confdroid/puppet_cd
3
0
Fork 0
Code Wiki Activity

remove all references for puppetdb - https://gitlab.confdroid.com/internal/confdroid_management/-/issues/284

Browse Source
This commit is contained in:
Arne Teuke
2025-10-27 15:47:43 +01:00
parent 06d3f02e9f
commit 137c0827cc
18 changed files with 5 additions and 543 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
README.md
View File

@@ -6,7 +6,8 @@
## Synopsis
This Puppet module configures settings for Puppet master and agents, PuppetDB and R10k, the full bundle.
This Puppet module configures settings for Puppet master , agents and R10k, the full bundle. Puppetdb has been outsourced to a [module](https://gitlab.confdroid.com/puppet/puppetdb_cd) on its own, due to complexity
The syntax is specifically for Puppet Core 8 and Rocky 9, although might work elsewhere as well.
This module is also designed to work with External Node Classifiers (ENC), for instance Foreman.
@@ -20,8 +21,6 @@ This module is also designed to work with External Node Classifiers (ENC), for i
On your puppetmaster, If you set `$pt_use_r10k`to `true`, it also installs r10k to connect to a control repo and manage the code available to clients via Puppetfile.
If you set `$pt_use_r10k_webhook`to `true`, it also installs a simple webhook listener to watch for post_hooks from gitlab, and triggers the r10k deployment.
* if the host FQDN matches your specified puppetdb host via `$pt_db_fqdn`, Puppetdb is installed and added to the puppetmaster config. Settings for the (external) postgreSQL database are also configured.
* open firewall ports depending on fqdn choices
* start services as required
* manage directories

4
manifests/main/config.pp
View File

@@ -8,10 +8,6 @@ class puppet_cd::main::config (
) inherits puppet_cd::params {
include puppet_cd::server::service
if $pt_use_puppetdb == true {
include puppet_cd::puppetdb::service
}
if $pt_use_r10k == true {
include puppet_cd::r10k::install
}

23
manifests/main/files.pp
View File

@@ -31,27 +31,4 @@ class puppet_cd::main::files (
notify => Service[$pt_agent_service,$pt_server_service],
}
}
if $pt_use_puppetdb == true {
file { $pt_puppetdb_conf_file:
ensure => file,
path => $pt_puppetdb_conf_file,
owner => 'root',
group => 'root',
mode => '0644',
content => template($pt_puppetdb_conf_erb),
# notify => Service[$pt_agent_service,$pt_server_service],
}
# fix service file syslog vs journald
file { $pt_puppetdb_service_file:
ensure => file,
path => $pt_puppetdb_service_file,
owner => 'root',
group => 'root',
mode => '0644',
content => template($pt_puppetdb_service_erb),
notify => Service[$pt_db_service],
}
}
}

5
manifests/main/install.pp
View File

@@ -15,10 +15,5 @@ class puppet_cd::main::install (
ensure => $pt_pkg_ensure,
}
}
if $fqdn == $pt_db_fqdn {
package { $pt_db_pkg:
ensure => $pt_pkg_ensure,
}
}
}

19
manifests/main/user.pp
View File

@@ -24,23 +24,4 @@ class puppet_cd::main::user (
allowdupe => false,
}
}
if ($fqdn == $pt_db_fqdn) and ($pt_manage_db_user == true) {
user { $pt_db_user:
ensure => present,
name => $pt_db_user,
allowdupe => false,
comment => $pt_db_user_comment,
gid => $pt_db_user,
managehome => true,
home => $pt_db_user_home,
shell => $pt_db_user_shell,
}
group { $pt_db_user:
ensure => present,
name => $pt_db_user,
allowdupe => false,
}
}
}

