Compare commits
6 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 4487551f62 | |||
| 3dfe9b9b73 | |||
| 39aa6e114e | |||
| f352247473 | |||
| c82e2cd9ad | |||
| 7bc3084bb8 |
@@ -3,3 +3,4 @@ profiles::packages::install:
|
|||||||
- policycoreutils
|
- policycoreutils
|
||||||
|
|
||||||
puppetdb::master::config::create_puppet_service_resource: false
|
puppetdb::master::config::create_puppet_service_resource: false
|
||||||
|
#puppetdb::master::config::puppetdb_host: "%{lookup('profiles::puppet::puppetdb::puppetdb_host')}"
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
profiles::puppetdb::puppetdb_api::java_bin: /usr/lib/jvm/jre-11/bin/java
|
profiles::puppet::puppetdb_api::java_bin: /usr/lib/jvm/jre-11/bin/java
|
||||||
profiles::puppetdb::puppetdb_api::java_args:
|
profiles::puppet::puppetdb_api::java_args:
|
||||||
'-Xmx': '2048m'
|
'-Xmx': '2048m'
|
||||||
'-Xms': '256m'
|
'-Xms': '256m'
|
||||||
|
|
||||||
|
|||||||
@@ -0,0 +1 @@
|
|||||||
|
profiles::puppet::puppetdb_sql::consul_test_db_pass: ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAes6pfgtxctlXpsD+P5bahGP46nbXdPE3EiwdWPSiFP0MKfzFKbhlfOMydhz09fXHEa5mpOY3YHxN9W0tNmbs6mMvHIKKvNog6yowv7JnsQ+D89+c3JEdbi+DPwk6wVnKQEgnSn5uzoOHJVOd7hhtX85n1VTw9iTtSPGZprh11A3VII8dkUaPu6jc35rDGV6tgPvxaYy2vVH/b7wGP+kEe9WjoYU7Qw3odrY2yloGbQ3zXGh7ZXvK9iswKIuCLAMPoaUyJpzVooV7VqD4k/zEHhRgf88RMtww//9P8OHPJ9JPM2q3zHyZzoqRfOP723AP9z2V7OyhEoUNw5npaA6TpzBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBBJevTZmH+Qm1mxwNxHdOzHgCAelk9abLhQkUO29O5d2PP04OTTlmK51BxHb203jqZSFQ==]
|
||||||
@@ -2,3 +2,38 @@
|
|||||||
postgresql_config_entries:
|
postgresql_config_entries:
|
||||||
max_connections: 300
|
max_connections: 300
|
||||||
shared_buffers: '256MB'
|
shared_buffers: '256MB'
|
||||||
|
|
||||||
|
consul::services:
|
||||||
|
puppetdbsql:
|
||||||
|
service_name: 'puppetdbsql'
|
||||||
|
tags:
|
||||||
|
- 'puppet'
|
||||||
|
- 'puppetdb'
|
||||||
|
- 'database'
|
||||||
|
address: "%{facts.networking.ip}"
|
||||||
|
port: 5432
|
||||||
|
checks:
|
||||||
|
- id: 'psql-check'
|
||||||
|
name: 'PostgreSQL Health Check'
|
||||||
|
args:
|
||||||
|
- '/usr/local/bin/check_consul_postgresql'
|
||||||
|
interval: '10s'
|
||||||
|
timeout: '1s'
|
||||||
|
profiles::consul::client::node_rules:
|
||||||
|
- resource: service
|
||||||
|
segment: puppetdbsql
|
||||||
|
disposition: write
|
||||||
|
|
||||||
|
profiles::yum::global::repos:
|
||||||
|
postgresql-15:
|
||||||
|
name: postgresql-15
|
||||||
|
descr: postgresql-15 repository
|
||||||
|
target: /etc/yum.repos.d/postgresql.repo
|
||||||
|
baseurl: https://edgecache.query.consul/postgres/yum/15/redhat/rhel-%{facts.os.release.full}-%{facts.os.architecture}
|
||||||
|
gpgkey: https://edgecache.query.consul/postgres/yum/keys/PGDG-RPM-GPG-KEY-RHEL
|
||||||
|
postgresql-common:
|
||||||
|
name: postgresql-common
|
||||||
|
descr: postgresql-common repository
|
||||||
|
target: /etc/yum.repos.d/postgresql.repo
|
||||||
|
baseurl: https://edgecache.query.consul/postgres/yum/common/redhat/rhel-%{facts.os.release.full}-%{facts.os.architecture}
|
||||||
|
gpgkey: https://edgecache.query.consul/postgres/yum/keys/PGDG-RPM-GPG-KEY-RHEL
|
||||||
|
|||||||
@@ -36,14 +36,15 @@ class profiles::consul::client (
|
|||||||
# deploy the consul agent
|
# deploy the consul agent
|
||||||
class { 'consul':
