From e682462917518767a91df8f980cb52cb4d2ef9a9 Mon Sep 17 00:00:00 2001
From: Ben Vincent <ben@unkin.net>
Date: Sun, 22 Oct 2023 19:46:10 +1100
Subject: [PATCH] feat: split puppetdb role into api and sql

- add puppetdb_api and puppetdb_sql role
- add puppetdb_api and puppetdb_sql profile
- add prodinf01n05 to /etc/hosts file
- set listen_address for all services to be hosts ip
- set storeconfigs and storeconfigs_backend to be managed by puppetmaster profile
---
 hieradata/common.yaml                         |  7 +++-
 site/profiles/manifests/puppet/puppetdb.pp    | 39 -------------------
 .../profiles/manifests/puppet/puppetdb_api.pp | 16 ++++++++
 .../profiles/manifests/puppet/puppetdb_sql.pp | 27 +++++++++++++
 .../profiles/manifests/puppet/puppetmaster.pp | 29 +++++++-------
 site/profiles/manifests/puppet/server.pp      | 28 +++++++------
 .../templates/puppet/server/puppet.conf.epp   |  2 +
 site/roles/manifests/puppet/puppetdb_api.pp   |  6 +++
 site/roles/manifests/puppet/puppetdb_sql.pp   |  6 +++
 9 files changed, 95 insertions(+), 65 deletions(-)
 delete mode 100644 site/profiles/manifests/puppet/puppetdb.pp
 create mode 100644 site/profiles/manifests/puppet/puppetdb_api.pp
 create mode 100644 site/profiles/manifests/puppet/puppetdb_sql.pp
 create mode 100644 site/roles/manifests/puppet/puppetdb_api.pp
 create mode 100644 site/roles/manifests/puppet/puppetdb_sql.pp

diff --git a/hieradata/common.yaml b/hieradata/common.yaml
index 1520bd2..eea398c 100644
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@@ -38,8 +38,9 @@ profiles::puppet::g10k::cfg_path: '/etc/puppetlabs/r10k/r10k.yaml'
 profiles::puppet::g10k::environments_path: '/etc/puppetlabs/code/environments'
 profiles::puppet::g10k::default_environment: 'develop'
 profiles::puppet::puppetdb::puppetdb_host: prodinf01n04.main.unkin.net
+profiles::puppet::puppetdb::postgres_host: prodinf01n05.main.unkin.net
 puppetdb::master::config::create_puppet_service_resource: false
-puppetdb::master::config::puppetdb_host: "%{lookup('profiles::puppet::puppetdb::puppetdb_host')}"
+#puppetdb::master::config::puppetdb_host: "%{lookup('profiles::puppet::puppetdb::puppetdb_host')}"
 