64
manifests/params.pp
View File

@@ -90,7 +90,6 @@ class puppet_cd::params (
Boolean $pt_manage_fw = true,
String $pt_pm_fqdn = 'puppetmaster.example.net',
String $pt_db_fqdn = 'puppetdb.example.net',
# installation
String $pt_pkg_ensure = 'latest',
@@ -107,12 +106,7 @@ class puppet_cd::params (
String $pt_user_comment = 'puppetserver daemon',
String $pt_user_home = '/opt/puppetlabs/server/data/puppetserver',
String $pt_user_shell = '/sbin/nologin',
## puppetdb user
Boolean $pt_manage_db_user = false,
String $pt_db_user = 'puppetdb',
String $pt_db_user_comment = 'PuppetDB daemon',
String $pt_db_user_home = '/opt/puppetlabs/server/data/puppetdb',
String $pt_db_user_shell = '/sbin/nologin',
# templates
## puppet
String $pt_environment = 'production',
@@ -142,33 +136,6 @@ class puppet_cd::params (
String $pt_storeconfigs_backend = 'puppetdb',
String $pt_parser = 'current',
Boolean $pt_cert_revocation = true,
## puppetdb
Boolean $pt_use_puppetdb = false,
String $pt_logging_max_file_size = '200MB',
String $pt_logging_max_history = '90',
String $pt_logging_total_size = '1GB',
String $pt_com_proc_threads = '4',
String $pt_concurrent_writes = '4',
String $pt_db_subname = '//localhost:5432/puppetdb',
String $pt_db_username = 'foobar',
String $pt_db_password = 'foobar',
String $pt_gc_interval = '60',
String $pt_log_slow_statements = '10',
String $pt_no_ssl_port = '8080',
String $pt_ssl_port = '8081',
Boolean $pt_use_ssl_only = true,
String $pt_puppetdb_source_lan = '0.0.0.0/0',
Boolean $pt_soft_write_failure = false,
String $pt_no_ssl_host = '0.0.0.0',
String $pt_ssl_host = '0.0.0.0',
String $pt_ssl_key = '/etc/puppetlabs/puppetdb/ssl/private.pem',
String $pt_ssl_cert = '/etc/puppetlabs/puppetdb/ssl/public.pem',
String $pt_ssl_ca_cert = '/etc/puppetlabs/puppetdb/ssl/ca.pem',
Boolean $pt_log_access = false,
String $pt_access_log_config = '/etc/puppetlabs/puppetdb/request-logging.xml',
Boolean $pt_enable_repl = false,
String $pt_repl_port = '8082',
String $pt_repl_host = '127.0.0.1',
# r10k
Boolean $pt_use_r10k = false,
@@ -197,12 +164,7 @@ class puppet_cd::params (
$pt_rundir_master = '/var/run/puppetlabs/puppetserver'
$pt_vardir = '/opt/puppetlabs/puppet/cache'
$pt_vardir_master = '/opt/puppetlabs/server/data/puppetserver'
## puppetdb
$pt_puppetdb_main = '/etc/puppetlabs/puppetdb'
$pt_puppetdb_conf_d = "${pt_puppetdb_main}/conf.d"
$pt_puppetdb_ssl = "${pt_puppetdb_main}/ssl"
$pt_puppetdb_log = '/var/log/puppetlabs/puppetdb'
$pt_puppetdb_var_dir = '/opt/puppetlabs/server/data/puppetdb'
## r10k
$pt_r10k_dir = "${pt_main_dir}/r10k"
$pt_r10k_webhook_dir = '/etc/r10k-webhook'
@@ -213,26 +175,7 @@ class puppet_cd::params (
$pt_puppet_conf_erb = 'puppet_cd/puppet.conf.erb'
$pt_agent_conf_erb = 'puppet_cd/agent.conf.erb'
$pt_hiera_config = "${pt_puppetdir}/hiera.yaml"
## puppetdb
$pt_bootstrap_conf = "${pt_puppetdb_main}/bootstrap.cfg"
$pt_bootstrap_erb = 'puppet_cd/puppetdb/bootstrap.cfg.erb'
$pt_puppetdb_access_log = "${pt_puppetdb_log}/puppetdb-access"
$pt_request_logging_conf = "${pt_puppetdb_main}/request-logging.xml"
$pt_request_logging_erb = 'puppet_cd/puppetdb/request_logging.xml.erb'
$pt_logback_conf = "${pt_puppetdb_main}/logback.xml"
$pt_logback_erb = 'puppet_cd/puppetdb/logback.xml.erb'
$pt_puppetdb_config_ini = "${pt_puppetdb_conf_d}/config.ini"
$pt_puppetdb_config_erb = 'puppet_cd/puppetdb/config.ini.erb'
$pt_puppetdb_database_ini = "${pt_puppetdb_conf_d}/database.ini"
$pt_puppetdb_database_erb = 'puppet_cd/puppetdb/database.ini.erb'
$pt_puppetdb_jetty_ini = "${pt_puppetdb_conf_d}/jetty.ini"
$pt_puppetdb_jetty_erb = 'puppet_cd/puppetdb/jetty.ini.erb'
$pt_puppetdb_conf_file = "${pt_puppetdir}/puppetdb.conf"
$pt_puppetdb_conf_erb = 'puppet_cd/puppetdb/puppetdb.conf.erb'
$pt_puppetdb_repl_ini = "${pt_puppetdb_conf_d}/repl.ini"
$pt_puppetdb_repl_erb = 'puppet_cd/puppetdb/repl.ini.erb'
$pt_puppetdb_service_file = '/usr/lib/systemd/system/puppetdb.service'
$pt_puppetdb_service_erb = 'puppet_cd/puppetdb/puppetdb_service.erb'
## r10k
$pt_r10k_file = "${pt_r10k_dir}/r10k.yaml"
$pt_r10k_erb = 'puppet_cd/r10k/r10k.yaml.erb'
@@ -243,7 +186,6 @@ class puppet_cd::params (
# service
$pt_server_service = 'puppetserver'
$pt_agent_service = 'puppet'
$pt_db_service = 'puppetdb'
$pt_r10k_webhook_service = 'r10k_gitlab_webhook'
#

