2024-06-01 14:48:48 +10:00
4 changed files with 63 additions and 30 deletions
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@ -188,6 +188,9 @@ profiles::puppet::client::runtimeout: 3600
 profiles::puppet::client::show_diff: true
 profiles::puppet::client::usecacheonfailure: false
 profiles::puppet::puppetdb::puppetdb_host: prodinf01n04.main.unkin.net
 profiles::puppet::puppetdb::postgres_host: prodinf01n05.main.unkin.net
 prometheus::node_exporter::export_scrape_job: true
 prometheus::systemd_exporter::export_scrape_job: true
--- a/hieradata/roles/infra.yaml
+++ b/hieradata/roles/infra.yaml
@ -2,7 +2,5 @@
 profiles::packages::install:
  - policycoreutils
 profiles::puppet::puppetdb::puppetdb_host: prodinf01n04.main.unkin.net
 profiles::puppet::puppetdb::postgres_host: prodinf01n05.main.unkin.net
 puppetdb::master::config::create_puppet_service_resource: false
 #puppetdb::master::config::puppetdb_host: "%{lookup('profiles::puppet::puppetdb::puppetdb_host')}"
--- a/hieradata/roles/infra/puppetdb/api.yaml
+++ b/hieradata/roles/infra/puppetdb/api.yaml
@ -3,3 +3,32 @@ profiles::puppet::puppetdb_api::java_bin: /usr/lib/jvm/jre-11/bin/java
 profiles::puppet::puppetdb_api::java_args:
  '-Xmx': '512m'
  '-Xms': '256m'
 # additional altnames
 profiles::pki::vault::alt_names:
  - puppetdbapi.main.unkin.net
  - puppetdbapi.service.consul
  - puppetdbapi.query.consul
  - puppetdbapi
 consul::services:
  puppetdbapi:
    service_name: 'puppetdbapi'
    tags:
      - 'puppet'
      - 'puppetdb'
      - 'puppetdbapi'
    address: "%{facts.networking.ip}"
    port: 8080
    checks:
      - id: 'puppetdbapi_http_check'
        name: 'PuppetDB API HTTP Check'
        http: "http://%{facts.networking.fqdn}:8080"
        method: 'GET'
        tls_skip_verify: true
        interval: '10s'
        timeout: '1s'
 profiles::consul::client::node_rules:
  - resource: service
    segment: puppetdbapi
    disposition: write
--- a/site/profiles/manifests/puppet/puppetdb_api.pp
+++ b/site/profiles/manifests/puppet/puppetdb_api.pp
@ -6,37 +6,40 @@ class profiles::puppet::puppetdb_api (
  Hash   $java_args = {},
 ) {
-  class { 'java':
+  # wait for enc_role to match the required role
-    package => 'java-11-openjdk-devel',
+  if $facts['enc_role'] == 'roles::infra::puppetdb::api' {
-    before  => Class['puppetdb::server'],
+    class { 'java':
-  }
+      package => 'java-11-openjdk-devel',
      before  => Class['puppetdb::server'],
    }
-  class { 'puppetdb::server':
+    class { 'puppetdb::server':
-    database_host      => $postgres_host,
+      database_host      => $postgres_host,
-    manage_firewall    => false,
+      manage_firewall    => false,
-    ssl_listen_address => $listen_address,
+      ssl_listen_address => $listen_address,
-    listen_address     => $listen_address,
+      listen_address     => $listen_address,
-    java_bin           => $java_bin,
+      java_bin           => $java_bin,
-    java_args          => $java_args,
+      java_args          => $java_args,
-  }
+    }
-  contain ::puppetdb::server
+    contain ::puppetdb::server
-  class { 'prometheus::puppetdb_exporter':
+    class { 'prometheus::puppetdb_exporter':
-    puppetdb_url      => "http://${listen_address}:8080/pdb/query",
+      puppetdb_url      => "http://${listen_address}:8080/pdb/query",
-    export_scrape_job => true,
+      export_scrape_job => true,
-  }
+    }
-  # export haproxy balancemember
+    # export haproxy balancemember
-  profiles::haproxy::balancemember { "${facts['networking']['fqdn']}_8080":
+    profiles::haproxy::balancemember { "${facts['networking']['fqdn']}_8080":
-    service => 'be_puppetdbapi',
+      service => 'be_puppetdbapi',
-    ports   => [8080],
+      ports   => [8080],
-    options => [
+      options => [
-      "cookie ${facts['networking']['hostname']}",
+        "cookie ${facts['networking']['hostname']}",
-      'check',
+        'check',
-      'inter 2s',
+        'inter 2s',
-      'rise 3',
+        'rise 3',
-      'fall 2',
+        'fall 2',
-    ]
+      ]
    }
  }
 }