Puppet Class: openondemand

Defined in:: manifests/init.pp

Summary

Manage Open OnDemand

Overview

Parameters:

repo_release (String) (defaults to: '3.0') —

The release of OnDemand repo
repo_baseurl_prefix (Variant[Stdlib::HTTPSUrl, Stdlib::HTTPUrl]) (defaults to: 'https://yum.osc.edu/ondemand') —

The baseurl prefix for OnDemand repo
repo_gpgkey (Variant[Stdlib::HTTPSUrl, Stdlib::HTTPUrl, Stdlib::Absolutepath]) (defaults to: 'https://yum.osc.edu/ondemand/RPM-GPG-KEY-ondemand-SHA512') —

The URL for OnDemand repo GPG key
repo_proxy (Optional[String[1]]) (defaults to: undef) —

The URL for proxy for OnDemand repo
repo_priority (Integer[1,99]) (defaults to: 99) —

The priority of the OnDemand repo
repo_exclude (String) (defaults to: 'absent') —

Exclusion for OnDemand repo
manage_dependency_repos (Boolean) (defaults to: true) —

Boolean that determines if managing repos for package dependencies
manage_epel (Boolean) (defaults to: true) —

Boolean that determines if managing EPEL repo
repo_nightly (Boolean) (defaults to: false) —

Add the OnDemand nightly repo
selinux (Boolean) (defaults to: false) —

Boolean that determines if adding SELinux support
ondemand_package_ensure (String) (defaults to: 'present') —

ondemand package ensure
ondemand_dex_package_ensure (String) (defaults to: 'present') —

ondemand-dex package ensure
mod_auth_openidc_ensure (String) (defaults to: 'present') —

mod_auth_openidc package ensure
install_apps (Hash) (defaults to: {}) —

Hash of apps to install, passed to ondemand::install::app
declare_apache (Boolean) (defaults to: true) —

Boolean that determines if apache is declared or included
apache_scls (String) (defaults to: 'httpd24') —

SCLs to load when starting Apache service
generator_insecure (Boolean) (defaults to: false) —

Run ood-portal-generator with –insecure flag This is needed if you wish to use default ood@localhost user or other local users
listen_addr_port (Variant[Array, String, Undef]) (defaults to: undef) —

ood_portal.yml listen_addr_port
servername (Optional[String]) (defaults to: undef) —

ood_portal.yml servername
server_aliases (Optional[Array]) (defaults to: undef) —

ood_porta.yml server_aliases
ssl (Optional[Array]) (defaults to: undef) —

ood_portal.yml ssl
logroot (String) (defaults to: 'logs') —

ood_portal.yml logroot
use_rewrites (Boolean) (defaults to: true) —

ood_portal.yml use_rewrites
use_maintenance (Boolean) (defaults to: true) —

ood_portal.yml use_maintenance
maintenance_ip_allowlist (Array) (defaults to: []) —

ood_portal.yml maintenance_ip_allowlist
maintenance_source (Optional[String]) (defaults to: undef) —

Source for maintenance index.html
maintenance_content (Optional[String]) (defaults to: undef) —

Content for maintenance index.html
security_csp_frame_ancestors (Optional[Variant[String, Boolean]]) (defaults to: undef) —

ood_portal.yml security_csp_frame_ancestors
security_strict_transport (Boolean) (defaults to: true) —

ood_portal.yml security_strict_transport
lua_root (String) (defaults to: '/opt/ood/mod_ood_proxy/lib') —

ood_portal.yml lua_root
lua_log_level (Optional[String]) (defaults to: undef) —

ood_portal.yml lua_log_level
user_map_match (String) (defaults to: '.*') —

ood_portal.yml user_map_match
user_map_cmd (Optional[String]) (defaults to: undef) —

ood_portal.yml user_map_cmd
user_env (Optional[String]) (defaults to: undef) —

ood_portal.yml user_env
map_fail_uri (Optional[String]) (defaults to: undef) —

ood_portal.yml map_fail_uri
auth_type (Variant[Enum['CAS', 'openid-connect', 'shibboleth', 'dex'], String[1]]) (defaults to: 'dex') —

