diff --git a/hieradata/country/au/region/drw1/infra/halb/haproxy.yaml b/hieradata/country/au/region/drw1/infra/halb/haproxy.yaml index 9c4753e..d67dc86 100644 --- a/hieradata/country/au/region/drw1/infra/halb/haproxy.yaml +++ b/hieradata/country/au/region/drw1/infra/halb/haproxy.yaml @@ -2,6 +2,7 @@ # mappings profiles::haproxy::mappings::list: - 'puppetboard.main.unkin.net be_puppetboard' + - 'puppetdbapi.main.unkin.net be_puppetdbapi' profiles::haproxy::backends: be_puppetboard: @@ -17,6 +18,19 @@ profiles::haproxy::backends: - set-header X-Forwarded-Port %[dst_port] - add-header X-Forwarded-Proto https if { dst_port 443 } redirect: 'scheme https if !{ ssl_fc }' + be_puppetdbapi: + description: Backend for the PuppetDB API + collect_exported: false # handled in custom function + options: + balance: roundrobin + option: + - httpchk GET / + - forwardfor + cookie: SRVNAME insert + http-request: + - set-header X-Forwarded-Port %[dst_port] + - add-header X-Forwarded-Proto https if { dst_port 443 } + redirect: 'scheme https if !{ ssl_fc }' be_letsencrypt: description: Backend for LetsEncrypt Verifications collect_exported: true @@ -67,3 +81,4 @@ profiles::haproxy::certlist::certificates: # additional altnames profiles::pki::vault::alt_names: - puppetboard.main.unkin.net + - puppetdbapi.main.unkin.net diff --git a/site/profiles/manifests/puppet/puppetdb_api.pp b/site/profiles/manifests/puppet/puppetdb_api.pp index fa51753..37e8f63 100644 --- a/site/profiles/manifests/puppet/puppetdb_api.pp +++ b/site/profiles/manifests/puppet/puppetdb_api.pp @@ -18,4 +18,16 @@ class profiles::puppet::puppetdb_api ( export_scrape_job => true, } + # export haproxy balancemember + profiles::haproxy::balancemember { "${facts['networking']['fqdn']}_8080": + service => 'be_puppetdbapi', + ports => [8080], + options => [ + "cookie ${facts['networking']['hostname']}", + 'check', + 'inter 2s', + 'rise 3', + 'fall 2', + ] + } }