add dirs and files - https://gitlab.confdroid.com/internal/confdroid_management/-/issues/292

manifests/params.pp

@@ -132,10 +132,10 @@ class puppet_cd::params (
 
 ) {
 # facts
-  $fqdn                   = $facts['networking']['fqdn']
-  $domain                 = $facts['networking']['domain']
-  $os_name                = $facts['os']['name']
-  $os_release             = $facts['os']['release']['major']
+  $fqdn                             = $facts['networking']['fqdn']
+  $domain                           = $facts['networking']['domain']
+  $os_name                          = $facts['os']['name']
+  $os_release                       = $facts['os']['release']['major']
 
 # directories
 ## puppet
@@ -149,10 +149,12 @@ class puppet_cd::params (
   $pt_rundir_master                 = '/var/run/puppetlabs/puppetserver'
   $pt_vardir                        = '/opt/puppetlabs/puppet/cache'
   $pt_vardir_master                 = '/opt/puppetlabs/server/data/puppetserver'
-
 ## r10k
   $pt_r10k_dir                      = "${pt_main_dir}/r10k"
   $pt_r10k_webhook_dir              = '/etc/r10k-webhook'
+## puppetdb
+  $pt_puppetdb_dir                  = '/etc/puppetlabs/puppetdb'
+  $pt_puppetdb_conf_dir             = "${pt_puppetdb_dir}/conf.d"
 
 # files
 ## puppet
@@ -165,13 +167,31 @@ class puppet_cd::params (
   $pt_routes_erb                    = 'puppet_cd/puppetdb/routes.yaml.erb'
   $pt_node_rb_file                  = "${pt_puppetdir}/node.rb"
   $pt_node_rb_erb                   = 'puppet_cd/puppetdb/node.rb.erb'
-
 ## r10k
   $pt_r10k_file                     = "${pt_r10k_dir}/r10k.yaml"
   $pt_r10k_erb                      = 'puppet_cd/r10k/r10k.yaml.erb'
   $pt_webhook_link                  = 'ln -sf  /usr/local/share/gems/gems/r10k_gitlab_webhook-0.1.3/bin/r10k_gitlab_webhook /usr/bin/'
   $pt_webhook_service_file          = '/etc/systemd/system/r10k_gitlab_webhook.service'
   $pt_webhook_service_erb           = 'puppet_cd/r10k/r10k_webhook_service.erb'
+## puppetdb
+  $pt_bootstrap_conf_file   = "${pt_puppetdb_dir}/bootstrap.cfg"
+  $pt_bootstrap_conf_erb    = 'puppet_cd/puppetdb/bootstrap.cfg.erb'
+  $pt_logback_conf_file     = "${pt_puppetdb_dir}/logback.xml"
+  $pt_logback_conf_erb      = 'puppet_cd/puppetdb/logback.xml.erb'
+  $pt_logging_conf_file     = "${pt_puppetdb_dir}/request-logging.xml"
+  $pt_logging_conf_erb      = 'puppet_cd/puppetdb/request_logging.xml.erb'
+  $pt_auth_conf_file        = "${pt_puppetdb_conf_dir}/auth.conf"
+  $pt_auth_conf_erb         = 'puppet_cd/puppetdb/auth.conf.erb'
+  $pt_config_ini_file       = "${pt_puppetdb_conf_dir}/config.ini"
+  $pt_config_ini_erb        = 'puppet_cd/puppetdb/config.ini.erb'
+  $pt_db_ini_file           = "${pt_puppetdb_conf_dir}/database.ini"
+  $pt_db_ini_erb            = 'puppet_cd/puppetdb/database.ini.erb'
+  $pt_jetty_ini_file        = "${pt_puppetdb_conf_dir}/jetty.ini"
+  $pt_jetty_ini_erb         = 'puppet_cd/puppetdb/jetty.ini.erb'
+  $pt_repl_ini_file         = "${pt_puppetdb_conf_dir}/repl.ini"
+  $pt_repl_ini_erb          = 'puppet_cd/puppetdb/repl.ini.erb'
+  $pt_service_conf_file     = '/usr/lib/systemd/system/puppetdb.service'
+  $pt_service_conf_erb      = 'puppet_cd/puppetdb/service.conf.erb'
 
 # service
   $pt_server_service                = 'puppetserver'

manifests/puppetdb/dirs.pp

@@ -0,0 +1,34 @@
+## puppet_cd::puppetdb::dirs.pp
+# Module name: puppet_cd
+# Author: Arne Teuke (arne_teuke@confdroid)
+# @summary  Class manages directories for the puppetdb section
+###############################################################################
+class puppet_cd::puppetdb::dirs (
+
+) inherits puppet_cd::params {
+  if ($pt_use_puppetdb == true) and ($pt_puppetdb_fqdn == $fqdn) {
+    require puppet_cd::main::install
+
+    file { $pt_puppetdb_dir:
+      ensure   => directory,
+      owner    => 'puppetdb',
+      group    => 'puppetdb',
+      mode     => '0750',
+      selrange => s0,
+      selrole  => object_r,
+      seltype  => puppet_etc_t,
+      seluser  => system_u,
+    }
+
+    file { $pt_puppetdb_conf_dir:
+      ensure   => directory,
+      owner    => 'root',
+      group    => 'root',
+      mode     => '0755',
+      selrange => s0,
+      selrole  => object_r,
+      seltype  => puppet_etc_t,
+      seluser  => system_u,
+    }
+  }
+}