ood_portal.yml auth_type
auth_configs (Optional[Array]) (defaults to: undef) —

ood_portal.yml auth_configs
root_uri (String) (defaults to: '/pun/sys/dashboard') —

ood_portal.yml root_uri
analytics (Optional[Struct[{ url => String, id => String }]]) (defaults to: undef) —

ood_portal.yml analytics
public_uri (String) (defaults to: '/public') —

ood_portal.yml public_uri
public_root (String) (defaults to: '/var/www/ood/public') —

ood_portal.yml public_root
logout_uri (String) (defaults to: '/logout') —

ood_portal.yml logout_uri
logout_redirect (String) (defaults to: '/pun/sys/dashboard/logout') —

ood_portal.yml logout_redirect
host_regex (String) (defaults to: '[^/]+') —

ood_portal.yml host_regex
node_uri (Optional[String]) (defaults to: undef) —

ood_portal.yml node_uri
rnode_uri (Optional[String]) (defaults to: undef) —

ood_portal.yml rnode_uri
nginx_uri (String) (defaults to: '/nginx') —

ood_portal.yml nginx_uri
pun_uri (String) (defaults to: '/pun') —

ood_portal.yml pun_uri
pun_socket_root (String) (defaults to: '/var/run/ondemand-nginx') —

ood_portal.yml pun_socket_root
pun_max_retries (Integer) (defaults to: 5) —

ood_portal.yml pun_max_retries
pun_pre_hook_root_cmd (Optional[Stdlib::Absolutepath]) (defaults to: undef) —

ood_portal.yml pun_pre_hook_root_cmd
pun_pre_hook_exports (Optional[String]) (defaults to: undef) —

ood_porta.yml pun_pre_hook_exports
oidc_uri (Optional[String]) (defaults to: undef) —

ood_portal.yml oidc_uri
oidc_discover_uri (Optional[String]) (defaults to: undef) —

ood_portal.yml oidc_discover_uri
oidc_discover_root (Optional[String]) (defaults to: undef) —

ood_portal.yml oidc_discover_root
register_uri (Optional[String]) (defaults to: undef) —

ood_portal.yml register_uri
register_root (Optional[String]) (defaults to: undef) —

ood_portal.yml register_root
oidc_provider_metadata_url (Optional[String]) (defaults to: undef) —

OIDC metadata URL
oidc_client_id (Optional[String]) (defaults to: undef) —

OIDC client ID
oidc_client_secret (Optional[String]) (defaults to: undef) —

OIDC client secret
oidc_remote_user_claim (String) (defaults to: 'preferred_username') —

OIDC REMOTE_USER claim
oidc_scope (String) (defaults to: 'openid profile email') —

OIDC scopes
oidc_session_inactivity_timeout (Integer) (defaults to: 28800) —

OIDC session inactivity timeout, see OIDCSessionInactivityTimeout
oidc_session_max_duration (Integer) (defaults to: 28800) —

OIDC session max duration, see OIDCSessionMaxDuration
oidc_state_max_number_of_cookies (String) (defaults to: '10 true') —

OIDC setting that determines how to clean up cookies
oidc_settings (Hash) (defaults to: {}) —

Hash of OIDC settings passsed directly to Apache config
dex_uri (Variant[String[1],Boolean]) (defaults to: '/dex') —

Dex URI if put behind Apache reverse proxy
dex_config (Openondemand::Dex_config) (defaults to: {}) —

Dex configuration Hash
web_directory (Stdlib::Absolutepath) (defaults to: '/var/www/ood') —

Path to main web directory for OnDemand
nginx_log_group (String) (defaults to: 'ondemand-nginx') —

Group to set for /var/log/ondemand-nginx
nginx_stage_clean_cron_schedule (String) (defaults to: '0 */2 * * *') —

