confdroid/puppet_cd
3
0
Fork 0
Code Wiki Activity

add puppetdb section

Browse Source
This commit is contained in:
Arne Teuke
2025-03-10 13:21:44 +01:00
parent bacdb0d808
commit 01441653e7
14 changed files with 454 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
.vscode/settings.json vendored Normal file
View File

@@ -0,0 +1,11 @@
{
"cSpell.words": [
"appender",
"kahadb",
"logappender",
"requestlogging",
"springframework",
"Supress",
"trapperkeeper"
]
}

4
manifests/main/config.pp
View File

@@ -7,4 +7,8 @@ class puppet_cd::main::config (
) inherits puppet_cd::params { ) inherits puppet_cd::params {
include puppet_cd::server::service include puppet_cd::server::service
if $pt_use_puppetdb == true {
include puppet_cd::puppetdb::service
}
} }

106
manifests/params.pp
View File

@@ -54,7 +54,29 @@
# @param [string] pt_parser which parser version to use # @param [string] pt_parser which parser version to use
# @param [boolean] pt_cert_revocation whether to check for cert revocations # @param [boolean] pt_cert_revocation whether to check for cert revocations
# @param [string] pt_logging_max_file_size max file size for puppetdb logging # @param [string] pt_logging_max_file_size max file size for puppetdb logging
# # @param [string] pt_logging_max_history max logging history
# @param [string] pt_logging_total_size total size of logging file
# @param [string] pt_com_proc_threads number of processing threads
# @param [string] pt_concurrent_writes max concurrent writes
# @param [string] pt_db_subname the db name
# @param [string] pt_db_username the db username
# @param [string] pt_db_password the db password
# @param [string] pt_gc_interval garbage collection interval (Java)
# @param [string] pt_log_slow_statements number of seconds before an SQL query
# is considered "slow."
# @param [string] pt_puppetdb_source_lan the source lan for puppetdb clients
# @param [boolean] pt_soft_write_failure allows the PuppetDB-termini to fail
# softly if PuppetDB is not accessible for command submission.
# @param [string] pt_no_ssl_host ip range for non-ssl hosts
# @param [string] pt_ssl_host ip range for SSL hosts
# @param [string] pt_ssl_key location of the private key
# @param [string] pt_ssl_cert location of the ssl cert
# @param [string] pt_ssl_ca_cert location of the ssl ca cert
# @param [boolean] pt_log_access whether to configure log access
# @param [string] pt_access_log_config the location of the access log config
# @param [boolean] pt_enable_repl whether to allow puppetdb replication
# @param [string] pt_repl_port the replication port
# @param [string] pt_repl_host the replication host
############################################################################### ###############################################################################
class puppet_cd::params ( class puppet_cd::params (
@@ -130,7 +152,7 @@ class puppet_cd::params (
String $pt_no_ssl_host = '0.0.0.0', String $pt_no_ssl_host = '0.0.0.0',
String $pt_ssl_host = '0.0.0.0', String $pt_ssl_host = '0.0.0.0',
String $pt_ssl_key = '/etc/puppetlabs/puppetdb/ssl/private.pem', String $pt_ssl_key = '/etc/puppetlabs/puppetdb/ssl/private.pem',
String $pt_ssh_cert = '/etc/puppetlabs/puppetdb/ssl/public.pem', String $pt_ssl_cert = '/etc/puppetlabs/puppetdb/ssl/public.pem',
String $pt_ssl_ca_cert = '/etc/puppetlabs/puppetdb/ssl/ca.pem', String $pt_ssl_ca_cert = '/etc/puppetlabs/puppetdb/ssl/ca.pem',
Boolean $pt_log_access = false, Boolean $pt_log_access = false,
String $pt_access_log_config = '/etc/puppetlabs/puppetdb/request-logging.xml', String $pt_access_log_config = '/etc/puppetlabs/puppetdb/request-logging.xml',
@@ -139,56 +161,56 @@ class puppet_cd::params (
String $pt_repl_host = '127.0.0.1', String $pt_repl_host = '127.0.0.1',
) { ) {
$fqdn = $facts['networking']['fqdn'] $fqdn = $facts['networking']['fqdn']
# directories # directories
## puppet ## puppet
$pt_main_dir = '/etc/puppetlabs' $pt_main_dir = '/etc/puppetlabs'
$pt_puppetdir = "${pt_main_dir}/puppet" $pt_puppetdir = "${pt_main_dir}/puppet"