|
class { 'consul':
|
||||||
config_hash => {
|
config_hash => {
|
||||||
'data_dir' => $data_dir,
|
'data_dir' => $data_dir,
|
||||||
'datacenter' => $consul_cluster,
|
'datacenter' => $consul_cluster,
|
||||||
'log_level' => 'INFO',
|
'log_level' => 'INFO',
|
||||||
'node_name' => $facts['networking']['fqdn'],
|
'node_name' => $facts['networking']['fqdn'],
|
||||||
'retry_join' => $servers_array,
|
'retry_join' => $servers_array,
|
||||||
'bind_addr' => $::facts['networking']['ip'],
|
'bind_addr' => $::facts['networking']['ip'],
|
||||||
'advertise_addr' => $::facts['networking']['ip'],
|
'advertise_addr' => $::facts['networking']['ip'],
|
||||||
'acl' => {
|
'enable_script_checks' => true,
|
||||||
|
'acl' => {
|
||||||
tokens => {
|
tokens => {
|
||||||
default => fqdn_uuid("${facts['networking']['fqdn']}-${secret_id_salt}")
|
default => fqdn_uuid("${facts['networking']['fqdn']}-${secret_id_salt}")
|
||||||
}
|
}
|
||||||
|
|||||||
+1
-3
@@ -1,5 +1,5 @@
|
|||||||
# configure the puppetdb api service
|
# configure the puppetdb api service
|
||||||
class profiles::puppetdb::puppetdb_api (
|
class profiles::puppet::puppetdb_api (
|
||||||
String $postgres_host = lookup('puppetdbsql'),
|
String $postgres_host = lookup('puppetdbsql'),
|
||||||
String $listen_address = $facts['networking']['ip'],
|
String $listen_address = $facts['networking']['ip'],
|
||||||
Stdlib::Absolutepath $java_bin = '/usr/bin/java',
|
Stdlib::Absolutepath $java_bin = '/usr/bin/java',
|
||||||
@@ -29,8 +29,6 @@ class profiles::puppetdb::puppetdb_api (
|
|||||||
export_scrape_job => true,
|
export_scrape_job => true,
|
||||||
}
|
}
|
||||||
|
|
||||||
include profiles::puppetdb::ssl
|
|
||||||
|
|
||||||
# export haproxy balancemember
|
# export haproxy balancemember
|
||||||
profiles::haproxy::balancemember { "${facts['networking']['fqdn']}_8080":
|
profiles::haproxy::balancemember { "${facts['networking']['fqdn']}_8080":
|
||||||
service => 'be_puppetdbapi',
|
service => 'be_puppetdbapi',
|
||||||
+22
-4
@@ -1,7 +1,8 @@
|
|||||||
# configure the puppetdb sql service
|
# configure the puppetdb sql service
|
||||||
class profiles::puppetdb::puppetdb_sql (
|
class profiles::puppet::puppetdb_sql (
|
||||||
String $puppetdb_host = lookup('puppetdbsql'),
|
String $puppetdb_host = lookup('puppetdbsql'),
|
||||||
String $listen_address = $facts['networking']['ip'],
|
String $listen_address = $facts['networking']['ip'],
|
||||||
|
String $consul_test_db_pass = '',
|
||||||
) {
|
) {
|
||||||
|
|
||||||
# disable the postgresql dnf module for el8+
|
# disable the postgresql dnf module for el8+
|
||||||
@@ -17,9 +18,11 @@ class profiles::puppetdb::puppetdb_sql (
|
|||||||
|
|
||||||
# Install and configure PostgreSQL for PuppetDB
|
# Install and configure PostgreSQL for PuppetDB
|
||||||
class { 'puppetdb::database::postgresql':
|
class { 'puppetdb::database::postgresql':
|
||||||
listen_addresses => $listen_address,
|
listen_addresses => $listen_address,
|
||||||
postgres_version => '15',
|
postgres_version => '15',
|
||||||
puppetdb_server => $puppetdb_host,
|
puppetdb_server => $puppetdb_host,
|
||||||
|
manage_package_repo => false,
|
||||||
|
require => [ Yumrepo['postgresql-15'],Yumrepo['postgresql-common'] ],
|
||||||
}
|
}
|
||||||
|
|
||||||
contain ::puppetdb::database::postgresql
|