Configure how often you want to run nginx_clean Defaults to '0 /2 * * ' (every other hour)
nginx_stage_ondemand_portal (String) (defaults to: 'ondemand') —

nginx_stage.yml ondemand_portal
nginx_stage_ondemand_title (String) (defaults to: 'Open OnDemand') —

nginx_stage.yml ondemand_title
nginx_stage_pun_custom_env (Hash) (defaults to: {}) —

nginx_stage.yml pun_custom_env
nginx_stage_app_root (Openondemand::Nginx_stage_namespace_config) (defaults to: {}) —

nginx_stage.yml app_root
nginx_stage_scl_env (String) (defaults to: 'ondemand') —

nginx_stage.yml scl_env
nginx_stage_app_request_regex (Optional[Openondemand::Nginx_stage_namespace_config]) (defaults to: undef) —

nginx_stage.yml app_request_regex
nginx_stage_min_uid (Integer) (defaults to: 1000) —

nginx_stage.yml min_uid
nginx_stage_passenger_pool_idle_time (Integer) (defaults to: 300) —

nginx_stage.yml passenger_pool_idle_time
nginx_stage_passenger_options (Hash[Pattern[/^passenger_.+/], Variant[String, Integer]]) (defaults to: {}) —

nginx_stage.yml passenger_options
nginx_stage_nginx_file_upload_max (Optional[Integer]) (defaults to: undef) —

nginx_stage.yml nginx_file_upload_max
nginx_stage_configs (Hash) (defaults to: {}) —

nginx_stage.yml extra configuration options
config_dir_purge (Boolean) (defaults to: true) —

Boolean that sets if ondemand.d should be purged of unmanaged files
config_source (Optional[String]) (defaults to: undef) —

The source for /etc/ood/config/ondemand.d/ondemand.yml Overrides config_content as well as pinned apps and dashboard layout parameters
config_content (Optional[String]) (defaults to: undef) —

The content for /etc/ood/config/ondemand.d/ondemand.yml Overrides pinned apps and dashboard layout parameters
confs (Hash) (defaults to: {}) —

Hash to define openondemand::conf resources
pinned_apps (Optional[Array[Variant[String[1], Hash]]]) (defaults to: undef) —

Defines the OnDemand configuration for pinned_apps
pinned_apps_menu_length (Optional[Integer]) (defaults to: undef) —

Defines the OnDemand configuration for pinned_apps_menu_length
pinned_apps_group_by (Optional[String[1]]) (defaults to: undef) —

Defines the OnDemand configuration for pinned_apps_group_by
dashboard_layout (Optional[Openondemand::Dashboard_layout]) (defaults to: undef) —

Defines the OnDemand configuration for dashboard_layout
hook_env (Boolean) (defaults to: true) —

Boolean that sets of hook.env configuration should be managed
hook_env_path (Stdlib::Absolutepath) (defaults to: '/etc/ood/config/hook.env') —

Path to hook.env
hook_env_config (Hash) (defaults to: {}) —

Configuration hash to pass into hook.env
kubectl_path (Stdlib::Absolutepath) (defaults to: '/bin/kubectl') —

Path to kubectl
clusters (Hash) (defaults to: {}) —

Hash of resources to apss to openondemand::cluster
clusters_hiera_merge (Boolean) (defaults to: true) —

Boolean that determines if clusters should be merged via lookup function
usr_apps (Variant[Array, Hash]) (defaults to: {}) —

Resources passed to openondemand::app::usr
usr_app_defaults (Hash) (defaults to: {}) —

Defaults for usr_apps resources
dev_apps (Hash) (defaults to: {}) —

Resources passed to openondemand::app::dev
dev_app_users (Array) (defaults to: []) —

Users to define as having dev apps, passed to openondemand::app::dev
dev_app_defaults (Hash) (defaults to: {}) —

Defaults for dev_apps and dev_app_users
apps_config_repo (Optional[String]) (defaults to: undef) —

Git repo URL for apps config
apps_config_revision (Optional[String]) (defaults to: undef) —

Revision for apps config Git repo
apps_config_repo_path (String) (defaults to: '') —

