unkin/puppet-prod
2
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity

feat: moved puppetdb profiles

Browse Source 
- move puppetdb profiles to profiles::puppetdb namespace
- add profile to manage puppetdb api ssl certificates
This commit is contained in:
Ben Vincent 2024-05-24 23:49:35 +10:00
parent 6a9580b199
commit 22bd213509
7 changed files with 52 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
hieradata/roles/infra.yaml
View File

@ -3,4 +3,3 @@ profiles::packages::install:
- policycoreutils
puppetdb::master::config::create_puppet_service_resource: false
#puppetdb::master::config::puppetdb_host: "%{lookup('profiles::puppet::puppetdb::puppetdb_host')}"

4
hieradata/roles/infra/puppetdb/api.yaml
View File

@ -1,6 +1,6 @@
---
profiles::puppet::puppetdb_api::java_bin: /usr/lib/jvm/jre-11/bin/java
profiles::puppet::puppetdb_api::java_args:
profiles::puppetdb::puppetdb_api::java_bin: /usr/lib/jvm/jre-11/bin/java
profiles::puppetdb::puppetdb_api::java_args:
'-Xmx': '2048m'
'-Xms': '256m'

4
site/profiles/manifests/puppet/puppetdb_api.pp → site/profiles/manifests/puppetdb/puppetdb_api.pp
View File

@ -1,5 +1,5 @@
# configure the puppetdb api service
class profiles::puppet::puppetdb_api (
class profiles::puppetdb::puppetdb_api (
String $postgres_host = lookup('puppetdbsql'),
String $listen_address = $facts['networking']['ip'],
Stdlib::Absolutepath $java_bin = '/usr/bin/java',
@ -29,6 +29,8 @@ class profiles::puppet::puppetdb_api (
export_scrape_job => true,
}
include profiles::puppetdb::ssl
# export haproxy balancemember
profiles::haproxy::balancemember { "${facts['networking']['fqdn']}_8080":
service => 'be_puppetdbapi',

2
site/profiles/manifests/puppet/puppetdb_sql.pp → site/profiles/manifests/puppetdb/puppetdb_sql.pp
View File

@ -1,5 +1,5 @@
# configure the puppetdb sql service
class profiles::puppet::puppetdb_sql (
class profiles::puppetdb::puppetdb_sql (
String $puppetdb_host = lookup('puppetdbsql'),
String $listen_address = $facts['networking']['ip'],
) {

44
site/profiles/manifests/puppetdb/ssl.pp Normal file
View File

@ -0,0 +1,44 @@
# profiles::puppetdb::ssl
class profiles::puppetdb::ssl (
$certname = $trusted['certname'],
$ssl_dir = '/etc/puppetlabs/puppetdb/ssl',
$ssl_owner = 'puppetdb',
$ssl_group = 'puppetdb',
$puppetdb_service = 'puppetdb',
$ca_source = '/etc/puppetlabs/puppet/ssl/certs/ca.pem',
$public_cert_source = "/etc/puppetlabs/puppet/ssl/certs/${trusted['certname']}.pem",
$private_key_source = "/etc/puppetlabs/puppet/ssl/private_keys/${trusted['certname']}.pem",
) {
file { $ssl_dir:
ensure => directory,
owner => $ssl_owner,
group => $ssl_group,
recurse => true,
}
file { "${ssl_dir}/ca.pem":
ensure => file,
source => $ca_source,
owner => $ssl_owner,
group => $ssl_group,
notify => Service['puppetdb'],
}
file { "${ssl_dir}/public.pem":
ensure => file,
source => $public_cert_source,
owner => $ssl_owner,
group => $ssl_group,
notify => Service['puppetdb'],
}
file { "${ssl_dir}/private.pem":
ensure => file,
source => $private_key_source,
owner => $ssl_owner,
group => $ssl_group,
mode => '0600',
notify => Service['puppetdb'],
}
}

2
site/roles/manifests/infra/puppetdb/api.pp
View File

@ -6,6 +6,6 @@ class roles::infra::puppetdb::api {
}else{
include profiles::defaults
include profiles::base
include profiles::puppet::puppetdb_api
include profiles::puppetdb::puppetdb_api
}
}

2
site/roles/manifests/infra/puppetdb/sql.pp
View File

@ -6,6 +6,6 @@ class roles::infra::puppetdb::sql {
}else{
include profiles::defaults
include profiles::base
include profiles::puppet::puppetdb_sql
include profiles::puppetdb::puppetdb_sql
}
}