From 137c0827ccebcd212869f17e803e3180ee7b5322 Mon Sep 17 00:00:00 2001 From: Arne Teuke Date: Mon, 27 Oct 2025 15:47:43 +0100 Subject: [PATCH 1/2] remove all references for puppetdb - https://gitlab.confdroid.com/internal/confdroid_management/-/issues/284 --- README.md | 5 +- manifests/main/config.pp | 4 - manifests/main/files.pp | 23 ---- manifests/main/install.pp | 5 - manifests/main/user.pp | 19 ---- manifests/params.pp | 64 +---------- manifests/puppetdb/dirs.pp | 64 ----------- manifests/puppetdb/files.pp | 117 --------------------- manifests/puppetdb/service.pp | 19 ---- templates/puppetdb/bootstrap.cfg.erb | 32 ------ templates/puppetdb/config.ini.erb | 11 -- templates/puppetdb/database.ini.erb | 10 -- templates/puppetdb/jetty.ini.erb | 31 ------ templates/puppetdb/logback.xml.erb | 59 ----------- templates/puppetdb/puppetdb.conf.erb | 7 -- templates/puppetdb/puppetdb_service.erb | 48 --------- templates/puppetdb/repl.ini.erb | 13 --- templates/puppetdb/request_logging.xml.erb | 17 --- 18 files changed, 5 insertions(+), 543 deletions(-) delete mode 100644 manifests/puppetdb/dirs.pp delete mode 100644 manifests/puppetdb/files.pp delete mode 100644 manifests/puppetdb/service.pp delete mode 100644 templates/puppetdb/bootstrap.cfg.erb delete mode 100644 templates/puppetdb/config.ini.erb delete mode 100644 templates/puppetdb/database.ini.erb delete mode 100644 templates/puppetdb/jetty.ini.erb delete mode 100644 templates/puppetdb/logback.xml.erb delete mode 100644 templates/puppetdb/puppetdb.conf.erb delete mode 100644 templates/puppetdb/puppetdb_service.erb delete mode 100644 templates/puppetdb/repl.ini.erb delete mode 100644 templates/puppetdb/request_logging.xml.erb diff --git a/README.md b/README.md index 1ae5c2e..f1b8099 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,8 @@ ## Synopsis -This Puppet module configures settings for Puppet master and agents, PuppetDB and R10k, the full bundle. +This Puppet module configures settings for Puppet master , agents and R10k, the full bundle. Puppetdb has been outsourced to a [module](https://gitlab.confdroid.com/puppet/puppetdb_cd) on its own, due to complexity + The syntax is specifically for Puppet Core 8 and Rocky 9, although might work elsewhere as well. This module is also designed to work with External Node Classifiers (ENC), for instance Foreman. @@ -20,8 +21,6 @@ This module is also designed to work with External Node Classifiers (ENC), for i On your puppetmaster, If you set `$pt_use_r10k`to `true`, it also installs r10k to connect to a control repo and manage the code available to clients via Puppetfile. If you set `$pt_use_r10k_webhook`to `true`, it also installs a simple webhook listener to watch for post_hooks from gitlab, and triggers the r10k deployment. -* if the host FQDN matches your specified puppetdb host via `$pt_db_fqdn`, Puppetdb is installed and added to the puppetmaster config. Settings for the (external) postgreSQL database are also configured. - * open firewall ports depending on fqdn choices * start services as required * manage directories diff --git a/manifests/main/config.pp b/manifests/main/config.pp index ecd2a8d..c37ff6a 100644 --- a/manifests/main/config.pp +++ b/manifests/main/config.pp @@ -8,10 +8,6 @@ class puppet_cd::main::config ( ) inherits puppet_cd::params { include puppet_cd::server::service - if $pt_use_puppetdb == true { - include puppet_cd::puppetdb::service - } - if $pt_use_r10k == true { include puppet_cd::r10k::install } diff --git a/manifests/main/files.pp b/manifests/main/files.pp index 47c5f7b..b7237ab 100644 --- a/manifests/main/files.pp +++ b/manifests/main/files.pp @@ -31,27 +31,4 @@ class puppet_cd::main::files ( notify => Service[$pt_agent_service,$pt_server_service], } } - - if $pt_use_puppetdb == true { - file { $pt_puppetdb_conf_file: - ensure => file, - path => $pt_puppetdb_conf_file, - owner => 'root', - group => 'root', - mode => '0644', - content => template($pt_puppetdb_conf_erb), -# notify => Service[$pt_agent_service,$pt_server_service], - } - - # fix service file syslog vs journald - file { $pt_puppetdb_service_file: - ensure => file, - path => $pt_puppetdb_service_file, - owner => 'root', - group => 'root', - mode => '0644', - content => template($pt_puppetdb_service_erb), - notify => Service[$pt_db_service], - } - } } diff --git a/manifests/main/install.pp b/manifests/main/install.pp index 900d6c7..111e937 100644 --- a/manifests/main/install.pp +++ b/manifests/main/install.pp @@ -15,10 +15,5 @@ class puppet_cd::main::install ( ensure => $pt_pkg_ensure, } } - - if $fqdn == $pt_db_fqdn { - package { $pt_db_pkg: - ensure => $pt_pkg_ensure, - } } } diff --git a/manifests/main/user.pp b/manifests/main/user.pp index 6f50fe1..b6445f9 100644 --- a/manifests/main/user.pp +++ b/manifests/main/user.pp @@ -24,23 +24,4 @@ class puppet_cd::main::user ( allowdupe => false, } } - - if ($fqdn == $pt_db_fqdn) and ($pt_manage_db_user == true) { - user { $pt_db_user: - ensure => present, - name => $pt_db_user, - allowdupe => false, - comment => $pt_db_user_comment, - gid => $pt_db_user, - managehome => true, - home => $pt_db_user_home, - shell => $pt_db_user_shell, - } - - group { $pt_db_user: - ensure => present, - name => $pt_db_user, - allowdupe => false, - } - } } diff --git a/manifests/params.pp b/manifests/params.pp index 60c2d75..41743ed 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -90,7 +90,6 @@ class puppet_cd::params ( Boolean $pt_manage_fw = true, String $pt_pm_fqdn = 'puppetmaster.example.net', - String $pt_db_fqdn = 'puppetdb.example.net', # installation String $pt_pkg_ensure = 'latest', @@ -107,12 +106,7 @@ class puppet_cd::params ( String $pt_user_comment = 'puppetserver daemon', String $pt_user_home = '/opt/puppetlabs/server/data/puppetserver', String $pt_user_shell = '/sbin/nologin', - ## puppetdb user - Boolean $pt_manage_db_user = false, - String $pt_db_user = 'puppetdb', - String $pt_db_user_comment = 'PuppetDB daemon', - String $pt_db_user_home = '/opt/puppetlabs/server/data/puppetdb', - String $pt_db_user_shell = '/sbin/nologin', + # templates ## puppet String $pt_environment = 'production', @@ -142,33 +136,6 @@ class puppet_cd::params ( String $pt_storeconfigs_backend = 'puppetdb', String $pt_parser = 'current', Boolean $pt_cert_revocation = true, - ## puppetdb - Boolean $pt_use_puppetdb = false, - String $pt_logging_max_file_size = '200MB', - String $pt_logging_max_history = '90', - String $pt_logging_total_size = '1GB', - String $pt_com_proc_threads = '4', - String $pt_concurrent_writes = '4', - String $pt_db_subname = '//localhost:5432/puppetdb', - String $pt_db_username = 'foobar', - String $pt_db_password = 'foobar', - String $pt_gc_interval = '60', - String $pt_log_slow_statements = '10', - String $pt_no_ssl_port = '8080', - String $pt_ssl_port = '8081', - Boolean $pt_use_ssl_only = true, - String $pt_puppetdb_source_lan = '0.0.0.0/0', - Boolean $pt_soft_write_failure = false, - String $pt_no_ssl_host = '0.0.0.0', - String $pt_ssl_host = '0.0.0.0', - String $pt_ssl_key = '/etc/puppetlabs/puppetdb/ssl/private.pem', - String $pt_ssl_cert = '/etc/puppetlabs/puppetdb/ssl/public.pem', - String $pt_ssl_ca_cert = '/etc/puppetlabs/puppetdb/ssl/ca.pem', - Boolean $pt_log_access = false, - String $pt_access_log_config = '/etc/puppetlabs/puppetdb/request-logging.xml', - Boolean $pt_enable_repl = false, - String $pt_repl_port = '8082', - String $pt_repl_host = '127.0.0.1', # r10k Boolean $pt_use_r10k = false, @@ -197,12 +164,7 @@ class puppet_cd::params ( $pt_rundir_master = '/var/run/puppetlabs/puppetserver' $pt_vardir = '/opt/puppetlabs/puppet/cache' $pt_vardir_master = '/opt/puppetlabs/server/data/puppetserver' -## puppetdb - $pt_puppetdb_main = '/etc/puppetlabs/puppetdb' - $pt_puppetdb_conf_d = "${pt_puppetdb_main}/conf.d" - $pt_puppetdb_ssl = "${pt_puppetdb_main}/ssl" - $pt_puppetdb_log = '/var/log/puppetlabs/puppetdb' - $pt_puppetdb_var_dir = '/opt/puppetlabs/server/data/puppetdb' + ## r10k $pt_r10k_dir = "${pt_main_dir}/r10k" $pt_r10k_webhook_dir = '/etc/r10k-webhook' @@ -213,26 +175,7 @@ class puppet_cd::params ( $pt_puppet_conf_erb = 'puppet_cd/puppet.conf.erb' $pt_agent_conf_erb = 'puppet_cd/agent.conf.erb' $pt_hiera_config = "${pt_puppetdir}/hiera.yaml" -## puppetdb - $pt_bootstrap_conf = "${pt_puppetdb_main}/bootstrap.cfg" - $pt_bootstrap_erb = 'puppet_cd/puppetdb/bootstrap.cfg.erb' - $pt_puppetdb_access_log = "${pt_puppetdb_log}/puppetdb-access" - $pt_request_logging_conf = "${pt_puppetdb_main}/request-logging.xml" - $pt_request_logging_erb = 'puppet_cd/puppetdb/request_logging.xml.erb' - $pt_logback_conf = "${pt_puppetdb_main}/logback.xml" - $pt_logback_erb = 'puppet_cd/puppetdb/logback.xml.erb' - $pt_puppetdb_config_ini = "${pt_puppetdb_conf_d}/config.ini" - $pt_puppetdb_config_erb = 'puppet_cd/puppetdb/config.ini.erb' - $pt_puppetdb_database_ini = "${pt_puppetdb_conf_d}/database.ini" - $pt_puppetdb_database_erb = 'puppet_cd/puppetdb/database.ini.erb' - $pt_puppetdb_jetty_ini = "${pt_puppetdb_conf_d}/jetty.ini" - $pt_puppetdb_jetty_erb = 'puppet_cd/puppetdb/jetty.ini.erb' - $pt_puppetdb_conf_file = "${pt_puppetdir}/puppetdb.conf" - $pt_puppetdb_conf_erb = 'puppet_cd/puppetdb/puppetdb.conf.erb' - $pt_puppetdb_repl_ini = "${pt_puppetdb_conf_d}/repl.ini" - $pt_puppetdb_repl_erb = 'puppet_cd/puppetdb/repl.ini.erb' - $pt_puppetdb_service_file = '/usr/lib/systemd/system/puppetdb.service' - $pt_puppetdb_service_erb = 'puppet_cd/puppetdb/puppetdb_service.erb' + ## r10k $pt_r10k_file = "${pt_r10k_dir}/r10k.yaml" $pt_r10k_erb = 'puppet_cd/r10k/r10k.yaml.erb' @@ -243,7 +186,6 @@ class puppet_cd::params ( # service $pt_server_service = 'puppetserver' $pt_agent_service = 'puppet' - $pt_db_service = 