diff --git a/README.md b/README.md index 8c539d3..1731f54 100644 --- a/README.md +++ b/README.md @@ -17,15 +17,34 @@ This module is also designed to work with External Node Classifiers (ENC), for i ## Features -* if the host FQDN matches your specified Puppet master via `$pt_pm_fqdn`, it installs and configures a puppetmaster. -On your puppetmaster, If you set `$pt_use_r10k`to `true`, it also installs r10k to connect to a control repo and manage the code available to clients via Puppetfile. -If you set `$pt_use_r10k_webhook`to `true`, it also installs a simple webhook listener to watch for post_hooks from gitlab, and triggers the r10k deployment. +### Puppet server and agent -* open firewall ports depending on fqdn choices -* start services as required -* manage directories +* if the host FQDN matches your specified Puppet master via `$pt_pm_fqdn`, it installs and configures a puppetmaster ready for serving with Foreman as ENC ( Foreman not yet included). +* Any other system becomes a puppet agent. + +### R10k service (optional) + +* install r10k service on your puppetmaster. + If you set `$pt_use_r10k`to `true`, it also installs r10k to connect to a control repo and manage the code available to clients via Puppetfile. + +### R10k Web hook + +* installs a webhook listener + If you set `$pt_use_r10k_webhook`to `true`, it also installs a simple webhook listener to watch for post_hooks from gitlab, and triggers the r10k deployment. + +### Puppetdb +* to do * install node.rb from the foreman for puppetdb -* manage puppet user settings (optional) + +### Firewall + +* open firewall ports depending on choices above + +### Directories, Files and Services, +* manage directories and required files including + permissions and selinux context (todo) +* start services as required + ## Support diff --git a/manifests/firewall/iptables.pp b/manifests/firewall/iptables.pp index fe26bbb..00cc116 100644 --- a/manifests/firewall/iptables.pp +++ b/manifests/firewall/iptables.pp @@ -26,4 +26,11 @@ class puppet_cd::firewall::iptables ( } } } + if ($pt_puppetdb_fqdn == $fqdn) and ($pt_use_puppetdb == true) { + firewall { "3${pt_https_port} open port ${pt_https_port}": + proto => 'tcp', + dport => $pt_https_port, + jump => 'accept', + } + } } diff --git a/manifests/main/user.pp b/manifests/main/user.pp deleted file mode 100644 index b6445f9..0000000 --- a/manifests/main/user.pp +++ /dev/null @@ -1,27 +0,0 @@ -## puppet_cd::main::user.pp -# Module name: puppet_cd -# Author: Arne Teuke (arne_teuke@confdroid) -# @summary Class manages user settings for the puppet_cd module. -############################################################################### -class puppet_cd::main::user ( - -) inherits puppet_cd::params { - if ($fqdn == $pt_pm_fqdn) and ($pt_manage_user == true) { - user { $pt_user: - ensure => present, - name => $pt_user, - allowdupe => false, - comment => $pt_user_comment, - gid => $pt_user, - managehome => true, - home => $pt_user_home, - shell => $pt_user_shell, - } - - group { $pt_user: - ensure => present, - name => $pt_user, - allowdupe => false, - } - } -} diff --git a/manifests/params.pp b/manifests/params.pp index 8b41e72..37a7d4f 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -10,12 +10,8 @@ # @param [String] pt_pkg_ensure valid: "present", "latest", "v1.2.3" # @param [String] pt_agent_pkg the packages for agents to install # @param [String] pt_server_pkg the server packages to install -# @param [String] pt_server_pkg the puppetdb packages to install +# @param [String] pt_puppetdb_pkg the puppetdb packages to install # @param [Array] pt_r10k_pkg the packages for r10k to install -# @param [String] pt_user the puppet user -# @param [String] pt_user_comment the user comment -# @param [String] pt_user_home the user home -# @param [String] pt_user_shell the