Puppet Class: icingaweb2::module::puppetdb

Defined in:
manifests/module/puppetdb.pp

Summary

Overview

Installs and configures the puppetdb module.

Note:

If you want to use ‘git` as `install_method`, the CLI `git` command has to be installed. You can manage it yourself as package resource or declare the package name in icingaweb2 class parameter `extra_packages`.

Note:

The [PuppetDB module documentation](www.icinga.com/docs/director/latest/puppetdb/doc/01-Installation/).

Examples:

Set up the PuppetDB module and configure two custom SSL keys:

$certificates = {
  'pupdb1' => {
    :ssl_key => '-----BEGIN RSA PRIVATE KEY----- abc...',
    :ssl_cacert => '-----BEGIN RSA PRIVATE KEY----- def...',
   },
  'pupdb2' => {
    :ssl_key => '-----BEGIN RSA PRIVATE KEY----- zyx...',
    :ssl_cacert => '-----BEGIN RSA PRIVATE KEY----- wvur...',
  },
}

class { '::icingaweb2::module::puppetdb':
  git_revision => 'master',
  ssl          => 'none',
  certificates => $certificates,
}

Set up the PuppetDB module and configure the hosts SSL key to connect to the PuppetDB host:

class {'::icingaweb2::module::puppetdb':
  git_revision => 'master',
  ssl          => 'puppet',
  host         => 'puppetdb.example.com',
}

Parameters:

  • ensure (Enum['absent', 'present']) (defaults to: 'present')

    Enable or disable module.

  • module_dir (Optional[Stdlib::Absolutepath]) (defaults to: undef)

    Target directory of the module.

  • git_repository (String) (defaults to: 'https://github.com/Icinga/icingaweb2-module-puppetdb.git')

    Set a git repository URL.

  • git_revision (Optional[String]) (defaults to: undef)

    Set either a branch or a tag name, eg. ‘master` or `v1.3.2`.

  • install_method (Enum['git', 'none', 'package']) (defaults to: 'git')

    Install methods are ‘git`, `package` and `none` is supported as installation method.

  • package_name (String) (defaults to: 'icingaweb2-module-puppetdb')

    Package name of the module. This setting is only valid in combination with the installation method ‘package`.

  • ssl (Enum['none', 'puppet']) (defaults to: 'none')

    How to set up ssl certificates. To copy certificates from the local puppet installation, use ‘puppet`.

  • host (Optional[Stdlib::Host]) (defaults to: undef)

    Hostname of the server where PuppetDB is running. The ‘ssl` parameter needs to be set to `puppet`.

  • certificates (Hash) (defaults to: {})

    Hash with icingaweb2::module::puppetdb::certificate resources.



60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
 
# File 'manifests/module/puppetdb.pp', line 60

class icingaweb2::module::puppetdb(
  Enum['absent', 'present']      $ensure         = 'present',
  Optional[Stdlib::Absolutepath] $module_dir     = undef,
  String                         $git_repository = 'https://github.com/Icinga/icingaweb2-module-puppetdb.git',
  Optional[String]               $git_revision   = undef,
  Enum['git', 'none', 'package'] $install_method = 'git',
  String                         $package_name   = 'icingaweb2-module-puppetdb',
  Enum['none', 'puppet']         $ssl            = 'none',
  Optional[Stdlib::Host]         $host           = undef,
  Hash                           $certificates   = {},
) {

  $conf_dir   = "${::icingaweb2::globals::conf_dir}/modules/puppetdb"
  $ssl_dir    = "${conf_dir}/ssl"
  $conf_user  = $::icingaweb2::conf_user
  $conf_group = $::icingaweb2::conf_group

  file { $ssl_dir:
    ensure  => 'directory',
    group   => $conf_group,
    owner   => $conf_user,
    mode    => '2740',
    purge   => true,
    force   => true,
    recurse => true,
  }

  case $ssl {
    'puppet': {

      $puppetdb_ssldir = "${ssl_dir}/${host}"

      file { [$puppetdb_ssldir, "${puppetdb_ssldir}/private_keys", "${puppetdb_ssldir}/certs"]:
        ensure  => 'directory',
        group   => $conf_group,
        owner   => $conf_user,
        mode    => '2740',
        purge   => true,
        force   => true,
        recurse => true,
      }

      file { "${puppetdb_ssldir}/certs/ca.pem":
        ensure => 'present',
        group  => $conf_group,
        owner  => $conf_user,
        mode   => '0640',
        source => "${::settings::ssldir}/certs/ca.pem",
      }

      $combinedkey_path = "${puppetdb_ssldir}/private_keys/${::fqdn}_combined.pem"

      notice($::settings::ssldir)

      concat { $combinedkey_path:
        ensure         => present,
        warn           => false,
        owner          => $conf_user,
        group          => $conf_group,
        mode           => '0640',
        ensure_newline => true,
      }

      concat::fragment { 'private_key':
        target => $combinedkey_path,
        source => "${::settings::ssldir}/private_keys/${::fqdn}.pem",
        order  => 1,
      }

      concat::fragment { 'public_key':
        target => $combinedkey_path,
        source => "${::settings::ssldir}/certs/${::fqdn}.pem",
        order  => 2,
      }

    } # puppet
    'none': { }
    default: { }
  } # case ssl

  create_resources('icingaweb2::module::puppetdb::certificate',$certificates)

  icingaweb2::module {'puppetdb':
    ensure         => $ensure,
    git_repository => $git_repository,
    git_revision   => $git_revision,
    install_method => $install_method,
    module_dir     => $module_dir,
    package_name   => $package_name,
  }

}