Puppet Class: r_profile::puppet::master

Inherits:
r_profile::puppet::params
Defined in:
manifests/puppet/master.pp

Overview

R_profile::Puppet::Master

Puppet Master general settings

Parameters:

  • $data_binding_terminus

    enable (‘heira`)/disable (`none`) automatic hiera lookups

  • $open_firewall

    open ports in IPTables?

  • $nagios_monitored

    create nagios monitoring resources?

  • data_binding_terminus (Enum['none', 'hiera']) (defaults to: hiera("r_profile::puppet::master::data_binding_terminus", $r_profile::puppet::params::data_binding_terminus))
  • open_firewall (Boolean) (defaults to: hiera("r_profile::puppet::master::open_firewall", false))
  • nagios_monitored (Boolean) (defaults to: hiera("r_profile::puppet::master::nagios_monitored", false)) 


9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
 
# File 'manifests/puppet/master.pp', line 9

class r_profile::puppet::master (
    Enum['none', 'hiera'] $data_binding_terminus =
      hiera("r_profile::puppet::master::data_binding_terminus", $r_profile::puppet::params::data_binding_terminus),
    Boolean $open_firewall    = hiera("r_profile::puppet::master::open_firewall", false),
    Boolean $nagios_monitored = hiera("r_profile::puppet::master::nagios_monitored", false),
) inherits r_profile::puppet::params {

  $puppetconf = $r_profile::puppet::params::puppetconf

  file { $sysconf_puppetserver:
    ensure => file,
    owner  => "root",
    group  => "root",
    mode   => "0644",
  }

  # restart master service if any file_lines change its config file
  File_line <| path == $sysconf_puppetserver |> ~>  [
    Exec["systemctl_daemon_reload"],
    Service["pe-puppetserver"],
  ]

  # data binding terminus explicit
  ini_setting { "puppet.conf data_binding_terminus":
    ensure  => present,
    setting => "data_binding_terminus",
    value   => $data_binding_terminus,
    section => "master",
    path    => $puppetconf,
    notify  => Service["pe-puppetserver"],
  }

  if $open_firewall {
    [8140, 61613, 443, 8142].each | $port | {
      if !defined(Firewall["100 ${::fqdn} HTTP ${port}"]) {
        firewall { "100 ${::fqdn} HTTP ${port}":
          dport  => $port,
          proto  => 'tcp',
          action => 'accept',
        }
      }
    }
  }

  if $nagios_monitored {
    nagios::nagios_service_tcp { 'PE puppetserver':
      port => 8140,
    }

    nagios::nagios_service_tcp { 'PE console':
      port => 443,
    }

    nagios::nagios_service_tcp { 'PE MCollective':
      port => 61613,
    }

    nagios::nagios_service_tcp { 'PE PCP/PXP':
      port => 8142,
    }
  }

}