64
manifests/puppetdb/dirs.pp
View File

@@ -1,64 +0,0 @@
## puppet_cd::puppetdb::dirs.pp
# Module name: puppet_cd
# Author: Arne Teuke (arne_teuke@confdroid)
# @summary Class manages puppetdb directories
###############################################################################
class puppet_cd::puppetdb::dirs (
) inherits puppet_cd::params {
if ($fqdn == $pt_db_fqdn) and ($pt_use_puppetdb == true) {
require puppet_cd::main::install
# main directory
file { $pt_puppetdb_main:
ensure => directory,
path => $pt_puppetdb_main,
owner => $pt_db_user,
group => $pt_db_user,
mode => '0750',
selrange => s0,
selrole => object_r,
seltype => etc_t,
seluser => system_u,
}
# conf.d directory
file { $pt_puppetdb_conf_d:
ensure => directory,
path => $pt_puppetdb_conf_d,
owner => $pt_db_user,
group => $pt_db_user,
mode => '0750',
selrange => s0,
selrole => object_r,
seltype => etc_t,
seluser => system_u,
}
# ssl directory
file { $pt_puppetdb_ssl:
ensure => directory,
path => $pt_puppetdb_ssl,
owner => $pt_db_user,
group => $pt_db_user,
mode => '0750',
selrange => s0,
selrole => object_r,
seltype => etc_t,
seluser => system_u,
}
# log dir
file { $pt_puppetdb_log:
ensure => directory,
path => $pt_puppetdb_log,
owner => $pt_db_user,
group => $pt_db_user,
mode => '0700',
selrange => s0,
selrole => object_r,
seltype => var_log_t,
seluser => system_u,
}
}
}

