feat: moved puppetdb profiles

- move puppetdb profiles to profiles::puppetdb namespace
- add profile to manage puppetdb api ssl certificates

hieradata/roles/infra.yaml

@@ -3,4 +3,3 @@ profiles::packages::install:
   - policycoreutils
 
 puppetdb::master::config::create_puppet_service_resource: false
-#puppetdb::master::config::puppetdb_host: "%{lookup('profiles::puppet::puppetdb::puppetdb_host')}"

hieradata/roles/infra/puppetdb/api.yaml

@@ -1,6 +1,6 @@
 ---
-profiles::puppet::puppetdb_api::java_bin: /usr/lib/jvm/jre-11/bin/java
-profiles::puppet::puppetdb_api::java_args:
+profiles::puppetdb::puppetdb_api::java_bin: /usr/lib/jvm/jre-11/bin/java
+profiles::puppetdb::puppetdb_api::java_args:
   '-Xmx': '2048m'
   '-Xms': '256m'
 

site/profiles/manifests/puppetdb/puppetdb_api.pp

@@ -1,5 +1,5 @@
 # configure the puppetdb api service
-class profiles::puppet::puppetdb_api (
+class profiles::puppetdb::puppetdb_api (
   String $postgres_host = lookup('puppetdbsql'),
   String $listen_address = $facts['networking']['ip'],
   Stdlib::Absolutepath $java_bin = '/usr/bin/java',
@@ -29,6 +29,8 @@ class profiles::puppet::puppetdb_api (
       export_scrape_job => true,
     }
 
+    include profiles::puppetdb::ssl
+
     # export haproxy balancemember
     profiles::haproxy::balancemember { "${facts['networking']['fqdn']}_8080":
       service => 'be_puppetdbapi',

site/profiles/manifests/puppetdb/puppetdb_sql.pp

@@ -1,5 +1,5 @@
 # configure the puppetdb sql service
-class profiles::puppet::puppetdb_sql (
+class profiles::puppetdb::puppetdb_sql (
   String $puppetdb_host = lookup('puppetdbsql'),
   String $listen_address = $facts['networking']['ip'],
 ) {

site/profiles/manifests/puppetdb/ssl.pp

@@ -0,0 +1,44 @@
+# profiles::puppetdb::ssl
+class profiles::puppetdb::ssl (
+  $certname           = $trusted['certname'],
+  $ssl_dir            = '/etc/puppetlabs/puppetdb/ssl',
+  $ssl_owner          = 'puppetdb',
+  $ssl_group          = 'puppetdb',
+  $puppetdb_service   = 'puppetdb',
+  $ca_source          = '/etc/puppetlabs/puppet/ssl/certs/ca.pem',
+  $public_cert_source = "/etc/puppetlabs/puppet/ssl/certs/${trusted['certname']}.pem",
+  $private_key_source = "/etc/puppetlabs/puppet/ssl/private_keys/${trusted['certname']}.pem",
+) {
+
+  file { $ssl_dir:
+    ensure  => directory,
+    owner   => $ssl_owner,
+    group   => $ssl_group,
+    recurse => true,
+  }
+
+  file { "${ssl_dir}/ca.pem":
+    ensure => file,
+    source => $ca_source,
+    owner  => $ssl_owner,
+    group  => $ssl_group,
+    notify => Service['puppetdb'],
+  }
+
+  file { "${ssl_dir}/public.pem":
+    ensure => file,
+    source => $public_cert_source,
+    owner  => $ssl_owner,
+    group  => $ssl_group,
+    notify => Service['puppetdb'],
+  }
+
+  file { "${ssl_dir}/private.pem":
+    ensure => file,
+    source => $private_key_source,
+    owner  => $ssl_owner,
+    group  => $ssl_group,
+    mode   => '0600',
+    notify => Service['puppetdb'],
+  }
+}

site/roles/manifests/infra/puppetdb/api.pp

@@ -6,6 +6,6 @@ class roles::infra::puppetdb::api {
   }else{
     include profiles::defaults
     include profiles::base
-    include profiles::puppet::puppetdb_api
+    include profiles::puppetdb::puppetdb_api
   }
 }

site/roles/manifests/infra/puppetdb/sql.pp

@@ -6,6 +6,6 @@ class roles::infra::puppetdb::sql {
   }else{
     include profiles::defaults
     include profiles::base
-    include profiles::puppet::puppetdb_sql
+    include profiles::puppetdb::puppetdb_sql
   }
 }