241 lines
12 KiB
ObjectPascal
241 lines
12 KiB
ObjectPascal
## puppet_cd::params.pp
|
|
# Module name: puppet_cd
|
|
# Author: Arne Teuke (arne_teuke@confdroid)
|
|
# @summary Class manages parameters for the puppet_cd module.
|
|
# @param [Boolean] pt_manage_fw whether to manage firewall settings
|
|
# @param [String] pt_pm_fqdn the fqdn for the puppetmaster and master
|
|
# settings are applied. any other fqdn # will be considered a puppet agent.
|
|
# @param [String] pt_db_fqdn the fqdn for the puppetdb host.
|
|
# @param [String] pt_pkg_ensure valid: "present", "latest", "v1.2.3"
|
|
# @param [String] pt_agent_pkg the packages for agents to install
|
|
# @param [String] pt_server_pkg the server packages to install
|
|
# @param [Array] pt_db_pkg the packages for puppetdb
|
|
# @param [Array] pt_r10k_pkg the packages for r10k to install
|
|
# @param [String] pt_no_ssl_port non-ssl port number for puppetdb
|
|
# @param [String] pt_ssl_port ssl port for puppetdb
|
|
# @param [Boolean] pt_use_ssl_only whether to use ssl only.
|
|
# @param [String] pt_user the puppet user
|
|
# @param [String] pt_user_comment the user comment
|
|
# @param [String] pt_user_home the user home
|
|
# @param [String] pt_user_shell the user shell
|
|
# @param [Boolean] pt_manage_db_user whether to manage the user for puppetdb
|
|
# @param [String] pt_db_user the puppetdb user
|
|
# @param [String] pt_db_user_comment the user comment for puppetdb user
|
|
# @param [String] pt_db_user_home the user home for the puppetdb user
|
|
# @param [String] pt_db_user_shell the shell for the puppetdb user
|
|
# @param [Boolean] pt_use_puppetdb whether to use puppetdb on host
|
|
# @param [String] pt_environment the environment
|
|
# @param [Boolean] pt_basemodulepath the base module path
|
|
# @param [String] pt_logdir the log directory
|
|
# @param [Boolean] pt_allow_duplicate_certs whether to allow duplicated certs
|
|
# @param [String] pt_pluginfactsource the plugin fact source
|
|
# @param [String] pt_pluginsource the plugin source
|
|
# @param [String] pt_runinterval the runinterval
|
|
# @param [String] pt_reports where to send the run reports
|
|
# @param [Boolean] pt_show_diff whether to show the diff
|
|
# @param [Boolean] pt_default_schedules the default run schedules
|
|
# @param [String] pt_masterport the master port to listen on
|
|
# @param [Boolean] pt_noop whether noop should be executed
|
|
# @param [Boolean] pt_pluginsync whether pluginsync should be allowed
|
|
# @param [Boolean] pt_report whether reports should be created
|
|
# @param [Boolean] pt_splay whether to enable a sleeping period before runs
|
|
# @param [String] pt_splaylimit the splay limit
|
|
# @param [Boolean] pt_usecacheonfailure whether to use the cache on failure
|
|
# @param [String] pt_autosign where to check the autosign settings
|
|
# @param [Boolean] pt_ca whether to be a ca
|
|
# @param [String] pt_external_nodes the external node settings (ENC)
|
|
# @param [String] pt_logdir_master the log directory on the master
|
