1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
|
# @summary configures a puppetborad server, fronted by apache2
#
# A parameter $ensure
# (`Enum['present', 'absent'] $ensure = 'present'`)
# would be nice, but class['Apache'] doesn't have that parameter,
# making this a moot point
#
# TODO apt install python3-venv
#
# @param server_name
# Published name of the server
# @param puppetdb_host
# Host to connect for puppetdb
# @param puppetdb_port
# Port to connect for puppetdb
class profiles::puppetboard (
String $server_name,
String $puppetdb_host,
Stdlib::Port $puppetdb_port,
) {
# https://forge.puppet.com/modules/puppet/puppetboard/readme
# Configure Apache
class { 'apache':
default_vhost => false,
purge_configs => true,
}
# Configure puppetboard
include ::letsencrypt
# include ::profiles::certificate
class { 'puppetboard':
manage_git => true,
manage_virtualenv => true,
puppetdb_port => $puppetdb_port,
# Required for /metrics/ to work
puppetdb_host => $puppetdb_host,
enable_catalog => true,
python_loglevel => 'info',
offline_mode => true,
default_environment => '*',
}
if defined(Class['puppetdb']) {
Class['puppetdb'] -> Class['puppetboard']
}
# Don't use "global" certificate, since that probably probably
# requies nginx
letsencrypt::cert { $server_name:
domains => [ $server_name ],
authenticator => 'apache',
config => {
'post-hook' => 'apache2ctl restart',
}
}
# Only set up TLS if we are ready. This allows us to bootstrap
# ourselves the next run.
if $facts['letsencrypt_directory'][$server_name] {
class { 'puppetboard::apache::vhost':
vhost_name => $::fqdn,
port => 443,
* => letsencrypt::conf::apache($server_name),
}
apache::vhost { 'http-redirect':
servername => $::fqdn,
port => 80,
redirect_source => ['/'],
redirect_dest => ["https://${::fqdn}/"],
redirect_status => ['permanent'],
docroot => false,
}
} else {
class { 'puppetboard::apache::vhost':
vhost_name => $::fqdn,
port => 80,
ssl => false,
}
}
}
|