api_key

Data type: Optional[String]

StackStorm API key to use for authentication (prefer this over username/password).

auth_token

Data type: Optional[String]

StackStorm auth token. Use this if username/password auth has already been established in a previous task and auth token is being passed around.

username

Data type: Optional[String]

Username to use for StackStorm authentication.

password

Data type: Optional[String]

Password to use for StackStorm authentication.

Plans

st2::upgrade_mongodb

The default upgrade for this plan goes from 3.4 to 3.6 and ultimately to 4.0

High level steps:

  • stop stackstorm

https://docs.mongodb.com/manual/release-notes/3.6-upgrade-standalone/

  • set MongoDB feature compatibility to 3.4
  • change package repo to 3.8
  • upgrade packages
  • set MongoDB feature compatibility to 3.8

https://docs.mongodb.com/manual/release-notes/4.0-upgrade-standalone/

  • change package repo to 4.0
  • upgrade packages
  • set MongoDB feature compatibility to 4.0
  • start stackstorm

Examples

Basic usage
bolt plan run st2::upgrade_mongodb --targets ssh_nodes --params '{"mongo_password": "xxx"}'
Upgrading enterprise packages
bolt plan run st2::upgrade_mongodb --targets ssh_nodes --params '{"mongo_password": "xxx", "mongo_packages": ["mongodb-enterprise-server", "mongodb-enterprise-shell", "mongodb-enterprise-tools"], "mongo_edition": "enterprise"}'
Upgrading from 3.6 to 4.0
bolt plan run st2::upgrade_mongodb --targets ssh_nodes --params '{"mongo_password": "xxx", "upgrade_version_start": "3.8", "upgrade_version_path": ["4.0"]}'
Upgrading from 3.4 to 3.6 to 4.0
bolt plan run st2::upgrade_mongodb --targets ssh_nodes --params '{"mongo_password": "xxx", "upgrade_version_start": "3.4", "upgrade_version_path": ["3.8", "4.0"]}'

Parameters

The following parameters are available in the st2::upgrade_mongodb plan:

targets

Data type: TargetSpec

Set of targets (MongoDB hosts) that this plan will be executed on.

mongo_admin_db

Data type: String

Name of the admin database for MongoDB

Default value: 'admin'

mongo_username

Data type: String

Name of the admin user on the admin database

Default value: 'admin'

mongo_password

Data type: String

Password of the admin user on the admin database

mongo_packages

Data type: Array[String]

List of MongoDB packages that will be upgraded

Default value: ['mongodb-org-server', 'mongodb-org-shell', 'mongodb-org-tools']

mongo_edition

Data type: Enum['enterprise', 'org']

What edition of MongoDB should be setup from a repo perspective, either 'org' for community edition, or 'enterprise' for enterprise edition.

Default value: 'org'

upgrade_version_start

Data type: String

Version of MongoDB that the database is currently on, ie. where we are starting from.

Default value: '3.4'

upgrade_version_path

Data type: Array[String]

List of versions that we will upgrade through along our path to success!

Default value: ['3.6', '4.0']