$pt_code_dir = "${pt_main_dir}/code" $pt_code_dir = "${pt_main_dir}/code"
$pt_environmentspath = "${pt_code_dir}/environments" $pt_environmentspath = "${pt_code_dir}/environments"
$pt_ssldir = "${pt_puppetdir}/ssl" $pt_ssldir = "${pt_puppetdir}/ssl"
$pt_privatekeydir = "${pt_ssldir}/private_keys" $pt_privatekeydir = "${pt_ssldir}/private_keys"
$pt_rundir = '/var/run/puppetlabs' $pt_rundir = '/var/run/puppetlabs'
$pt_rundir_master = '/var/run/puppetlabs/puppetserver' $pt_rundir_master = '/var/run/puppetlabs/puppetserver'
$pt_vardir = '/opt/puppetlabs/puppet/cache' $pt_vardir = '/opt/puppetlabs/puppet/cache'
$pt_vardir_master = '/opt/puppetlabs/server/data/puppetserver' $pt_vardir_master = '/opt/puppetlabs/server/data/puppetserver'
## puppetdb ## puppetdb
$pt_puppetdb_main = '/etc/puppetlabs/puppetdb' $pt_puppetdb_main = '/etc/puppetlabs/puppetdb'
$pt_puppetdb_conf_d = "${pt_puppetdb_main}/conf.d" $pt_puppetdb_conf_d = "${pt_puppetdb_main}/conf.d"
$pt_puppetdb_ssl = "${pt_puppetdb_main}/ssl" $pt_puppetdb_ssl = "${pt_puppetdb_main}/ssl"
$pt_puppetdb_log = '/var/log/puppetlabs/puppetdb' $pt_puppetdb_log = '/var/log/puppetlabs/puppetdb'
$pt_puppetdb_var_dir = '/opt/puppetlabs/server/data/puppetdb' $pt_puppetdb_var_dir = '/opt/puppetlabs/server/data/puppetdb'
# files # files
## puppet ## puppet
$pt_puppet_conf_file = "${pt_puppetdir}/puppet.conf" $pt_puppet_conf_file = "${pt_puppetdir}/puppet.conf"
$pt_puppet_conf_erb = 'puppet_cd/puppet.conf.erb' $pt_puppet_conf_erb = 'puppet_cd/puppet.conf.erb'
$pt_agent_conf_erb = 'puppet_cd/agent.conf.erb' $pt_agent_conf_erb = 'puppet_cd/agent.conf.erb'
$pt_hiera_config = "${pt_puppetdir}/hiera.yaml" $pt_hiera_config = "${pt_puppetdir}/hiera.yaml"
## puppetdb ## puppetdb
$pt_bootstrap_conf = "${pt_puppetdb_main}/bootstrap.cfg" $pt_bootstrap_conf = "${pt_puppetdb_main}/bootstrap.cfg"
$pt_bootstrap_erb = 'cd_puppet/puppetdb/bootstrap.cfg.erb' $pt_bootstrap_erb = 'cd_puppet/puppetdb/bootstrap.cfg.erb'
$pt_puppetdb_access_log = "${pt_puppetdb_log}/puppetdb-access" $pt_puppetdb_access_log = "${pt_puppetdb_log}/puppetdb-access"
$pt_request_logging_conf = "${pt_puppetdb_main}/request-logging.xml" $pt_request_logging_conf = "${pt_puppetdb_main}/request-logging.xml"
$pt_request_logging_erb = 'cd_puppet/puppetdb/request_logging.xml.erb' $pt_request_logging_erb = 'cd_puppet/puppetdb/request_logging.xml.erb'
$pt_logback_conf = "${pt_puppetdb_main}/logback.xml" $pt_logback_conf = "${pt_puppetdb_main}/logback.xml"
$pt_logback_erb = 'cd_puppet/puppetdb/logback.xml.erb' $pt_logback_erb = 'cd_puppet/puppetdb/logback.xml.erb'
$pt_puppetdb_config_ini = "${pt_puppetdb_conf_d}/config.ini" $pt_puppetdb_config_ini = "${pt_puppetdb_conf_d}/config.ini"
$pt_puppetdb_config_erb = 'cd_puppet/puppetdb/config.ini.erb' $pt_puppetdb_config_erb = 'cd_puppet/puppetdb/config.ini.erb'
$pt_puppetdb_database_ini = "${pt_puppetdb_conf_d}/database.ini" $pt_puppetdb_database_ini = "${pt_puppetdb_conf_d}/database.ini"
$pt_puppetdb_database_erb = 'cd_puppet/puppetdb/database.ini.erb' $pt_puppetdb_database_erb = 'cd_puppet/puppetdb/database.ini.erb'
$pt_puppetdb_jetty_ini = "${pt_puppetdb_conf_d}/jetty.ini" $pt_puppetdb_jetty_ini = "${pt_puppetdb_conf_d}/jetty.ini"
$pt_puppetdb_jetty_erb = 'cd_puppet/puppetdb/jetty.ini.erb' $pt_puppetdb_jetty_erb = 'cd_puppet/puppetdb/jetty.ini.erb'
$pt_puppetdb_conf_file = "${pt_puppetdir}/puppetdb.conf" $pt_puppetdb_conf_file = "${pt_puppetdir}/puppetdb.conf"
$pt_puppetdb_conf_erb = 'cd_puppet/puppetdb/puppetdb.conf.erb' $pt_puppetdb_conf_erb = 'cd_puppet/puppetdb/puppetdb.conf.erb'
$pt_puppetdb_repl_ini = "${pt_puppetdb_conf_d}/repl.ini" $pt_puppetdb_repl_ini = "${pt_puppetdb_conf_d}/repl.ini"
$pt_puppetdb_repl_erb = 'cd_puppet/puppetdb/repl.ini.erb' $pt_puppetdb_repl_erb = 'cd_puppet/puppetdb/repl.ini.erb'
# service # service
$pt_server_service = 'puppetserver' $pt_server_service = 'puppetserver'
$pt_agent_service = 'puppet' $pt_agent_service = 'puppet'
$pt_db_service = 'puppetdb' $pt_db_service = 'puppetdb'
# #
# includes must be last # includes must be last