|
# @param [String] pt_node_terminus Which node data plugin to use when compiling
|
|
# node catalogs.
|
|
# @param [Boolean] pt_strict_variables Causes an evaluation error when
|
|
# referencing unknown variables
|
|
# @param [Boolean] pt_storeconfigs whether store client configs.
|
|
# @param [String] pt_storeconfigs_backend where to store client configs
|
|
# @param [String] pt_parser which parser version to use
|
|
# @param [Boolean] pt_cert_revocation whether to check for cert revocations
|
|
# @param [String] pt_logging_max_file_size max file size for puppetdb logging
|
|
# @param [String] pt_logging_max_history max logging history
|
|
# @param [String] pt_logging_total_size total size of logging file
|
|
# @param [String] pt_com_proc_threads number of processing threads
|
|
# @param [String] pt_concurrent_writes max concurrent writes
|
|
# @param [String] pt_db_subname the db name
|
|
# @param [String] pt_db_username the db username
|
|
# @param [String] pt_db_password the db password
|
|
# @param [String] pt_gc_interval garbage collection interval (Java)
|
|
# @param [String] pt_log_slow_statements number of seconds before an SQL query
|
|
# is considered "slow."
|
|
# @param [String] pt_puppetdb_source_lan the source lan for puppetdb clients
|
|
# @param [Boolean] pt_soft_write_failure allows the PuppetDB-termini to fail
|
|
# softly if PuppetDB is not accessible for command submission.
|
|
# @param [String] pt_no_ssl_host ip range for non-ssl hosts
|
|
# @param [String] pt_ssl_host ip range for SSL hosts
|
|
# @param [String] pt_ssl_key location of the private key
|
|
# @param [String] pt_ssl_cert location of the ssl cert
|
|
# @param [String] pt_ssl_ca_cert location of the ssl ca cert
|
|
# @param [Boolean] pt_log_access whether to configure log access
|
|
# @param [String] pt_access_log_config the location of the access log config
|
|
# @param [Boolean] pt_enable_repl whether to allow puppetdb replication
|
|
# @param [String] pt_repl_port the replication port
|
|
# @param [String] pt_repl_host the replication host
|
|
# @param [Boolean] pt_use_r10k whether to use r10k service
|
|
# @param [Boolean] pt_use_r10k_webhook whether to use r10k webhook service
|
|
# @param [String] pt_r10k_remote the remote url for the r10k control repo
|
|
# @param [Boolean] pt_r10k_prefix the r10k prefix. defaults to false
|
|
# @param [String] pt_r10k_basedir the base directory for r10k.yaml
|
|
###############################################################################
|
|
class puppet_cd::params (
|
|
|
|
Boolean $pt_manage_fw = true,
|
|
String $pt_pm_fqdn = 'puppetmaster.example.net',
|
|
String $pt_db_fqdn = 'puppetdb.example.net',
|
|
|
|
# installation
|
|
String $pt_pkg_ensure = 'present',
|
|
String $pt_agent_pkg = 'puppet-agent',
|
|
String $pt_server_pkg = 'puppetserver',
|
|
Array $pt_db_pkg = ['puppetdb','puppetdb-termini'],
|
|
Array $pt_r10k_pkg = ['ruby','ruby-devel','gcc','make','redhat-rpm-config','rpm-build'],
|
|
|
|