Path in apps config Git repo for app configs
locales_config_repo_path (Optional[String]) (defaults to: undef) —

Path in apps config Git repo for locales configs
announcements_config_repo_path (Optional[String]) (defaults to: undef) —

Path in apps config Git repo for announcements
apps_config_source (Optional[String]) (defaults to: undef) —

Source for apps config, not used if apps_config_repo is defined
locales_config_source (Optional[String]) (defaults to: undef) —

Source for locales config, not used if apps_config_repo is defined
announcements_config_source (Optional[String]) (defaults to: undef) —

Source for aouncements config, not used if apps_config_repo is defined
public_files_repo_paths (Array) (defaults to: []) —

Path to public files in apps config Git repo
manage_logrotate (Boolean) (defaults to: true) —

Boolean that allows disabling management of logrotate

# File 'manifests/init.pp', line 231

class openondemand (
  # repos
  String $repo_release = '3.0',
  Variant[Stdlib::HTTPSUrl, Stdlib::HTTPUrl]
  $repo_baseurl_prefix = 'https://yum.osc.edu/ondemand',
  Variant[Stdlib::HTTPSUrl, Stdlib::HTTPUrl, Stdlib::Absolutepath]
  $repo_gpgkey = 'https://yum.osc.edu/ondemand/RPM-GPG-KEY-ondemand-SHA512',
  Optional[String[1]] $repo_proxy = undef,
  Integer[1,99] $repo_priority = 99,
  String $repo_exclude = 'absent',
  Boolean $manage_dependency_repos = true,
  Boolean $manage_epel = true,
  Boolean $repo_nightly = false,

  # packages
  Boolean $selinux = false,
  String $ondemand_package_ensure                 = 'present',
  String $ondemand_dex_package_ensure             = 'present',
  String $mod_auth_openidc_ensure                 = 'present',
  Hash $install_apps                              = {},

  # Apache
  Boolean $declare_apache = true,
  String $apache_scls = 'httpd24',

  # ood_portal.yml
  Boolean $generator_insecure = false,
  Variant[Array, String, Undef] $listen_addr_port = undef,
  Optional[String] $servername = undef,
  Optional[Array] $server_aliases = undef,
  Optional[Array] $ssl = undef,
  String  $logroot = 'logs',
  Boolean $use_rewrites = true,
  Boolean $use_maintenance = true,
  Array $maintenance_ip_allowlist = [],
  Optional[String] $maintenance_source = undef,
  Optional[String] $maintenance_content = undef,
  Optional[Variant[String, Boolean]] $security_csp_frame_ancestors = undef,
  Boolean $security_strict_transport = true,
  String $lua_root = '/opt/ood/mod_ood_proxy/lib',
  Optional[String] $lua_log_level = undef,
  String $user_map_match = '.*',
  Optional[String] $user_map_cmd  = undef,
  Optional[String] $user_env = undef,
  Optional[String] $map_fail_uri = undef,
  Variant[Enum['CAS', 'openid-connect', 'shibboleth', 'dex'], String[1]] $auth_type = 'dex',
  Optional[Array] $auth_configs = undef,
  String $root_uri = '/pun/sys/dashboard',
  Optional[Struct[{ url => String, id => String }]] $analytics = undef,
  String $public_uri = '/public',
  String $public_root = '/var/www/ood/public',
  String $logout_uri = '/logout',
  String $logout_redirect = '/pun/sys/dashboard/logout',
  String $host_regex = '[^/]+',
  Optional[String] $node_uri = undef,
  Optional[String] $rnode_uri = undef,
  String $nginx_uri = '/nginx',
  String $pun_uri = '/pun',
  String $pun_socket_root = '/var/run/ondemand-nginx',
  Integer $pun_max_retries = 5,
  Optional[Stdlib::Absolutepath] $pun_pre_hook_root_cmd = undef,
  Optional[String] $pun_pre_hook_exports = undef,
  Optional[String] $oidc_uri = undef,
  Optional[String] $oidc_discover_uri = undef,
  Optional[String] $oidc_discover_root = undef,
  Optional[String] $register_uri = undef,
  Optional[String] $register_root = undef,

