From e5d5d996701b4d9490a02cddb8b25d92a63b1fed Mon Sep 17 00:00:00 2001 From: bp85 Date: Tue, 11 Jul 2023 13:30:07 -0400 Subject: [PATCH 1/9] Add support for mellon auth --- README.md | 13 ++++++++ REFERENCE.md | 33 +++++++++++++++++-- manifests/apache.pp | 20 ++++++++--- manifests/config.pp | 10 ++++++ manifests/init.pp | 28 ++++++++++++++-- templates/auth_mellon.conf.erb | 8 +++++ templates/generate_ood_mellon_metadata.sh.erb | 22 +++++++++++++ 7 files changed, 124 insertions(+), 10 deletions(-) create mode 100644 templates/auth_mellon.conf.erb create mode 100755 templates/generate_ood_mellon_metadata.sh.erb diff --git a/README.md b/README.md index 62ace8e..4ce39b3 100644 --- a/README.md +++ b/README.md @@ -120,6 +120,19 @@ openondemand::oidc_settings: OIDCStripCookies: 'mod_auth_openidc_session mod_auth_openidc_session_chunks mod_auth_openidc_session_0 mod_auth_openidc_session_1' ``` +Setup OnDemand to authenticate with SAML using apache Mellon. Puppet creates a script `/usr/local/bin/mellon_ood_metadata.sh` to generate certs and relevant metadata files. This script needs to be run (once) manually. + +```yaml +openondemand::servername: ondemand.osc.edu +openondemand::auth_type: 'mellon' +openondemand::auth_configs: + - 'Require valid-user' +openondemand::mellon_config: + MellonEndpointPath: '/mellon' + MellonEnable: 'auth' + MellonIdPMetadataFile: '/etc/httpd/mellon/idpmetadata.xml' +``` + Configure OnDemand via git repo that contains app configs, locales, public, and annoucement files ```yaml diff --git a/REFERENCE.md b/REFERENCE.md index 38c2c27..ac7c646 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -65,11 +65,13 @@ The following parameters are available in the `openondemand` class: * [`ondemand_package_ensure`](#ondemand_package_ensure) * [`ondemand_dex_package_ensure`](#ondemand_dex_package_ensure) * [`mod_auth_openidc_ensure`](#mod_auth_openidc_ensure) +* [`mod_auth_mellon_ensure`](#mod_auth_mellon_ensure) * [`install_apps`](#install_apps) * [`declare_apache`](#declare_apache) * [`apache_scls`](#apache_scls) * [`listen_addr_port`](#listen_addr_port) * [`servername`](#servername) +* [`proxy_server`](#proxy_server) * [`ssl`](#ssl) * [`logroot`](#logroot) * [`use_rewrites`](#use_rewrites) @@ -117,6 +119,7 @@ The following parameters are available in the `openondemand` class: * [`oidc_state_max_number_of_cookies`](#oidc_state_max_number_of_cookies) * [`oidc_settings`](#oidc_settings) * [`dex_config`](#dex_config) +* [`mellon_config`](#mellon_config) * [`web_directory`](#web_directory) * [`nginx_log_group`](#nginx_log_group) * [`nginx_stage_clean_cron_schedule`](#nginx_stage_clean_cron_schedule) @@ -249,6 +252,14 @@ mod_auth_openidc package ensure Default value: `'present'` +##### `mod_auth_mellon_ensure` + +Data type: `String` + +mod_auth_mellon package ensure + +Default value: `'present'` + ##### `install_apps` Data type: `Hash` @@ -289,6 +300,14 @@ ood_portal.yml servername Default value: ``undef`` +##### `proxy_server` + +Data type: `Optional[String]` + +ood_portal.yml proxy_server + +Default value: ``undef`` + ##### `ssl` Data type: `Optional[Array]` @@ -665,6 +684,14 @@ Dex configuration Hash Default value: `{}` +##### `mellon_config` + +Data type: `Hash` + +Mellon configuration Hash for Overwrite + +Default value: `{}` + ##### `web_directory` Data type: `Stdlib::Absolutepath` @@ -1020,7 +1047,7 @@ Manage Open OnDemand dev app #### Examples -##### +##### ```puppet openondemand::app::dev { 'user1': } @@ -1092,7 +1119,7 @@ Manage Open OnDemand user app #### Examples -##### +##### ```puppet openondemand::app::usr { 'user1': @@ -1800,7 +1827,7 @@ Manage Open OnDemand app #### Examples -##### +##### ```puppet