confdroid/puppet_cd
3
0
Fork 0
Code Wiki Activity

add puppetdb section

Browse Source
This commit is contained in:
Arne Teuke
2025-03-10 13:21:44 +01:00
parent bacdb0d808
commit 01441653e7
14 changed files with 454 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
.vscode/settings.json vendored Normal file
View File

@@ -0,0 +1,11 @@
{
"cSpell.words": [
"appender",
"kahadb",
"logappender",
"requestlogging",
"springframework",
"Supress",
"trapperkeeper"
]
}

4
manifests/main/config.pp
View File

@@ -7,4 +7,8 @@ class puppet_cd::main::config (
) inherits puppet_cd::params {
include puppet_cd::server::service
if $pt_use_puppetdb == true {
include puppet_cd::puppetdb::service
}
}

26
manifests/params.pp
View File

@@ -54,7 +54,29 @@
# @param [string] pt_parser which parser version to use
# @param [boolean] pt_cert_revocation whether to check for cert revocations
# @param [string] pt_logging_max_file_size max file size for puppetdb logging
#
# @param [string] pt_logging_max_history max logging history
# @param [string] pt_logging_total_size total size of logging file
# @param [string] pt_com_proc_threads number of processing threads
# @param [string] pt_concurrent_writes max concurrent writes
# @param [string] pt_db_subname the db name
# @param [string] pt_db_username the db username
# @param [string] pt_db_password the db password
# @param [string] pt_gc_interval garbage collection interval (Java)
# @param [string] pt_log_slow_statements number of seconds before an SQL query
# is considered "slow."
# @param [string] pt_puppetdb_source_lan the source lan for puppetdb clients
# @param [boolean] pt_soft_write_failure allows the PuppetDB-termini to fail
# softly if PuppetDB is not accessible for command submission.
# @param [string] pt_no_ssl_host ip range for non-ssl hosts
# @param [string] pt_ssl_host ip range for SSL hosts
# @param [string] pt_ssl_key location of the private key
# @param [string] pt_ssl_cert location of the ssl cert
# @param [string] pt_ssl_ca_cert location of the ssl ca cert
# @param [boolean] pt_log_access whether to configure log access
# @param [string] pt_access_log_config the location of the access log config
# @param [boolean] pt_enable_repl whether to allow puppetdb replication
# @param [string] pt_repl_port the replication port
# @param [string] pt_repl_host the replication host
###############################################################################
class puppet_cd::params (
@@ -130,7 +152,7 @@ class puppet_cd::params (
String $pt_no_ssl_host = '0.0.0.0',
String $pt_ssl_host = '0.0.0.0',
String $pt_ssl_key = '/etc/puppetlabs/puppetdb/ssl/private.pem',
String $pt_ssh_cert = '/etc/puppetlabs/puppetdb/ssl/public.pem',
String $pt_ssl_cert = '/etc/puppetlabs/puppetdb/ssl/public.pem',
String $pt_ssl_ca_cert = '/etc/puppetlabs/puppetdb/ssl/ca.pem',
Boolean $pt_log_access = false,
String $pt_access_log_config = '/etc/puppetlabs/puppetdb/request-logging.xml',

64
manifests/puppetdb/dirs.pp Normal file
View File

@@ -0,0 +1,64 @@
## puppet_cd::puppetdb::dirs.pp
# Module name: puppet_cd
# Author: Arne Teuke (arne_teuke@confdroid)
# @summary Class manages puppetdb directories
###############################################################################
class puppet_cd::puppetdb::dirs (
) inherits puppet_cd::params {
if ($fqdn == $pt_puppetdb_server) and ($pt_use_puppetdb == true) {
require puppet_cd::main::install
# main directory
file { $pt_puppetdb_main:
ensure => directory,
path => $pt_puppetdb_main,
owner => $pt_puppetdb_user,
group => $pt_puppetdb_user,
mode => '0750',
selrange => s0,
selrole => object_r,
seltype => etc_t,
seluser => system_u,
}
# conf.d directory
file { $pt_puppetdb_conf_d:
ensure => directory,
path => $pt_puppetdb_conf_d,
owner => $pt_puppetdb_user,
group => $pt_puppetdb_user,
mode => '0750',
selrange => s0,
selrole => object_r,
seltype => etc_t,
seluser => system_u,
}
# ssl directory
file { $pt_puppetdb_ssl:
ensure => directory,
path => $pt_puppetdb_ssl,
owner => $pt_puppetdb_user,
group => $pt_puppetdb_user,
mode => '0750',
selrange => s0,
selrole => object_r,
seltype => etc_t,
seluser => system_u,
}
# log dir
file { $pt_puppetdb_log:
ensure => directory,
path => $pt_puppetdb_log,
owner => $pt_puppetdb_user,
group => $pt_puppetdb_user,
mode => '0700',
selrange => s0,
selrole => object_r,
seltype => var_log_t,
seluser => system_u,
}
}
}

