unkin/puppet-prod
2
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request 'neoloc/syd1_puppetdb' (#219) from neoloc/syd1_puppetdb into develop

Browse Source 
Reviewed-on: unkinben/puppet-prod#219
This commit is contained in:
Ben Vincent 2024-05-22 22:00:35 +09:30
commit 6bd66724dc
8 changed files with 74 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
hieradata/common.yaml
View File

@ -200,6 +200,10 @@ profiles::puppet::client::runtimeout: 3600
profiles::puppet::client::show_diff: true
profiles::puppet::client::usecacheonfailure: false
# puppetdb
puppetdbapi: prodinf01n04.main.unkin.net
puppetdbsql: prodinf01n05.main.unkin.net
prometheus::node_exporter::export_scrape_job: true
prometheus::systemd_exporter::export_scrape_job: true

2
hieradata/roles/infra.yaml
View File

@ -2,7 +2,5 @@
profiles::packages::install:
- policycoreutils
profiles::puppet::puppetdb::puppetdb_host: prodinf01n04.main.unkin.net
profiles::puppet::puppetdb::postgres_host: prodinf01n05.main.unkin.net
puppetdb::master::config::create_puppet_service_resource: false
#puppetdb::master::config::puppetdb_host: "%{lookup('profiles::puppet::puppetdb::puppetdb_host')}"

29
hieradata/roles/infra/puppetdb/api.yaml
View File

@ -3,3 +3,32 @@ profiles::puppet::puppetdb_api::java_bin: /usr/lib/jvm/jre-11/bin/java
profiles::puppet::puppetdb_api::java_args:
'-Xmx': '2048m'
'-Xms': '256m'
# additional altnames
profiles::pki::vault::alt_names:
- puppetdbapi.main.unkin.net
- puppetdbapi.service.consul
- puppetdbapi.query.consul
- puppetdbapi
consul::services:
puppetdbapi:
service_name: 'puppetdbapi'
tags:
- 'puppet'
- 'puppetdb'
- 'puppetdbapi'
address: "%{facts.networking.ip}"
port: 8080
checks:
- id: 'puppetdbapi_http_check'
name: 'PuppetDB API HTTP Check'
http: "http://%{facts.networking.fqdn}:8080"
method: 'GET'
tls_skip_verify: true
interval: '10s'
timeout: '1s'
profiles::consul::client::node_rules:
- resource: service
segment: puppetdbapi
disposition: write

6
hieradata/roles/infra/storage/consul.yaml
View File

@ -59,3 +59,9 @@ profiles::consul::prepared_query::rules:
service_failover_n: 3
service_only_passing: true
ttl: 10
puppetdbapi:
ensure: 'present'
service_name: 'puppetdbapi'
service_failover_n: 3
service_only_passing: true
ttl: 10

2
site/profiles/manifests/puppet/puppetboard.pp
View File

@ -8,7 +8,7 @@ class profiles::puppet::puppetboard (
Integer $reports_count = 40,
Boolean $offline_mode = true,
String $default_environment = '*',
String $puppetdb_host = lookup('profiles::puppet::puppetdb::puppetdb_host'),
String $puppetdb_host = lookup('puppetdbapi'),
Stdlib::AbsolutePath $basedir = '/opt/puppetboard',
Stdlib::Absolutepath $virtualenv_dir = "${basedir}/venv",
Stdlib::Absolutepath $settings_file = "${basedir}/settings.py",

61
site/profiles/manifests/puppet/puppetdb_api.pp
View File

@ -1,42 +1,45 @@
# configure the puppetdb api service
class profiles::puppet::puppetdb_api (
String $postgres_host = lookup('profiles::puppet::puppetdb::postgres_host'),
String $postgres_host = lookup('puppetdbsql'),
String $listen_address = $facts['networking']['ip'],
Stdlib::Absolutepath $java_bin = '/usr/bin/java',
Hash $java_args = {},
) {
class { 'java':
package => 'java-11-openjdk-devel',
before => Class['puppetdb::server'],
}
# wait for enc_role to match the required role
if $facts['enc_role'] == 'roles::infra::puppetdb::api' {
class { 'java':
package => 'java-11-openjdk-devel',
before => Class['puppetdb::server'],
}
class { 'puppetdb::server':
database_host => $postgres_host,
manage_firewall => false,
ssl_listen_address => $listen_address,
listen_address => $listen_address,
java_bin => $java_bin,
java_args => $java_args,
}
class { 'puppetdb::server':
database_host => $postgres_host,
manage_firewall => false,
ssl_listen_address => $listen_address,
listen_address => $listen_address,
java_bin => $java_bin,
java_args => $java_args,
}
contain ::puppetdb::server
contain ::puppetdb::server
class { 'prometheus::puppetdb_exporter':
puppetdb_url => "http://${listen_address}:8080/pdb/query",
export_scrape_job => true,
}
class { 'prometheus::puppetdb_exporter':
puppetdb_url => "http://${listen_address}:8080/pdb/query",
export_scrape_job => true,
}
# export haproxy balancemember
profiles::haproxy::balancemember { "${facts['networking']['fqdn']}_8080":
service => 'be_puppetdbapi',
ports => [8080],
options => [
"cookie ${facts['networking']['hostname']}",
'check',
'inter 2s',
'rise 3',
'fall 2',
]
# export haproxy balancemember
profiles::haproxy::balancemember { "${facts['networking']['fqdn']}_8080":
service => 'be_puppetdbapi',
ports => [8080],
options => [
"cookie ${facts['networking']['hostname']}",
'check',
'inter 2s',
'rise 3',
'fall 2',
]
}
}
}

2
site/profiles/manifests/puppet/puppetdb_sql.pp
View File

@ -1,6 +1,6 @@
# configure the puppetdb sql service
class profiles::puppet::puppetdb_sql (
String $puppetdb_host = lookup('profiles::puppet::puppetdb::puppetdb_host'),
String $puppetdb_host = lookup('puppetdbsql'),
String $listen_address = $facts['networking']['ip'],
) {

2
site/profiles/manifests/puppet/puppetmaster.pp
View File

@ -3,7 +3,7 @@
# This class manages the puppetmaster using the ghoneycutt-puppet module.
# It manages the server settings in the puppet.conf file.
class profiles::puppet::puppetmaster (
Optional[Stdlib::Fqdn] $puppetdb_host = lookup('profiles::puppet::puppetdb::puppetdb_host', Optional[Stdlib::Fqdn], 'first', undef),
Optional[Stdlib::Fqdn] $puppetdb_host = lookup('puppetdbapi', Optional[Stdlib::Fqdn], 'first', undef),
) {
if $facts['enc_role'] == 'roles::infra::puppet::master' {