feat: moved puppetdb profiles

- move puppetdb profiles to profiles::puppetdb namespace
- add profile to manage puppetdb api ssl certificates
This commit is contained in:
2024-05-24 23:49:35 +10:00
parent 6a9580b199
commit 22bd213509
7 changed files with 52 additions and 7 deletions
@@ -0,0 +1,47 @@
# configure the puppetdb api service
class profiles::puppetdb::puppetdb_api (
String $postgres_host = lookup('puppetdbsql'),
String $listen_address = $facts['networking']['ip'],
Stdlib::Absolutepath $java_bin = '/usr/bin/java',
Hash $java_args = {},
) {
# wait for enc_role to match the required role
if $facts['enc_role'] == 'roles::infra::puppetdb::api' {
class { 'java':
package => 'java-11-openjdk-devel',
before => Class['puppetdb::server'],
}
class { 'puppetdb::server':
database_host => $postgres_host,
manage_firewall => false,
ssl_listen_address => $listen_address,
listen_address => $listen_address,
java_bin => $java_bin,
java_args => $java_args,
}
contain ::puppetdb::server
class { 'prometheus::puppetdb_exporter':
puppetdb_url => "http://${listen_address}:8080/pdb/query",
export_scrape_job => true,
}
include profiles::puppetdb::ssl
# export haproxy balancemember
profiles::haproxy::balancemember { "${facts['networking']['fqdn']}_8080":
service => 'be_puppetdbapi',
ports => [8080],
options => [
"cookie ${facts['networking']['hostname']}",
'check',
'inter 2s',
'rise 3',
'fall 2',
]
}
}
}
@@ -0,0 +1,35 @@
# configure the puppetdb sql service
class profiles::puppetdb::puppetdb_sql (
String $puppetdb_host = lookup('puppetdbsql'),
String $listen_address = $facts['networking']['ip'],
) {
# disable the postgresql dnf module for el8+
if $facts['os']['family'] == 'RedHat' and $facts['os']['release']['major'] >= '8' {
# based on https://github.com/puppetlabs/puppetlabs-postgresql/blob/main/manifests/dnfmodule.pp
package { 'postgresql dnf module':
ensure => 'disabled',
name => 'postgresql',
provider => 'dnfmodule',
before => Class['puppetdb::database::postgresql'],
}
}
# Install and configure PostgreSQL for PuppetDB
class { 'puppetdb::database::postgresql':
listen_addresses => $listen_address,
postgres_version => '15',
puppetdb_server => $puppetdb_host,
}
contain ::puppetdb::database::postgresql
# create the postgresql::server::config_entry resources
$pg_config_entries = lookup('postgresql_config_entries', Hash[String, Data], 'hash', {})
$pg_config_entries.each |String $key, Data $value| {
postgresql::server::config_entry { $key:
ensure => 'present',
value => $value,
}
}
}
+44
View File
@@ -0,0 +1,44 @@
# profiles::puppetdb::ssl
class profiles::puppetdb::ssl (
$certname = $trusted['certname'],
$ssl_dir = '/etc/puppetlabs/puppetdb/ssl',
$ssl_owner = 'puppetdb',
$ssl_group = 'puppetdb',
$puppetdb_service = 'puppetdb',
$ca_source = '/etc/puppetlabs/puppet/ssl/certs/ca.pem',
$public_cert_source = "/etc/puppetlabs/puppet/ssl/certs/${trusted['certname']}.pem",
$private_key_source = "/etc/puppetlabs/puppet/ssl/private_keys/${trusted['certname']}.pem",
) {
file { $ssl_dir:
ensure => directory,
owner => $ssl_owner,
group => $ssl_group,
recurse => true,
}
file { "${ssl_dir}/ca.pem":
ensure => file,
source => $ca_source,
owner => $ssl_owner,
group => $ssl_group,
notify => Service['puppetdb'],
}
file { "${ssl_dir}/public.pem":
ensure => file,
source => $public_cert_source,
owner => $ssl_owner,
group => $ssl_group,
notify => Service['puppetdb'],
}
file { "${ssl_dir}/private.pem":
ensure => file,
source => $private_key_source,
owner => $ssl_owner,
group => $ssl_group,
mode => '0600',
notify => Service['puppetdb'],
}
}