unkin/puppet-prod
2
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity
ff17d5818b
puppet-prod/site/profiles/manifests/puppet/puppetdb_api.pp
Ben Vincent ff17d5818b
All checks were successful
Build / precommit (pull_request) Successful in 3m57s
Details
feat: migrate puppetdb -> openvoxdb 
- ensure the puppetdb package is purged before openvoxdb
- ensure the openvoxdb package is installed
2025-10-18 21:38:15 +11:00

108 lines
3.4 KiB
Puppet
Raw Blame History

# configure the puppetdb api service
class profiles::puppet::puppetdb_api (
String $private_cert,
String $public_cert,
Stdlib::Host $read_database_host,
Stdlib::Port $read_database_port,
String[1] $read_database_username,
String[1] $read_database_name,
String[1] $read_database_password,
Boolean $read_database_validate,
Stdlib::Host $database_host,
Stdlib::Port $database_port,
String[1] $database_username,
String[1] $database_name,
String[1] $database_password,
Boolean $database_validate,
String $listen_address = $facts['networking']['ip'],
Stdlib::Absolutepath $java_bin = '/usr/bin/java',
Hash $java_args = {},
) {
# wait for enc_role to match the required role
if $facts['enc_role'] == 'roles::infra::puppetdb::api' {
class { 'java':
package => 'java-11-openjdk-devel',
before => Class['puppetdb::server'],
}
# cleanup puppetdb first, this isnt replaced by openvoxdb (conflicts)
package { 'puppetdb':
ensure => 'purged',
before => Class['puppetdb::server'],
}
class { 'puppetdb::server':
manage_firewall => false,
ssl_listen_address => $listen_address,
listen_address => $listen_address,
java_bin => $java_bin,
java_args => $java_args,
read_database_host => $read_database_host,
read_database_port => $read_database_port,
read_database_username => $read_database_username,
read_database_name => $read_database_name,
read_database_password => Sensitive($read_database_password),
read_database_validate => $read_database_validate,
database_host => $database_host,
database_port => $database_port,
database_username => $database_username,
database_name => $database_name,
database_password => Sensitive($database_password),
database_validate => $database_validate,
puppetdb_package => 'openvoxdb',
}
contain ::puppetdb::server
file { '/etc/puppetlabs/puppetdb/ssl/private.pem':
ensure => 'file',
content => Sensitive($private_cert),
owner => 'puppetdb',
group => 'puppetdb',
mode => '0600',
notify => Service['puppetdb'],
}
file { '/etc/puppetlabs/puppetdb/ssl/public.pem':
ensure => 'file',
content => $public_cert,
owner => 'puppetdb',
group => 'puppetdb',
mode => '0600',
notify => Service['puppetdb'],
}
# generate the minute for the cron job using fqdn_rand
$random_minute = fqdn_rand(60)
# create cron task to restart the puppetdb service daily at 3am
cron { 'restart_puppetdb':
ensure => 'present',
user => 'root',
command => '/bin/systemctl restart puppetdb',
minute => $random_minute,
hour => '3',
require => Service['puppetdb'],
}
class { 'prometheus::puppetdb_exporter':
puppetdb_url => "http://${listen_address}:8080/pdb/query",
export_scrape_job => true,
}
# export haproxy balancemember
profiles::haproxy::balancemember { "${facts['networking']['fqdn']}_8080":
service => 'be_puppetdbapi',
ports => [8080],
options => [
"cookie ${facts['networking']['hostname']}",
'check',
'inter 2s',
'rise 3',
'fall 2',
]
}
}
}
Reference in New Issue View Git Blame Copy Permalink