64
manifests/puppetdb/dirs.pp Normal file
View File

@@ -0,0 +1,64 @@
## puppet_cd::puppetdb::dirs.pp
# Module name: puppet_cd
# Author: Arne Teuke (arne_teuke@confdroid)
# @summary Class manages puppetdb directories
###############################################################################
class puppet_cd::puppetdb::dirs (
) inherits puppet_cd::params {
if ($fqdn == $pt_puppetdb_server) and ($pt_use_puppetdb == true) {
require puppet_cd::main::install
# main directory
file { $pt_puppetdb_main:
ensure => directory,
path => $pt_puppetdb_main,
owner => $pt_puppetdb_user,
group => $pt_puppetdb_user,
mode => '0750',
selrange => s0,
selrole => object_r,
seltype => etc_t,
seluser => system_u,
}
# conf.d directory
file { $pt_puppetdb_conf_d:
ensure => directory,
path => $pt_puppetdb_conf_d,
owner => $pt_puppetdb_user,
group => $pt_puppetdb_user,
mode => '0750',
selrange => s0,
selrole => object_r,
seltype => etc_t,
seluser => system_u,
}
# ssl directory
file { $pt_puppetdb_ssl:
ensure => directory,
path => $pt_puppetdb_ssl,
owner => $pt_puppetdb_user,
group => $pt_puppetdb_user,
mode => '0750',
selrange => s0,
selrole => object_r,
seltype => etc_t,
seluser => system_u,
}
# log dir
file { $pt_puppetdb_log:
ensure => directory,
path => $pt_puppetdb_log,
owner => $pt_puppetdb_user,
group => $pt_puppetdb_user,
mode => '0700',
selrange => s0,
selrole => object_r,
seltype => var_log_t,
seluser => system_u,
}
}
}