openondemand::install::app { 'bc_osc_foo': diff --git a/manifests/apache.pp b/manifests/apache.pp index cca71b8..02e03c1 100644 --- a/manifests/apache.pp +++ b/manifests/apache.pp @@ -53,11 +53,23 @@ ::apache::mod { 'lua': } include ::apache::mod::headers - if $openondemand::auth_type in ['dex','openid-connect'] { - ::apache::mod { 'auth_openidc': - package => "${package_prefix}mod_auth_openidc", - package_ensure => $openondemand::mod_auth_openidc_ensure, + case $openondemand::auth_type { + 'CAS': { + include ::apache::mod::auth_cas } + '(dex|openid-connect)': { + ::apache::mod { 'auth_openidc': + package => "${package_prefix}mod_auth_openidc", + package_ensure => $openondemand::mod_auth_openidc_ensure, + } + } + 'mellon': { + ::apache::mod { 'auth_mellon': + package => "${package_prefix}mod_auth_mellon", + package_ensure => $openondemand::mod_auth_openidc_ensure, + } + } + default: {} } if $openondemand::scl_apache { diff --git a/manifests/config.pp b/manifests/config.pp index 6f8a463..bf05fcd 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -242,6 +242,16 @@ } } + # deploy script to generate mellon metadata + if $openondemand::auth_type == 'mellon' { + file { '/usr/local/bin/mellon_ood_metadata.sh': + content => template('openondemand/generate_ood_mellon_metadata.sh.erb'), + owner => 'root', + group => 'root', + mode => '0755', + } + } + file { '/etc/ood/config/nginx_stage.yml': ensure => 'file', owner => 'root', diff --git a/manifests/init.pp b/manifests/init.pp index fd83426..f511971 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -22,6 +22,8 @@ # ondemand-dex package ensure # @param mod_auth_openidc_ensure # mod_auth_openidc package ensure +# @param mod_auth_mellon_ensure +# mod_auth_mellon package ensure # @param install_apps # Hash of apps to install, passed to ondemand::install::app # @param declare_apache @@ -32,6 +34,8 @@ # ood_portal.yml listen_addr_port # @param servername # ood_portal.yml servername +# @param proxy_server +# ood_portal.yml proxy_server # @param ssl # ood_portal.yml ssl # @param logroot @@ -126,6 +130,8 @@ # Hash of OIDC settings passsed directly to Apache config # @param dex_config # Dex configuration Hash +# @param mellon_config +# Additional Mellon override config for apache # @param web_directory # Path to main web directory for OnDemand # @param nginx_log_group @@ -233,6 +239,7 @@ String $ondemand_package_ensure = 'present', String $ondemand_dex_package_ensure = 'present', String $mod_auth_openidc_ensure = 'present', + String $mod_auth_mellon_ensure = 'present', Hash $install_apps = {}, # Apache @@ -242,6 +249,7 @@ # ood_portal.yml Variant[Array, String, Undef] $listen_addr_port = undef, Optional[String] $servername = undef, + Optional[String] $proxy_server = undef, Optional[Array] $ssl = undef, String $logroot = 'logs', Boolean $use_rewrites = true, @@ -257,7 +265,7 @@ Optional[String] $user_map_cmd = undef, Optional[String] $user_env = undef, Optional[String] $map_fail_uri = undef, - Enum['CAS', 'openid-connect', 'shibboleth', 'dex'] $auth_type = 'dex', + Enum['CAS', 'openid-connect', 'mellon', 'shibboleth', 'dex'] $auth_type = 'dex', Optional[Array] $auth_configs = undef, String $root_uri = '/pun/sys/dashboard', Optional[Struct[{url => String, id => String}]] $analytics = undef, @@ -294,6 +302,19 @@ # Dex configs Openondemand::Dex_config $dex_config = {}, + # Mellon Configs + Optional[Hash] $mellon_default_config = { + 'MellonSPPrivateKeyFile' => '/etc/httpd/mellon/mellon.key', + 'MellonSPCertFile' => '/etc/httpd/mellon/mellon.cer', + 'MellonSPMetadataFile' => '/etc/httpd/mellon/mellon_metadata.xml', + 'MellonIdPMetadataFile' => '/etc/httpd/mellon/idp_metadata.xml', + 