add puppetdb section

2025-03-10 13:21:44 +01:00
parent bacdb0d808
commit 01441653e7
14 changed files with 454 additions and 44 deletions
--- a/manifests/main/config.pp
+++ b/manifests/main/config.pp
@@ -7,4 +7,8 @@ class puppet_cd::main::config (

 ) inherits puppet_cd::params {
  include puppet_cd::server::service
+
+  if $pt_use_puppetdb == true {
+    include puppet_cd::puppetdb::service
+  }
 }
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -54,7 +54,29 @@
 # @param [string] pt_parser which parser version to use
 # @param [boolean] pt_cert_revocation whether to check for cert revocations
 # @param [string] pt_logging_max_file_size max file size for puppetdb logging
-# 
+# @param [string] pt_logging_max_history max logging history
+# @param [string] pt_logging_total_size  total size of logging file
+# @param [string] pt_com_proc_threads number of processing threads
+# @param [string] pt_concurrent_writes  max concurrent writes
+# @param [string] pt_db_subname the db name
+# @param [string] pt_db_username the db username
+# @param [string] pt_db_password the db password
+# @param [string] pt_gc_interval garbage collection interval (Java)
+# @param [string] pt_log_slow_statements number of seconds before an SQL query
+#   is considered "slow."
+# @param [string] pt_puppetdb_source_lan the source lan for puppetdb clients
+# @param [boolean] pt_soft_write_failure allows the PuppetDB-termini to fail
+#   softly if PuppetDB is not accessible for command submission.
+# @param [string] pt_no_ssl_host ip range for non-ssl hosts
+# @param [string] pt_ssl_host ip range for SSL hosts
+# @param [string] pt_ssl_key location of the private key
+# @param [string] pt_ssl_cert location of the ssl cert
+# @param [string] pt_ssl_ca_cert location of the ssl ca cert
+# @param [boolean] pt_log_access whether to configure log access
+# @param [string] pt_access_log_config the location of the access log config
+# @param [boolean] pt_enable_repl whether to allow puppetdb replication
+# @param [string] pt_repl_port the replication port
+# @param [string] pt_repl_host the replication host
 ###############################################################################
 class puppet_cd::params (

@@ -130,7 +152,7 @@ class puppet_cd::params (
  String $pt_no_ssl_host            = '0.0.0.0',
  String $pt_ssl_host               = '0.0.0.0',
  String $pt_ssl_key                = '/etc/puppetlabs/puppetdb/ssl/private.pem',
-  String $pt_ssh_cert               = '/etc/puppetlabs/puppetdb/ssl/public.pem',
+  String $pt_ssl_cert               = '/etc/puppetlabs/puppetdb/ssl/public.pem',
  String $pt_ssl_ca_cert            = '/etc/puppetlabs/puppetdb/ssl/ca.pem',
  Boolean $pt_log_access            = false,
  String $pt_access_log_config      = '/etc/puppetlabs/puppetdb/request-logging.xml',
@@ -139,56 +161,56 @@ class puppet_cd::params (
  String $pt_repl_host              = '127.0.0.1',

 ) {
-  $fqdn                       = $facts['networking']['fqdn']
+  $fqdn                             = $facts['networking']['fqdn']