117
manifests/puppetdb/files.pp Normal file
View File

@@ -0,0 +1,117 @@
## puppet_cd::puppetdb::files.pp
# Module name: puppet_cd
# Author: Arne Teuke (arne_teuke@confdroid)
# @summary Class manages puppetdb files
###############################################################################
class puppet_cd::puppetdb::files (
) inherits puppet_cd::params {
if ($fqdn == $pt_puppetdb_server) and ($pt_use_puppetdb == true) {
require puppet_cd::puppetdb::dirs
# bootstrap.cfg
file { $pt_bootstrap_conf:
ensure => file,
path => $pt_bootstrap_conf,
owner => 'root',
group => 'root',
mode => '0644',
selrange => s0,
selrole => object_r,
seltype => puppet_etc_t,
seluser => system_u,
content => template($pt_bootstrap_erb),
notify => Service[$pt_puppetdb],
}
# requestlogging.xml
file { $pt_request_logging_conf:
ensure => file,
path => $pt_request_logging_conf,
owner => 'root',
group => 'root',
mode => '0644',
selrange => s0,
selrole => object_r,
seltype => puppet_etc_t,
seluser => system_u,
content => template($pt_request_logging_erb),
notify => Service[$pt_puppetdb],
}
# logback.xml
file { $pt_logback_conf:
ensure => file,
path => $pt_logback_conf,
owner => 'root',
group => 'root',
mode => '0644',
selrange => s0,
selrole => object_r,
seltype => puppet_etc_t,
seluser => system_u,
content => template($pt_logback_erb),
notify => Service[$pt_puppetdb],
}
# config.ini
file { $pt_puppetdb_config_ini:
ensure => file,
path => $pt_puppetdb_config_ini,
owner => $pt_puppetdb_user,
group => $pt_puppetdb_user,
mode => '0640',
selrange => s0,
selrole => object_r,
seltype => puppet_etc_t,
seluser => system_u,
content => template($pt_puppetdb_config_erb),
notify => Service[$pt_puppetdb],
}
# database.ini
file { $pt_puppetdb_database_ini:
ensure => file,
path => $pt_puppetdb_database_ini,
owner => $pt_puppetdb_user,
group => $pt_puppetdb_user,
mode => '0640',
selrange => s0,
selrole => object_r,
seltype => puppet_etc_t,
seluser => system_u,
content => template($pt_puppetdb_database_erb),
notify => Service[$pt_puppetdb],
}
# jetty.ini
file { $pt_puppetdb_jetty_ini :
ensure => file,
path => $pt_puppetdb_jetty_ini ,
owner => $pt_puppetdb_user,
group => $pt_puppetdb_user,
mode => '0640',
selrange => s0,
selrole => object_r,
seltype => puppet_etc_t,
seluser => system_u,
content => template($pt_puppetdb_jetty_erb),
notify => Service[$pt_puppetdb],
}
# repl.ini
file { $pt_puppetdb_repl_ini:
ensure => file,
path => $pt_puppetdb_repl_ini,
owner => $pt_puppetdb_user,
group => $pt_puppetdb_user,
mode => '0640',
selrange => s0,
selrole => object_r,
seltype => puppet_etc_t,
seluser => system_u,
content => template($pt_puppetdb_repl_erb),
notify => Service[$pt_puppetdb],
}
}
}

19
manifests/puppetdb/service.pp Normal file
View File

@@ -0,0 +1,19 @@
## puppet_cd::puppetdb::service.pp
# Module name: puppet_cd
# Author: Arne Teuke (arne_teuke@confdroid)
# @summary Class manages puppetdb service
###############################################################################
class puppet_cd::puppetdb::service (
) inherits puppet_cd::params {
if ($fqdn == $pt_puppetdb_server) and ($pt_use_puppetdb == true) {
require puppet_cd::puppetdb::files
service { $pt_puppetdb:
ensure => running,
hasstatus => true,
hasrestart => true,
enable => true,
}
}
}

