puppet-prod/hieradata/roles/infra/puppetdb/api.yaml

---
profiles::puppet::puppetdb_api::java_bin: /usr/lib/jvm/jre-11/bin/java
profiles::puppet::puppetdb_api::java_args:
  '-Xmx': '2048m'
  '-Xms': '256m'

profiles::puppet::client::dns_alt_names:
  - puppetdbapi.main.unkin.net
  - puppetdbapi.service.consul
  - puppetdbapi.query.consul

# additional altnames
profiles::pki::vault::alt_names:
  - puppetdbapi.main.unkin.net
  - puppetdbapi.service.consul
  - puppetdbapi.query.consul
  - puppetdbapi

consul::services:
  puppetdbapi:
    service_name: 'puppetdbapi'
    tags:
      - 'puppet'
      - 'puppetdb'
      - 'puppetdbapi'
    address: "%{facts.networking.ip}"
    port: 8080
    checks:
      - id: 'puppetdbapi_http_check'
        name: 'PuppetDB API HTTP Check'
        http: "http://%{facts.networking.fqdn}:8080"
        method: 'GET'
        tls_skip_verify: true
        interval: '10s'
        timeout: '1s'
profiles::consul::client::node_rules:
  - resource: service
    segment: puppetdbapi
    disposition: write

hiera_include:
  - firewall::rules::in::sshd
  - firewall::rules::in::puppetdbapi

firewall::rules::in::exporters::ports:
  - 9100
  - 9558
  - 9635