diff --git a/.vscode/settings.json b/.vscode/settings.json
new file mode 100644
index 0000000..f821985
--- /dev/null
+++ b/.vscode/settings.json
@@ -0,0 +1,11 @@
+{
+ "cSpell.words": [
+ "appender",
+ "kahadb",
+ "logappender",
+ "requestlogging",
+ "springframework",
+ "Supress",
+ "trapperkeeper"
+ ]
+}
\ No newline at end of file
diff --git a/manifests/main/config.pp b/manifests/main/config.pp
index 3b9fa98..234343e 100644
--- a/manifests/main/config.pp
+++ b/manifests/main/config.pp
@@ -7,4 +7,8 @@ class puppet_cd::main::config (
) inherits puppet_cd::params {
include puppet_cd::server::service
+
+ if $pt_use_puppetdb == true {
+ include puppet_cd::puppetdb::service
+ }
}
diff --git a/manifests/params.pp b/manifests/params.pp
index f90578b..f701271 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -54,7 +54,29 @@
# @param [string] pt_parser which parser version to use
# @param [boolean] pt_cert_revocation whether to check for cert revocations
# @param [string] pt_logging_max_file_size max file size for puppetdb logging
-#
+# @param [string] pt_logging_max_history max logging history
+# @param [string] pt_logging_total_size total size of logging file
+# @param [string] pt_com_proc_threads number of processing threads
+# @param [string] pt_concurrent_writes max concurrent writes
+# @param [string] pt_db_subname the db name
+# @param [string] pt_db_username the db username
+# @param [string] pt_db_password the db password
+# @param [string] pt_gc_interval garbage collection interval (Java)
+# @param [string] pt_log_slow_statements number of seconds before an SQL query
+# is considered "slow."
+# @param [string] pt_puppetdb_source_lan the source lan for puppetdb clients
+# @param [boolean] pt_soft_write_failure allows the PuppetDB-termini to fail
+# softly if PuppetDB is not accessible for command submission.
+# @param [string] pt_no_ssl_host ip range for non-ssl hosts
+# @param [string] pt_ssl_host ip range for SSL hosts
+# @param [string] pt_ssl_key location of the private key
+# @param [string] pt_ssl_cert location of the ssl cert
+# @param [string] pt_ssl_ca_cert location of the ssl ca cert
+# @param [boolean] pt_log_access whether to configure log access
+# @param [string] pt_access_log_config the location of the access log config
+# @param [boolean] pt_enable_repl whether to allow puppetdb replication
+# @param [string] pt_repl_port the replication port
+# @param [string] pt_repl_host the replication host
###############################################################################
class puppet_cd::params (
@@ -130,7 +152,7 @@ class puppet_cd::params (
String $pt_no_ssl_host = '0.0.0.0',
String $pt_ssl_host = '0.0.0.0',
String $pt_ssl_key = '/etc/puppetlabs/puppetdb/ssl/private.pem',
- String $pt_ssh_cert = '/etc/puppetlabs/puppetdb/ssl/public.pem',
+ String $pt_ssl_cert = '/etc/puppetlabs/puppetdb/ssl/public.pem',
String $pt_ssl_ca_cert = '/etc/puppetlabs/puppetdb/ssl/ca.pem',
Boolean $pt_log_access = false,
String $pt_access_log_config = '/etc/puppetlabs/puppetdb/request-logging.xml',
@@ -139,56 +161,56 @@ class puppet_cd::params (
String $pt_repl_host = '127.0.0.1',
) {
- $fqdn = $facts['networking']['fqdn']