32
templates/puppetdb/bootstrap.cfg.erb Normal file
View File

@@ -0,0 +1,32 @@
###############################################################################
########## bootstrap.cfg managed by puppet agent ##########
###############################################################################
# This file is used by the application framework (trapperkeeper) to
# determine what services should be loaded at boot time.
# For more info, see:
# https://github.com/puppetlabs/trapperkeeper/wiki/Bootstrapping
# Web Server
puppetlabs.trapperkeeper.services.webserver.jetty9-service/jetty9-service
# Webrouting
puppetlabs.trapperkeeper.services.webrouting.webrouting-service/webrouting-service
# TK status
puppetlabs.trapperkeeper.services.metrics.metrics-service/metrics-webservice
puppetlabs.trapperkeeper.services.status.status-service/status-service
puppetlabs.trapperkeeper.services.scheduler.scheduler-service/scheduler-service
# PuppetDB Services
puppetlabs.puppetdb.cli.services/puppetdb-service
puppetlabs.puppetdb.command/command-service
puppetlabs.puppetdb.pdb-routing/maint-mode-service
puppetlabs.puppetdb.pdb-routing/pdb-routing-service
puppetlabs.puppetdb.config/config-service
# NREPL
puppetlabs.trapperkeeper.services.nrepl.nrepl-service/nrepl-service
# Dashboard redirect: remove to disable
puppetlabs.puppetdb.dashboard/dashboard-redirect-service

11
templates/puppetdb/config.ini.erb Normal file
View File

@@ -0,0 +1,11 @@
###############################################################################
########## config.ini managed by puppet agent ##########
###############################################################################
[global]
vardir = <%= @pt_puppetdb_var_dir %>
logging-config = <%= @pt_logback_conf %>
[command-processing]
threads = <%= @pt_com_proc_threads %>
concurrent-writes = <%= @pt_concurrent_writes %>

10
templates/puppetdb/database.ini.erb Normal file
View File

@@ -0,0 +1,10 @@
###############################################################################
########## database.ini managed by puppet agent ##########
###############################################################################
[database]
subname = <%= @pt_db_subname %>
username = <%= @pt_db_username %>
password = <%= @pt_db_password %>
gc-interval = <%= @pt_gc_interval %>

31
templates/puppetdb/jetty.ini.erb Normal file
View File

@@ -0,0 +1,31 @@
###############################################################################
########## jetty.ini managed by puppet agent ##########
###############################################################################
[jetty]
<% if @pt_use_ssl_only != true %>
host = <%= @pt_no_ssl_host %>
port = <%= @pt_no_ssl_port %>
# ssl
ssl-host = <%= @pt_ssl_host %>
ssl-port = <%= @pt_ssl_port %>
ssl-key = <%= @pt_ssl_key %>
ssl-cert = <%= @pt_ssl_cert %>
ssl-ca-cert = <%= @pt_ssl_ca_cert %>
<% if @pt_log_access == true %>
access-log-config = <%= @pt_access_log_config %>
<% end end %>
<% if @pt_use_ssl_only == true %>
ssl-host = <%= @pt_ssl_host %>
ssl-port = <%= @pt_ssl_port %>
ssl-key = <%= @pt_ssl_key %>
ssl-cert = <%= @pt_ssl_cert %>
ssl-ca-cert = <%= @pt_ssl_ca_cert %>
<% if @pt_log_access == true %>
access-log-config = <%= @pt_access_log_config %>
<% end end %>

