|
|
|
|
@ -1,29 +1,6 @@
|
|
|
|
|
# Class: profiles::puppet::puppetboard
|
|
|
|
|
#
|
|
|
|
|
# This class manages the configuration of Puppetboard, a web frontend for PuppetDB.
|
|
|
|
|
#
|
|
|
|
|
# Parameters:
|
|
|
|
|
# - `python_version`: Specifies the Python version used for the virtualenv where Puppetboard runs.
|
|
|
|
|
# - `manage_virtualenv`: Determines if this class should handle the creation of the virtual environment for Puppetboard.
|
|
|
|
|
# - `reports_count`: Defines the number of reports to show per node in Puppetboard.
|
|
|
|
|
# - `offline_mode`: Determines if Puppetboard should work in offline mode or not.
|
|
|
|
|
# - `default_environment`: Sets the default Puppet environment to filter results in Puppetboard.
|
|
|
|
|
#
|
|
|
|
|
# Usage:
|
|
|
|
|
# This class can be called directly in your manifests or through Hiera.
|
|
|
|
|
#
|
|
|
|
|
# Example:
|
|
|
|
|
# To use the default parameters (as shown below), you can declare the class:
|
|
|
|
|
#
|
|
|
|
|
# include profiles::puppet::puppetboard
|
|
|
|
|
#
|
|
|
|
|
# Alternatively, you can customize the parameters:
|
|
|
|
|
#
|
|
|
|
|
# class { 'profiles::puppet::puppetboard':
|
|
|
|
|
# python_version => '3.8',
|
|
|
|
|
# reports_count => 50,
|
|
|
|
|
# offline_mode => false,
|
|
|
|
|
# }
|
|
|
|
|
# This class manages the Puppetboard, a web interface to PuppetDB.
|
|
|
|
|
#
|
|
|
|
|
class profiles::puppet::puppetboard (
|
|
|
|
|
String $python_version = '3.6',
|
|
|
|
|
@ -31,13 +8,116 @@ class profiles::puppet::puppetboard (
|
|
|
|
|
Integer $reports_count = 40,
|
|
|
|
|
Boolean $offline_mode = true,
|
|
|
|
|
String $default_environment = '*',
|
|
|
|
|
String $puppetdb_host = lookup('profiles::puppet::puppetdb::puppetdb_host'),
|
|
|
|
|
Stdlib::AbsolutePath $basedir = '/opt/puppetboard',
|
|
|
|
|
Stdlib::Absolutepath $virtualenv_dir = "${basedir}/venv",
|
|
|
|
|
Stdlib::Absolutepath $settings_file = "${basedir}/settings.py",
|
|
|
|
|
String $user = 'puppetboard',
|
|
|
|
|
String $group = 'puppetboard',
|
|
|
|
|
String $gunicorn_bind = '127.0.0.1:8080',
|
|
|
|
|
String $gunicorn_bind_prefix = 'http://',
|
|
|
|
|
Integer $gunicorn_workers = 1,
|
|
|
|
|
Integer $gunicorn_threads = 4,
|
|
|
|
|
String $nginx_vhost = 'puppetboard.main.unkin.net',
|
|
|
|
|
Integer $nginx_port = 80,
|
|
|
|
|
#String[1] $secret_key = "${fqdn_rand_string(32)}",
|
|
|
|
|
) {
|
|
|
|
|
|
|
|
|
|
# store puppet-agents ssl settings/certname
|
|
|
|
|
$ssl_dir = $::settings::ssldir
|
|
|
|
|
$puppetboard_certname = $trusted['certname']
|
|
|
|
|
|
|
|
|
|
# setup the puppetboard venv
|
|
|
|
|
class { 'puppetboard':
|
|
|
|
|
python_version => $python_version,
|
|
|
|
|
manage_virtualenv => $manage_virtualenv,
|
|
|
|
|
reports_count => $reports_count,
|
|
|
|
|
offline_mode => $offline_mode,
|
|
|
|
|
basedir => $basedir,
|
|
|
|
|
virtualenv_dir => $virtualenv_dir,
|
|
|
|
|
settings_file => $settings_file,
|
|
|
|
|
#secret_key => $secret_key,
|
|
|
|
|
default_environment => $default_environment,
|
|
|
|
|
puppetdb_host => $puppetdb_host,
|
|
|
|
|
puppetdb_port => 8081,
