diff options
| author | Hugo Hörnquist <hugo@lysator.liu.se> | 2023-06-13 00:21:49 +0200 |
|---|---|---|
| committer | Hugo Hörnquist <hugo@lysator.liu.se> | 2023-06-13 00:21:49 +0200 |
| commit | 4cc9d39c8374534d710952a4cf52be3e150198eb (patch) | |
| tree | 466b7e99d1b9a8a4733a2372bb2dea297d8e66ca | |
| parent | Puppetdb change fact source. (diff) | |
| parent | Update puppetboard to new certbot. (diff) | |
| download | profiles-4cc9d39c8374534d710952a4cf52be3e150198eb.tar.gz profiles-4cc9d39c8374534d710952a4cf52be3e150198eb.tar.xz | |
Merge branch 'puppetserver'
| -rw-r--r-- | manifests/puppetboard.pp | 69 |
1 files changed, 42 insertions, 27 deletions
diff --git a/manifests/puppetboard.pp b/manifests/puppetboard.pp index b9f1337..a33c02b 100644 --- a/manifests/puppetboard.pp +++ b/manifests/puppetboard.pp @@ -1,4 +1,23 @@ -class profiles::puppetboard { +# @summary configures a puppetborad server, fronted by apache2 +# +# A parameter $ensure +# (`Enum['present', 'absent'] $ensure = 'present'`) +# would be nice, but class['Apache'] doesn't have that parameter, +# making this a moot point +# +# TODO apt install python3-venv +# +# @param server_name +# Published name of the server +# @param puppetdb_host +# Host to connect for puppetdb +# @param puppetdb_port +# Port to connect for puppetdb +class profiles::puppetboard ( + String $server_name, + String $puppetdb_host, + Stdlib::Port $puppetdb_port, +) { # https://forge.puppet.com/modules/puppet/puppetboard/readme # Configure Apache class { 'apache': @@ -6,51 +25,47 @@ class profiles::puppetboard { purge_configs => true, } - $wsgi = $facts['os']['family'] ? { - 'Debian' => { - package_name => 'libapache2-mod-wsgi-py3', - mod_path => '/usr/lib/apache2/modules/mod_wsgi.so', - }, - default => {} - } - - class { 'apache::mod::wsgi': - * => $wsgi, - } - # Configure puppetboard + include ::letsencrypt + # include ::profiles::certificate + class { 'puppetboard': - manage_git => true, - manage_virtualenv => true, - require => Class['puppetdb'], - puppetdb_port => 8080, + manage_git => true, + manage_virtualenv => true, + puppetdb_port => $puppetdb_port, # Required for /metrics/ to work - puppetdb_host => '127.0.0.1', + puppetdb_host => $puppetdb_host, enable_catalog => true, python_loglevel => 'info', offline_mode => true, default_environment => '*', } - class { '::profiles::letsencrypt': - provider => apache, + if defined(Class['puppetdb']) { + Class['puppetdb'] -> Class['puppetboard'] + } + + # Don't use "global" certificate, since that probably probably + # requies nginx + letsencrypt::cert { $server_name: + domains => [ $server_name ], + authenticator => 'apache', + config => { + 'post-hook' => 'apache2ctl restart', + } } # Only set up TLS if we are ready. This allows us to bootstrap # ourselves the next run. - $certname = lookup('certname') - if $certname and $facts['letsencrypt_directory'][$certname] { + if $facts['letsencrypt_directory'][$server_name] { class { 'puppetboard::apache::vhost': vhost_name => $::fqdn, port => 443, - ssl => true, - ssl_cert => "/etc/letsencrypt/live/${certname}/cert.pem", - ssl_key => "/etc/letsencrypt/live/${certname}/privkey.pem", - ssl_chain => "/etc/letsencrypt/live/${certname}/fullchain.pem", + * => letsencrypt::conf::apache($server_name), } - apache::vhost { "http-redirect": + apache::vhost { 'http-redirect': servername => $::fqdn, port => 80, redirect_source => ['/'], |