# configure the puppetdb api service class profiles::puppet::puppetdb_api ( String $private_cert, String $public_cert, String $postgres_host = lookup('puppetdbsql'), String $listen_address = $facts['networking']['ip'], Stdlib::Absolutepath $java_bin = '/usr/bin/java', Hash $java_args = {}, ) { # wait for enc_role to match the required role if $facts['enc_role'] == 'roles::infra::puppetdb::api' { class { 'java': package => 'java-11-openjdk-devel', before => Class['puppetdb::server'], } class { 'puppetdb::server': database_host => $postgres_host, manage_firewall => false, ssl_listen_address => $listen_address, listen_address => $listen_address, java_bin => $java_bin, java_args => $java_args, } contain ::puppetdb::server file { '/etc/puppetlabs/puppetdb/ssl/private.pem': ensure => 'file', content => Sensitive($private_cert), owner => 'puppetdb', group => 'puppetdb', mode => '0600', notify => Service['puppetdb'], } file { '/etc/puppetlabs/puppetdb/ssl/public.pem': ensure => 'file', content => $public_cert, owner => 'puppetdb', group => 'puppetdb', mode => '0600', notify => Service['puppetdb'], } # generate the minute for the cron job using fqdn_rand $random_minute = fqdn_rand(60) # create cron task to restart the puppetdb service daily at 3am cron { 'restart_puppetdb': ensure => 'present', user => 'root', command => '/bin/systemctl restart puppetdb', minute => $random_minute, hour => '3', require => Service['puppetdb'], } class { 'prometheus::puppetdb_exporter': puppetdb_url => "http://${listen_address}:8080/pdb/query", export_scrape_job => true, } # export haproxy balancemember profiles::haproxy::balancemember { "${facts['networking']['fqdn']}_8080": service => 'be_puppetdbapi', ports => [8080], options => [ "cookie ${facts['networking']['hostname']}", 'check', 'inter 2s', 'rise 3', 'fall 2', ] } } }