'puppetdb' $pt_r10k_webhook_service = 'r10k_gitlab_webhook' # diff --git a/manifests/puppetdb/dirs.pp b/manifests/puppetdb/dirs.pp deleted file mode 100644 index cba4f2d..0000000 --- a/manifests/puppetdb/dirs.pp +++ /dev/null @@ -1,64 +0,0 @@ -## puppet_cd::puppetdb::dirs.pp -# Module name: puppet_cd -# Author: Arne Teuke (arne_teuke@confdroid) -# @summary Class manages puppetdb directories -############################################################################### -class puppet_cd::puppetdb::dirs ( - -) inherits puppet_cd::params { - if ($fqdn == $pt_db_fqdn) and ($pt_use_puppetdb == true) { - require puppet_cd::main::install - - # main directory - file { $pt_puppetdb_main: - ensure => directory, - path => $pt_puppetdb_main, - owner => $pt_db_user, - group => $pt_db_user, - mode => '0750', - selrange => s0, - selrole => object_r, - seltype => etc_t, - seluser => system_u, - } - - # conf.d directory - file { $pt_puppetdb_conf_d: - ensure => directory, - path => $pt_puppetdb_conf_d, - owner => $pt_db_user, - group => $pt_db_user, - mode => '0750', - selrange => s0, - selrole => object_r, - seltype => etc_t, - seluser => system_u, - } - - # ssl directory - file { $pt_puppetdb_ssl: - ensure => directory, - path => $pt_puppetdb_ssl, - owner => $pt_db_user, - group => $pt_db_user, - mode => '0750', - selrange => s0, - selrole => object_r, - seltype => etc_t, - seluser => system_u, - } - - # log dir - file { $pt_puppetdb_log: - ensure => directory, - path => $pt_puppetdb_log, - owner => $pt_db_user, - group => $pt_db_user, - mode => '0700', - selrange => s0, - selrole => object_r, - seltype => var_log_t, - seluser => system_u, - } - } -} diff --git a/manifests/puppetdb/files.pp b/manifests/puppetdb/files.pp deleted file mode 100644 index 6c52216..0000000 --- a/manifests/puppetdb/files.pp +++ /dev/null @@ -1,117 +0,0 @@ -## puppet_cd::puppetdb::files.pp -# Module name: puppet_cd -# Author: Arne Teuke (arne_teuke@confdroid) -# @summary Class manages puppetdb files -############################################################################### -class puppet_cd::puppetdb::files ( - -) inherits puppet_cd::params { - if ($fqdn == $pt_db_fqdn) and ($pt_use_puppetdb == true) { - require puppet_cd::puppetdb::dirs - - # bootstrap.cfg - file { $pt_bootstrap_conf: - ensure => file, - path => $pt_bootstrap_conf, - owner => 'root', - group => 'root', - mode => '0644', - selrange => s0, - selrole => object_r, - seltype => puppet_etc_t, - seluser => system_u, - content => template($pt_bootstrap_erb), - notify => Service[$pt_db_service], - } - - # requestlogging.xml - file { $pt_request_logging_conf: - ensure => file, - path => $pt_request_logging_conf, - owner => 'root', - group => 'root', - mode => '0644', - selrange => s0, - selrole => object_r, - seltype => puppet_etc_t, - seluser => system_u, - content => template($pt_request_logging_erb), - notify => Service[$pt_db_service], - } - - # logback.xml - file { $pt_logback_conf: - ensure => file, - path => $pt_logback_conf, - owner => 'root', - group => 'root', - mode => '0644', - selrange => s0, - selrole => object_r, - seltype => puppet_etc_t, - seluser => system_u, - content => template($pt_logback_erb), - notify => Service[$pt_db_service], - } - - # config.ini - file { $pt_puppetdb_config_ini: - ensure => file, - path => $pt_puppetdb_config_ini, - owner => 'root', - group => 'root', - mode => '0644', - selrange => s0, - selrole => object_r, - seltype => puppet_etc_t, - seluser => system_u, - content => template($pt_puppetdb_config_erb), - notify => Service[$pt_db_service], - } - - # database.ini - file { $pt_puppetdb_database_ini: - ensure => file, - path => $pt_puppetdb_database_ini, - owner => 'root', - group => 'root', - mode => '0644', - selrange => s0, - selrole => object_r, - seltype => puppet_etc_t, - seluser => system_u, - content => template($pt_puppetdb_database_erb), - notify => Service[$pt_db_service], - } - - # jetty.ini - file { $pt_puppetdb_jetty_ini : - ensure => file, - path => $pt_puppetdb_jetty_ini , - owner => 'root', - group => 'root', - mode => '0644', - selrange => s0, - selrole => object_r, - seltype => puppet_etc_t, - seluser => system_u, - content => template($pt_puppetdb_jetty_erb), - notify => Service[$pt_db_service], - } - - # repl.ini - file { $pt_puppetdb_repl_ini: - ensure => file, - path => $pt_puppetdb_repl_ini, - owner => 'root', - group => 'root', - mode => '0644', - selrange => s0, - selrole => object_r, - seltype => puppet_etc_t, - seluser => system_u, - content => template($pt_puppetdb_repl_erb), - notify => Service[$pt_db_service], - } - } -} diff --git a/manifests/puppetdb/service.pp b/manifests/puppetdb/service.pp deleted file mode 100644 index 7c776a6..0000000 --- a/manifests/puppetdb/service.pp +++ /dev/null @@ -1,19 +0,0 @@ -## puppet_cd::puppetdb::service.pp -# Module name: puppet_cd -# Author: Arne Teuke (arne_teuke@confdroid) -# @summary Class manages puppetdb service -############################################################################### -class puppet_cd::puppetdb::service ( - -) inherits puppet_cd::params { - if ($fqdn == $pt_db_fqdn) and ($pt_use_puppetdb == true) { - require puppet_cd::puppetdb::files - - service { $pt_db_service: - ensure => running, - hasstatus => true, - hasrestart => true, - enable => true, - } - } -} diff --git a/templates/puppetdb/bootstrap.cfg.erb b/templates/puppetdb/bootstrap.cfg.erb deleted file mode 100644 index ed31588..0000000 --- a/templates/puppetdb/bootstrap.cfg.erb +++ /dev/null @@ -1,32 +0,0 @@ -############################################################################### -########## bootstrap.cfg managed by puppet agent ########## -############################################################################### - -# This file is used by the application framework (trapperkeeper) to -# determine what services should be loaded at boot time. -# For more info, see: -# https://github.com/puppetlabs/trapperkeeper/wiki/Bootstrapping - -# Web Server -puppetlabs.trapperkeeper.services.webserver.jetty9-service/jetty9-service - -# Webrouting -puppetlabs.trapperkeeper.services.webrouting.webrouting-service/webrouting-service - -# TK status -puppetlabs.trapperkeeper.services.metrics.metrics-service/metrics-webservice -puppetlabs.trapperkeeper.services.status.status-service/status-service -puppetlabs.trapperkeeper.services.scheduler.scheduler-service/scheduler-service - -# PuppetDB Services -puppetlabs.puppetdb.cli.services/puppetdb-service -puppetlabs.puppetdb.command/command-service -puppetlabs.puppetdb.pdb-routing/maint-mode-service -puppetlabs.puppetdb.pdb-routing/pdb-routing-service -puppetlabs.puppetdb.config/config-service - -# NREPL -puppetlabs.trapperkeeper.services.nrepl.nrepl-service/nrepl-service - -# Dashboard redirect: remove to disable -puppetlabs.puppetdb.dashboard/dashboard-redirect-service diff --git a/templates/puppetdb/config.ini.erb b/templates/puppetdb/config.ini.erb deleted file mode 100644 index bc5f428..0000000 --- a/templates/puppetdb/config.ini.erb +++ /dev/null @@ -1,11 +0,0 @@ -############################################################################### -########## config.ini managed by puppet agent ########## -############################################################################### - -[global] -vardir = <%= @pt_puppetdb_var_dir %> -logging-config = <%= @pt_logback_conf %> - -[command-processing] -threads = <%= @pt_com_proc_threads %> -concurrent-writes = <%= @pt_concurrent_writes %> diff --git a/templates/puppetdb/database.ini.erb b/templates/puppetdb/database.ini.erb deleted file mode 100644 index 5534376..0000000 --- a/templates/puppetdb/database.ini.erb +++ /dev/null @@ -1,10 +0,0 @@ -############################################################################### -########## database.ini managed by puppet agent ########## -############################################################################### - -[database] -subname = <%= @pt_db_subname %> -username = <%= @pt_db_username %> -password = <%= @pt_db_password %> - -gc-interval = <%= @pt_gc_interval %> diff --git a/templates/puppetdb/jetty.ini.erb b/templates/puppetdb/jetty.ini.erb deleted file mode 100644 index a12eef3..0000000 --- a/templates/puppetdb/jetty.ini.erb +++ /dev/null @@ -1,31 +0,0 @@ -############################################################################### -########## jetty.ini managed by puppet agent ########## -############################################################################### - -[jetty] -<% if @pt_use_ssl_only != true %> -host = <%= @pt_no_ssl_host %> -port = <%= @pt_no_ssl_port %> - -# ssl -ssl-host = <%= @pt_ssl_host %> -ssl-port = <%= @pt_ssl_port %> -ssl-key = <%= @pt_ssl_key %> -ssl-cert = <%= @pt_ssl_cert %> -ssl-ca-cert = <%= @pt_ssl_ca_cert %> - -<% if @pt_log_access == true %> -access-log-config = <%= @pt_access_log_config %> -<% end end %> - - -<% if @pt_use_ssl_only == true %> -ssl-host = <%= @pt_ssl_host %> -ssl-port = <%= @pt_ssl_port %> -ssl-key = <%= @pt_ssl_key %> -ssl-cert = <%= @pt_ssl_cert %> -ssl-ca-cert = <%= @pt_ssl_ca_cert %> - -<% if @pt_log_access == true %> -access-log-config = <%= @pt_access_log_config %> -<% end end %> diff --git a/templates/puppetdb/logback.xml.erb b/templates/puppetdb/logback.xml.erb deleted file mode 100644 index 2815728..0000000 --- a/templates/puppetdb/logback.xml.erb +++ /dev/null @@ -1,59 +0,0 @@ - - - - %d %-5p [%c{2}] %m%n - - - - - /var/log/puppetlabs/puppetdb/puppetdb.log - true - - /var/log/puppetlabs/puppetdb/puppetdb-%d{yyyy-MM-dd}.%i.log.gz - - 200MB - 90 - 1GB - - - %d %-5p [%c{2}] %m%n - - - - - - - - - - - - - - /var/log/puppetlabs/puppetdb/puppetdb-status.log - true - - - /var/log/puppetlabs/puppetdb/puppetdb-status-%d{yyyy-MM-dd}.