+ $fqdn = $facts['networking']['fqdn']
# directories
## puppet
- $pt_main_dir = '/etc/puppetlabs'
- $pt_puppetdir = "${pt_main_dir}/puppet"
- $pt_code_dir = "${pt_main_dir}/code"
- $pt_environmentspath = "${pt_code_dir}/environments"
- $pt_ssldir = "${pt_puppetdir}/ssl"
- $pt_privatekeydir = "${pt_ssldir}/private_keys"
- $pt_rundir = '/var/run/puppetlabs'
- $pt_rundir_master = '/var/run/puppetlabs/puppetserver'
- $pt_vardir = '/opt/puppetlabs/puppet/cache'
- $pt_vardir_master = '/opt/puppetlabs/server/data/puppetserver'
+ $pt_main_dir = '/etc/puppetlabs'
+ $pt_puppetdir = "${pt_main_dir}/puppet"
+ $pt_code_dir = "${pt_main_dir}/code"
+ $pt_environmentspath = "${pt_code_dir}/environments"
+ $pt_ssldir = "${pt_puppetdir}/ssl"
+ $pt_privatekeydir = "${pt_ssldir}/private_keys"
+ $pt_rundir = '/var/run/puppetlabs'
+ $pt_rundir_master = '/var/run/puppetlabs/puppetserver'
+ $pt_vardir = '/opt/puppetlabs/puppet/cache'
+ $pt_vardir_master = '/opt/puppetlabs/server/data/puppetserver'
## puppetdb
- $pt_puppetdb_main = '/etc/puppetlabs/puppetdb'
- $pt_puppetdb_conf_d = "${pt_puppetdb_main}/conf.d"
- $pt_puppetdb_ssl = "${pt_puppetdb_main}/ssl"
- $pt_puppetdb_log = '/var/log/puppetlabs/puppetdb'
- $pt_puppetdb_var_dir = '/opt/puppetlabs/server/data/puppetdb'
+ $pt_puppetdb_main = '/etc/puppetlabs/puppetdb'
+ $pt_puppetdb_conf_d = "${pt_puppetdb_main}/conf.d"
+ $pt_puppetdb_ssl = "${pt_puppetdb_main}/ssl"
+ $pt_puppetdb_log = '/var/log/puppetlabs/puppetdb'
+ $pt_puppetdb_var_dir = '/opt/puppetlabs/server/data/puppetdb'
# files
## puppet
- $pt_puppet_conf_file = "${pt_puppetdir}/puppet.conf"
- $pt_puppet_conf_erb = 'puppet_cd/puppet.conf.erb'
- $pt_agent_conf_erb = 'puppet_cd/agent.conf.erb'
- $pt_hiera_config = "${pt_puppetdir}/hiera.yaml"
+ $pt_puppet_conf_file = "${pt_puppetdir}/puppet.conf"
+ $pt_puppet_conf_erb = 'puppet_cd/puppet.conf.erb'
+ $pt_agent_conf_erb = 'puppet_cd/agent.conf.erb'
+ $pt_hiera_config = "${pt_puppetdir}/hiera.yaml"
## puppetdb
- $pt_bootstrap_conf = "${pt_puppetdb_main}/bootstrap.cfg"
- $pt_bootstrap_erb = 'cd_puppet/puppetdb/bootstrap.cfg.erb'
- $pt_puppetdb_access_log = "${pt_puppetdb_log}/puppetdb-access"
- $pt_request_logging_conf = "${pt_puppetdb_main}/request-logging.xml"
- $pt_request_logging_erb = 'cd_puppet/puppetdb/request_logging.xml.erb'
- $pt_logback_conf = "${pt_puppetdb_main}/logback.xml"
- $pt_logback_erb = 'cd_puppet/puppetdb/logback.xml.erb'
- $pt_puppetdb_config_ini = "${pt_puppetdb_conf_d}/config.ini"
- $pt_puppetdb_config_erb = 'cd_puppet/puppetdb/config.ini.erb'
- $pt_puppetdb_database_ini = "${pt_puppetdb_conf_d}/database.ini"
- $pt_puppetdb_database_erb = 'cd_puppet/puppetdb/database.ini.erb'
- $pt_puppetdb_jetty_ini = "${pt_puppetdb_conf_d}/jetty.ini"
- $pt_puppetdb_jetty_erb = 'cd_puppet/puppetdb/jetty.ini.erb'
- $pt_puppetdb_conf_file = "${pt_puppetdir}/puppetdb.conf"
- $pt_puppetdb_conf_erb = 'cd_puppet/puppetdb/puppetdb.conf.erb'
- $pt_puppetdb_repl_ini = "${pt_puppetdb_conf_d}/repl.ini"
- $pt_puppetdb_repl_erb = 'cd_puppet/puppetdb/repl.ini.erb'
+ $pt_bootstrap_conf = "${pt_puppetdb_main}/bootstrap.cfg"
+ $pt_bootstrap_erb = 'cd_puppet/puppetdb/bootstrap.cfg.erb'
+ $pt_puppetdb_access_log = "${pt_puppetdb_log}/puppetdb-access"
