manifests/puppetboard.pp


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83

# @summary configures a puppetborad server, fronted by apache2
#
# A parameter $ensure
# (`Enum['present', 'absent'] $ensure = 'present'`)
# would be nice, but class['Apache'] doesn't have that parameter,
# making this a moot point
#
# TODO apt install python3-venv
#
# @param server_name
#   Published name of the server
# @param puppetdb_host
#   Host to connect for puppetdb
# @param puppetdb_port
#   Port to connect for puppetdb
class profiles::puppetboard (
  String $server_name,
  String $puppetdb_host,
  Stdlib::Port $puppetdb_port,
) {
  # https://forge.puppet.com/modules/puppet/puppetboard/readme
  # Configure Apache
  class { 'apache':
    default_vhost => false,
    purge_configs => true,
  }

  # Configure puppetboard

  include ::letsencrypt
  # include ::profiles::certificate

  class { 'puppetboard':
    manage_git          => true,
    manage_virtualenv   => true,
    puppetdb_port       => $puppetdb_port,
    # Required for /metrics/ to work
    puppetdb_host       => $puppetdb_host,
    enable_catalog      => true,
    python_loglevel     => 'info',
    offline_mode        => true,
    default_environment => '*',
  }

  if defined(Class['puppetdb']) {
    Class['puppetdb'] -> Class['puppetboard']
  }

  # Don't use "global" certificate, since that probably probably
  # requies nginx
  letsencrypt::cert { $server_name:
    domains       => [ $server_name ],
    authenticator => 'apache',
    config        => {
      'post-hook' => 'apache2ctl restart',
    }
  }

  # Only set up TLS if we are ready. This allows us to bootstrap
  # ourselves the next run.
  if $facts['letsencrypt_directory'][$server_name] {
    class { 'puppetboard::apache::vhost':
      vhost_name => $::fqdn,
      port       => 443,
      *          => letsencrypt::conf::apache($server_name),
    }

    apache::vhost { 'http-redirect':
      servername      => $::fqdn,
      port            => 80,
      redirect_source => ['/'],
      redirect_dest   => ["https://${::fqdn}/"],
      redirect_status => ['permanent'],
      docroot         => false,
    }
  } else {
    class { 'puppetboard::apache::vhost':
      vhost_name => $::fqdn,
      port       => 80,
      ssl        => false,
    }
  }
}