'MellonEnable' => 'auth', + 'MellonEndpointPath' => '/mellon', + }, + Optional[Hash] $mellon_config = {} + # Merge default config with updated configs + Optional[Hash] $mellon_merged_config = merge($mellon_default_config, $mellon_config) + # Misc configs Stdlib::Absolutepath $web_directory = '/var/www/ood', String $nginx_log_group = 'ondemand-nginx', @@ -387,11 +408,11 @@ if $ssl { $port = '443' - $listen_ports = ['443', '80'] + $listen_ports = pick($listen_addr_port, ['443', '80']) $protocol = 'https' } else { $port = '80' - $listen_ports = ['80'] + $listen_ports = pick($listen_addr_port, ['80']) $protocol = 'http' } @@ -446,6 +467,7 @@ $ood_portal_config = { 'listen_addr_port' => $listen_ports, 'servername' => $servername, + 'proxy_server' => $proxy_server, 'port' => $port, 'ssl' => $ssl, 'logroot' => $logroot, diff --git a/templates/auth_mellon.conf.erb b/templates/auth_mellon.conf.erb new file mode 100644 index 0000000..21cf3ee --- /dev/null +++ b/templates/auth_mellon.conf.erb @@ -0,0 +1,8 @@ + +<% scope['openondemand::auth'].each do |k| -%> + <%= k %> +<% end %> +<% scope['openondemand::mellon_merged_config'].each do |k,v| -%> + <%= k %> <%= v %> +<% end %> + diff --git a/templates/generate_ood_mellon_metadata.sh.erb b/templates/generate_ood_mellon_metadata.sh.erb new file mode 100755 index 0000000..e440b3e --- /dev/null +++ b/templates/generate_ood_mellon_metadata.sh.erb @@ -0,0 +1,22 @@ +#!/usr/bin/env bash + +MELLON_DIR="<%= scope['apache::params::httpd_dir'] -%>/mellon" + +[ -d ${MELLON_DIR} ] || mkdir ${MELLON_DIR} + +pushd $MELLON_DIR +<% if scope['openondemand::proxy_server'] -%> +export mellon_endpoint="https://<%= scope['openondemand::proxy_server'] %><%= scope['openondemand::mellon_merged_config']['MellonEndpointPath'] %>" +<% else -%> +export mellon_endpoint="https://<%= scope['openondemand::servername'] %><%= scope['openondemand::mellon_merged_config']['MellonEndpointPath'] %>" +<% end -%> +<%= scope['apache::params::httpd_root'] %>/usr/libexec/mod_auth_mellon/mellon_create_metadata.sh "${mellon_endpoint}/metadata" "${mellon_endpoint}" + +mv *mellon_metadata.cert ./mellon.cert +mv *mellon_metadata.key ./mellon.key +mv *mellon_metadata.xml ./mellon_metadata.xml + +openssl pkcs12 -export -inkey ./mellon.key -in ./mellon.cert -out ./mellon.pfx -passout pass: + +popd +echo "Mellon files are generated at ${MELLON_DIR}" From 48649a700e1dd7b21879fb807a80c4e22245c2b8 Mon Sep 17 00:00:00 2001 From: bp85 Date: Thu, 27 Mar 2025 12:04:44 -0400 Subject: [PATCH 2/9] add more enhancements --- README.md | 3 ++- REFERENCE.md | 18 ++++++++++++++++++ manifests/apache.pp | 2 +- manifests/config.pp | 18 ++++++++++++++++++ manifests/init.pp | 14 ++++++++++---- templates/generate_ood_mellon_metadata.sh.erb | 2 +- 6 files changed, 50 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index a390f03..3635868 100644 --- a/README.md +++ b/README.md @@ -121,13 +121,14 @@ openondemand::oidc_settings: OIDCStripCookies: 'mod_auth_openidc_session mod_auth_openidc_session_chunks mod_auth_openidc_session_0 mod_auth_openidc_session_1' ``` -Setup OnDemand to authenticate with SAML using apache Mellon. Puppet creates a script `/usr/local/bin/mellon_ood_metadata.sh` to generate certs and relevant metadata files. This script needs to be run (once) manually. +Setup OnDemand to authenticate with SAML using apache Mellon. Puppet creates a script `/usr/local/bin/mellon_ood_metadata.sh` to generate certs and relevant metadata files. This script automatically run by puppet. Set `mellon_manage_metadata` to false for puppet to stop creating/managing metadata. IDPMetadata needs to be downloaded seperately to a file and passed to `mellon_config` ```yaml