# @summary configures a puppetborad server, fronted by apache2 # # A parameter $ensure # (`Enum['present', 'absent'] $ensure = 'present'`) # would be nice, but class['Apache'] doesn't have that parameter, # making this a moot point # # TODO apt install python3-venv # # @param server_name # Published name of the server # @param puppetdb_host # Host to connect for puppetdb # @param puppetdb_port # Port to connect for puppetdb class profiles::puppetboard ( String $server_name, String $puppetdb_host, Stdlib::Port $puppetdb_port, ) { # https://forge.puppet.com/modules/puppet/puppetboard/readme # Configure Apache class { 'apache': default_vhost => false, purge_configs => true, } # Configure puppetboard include ::letsencrypt # include ::profiles::certificate class { 'puppetboard': manage_git => true, manage_virtualenv => true, puppetdb_port => $puppetdb_port, # Required for /metrics/ to work puppetdb_host => $puppetdb_host, enable_catalog => true, python_loglevel => 'info', offline_mode => true, default_environment => '*', } if defined(Class['puppetdb']) { Class['puppetdb'] -> Class['puppetboard'] } # Don't use "global" certificate, since that probably probably # requies nginx letsencrypt::cert { $server_name: domains => [ $server_name ], authenticator => 'apache', config => { 'post-hook' => 'apache2ctl restart', } } # Only set up TLS if we are ready. This allows us to bootstrap # ourselves the next run. if $facts['letsencrypt_directory'][$server_name] { class { 'puppetboard::apache::vhost': vhost_name => $::fqdn, port => 443, * => letsencrypt::conf::apache($server_name), } apache::vhost { 'http-redirect': servername => $::fqdn, port => 80, redirect_source => ['/'], redirect_dest => ["https://${::fqdn}/"], redirect_status => ['permanent'], docroot => false, } } else { class { 'puppetboard::apache::vhost': vhost_name => $::fqdn, port => 80, ssl => false, } } }