%i.log.gz - - 200MB - 90 - 1GB - - - - %m%n - - - - - - - - - - - - - diff --git a/templates/puppetdb/puppetdb.conf.erb b/templates/puppetdb/puppetdb.conf.erb deleted file mode 100644 index 1ba8180..0000000 --- a/templates/puppetdb/puppetdb.conf.erb +++ /dev/null @@ -1,7 +0,0 @@ -############################################################################### -########## puppetdb.conf managed by puppet agent ########## -############################################################################### - -[main] -server_urls = https://<%= @pt_db_fqdn%>:<%= @pt_ssl_port %> -soft_write_failure = <%= @pt_soft_write_failure %> diff --git a/templates/puppetdb/puppetdb_service.erb b/templates/puppetdb/puppetdb_service.erb deleted file mode 100644 index e92cffc..0000000 --- a/templates/puppetdb/puppetdb_service.erb +++ /dev/null @@ -1,48 +0,0 @@ -# -# Local settings can be configured without being overwritten by package upgrades, for example -# if you want to increase puppetdb open-files-limit to 10000, -# you need to increase systemd's LimitNOFILE setting, so create a file named -# "/etc/systemd/system/puppetdb.service.d/limits.conf" containing: -# [Service] -# LimitNOFILE=10000 -# You can confirm it worked by running systemctl daemon-reload -# then running systemctl show puppetdb | grep LimitNOFILE -# -[Unit] -Description=puppetdb Service -After=syslog.target network.target nss-lookup.target - -[Service] -Type=forking -EnvironmentFile=/etc/sysconfig/puppetdb -User=puppetdb -TimeoutStartSec=14400 -TimeoutStopSec=60 -Restart=on-failure -StartLimitBurst=5 -PIDFile=/run/puppetlabs/puppetdb/puppetdb.pid - -# https://tickets.puppetlabs.com/browse/EZ-129 -# Prior to systemd v228, TasksMax was unset by default, and unlimited. Starting in 228 a default of '512' -# was implemented. This is low enough to cause problems for certain applications. In systemd 231, the -# default was changed to be 15% of the default kernel limit. This explicitly sets TasksMax to 4915, -# which should match the default in systemd 231 and later. -# See https://github.com/systemd/systemd/issues/3211#issuecomment-233676333 -TasksMax=4915 - -#set default privileges to -rw-r----- -UMask=027 - - -ExecReload=/opt/puppetlabs/server/apps/puppetdb/bin/puppetdb reload -ExecStart=/opt/puppetlabs/server/apps/puppetdb/bin/puppetdb start -ExecStop=/opt/puppetlabs/server/apps/puppetdb/bin/puppetdb stop - -KillMode=process - -SuccessExitStatus=143 - -StandardOutput=journal - -[Install] -WantedBy=multi-user.target diff --git a/templates/puppetdb/repl.ini.erb b/templates/puppetdb/repl.ini.erb deleted file mode 100644 index a851985..0000000 --- a/templates/puppetdb/repl.ini.erb +++ /dev/null @@ -1,13 +0,0 @@ -############################################################################### -########## repl.ini managed by puppet agent ########## -############################################################################### - -[nrepl] -<% if @pt_enable_repl == true %> -enabled = <%= @pt_enable_repl %> -port = <% @pt_repl_port %> -host = <%= @pt_repl_host %> -<% else %> -# REPL is disabled for security reasons and not normally not required. -# To enable it, set `$pt_enable_repl` to `true`. -<% end %> diff --git a/templates/puppetdb/request_logging.xml.erb b/templates/puppetdb/request_logging.xml.erb deleted file mode 100644 index aff8cb7..0000000 --- a/templates/puppetdb/request_logging.xml.erb +++ /dev/null @@ -1,17 +0,0 @@ - - - <%= @pt_puppetdb_access_log %>.log - true - - <%= @pt_puppetdb_access_log %>-%d{yyyy-MM-dd}.%i.log.gz - - <%= @pt_logging_max_file_size %> - <%= @pt_loging_max_history %> - <%= @pt_logging_total_size %> - - - %h %l %u [%t] "%r" %s %b "%i{Referer}" "%i{User-Agent}" %D - - - - From 5c8f6fc0f5d149c0c5413aa3fa6e4afba0669143 Mon Sep 17 00:00:00 2001 From: Jenkins Server Date: Mon, 27 Oct 2025 15:49:07 +0100 Subject: [PATCH 2/2] Recommit for updates in build 74 --- doc/_index.html | 20 -- doc/file.README.html | 6 +- doc/index.html | 6 +- doc/puppet_class_list.html | 32 +-- .../puppet_cd_3A_3Amain_3A_3Aconfig.html | 10 +- .../puppet_cd_3A_3Amain_3A_3Afiles.html | 48 +---- .../puppet_cd_3A_3Amain_3A_3Auser.html | 40 +--- doc/puppet_classes/puppet_cd_3A_3Aparams.html | 196 +----------------- 8 files changed, 15 insertions(+), 343 deletions(-) diff --git a/doc/_index.html b/doc/_index.html index d89e6e3..e7b4544 100644 --- a/doc/_index.html +++ b/doc/_index.html @@ -93,11 +93,6 @@ -
  • - puppet_cd::main::install - -
    • -
  • puppet_cd::main::user @@ -108,21 +103,6 @@
    • -
  • - puppet_cd::puppetdb::dirs - -
    • - -
  • - puppet_cd::puppetdb::files - -
    • - -
  • - puppet_cd::puppetdb::service - -
    • -
  • puppet_cd::r10k::install diff --git a/doc/file.README.html b/doc/file.README.html index 2446fa6..dba52bc 100644 --- a/doc/file.README.html +++ b/doc/file.README.html @@ -66,7 +66,9 @@