 # directories
 ## puppet
-  $pt_main_dir                = '/etc/puppetlabs'
-  $pt_puppetdir               = "${pt_main_dir}/puppet"
-  $pt_code_dir                = "${pt_main_dir}/code"
-  $pt_environmentspath        = "${pt_code_dir}/environments"
-  $pt_ssldir                  = "${pt_puppetdir}/ssl"
-  $pt_privatekeydir           = "${pt_ssldir}/private_keys"
-  $pt_rundir                  = '/var/run/puppetlabs'
-  $pt_rundir_master           = '/var/run/puppetlabs/puppetserver'
-  $pt_vardir                  = '/opt/puppetlabs/puppet/cache'
-  $pt_vardir_master           = '/opt/puppetlabs/server/data/puppetserver'
+  $pt_main_dir                      = '/etc/puppetlabs'
+  $pt_puppetdir                     = "${pt_main_dir}/puppet"
+  $pt_code_dir                      = "${pt_main_dir}/code"
+  $pt_environmentspath              = "${pt_code_dir}/environments"
+  $pt_ssldir                        = "${pt_puppetdir}/ssl"
+  $pt_privatekeydir                 = "${pt_ssldir}/private_keys"
+  $pt_rundir                        = '/var/run/puppetlabs'
+  $pt_rundir_master                 = '/var/run/puppetlabs/puppetserver'
+  $pt_vardir                        = '/opt/puppetlabs/puppet/cache'
+  $pt_vardir_master                 = '/opt/puppetlabs/server/data/puppetserver'
 ## puppetdb
-  $pt_puppetdb_main           = '/etc/puppetlabs/puppetdb'
-  $pt_puppetdb_conf_d         = "${pt_puppetdb_main}/conf.d"
-  $pt_puppetdb_ssl            = "${pt_puppetdb_main}/ssl"
-  $pt_puppetdb_log            = '/var/log/puppetlabs/puppetdb'
-  $pt_puppetdb_var_dir        = '/opt/puppetlabs/server/data/puppetdb'
+  $pt_puppetdb_main                 = '/etc/puppetlabs/puppetdb'
+  $pt_puppetdb_conf_d               = "${pt_puppetdb_main}/conf.d"
+  $pt_puppetdb_ssl                  = "${pt_puppetdb_main}/ssl"
+  $pt_puppetdb_log                  = '/var/log/puppetlabs/puppetdb'
+  $pt_puppetdb_var_dir              = '/opt/puppetlabs/server/data/puppetdb'

 # files
 ## puppet
-  $pt_puppet_conf_file        = "${pt_puppetdir}/puppet.conf"
-  $pt_puppet_conf_erb         = 'puppet_cd/puppet.conf.erb'
-  $pt_agent_conf_erb          = 'puppet_cd/agent.conf.erb'
-  $pt_hiera_config            = "${pt_puppetdir}/hiera.yaml"
+  $pt_puppet_conf_file              = "${pt_puppetdir}/puppet.conf"
+  $pt_puppet_conf_erb               = 'puppet_cd/puppet.conf.erb'
+  $pt_agent_conf_erb                = 'puppet_cd/agent.conf.erb'
+  $pt_hiera_config                  = "${pt_puppetdir}/hiera.yaml"
 ## puppetdb
-  $pt_bootstrap_conf        = "${pt_puppetdb_main}/bootstrap.cfg"
-  $pt_bootstrap_erb         = 'cd_puppet/puppetdb/bootstrap.cfg.erb'
-  $pt_puppetdb_access_log   = "${pt_puppetdb_log}/puppetdb-access"
-  $pt_request_logging_conf  = "${pt_puppetdb_main}/request-logging.xml"
-  $pt_request_logging_erb   = 'cd_puppet/puppetdb/request_logging.xml.erb'
-  $pt_logback_conf          = "${pt_puppetdb_main}/logback.xml"
-  $pt_logback_erb           = 'cd_puppet/puppetdb/logback.xml.erb'
-  $pt_puppetdb_config_ini   = "${pt_puppetdb_conf_d}/config.ini"
-  $pt_puppetdb_config_erb   = 'cd_puppet/puppetdb/config.ini.erb'
-  $pt_puppetdb_database_ini = "${pt_puppetdb_conf_d}/database.ini"
-  $pt_puppetdb_database_erb = 'cd_puppet/puppetdb/database.ini.erb'
-  $pt_puppetdb_jetty_ini    = "${pt_puppetdb_conf_d}/jetty.ini"
-  $pt_puppetdb_jetty_erb    = 'cd_puppet/puppetdb/jetty.ini.erb'
-  $pt_puppetdb_conf_file    = "${pt_puppetdir}/puppetdb.conf"
-  $pt_puppetdb_conf_erb     = 'cd_puppet/puppetdb/puppetdb.conf.erb'
-  $pt_puppetdb_repl_ini     = "${pt_puppetdb_conf_d}/repl.ini"
-  $pt_puppetdb_repl_erb     = 'cd_puppet/puppetdb/repl.ini.erb'
+  $pt_bootstrap_conf                = "${pt_puppetdb_main}/bootstrap.cfg"
+  $pt_bootstrap_erb                 = 'cd_puppet/puppetdb/bootstrap.cfg.erb'
+  $pt_puppetdb_access_log           = "${pt_puppetdb_log}/puppetdb-access"
+  $pt_request_logging_conf          = "${pt_puppetdb_main}/request-logging.xml"
+  $pt_request_logging_erb           = 'cd_puppet/puppetdb/request_logging.xml.erb'
+  $pt_logback_conf                  = "${pt_puppetdb_main}/logback.xml"
+  $pt_logback_erb                   = 'cd_puppet/puppetdb/logback.xml.erb'
+  $pt_puppetdb_config_ini           = "${pt_puppetdb_conf_d}/config.ini"
+  $pt_puppetdb_config_erb           = 'cd_puppet/puppetdb/config.ini.erb'
+  $pt_puppetdb_database_ini         = "${pt_puppetdb_conf_d}/database.ini"
+  $pt_puppetdb_database_erb         = 'cd_puppet/puppetdb/database.ini.erb'
+  $pt_puppetdb_jetty_ini            = "${pt_puppetdb_conf_d}/jetty.ini"
+  $pt_puppetdb_jetty_erb            = 'cd_puppet/puppetdb/jetty.ini.erb'
+  $pt_puppetdb_conf_file            = "${pt_puppetdir}/puppetdb.conf"
+  $pt_puppetdb_conf_erb             = 'cd_puppet/puppetdb/puppetdb.conf.erb'
+  $pt_puppetdb_repl_ini             = "${pt_puppetdb_conf_d}/repl.ini"
+  $pt_puppetdb_repl_erb             = 'cd_puppet/puppetdb/repl.ini.erb'