openondemand::servername: ondemand.osc.edu openondemand::auth_type: 'mellon' openondemand::auth_configs: - 'Require valid-user' +openondemand::mellon_dir: '/etc/httpd/mellon' #defaults to ${apache::httpd_dir}/mellon openondemand::mellon_config: MellonEndpointPath: '/mellon' MellonEnable: 'auth' diff --git a/REFERENCE.md b/REFERENCE.md index f727353..d26a652 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -125,7 +125,9 @@ The following parameters are available in the `openondemand` class: * [`oidc_settings`](#-openondemand--oidc_settings) * [`dex_uri`](#-openondemand--dex_uri) * [`dex_config`](#-openondemand--dex_config) +* [`mellon_dir`](#-openondemand--mellon_dir) * [`mellon_config`](#-openondemand--mellon_config) +* [`mellon_manage_metadata`](#-openondemand--mellon_manage_metadata) * [`web_directory`](#-openondemand--web_directory) * [`nginx_log_group`](#-openondemand--nginx_log_group) * [`nginx_stage_clean_cron_schedule`](#-openondemand--nginx_stage_clean_cron_schedule) @@ -732,6 +734,14 @@ Dex configuration Hash Default value: `{}` +##### `mellon_dir` + +Data type: `Stdlib::Absolutepath` + +Path to Mellon congiration and files directory + +Default value: `${apache::httpd_dir}/mellon` + ##### `mellon_config` Data type: `Hash` @@ -740,6 +750,14 @@ Mellon configuration Hash for Overwrite Default value: `{}` +##### `mellon_manage_metadata` + +Data type: `Boolean` + +Mellon Metadata managed by puppet or not + +Default value: `true` + ##### `web_directory` Data type: `Stdlib::Absolutepath` diff --git a/manifests/apache.pp b/manifests/apache.pp index 6309c17..6fb27bb 100644 --- a/manifests/apache.pp +++ b/manifests/apache.pp @@ -74,7 +74,7 @@ 'mellon': { ::apache::mod { 'auth_mellon': package => "${package_prefix}mod_auth_mellon", - package_ensure => $openondemand::mod_auth_openidc_ensure, + package_ensure => $openondemand::mod_auth_mellon_ensure, } } default: {} diff --git a/manifests/config.pp b/manifests/config.pp index d4f34b5..bb28a01 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -279,12 +279,30 @@ # deploy script to generate mellon metadata if $openondemand::auth_type == 'mellon' { + file {"${openondemand::mellon_dir}/00-auth-mellon.conf": + content => template('openondemand/auth_mellon.conf.erb'), + owner => 'root', + group => 'root', + mode => '0755' + } file { '/usr/local/bin/mellon_ood_metadata.sh': content => template('openondemand/generate_ood_mellon_metadata.sh.erb'), owner => 'root', group => 'root', mode => '0755', } + if $openondemand::mellon_manage_metadata == true { + # Run Metadata creation script if files doesn't exist + exec { '/usr/local/bin/mellon_ood_metadata.sh': + creates => [ + "${openondemand::mellon_dir}/mellon.cert", + "${openondemand::mellon_dir}/mellon.key", + "${openondemand::mellon_dir}/mellon_metadata.xml", + ], + require => File['/usr/local/bin/mellon_ood_metadata.sh'], + notify => Class['apache::service'], + } + } } file { '/etc/ood/config/nginx_stage.yml': diff --git a/manifests/init.pp b/manifests/init.pp index 506c49b..7fa19d3 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -142,8 +142,12 @@ # Dex URI if put behind Apache reverse proxy # @param dex_config # Dex configuration Hash +# @param mellon_dir +# Apache Mellon Directory for storing configs/certs # @param mellon_config # Additional Mellon override config for apache +# @param mellon_manage_metadata +# Whether to manage mellon metadata or not # @param web_directory # Path to main web directory for OnDemand # @param nginx_log_group @@ -320,11 +324,13 @@ Openondemand::Dex_config $dex_config = {}, # Mellon Configs + Stdlib::Absolutepath $mellon_dir = "${apache::httpd_dir}/mellon", + Blloean mellon_manage_metadata = true, Optional[Hash] $mellon_default_config = { - 'MellonSPPrivateKeyFile' => '/etc/httpd/mellon/mellon.key', - 'MellonSPCertFile' => '/etc/httpd/mellon/mellon.cer', - 'MellonSPMetadataFile' => '/etc/httpd/mellon/mellon_metadata.xml', - 'MellonIdPMetadataFile' => '/etc/httpd/mellon/idp_metadata.xml', + 'MellonSPPrivateKeyFile' => "${mellon_dir}/mellon.key", + 'MellonSPCertFile' => "${mellon_dir}/mellon.cer", + 'MellonSPMetadataFile' => "${mellon_dir}/mellon_metadata.xml", + 'MellonIdPMetadataFile' => "${mellon_dir}/idp_metadata.xml", 'MellonEnable' => 'auth', 'MellonEndpointPath' => '/mellon', }, diff --git a/templates/generate_ood_mellon_metadata.sh.erb b/templates/generate_ood_mellon_metadata.sh.erb index e440b3e..84026f1 100755 --- a/templates/generate_ood_mellon_metadata.sh.erb +++ b/templates/generate_ood_mellon_metadata.sh.erb @@ -1,6 +1,6 @@ #!/usr/bin/env bash -MELLON_DIR="<%= scope['apache::params::httpd_dir'] -%>/mellon" +MELLON_DIR="<%= scope['openondemand::mellon_dir'] -%>" [ -d ${MELLON_DIR} ] || mkdir ${MELLON_DIR} From 1ffc9481f881038c0ea8131d7f9ac2e88baf532c Mon Sep 17 00:00:00 2001 From: bp85 Date: Thu, 27 Mar 2025 17:47:50 -0400 Subject: [PATCH 3/9] syntax fix --- manifests/config.pp | 2 +- manifests/init.pp | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/manifests/config.pp b/manifests/config.pp index e832ecd..15c9229 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -307,7 +307,7 @@ content => template('openondemand/auth_mellon.conf.erb'), owner => 'root', group => 'root', - mode => '0755' + mode => '0755', } file { '/usr/local/bin/mellon_ood_metadata.sh': content => template('openondemand/generate_ood_mellon_metadata.sh.erb'), diff --git a/manifests/init.pp b/manifests/init.pp index 0ee07bd..486030e 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -361,9 +361,9 @@ 'MellonEnable' => 'auth', 'MellonEndpointPath' => '/mellon', }, - Optional[Hash] $mellon_config = {} + Optional[Hash] $mellon_config = {}, # Merge default config with updated configs - Optional[Hash] $mellon_merged_config = merge($mellon_default_config, $mellon_config) + Optional[Hash] $mellon_merged_config = merge($mellon_default_config, $mellon_config), # Misc configs Stdlib::Absolutepath $web_directory = '/var/www/ood', From 8c2ec630b4fecef732b80f633c179ba08496bbe9 Mon Sep 17 00:00:00 2001 From: Bhanu Prasad G Date: Mon, 31 Mar 2025 11:18:47 -0400 Subject: [PATCH 4/9] Update manifests/apache.pp accept changes Co-authored-by: treydock --- manifests/apache.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/apache.pp b/manifests/apache.pp index e76df19..84c8c9b 100644 --- a/manifests/apache.pp +++ b/manifests/apache.pp @@ -51,7 +51,7 @@ case $openondemand::auth_type { 'CAS': { - include ::apache::mod::auth_cas + include apache::mod::auth_cas } '(dex|openid-connect)': { ::apache::mod { 'auth_openidc': From 046a6303a2d64423f05b85e324048429bd156c41 Mon Sep 17 00:00:00 2001 From: Bhanu Prasad G Date: Mon, 31 Mar 2025 11:19:15 -0400 Subject: [PATCH 5/9] Update manifests/apache.pp accept changes Co-authored-by: treydock --- manifests/apache.pp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/manifests/apache.pp b/manifests/apache.pp index 84c8c9b..fe62b34 100644 --- a/manifests/apache.pp +++ b/manifests/apache.pp @@ -54,14 +54,14 @@ include apache::mod::auth_cas } '(dex|openid-connect)': { - ::apache::mod { 'auth_openidc': - package => "${package_prefix}mod_auth_openidc", + apache::mod { 'auth_openidc': + package => $openidc_package, package_ensure => $openondemand::mod_auth_openidc_ensure, } } 'mellon': { - ::apache::mod { 'auth_mellon': - package => "${package_prefix}mod_auth_mellon", + apache::mod { 