contain ::puppetdb::database::postgresql
|
||||||
@@ -32,4 +35,19 @@ class profiles::puppetdb::puppetdb_sql (
|
|||||||
value => $value,
|
value => $value,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# create consul database + user to test the host is responsive
|
||||||
|
postgresql::server::db { 'consul_test_db':
|
||||||
|
user => 'consul_test_user',
|
||||||
|
password => postgresql::postgresql_password('consul_test_user', Sensitive($consul_test_db_pass) ),
|
||||||
|
}
|
||||||
|
|
||||||
|
file { '/usr/local/bin/check_consul_postgresql':
|
||||||
|
ensure => 'file',
|
||||||
|
owner => 'root',
|
||||||
|
group => 'root',
|
||||||
|
mode => '0755',
|
||||||
|
content => template('profiles/puppetdb/check_consul_postgresql.erb'),
|
||||||
|
before => Class['profiles::consul::client'],
|
||||||
|
}
|
||||||
}
|
}
|
||||||
@@ -1,44 +0,0 @@
|
|||||||
# profiles::puppetdb::ssl
|
|
||||||
class profiles::puppetdb::ssl (
|
|
||||||
$certname = $trusted['certname'],
|
|
||||||
$ssl_dir = '/etc/puppetlabs/puppetdb/ssl',
|
|
||||||
$ssl_owner = 'puppetdb',
|
|
||||||
$ssl_group = 'puppetdb',
|
|
||||||
$puppetdb_service = 'puppetdb',
|
|
||||||
$ca_source = '/etc/puppetlabs/puppet/ssl/certs/ca.pem',
|
|
||||||
$public_cert_source = "/etc/puppetlabs/puppet/ssl/certs/${trusted['certname']}.pem",
|
|
||||||
$private_key_source = "/etc/puppetlabs/puppet/ssl/private_keys/${trusted['certname']}.pem",
|
|
||||||
) {
|
|
||||||
|
|
||||||
file { $ssl_dir:
|
|
||||||
ensure => directory,
|
|
||||||
owner => $ssl_owner,
|
|
||||||
group => $ssl_group,
|
|
||||||
recurse => true,
|
|
||||||
}
|
|
||||||
|
|
||||||
file { "${ssl_dir}/ca.pem":
|
|
||||||
ensure => file,
|
|
||||||
source => $ca_source,
|
|
||||||
owner => $ssl_owner,
|
|
||||||
group => $ssl_group,
|
|
||||||
notify => Service['puppetdb'],
|
|
||||||
}
|
|
||||||
|
|
||||||
file { "${ssl_dir}/public.pem":
|
|
||||||
ensure => file,
|
|
||||||
source => $public_cert_source,
|
|
||||||
owner => $ssl_owner,
|
|
||||||
group => $ssl_group,
|
|
||||||
notify => Service['puppetdb'],
|
|
||||||
}
|
|
||||||
|
|
||||||
file { "${ssl_dir}/private.pem":
|
|
||||||
ensure => file,
|
|
||||||
source => $private_key_source,
|
|
||||||
owner => $ssl_owner,
|
|
||||||
group => $ssl_group,
|
|
||||||
mode => '0600',
|
|
||||||
notify => Service['puppetdb'],
|
|
||||||
}
|
|
||||||
}
|
|
||||||
@@ -0,0 +1,2 @@
|
|||||||
|
#!/usr/bin/bash
|
||||||
|
PGPASSWORD=<%= @consul_test_db_pass %> /usr/bin/psql -U consul_test_user -d consul_test_db -h <%= @facts['networking']['ip'] %> -p 5432 -c "SELECT 1"
|
||||||
@@ -6,6 +6,6 @@ class roles::infra::puppetdb::api {
|
|||||||
}else{
|
}else{
|
||||||
include profiles::defaults
|
include profiles::defaults
|
||||||
include profiles::base
|
include profiles::base
|
||||||
include profiles::puppetdb::puppetdb_api
|
include profiles::puppet::puppetdb_api
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -6,6 +6,8 @@ class roles::infra::puppetdb::sql {
|
|||||||
}else{
|
}else{
|
||||||
include profiles::defaults
|
include profiles::defaults
|
||||||
include profiles::base
|
include profiles::base
|
||||||
include profiles::puppetdb::puppetdb_sql
|
if $facts['enc_role'] == 'roles::infra::puppetdb::sql' {
|
||||||
|
include profiles::puppet::puppetdb_sql
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user