42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
# File 'modules/role/manifests/puppetmaster/standalone.pp', line 42
class role::puppetmaster::standalone(
Boolean $autosign = false,
Boolean $prevent_cherrypicks = false,
Integer[1,30] $git_sync_minutes = 10,
Optional[String] $extra_auth_rules = undef,
Stdlib::Host $server_name = $facts['fqdn'],
Boolean $enable_geoip = false,
Boolean $use_r10k = false,
Boolean $upload_facts = false,
Hash[String, Puppetmaster::R10k::Source] $r10k_sources = {},
Optional[String[1]] $realm_override = undef,
) {
system::role { 'puppetmaster::standalone':
description => 'Cloud VPS project puppetmaster',
}
include profile::openstack::base::puppetmaster::enc_client
include profile::openstack::base::puppetmaster::stale_certs_exporter
include profile::openstack::base::puppetmaster::safe_dirs
# Sync swift rings
class { 'profile::swift::fetch_rings':
volatile_dir => '/var/lib/puppet/volatile',
}
$base_config = {
'node_terminus' => 'exec',
'external_nodes' => '/usr/local/bin/puppet-enc',
'thin_storeconfigs' => false,
'autosign' => $autosign,
}
class {'profile::puppetmaster::common':
base_config => $base_config,
disable_env_config => $use_r10k,
}
$config = $profile::puppetmaster::common::storeconfigs == 'puppetdb' ? {
true => $profile::puppetmaster::common::config + { 'thin_storeconfigs' => true },
default => $profile::puppetmaster::common::config
}
class { 'httpd':
remove_default_ports => true,
modules => [
'proxy',
'proxy_http',
'proxy_balancer',
'passenger',
'rewrite',
'lbmethod_byrequests',
],
}
ensure_packages('libapache2-mod-passenger')
class { 'puppetmaster':
server_name => $server_name,
secure_private => false,
prevent_cherrypicks => $prevent_cherrypicks,
extra_auth_rules => $extra_auth_rules,
config => $config,
enable_geoip => $enable_geoip,
hiera_config => $profile::puppetmaster::common::hiera_config,
use_r10k => $use_r10k,
r10k_sources => $r10k_sources,
upload_facts => $upload_facts,
realm_override => $realm_override,
}
# Update git checkout
class { 'puppetmaster::gitsync':
run_every_minutes => $git_sync_minutes,
}
class { 'puppetmaster::ca_monitoring':
ca_root => "${facts['puppet_config']['master']['ssldir']}/ca",
}
ferm::service { 'puppetmaster-standalone':
proto => 'tcp',
port => 8140,
srange => '$LABS_NETWORKS',
}
}
|