# Class: profiles::puppet::puppetboard # # This class manages the Puppetboard, a web interface to PuppetDB. # class profiles::puppet::puppetboard ( String $python_version = '3.6', Boolean $manage_virtualenv = false, Integer $reports_count = 40, Boolean $offline_mode = true, String $default_environment = '*', String $puppetdb_host = lookup('profiles::puppet::puppetdb::puppetdb_host'), Stdlib::AbsolutePath $basedir = '/opt/puppetboard', Stdlib::Absolutepath $virtualenv_dir = "${basedir}/venv", Stdlib::Absolutepath $settings_file = "${basedir}/settings.py", String $user = 'puppetboard', String $group = 'puppetboard', String $gunicorn_bind = '127.0.0.1:8080', String $gunicorn_bind_prefix = 'http://', Integer $gunicorn_workers = 1, Integer $gunicorn_threads = 4, String $nginx_vhost = 'puppetboard.main.unkin.net', Integer $nginx_port = 80, #String[1] $secret_key = "${fqdn_rand_string(32)}", ) { # store puppet-agents ssl settings/certname $ssl_dir = $::settings::ssldir $puppetboard_certname = $trusted['certname'] # setup the puppetboard venv class { 'puppetboard': python_version => $python_version, manage_virtualenv => $manage_virtualenv, reports_count => $reports_count, offline_mode => $offline_mode, basedir => $basedir, virtualenv_dir => $virtualenv_dir, settings_file => $settings_file, #secret_key => $secret_key, default_environment => $default_environment, puppetdb_host => $puppetdb_host, puppetdb_port => 8081, puppetdb_key => "${basedir}/ssl/${puppetboard_certname}.pem", puppetdb_ssl_verify => "${ssl_dir}/certs/ca.pem", puppetdb_cert => "${ssl_dir}/certs/${puppetboard_certname}.pem", user => $user, group => $group, notify => Service['puppetboard.service'], } # install gunicorn python::pip { 'puppetboard_gunicorn': ensure => 'latest', pkgname => 'gunicorn', virtualenv => $virtualenv_dir, require => Class['puppetboard'], } # create ssl dir for puppetboard file { "${basedir}/ssl": ensure => directory, owner => $user, group => $group, mode => '0750', require => Class['puppetboard'], } # copy the ssl certs for puppetboard file { "${basedir}/ssl/${puppetboard_certname}.pem": ensure => present, owner => $user, group => $group, mode => '0750', source => "${ssl_dir}/private_keys/${puppetboard_certname}.pem", require => File["${basedir}/ssl"], notify => Service['puppetboard.service'], } # create script to start service file { "${virtualenv_dir}/bin/start_puppetboard": ensure => file, owner => $user, group => $group, mode => '0755', content => template('profiles/puppet/puppetboard/start_puppetboard.erb'), require => Class['puppetboard'], notify => Service['puppetboard.service'], } # create systemd service unit systemd::unit_file { 'puppetboard.service': content => template('profiles/puppet/puppetboard/puppetboard.service.erb'), active => true, enable => true, require => File["${virtualenv_dir}/bin/start_puppetboard"], } # ensure the nginx service is managed class { 'nginx': } # create the nginx vhost nginx::resource::server { $nginx_vhost: listen_port => $nginx_port, server_name => [$nginx_vhost], proxy => "${gunicorn_bind_prefix}${gunicorn_bind}", proxy_set_header => [ 'Host $http_host', 'X-Real-IP $remote_addr', 'X-Scheme $scheme', ], proxy_pass_header => ['Server'], proxy_redirect => 'off', proxy_connect_timeout => '10s', proxy_read_timeout => '10s', } # service static files from nginx for performance nginx::resource::location { "${nginx_vhost}_static": location => '/static', server => $nginx_vhost, location_alias => "${virtualenv_dir}/lib/python${python_version}/site-packages/puppetboard/static", } }