117
manifests/puppetdb/files.pp Normal file
View File

@@ -0,0 +1,117 @@
## puppet_cd::puppetdb::files.pp
# Module name: puppet_cd
# Author: Arne Teuke (arne_teuke@confdroid)
# @summary Class manages puppetdb files
###############################################################################
class puppet_cd::puppetdb::files (
) inherits puppet_cd::params {
if ($fqdn == $pt_puppetdb_server) and ($pt_use_puppetdb == true) {
require puppet_cd::puppetdb::dirs
# bootstrap.cfg
file { $pt_bootstrap_conf:
ensure => file,
path => $pt_bootstrap_conf,
owner => 'root',
group => 'root',
mode => '0644',
selrange => s0,
selrole => object_r,
seltype => puppet_etc_t,
seluser => system_u,
content => template($pt_bootstrap_erb),
notify => Service[$pt_puppetdb],
}
# requestlogging.xml
file { $pt_request_logging_conf:
ensure => file,
path => $pt_request_logging_conf,
owner => 'root',
group => 'root',
mode => '0644',
selrange => s0,
selrole => object_r,
seltype => puppet_etc_t,
seluser => system_u,
content => template($pt_request_logging_erb),
notify => Service[$pt_puppetdb],
}
# logback.xml
file { $pt_logback_conf:
ensure => file,
path => $pt_logback_conf,
owner => 'root',
group => 'root',
mode => '0644',
selrange => s0,
selrole => object_r,
seltype => puppet_etc_t,
seluser => system_u,
content => template($pt_logback_erb),
notify => Service[$pt_puppetdb],
}
# config.ini
file { $pt_puppetdb_config_ini:
ensure => file,
path => $pt_puppetdb_config_ini,
owner => $pt_puppetdb_user,
group => $pt_puppetdb_user,
mode => '0640',
selrange => s0,
selrole => object_r,
seltype => puppet_etc_t,
seluser => system_u,
content => template($pt_puppetdb_config_erb),
notify => Service[$pt_puppetdb],
}
# database.ini
file { $pt_puppetdb_database_ini:
ensure => file,
path => $pt_puppetdb_database_ini,
owner => $pt_puppetdb_user,
group => $pt_puppetdb_user,
mode => '0640',
selrange => s0,
selrole => object_r,
seltype => puppet_etc_t,
seluser => system_u,
content => template($pt_puppetdb_database_erb),
notify => Service[$pt_puppetdb],
}
# jetty.ini
file { $pt_puppetdb_jetty_ini :
ensure => file,
path => $pt_puppetdb_jetty_ini ,
owner => $pt_puppetdb_user,
group => $pt_puppetdb_user,
mode => '0640',
selrange => s0,
selrole => object_r,
seltype => puppet_etc_t,
seluser => system_u,
content => template($pt_puppetdb_jetty_erb),
notify => Service[$pt_puppetdb],
}
# repl.ini
file { $pt_puppetdb_repl_ini:
ensure => file,
path => $pt_puppetdb_repl_ini,
owner => $pt_puppetdb_user,
group => $pt_puppetdb_user,
mode => '0640',
selrange => s0,
selrole => object_r,
seltype => puppet_etc_t,
seluser => system_u,
content => template($pt_puppetdb_repl_erb),
notify => Service[$pt_puppetdb],
}
}
}