    Synopsis

    -

    This Puppet module configures settings for Puppet master and agents, PuppetDB and R10k, the full bundle. The syntax is specifically for Puppet Core 8 and Rocky 9, although might work elsewhere as well. This module is also designed to work with External Node Classifiers (ENC), for instance Foreman.

    +

    This Puppet module configures settings for Puppet master , agents and R10k, the full bundle. Puppetdb has been outsourced to a module on its own, due to complexity

    + +

    The syntax is specifically for Puppet Core 8 and Rocky 9, although might work elsewhere as well. This module is also designed to work with External Node Classifiers (ENC), for instance Foreman.

    WARNING

    @@ -76,8 +78,6 @@

    • if the host FQDN matches your specified Puppet master via $pt_pm_fqdn, it installs and configures a puppetmaster. On your puppetmaster, If you set $pt_use_r10kto true, it also installs r10k to connect to a control repo and manage the code available to clients via Puppetfile. If you set $pt_use_r10k_webhookto true, it also installs a simple webhook listener to watch for post_hooks from gitlab, and triggers the r10k deployment.

    • -

      if the host FQDN matches your specified puppetdb host via $pt_db_fqdn, Puppetdb is installed and added to the puppetmaster config. Settings for the (external) postgreSQL database are also configured.

      -

    • open firewall ports depending on fqdn choices

    • start services as required

      diff --git a/doc/index.html b/doc/index.html index 3b66c1d..33a6883 100644 --- a/doc/index.html +++ b/doc/index.html @@ -66,7 +66,9 @@

      Synopsis

      -

      This Puppet module configures settings for Puppet master and agents, PuppetDB and R10k, the full bundle. The syntax is specifically for Puppet Core 8 and Rocky 9, although might work elsewhere as well. This module is also designed to work with External Node Classifiers (ENC), for instance Foreman.

      +

      This Puppet module configures settings for Puppet master , agents and R10k, the full bundle. Puppetdb has been outsourced to a module on its own, due to complexity

      + +

      The syntax is specifically for Puppet Core 8 and Rocky 9, although might work elsewhere as well. This module is also designed to work with External Node Classifiers (ENC), for instance Foreman.

      WARNING

      @@ -76,8 +78,6 @@

      • if the host FQDN matches your specified Puppet master via $pt_pm_fqdn, it installs and configures a puppetmaster. On your puppetmaster, If you set $pt_use_r10kto true, it also installs r10k to connect to a control repo and manage the code available to clients via Puppetfile. If you set $pt_use_r10k_webhookto true, it also installs a simple webhook listener to watch for post_hooks from gitlab, and triggers the r10k deployment.

      • -

        if the host FQDN matches your specified puppetdb host via $pt_db_fqdn, Puppetdb is installed and added to the puppetmaster config. Settings for the (external) postgreSQL database are also configured.

        -

      • open firewall ports depending on fqdn choices

      • start services as required

        diff --git a/doc/puppet_class_list.html b/doc/puppet_class_list.html index 78cd518..f42505a 100644 --- a/doc/puppet_class_list.html +++ b/doc/puppet_class_list.html @@ -71,48 +71,20 @@
        • -
      • -
        - puppet_cd::main::install -
        -
        • - - -
      • +
      • puppet_cd::main::user
        • -
      • +
      • puppet_cd::params
        • -
      • -
        - puppet_cd::puppetdb::dirs -
        -
        • - - -
      • -
        - puppet_cd::puppetdb::files -
        -
        • - - -
      • -
        - puppet_cd::puppetdb::service -
        -
        • - -
      • puppet_cd::r10k::install diff --git a/doc/puppet_classes/puppet_cd_3A_3Amain_3A_3Aconfig.html b/doc/puppet_classes/puppet_cd_3A_3Amain_3A_3Aconfig.html index 52770d4..5067509 100644 --- a/doc/puppet_classes/puppet_cd_3A_3Amain_3A_3Aconfig.html +++ b/doc/puppet_classes/puppet_cd_3A_3Amain_3A_3Aconfig.html @@ -109,11 +109,7 @@ 11 12 13 -14 -15 -16 -17 -18 +14 
        # File 'manifests/main/config.pp', line 6
@@ -123,10 +119,6 @@ class puppet_cd::main::config (
 ) inherits puppet_cd::params {
   include puppet_cd::server::service
 
