Puppet Class: profile::puppetmaster::pontoon

Defined in:
modules/profile/manifests/puppetmaster/pontoon.pp

Overview

Parameters:

  • stack (String) (defaults to: lookup('pontoon::stack', {'default_value' => 'template'}))
  • git_sync_minutes (Integer[1,30]) (defaults to: lookup('profile::puppetmaster::pontoon::git_sync_minutes', {'default_value' => 10}))
  • labs_puppet_master (Stdlib::Host) (defaults to: lookup('labs_puppet_master'))
  • storeconfigs (String) (defaults to: lookup('profile::puppetmaster::common::storeconfigs', {'default_value' => '' }))
  • puppetdb_hosts (Optional[Array[Stdlib::Host]]) (defaults to: lookup('profile::puppetmaster::common::puppetdb_hosts', {'default_value' => undef}))


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
# File 'modules/profile/manifests/puppetmaster/pontoon.pp', line 1

class profile::puppetmaster::pontoon (
    String                        $stack = lookup('pontoon::stack', {'default_value' => 'template'}),
    Integer[1,30]                 $git_sync_minutes = lookup('profile::puppetmaster::pontoon::git_sync_minutes', {'default_value' => 10}),
    Stdlib::Host                  $labs_puppet_master = lookup('labs_puppet_master'),
    String                        $storeconfigs = lookup('profile::puppetmaster::common::storeconfigs', {'default_value' => '' }),
    Optional[Array[Stdlib::Host]] $puppetdb_hosts = lookup('profile::puppetmaster::common::puppetdb_hosts', {'default_value' => undef}),
) {
    class { 'pontoon::enc':
        stack => "${stack}.yml",
    }

    # Ensure the file is writable by 'puppet' user
    file { '/etc/puppet/hieradata/auto.yaml':
        ensure => present,
        owner  => 'puppet',
        group  => 'puppet',
        mode   => '0644',
    }

    file { '/var/lib/puppet/client/ssl':
        ensure => link,
        target => '/var/lib/puppet/ssl',
    }

    $env_config = {
        'environmentpath'  => '$confdir/environments',
        'default_manifest' => '$confdir/manifests',
    }

    $base_config = {
        'node_terminus'     => 'exec',
        'external_nodes'    => '/usr/local/bin/puppet-enc --hiera-output /etc/puppet/hieradata/auto.yaml',
        'thin_storeconfigs' => false,
        'autosign'          => '/usr/local/bin/puppet-enc',
    }

    $puppetdb_config = {
        storeconfigs         => true,
        thin_storeconfigs    => true,
        storeconfigs_backend => 'puppetdb',
        reports              => 'puppetdb',
    }

    if $storeconfigs == 'puppetdb' {
        class { 'puppetmaster::puppetdb::client':
            hosts             => $puppetdb_hosts,
        }
        $config = merge($base_config, $puppetdb_config, $env_config)
    } else {
        $config = merge($base_config, $env_config)
    }

    class { '::httpd':
        modules => [
            'proxy',
            'proxy_http',
            'proxy_balancer',
            'passenger',
            'rewrite',
            'lbmethod_byrequests'],
    }
    require_package('libapache2-mod-passenger')

    class { '::puppetmaster':
        server_name         => $::fqdn,
        allow_from          => ['10.0.0.0/8', '172.16.0.0/21'],
        secure_private      => false,
        prevent_cherrypicks => false,
        extra_auth_rules    => '',
        config              => $config,
        enable_geoip        => false,
        hiera_config        => 'pontoon',
    }

    # Don't attempt to use puppet-master service, we're using passenger.
    service { 'puppet-master':
        ensure  => stopped,
        enable  => false,
        require => Package['puppet'],
    }

    # Update git checkout
    class { 'puppetmaster::gitsync':
        run_every_minutes => $git_sync_minutes,
    }

    ferm::service { 'puppetmaster-pontoon':
        proto  => 'tcp',
        port   => 8140,
        srange => '$LABS_NETWORKS',
    }

    # Fake confd using a file on disk.
    # Inspired by puppet_compiler module.
    file { '/etc/conftool-state':
        ensure => directory,
        mode   => '0755'
    }
    file { '/etc/conftool-state/mediawiki.yaml':
        ensure => present,
        mode   => '0444',
        source => 'puppet:///modules/puppet_compiler/mediawiki.yaml'
    }
}