19
manifests/puppetdb/service.pp Normal file
View File

@@ -0,0 +1,19 @@
## puppet_cd::puppetdb::service.pp
# Module name: puppet_cd
# Author: Arne Teuke (arne_teuke@confdroid)
# @summary Class manages puppetdb service
###############################################################################
class puppet_cd::puppetdb::service (
) inherits puppet_cd::params {
if ($fqdn == $pt_puppetdb_server) and ($pt_use_puppetdb == true) {
require puppet_cd::puppetdb::files
service { $pt_puppetdb:
ensure => running,
hasstatus => true,
hasrestart => true,
enable => true,
}
}
}

32
templates/puppetdb/bootstrap.cfg.erb Normal file
View File

@@ -0,0 +1,32 @@
###############################################################################
########## bootstrap.cfg managed by puppet agent ##########
###############################################################################
# This file is used by the application framework (trapperkeeper) to
# determine what services should be loaded at boot time.
# For more info, see:
# https://github.com/puppetlabs/trapperkeeper/wiki/Bootstrapping
# Web Server
puppetlabs.trapperkeeper.services.webserver.jetty9-service/jetty9-service
# Webrouting
puppetlabs.trapperkeeper.services.webrouting.webrouting-service/webrouting-service
# TK status
puppetlabs.trapperkeeper.services.metrics.metrics-service/metrics-webservice
puppetlabs.trapperkeeper.services.status.status-service/status-service
puppetlabs.trapperkeeper.services.scheduler.scheduler-service/scheduler-service
# PuppetDB Services
puppetlabs.puppetdb.cli.services/puppetdb-service
puppetlabs.puppetdb.command/command-service
puppetlabs.puppetdb.pdb-routing/maint-mode-service
puppetlabs.puppetdb.pdb-routing/pdb-routing-service
puppetlabs.puppetdb.config/config-service
# NREPL
puppetlabs.trapperkeeper.services.nrepl.nrepl-service/nrepl-service
# Dashboard redirect: remove to disable
puppetlabs.puppetdb.dashboard/dashboard-redirect-service

11
templates/puppetdb/config.ini.erb Normal file
View File

@@ -0,0 +1,11 @@
###############################################################################
########## config.ini managed by puppet agent ##########
###############################################################################
[global]
vardir = <%= @pt_puppetdb_var_dir %>
logging-config = <%= @pt_logback_conf %>
[command-processing]
threads = <%= @pt_com_proc_threads %>
concurrent-writes = <%= @pt_concurrent_writes %>

10
templates/puppetdb/database.ini.erb Normal file
View File

@@ -0,0 +1,10 @@
###############################################################################
########## database.ini managed by puppet agent ##########
###############################################################################
[database]
subname = <%= @pt_db_subname %>
username = <%= @pt_db_username %>
password = <%= @pt_db_password %>
gc-interval = <%= @pt_gc_interval %>

31
templates/puppetdb/jetty.ini.erb Normal file
View File

@@ -0,0 +1,31 @@
###############################################################################
########## jetty.ini managed by puppet agent ##########
###############################################################################
[jetty]
<% if @pt_use_ssl_only != true %>
host = <%= @pt_no_ssl_host %>
port = <%= @pt_no_ssl_port %>
# ssl
ssl-host = <%= @pt_ssl_host %>
ssl-port = <%= @pt_ssl_port %>
ssl-key = <%= @pt_ssl_key %>
ssl-cert = <%= @pt_ssl_cert %>
ssl-ca-cert = <%= @pt_ssl_ca_cert %>
<% if @pt_log_access == true %>
access-log-config = <%= @pt_access_log_config %>
<% end end %>
<% if @pt_use_ssl_only == true %>
ssl-host = <%= @pt_ssl_host %>
ssl-port = <%= @pt_ssl_port %>
ssl-key = <%= @pt_ssl_key %>
ssl-cert = <%= @pt_ssl_cert %>
ssl-ca-cert = <%= @pt_ssl_ca_cert %>
<% if @pt_log_access == true %>
access-log-config = <%= @pt_access_log_config %>
<% end end %>