  # OIDC configs
  Optional[String] $oidc_provider_metadata_url = undef,
  Optional[String] $oidc_client_id = undef,
  Optional[String] $oidc_client_secret = undef,
  String $oidc_remote_user_claim = 'preferred_username',
  String $oidc_scope = 'openid profile email',
  Integer $oidc_session_inactivity_timeout = 28800,
  Integer $oidc_session_max_duration = 28800,
  String $oidc_state_max_number_of_cookies = '10 true',
  Hash $oidc_settings = {},

  # Dex configs
  Variant[String[1],Boolean] $dex_uri = '/dex',
  Openondemand::Dex_config $dex_config = {},

  # Misc configs
  Stdlib::Absolutepath $web_directory = '/var/www/ood',
  String $nginx_log_group = 'ondemand-nginx',

  # nginx_stage configs
  String $nginx_stage_clean_cron_schedule = '0 */2 * * *',
  String $nginx_stage_ondemand_portal = 'ondemand',
  String $nginx_stage_ondemand_title  = 'Open OnDemand',
  Hash $nginx_stage_pun_custom_env = {},
  Openondemand::Nginx_stage_namespace_config $nginx_stage_app_root  = {},
  String $nginx_stage_scl_env = 'ondemand',
  Optional[Openondemand::Nginx_stage_namespace_config] $nginx_stage_app_request_regex = undef,
  Integer $nginx_stage_min_uid = 1000,
  Integer $nginx_stage_passenger_pool_idle_time = 300,
  Hash[Pattern[/^passenger_.+/], Variant[String, Integer]] $nginx_stage_passenger_options = {},
  Optional[Integer] $nginx_stage_nginx_file_upload_max = undef,
  Hash $nginx_stage_configs = {},

  # configs
  Boolean $config_dir_purge = true,
  Optional[String] $config_source = undef,
  Optional[String] $config_content = undef,
  Hash $confs = {},
  Optional[Array[Variant[String[1], Hash]]] $pinned_apps = undef,
  Optional[Integer] $pinned_apps_menu_length = undef,
  Optional[String[1]] $pinned_apps_group_by = undef,
  Optional[Openondemand::Dashboard_layout] $dashboard_layout = undef,

  # hooks
  Boolean $hook_env = true,
  Stdlib::Absolutepath $hook_env_path = '/etc/ood/config/hook.env',
  Hash $hook_env_config = {},
  Stdlib::Absolutepath $kubectl_path = '/bin/kubectl',

  # clusters
  Hash $clusters = {},
  Boolean $clusters_hiera_merge = true,

  # usr/dev apps
  Variant[Array, Hash] $usr_apps  = {},
  Hash $usr_app_defaults = {},
  Hash $dev_apps = {},
  Array $dev_app_users = [],
  Hash $dev_app_defaults = {},

  # apps/locales/public configs
  Optional[String] $apps_config_repo = undef,
  Optional[String] $apps_config_revision = undef,
  String $apps_config_repo_path = '', # lint:ignore:params_empty_string_assignment
  Optional[String] $locales_config_repo_path = undef,
  Optional[String] $announcements_config_repo_path = undef,

  Optional[String] $apps_config_source = undef,
  Optional[String] $locales_config_source = undef,
  Optional[String] $announcements_config_source = undef,
  Array $public_files_repo_paths = [],

  # Disable functionality
  Boolean $manage_logrotate = true,
) {
  $osfamily = $facts.dig('os', 'family')
  $osname = $facts.dig('os', 'name')
  $osmajor = $facts.dig('os', 'release', 'major')