manifests/puppetdb/files.pp

@@ -0,0 +1,131 @@
+## puppet_cd::puppetdb::files.pp
+# Module name: puppet_cd
+# Author: Arne Teuke (arne_teuke@confdroid)
+# @summary  Class manages config files for the puppetdb section
+###############################################################################
+class puppet_cd::puppetdb::files (
+
+) inherits puppet_cd::params {
+  if ($pt_use_puppetdb == true) and ($pt_puppetdb_fqdn == $fqdn) {
+    require puppet_cd::puppetdb::dirs
+
+    # bootstrap.cfg
+    file { $pt_bootstrap_conf_file:
+      ensure   => file,
+      owner    => 'root',
+      group    => 'root',
+      mode     => '0644',
+      selrange => s0,
+      selrole  => object_r,
+      seltype  => puppet_etc_t,
+      seluser  => system_u,
+      content  => template($pt_bootstrap_conf_erb),
+      notify   => Service[$pt_db_service],
+    }
+    # logback.xml
+    file { $pt_logback_conf_file:
+      ensure   => file,
+      owner    => 'root',
+      group    => 'root',
+      mode     => '0644',
+      selrange => s0,
+      selrole  => object_r,
+      seltype  => puppet_etc_t,
+      seluser  => system_u,
+      content  => template($pt_logback_conf_erb),
+      notify   => Service[$pt_db_service],
+    }
+    # request-logging.xml
+    file { $pt_logging_conf_file:
+      ensure   => file,
+      owner    => 'root',
+      group    => 'root',
+      mode     => '0644',
+      selrange => s0,
+      selrole  => object_r,
+      seltype  => puppet_etc_t,
+      seluser  => system_u,
+      content  => template($pt_logging_conf_erb),
+      notify   => Service[$pt_db_service],
+    }
+    # service config
+    file { $pt_service_conf_file:
+      ensure   => file,
+      owner    => 'root',
+      group    => 'root',
+      mode     => '0644',
+      selrange => s0,
+      selrole  => object_r,
+      seltype  => systemd_unit_file_t,
+      seluser  => system_u,
+      content  => template($pt_service_conf_erb),
+      notify   => Service[$pt_db_service],
+    }
+    # conf.d files
+    ## auth.conf
+    file { $pt_auth_conf_file:
+      ensure   => file,
+      owner    => 'root',
+      group    => 'root',
+      mode     => '0644',
+      selrange => s0,
+      selrole  => object_r,
+      seltype  => puppet_etc_t,
+      seluser  => system_u,
+      content  => template($pt_auth_conf_erb),
+      notify   => Service[$pt_db_service],
+    }
+    # config.ini
+    file { $pt_config_ini_file:
+      ensure   => file,
+      owner    => 'root',
+      group    => 'root',
+      mode     => '0644',
+      selrange => s0,
+      selrole  => object_r,
+      seltype  => puppet_etc_t,
+      seluser  => system_u,
+      content  => template($pt_config_ini_erb),
+      notify   => Service[$pt_db_service],
+    }
+    # database.ini
+    file { $pt_db_ini_file:
+      ensure   => file,
+      owner    => 'root',
+      group    => 'root',
+      mode     => '0644',
+      selrange => s0,
+      selrole  => object_r,
+      seltype  => puppet_etc_t,
+      seluser  => system_u,
+      content  => template($pt_db_ini_erb),
+      notify   => Service[$pt_db_service],
+    }
+    # jetty.ini
+    file { $pt_jetty_ini_file:
+      ensure   => file,
+      owner    => 'root',
+      group    => 'root',
+      mode     => '0644',
+      selrange => s0,
+      selrole  => object_r,
+      seltype  => puppet_etc_t,
+      seluser  => system_u,
+      content  => template($pt_jetty_ini_erb),
+      notify   => Service[$pt_db_service],
+    }
+    # repl.ini
+    file { $pt_repl_ini_file:
+      ensure   => file,
+      owner    => 'root',
+      group    => 'root',
+      mode     => '0644',
+      selrange => s0,
+      selrole  => object_r,
+      seltype  => puppet_etc_t,
+      seluser  => system_u,
+      content  => template($pt_repl_ini_erb),
+      notify   => Service[$pt_db_service],
+    }
+  }
+}

manifests/server/service.pp

@@ -41,6 +41,7 @@ class puppet_cd::server::service (
 
   if ($pt_use_puppetdb == true) and ($pt_puppetdb_fqdn == $fqdn) {
     require puppet_cd::firewall::iptables
+    require puppet_cd::puppetdb::files
 
     service { $pt_db_service:
       ensure     => running,