117
manifests/puppetdb/files.pp
View File

@@ -1,117 +0,0 @@
## puppet_cd::puppetdb::files.pp
# Module name: puppet_cd
# Author: Arne Teuke (arne_teuke@confdroid)
# @summary Class manages puppetdb files
###############################################################################
class puppet_cd::puppetdb::files (
) inherits puppet_cd::params {
if ($fqdn == $pt_db_fqdn) and ($pt_use_puppetdb == true) {
require puppet_cd::puppetdb::dirs
# bootstrap.cfg
file { $pt_bootstrap_conf:
ensure => file,
path => $pt_bootstrap_conf,
owner => 'root',
group => 'root',
mode => '0644',
selrange => s0,
selrole => object_r,
seltype => puppet_etc_t,
seluser => system_u,
content => template($pt_bootstrap_erb),
notify => Service[$pt_db_service],
}
# requestlogging.xml
file { $pt_request_logging_conf:
ensure => file,
path => $pt_request_logging_conf,
owner => 'root',
group => 'root',
mode => '0644',
selrange => s0,
selrole => object_r,
seltype => puppet_etc_t,
seluser => system_u,
content => template($pt_request_logging_erb),
notify => Service[$pt_db_service],
}
# logback.xml
file { $pt_logback_conf:
ensure => file,
path => $pt_logback_conf,
owner => 'root',
group => 'root',
mode => '0644',
selrange => s0,
selrole => object_r,
seltype => puppet_etc_t,
seluser => system_u,
content => template($pt_logback_erb),
notify => Service[$pt_db_service],
}
# config.ini
file { $pt_puppetdb_config_ini:
ensure => file,
path => $pt_puppetdb_config_ini,
owner => 'root',
group => 'root',
mode => '0644',
selrange => s0,
selrole => object_r,
seltype => puppet_etc_t,
seluser => system_u,
content => template($pt_puppetdb_config_erb),
notify => Service[$pt_db_service],
}
# database.ini
file { $pt_puppetdb_database_ini:
ensure => file,
path => $pt_puppetdb_database_ini,
owner => 'root',
group => 'root',
mode => '0644',
selrange => s0,
selrole => object_r,
seltype => puppet_etc_t,
seluser => system_u,
content => template($pt_puppetdb_database_erb),
notify => Service[$pt_db_service],
}
# jetty.ini
file { $pt_puppetdb_jetty_ini :
ensure => file,
path => $pt_puppetdb_jetty_ini ,
owner => 'root',
group => 'root',
mode => '0644',
selrange => s0,
selrole => object_r,
seltype => puppet_etc_t,
seluser => system_u,
content => template($pt_puppetdb_jetty_erb),
notify => Service[$pt_db_service],
}
# repl.ini
file { $pt_puppetdb_repl_ini:
ensure => file,
path => $pt_puppetdb_repl_ini,
owner => 'root',
group => 'root',
mode => '0644',
selrange => s0,
selrole => object_r,
seltype => puppet_etc_t,
seluser => system_u,
content => template($pt_puppetdb_repl_erb),
notify => Service[$pt_db_service],
}
}
}

19
manifests/puppetdb/service.pp
View File

@@ -1,19 +0,0 @@
## puppet_cd::puppetdb::service.pp
# Module name: puppet_cd
# Author: Arne Teuke (arne_teuke@confdroid)
# @summary Class manages puppetdb service
###############################################################################
class puppet_cd::puppetdb::service (
) inherits puppet_cd::params {
if ($fqdn == $pt_db_fqdn) and ($pt_use_puppetdb == true) {
require puppet_cd::puppetdb::files
service { $pt_db_service:
ensure => running,
hasstatus => true,
hasrestart => true,
enable => true,
}
}
}

32
templates/puppetdb/bootstrap.cfg.erb
View File

@@ -1,32 +0,0 @@
###############################################################################
########## bootstrap.cfg managed by puppet agent ##########
###############################################################################
# This file is used by the application framework (trapperkeeper) to
# determine what services should be loaded at boot time.
# For more info, see:
# https://github.com/puppetlabs/trapperkeeper/wiki/Bootstrapping
# Web Server
puppetlabs.trapperkeeper.services.webserver.jetty9-service/jetty9-service
# Webrouting
puppetlabs.trapperkeeper.services.webrouting.webrouting-service/webrouting-service
# TK status
puppetlabs.trapperkeeper.services.metrics.metrics-service/metrics-webservice
puppetlabs.trapperkeeper.services.status.status-service/status-service
puppetlabs.trapperkeeper.services.scheduler.scheduler-service/scheduler-service
# PuppetDB Services
puppetlabs.puppetdb.cli.services/puppetdb-service
puppetlabs.puppetdb.command/command-service
puppetlabs.puppetdb.pdb-routing/maint-mode-service
puppetlabs.puppetdb.pdb-routing/pdb-routing-service
puppetlabs.puppetdb.config/config-service
# NREPL
puppetlabs.trapperkeeper.services.nrepl.nrepl-service/nrepl-service
# Dashboard redirect: remove to disable
puppetlabs.puppetdb.dashboard/dashboard-redirect-service