 # service
-  $pt_server_service          = 'puppetserver'
-  $pt_agent_service           = 'puppet'
-  $pt_db_service              = 'puppetdb'
+  $pt_server_service                = 'puppetserver'
+  $pt_agent_service                 = 'puppet'
+  $pt_db_service                    = 'puppetdb'

 #
  # includes must be last
--- a/manifests/puppetdb/dirs.pp
+++ b/manifests/puppetdb/dirs.pp
@@ -0,0 +1,64 @@
+## puppet_cd::puppetdb::dirs.pp
+# Module name: puppet_cd
+# Author: Arne Teuke (arne_teuke@confdroid)
+# @summary  Class manages puppetdb directories
+###############################################################################
+class puppet_cd::puppetdb::dirs (
+
+) inherits puppet_cd::params {
+  if ($fqdn == $pt_puppetdb_server) and ($pt_use_puppetdb == true) {
+    require puppet_cd::main::install
+
+    # main directory
+    file { $pt_puppetdb_main:
+      ensure   => directory,
+      path     => $pt_puppetdb_main,
+      owner    => $pt_puppetdb_user,
+      group    => $pt_puppetdb_user,
+      mode     => '0750',
+      selrange => s0,
+      selrole  => object_r,
+      seltype  => etc_t,
+      seluser  => system_u,
+    }
+
+    # conf.d directory
+    file { $pt_puppetdb_conf_d:
+      ensure   => directory,
+      path     => $pt_puppetdb_conf_d,
+      owner    => $pt_puppetdb_user,
+      group    => $pt_puppetdb_user,
+      mode     => '0750',
+      selrange => s0,
+      selrole  => object_r,
+      seltype  => etc_t,
+      seluser  => system_u,
+    }
+
+    # ssl directory
+    file { $pt_puppetdb_ssl:
+      ensure   => directory,
+      path     => $pt_puppetdb_ssl,
+      owner    => $pt_puppetdb_user,
+      group    => $pt_puppetdb_user,
+      mode     => '0750',
+      selrange => s0,
+      selrole  => object_r,
+      seltype  => etc_t,
+      seluser  => system_u,
+    }
+
+    # log dir
+    file { $pt_puppetdb_log:
+      ensure   => directory,
+      path     => $pt_puppetdb_log,
+      owner    => $pt_puppetdb_user,
+      group    => $pt_puppetdb_user,
+      mode     => '0700',
+      selrange => s0,
+      selrole  => object_r,
+      seltype  => var_log_t,
+      seluser  => system_u,
+    }
+  }
+}
--- a/manifests/puppetdb/files.pp
+++ b/manifests/puppetdb/files.pp
@@ -0,0 +1,117 @@
+## puppet_cd::puppetdb::files.pp
+# Module name: puppet_cd
+# Author: Arne Teuke (arne_teuke@confdroid)
+# @summary  Class manages puppetdb files
+###############################################################################
+class puppet_cd::puppetdb::files (
+
+) inherits puppet_cd::params {
+  if ($fqdn == $pt_puppetdb_server) and ($pt_use_puppetdb == true) {
+    require puppet_cd::puppetdb::dirs
+
+    # bootstrap.cfg
+    file { $pt_bootstrap_conf:
+      ensure   => file,
+      path     => $pt_bootstrap_conf,
+      owner    => 'root',
+      group    => 'root',
+      mode     => '0644',
+      selrange => s0,
+      selrole  => object_r,
+      seltype  => puppet_etc_t,
+      seluser  => system_u,
+      content  => template($pt_bootstrap_erb),
+      notify   => Service[$pt_puppetdb],
+    }
+
+    # requestlogging.xml
+    file { $pt_request_logging_conf:
+      ensure   => file,
