unkin/puppet-prod
2
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity

feat: update puppetdb_api for multi-zone

Browse Source 
- wait for the enc_role fact to be updated and match
- move puppetdb db/api host values to common.yaml
- add vault cert altnames for consul query/service addresses
- add consul services/rules/checks
This commit is contained in:
Ben Vincent 2024-05-05 18:58:52 +10:00
parent 31f670ad18
commit e9c7fbc2b5
4 changed files with 63 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
hieradata/common.yaml
View File

@ -188,6 +188,9 @@ profiles::puppet::client::runtimeout: 3600
profiles::puppet::client::show_diff: true profiles::puppet::client::show_diff: true
profiles::puppet::client::usecacheonfailure: false profiles::puppet::client::usecacheonfailure: false
profiles::puppet::puppetdb::puppetdb_host: prodinf01n04.main.unkin.net
profiles::puppet::puppetdb::postgres_host: prodinf01n05.main.unkin.net
prometheus::node_exporter::export_scrape_job: true prometheus::node_exporter::export_scrape_job: true
prometheus::systemd_exporter::export_scrape_job: true prometheus::systemd_exporter::export_scrape_job: true

2
hieradata/roles/infra.yaml
View File

@ -2,7 +2,5 @@
profiles::packages::install: profiles::packages::install:
- policycoreutils - policycoreutils
profiles::puppet::puppetdb::puppetdb_host: prodinf01n04.main.unkin.net
profiles::puppet::puppetdb::postgres_host: prodinf01n05.main.unkin.net
puppetdb::master::config::create_puppet_service_resource: false puppetdb::master::config::create_puppet_service_resource: false
#puppetdb::master::config::puppetdb_host: "%{lookup('profiles::puppet::puppetdb::puppetdb_host')}" #puppetdb::master::config::puppetdb_host: "%{lookup('profiles::puppet::puppetdb::puppetdb_host')}"

29
hieradata/roles/infra/puppetdb/api.yaml
View File

@ -3,3 +3,32 @@ profiles::puppet::puppetdb_api::java_bin: /usr/lib/jvm/jre-11/bin/java
profiles::puppet::puppetdb_api::java_args: profiles::puppet::puppetdb_api::java_args:
'-Xmx': '512m' '-Xmx': '512m'
'-Xms': '256m' '-Xms': '256m'
# additional altnames
profiles::pki::vault::alt_names:
- puppetdbapi.main.unkin.net
- puppetdbapi.service.consul
- puppetdbapi.query.consul
- puppetdbapi
consul::services:
puppetdbapi:
service_name: 'puppetdbapi'
tags:
- 'puppet'
- 'puppetdb'
- 'puppetdbapi'
address: "%{facts.networking.ip}"
port: 8080
checks:
- id: 'puppetdbapi_http_check'
name: 'PuppetDB API HTTP Check'
http: "http://%{facts.networking.fqdn}:8080"
method: 'GET'
tls_skip_verify: true
interval: '10s'
timeout: '1s'
profiles::consul::client::node_rules:
- resource: service
segment: puppetdbapi
disposition: write

3
site/profiles/manifests/puppet/puppetdb_api.pp
View File

@ -6,6 +6,8 @@ class profiles::puppet::puppetdb_api (
Hash $java_args = {}, Hash $java_args = {},
) { ) {
# wait for enc_role to match the required role
if $facts['enc_role'] == 'roles::infra::puppetdb::api' {
class { 'java': class { 'java':
package => 'java-11-openjdk-devel', package => 'java-11-openjdk-devel',
before => Class['puppetdb::server'], before => Class['puppetdb::server'],
@ -39,4 +41,5 @@ class profiles::puppet::puppetdb_api (
'fall 2', 'fall 2',
] ]
} }
}
} }