feat: puppetboard on consul

- updated nginx param types - add nginx aliases, merge with vhost, use as server_names - add additional vault alt-names - add prepared query for puppetboard
2024-05-22 22:51:54 +10:00 · 2024-05-22 22:51:54 +10:00 · 349547c4bc
commit 349547c4bc
parent 6bd66724dc
4 changed files with 44 additions and 3 deletions
--- a/hieradata/country/au/region/syd1/infra/puppetboard/server.yaml
+++ b/hieradata/country/au/region/syd1/infra/puppetboard/server.yaml
@ -0,0 +1,5 @@
+---
+profiles::puppet::puppetboard::nginx_aliases:
+  - puppetboard.service.consul
+  - puppetboard.query.consul
+  - "%{facts.networking.fqdn}"
--- a/hieradata/roles/infra/puppetboard/server.yaml
+++ b/hieradata/roles/infra/puppetboard/server.yaml
@ -0,0 +1,27 @@
+---
+# additional altnames
+profiles::pki::vault::alt_names:
+  - puppetboard.main.unkin.net
+  - puppetboard.service.consul
+  - puppetboard.query.consul
+
+consul::services:
+  puppetboard:
+    service_name: 'puppetboard'
+    tags:
+      - 'puppet'
+      - 'puppetboard'
+    address: "%{facts.networking.ip}"
+    port: 80
+    checks:
+      - id: 'puppetboard_http_check'
+        name: 'Puppetboard HTTP Check'
+        http: "http://%{facts.networking.fqdn}:80"
+        method: 'GET'
+        tls_skip_verify: true
+        interval: '10s'
+        timeout: '1s'
+profiles::consul::client::node_rules:
+  - resource: service
+    segment: puppetboard
+    disposition: write
--- a/hieradata/roles/infra/storage/consul.yaml
+++ b/hieradata/roles/infra/storage/consul.yaml
@ -65,3 +65,9 @@ profiles::consul::prepared_query::rules:
    service_failover_n: 3
    service_only_passing: true
    ttl: 10
+  puppetboard:
+    ensure: 'present'
+    service_name: 'puppetboard'
+    service_failover_n: 3
+    service_only_passing: true
+    ttl: 10
--- a/site/profiles/manifests/puppet/puppetboard.pp
+++ b/site/profiles/manifests/puppet/puppetboard.pp
@ -18,8 +18,9 @@ class profiles::puppet::puppetboard (
  String  $gunicorn_bind_prefix = 'http://',
  Integer $gunicorn_workers     = 1,
  Integer $gunicorn_threads     = 4,
-  String  $nginx_vhost          = 'puppetboard.main.unkin.net',
-  Integer $nginx_port           = 80,
+  Stdlib::Port $nginx_port      = 80,
+  Stdlib::Host $nginx_vhost     = 'puppetboard.main.unkin.net',
+  Array[Stdlib::Host]  $nginx_aliases = [],
  #String[1] $secret_key         = "${fqdn_rand_string(32)}",
 ) {

@ -98,10 +99,12 @@ class profiles::puppet::puppetboard (
  # ensure the nginx service is managed
  class { 'nginx': }

+  $nginx_server_names = unique([$nginx_vhost] + $nginx_aliases)
+
  # create the nginx vhost
  nginx::resource::server { $nginx_vhost:
      listen_port           => $nginx_port,
-      server_name           => [$nginx_vhost],
+      server_name           => $nginx_server_names,
      proxy                 => "${gunicorn_bind_prefix}${gunicorn_bind}",
      proxy_set_header      => [
          'Host $http_host',