transfer parameters, iptables and service to puppet_cd - https://gitlab.confdroid.com/internal/confdroid_management/-/issues/292

2025-11-01 16:38:56 +01:00
parent 9b75c8b1a9
commit e861e60d4e
5 changed files with 72 additions and 54 deletions
--- a/README.md
+++ b/README.md
@@ -17,15 +17,34 @@ This module is also designed to work with External Node Classifiers (ENC), for i

 ## Features

-* if the host FQDN matches your specified Puppet master via `$pt_pm_fqdn`, it installs and configures a puppetmaster.
-On your puppetmaster, If you set `$pt_use_r10k`to `true`, it also installs r10k to connect to  a control repo and manage the code available to clients via Puppetfile.
-If you set `$pt_use_r10k_webhook`to `true`, it also installs a simple webhook listener to watch for post_hooks from gitlab, and triggers the r10k deployment.
+### Puppet server and agent

-* open firewall ports depending on fqdn choices
-* start services as required
-* manage directories
+* if the host FQDN matches your specified Puppet master via `$pt_pm_fqdn`, it installs and configures a puppetmaster ready for serving with Foreman as ENC ( Foreman not yet included).
+* Any other system becomes a puppet agent.
+
+### R10k service (optional)
+
+* install r10k service on your puppetmaster.
+  If you set `$pt_use_r10k`to `true`, it also installs r10k to connect to  a control repo and manage the code available to clients via Puppetfile.
+
+### R10k Web hook
+
+* installs a webhook listener
+  If you set `$pt_use_r10k_webhook`to `true`, it also installs a simple webhook listener to watch for post_hooks from gitlab, and triggers the r10k deployment.
+
+### Puppetdb
+* to do
 * install node.rb from the foreman for puppetdb
-* manage puppet user settings (optional)
+
+### Firewall
+
+* open firewall ports depending on choices above
+
+### Directories, Files and Services,
+* manage directories and required files including
+  permissions and selinux context (todo)
+* start services as required
+

 ## Support

--- a/manifests/firewall/iptables.pp
+++ b/manifests/firewall/iptables.pp
@@ -26,4 +26,11 @@ class puppet_cd::firewall::iptables (
      }
    }
  }
+  if ($pt_puppetdb_fqdn == $fqdn) and ($pt_use_puppetdb == true) {
+    firewall { "3${pt_https_port} open port ${pt_https_port}":
+      proto => 'tcp',
+      dport => $pt_https_port,
+      jump  => 'accept',
+    }
+  }
 }
--- a/manifests/main/user.pp
+++ b/manifests/main/user.pp
@@ -1,27 +0,0 @@
-## puppet_cd::main::user.pp
-# Module name: puppet_cd
-# Author: Arne Teuke (arne_teuke@confdroid)
-# @summary  Class manages user settings for the puppet_cd module.
-###############################################################################
-class puppet_cd::main::user (
-
-) inherits puppet_cd::params {
-  if ($fqdn == $pt_pm_fqdn) and ($pt_manage_user == true) {
-    user { $pt_user:
-      ensure     => present,
-      name       => $pt_user,
-      allowdupe  => false,
-      comment    => $pt_user_comment,
-      gid        => $pt_user,
-      managehome => true,
-      home       => $pt_user_home,
-      shell      => $pt_user_shell,
-    }
-
-    group { $pt_user:
-      ensure    => present,
-      name      => $pt_user,
-      allowdupe => false,
-    }
-  }
-}
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -10,12 +10,8 @@
 # @param [String] pt_pkg_ensure valid: "present", "latest", "v1.2.3"
 # @param [String] pt_agent_pkg the packages for agents to install
 # @param [String] pt_server_pkg the server packages to install
-# @param [String] pt_server_pkg the puppetdb packages to install
+# @param [String] pt_puppetdb_pkg the puppetdb packages to install
 # @param [Array] pt_r10k_pkg the packages for r10k to install
-# @param [String] pt_user the puppet user
-# @param [String] pt_user_comment the user comment
-# @param [String] pt_user_home the user home
-# @param [String] pt_user_shell the user shell
 # @param [String] pt_environment the environment
 # @param [Boolean] pt_basemodulepath the base module path
 # @param [String] pt_logdir the log directory
@@ -51,10 +47,19 @@
 # @param [Boolean] pt_r10k_prefix the r10k prefix. defaults to false
 # @param [String] pt_r10k_basedir the base directory for r10k.yaml
 # @param [Array] pt_r10k_webhook_pkg the packages for the r10k webhook
-# @param [Boolean] pt_manage_user whether to manage the puppet user
 # @param [String] pt_r10k_webhook_port the port for the webhook listener
 # @param [String] pt_ssl_port the port for the puppetdb ssl port
 # @param [Boolean] pt_soft_write_failure whether to allow soft_write_failure
+# @param [String] pt_db_subname the url for the database connection
+# @param [String] pt_db_username the username for the database connection
+# @param [String] pt_db_password the password for the database connection
+# @param [String] pt_gc_interval How often (in minutes) to compact the database
+# @param [String] pt_http_port Port to listen on for clear-text HTTP.
+# @param [String] pt_https_port Port to listen on for HTTPs connections.
+# @param [String] pt_ssl_host IP address to listen on for HTTPS connections
+# @param [Boolean] pt_repl_on toggle the remote repl true false
+# @param [String] pt_repl_port What port the REPL should listen on
+# @param [String] pt_repl_host IP address to listen on
 ###############################################################################
 class puppet_cd::params (