'auth_mellon': + package => $auth_mellon_package, package_ensure => $openondemand::mod_auth_mellon_ensure, } } From 37bd202990710f7402435363cade96b2a422d3b7 Mon Sep 17 00:00:00 2001 From: bp85 Date: Mon, 31 Mar 2025 11:28:58 -0400 Subject: [PATCH 6/9] move configs out of params --- manifests/init.pp | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index 486030e..fd25777 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -352,18 +352,8 @@ # Mellon Configs Stdlib::Absolutepath $mellon_dir = "${apache::httpd_dir}/mellon", - Blloean mellon_manage_metadata = true, - Optional[Hash] $mellon_default_config = { - 'MellonSPPrivateKeyFile' => "${mellon_dir}/mellon.key", - 'MellonSPCertFile' => "${mellon_dir}/mellon.cer", - 'MellonSPMetadataFile' => "${mellon_dir}/mellon_metadata.xml", - 'MellonIdPMetadataFile' => "${mellon_dir}/idp_metadata.xml", - 'MellonEnable' => 'auth', - 'MellonEndpointPath' => '/mellon', - }, + Boolean mellon_manage_metadata = true, Optional[Hash] $mellon_config = {}, - # Merge default config with updated configs - Optional[Hash] $mellon_merged_config = merge($mellon_default_config, $mellon_config), # Misc configs Stdlib::Absolutepath $web_directory = '/var/www/ood', @@ -494,6 +484,18 @@ $auth = undef $_dex_config = $dex_config } + 'mellon': { + $mellon_default_config = { + 'MellonSPPrivateKeyFile' => "${mellon_dir}/mellon.key", + 'MellonSPCertFile' => "${mellon_dir}/mellon.cer", + 'MellonSPMetadataFile' => "${mellon_dir}/mellon_metadata.xml", + 'MellonIdPMetadataFile' => "${mellon_dir}/idp_metadata.xml", + 'MellonEnable' => 'auth', + 'MellonEndpointPath' => '/mellon', + } + # Merge default config with updated configs + $mellon_merged_config = merge($mellon_default_config, $mellon_config) + } default: { $auth = ["AuthType ${auth_type}"] + $auth_configs $_dex_config = undef From faaf7cab7623184ac90b8c216d01d82381c8acdd Mon Sep 17 00:00:00 2001 From: treydock Date: Tue, 5 Aug 2025 09:08:45 -0400 Subject: [PATCH 7/9] Update manifests/init.pp --- manifests/init.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/init.pp b/manifests/init.pp index 60d2939..0043969 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -352,7 +352,7 @@ # Mellon Configs Stdlib::Absolutepath $mellon_dir = "${apache::httpd_dir}/mellon", - Boolean mellon_manage_metadata = true, + Boolean $mellon_manage_metadata = true, Optional[Hash] $mellon_config = {}, # Misc configs From dd1c10e4b99fe63693d1fc84213f33aa54cfbfb8 Mon Sep 17 00:00:00 2001 From: treydock Date: Tue, 5 Aug 2025 09:11:06 -0400 Subject: [PATCH 8/9] Update manifests/init.pp --- manifests/init.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/init.pp b/manifests/init.pp index 0043969..2c22886 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -353,7 +353,7 @@ # Mellon Configs Stdlib::Absolutepath $mellon_dir = "${apache::httpd_dir}/mellon", Boolean $mellon_manage_metadata = true, - Optional[Hash] $mellon_config = {}, + Hash $mellon_config = {}, # Misc configs Stdlib::Absolutepath $web_directory = '/var/www/ood', From dc19019ec23b0f471a2dc21ec4f1b9cf6dac1d74 Mon Sep 17 00:00:00 2001 From: treydock Date: Tue, 5 Aug 2025 09:11:40 -0400 Subject: [PATCH 9/9] Update manifests/config.pp --- manifests/config.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/config.pp b/manifests/config.pp index 1b96836..bab8240 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -305,7 +305,7 @@ # deploy script to generate mellon metadata if $openondemand::auth_type == 'mellon' { - file {"${openondemand::mellon_dir}/00-auth-mellon.conf": + file { "${openondemand::mellon_dir}/00-auth-mellon.conf": content => template('openondemand/auth_mellon.conf.erb'), owner => 'root', group => 'root',