# user settings
|
|
## puppet user
|
|
Boolean $pt_manage_user = true,
|
|
String $pt_user = 'puppet',
|
|
String $pt_user_comment = 'puppetserver daemon',
|
|
String $pt_user_home = '/opt/puppetlabs/server/data/puppetserver',
|
|
String $pt_user_shell = '/sbin/nologin',
|
|
## puppetdb user
|
|
Boolean $pt_manage_db_user = true,
|
|
String $pt_db_user = 'puppetdb',
|
|
String $pt_db_user_comment = 'PuppetDB daemon',
|
|
String $pt_db_user_home = '/opt/puppetlabs/server/data/puppetdb',
|
|
String $pt_db_user_shell = '/sbin/nologin',
|
|
# templates
|
|
## puppet
|
|
String $pt_environment = 'production',
|
|
Boolean $pt_allow_duplicate_certs = false,
|
|
String $pt_basemodulepath = '/etc/puppetlabs/code/environments/common:/etc/puppetlabs/code/modules:/opt/puppetlabs/puppet/modules:/usr/share/puppet/modules',
|
|
String $pt_logdir = '/var/log/puppetlabs/puppet',
|
|
String $pt_pluginfactsource = 'pluginfacts',
|
|
String $pt_pluginsource = 'plugins',
|
|
String $pt_reports = 'foreman',
|
|
Boolean $pt_show_diff = false,
|
|
Boolean $pt_default_schedules = false,
|
|
String $pt_masterport = '8140',
|
|
Boolean $pt_noop = false,
|
|
Boolean $pt_pluginsync = true,
|
|
Boolean $pt_report = true,
|
|
String $pt_runinterval = '1800',
|
|
Boolean $pt_splay = false,
|
|
String $pt_splaylimit = '1800',
|
|
Boolean $pt_usecacheonfailure = true,
|
|
String $pt_autosign = '/etc/puppetlabs/puppet/autosign.conf',
|
|
Boolean $pt_ca = true,
|
|
String $pt_external_nodes = '/etc/puppetlabs/puppet/node.rb',
|
|
String $pt_logdir_master = '/var/log/puppetlabs/puppetserver',
|
|
String $pt_node_terminus = 'exec',
|
|
Boolean $pt_strict_variables = false,
|
|
Boolean $pt_storeconfigs = true,
|
|
String $pt_storeconfigs_backend = 'puppetdb',
|
|
String $pt_parser = 'current',
|
|
Boolean $pt_cert_revocation = true,
|
|
## puppetdb
|
|
Boolean $pt_use_puppetdb = false,
|
|
String $pt_logging_max_file_size = '200MB',
|
|
String $pt_logging_max_history = '90',
|
|
String $pt_logging_total_size = '1GB',
|
|
String $pt_com_proc_threads = '4',
|
|
String $pt_concurrent_writes = '4',
|
|
String $pt_db_subname = '//localhost:5432/puppetdb',
|
|
String $pt_db_username = 'foobar',
|
|
String $pt_db_password = 'foobar',
|
|
String $pt_gc_interval = '60',
|
|
String $pt_log_slow_statements = '10',
|
|
String $pt_no_ssl_port = '8080',
|
|
String $pt_ssl_port = '8081',
|
|
Boolean $pt_use_ssl_only = true,
|
|
String $pt_puppetdb_source_lan = '0.0.0.0/0',
|
|
Boolean $pt_soft_write_failure = false,
|
|
String $pt_no_ssl_host = '0.0.0.0',
|
|
String $pt_ssl_host = '0.0.0.0',
|
|
String $pt_ssl_key = '/etc/puppetlabs/puppetdb/ssl/private.pem',
|
|
String $pt_ssl_cert = '/etc/puppetlabs/puppetdb/ssl/public.pem',
|
|
String $pt_ssl_ca_cert = '/etc/puppetlabs/puppetdb/ssl/ca.pem',
|
|
Boolean $pt_log_access = false,
|
|
String $pt_access_log_config = '/etc/puppetlabs/puppetdb/request-logging.xml',
|
|
Boolean $pt_enable_repl = false,
|
|
String $pt_repl_port = '8082',
|
|
String $pt_repl_host = '127.0.0.1',
