1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
|
# @summary configures a puppetborad server, fronted by apache2
#
# A parameter $ensure
# (`Enum['present', 'absent'] $ensure = 'present'`)
# would be nice, but class['Apache'] doesn't have that parameter,
# making this a moot point
#
# @param puppetdb_host
# Host to connect for puppetdb
# @param puppetdb_port
# Port to connect for puppetdb
class profiles::puppetboard (
String $puppetdb_host,
Stdlib::Port $puppetdb_port,
) {
# https://forge.puppet.com/modules/puppet/puppetboard/readme
# Configure Apache
class { 'apache':
default_vhost => false,
purge_configs => true,
}
# Configure puppetboard
class { 'puppetboard':
manage_git => true,
manage_virtualenv => true,
require => Class['puppetdb'],
puppetdb_port => $puppetdb_port,
# Required for /metrics/ to work
puppetdb_host => $puppetdb_host,
enable_catalog => true,
python_loglevel => 'info',
offline_mode => true,
default_environment => '*',
}
class { '::profiles::letsencrypt':
provider => apache,
}
# Only set up TLS if we are ready. This allows us to bootstrap
# ourselves the next run.
$certname = lookup('certname')
if $certname and $facts['letsencrypt_directory'][$certname] {
class { 'puppetboard::apache::vhost':
vhost_name => $::fqdn,
port => 443,
ssl => true,
ssl_cert => "/etc/letsencrypt/live/${certname}/cert.pem",
ssl_key => "/etc/letsencrypt/live/${certname}/privkey.pem",
ssl_chain => "/etc/letsencrypt/live/${certname}/fullchain.pem",
}
apache::vhost { "http-redirect":
servername => $::fqdn,
port => 80,
redirect_source => ['/'],
redirect_dest => ["https://${::fqdn}/"],
redirect_status => ['permanent'],
docroot => false,
}
} else {
class { 'puppetboard::apache::vhost':
vhost_name => $::fqdn,
port => 80,
ssl => false,
}
}
}
|