  $supported = ['RedHat-7','RedHat-8','RedHat-9','Debian-20.04','Debian-22.04']
  $os = "${osfamily}-${osmajor}"
  if ! ($os in $supported) {
    fail("Unsupported OS: module ${module_name}. osfamily=${osfamily} osmajor=${osmajor} detected")
  }

  if versioncmp($osmajor, '7') <= 0 {
    $scl_apache = true
  } else {
    $scl_apache = false
  }

  if $selinux {
    $selinux_package_ensure = $ondemand_package_ensure
  } else {
    $selinux_package_ensure = 'absent'
  }

  if $osfamily == 'RedHat' {
    $repo_baseurl = "${repo_baseurl_prefix}/${repo_release}/web/el${osmajor}/\$basearch"
    $repo_nightly_baseurl = "${repo_baseurl_prefix}/nightly/web/el${osmajor}/\$basearch"
  } elsif $osfamily == 'Debian' {
    $repo_baseurl = "${repo_baseurl_prefix}/${repo_release}/web/apt"
    $repo_nightly_baseurl = "${repo_baseurl_prefix}/nightly/web/apt"
  }

  if $ssl {
    $port = '443'
    $listen_ports = ['443', '80']
    $protocol = 'https'
  } else {
    $port = '80'
    $listen_ports = ['80']
    $protocol = 'http'
  }

  if $repo_nightly {
    $nightly_ensure = 'present'
  } else {
    $nightly_ensure = 'absent'
  }

  $nginx_stage_cmd = '/opt/ood/nginx_stage/sbin/nginx_stage'
  $pun_stage_cmd = "sudo ${nginx_stage_cmd}"

  case $auth_type {
    'dex': {
      $auth = undef
      $_dex_config = $dex_config
    }
    default: {
      $auth = ["AuthType ${auth_type}"] + $auth_configs
      $_dex_config = undef
    }
  }

  if $apps_config_repo {
    $_public_files_require = Vcsrepo['/opt/ood-apps-config']
  }

  if $apps_config_repo and $apps_config_repo_path {
    $_apps_config_source = "/opt/ood-apps-config/${apps_config_repo_path}"
  } else {
    $_apps_config_source = $apps_config_source
  }

  if $apps_config_repo and $locales_config_repo_path {
    $_locales_config_source = "/opt/ood-apps-config/${locales_config_repo_path}"
  } else {
    $_locales_config_source = $locales_config_source
  }

  if $apps_config_repo and $announcements_config_repo_path {
    $_announcements_config_source = "/opt/ood-apps-config/${announcements_config_repo_path}"
  } else {
    $_announcements_config_source = $announcements_config_source
  }

  if $_announcements_config_source {
    $announcements_purge = true
  } else {
    $announcements_purge = undef
  }

  if $clusters_hiera_merge {
    $_clusters = lookup('openondemand::clusters', Hash, 'deep', {})
  } else {
    $_clusters = $clusters
  }