|
|
|
|
# r10k
|
|
Boolean $pt_use_r10k = false,
|
|
Boolean $pt_use_r10k_webhook = false,
|
|
String $pt_r10k_remote = 'git@gitlab.example.net/repo.git',
|
|
Boolean $pt_r10k_prefix = false,
|
|
String $pt_r10k_basedir = '/etc/puppetlabs/code/environments',
|
|
|
|
) {
|
|
# facts
|
|
$fqdn = $facts['networking']['fqdn']
|
|
$domain = $facts['networking']['domain']
|
|
$os_name = $facts['os']['name']
|
|
$os_release = $facts['os']['release']['major']
|
|
|
|
# directories
|
|
## puppet
|
|
$pt_main_dir = '/etc/puppetlabs'
|
|
$pt_puppetdir = "${pt_main_dir}/puppet"
|
|
$pt_code_dir = "${pt_main_dir}/code"
|
|
$pt_environmentspath = "${pt_code_dir}/environments"
|
|
$pt_ssldir = "${pt_puppetdir}/ssl"
|
|
$pt_privatekeydir = "${pt_ssldir}/private_keys"
|
|
$pt_rundir = '/var/run/puppetlabs'
|
|
$pt_rundir_master = '/var/run/puppetlabs/puppetserver'
|
|
$pt_vardir = '/opt/puppetlabs/puppet/cache'
|
|
$pt_vardir_master = '/opt/puppetlabs/server/data/puppetserver'
|
|
## puppetdb
|
|
$pt_puppetdb_main = '/etc/puppetlabs/puppetdb'
|
|
$pt_puppetdb_conf_d = "${pt_puppetdb_main}/conf.d"
|
|
$pt_puppetdb_ssl = "${pt_puppetdb_main}/ssl"
|
|
$pt_puppetdb_log = '/var/log/puppetlabs/puppetdb'
|
|
$pt_puppetdb_var_dir = '/opt/puppetlabs/server/data/puppetdb'
|
|
## r10k
|
|
$pt_r10k_dir = "${pt_main_dir}/r10k"
|
|
|
|
# files
|
|
## puppet
|
|
$pt_puppet_conf_file = "${pt_puppetdir}/puppet.conf"
|
|
$pt_puppet_conf_erb = 'puppet_cd/puppet.conf.erb'
|
|
$pt_agent_conf_erb = 'puppet_cd/agent.conf.erb'
|
|
$pt_hiera_config = "${pt_puppetdir}/hiera.yaml"
|
|
## puppetdb
|
|
$pt_bootstrap_conf = "${pt_puppetdb_main}/bootstrap.cfg"
|
|
$pt_bootstrap_erb = 'puppet_cd/puppetdb/bootstrap.cfg.erb'
|
|
$pt_puppetdb_access_log = "${pt_puppetdb_log}/puppetdb-access"
|
|
$pt_request_logging_conf = "${pt_puppetdb_main}/request-logging.xml"
|
|
$pt_request_logging_erb = 'puppet_cd/puppetdb/request_logging.xml.erb'
|
|
$pt_logback_conf = "${pt_puppetdb_main}/logback.xml"
|
|
$pt_logback_erb = 'puppet_cd/puppetdb/logback.xml.erb'
|
|
$pt_puppetdb_config_ini = "${pt_puppetdb_conf_d}/config.ini"
|
|
$pt_puppetdb_config_erb = 'puppet_cd/puppetdb/config.ini.erb'
|
|
$pt_puppetdb_database_ini = "${pt_puppetdb_conf_d}/database.ini"
|
|
$pt_puppetdb_database_erb = 'puppet_cd/puppetdb/database.ini.erb'
|
|
$pt_puppetdb_jetty_ini = "${pt_puppetdb_conf_d}/jetty.ini"
|
|
$pt_puppetdb_jetty_erb = 'puppet_cd/puppetdb/jetty.ini.erb'
|
|
$pt_puppetdb_conf_file = "${pt_puppetdir}/puppetdb.conf"
|
|
$pt_puppetdb_conf_erb = 'puppet_cd/puppetdb/puppetdb.conf.erb'
|
|
$pt_puppetdb_repl_ini = "${pt_puppetdb_conf_d}/repl.ini"
|
|
$pt_puppetdb_repl_erb = 'puppet_cd/puppetdb/repl.ini.erb'
|
|
## r10k
|
|
$pt_r10k_file = "${pt_r10k_dir}/r10k.yaml"
|
|
$pt_r10k_erb = 'puppet_cd/r10k/r10k.yaml.erb'
|
|
|
|
# service
|
|
$pt_server_service = 'puppetserver'
|
|
$pt_agent_service = 'puppet'
|
|
$pt_db_service = 'puppetdb'
|
|
|
|
#
|
|
# includes must be last
|
|
include puppet_cd::main::config
|
|
}
|