+      path     => $pt_request_logging_conf,
+      owner    => 'root',
+      group    => 'root',
+      mode     => '0644',
+      selrange => s0,
+      selrole  => object_r,
+      seltype  => puppet_etc_t,
+      seluser  => system_u,
+      content  => template($pt_request_logging_erb),
+      notify   => Service[$pt_puppetdb],
+    }
+
+    # logback.xml
+    file { $pt_logback_conf:
+      ensure   => file,
+      path     => $pt_logback_conf,
+      owner    => 'root',
+      group    => 'root',
+      mode     => '0644',
+      selrange => s0,
+      selrole  => object_r,
+      seltype  => puppet_etc_t,
+      seluser  => system_u,
+      content  => template($pt_logback_erb),
+      notify   => Service[$pt_puppetdb],
+    }
+
+    # config.ini
+    file { $pt_puppetdb_config_ini:
+      ensure   => file,
+      path     => $pt_puppetdb_config_ini,
+      owner    => $pt_puppetdb_user,
+      group    => $pt_puppetdb_user,
+      mode     => '0640',
+      selrange => s0,
+      selrole  => object_r,
+      seltype  => puppet_etc_t,
+      seluser  => system_u,
+      content  => template($pt_puppetdb_config_erb),
+      notify   => Service[$pt_puppetdb],
+    }
+
+    # database.ini
+    file { $pt_puppetdb_database_ini:
+      ensure   => file,
+      path     => $pt_puppetdb_database_ini,
+      owner    => $pt_puppetdb_user,
+      group    => $pt_puppetdb_user,
+      mode     => '0640',
+      selrange => s0,
+      selrole  => object_r,
+      seltype  => puppet_etc_t,
+      seluser  => system_u,
+      content  => template($pt_puppetdb_database_erb),
+      notify   => Service[$pt_puppetdb],
+    }
+
+    # jetty.ini
+    file { $pt_puppetdb_jetty_ini :
+      ensure   => file,
+      path     => $pt_puppetdb_jetty_ini ,
+      owner    => $pt_puppetdb_user,
+      group    => $pt_puppetdb_user,
+      mode     => '0640',
+      selrange => s0,
+      selrole  => object_r,
+      seltype  => puppet_etc_t,
+      seluser  => system_u,
+      content  => template($pt_puppetdb_jetty_erb),
+      notify   => Service[$pt_puppetdb],
+    }
+
+    # repl.ini
+    file { $pt_puppetdb_repl_ini:
+      ensure   => file,
+      path     => $pt_puppetdb_repl_ini,
+      owner    => $pt_puppetdb_user,
+      group    => $pt_puppetdb_user,
+      mode     => '0640',
+      selrange => s0,
+      selrole  => object_r,
+      seltype  => puppet_etc_t,
+      seluser  => system_u,
+      content  => template($pt_puppetdb_repl_erb),
+      notify   => Service[$pt_puppetdb],
+    }
+  }
+}
--- a/manifests/puppetdb/service.pp
+++ b/manifests/puppetdb/service.pp
@@ -0,0 +1,19 @@
+## puppet_cd::puppetdb::service.pp
+# Module name: puppet_cd
+# Author: Arne Teuke (arne_teuke@confdroid)
+# @summary  Class manages puppetdb service
+###############################################################################
+class puppet_cd::puppetdb::service (
+
+) inherits puppet_cd::params {
+  if ($fqdn == $pt_puppetdb_server) and ($pt_use_puppetdb == true) {
+    require puppet_cd::puppetdb::files
+
+    service { $pt_puppetdb:
+      ensure     => running,
+      hasstatus  => true,
+      hasrestart => true,
+      enable     => true,
+    }
+  }
+}