|
|
|
|
|
puppetdb_key => "${basedir}/ssl/${puppetboard_certname}.pem",
|
|
|
|
|
puppetdb_ssl_verify => "${ssl_dir}/certs/ca.pem",
|
|
|
|
|
puppetdb_cert => "${ssl_dir}/certs/${puppetboard_certname}.pem",
|
|
|
|
|
user => $user,
|
|
|
|
|
group => $group,
|
|
|
|
|
notify => Service['puppetboard.service'],
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# install gunicorn
|
|
|
|
|
python::pip { 'puppetboard_gunicorn':
|
|
|
|
|
ensure => 'latest',
|
|
|
|
|
pkgname => 'gunicorn',
|
|
|
|
|
virtualenv => $virtualenv_dir,
|
|
|
|
|
require => Class['puppetboard'],
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# create ssl dir for puppetboard
|
|
|
|
|
file { "${basedir}/ssl":
|
|
|
|
|
ensure => directory,
|
|
|
|
|
owner => $user,
|
|
|
|
|
group => $group,
|
|
|
|
|
mode => '0750',
|
|
|
|
|
require => Class['puppetboard'],
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# copy the ssl certs for puppetboard
|
|
|
|
|
file { "${basedir}/ssl/${puppetboard_certname}.pem":
|
|
|
|
|
ensure => present,
|
|
|
|
|
owner => $user,
|
|
|
|
|
group => $group,
|
|
|
|
|
mode => '0750',
|
|
|
|
|
source => "${ssl_dir}/private_keys/${puppetboard_certname}.pem",
|
|
|
|
|
require => File["${basedir}/ssl"],
|
|
|
|
|
notify => Service['puppetboard.service'],
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# create script to start service
|
|
|
|
|
file { "${virtualenv_dir}/bin/start_puppetboard":
|
|
|
|
|
ensure => file,
|
|
|
|
|
owner => $user,
|
|
|
|
|
group => $group,
|
|
|
|
|
mode => '0755',
|
|
|
|
|
content => template('profiles/puppet/puppetboard/start_puppetboard.erb'),
|
|
|
|
|
require => Class['puppetboard'],
|
|
|
|
|
notify => Service['puppetboard.service'],
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# create systemd service unit
|
|
|
|
|
systemd::unit_file { 'puppetboard.service':
|
|
|
|
|
content => template('profiles/puppet/puppetboard/puppetboard.service.erb'),
|
|
|
|
|
active => true,
|
|
|
|
|
enable => true,
|
|
|
|
|
require => File["${virtualenv_dir}/bin/start_puppetboard"],
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# ensure the nginx service is managed
|
|
|
|
|
class { 'nginx': }
|
|
|
|
|
|
|
|
|
|
# create the nginx vhost
|
|
|
|
|
nginx::resource::server { $nginx_vhost:
|
|
|
|
|
listen_port => $nginx_port,
|
|
|
|
|
server_name => [$nginx_vhost],
|
|
|
|
|
proxy => "${gunicorn_bind_prefix}${gunicorn_bind}",
|
|
|
|
|
proxy_set_header => [
|
|
|
|
|
'Host $http_host',
|
|
|
|
|
'X-Real-IP $remote_addr',
|
|
|
|
|
'X-Scheme $scheme',
|
|
|
|
|
],
|
|
|
|
|
proxy_pass_header => ['Server'],
|
|
|
|
|
proxy_redirect => 'off',
|
|
|
|
|
proxy_connect_timeout => '10s',
|
|
|
|
|
proxy_read_timeout => '10s',
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# service static files from nginx for performance
|
|
|
|
|
nginx::resource::location { "${nginx_vhost}_static":
|
|
|
|
|
location => '/static',
|
|
|
|
|
server => $nginx_vhost,
|
|
|
|
|
location_alias => "${virtualenv_dir}/lib/python${python_version}/site-packages/puppetboard/static",
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|