feat: add puppetdbapi to haproxy

- add puppetdbapi backend to haproxy
- add puppetdbapi altname to the vault certificate
- add mapping for hostname to backend

hieradata/country/au/region/drw1/infra/halb/haproxy.yaml

@@ -2,6 +2,7 @@
 # mappings
 profiles::haproxy::mappings::list:
   - 'puppetboard.main.unkin.net be_puppetboard'
+  - 'puppetdbapi.main.unkin.net be_puppetdbapi'
 
 profiles::haproxy::backends:
   be_puppetboard:
@@ -17,6 +18,19 @@ profiles::haproxy::backends:
         - set-header X-Forwarded-Port %[dst_port]
         - add-header X-Forwarded-Proto https if { dst_port 443 }
       redirect: 'scheme https if !{ ssl_fc }'
+  be_puppetdbapi:
+    description: Backend for the PuppetDB API
+    collect_exported: false # handled in custom function
+    options:
+      balance: roundrobin
+      option:
+        - httpchk GET /
+        - forwardfor
+      cookie: SRVNAME insert
+      http-request:
+        - set-header X-Forwarded-Port %[dst_port]
+        - add-header X-Forwarded-Proto https if { dst_port 443 }
+      redirect: 'scheme https if !{ ssl_fc }'
   be_letsencrypt:
     description: Backend for LetsEncrypt Verifications
     collect_exported: true
@@ -67,3 +81,4 @@ profiles::haproxy::certlist::certificates:
 # additional altnames
 profiles::pki::vault::alt_names:
   - puppetboard.main.unkin.net
+  - puppetdbapi.main.unkin.net

site/profiles/manifests/puppet/puppetdb_api.pp

@@ -18,4 +18,16 @@ class profiles::puppet::puppetdb_api (
     export_scrape_job => true,
   }
 
+  # export haproxy balancemember
+  profiles::haproxy::balancemember { "${facts['networking']['fqdn']}_8080":
+    service => 'be_puppetdbapi',
+    ports   => [8080],
+    options => [
+      "cookie ${facts['networking']['hostname']}",
+      'check',
+      'inter 2s',
+      'rise 3',
+      'fall 2',
+    ]
+  }
 }