user shell # @param [String] pt_environment the environment # @param [Boolean] pt_basemodulepath the base module path # @param [String] pt_logdir the log directory @@ -51,10 +47,19 @@ # @param [Boolean] pt_r10k_prefix the r10k prefix. defaults to false # @param [String] pt_r10k_basedir the base directory for r10k.yaml # @param [Array] pt_r10k_webhook_pkg the packages for the r10k webhook -# @param [Boolean] pt_manage_user whether to manage the puppet user # @param [String] pt_r10k_webhook_port the port for the webhook listener # @param [String] pt_ssl_port the port for the puppetdb ssl port # @param [Boolean] pt_soft_write_failure whether to allow soft_write_failure +# @param [String] pt_db_subname the url for the database connection +# @param [String] pt_db_username the username for the database connection +# @param [String] pt_db_password the password for the database connection +# @param [String] pt_gc_interval How often (in minutes) to compact the database +# @param [String] pt_http_port Port to listen on for clear-text HTTP. +# @param [String] pt_https_port Port to listen on for HTTPs connections. +# @param [String] pt_ssl_host IP address to listen on for HTTPS connections +# @param [Boolean] pt_repl_on toggle the remote repl true false +# @param [String] pt_repl_port What port the REPL should listen on +# @param [String] pt_repl_host IP address to listen on ############################################################################### class puppet_cd::params ( @@ -67,18 +72,10 @@ class puppet_cd::params ( String $pt_pkg_ensure = 'present', String $pt_agent_pkg = 'puppet-agent', String $pt_server_pkg = 'puppetserver', - String $pt_puppetdb_pkg = 'puppetdb-termini', + Array $pt_puppetdb_pkg = ['puppetdb-termini', 'puppetdb'], Array $pt_r10k_pkg = ['ruby','ruby-devel','rubygems','gcc','make'], Array $pt_r10k_webhook_pkg = ['webrick', 'r10k_gitlab_webhook'], - # user settings - ## puppet user - Boolean $pt_manage_user = false, - String $pt_user = 'puppet', - String $pt_user_comment = 'puppetserver daemon', - String $pt_user_home = '/opt/puppetlabs/server/data/puppetserver', - String $pt_user_shell = '/sbin/nologin', - # templates ## puppet String $pt_environment = 'production', @@ -112,6 +109,18 @@ class puppet_cd::params ( # puppetdb String $pt_ssl_port = '8081', Boolean $pt_soft_write_failure = false, + String $pt_db_subname = '//localhost:5432/puppetdb', + String $pt_db_username = 'foobar', + String $pt_db_password = 'foobar', + String $pt_gc_interval = '60', + ## jetty + String $pt_http_port = '8080', + String $pt_https_port = '8081', + String $pt_ssl_host = '0.0.0.0', + ## repl + Boolean $pt_repl_on = false, + String $pt_repl_port = '8082', + String $pt_repl_host = '127.0.0.1', # r10k Boolean $pt_use_r10k = false, diff --git a/manifests/server/service.pp b/manifests/server/service.pp index ce306a5..cd31493 100644 --- a/manifests/server/service.pp +++ b/manifests/server/service.pp @@ -19,7 +19,6 @@ class puppet_cd::server::service ( # manage puppet server service if $fqdn == $pt_pm_fqdn { require puppet_cd::firewall::iptables - require puppet_cd::main::user service { $pt_server_service: ensure => running, @@ -27,12 +26,23 @@ class puppet_cd::server::service ( hasrestart => true, enable => true, } + # manage webhook service + if $pt_use_r10k_webhook == true { + require puppet_cd::r10k::install + + service { $pt_r10k_webhook_service: + ensure => running, + hasstatus => true, + hasrestart => true, + enable => true, + } + } } - # manage webhook service - if $pt_use_r10k_webhook == true { - require puppet_cd::r10k::install - service { $pt_r10k_webhook_service: + if ($pt_use_puppetdb == true) and ($pt_puppetdb_fqdn == $fqdn) { + require puppet_cd::firewall::iptables + + service { $pt_db_service: ensure => running, hasstatus => true, hasrestart => true,