@@ -67,18 +72,10 @@ class puppet_cd::params (
  String $pt_pkg_ensure             = 'present',
  String $pt_agent_pkg              = 'puppet-agent',
  String $pt_server_pkg             = 'puppetserver',
-  String $pt_puppetdb_pkg           = 'puppetdb-termini',
+  Array $pt_puppetdb_pkg            = ['puppetdb-termini', 'puppetdb'],
  Array $pt_r10k_pkg                = ['ruby','ruby-devel','rubygems','gcc','make'],
  Array $pt_r10k_webhook_pkg        = ['webrick', 'r10k_gitlab_webhook'],

-  # user settings
-  ## puppet user
-  Boolean $pt_manage_user           = false,
-  String $pt_user                   = 'puppet',
-  String $pt_user_comment           = 'puppetserver daemon',
-  String $pt_user_home              = '/opt/puppetlabs/server/data/puppetserver',
-  String $pt_user_shell             = '/sbin/nologin',
-
  # templates
  ## puppet
  String $pt_environment            = 'production',
@@ -112,6 +109,18 @@ class puppet_cd::params (
 # puppetdb
  String $pt_ssl_port               = '8081',
  Boolean $pt_soft_write_failure    = false,
+  String $pt_db_subname             = '//localhost:5432/puppetdb',
+  String $pt_db_username            = 'foobar',
+  String $pt_db_password            = 'foobar',
+  String $pt_gc_interval            = '60',
+  ## jetty
+  String $pt_http_port              = '8080',
+  String $pt_https_port             = '8081',
+  String $pt_ssl_host               = '0.0.0.0',
+  ## repl
+  Boolean $pt_repl_on               = false,
+  String $pt_repl_port              = '8082',
+  String $pt_repl_host              = '127.0.0.1',

 # r10k
  Boolean $pt_use_r10k              = false,
--- a/manifests/server/service.pp
+++ b/manifests/server/service.pp
@@ -19,7 +19,6 @@ class puppet_cd::server::service (
  # manage puppet server service
  if $fqdn == $pt_pm_fqdn {
    require puppet_cd::firewall::iptables
-    require puppet_cd::main::user

    service { $pt_server_service:
      ensure     => running,
@@ -27,12 +26,23 @@ class puppet_cd::server::service (
      hasrestart => true,
      enable     => true,
    }
+    # manage webhook service
+    if $pt_use_r10k_webhook == true {
+      require puppet_cd::r10k::install
+
+      service { $pt_r10k_webhook_service:
+        ensure     => running,
+        hasstatus  => true,
+        hasrestart => true,
+        enable     => true,
+      }
+    }
  }

-  # manage webhook service
-  if $pt_use_r10k_webhook == true {
-    require puppet_cd::r10k::install
-    service { $pt_r10k_webhook_service:
+  if ($pt_use_puppetdb == true) and ($pt_puppetdb_fqdn == $fqdn) {
+    require puppet_cd::firewall::iptables
+
+    service { $pt_db_service:
      ensure     => running,
      hasstatus  => true,
      hasrestart => true,