Puppet Class: puppetmaster::puppetdb

Defined in:
modules/puppetmaster/manifests/puppetdb.pp

Overview

Class puppetmaster::puppetdb

Sets up a puppetdb instance and the corresponding database server. TODO: fold this class into profile::puppetdb

Parameters:

  • gc_interval (Integer[0]) (defaults to: 20)

    This controls how often, in minutes, to compact the database. The compaction process reclaims space and deletes unnecessary rows. If not supplied, the default is every 20 minutes. If set to zero, all database GC processes will be disabled.

  • node_ttl (Pattern[/\d+[dhms]/]) (defaults to: '7d')

    Mark as ‘expired’ nodes that haven’t seen any activity (no new catalogs, facts, or reports) in the specified amount of time. Expired nodes behave the same as manually-deactivated nodes.

  • node_purge_ttl (Pattern[/\d+[dhms]/]) (defaults to: '14d')

    Automatically delete nodes that have been deactivated or expired for the specified amount of time

  • report_ttl (Pattern[/\d+[dhms]/]) (defaults to: '1d')

    Automatically delete reports that are older than the specified amount of time.

  • master (Stdlib::Host)
  • port (Stdlib::Port) (defaults to: 443)
  • jetty_port (Stdlib::Port) (defaults to: 8080)
  • jvm_opts (String) (defaults to: '-Xmx4G')
  • ssldir (Optional[Stdlib::Unixpath]) (defaults to: undef)
  • ca_path (Stdlib::Unixpath) (defaults to: '/etc/ssl/certs/Puppet_Internal_CA.pem')
  • puppetdb_pass (String) (defaults to: '')
  • puppetdb_ro_pass (String) (defaults to: '')
  • log_level (Puppetdb::Loglevel) (defaults to: 'info')
  • tmpfs_stockpile_queue (Boolean) (defaults to: false)
  • facts_blacklist (Array[String]) (defaults to: [])
  • facts_blacklist_type (Enum['literal', 'regex']) (defaults to: 'literal')


16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
# File 'modules/puppetmaster/manifests/puppetdb.pp', line 16

class puppetmaster::puppetdb(
    Stdlib::Host               $master,
    Stdlib::Port               $port                  = 443,
    Stdlib::Port               $jetty_port            = 8080,
    String                     $jvm_opts              ='-Xmx4G',
    Optional[Stdlib::Unixpath] $ssldir                = undef,
    Stdlib::Unixpath           $ca_path               = '/etc/ssl/certs/Puppet_Internal_CA.pem',
    String                     $puppetdb_pass         = '',
    String                     $puppetdb_ro_pass      = '',
    Puppetdb::Loglevel         $log_level             = 'info',
    Boolean                    $tmpfs_stockpile_queue = false,
    Array[String]              $facts_blacklist       = [],
    Enum['literal', 'regex']   $facts_blacklist_type  = 'literal',
    Integer[0]                 $gc_interval           = 20,
    Pattern[/\d+[dhms]/]       $node_ttl              = '7d',
    Pattern[/\d+[dhms]/]       $node_purge_ttl        = '14d',
    Pattern[/\d+[dhms]/]       $report_ttl            = '1d',

){

    ## TLS Termination
    # Set up nginx as a reverse-proxy
    base::expose_puppet_certs { '/etc/nginx':
        ensure          => present,
        provide_private => true,
        require         => Class['nginx'],
        ssldir          => $ssldir,
    }

    $ssl_settings = ssl_ciphersuite('nginx', 'mid')
    include sslcert::dhparam
    nginx::site { 'puppetdb':
        ensure  => present,
        content => template('puppetmaster/nginx-puppetdb.conf.erb'),
        require => Class['::sslcert::dhparam'],
    }

    # T209709
    nginx::status_site { $::fqdn:
        port => 10080,
    }

    class { 'puppetdb::app':
        db_rw_host            => $master,
        db_ro_host            => $::fqdn,
        db_password           => $puppetdb_pass,
        db_ro_password        => $puppetdb_ro_pass,
        jvm_opts              => $jvm_opts,
        ssldir                => $ssldir,
        ca_path               => $ca_path,
        log_level             => $log_level,
        tmpfs_stockpile_queue => $tmpfs_stockpile_queue,
        facts_blacklist       => $facts_blacklist,
        facts_blacklist_type  => $facts_blacklist_type,
        gc_interval           => $gc_interval,
        node_ttl              => $node_ttl,
        node_purge_ttl        => $node_purge_ttl,
        report_ttl            => $report_ttl,
    }
}