+ $pt_request_logging_conf = "${pt_puppetdb_main}/request-logging.xml"
+ $pt_request_logging_erb = 'cd_puppet/puppetdb/request_logging.xml.erb'
+ $pt_logback_conf = "${pt_puppetdb_main}/logback.xml"
+ $pt_logback_erb = 'cd_puppet/puppetdb/logback.xml.erb'
+ $pt_puppetdb_config_ini = "${pt_puppetdb_conf_d}/config.ini"
+ $pt_puppetdb_config_erb = 'cd_puppet/puppetdb/config.ini.erb'
+ $pt_puppetdb_database_ini = "${pt_puppetdb_conf_d}/database.ini"
+ $pt_puppetdb_database_erb = 'cd_puppet/puppetdb/database.ini.erb'
+ $pt_puppetdb_jetty_ini = "${pt_puppetdb_conf_d}/jetty.ini"
+ $pt_puppetdb_jetty_erb = 'cd_puppet/puppetdb/jetty.ini.erb'
+ $pt_puppetdb_conf_file = "${pt_puppetdir}/puppetdb.conf"
+ $pt_puppetdb_conf_erb = 'cd_puppet/puppetdb/puppetdb.conf.erb'
+ $pt_puppetdb_repl_ini = "${pt_puppetdb_conf_d}/repl.ini"
+ $pt_puppetdb_repl_erb = 'cd_puppet/puppetdb/repl.ini.erb'
# service
- $pt_server_service = 'puppetserver'
- $pt_agent_service = 'puppet'
- $pt_db_service = 'puppetdb'
+ $pt_server_service = 'puppetserver'
+ $pt_agent_service = 'puppet'
+ $pt_db_service = 'puppetdb'
#
# includes must be last
diff --git a/manifests/puppetdb/dirs.pp b/manifests/puppetdb/dirs.pp
new file mode 100644
index 0000000..a023923
--- /dev/null
+++ b/manifests/puppetdb/dirs.pp
@@ -0,0 +1,64 @@
+## puppet_cd::puppetdb::dirs.pp
+# Module name: puppet_cd
+# Author: Arne Teuke (arne_teuke@confdroid)
+# @summary Class manages puppetdb directories
+###############################################################################
+class puppet_cd::puppetdb::dirs (
+
+) inherits puppet_cd::params {
+ if ($fqdn == $pt_puppetdb_server) and ($pt_use_puppetdb == true) {
+ require puppet_cd::main::install
+
+ # main directory
+ file { $pt_puppetdb_main:
+ ensure => directory,
+ path => $pt_puppetdb_main,
+ owner => $pt_puppetdb_user,
+ group => $pt_puppetdb_user,
+ mode => '0750',
+ selrange => s0,
+ selrole => object_r,
+ seltype => etc_t,
+ seluser => system_u,
+ }
+
+ # conf.d directory
+ file { $pt_puppetdb_conf_d:
+ ensure => directory,
+ path => $pt_puppetdb_conf_d,
+ owner => $pt_puppetdb_user,
+ group => $pt_puppetdb_user,
+ mode => '0750',
+ selrange => s0,
+ selrole => object_r,
+ seltype => etc_t,
+ seluser => system_u,
+ }
+
+ # ssl directory
+ file { $pt_puppetdb_ssl:
+ ensure => directory,
+ path => $pt_puppetdb_ssl,
+ owner => $pt_puppetdb_user,
+ group => $pt_puppetdb_user,
+ mode => '0750',
+ selrange => s0,
+ selrole => object_r,
+ seltype => etc_t,
+ seluser => system_u,
+ }
+
+ # log dir
+ file { $pt_puppetdb_log:
+ ensure => directory,
+ path => $pt_puppetdb_log,
+ owner => $pt_puppetdb_user,
+ group => $pt_puppetdb_user,
+ mode => '0700',
+ selrange => s0,
+ selrole => object_r,
+ seltype => var_log_t,
+ seluser => system_u,
+ }
+ }
+}
diff --git a/manifests/puppetdb/files.pp b/manifests/puppetdb/files.pp
new file mode 100644
index 0000000..a0ae43d
--- /dev/null
+++ b/manifests/puppetdb/files.pp
@@ -0,0 +1,117 @@
+## puppet_cd::puppetdb::files.pp
+# Module name: puppet_cd
+# Author: Arne Teuke (arne_teuke@confdroid)
+# @summary Class manages puppetdb files
+###############################################################################