  $ood_portal_config = {
    'listen_addr_port'                 => $listen_ports,
    'servername'                       => $servername,
    'server_aliases'                   => $server_aliases,
    'port'                             => $port,
    'ssl'                              => $ssl,
    'logroot'                          => $logroot,
    'use_rewrites'                     => $use_rewrites,
    'use_maintenance'                  => $use_maintenance,
    'maintenance_ip_allowlist'         => $maintenance_ip_allowlist,
    'security_csp_frame_ancestors'     => $security_csp_frame_ancestors,
    'security_strict_transport'        => $security_strict_transport,
    'lua_root'                         => $lua_root,
    'lua_log_level'                    => $lua_log_level,
    'user_map_match'                   => $user_map_match,
    'user_map_cmd'                     => $user_map_cmd,
    'user_env'                         => $user_env,
    'map_fail_uri'                     => $map_fail_uri,
    'pun_stage_cmd'                    => $pun_stage_cmd,
    'auth'                             => $auth,
    'root_uri'                         => $root_uri,
    'analytics'                        => $analytics,
    'public_uri'                       => $public_uri,
    'public_root'                      => $public_root,
    'logout_uri'                       => $logout_uri,
    'logout_redirect'                  => $logout_redirect,
    'host_regex'                       => $host_regex,
    'node_uri'                         => $node_uri,
    'rnode_uri'                        => $rnode_uri,
    'nginx_uri'                        => $nginx_uri,
    'pun_uri'                          => $pun_uri,
    'pun_socket_root'                  => $pun_socket_root,
    'pun_max_retries'                  => $pun_max_retries,
    'pun_pre_hook_root_cmd'            => $pun_pre_hook_root_cmd,
    'pun_pre_hook_exports'             => $pun_pre_hook_exports,
    'oidc_uri'                         => $oidc_uri,
    'oidc_discover_uri'                => $oidc_discover_uri,
    'oidc_discover_root'               => $oidc_discover_root,
    'register_uri'                     => $register_uri,
    'register_root'                    => $register_root,
    'oidc_provider_metadata_url'       => $oidc_provider_metadata_url,
    'oidc_client_id'                   => $oidc_client_id,
    'oidc_client_secret'               => $oidc_client_secret,
    'oidc_remote_user_claim'           => $oidc_remote_user_claim,
    'oidc_scope'                       => $oidc_scope,
    'oidc_session_inactivity_timeout'  => $oidc_session_inactivity_timeout,
    'oidc_session_max_duration'        => $oidc_session_max_duration,
    'oidc_state_max_number_of_cookies' => $oidc_state_max_number_of_cookies,
    'oidc_settings'                    => $oidc_settings,
    'dex_uri'                          => $dex_uri,
    'dex'                              => $_dex_config,
  }.filter |$key, $value| { $value =~ NotUndef }
  $ood_portal_yaml = to_yaml($ood_portal_config)
  $base_apps = {
    'dashboard' => { 'package' => 'ondemand', 'manage_package' => false },
    'shell' => { 'package' => 'ondemand', 'manage_package' => false },
    'files' => { 'package' => 'ondemand', 'manage_package' => false },
    'file-editor' => { 'package' => 'ondemand', 'manage_package' => false },
    'activejobs' => { 'package' => 'ondemand', 'manage_package' => false },
    'myjobs' => { 'package' => 'ondemand', 'manage_package' => false },
    'bc_desktop' => { 'package' => 'ondemand', 'manage_package' => false },
  }

  $ondemand_config = {
    'pinned_apps' => $pinned_apps,
    'pinned_apps_menu_length' => $pinned_apps_menu_length,
    'pinned_apps_group_by' => $pinned_apps_group_by,
    'dashboard_layout' => $dashboard_layout,
  }.filter |$key, $value| { $value =~ NotUndef }

  if $osfamily == 'RedHat' {
    contain openondemand::repo::rpm
    Class['openondemand::repo::rpm'] -> Class['openondemand::install']
  } elsif $osfamily == 'Debian' {
    contain openondemand::repo::apt
    Class['openondemand::repo::apt'] -> Class['openondemand::install']
  }
  contain openondemand::install
  contain openondemand::apache
  contain openondemand::config
  contain openondemand::service

  Class['openondemand::install']
  ->Class['openondemand::apache']
  ->Class['openondemand::config']
  ->Class['openondemand::service']

  Class['openondemand::install'] -> Class['apache']
  Class['openondemand::install'] -> Apache::Mod <| |>

  $_clusters.each |$name, $cluster| {
    openondemand::cluster { $name: * => $cluster }
  }

  if $usr_apps =~ Array {
    $usr_apps.each |$usr_app| {
      openondemand::app::usr { $usr_app: * => $usr_app_defaults }
    }
  } else {
    $usr_apps.each |$name, $usr_app| {
      $parameters = $usr_app_defaults + $usr_app
      openondemand::app::usr { $name: * => $parameters }
    }
  }

  $dev_apps.each |$name, $dev_app| {
    $parameters = $dev_app_defaults + $dev_app
    openondemand::app::dev { $name: * => $parameters }
  }

  $dev_app_users.each |$user| {
    openondemand::app::dev { $user:
      * => $dev_app_defaults,
    }
  }

  $apps = deep_merge($base_apps, $install_apps)
  $apps.each |$name, $app| {
    openondemand::install::app { $name: * => $app }
  }

  $confs.each |$name, $params| {
    openondemand::conf { $name: * => $params }
  }
}