 profiles::accounts::sysadmin::sshkeys:
   - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZ8SRLlPiDylBpdWR9LpvPg4fDVD+DZst4yRPFwMMhta4mnB1H9XuvZkptDhXywWQ7QIcqa2WbhCen0OQJCtwn3s7EYtacmF5MxmwBYocPoK2AArGuh6NA9rwTdLrPdzhZ+gwe88PAzRLNzjm0ZBR+mA9saMbPJdqpKp0AWeAM8QofRQAWuCzQg9i0Pn1KDMvVDRHCZof4pVlHSTyHNektq4ifovn0zhKC8jD/cYu95mc5ftBbORexpGiQWwQ3HZw1IBe0ZETB1qPIPwsoJpt3suvMrL6T2//fcIIUE3TcyJKb/yhztja4TZs5jT8370G/vhlT70He0YPxqHub8ZfBv0khlkY93VBWYpNGJwM1fVqlw7XbfBNdOuJivJac8eW317ZdiDnKkBTxapThpPG3et9ib1HoPGKRsd/fICzNz16h2R3tddSdihTFL+bmTCa6Lo+5t5uRuFjQvhSLSgO2/gRAprc3scYOB4pY/lxOFfq3pU2VvSJtRgLNEYMUYKk= ben@unkin.net
@@ -58,3 +59,7 @@ profiles::base::hosts::additional_hosts:
     aliases:
       - prodinf01n04
       - puppetdb
+  - ip: 198.18.17.5
+    hostname: prodinf01n05.main.unkin.net
+    aliases:
+      - prodinf01n05
diff --git a/site/profiles/manifests/puppet/puppetdb.pp b/site/profiles/manifests/puppet/puppetdb.pp
deleted file mode 100644
index 9ca7a57..0000000
--- a/site/profiles/manifests/puppet/puppetdb.pp
+++ /dev/null
@@ -1,39 +0,0 @@
-# profiles::puppet::puppetdb
-#
-# This class manages the installation and configuration of PuppetDB
-# and its underlying PostgreSQL database on a single node.
-#
-# It makes use of the puppetlabs-puppetdb module to manage both the
-# PuppetDB service and its PostgreSQL backend.
-#
-class profiles::puppet::puppetdb(
-  String  $puppetdb_host,
-  String  $listen_address = $facts['networking']['ip'],
-) {
-
-  # disable the postgresql dnf module for el8+
-  if $facts['os']['family'] == 'RedHat' and $facts['os']['release']['major'] >= '8' {
-    # based on https://github.com/puppetlabs/puppetlabs-postgresql/blob/main/manifests/dnfmodule.pp
-    package { 'postgresql dnf module':
-        ensure   => 'disabled',
-        name     => 'postgresql',
-        provider => 'dnfmodule',
-        before   => Class['puppetdb::database::postgresql'],
-    }
-  }
-
-  # Install and configure PostgreSQL for PuppetDB
-  class { 'puppetdb::database::postgresql':
-    listen_addresses  => $listen_address,
-    postgresql_ssl_on => false,
-    postgres_version  => '15',
-    puppetdb_server   => $puppetdb_host,
-    before            => Class['puppetdb::server'],
-  }
-
-  class { 'puppetdb::server':
-    database_host     => $listen_address,
-    postgresql_ssl_on => false,
-    manage_firewall   => false,
-  }
-}
diff --git a/site/profiles/manifests/puppet/puppetdb_api.pp b/site/profiles/manifests/puppet/puppetdb_api.pp
new file mode 100644
index 0000000..fb1be2e
--- /dev/null
+++ b/site/profiles/manifests/puppet/puppetdb_api.pp
@@ -0,0 +1,16 @@
+# configure the puppetdb api service
+class profiles::puppet::puppetdb_api (
+  String $postgres_host = lookup('profiles::puppet::puppetdb::postgres_host'),
+  String $listen_address = $facts['networking']['ip'],
+) {
+
+  class { 'puppetdb::server':
+    database_host      => $postgres_host,
+    manage_firewall    => false,
+    ssl_listen_address => $listen_address,
+    listen_address     => $listen_address,
+  }
+
+  contain ::puppetdb::server
+
+}
diff --git a/site/profiles/manifests/puppet/puppetdb_sql.pp b/site/profiles/manifests/puppet/puppetdb_sql.pp
new file mode 100644
index 0000000..2d80d30
--- /dev/null
+++ b/site/profiles/manifests/puppet/puppetdb_sql.pp
@@ -0,0 +1,27 @@
+# configure the puppetdb sql service
+class profiles::puppet::puppetdb_sql (
+  String $puppetdb_host = lookup('profiles::puppet::puppetdb::puppetdb_host'),
+  String $listen_address = $facts['networking']['ip'],
+) {
+
+  # disable the postgresql dnf module for el8+
+  if $facts['os']['family'] == 'RedHat' and $facts['os']['release']['major'] >= '8' {
+    # based on https://github.com/puppetlabs/puppetlabs-postgresql/blob/main/manifests/dnfmodule.pp
+    package { 'postgresql dnf module':
+        ensure   => 'disabled',
+        name     => 'postgresql',
+        provider => 'dnfmodule',
+        before   => Class['puppetdb::database::postgresql'],
+    }
+  }
+
+  # Install and configure PostgreSQL for PuppetDB
+  class { 'puppetdb::database::postgresql':
+    listen_addresses => $listen_address,
+    postgres_version => '15',
+    puppetdb_server  => $puppetdb_host,
+  }
+
+  contain ::puppetdb::database::postgresql
+
+}
diff --git a/site/profiles/manifests/puppet/puppetmaster.pp b/site/profiles/manifests/puppet/puppetmaster.pp
index 76a80b6..f2a559a 100644
--- a/site/profiles/manifests/puppet/puppetmaster.pp
+++ b/site/profiles/manifests/puppet/puppetmaster.pp
@@ -31,16 +31,17 @@ class profiles::puppet::puppetmaster (
   include profiles::puppet::autosign
 
   class { 'puppetdb::master::config':
-    puppetdb_server => $puppetdb_host,
+    puppetdb_server     => $puppetdb_host,
+    manage_storeconfigs => false,
   }
 