-  if $pt_use_puppetdb == true {
-    include puppet_cd::puppetdb::service
-  }
-
   if $pt_use_r10k == true {
     include puppet_cd::r10k::install
   }
diff --git a/doc/puppet_classes/puppet_cd_3A_3Amain_3A_3Afiles.html b/doc/puppet_classes/puppet_cd_3A_3Amain_3A_3Afiles.html
index 3297907..948c615 100644
--- a/doc/puppet_classes/puppet_cd_3A_3Amain_3A_3Afiles.html
+++ b/doc/puppet_classes/puppet_cd_3A_3Amain_3A_3Afiles.html
@@ -129,30 +129,7 @@
 31
 32
 33
-34
-35
-36
-37
-38
-39
-40
-41
-42
-43
-44
-45
-46
-47
-48
-49
-50
-51
-52
-53
-54
-55
-56
-57
        +34 
        # File 'manifests/main/files.pp', line 6
@@ -185,29 +162,6 @@ class puppet_cd::main::files (
       notify  => Service[$pt_agent_service,$pt_server_service],
     }
   }
-
-  if $pt_use_puppetdb == true {
-    file { $pt_puppetdb_conf_file:
-      ensure  => file,
-      path    => $pt_puppetdb_conf_file,
-      owner   => 'root',
-      group   => 'root',
-      mode    => '0644',
-      content => template($pt_puppetdb_conf_erb),
-#      notify  => Service[$pt_agent_service,$pt_server_service],
-    }
-
-    # fix service file syslog vs journald
-    file { $pt_puppetdb_service_file:
-      ensure  => file,
-      path    => $pt_puppetdb_service_file,
-      owner   => 'root',
-      group   => 'root',
-      mode    => '0644',
-      content => template($pt_puppetdb_service_erb),
-      notify  => Service[$pt_db_service],
-    }
-  }
 }
        diff --git a/doc/puppet_classes/puppet_cd_3A_3Amain_3A_3Auser.html b/doc/puppet_classes/puppet_cd_3A_3Amain_3A_3Auser.html index 94ec425..9531019 100644 --- a/doc/puppet_classes/puppet_cd_3A_3Amain_3A_3Auser.html +++ b/doc/puppet_classes/puppet_cd_3A_3Amain_3A_3Auser.html @@ -122,26 +122,7 @@ 24 25 26 -27 -28 -29 -30 -31 -32 -33 -34 -35 -36 -37 -38 -39 -40 -41 -42 -43 -44 -45 -46 +27 
        # File 'manifests/main/user.pp', line 6
@@ -167,25 +148,6 @@ class puppet_cd::main::user (
       allowdupe => false,
     }
   }
-
-  if ($fqdn == $pt_db_fqdn) and ($pt_manage_db_user == true) {
-    user { $pt_db_user:
-      ensure     => present,
-      name       => $pt_db_user,
-      allowdupe  => false,
-      comment    => $pt_db_user_comment,
-      gid        => $pt_db_user,
-      managehome => true,
-      home       => $pt_db_user_home,
-      shell      => $pt_db_user_shell,
-    }
-
-    group { $pt_db_user:
-      ensure    => present,
-      name      => $pt_db_user,
-      allowdupe => false,
-    }
-  }
 }
        diff --git a/doc/puppet_classes/puppet_cd_3A_3Aparams.html b/doc/puppet_classes/puppet_cd_3A_3Aparams.html index 956bbd3..db426ba 100644 --- a/doc/puppet_classes/puppet_cd_3A_3Aparams.html +++ b/doc/puppet_classes/puppet_cd_3A_3Aparams.html @@ -75,18 +75,10 @@ puppet_cd::main::config
        - puppet_cd::main::install
        - puppet_cd::r10k::install
        - puppet_cd::puppetdb::dirs
        - - puppet_cd::puppetdb::files
        - puppet_cd::server::service
        - puppet_cd::puppetdb::service
        - puppet_cd::firewall::iptables
        @@ -162,8 +154,6 @@ (String) - (defaults to: 'puppetdb.example.net') - —
        @@ -270,8 +260,6 @@ (String) - (defaults to: '8080') - —
        @@ -288,8 +276,6 @@ (String) - (defaults to: '8081') - —
        @@ -306,8 +292,6 @@ (Boolean) - (defaults to: true) - —
        @@ -396,8 +380,6 @@ (Boolean) - (defaults to: false) - —
        @@ -414,8 +396,6 @@ (String) - (defaults to: 'puppetdb') - —
        @@ -432,8 +412,6 @@ (String) - (defaults to: 'PuppetDB daemon') - —
        @@ -450,8 +428,6 @@ (String) - (defaults to: '/opt/puppetlabs/server/data/puppetdb') - —
        @@ -468,8 +444,6 @@ (String) - (defaults to: '/sbin/nologin') - —
        @@ -486,8 +460,6 @@ (Boolean) - (defaults to: false) - —
        @@ -990,8 +962,6 @@ (String) - (defaults to: '200MB') - —
        @@ -1008,8 +978,6 @@ (String) - (defaults to: '90') - —
        @@ -1026,8 +994,6 @@ (String) - (defaults to: '1GB') - —
        @@ -1044,8 +1010,6 @@ (String) - (defaults to: '4') - —
        @@ -1062,8 +1026,6 @@ (String) - (defaults to: '4') - —
        @@ -1080,8 +1042,6 @@ (String) - (defaults to: '//localhost:5432/puppetdb') - —
        @@ -1098,8 +1058,6 @@ (String) - (defaults to: 'foobar') - —
        @@ -1116,8 +1074,6 @@ (String) - (defaults to: 'foobar') - —
        @@ -1134,8 +1090,6 @@ (String) - (defaults to: '60') - —
        @@ -1152,8 +1106,6 @@ (String) - (defaults to: '10') - —
        @@ -1170,8 +1122,6 @@ (String) - (defaults to: '0.0.0.0/0') - —
        @@ -1188,8 +1138,6 @@ (Boolean) - (defaults to: false) - —
        @@ -1206,8 +1154,6 @@ (String) - (defaults to: '0.0.0.0') - —
        @@ -1224,8 +1170,6 @@ (String) - (defaults to: '0.0.0.0') - —
        @@ -1242,8 +1186,6 @@ (String) - (defaults to: '/etc/puppetlabs/puppetdb/ssl/private.pem') - —
        @@ -1260,8 +1202,6 @@ (String) - (defaults to: '/etc/puppetlabs/puppetdb/ssl/public.pem') - —
        @@ -1278,8 +1218,6 @@ (String) - (defaults to: '/etc/puppetlabs/puppetdb/ssl/ca.pem') - —
        @@ -1296,8 +1234,6 @@ (Boolean) - (defaults to: false) - —
        @@ -1314,8 +1250,6 @@ (String) - (defaults to: '/etc/puppetlabs/puppetdb/request-logging.xml') - —
        @@ -1332,8 +1266,6 @@ (Boolean) - (defaults to: false) - —
        @@ -1350,8 +1282,6 @@ (String) - (defaults to: '8082') - —
        @@ -1368,8 +1298,6 @@ (String) - (defaults to: '127.0.0.1') - —
        @@ -1638,65 +1566,7 @@ 191 192 193 -194 -195 -196 -197 -198 -199 -200 -201 -202 -203 -204 -205 -206 -207 -208 -209 -210 -211 -212 -213 -214 -215 -216 -217 -218 -219 -220 -221 -222 -223 -224 -225 -226 -227 -228 -229 -230 -231 -232 -233 -234 -235 -236 -237 -238 -239 -240 -241 -242 -243 -244 -245 -246 -247 -248 -249 -250 -251 -252 +194 
        # File 'manifests/params.pp', line 89
@@ -1705,7 +1575,6 @@ class puppet_cd::params (
 
   Boolean $pt_manage_fw             = true,
   String $pt_pm_fqdn                = 'puppetmaster.example.net',
-  String $pt_db_fqdn                = 'puppetdb.example.net',
 