+class puppet_cd::puppetdb::files (
+
+) inherits puppet_cd::params {
+ if ($fqdn == $pt_puppetdb_server) and ($pt_use_puppetdb == true) {
+ require puppet_cd::puppetdb::dirs
+
+ # bootstrap.cfg
+ file { $pt_bootstrap_conf:
+ ensure => file,
+ path => $pt_bootstrap_conf,
+ owner => 'root',
+ group => 'root',
+ mode => '0644',
+ selrange => s0,
+ selrole => object_r,
+ seltype => puppet_etc_t,
+ seluser => system_u,
+ content => template($pt_bootstrap_erb),
+ notify => Service[$pt_puppetdb],
+ }
+
+ # requestlogging.xml
+ file { $pt_request_logging_conf:
+ ensure => file,
+ path => $pt_request_logging_conf,
+ owner => 'root',
+ group => 'root',
+ mode => '0644',
+ selrange => s0,
+ selrole => object_r,
+ seltype => puppet_etc_t,
+ seluser => system_u,
+ content => template($pt_request_logging_erb),
+ notify => Service[$pt_puppetdb],
+ }
+
+ # logback.xml
+ file { $pt_logback_conf:
+ ensure => file,
+ path => $pt_logback_conf,
+ owner => 'root',
+ group => 'root',
+ mode => '0644',
+ selrange => s0,
+ selrole => object_r,
+ seltype => puppet_etc_t,
+ seluser => system_u,
+ content => template($pt_logback_erb),
+ notify => Service[$pt_puppetdb],
+ }
+
+ # config.ini
+ file { $pt_puppetdb_config_ini:
+ ensure => file,
+ path => $pt_puppetdb_config_ini,
+ owner => $pt_puppetdb_user,
+ group => $pt_puppetdb_user,
+ mode => '0640',
+ selrange => s0,
+ selrole => object_r,
+ seltype => puppet_etc_t,
+ seluser => system_u,
+ content => template($pt_puppetdb_config_erb),
+ notify => Service[$pt_puppetdb],
+ }
+
+ # database.ini
+ file { $pt_puppetdb_database_ini:
+ ensure => file,
+ path => $pt_puppetdb_database_ini,
+ owner => $pt_puppetdb_user,
+ group => $pt_puppetdb_user,
+ mode => '0640',
+ selrange => s0,
+ selrole => object_r,
+ seltype => puppet_etc_t,
+ seluser => system_u,
+ content => template($pt_puppetdb_database_erb),
+ notify => Service[$pt_puppetdb],
+ }
+
+ # jetty.ini
+ file { $pt_puppetdb_jetty_ini :
+ ensure => file,
+ path => $pt_puppetdb_jetty_ini ,
+ owner => $pt_puppetdb_user,
+ group => $pt_puppetdb_user,
+ mode => '0640',
+ selrange => s0,
+ selrole => object_r,
+ seltype => puppet_etc_t,
+ seluser => system_u,
+ content => template($pt_puppetdb_jetty_erb),
+ notify => Service[$pt_puppetdb],
+ }
+
+ # repl.ini
+ file { $pt_puppetdb_repl_ini:
+ ensure => file,
+ path => $pt_puppetdb_repl_ini,
+ owner => $pt_puppetdb_user,
+ group => $pt_puppetdb_user,
+ mode => '0640',
+ selrange => s0,
+ selrole => object_r,
+ seltype => puppet_etc_t,
+ seluser => system_u,
+ content => template($pt_puppetdb_repl_erb),
+ notify => Service[$pt_puppetdb],
+ }
+ }
+}
diff --git a/manifests/puppetdb/service.pp b/manifests/puppetdb/service.pp
new file mode 100644
index 0000000..dbdcea0
--- /dev/null
+++ b/manifests/puppetdb/service.pp
@@ -0,0 +1,19 @@
+## puppet_cd::puppetdb::service.pp
+# Module name: puppet_cd
+# Author: Arne Teuke (arne_teuke@confdroid)
+# @summary Class manages puppetdb service
+###############################################################################
+class puppet_cd::puppetdb::service (
+
+) inherits puppet_cd::params {
+ if ($fqdn == $pt_puppetdb_server) and ($pt_use_puppetdb == true) {
