feat: update puppetdb_api for multi-zone

- wait for the enc_role fact to be updated and match
- move puppetdb db/api host values to common.yaml
- add vault cert altnames for consul query/service addresses
- add consul services/rules/checks
This commit is contained in:
2024-05-05 18:58:52 +10:00
parent 31f670ad18
commit e9c7fbc2b5
4 changed files with 63 additions and 30 deletions
+31 -28
View File
@@ -6,37 +6,40 @@ class profiles::puppet::puppetdb_api (
Hash $java_args = {},
) {
class { 'java':
package => 'java-11-openjdk-devel',
before => Class['puppetdb::server'],
}
# wait for enc_role to match the required role
if $facts['enc_role'] == 'roles::infra::puppetdb::api' {
class { 'java':
package => 'java-11-openjdk-devel',
before => Class['puppetdb::server'],
}
class { 'puppetdb::server':
database_host => $postgres_host,
manage_firewall => false,
ssl_listen_address => $listen_address,
listen_address => $listen_address,
java_bin => $java_bin,
java_args => $java_args,
}
class { 'puppetdb::server':
database_host => $postgres_host,
manage_firewall => false,
ssl_listen_address => $listen_address,
listen_address => $listen_address,
java_bin => $java_bin,
java_args => $java_args,
}
contain ::puppetdb::server
contain ::puppetdb::server
class { 'prometheus::puppetdb_exporter':
puppetdb_url => "http://${listen_address}:8080/pdb/query",
export_scrape_job => true,
}
class { 'prometheus::puppetdb_exporter':
puppetdb_url => "http://${listen_address}:8080/pdb/query",
export_scrape_job => true,
}
# export haproxy balancemember
profiles::haproxy::balancemember { "${facts['networking']['fqdn']}_8080":
service => 'be_puppetdbapi',
ports => [8080],
options => [
"cookie ${facts['networking']['hostname']}",
'check',
'inter 2s',
'rise 3',
'fall 2',
]
# export haproxy balancemember
profiles::haproxy::balancemember { "${facts['networking']['fqdn']}_8080":
service => 'be_puppetdbapi',
ports => [8080],
options => [
"cookie ${facts['networking']['hostname']}",
'check',
'inter 2s',
'rise 3',
'fall 2',
]
}
}
}