Attention: Never use this puppet module on systems which have been previously configured manually. It is impossible to predict how and what would have been configured, hence previous configurations outside the scope of this module may be overwritten! Automated configurations require a test environment to verify that the module suits the purpose intended by the user, as well as tune the parameters, before deploying into live production
if the host FQDN matches your specified Puppet master via $pt_pm_fqdn, it installs and configures a puppetmaster. On your puppetmaster, If you set $pt_use_r10kto true, it also installs r10k to connect to a control repo and manage the code available to clients via Puppetfile. If you set $pt_use_r10k_webhookto true, it also installs a simple webhook listener to watch for post_hooks from gitlab, and triggers the r10k deployment.
if the host FQDN matches your specified Puppet master via $pt_pm_fqdn, it installs and configures a puppetmaster ready for serving with Foreman as ENC ( Foreman not yet included).
open firewall ports depending on fqdn choices
-start services as required
-manage directories
+Any other system becomes a puppet agent.
+install r10k service on your puppetmaster. If you set $pt_use_r10kto true, it also installs r10k to connect to a control repo and manage the code available to clients via Puppetfile.
installs a webhook listener If you set $pt_use_r10k_webhookto true, it also installs a simple webhook listener to watch for post_hooks from gitlab, and triggers the r10k deployment.
to do
install node.rb from the foreman for puppetdb
+open firewall ports depending on choices above
+manage directories and required files including permissions and selinux context (todo)
manage puppet user settings (optional)
+start services as required
Attention: Never use this puppet module on systems which have been previously configured manually. It is impossible to predict how and what would have been configured, hence previous configurations outside the scope of this module may be overwritten! Automated configurations require a test environment to verify that the module suits the purpose intended by the user, as well as tune the parameters, before deploying into live production
if the host FQDN matches your specified Puppet master via $pt_pm_fqdn, it installs and configures a puppetmaster. On your puppetmaster, If you set $pt_use_r10kto true, it also installs r10k to connect to a control repo and manage the code available to clients via Puppetfile. If you set $pt_use_r10k_webhookto true, it also installs a simple webhook listener to watch for post_hooks from gitlab, and triggers the r10k deployment.
if the host FQDN matches your specified Puppet master via $pt_pm_fqdn, it installs and configures a puppetmaster ready for serving with Foreman as ENC ( Foreman not yet included).
open firewall ports depending on fqdn choices
-start services as required
-manage directories
+Any other system becomes a puppet agent.
+install r10k service on your puppetmaster. If you set $pt_use_r10kto true, it also installs r10k to connect to a control repo and manage the code available to clients via Puppetfile.
installs a webhook listener If you set $pt_use_r10k_webhookto true, it also installs a simple webhook listener to watch for post_hooks from gitlab, and triggers the r10k deployment.
to do
install node.rb from the foreman for puppetdb
+open firewall ports depending on choices above
+manage directories and required files including permissions and selinux context (todo)
manage puppet user settings (optional)
+start services as required
# File 'manifests/firewall/iptables.pp', line 6
@@ -152,6 +159,13 @@ class puppet_cd::firewall::iptables (
}
}
}
+ if ($pt_puppetdb_fqdn == $fqdn) and ($pt_use_puppetdb == true) {
+ firewall { "3${pt_https_port} open port ${pt_https_port}":
+ proto => 'tcp',
+ dport => $pt_https_port,
+ jump => 'accept',
+ }
+ }
}
the puppet user
-the user comment
-the user home
-the user shell
-whether to manage the puppet user
-the url for the database connection
+the username for the database connection
+the password for the database connection
+How often (in minutes) to compact the database
+Port to listen on for clear-text HTTP.
+Port to listen on for HTTPs connections.
+IP address to listen on for HTTPS connections
+toggle the remote repl true false
+What port the REPL should listen on
+IP address to listen on
+-59 -60 -61 -62 -63 64 65 66 @@ -1152,10 +1222,19 @@ 172 173 174 -175+175 +176 +177 +178 +179 +180 +181 +182 +183 +184
# File 'manifests/params.pp', line 59
+ # File 'manifests/params.pp', line 64
class puppet_cd::params (
@@ -1168,18 +1247,10 @@ class puppet_cd::params (
String $pt_pkg_ensure = 'present',
String $pt_agent_pkg = 'puppet-agent',
String $pt_server_pkg = 'puppetserver',
- String $pt_puppetdb_pkg = 'puppetdb-termini',
+ Array $pt_puppetdb_pkg = ['puppetdb-termini', 'puppetdb'],
Array $pt_r10k_pkg = ['ruby','ruby-devel','rubygems','gcc','make'],
Array $pt_r10k_webhook_pkg = ['webrick', 'r10k_gitlab_webhook'],
- # user settings
- ## puppet user
- Boolean $pt_manage_user = false,
- String $pt_user = 'puppet',
- String $pt_user_comment = 'puppetserver daemon',
- String $pt_user_home = '/opt/puppetlabs/server/data/puppetserver',
- String $pt_user_shell = '/sbin/nologin',
-
# templates
## puppet
String $pt_environment = 'production',
@@ -1213,6 +1284,18 @@ class puppet_cd::params (
# puppetdb
String $pt_ssl_port = '8081',
Boolean $pt_soft_write_failure = false,
+ String $pt_db_subname = '//localhost:5432/puppetdb',
+ String $pt_db_username = 'foobar',
+ String $pt_db_password = 'foobar',
+ String $pt_gc_interval = '60',
+ ## jetty
+ String $pt_http_port = '8080',
+ String $pt_https_port = '8081',
+ String $pt_ssl_host = '0.0.0.0',
+ ## repl
+ Boolean $pt_repl_on = false,
+ String $pt_repl_port = '8082',
+ String $pt_repl_host = '127.0.0.1',
# r10k
Boolean $pt_use_r10k = false,
diff --git a/doc/puppet_classes/puppet_cd_3A_3Aserver_3A_3Aservice.html b/doc/puppet_classes/puppet_cd_3A_3Aserver_3A_3Aservice.html
index 6fa6039..c1af0f2 100644
--- a/doc/puppet_classes/puppet_cd_3A_3Aserver_3A_3Aservice.html
+++ b/doc/puppet_classes/puppet_cd_3A_3Aserver_3A_3Aservice.html
@@ -137,7 +137,17 @@
39
40
41
-42
+42
+43
+44
+45
+46
+47
+48
+49
+50
+51
+52
# File 'manifests/server/service.pp', line 6
@@ -158,7 +168,6 @@ class puppet_cd::server::service (
# manage puppet server service
if $fqdn == $pt_pm_fqdn {
require puppet_cd::firewall::iptables
- require puppet_cd::main::user
service { $pt_server_service:
ensure => running,
@@ -166,12 +175,23 @@ class puppet_cd::server::service (
hasrestart => true,
enable => true,
}
+ # manage webhook service
+ if $pt_use_r10k_webhook == true {
+ require puppet_cd::r10k::install
+
+ service { $pt_r10k_webhook_service:
+ ensure => running,
+ hasstatus => true,
+ hasrestart => true,
+ enable => true,
+ }
+ }
}
- # manage webhook service
- if $pt_use_r10k_webhook == true {
- require puppet_cd::r10k::install
- service { $pt_r10k_webhook_service:
+ if ($pt_use_puppetdb == true) and ($pt_puppetdb_fqdn == $fqdn) {
+ require puppet_cd::firewall::iptables
+
+ service { $pt_db_service:
ensure => running,
hasstatus => true,
hasrestart => true,