+ require puppet_cd::puppetdb::files
+
+ service { $pt_puppetdb:
+ ensure => running,
+ hasstatus => true,
+ hasrestart => true,
+ enable => true,
+ }
+ }
+}
diff --git a/templates/puppetdb/bootstrap.cfg.erb b/templates/puppetdb/bootstrap.cfg.erb
new file mode 100644
index 0000000..ed31588
--- /dev/null
+++ b/templates/puppetdb/bootstrap.cfg.erb
@@ -0,0 +1,32 @@
+###############################################################################
+########## bootstrap.cfg managed by puppet agent ##########
+###############################################################################
+
+# This file is used by the application framework (trapperkeeper) to
+# determine what services should be loaded at boot time.
+# For more info, see:
+# https://github.com/puppetlabs/trapperkeeper/wiki/Bootstrapping
+
+# Web Server
+puppetlabs.trapperkeeper.services.webserver.jetty9-service/jetty9-service
+
+# Webrouting
+puppetlabs.trapperkeeper.services.webrouting.webrouting-service/webrouting-service
+
+# TK status
+puppetlabs.trapperkeeper.services.metrics.metrics-service/metrics-webservice
+puppetlabs.trapperkeeper.services.status.status-service/status-service
+puppetlabs.trapperkeeper.services.scheduler.scheduler-service/scheduler-service
+
+# PuppetDB Services
+puppetlabs.puppetdb.cli.services/puppetdb-service
+puppetlabs.puppetdb.command/command-service
+puppetlabs.puppetdb.pdb-routing/maint-mode-service
+puppetlabs.puppetdb.pdb-routing/pdb-routing-service
+puppetlabs.puppetdb.config/config-service
+
+# NREPL
+puppetlabs.trapperkeeper.services.nrepl.nrepl-service/nrepl-service
+
+# Dashboard redirect: remove to disable
+puppetlabs.puppetdb.dashboard/dashboard-redirect-service
diff --git a/templates/puppetdb/config.ini.erb b/templates/puppetdb/config.ini.erb
new file mode 100644
index 0000000..bc5f428
--- /dev/null
+++ b/templates/puppetdb/config.ini.erb
@@ -0,0 +1,11 @@
+###############################################################################
+########## config.ini managed by puppet agent ##########
+###############################################################################
+
+[global]
+vardir = <%= @pt_puppetdb_var_dir %>
+logging-config = <%= @pt_logback_conf %>
+
+[command-processing]
+threads = <%= @pt_com_proc_threads %>
+concurrent-writes = <%= @pt_concurrent_writes %>
diff --git a/templates/puppetdb/database.ini.erb b/templates/puppetdb/database.ini.erb
new file mode 100644
index 0000000..5534376
--- /dev/null
+++ b/templates/puppetdb/database.ini.erb
@@ -0,0 +1,10 @@
+###############################################################################
+########## database.ini managed by puppet agent ##########
+###############################################################################
+
+[database]
+subname = <%= @pt_db_subname %>
+username = <%= @pt_db_username %>
+password = <%= @pt_db_password %>
+
+gc-interval = <%= @pt_gc_interval %>
diff --git a/templates/puppetdb/jetty.ini.erb b/templates/puppetdb/jetty.ini.erb
new file mode 100644
index 0000000..a12eef3
--- /dev/null
+++ b/templates/puppetdb/jetty.ini.erb
@@ -0,0 +1,31 @@
+###############################################################################
+########## jetty.ini managed by puppet agent ##########
