Puppet Class: profile::puppet_compiler

Defined in:
modules/profile/manifests/puppet_compiler.pp

Summary

profiletp configure the compiler nodes

Overview

SPDX-License-Identifier: Apache-2.0

Parameters:

  • puppetdb_proxy (Boolean) (defaults to: lookup('profile::puppet_compiler::puppetdb_proxy'))

    if we proxy db queries

  • puppetdb_host (Optional[Stdlib::Host]) (defaults to: lookup('profile::puppet_compiler::puppetdb_host'))

    puppetdb host

  • puppetdb_port (Optional[Stdlib::Port]) (defaults to: lookup('profile::puppet_compiler::puppetdb_port'))

    puppetdb port



6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
 
# File 'modules/profile/manifests/puppet_compiler.pp', line 6

class profile::puppet_compiler (
    Boolean                $puppetdb_proxy = lookup('profile::puppet_compiler::puppetdb_proxy'),
    Optional[Stdlib::Host] $puppetdb_host  = lookup('profile::puppet_compiler::puppetdb_host'),
    Optional[Stdlib::Port] $puppetdb_port  = lookup('profile::puppet_compiler::puppetdb_port'),
) {
    requires_realm('labs')

    include profile::openstack::base::puppetmaster::enc_client
    class { 'sslcert::dhparam': }
    class { 'puppet_compiler':
        group => 'wikidev',
    }
    class { 'puppetmaster::puppetdb::client':
        hosts => [$facts['networking']['fqdn']],
    }
    # puppetdb configuration
    file { "${puppet_compiler::vardir}/puppetdb.conf":
        source => '/etc/puppet/puppetdb.conf',
        owner  => $puppet_compiler::user,
    }
    # Files in this dir should only exist for the time it takes to do the pcc run
    systemd::timer::job { 'delete-canceled-pcc-run-dirs':
        ensure      => present,
        description => 'Clean up stale files from canceled PCC reports',
        command     => "/usr/bin/find ${puppet_compiler::workdir} -maxdepth 1 -type d -daystart -mtime +1",
        user        => 'root',
        interval    => {'start' => 'OnUnitInactiveSec', 'interval' => '24h'},
    }
    if $puppetdb_proxy {
        $ssldir = "${puppet_compiler::vardir}/ssl"
        $ssl_settings = ssl_ciphersuite('nginx', 'strong')
        $docroot = $puppet_compiler::workdir

        nginx::site { 'puppet-compiler':
            content => template('profile/puppet_compiler/puppetdb-proxy.erb'),
        }
        ferm::service { 'puppetdb-proxy':
            proto  => 'tcp',
            port   => [443],
            prio   => 30,
            # this could be restricted to just localhost i think
            srange => '$LABS_NETWORKS',
        }
    }
}