59
templates/puppetdb/logback.xml.erb Executable file
View File

@@ -0,0 +1,59 @@
<configuration scan="true">
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
<encoder>
<pattern>%d %-5p [%c{2}] %m%n</pattern>
</encoder>
</appender>
<appender name="F1" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>/var/log/puppetlabs/puppetdb/puppetdb.log</file>
<append>true</append>
<rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
<fileNamePattern>/var/log/puppetlabs/puppetdb/puppetdb-%d{yyyy-MM-dd}.%i.log.gz</fileNamePattern>
<!-- each file should be at most 200MB, keep 90 days worth of history, but at most 1GB total-->
<maxFileSize>200MB</maxFileSize>
<maxHistory>90</maxHistory>
<totalSizeCap>1GB</totalSizeCap>
</rollingPolicy>
<encoder>
<pattern>%d %-5p [%c{2}] %m%n</pattern>
</encoder>
</appender>
<!-- Suppress internal ActiveMQ logging -->
<logger name="org.apache.activemq" level="warn"/>
<!-- Suppress internal Spring Framework logging -->
<logger name="org.springframework.jms.connection" level="warn"/>
<!-- Lower the log level for ActiveMQ KahaDB MessageDatabase -->
<logger name="org.apache.activemq.store.kahadb.MessageDatabase"
level="info"/>
<appender name="STATUS" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>/var/log/puppetlabs/puppetdb/puppetdb-status.log</file>
<append>true</append>
<rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
<!-- rollover daily -->
<fileNamePattern>/var/log/puppetlabs/puppetdb/puppetdb-status-%d{yyyy-MM-dd}.%i.log.gz</fileNamePattern>
<!-- each file should be at most 200MB, keep 90 days worth of history, but at most 1GB total-->
<maxFileSize>200MB</maxFileSize>
<maxHistory>90</maxHistory>
<totalSizeCap>1GB</totalSizeCap>
</rollingPolicy>
<encoder>
<!-- note that this will only log the JSON message (%m) and a newline (%n)-->
<pattern>%m%n</pattern>
</encoder>
</appender>
<!-- without additivity="false", the status log messages will be sent to every other appender as well-->
<logger name="puppetlabs.trapperkeeper.services.status.status-debug-logging" level="debug" additivity="false">
<appender-ref ref="STATUS"/>
</logger>
<root level="info">
<appender-ref ref="${logappender:-DUMMY}" />
<appender-ref ref="F1" />
</root>
</configuration>

2
templates/puppetdb/puppetdb.conf.erb
View File

@@ -3,5 +3,5 @@
###############################################################################
[main]
server_urls = https://<%= @pt_db_fqdn %>:<%= @pt_ssl_port %>
server_urls = https://<%= @pt_puppetdb_server%>:<%= @pt_ssl_port %>
soft_write_failure = <%= @pt_soft_write_failure %>

13
templates/puppetdb/repl.ini.erb Normal file
View File

@@ -0,0 +1,13 @@
###############################################################################
########## repl.ini managed by puppet agent ##########
###############################################################################
[nrepl]
<% if @pt_enable_repl == true %>
enabled = <%= @pt_enable_repl %>
port = <% @pt_repl_port %>
host = <%= @pt_repl_host %>
<% else %>
# REPL is disabled for security reasons and not normally not required.
# To enable it, set `$pt_enable_repl` to `true`.
<% end %>

17
templates/puppetdb/request_logging.xml.erb Normal file
View File

@@ -0,0 +1,17 @@
<configuration debug="false">
<appender name="FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file><%= @pt_puppetdb_access_log %>.log</file>
<append>true</append>
<rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
<fileNamePattern><%= @pt_puppetdb_access_log %>-%d{yyyy-MM-dd}.%i.log.gz</fileNamePattern>
<!-- each file should be at most 200MB, keep 90 days worth of history, but at most 1GB total-->
<maxFileSize><%= @pt_logging_max_file_size %></maxFileSize>
<maxHistory><%= @pt_loging_max_history %></maxHistory>
<totalSizeCap><%= @pt_logging_total_size %></totalSizeCap>
</rollingPolicy>
<encoder>
<pattern>%h %l %u [%t] "%r" %s %b "%i{Referer}" "%i{User-Agent}" %D</pattern>
</encoder>
</appender>
<appender-ref ref="FILE" />
</configuration>