11
templates/puppetdb/config.ini.erb
View File

@@ -1,11 +0,0 @@
###############################################################################
########## config.ini managed by puppet agent ##########
###############################################################################
[global]
vardir = <%= @pt_puppetdb_var_dir %>
logging-config = <%= @pt_logback_conf %>
[command-processing]
threads = <%= @pt_com_proc_threads %>
concurrent-writes = <%= @pt_concurrent_writes %>

10
templates/puppetdb/database.ini.erb
View File

@@ -1,10 +0,0 @@
###############################################################################
########## database.ini managed by puppet agent ##########
###############################################################################
[database]
subname = <%= @pt_db_subname %>
username = <%= @pt_db_username %>
password = <%= @pt_db_password %>
gc-interval = <%= @pt_gc_interval %>

31
templates/puppetdb/jetty.ini.erb
View File

@@ -1,31 +0,0 @@
###############################################################################
########## jetty.ini managed by puppet agent ##########
###############################################################################
[jetty]
<% if @pt_use_ssl_only != true %>
host = <%= @pt_no_ssl_host %>
port = <%= @pt_no_ssl_port %>
# ssl
ssl-host = <%= @pt_ssl_host %>
ssl-port = <%= @pt_ssl_port %>
ssl-key = <%= @pt_ssl_key %>
ssl-cert = <%= @pt_ssl_cert %>
ssl-ca-cert = <%= @pt_ssl_ca_cert %>
<% if @pt_log_access == true %>
access-log-config = <%= @pt_access_log_config %>
<% end end %>
<% if @pt_use_ssl_only == true %>
ssl-host = <%= @pt_ssl_host %>
ssl-port = <%= @pt_ssl_port %>
ssl-key = <%= @pt_ssl_key %>
ssl-cert = <%= @pt_ssl_cert %>
ssl-ca-cert = <%= @pt_ssl_ca_cert %>
<% if @pt_log_access == true %>
access-log-config = <%= @pt_access_log_config %>
<% end end %>

59
templates/puppetdb/logback.xml.erb
View File

@@ -1,59 +0,0 @@
<configuration scan="true">
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
<encoder>
<pattern>%d %-5p [%c{2}] %m%n</pattern>
</encoder>
</appender>
<appender name="F1" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>/var/log/puppetlabs/puppetdb/puppetdb.log</file>
<append>true</append>
<rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
<fileNamePattern>/var/log/puppetlabs/puppetdb/puppetdb-%d{yyyy-MM-dd}.%i.log.gz</fileNamePattern>
<!-- each file should be at most 200MB, keep 90 days worth of history, but at most 1GB total-->
<maxFileSize>200MB</maxFileSize>
<maxHistory>90</maxHistory>
<totalSizeCap>1GB</totalSizeCap>
</rollingPolicy>
<encoder>
<pattern>%d %-5p [%c{2}] %m%n</pattern>
</encoder>
</appender>
<!-- Suppress internal ActiveMQ logging -->
<logger name="org.apache.activemq" level="warn"/>
<!-- Suppress internal Spring Framework logging -->
<logger name="org.springframework.jms.connection" level="warn"/>
<!-- Lower the log level for ActiveMQ KahaDB MessageDatabase -->
<logger name="org.apache.activemq.store.kahadb.MessageDatabase"
level="info"/>
<appender name="STATUS" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>/var/log/puppetlabs/puppetdb/puppetdb-status.log</file>
<append>true</append>
<rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
<!-- rollover daily -->
<fileNamePattern>/var/log/puppetlabs/puppetdb/puppetdb-status-%d{yyyy-MM-dd}.%i.log.gz</fileNamePattern>
<!-- each file should be at most 200MB, keep 90 days worth of history, but at most 1GB total-->
<maxFileSize>200MB</maxFileSize>
<maxHistory>90</maxHistory>
<totalSizeCap>1GB</totalSizeCap>
</rollingPolicy>
<encoder>
<!-- note that this will only log the JSON message (%m) and a newline (%n)-->
<pattern>%m%n</pattern>
</encoder>
</appender>
<!-- without additivity="false", the status log messages will be sent to every other appender as well-->
<logger name="puppetlabs.trapperkeeper.services.status.status-debug-logging" level="debug" additivity="false">
<appender-ref ref="STATUS"/>
</logger>
<root level="info">
<appender-ref ref="${logappender:-DUMMY}" />
<appender-ref ref="F1" />
</root>
</configuration>