   class { 'profiles::puppet::server':
-    vardir              => '/opt/puppetlabs/server/data/puppetserver',
-    logdir              => '/var/log/puppetlabs/puppetserver',
-    rundir              => '/var/run/puppetlabs/puppetserver',
-    pidfile             => '/var/run/puppetlabs/puppetserver/puppetserver.pid',
-    codedir             => '/etc/puppetlabs/code',
-    dns_alt_names       => [
+    vardir               => '/opt/puppetlabs/server/data/puppetserver',
+    logdir               => '/var/log/puppetlabs/puppetserver',
+    rundir               => '/var/run/puppetlabs/puppetserver',
+    pidfile              => '/var/run/puppetlabs/puppetserver/puppetserver.pid',
+    codedir              => '/etc/puppetlabs/code',
+    dns_alt_names        => [
       'prodinf01n01.main.unkin.net',
       'puppet.main.unkin.net',
       'puppetca.main.unkin.net',
@@ -49,11 +50,13 @@ class profiles::puppet::puppetmaster (
       'puppetca',
       'puppetmaster',
     ],
-    server              => 'prodinf01n01.main.unkin.net',
-    node_terminus       => 'exec',
-    external_nodes      => '/opt/puppetlabs/bin/enc',
-    autosign            => '/etc/puppetlabs/puppet/autosign.conf',
-    default_manifest    => '/etc/puppetlabs/code/environments/develop/manifests',
-    default_environment => 'develop',
+    server               => 'prodinf01n01.main.unkin.net',
+    node_terminus        => 'exec',
+    external_nodes       => '/opt/puppetlabs/bin/enc',
+    autosign             => '/etc/puppetlabs/puppet/autosign.conf',
+    default_manifest     => '/etc/puppetlabs/code/environments/develop/manifests',
+    default_environment  => 'develop',
+    storeconfigs         => true,
+    storeconfigs_backend => 'puppetdb',
   }
 }
diff --git a/site/profiles/manifests/puppet/server.pp b/site/profiles/manifests/puppet/server.pp
index ca68998..bfec7d1 100644
--- a/site/profiles/manifests/puppet/server.pp
+++ b/site/profiles/manifests/puppet/server.pp
@@ -27,6 +27,8 @@ class profiles::puppet::server (
   String $autosign,
   String $default_manifest,
   String $default_environment,
+  Boolean $storeconfigs,
+  String $storeconfigs_backend,
 ) {
 
   file { '/etc/puppetlabs/puppet/puppet.conf':
@@ -35,18 +37,20 @@ class profiles::puppet::server (
     group   => 'root',
     mode    => '0644',
     content => epp('profiles/puppet/server/puppet.conf.epp', {
-      'vardir'              => $vardir,
-      'logdir'              => $logdir,
-      'rundir'              => $rundir,
-      'pidfile'             => $pidfile,
-      'codedir'             => $codedir,
-      'dns_alt_names'       => join($dns_alt_names, ','),
-      'server'              => $server,
-      'node_terminus'       => $node_terminus,
-      'external_nodes'      => $external_nodes,
-      'autosign'            => $autosign,
-      'default_manifest'    => $default_manifest,
-      'default_environment' => $default_environment,
+      'vardir'               => $vardir,
+      'logdir'               => $logdir,
+      'rundir'               => $rundir,
+      'pidfile'              => $pidfile,
+      'codedir'              => $codedir,
+      'dns_alt_names'        => join($dns_alt_names, ','),
+      'server'               => $server,
+      'node_terminus'        => $node_terminus,
+      'external_nodes'       => $external_nodes,
+      'autosign'             => $autosign,
+      'default_manifest'     => $default_manifest,
+      'default_environment'  => $default_environment,
+      'storeconfigs'         => $storeconfigs,
+      'storeconfigs_backend' => $storeconfigs_backend,
     }),
     notify  => Service['puppetserver'],
   }
diff --git a/site/profiles/templates/puppet/server/puppet.conf.epp b/site/profiles/templates/puppet/server/puppet.conf.epp
index a22777b..c241a70 100644
--- a/site/profiles/templates/puppet/server/puppet.conf.epp
+++ b/site/profiles/templates/puppet/server/puppet.conf.epp
@@ -17,3 +17,5 @@ external_nodes = <%= $external_nodes %>
 autosign = <%= $autosign %>
 default_manifest = <%= $default_manifest %>
 default_environment = <%= $default_environment %>
+storeconfigs = <%= $storeconfigs %>
+storeconfigs_backend = <%= $storeconfigs_backend %>
diff --git a/site/roles/manifests/puppet/puppetdb_api.pp b/site/roles/manifests/puppet/puppetdb_api.pp
new file mode 100644
index 0000000..991102d
--- /dev/null
+++ b/site/roles/manifests/puppet/puppetdb_api.pp
@@ -0,0 +1,6 @@
+# a role to deploy the puppetdb api service
+class roles::puppet::puppetdb_api {
+    include profiles::defaults
+    include profiles::base
+    include profiles::puppet::puppetdb_api
+  }
diff --git a/site/roles/manifests/puppet/puppetdb_sql.pp b/site/roles/manifests/puppet/puppetdb_sql.pp
new file mode 100644
index 0000000..db640a3
--- /dev/null
+++ b/site/roles/manifests/puppet/puppetdb_sql.pp
@@ -0,0 +1,6 @@
+# a role to deploy the puppetdb postgresql service
+class roles::puppet::puppetdb_sql {
+    include profiles::defaults
+    include profiles::base
+    include profiles::puppet::puppetdb_sql
+  }