unkin/puppet-prod
2
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity
c33d3ed4b4
puppet-prod/site/profiles/manifests/puppet/puppetdb_api.pp
Ben Vincent cb1d562cb0 feat: migrate pupeptdb sql to patroni (#318) 
- change puppetdb::sql to using the patroni profile
- change puppetdb::api to use new patroni cluster
- remove references to puppetlabs-puppetdb managed database
- update consul rules to enable sessions

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/318
2025-06-19 05:52:32 +10:00

101 lines
3.2 KiB
Puppet
Raw Blame History

# configure the puppetdb api service
class profiles::puppet::puppetdb_api (
String $private_cert,
String $public_cert,
Stdlib::Host $read_database_host,
Stdlib::Port $read_database_port,
String[1] $read_database_username,
String[1] $read_database_name,
String[1] $read_database_password,
Boolean $read_database_validate,
Stdlib::Host $database_host,
Stdlib::Port $database_port,
String[1] $database_username,
String[1] $database_name,
String[1] $database_password,
Boolean $database_validate,
String $listen_address = $facts['networking']['ip'],
Stdlib::Absolutepath $java_bin = '/usr/bin/java',
Hash $java_args = {},
) {
# wait for enc_role to match the required role
if $facts['enc_role'] == 'roles::infra::puppetdb::api' {
class { 'java':
package => 'java-11-openjdk-devel',
before => Class['puppetdb::server'],
}
class { 'puppetdb::server':
manage_firewall => false,
ssl_listen_address => $listen_address,
listen_address => $listen_address,
java_bin => $java_bin,
java_args => $java_args,
read_database_host => $read_database_host,
read_database_port => $read_database_port,
read_database_username => $read_database_username,
read_database_name => $read_database_name,
read_database_password => Sensitive($read_database_password),
read_database_validate => $read_database_validate,
database_host => $database_host,
database_port => $database_port,
database_username => $database_username,
database_name => $database_name,
database_password => Sensitive($database_password),
database_validate => $database_validate,
}
contain ::puppetdb::server
file { '/etc/puppetlabs/puppetdb/ssl/private.pem':
ensure => 'file',
content => Sensitive($private_cert),
owner => 'puppetdb',
group => 'puppetdb',
mode => '0600',
notify => Service['puppetdb'],
}
file { '/etc/puppetlabs/puppetdb/ssl/public.pem':
ensure => 'file',
content => $public_cert,
owner => 'puppetdb',
group => 'puppetdb',
mode => '0600',
notify => Service['puppetdb'],
}
# generate the minute for the cron job using fqdn_rand
$random_minute = fqdn_rand(60)
# create cron task to restart the puppetdb service daily at 3am
cron { 'restart_puppetdb':
ensure => 'present',
user => 'root',
command => '/bin/systemctl restart puppetdb',
minute => $random_minute,
hour => '3',
require => Service['puppetdb'],
}
class { 'prometheus::puppetdb_exporter':
puppetdb_url => "http://${listen_address}:8080/pdb/query",
export_scrape_job => true,
}
# export haproxy balancemember
profiles::haproxy::balancemember { "${facts['networking']['fqdn']}_8080":
service => 'be_puppetdbapi',
ports => [8080],
options => [
"cookie ${facts['networking']['hostname']}",
'check',
'inter 2s',
'rise 3',
'fall 2',
]
}
}
}
Reference in New Issue View Git Blame Copy Permalink