7
templates/puppetdb/puppetdb.conf.erb
View File

@@ -1,7 +0,0 @@
###############################################################################
########## puppetdb.conf managed by puppet agent ##########
###############################################################################
[main]
server_urls = https://<%= @pt_db_fqdn%>:<%= @pt_ssl_port %>
soft_write_failure = <%= @pt_soft_write_failure %>

48
templates/puppetdb/puppetdb_service.erb
View File

@@ -1,48 +0,0 @@
#
# Local settings can be configured without being overwritten by package upgrades, for example
# if you want to increase puppetdb open-files-limit to 10000,
# you need to increase systemd's LimitNOFILE setting, so create a file named
# "/etc/systemd/system/puppetdb.service.d/limits.conf" containing:
# [Service]
# LimitNOFILE=10000
# You can confirm it worked by running systemctl daemon-reload
# then running systemctl show puppetdb | grep LimitNOFILE
#
[Unit]
Description=puppetdb Service
After=syslog.target network.target nss-lookup.target
[Service]
Type=forking
EnvironmentFile=/etc/sysconfig/puppetdb
User=puppetdb
TimeoutStartSec=14400
TimeoutStopSec=60
Restart=on-failure
StartLimitBurst=5
PIDFile=/run/puppetlabs/puppetdb/puppetdb.pid
# https://tickets.puppetlabs.com/browse/EZ-129
# Prior to systemd v228, TasksMax was unset by default, and unlimited. Starting in 228 a default of '512'
# was implemented. This is low enough to cause problems for certain applications. In systemd 231, the
# default was changed to be 15% of the default kernel limit. This explicitly sets TasksMax to 4915,
# which should match the default in systemd 231 and later.
# See https://github.com/systemd/systemd/issues/3211#issuecomment-233676333
TasksMax=4915
#set default privileges to -rw-r-----
UMask=027
ExecReload=/opt/puppetlabs/server/apps/puppetdb/bin/puppetdb reload
ExecStart=/opt/puppetlabs/server/apps/puppetdb/bin/puppetdb start
ExecStop=/opt/puppetlabs/server/apps/puppetdb/bin/puppetdb stop
KillMode=process
SuccessExitStatus=143
StandardOutput=journal
[Install]
WantedBy=multi-user.target

13
templates/puppetdb/repl.ini.erb
View File

@@ -1,13 +0,0 @@
###############################################################################
########## repl.ini managed by puppet agent ##########
###############################################################################
[nrepl]
<% if @pt_enable_repl == true %>
enabled = <%= @pt_enable_repl %>
port = <% @pt_repl_port %>
host = <%= @pt_repl_host %>
<% else %>
# REPL is disabled for security reasons and not normally not required.
# To enable it, set `$pt_enable_repl` to `true`.
<% end %>

17
templates/puppetdb/request_logging.xml.erb
View File

@@ -1,17 +0,0 @@
<configuration debug="false">
<appender name="FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file><%= @pt_puppetdb_access_log %>.log</file>
<append>true</append>
<rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
<fileNamePattern><%= @pt_puppetdb_access_log %>-%d{yyyy-MM-dd}.%i.log.gz</fileNamePattern>
<!-- each file should be at most 200MB, keep 90 days worth of history, but at most 1GB total-->
<maxFileSize><%= @pt_logging_max_file_size %></maxFileSize>
<maxHistory><%= @pt_loging_max_history %></maxHistory>
<totalSizeCap><%= @pt_logging_total_size %></totalSizeCap>
</rollingPolicy>
<encoder>
<pattern>%h %l %u [%t] "%r" %s %b "%i{Referer}" "%i{User-Agent}" %D</pattern>
</encoder>
</appender>
<appender-ref ref="FILE" />
</configuration>