59
templates/puppetdb/logback.xml.erb Executable file
View File

@@ -0,0 +1,59 @@
<configuration scan="true">
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
<encoder>
<pattern>%d %-5p [%c{2}] %m%n</pattern>
</encoder>
</appender>
<appender name="F1" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>/var/log/puppetlabs/puppetdb/puppetdb.log</file>
<append>true</append>
<rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
<fileNamePattern>/var/log/puppetlabs/puppetdb/puppetdb-%d{yyyy-MM-dd}.%i.log.gz</fileNamePattern>
<!-- each file should be at most 200MB, keep 90 days worth of history, but at most 1GB total-->
<maxFileSize>200MB</maxFileSize>
<maxHistory>90</maxHistory>
<totalSizeCap>1GB</totalSizeCap>
</rollingPolicy>
<encoder>
<pattern>%d %-5p [%c{2}] %m%n</pattern>
</encoder>
</appender>
<!-- Suppress internal ActiveMQ logging -->
<logger name="org.apache.activemq" level="warn"/>
<!-- Suppress internal Spring Framework logging -->
<logger name="org.springframework.jms.connection" level="warn"/>
<!-- Lower the log level for ActiveMQ KahaDB MessageDatabase -->
<logger name="org.apache.activemq.store.kahadb.MessageDatabase"
level="info"/>
<appender name="STATUS" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>/var/log/puppetlabs/puppetdb/puppetdb-status.log</file>
<append>true</append>
<rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
<!-- rollover daily -->
<fileNamePattern>/var/log/puppetlabs/puppetdb/puppetdb-status-%d{yyyy-MM-dd}.%i.log.gz</fileNamePattern>
<!-- each file should be at most 200MB, keep 90 days worth of history, but at most 1GB total-->
<maxFileSize>200MB</maxFileSize>
<maxHistory>90</maxHistory>
<totalSizeCap>1GB</totalSizeCap>
</rollingPolicy>
<encoder>
<!-- note that this will only log the JSON message (%m) and a newline (%n)-->
<pattern>%m%n</pattern>
</encoder>
</appender>
<!-- without additivity="false", the status log messages will be sent to every other appender as well-->
<logger name="puppetlabs.trapperkeeper.services.status.status-debug-logging" level="debug" additivity="false">
<appender-ref ref="STATUS"/>
</logger>
<root level="info">
<appender-ref ref="${logappender:-DUMMY}" />
<appender-ref ref="F1" />
</root>
</configuration>

4
templates/puppetdb/puppetdb.conf.erb
View File

@@ -3,5 +3,5 @@
############################################################################### ###############################################################################
[main] [main]
server_urls = https://<%= @pt_db_fqdn %>:<%= @pt_ssl_port %> server_urls = https://<%= @pt_puppetdb_server%>:<%= @pt_ssl_port %>
soft_write_failure = <%= @pt_soft_write_failure %> soft_write_failure = <%= @pt_soft_write_failure %>

13
templates/puppetdb/repl.ini.erb Normal file
View File

@@ -0,0 +1,13 @@
###############################################################################
########## repl.ini managed by puppet agent ##########
###############################################################################
[nrepl]
<% if @pt_enable_repl == true %>
enabled = <%= @pt_enable_repl %>
port = <% @pt_repl_port %>
host = <%= @pt_repl_host %>
<% else %>
# REPL is disabled for security reasons and not normally not required.
# To enable it, set `$pt_enable_repl` to `true`.
<% end %>

17
templates/puppetdb/request_logging.xml.erb Normal file
View File

@@ -0,0 +1,17 @@
<configuration debug="false">
<appender name="FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file><%= @pt_puppetdb_access_log %>.log</file>
<append>true</append>
<rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
<fileNamePattern><%= @pt_puppetdb_access_log %>-%d{yyyy-MM-dd}.%i.log.gz</fileNamePattern>
<!-- each file should be at most 200MB, keep 90 days worth of history, but at most 1GB total-->
<maxFileSize><%= @pt_logging_max_file_size %></maxFileSize>
<maxHistory><%= @pt_loging_max_history %></maxHistory>
<totalSizeCap><%= @pt_logging_total_size %></totalSizeCap>
</rollingPolicy>
<encoder>
<pattern>%h %l %u [%t] "%r" %s %b "%i{Referer}" "%i{User-Agent}" %D</pattern>
</encoder>
</appender>
<appender-ref ref="FILE" />
</configuration>