Puppet Class: icingaweb2::module::puppetdb

Defined in:
manifests/module/puppetdb.pp

Overview

Installs and configures the puppetdb module.

Examples:

Set up the PuppetDB module and configure two custom SSL keys:

$certificates = {
  'pupdb1' => {
    :ssl_key => '-----BEGIN RSA PRIVATE KEY----- abc...',
    :ssl_cacert => '-----BEGIN RSA PRIVATE KEY----- def...',
   },
  'pupdb2' => {
    :ssl_key => '-----BEGIN RSA PRIVATE KEY----- zyx...',
    :ssl_cacert => '-----BEGIN RSA PRIVATE KEY----- wvur...',
  },
}

class { '::icingaweb2::module::puppetdb':
  git_revision => 'master',
  ssl          => 'none',
  certificates => $certificates,
}

Set up the PuppetDB module and configure the hosts SSL key to connect to the PuppetDB host:

class {'::icingaweb2::module::puppetdb':
  git_revision => 'master',
  ssl          => 'puppet',
  host         => 'puppetdb.example.com',
}

Parameters:

  • ensure (Enum['absent', 'present']) (defaults to: 'present')

    Enable or disable module.

  • module_dir (Optional[Stdlib::Absolutepath]) (defaults to: undef)

    Target directory of the module.

  • git_repository (String) (defaults to: 'https://github.com/Icinga/icingaweb2-module-puppetdb.git')

    Set a git repository URL.

  • git_revision (Optional[String]) (defaults to: undef)

    Set either a branch or a tag name, eg. master or v1.3.2.

  • install_method (Enum['git', 'none', 'package']) (defaults to: 'git')

    Install methods are git, package and none is supported as installation method.

  • package_name (String) (defaults to: 'icingaweb2-module-puppetdb')

    Package name of the module. This setting is only valid in combination with the installation method package.

  • ssl (Enum['none', 'puppet']) (defaults to: 'none')

    How to set up ssl certificates. To copy certificates from the local puppet installation, use puppet.

  • host (Optional[Stdlib::Host]) (defaults to: undef)

    Hostname of the server where PuppetDB is running. The ssl parameter needs to be set to puppet.

  • certificates (Hash) (defaults to: {})

    Hash with icingaweb2::module::puppetdb::certificate resources.



60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
# File 'manifests/module/puppetdb.pp', line 60

class icingaweb2::module::puppetdb(
  Enum['absent', 'present']      $ensure         = 'present',
  Optional[Stdlib::Absolutepath] $module_dir     = undef,
  String                         $git_repository = 'https://github.com/Icinga/icingaweb2-module-puppetdb.git',
  Optional[String]               $git_revision   = undef,
  Enum['git', 'none', 'package'] $install_method = 'git',
  String                         $package_name   = 'icingaweb2-module-puppetdb',
  Enum['none', 'puppet']         $ssl            = 'none',
  Optional[Stdlib::Host]         $host           = undef,
  Hash                           $certificates   = {},
) {

  $conf_dir   = "${::icingaweb2::globals::conf_dir}/modules/puppetdb"
  $ssl_dir    = "${conf_dir}/ssl"
  $conf_user  = $::icingaweb2::conf_user
  $conf_group = $::icingaweb2::conf_group

  file { $ssl_dir:
    ensure  => 'directory',
    group   => $conf_group,
    owner   => $conf_user,
    mode    => '2740',
    purge   => true,
    force   => true,
    recurse => true,
  }

  case $ssl {
    'puppet': {

      $puppetdb_ssldir = "${ssl_dir}/${host}"

      file { [$puppetdb_ssldir, "${puppetdb_ssldir}/private_keys", "${puppetdb_ssldir}/certs"]:
        ensure  => 'directory',
        group   => $conf_group,
        owner   => $conf_user,
        mode    => '2740',
        purge   => true,
        force   => true,
        recurse => true,
      }

      file { "${puppetdb_ssldir}/certs/ca.pem":
        ensure => 'present',
        group  => $conf_group,
        owner  => $conf_user,
        mode   => '0640',
        source => "${::settings::ssldir}/certs/ca.pem",
      }

      $combinedkey_path = "${puppetdb_ssldir}/private_keys/${::fqdn}_combined.pem"

      notice($::settings::ssldir)

      concat { $combinedkey_path:
        ensure         => present,
        warn           => false,
        owner          => $conf_user,
        group          => $conf_group,
        mode           => '0640',
        ensure_newline => true,
      }

      concat::fragment { 'private_key':
        target => $combinedkey_path,
        source => "${::settings::ssldir}/private_keys/${::fqdn}.pem",
        order  => 1,
      }

      concat::fragment { 'public_key':
        target => $combinedkey_path,
        source => "${::settings::ssldir}/certs/${::fqdn}.pem",
        order  => 2,
      }

    } # puppet
    'none': { }
    default: { }
  } # case ssl

  create_resources('icingaweb2::module::puppetdb::certificate',$certificates)

  icingaweb2::module {'puppetdb':
    ensure         => $ensure,
    git_repository => $git_repository,
    git_revision   => $git_revision,
    install_method => $install_method,
    module_dir     => $module_dir,
    package_name   => $package_name,
  }

}