   # installation
   String $pt_pkg_ensure             = 'latest',
@@ -1722,12 +1591,7 @@ class puppet_cd::params (
   String $pt_user_comment           = 'puppetserver daemon',
   String $pt_user_home              = '/opt/puppetlabs/server/data/puppetserver',
   String $pt_user_shell             = '/sbin/nologin',
-  ## puppetdb user
-  Boolean $pt_manage_db_user        = false,
-  String $pt_db_user                = 'puppetdb',
-  String $pt_db_user_comment        = 'PuppetDB daemon',
-  String $pt_db_user_home           = '/opt/puppetlabs/server/data/puppetdb',
-  String $pt_db_user_shell          = '/sbin/nologin',
+
   # templates
   ## puppet
   String $pt_environment            = 'production',
@@ -1757,33 +1621,6 @@ class puppet_cd::params (
   String $pt_storeconfigs_backend   = 'puppetdb',
   String $pt_parser                 = 'current',
   Boolean $pt_cert_revocation       = true,
-  ## puppetdb
-  Boolean $pt_use_puppetdb          = false,
-  String $pt_logging_max_file_size  = '200MB',
-  String $pt_logging_max_history     = '90',
-  String $pt_logging_total_size     = '1GB',
-  String $pt_com_proc_threads       = '4',
-  String $pt_concurrent_writes      = '4',
-  String $pt_db_subname             = '//localhost:5432/puppetdb',
-  String $pt_db_username            = 'foobar',
-  String $pt_db_password            = 'foobar',
-  String $pt_gc_interval            = '60',
-  String $pt_log_slow_statements    = '10',
-  String $pt_no_ssl_port            = '8080',
-  String $pt_ssl_port               = '8081',
-  Boolean $pt_use_ssl_only          = true,
-  String $pt_puppetdb_source_lan    = '0.0.0.0/0',
-  Boolean $pt_soft_write_failure    = false,
-  String $pt_no_ssl_host            = '0.0.0.0',
-  String $pt_ssl_host               = '0.0.0.0',
-  String $pt_ssl_key                = '/etc/puppetlabs/puppetdb/ssl/private.pem',
-  String $pt_ssl_cert               = '/etc/puppetlabs/puppetdb/ssl/public.pem',
-  String $pt_ssl_ca_cert            = '/etc/puppetlabs/puppetdb/ssl/ca.pem',
-  Boolean $pt_log_access            = false,
-  String $pt_access_log_config      = '/etc/puppetlabs/puppetdb/request-logging.xml',
-  Boolean $pt_enable_repl           = false,
-  String $pt_repl_port              = '8082',
-  String $pt_repl_host              = '127.0.0.1',
 
 # r10k
   Boolean $pt_use_r10k              = false,
@@ -1812,12 +1649,7 @@ class puppet_cd::params (
   $pt_rundir_master                 = '/var/run/puppetlabs/puppetserver'
   $pt_vardir                        = '/opt/puppetlabs/puppet/cache'
   $pt_vardir_master                 = '/opt/puppetlabs/server/data/puppetserver'
-## puppetdb
-  $pt_puppetdb_main                 = '/etc/puppetlabs/puppetdb'
-  $pt_puppetdb_conf_d               = "${pt_puppetdb_main}/conf.d"
-  $pt_puppetdb_ssl                  = "${pt_puppetdb_main}/ssl"
-  $pt_puppetdb_log                  = '/var/log/puppetlabs/puppetdb'
-  $pt_puppetdb_var_dir              = '/opt/puppetlabs/server/data/puppetdb'
+
 ## r10k
   $pt_r10k_dir                      = "${pt_main_dir}/r10k"
   $pt_r10k_webhook_dir              = '/etc/r10k-webhook'
@@ -1828,26 +1660,7 @@ class puppet_cd::params (
   $pt_puppet_conf_erb               = 'puppet_cd/puppet.conf.erb'
   $pt_agent_conf_erb                = 'puppet_cd/agent.conf.erb'
   $pt_hiera_config                  = "${pt_puppetdir}/hiera.yaml"
-## puppetdb
-  $pt_bootstrap_conf                = "${pt_puppetdb_main}/bootstrap.cfg"
-  $pt_bootstrap_erb                 = 'puppet_cd/puppetdb/bootstrap.cfg.erb'
-  $pt_puppetdb_access_log           = "${pt_puppetdb_log}/puppetdb-access"
-  $pt_request_logging_conf          = "${pt_puppetdb_main}/request-logging.xml"
-  $pt_request_logging_erb           = 'puppet_cd/puppetdb/request_logging.xml.erb'
-  $pt_logback_conf                  = "${pt_puppetdb_main}/logback.xml"
-  $pt_logback_erb                   = 'puppet_cd/puppetdb/logback.xml.erb'
-  $pt_puppetdb_config_ini           = "${pt_puppetdb_conf_d}/config.ini"
-  $pt_puppetdb_config_erb           = 'puppet_cd/puppetdb/config.ini.erb'
-  $pt_puppetdb_database_ini         = "${pt_puppetdb_conf_d}/database.ini"
-  $pt_puppetdb_database_erb         = 'puppet_cd/puppetdb/database.ini.erb'
-  $pt_puppetdb_jetty_ini            = "${pt_puppetdb_conf_d}/jetty.ini"
-  $pt_puppetdb_jetty_erb            = 'puppet_cd/puppetdb/jetty.ini.erb'
-  $pt_puppetdb_conf_file            = "${pt_puppetdir}/puppetdb.conf"
-  $pt_puppetdb_conf_erb             = 'puppet_cd/puppetdb/puppetdb.conf.erb'
-  $pt_puppetdb_repl_ini             = "${pt_puppetdb_conf_d}/repl.ini"
-  $pt_puppetdb_repl_erb             = 'puppet_cd/puppetdb/repl.ini.erb'
-  $pt_puppetdb_service_file         = '/usr/lib/systemd/system/puppetdb.service'
-  $pt_puppetdb_service_erb          = 'puppet_cd/puppetdb/puppetdb_service.erb'
+
 ## r10k
   $pt_r10k_file                     = "${pt_r10k_dir}/r10k.yaml"
   $pt_r10k_erb                      = 'puppet_cd/r10k/r10k.yaml.erb'
@@ -1858,7 +1671,6 @@ class puppet_cd::params (
 # service
   $pt_server_service                = 'puppetserver'
   $pt_agent_service                 = 'puppet'
-  $pt_db_service                    = 'puppetdb'
   $pt_r10k_webhook_service          = 'r10k_gitlab_webhook'
 
 #