feat: use custom cert for puppetdb access (#271)

- manually generated certificate using sudo puppetserver ca generate --certname puppetdbapi.query.consul
- saved certificate and private_key in eyaml

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/271
This commit was merged in pull request #271.
This commit is contained in:
2025-05-03 12:41:23 +10:00
parent 62f71e1feb
commit b05acb23f4
2 changed files with 22 additions and 0 deletions
@@ -1,5 +1,7 @@
# configure the puppetdb api service
class profiles::puppet::puppetdb_api (
String $private_cert,
String $public_cert,
String $postgres_host = lookup('puppetdbsql'),
String $listen_address = $facts['networking']['ip'],
Stdlib::Absolutepath $java_bin = '/usr/bin/java',
@@ -24,6 +26,24 @@ class profiles::puppet::puppetdb_api (
contain ::puppetdb::server
file { '/etc/puppetlabs/puppetdb/ssl/private.pem':
ensure => 'file',
content => Sensitive($private_cert),
owner => 'puppetdb',
group => 'puppetdb',
mode => '0600',
notify => Service['puppetdb'],
}
file { '/etc/puppetlabs/puppetdb/ssl/public.pem':
ensure => 'file',
content => $public_cert,
owner => 'puppetdb',
group => 'puppetdb',
mode => '0600',
notify => Service['puppetdb'],
}
# generate the minute for the cron job using fqdn_rand
$random_minute = fqdn_rand(60)