+###############################################################################
+
+[jetty]
+<% if @pt_use_ssl_only != true %>
+host = <%= @pt_no_ssl_host %>
+port = <%= @pt_no_ssl_port %>
+
+# ssl
+ssl-host = <%= @pt_ssl_host %>
+ssl-port = <%= @pt_ssl_port %>
+ssl-key = <%= @pt_ssl_key %>
+ssl-cert = <%= @pt_ssl_cert %>
+ssl-ca-cert = <%= @pt_ssl_ca_cert %>
+
+<% if @pt_log_access == true %>
+access-log-config = <%= @pt_access_log_config %>
+<% end end %>
+
+
+<% if @pt_use_ssl_only == true %>
+ssl-host = <%= @pt_ssl_host %>
+ssl-port = <%= @pt_ssl_port %>
+ssl-key = <%= @pt_ssl_key %>
+ssl-cert = <%= @pt_ssl_cert %>
+ssl-ca-cert = <%= @pt_ssl_ca_cert %>
+
+<% if @pt_log_access == true %>
+access-log-config = <%= @pt_access_log_config %>
+<% end end %>
diff --git a/templates/puppetdb/logback.xml.erb b/templates/puppetdb/logback.xml.erb
new file mode 100755
index 0000000..2815728
--- /dev/null
+++ b/templates/puppetdb/logback.xml.erb
@@ -0,0 +1,59 @@
+
+
+
+ %d %-5p [%c{2}] %m%n
+
+
+
+
+ /var/log/puppetlabs/puppetdb/puppetdb.log
+ true
+
+ /var/log/puppetlabs/puppetdb/puppetdb-%d{yyyy-MM-dd}.%i.log.gz
+
+ 200MB
+ 90
+ 1GB
+
+
+ %d %-5p [%c{2}] %m%n
+
+
+
+
+
+
+
+
+
+
+
+
+
+ /var/log/puppetlabs/puppetdb/puppetdb-status.log
+ true
+
+
+ /var/log/puppetlabs/puppetdb/puppetdb-status-%d{yyyy-MM-dd}.%i.log.gz
+
+ 200MB
+ 90
+ 1GB
+
+
+
+ %m%n
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/templates/puppetdb/puppetdb.conf.erb b/templates/puppetdb/puppetdb.conf.erb
index 1362f44..e4f4e70 100644
--- a/templates/puppetdb/puppetdb.conf.erb
+++ b/templates/puppetdb/puppetdb.conf.erb
@@ -3,5 +3,5 @@
###############################################################################
[main]
-server_urls = https://<%= @pt_db_fqdn %>:<%= @pt_ssl_port %>
-soft_write_failure = <%= @pt_soft_write_failure %>
\ No newline at end of file
+server_urls = https://<%= @pt_puppetdb_server%>:<%= @pt_ssl_port %>
+soft_write_failure = <%= @pt_soft_write_failure %>
diff --git a/templates/puppetdb/repl.ini.erb b/templates/puppetdb/repl.ini.erb
new file mode 100644
index 0000000..a851985
--- /dev/null
+++ b/templates/puppetdb/repl.ini.erb
@@ -0,0 +1,13 @@
+###############################################################################
+########## repl.ini managed by puppet agent ##########
+###############################################################################
+
+[nrepl]
+<% if @pt_enable_repl == true %>
+enabled = <%= @pt_enable_repl %>
+port = <% @pt_repl_port %>
+host = <%= @pt_repl_host %>
+<% else %>
+# REPL is disabled for security reasons and not normally not required.
+# To enable it, set `$pt_enable_repl` to `true`.
+<% end %>
diff --git a/templates/puppetdb/request_logging.xml.erb b/templates/puppetdb/request_logging.xml.erb
new file mode 100644
index 0000000..aff8cb7
--- /dev/null
+++ b/templates/puppetdb/request_logging.xml.erb
@@ -0,0 +1,17 @@
+
+
+ <%= @pt_puppetdb_access_log %>.log
+ true
+
+ <%= @pt_puppetdb_access_log %>-%d{yyyy-MM-dd}.%i.log.gz
+
+ <%= @pt_logging_max_file_size %>
+ <%= @pt_loging_max_history %>
+ <%= @pt_logging_total_size %>
+
+
+ %h %l %u [%t] "%r" %s %b "%i{Referer}" "%i{User-Agent}" %D
+
+
+
+