Puppet Class: profile::debmonitor::client

Defined in:
modules/profile/manifests/debmonitor/client.pp

Overview

Class: profile::debmonitor::client

This profile installs the Debmonitor client and its configuration.

Actions:

Expose Puppet certs for the debmonitor user
Install DebMonitor client's configuration
Install DebMonitor client

Sample Usage:

include ::profile::debmonitor::client

Parameters:

  • debmonitor_server (String) (defaults to: hiera('debmonitor'))


13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
# File 'modules/profile/manifests/debmonitor/client.pp', line 13

class profile::debmonitor::client (
    String $debmonitor_server = hiera('debmonitor'),
) {
    $base_path = '/etc/debmonitor'
    $cert = "${base_path}/ssl/cert.pem"
    $private_key = "${base_path}/ssl/server.key"
    $ca = '/etc/ssl/certs/Puppet_Internal_CA.pem'

    # On Debmonitor server hosts this is already defined by service::uwsgi.
    if !defined(File[$base_path]) {
        # Create directory for the exposed Puppet certs.
        file { $base_path:
            ensure => directory,
            owner  => 'debmonitor',
            group  => 'debmonitor',
            mode   => '0555',
        }
    }

    # Create user and group to which expose the Puppet certs.
    group { 'debmonitor':
        ensure => present,
        system => true,
    }

    user { 'debmonitor':
        ensure     => present,
        gid        => 'debmonitor',
        shell      => '/bin/bash',
        home       => '/nonexistent',
        managehome => false,
        system     => true,
        comment    => 'DebMonitor system user',
    }

    ::base::expose_puppet_certs { $base_path:
        user            => 'debmonitor',
        group           => 'debmonitor',
        provide_private => true,
    }

    # Create the Debmonitor client configuration file.
    file { '/etc/debmonitor.conf':
        ensure  => present,
        owner   => 'debmonitor',
        group   => 'debmonitor',
        mode    => '0440',
        content => template('profile/debmonitor/client/debmonitor.conf.erb'),
    }

    # Install the package after the configuration file and the exposed Puppet certs are in place.
    package { 'debmonitor-client':
        ensure  => installed,
        require => [
            File['/etc/debmonitor.conf'],
            Base::Expose_puppet_certs[$base_path],
        ],
    }

    # Setup the daily reconciliation cron in case any debmonitor update fails.
    if os_version('debian >= jessie') {
        $cron = '/usr/bin/systemd-cat -t "debmonitor-client" /usr/bin/debmonitor-client'
    } else {
        $cron = '/usr/bin/debmonitor-client > /dev/null 2>&1'
    }

    cron { 'debmonitor-client':
        command => $cron,
        user    => 'debmonitor',
        hour    => fqdn_rand(23, $title),
        minute  => fqdn_rand(59, $title),
    }
}