-
Notifications
You must be signed in to change notification settings - Fork 54
/
Copy pathconfigure_node_groups.sh
executable file
·176 lines (158 loc) · 6.12 KB
/
configure_node_groups.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
#!/bin/bash
/opt/puppetlabs/bin/puppet apply --environment production <<'EOF'
function param($name) {
($var = inline_template("<%= ENV['PT_${name}'] %>")) ? {
'' => undef,
default => $var,
}
}
class configure_node_groups (
String[1] $master_host = param('master_host'),
String[1] $puppetdb_database_host = param('puppetdb_database_host'),
String[1] $compiler_pool_address = param('compiler_pool_address'),
Optional[String[1]] $master_replica_host = param('master_replica_host'),
Optional[String[1]] $puppetdb_database_replica_host = param('puppetdb_database_replica_host'),
) {
if ([$master_replica_host, $puppetdb_database_replica_host].filter |$_| { $_ }.size == 1) {
fail('Must pass both master_replica_host and puppetdb_database_replica_host, or neither')
}
##################################################
# PE INFRASTRUCTURE GROUPS
##################################################
# Hiera data tuning for compilers
$compiler_data = {
'puppet_enterprise::profile::puppetdb' => {
'gc_interval' => '0',
},
'puppet_enterprise::puppetdb' => {
'command_processing_threads' => 2,
'write_maximum_pool_size' => 4,
'read_maximum_pool_size' => 10,
},
}
# We modify this group's rule such that all PE infrastructure nodes will be
# members.
node_group { 'PE Infrastructure Agent':
rule => ['and', ['~', ['trusted', 'extensions', 'pp_role'], '^pe_xl::']],
}
# We modify this group to add, as data, the compiler_pool_address only.
# Because the group does not have any data by default this does not impact
# out-of-box configuration of the group.
node_group { 'PE Master':
parent => 'PE Infrastructure',
rule => ['or',
['and', ['=', ['trusted', 'extensions', 'pp_role'], 'pe_xl::compiler']],
['=', 'name', $master_host],
],
data => {
'pe_repo' => { 'compile_master_pool_address' => $compiler_pool_address },
},
variables => { 'pe_master' => true },
}
# Create the database group if a database host is external
if ($puppetdb_database_host != $master_host) {
# This class has to be included here because puppet_enterprise is declared
# in the console with parameters. It is therefore not possible to include
# puppet_enterprise::profile::database in code without causing a conflict.
node_group { 'PE Database':
ensure => present,
parent => 'PE Infrastructure',
environment => 'production',
override_environment => false,
rule => ['and', ['=', ['trusted', 'extensions', 'pp_role'], 'pe_xl::puppetdb_database']],
classes => {
'puppet_enterprise::profile::database' => { },
},
}
}
# Create data-only groups to store PuppetDB PostgreSQL database configuration
# information specific to the master and master replica nodes.
node_group { 'PE Master A':
ensure => present,
parent => 'PE Infrastructure',
rule => ['and',
['=', ['trusted', 'extensions', 'pp_role'], 'pe_xl::master'],
['=', ['trusted', 'extensions', 'pp_cluster'], 'A'],
],
data => {
'puppet_enterprise::profile::primary_master_replica' => {
'database_host_puppetdb' => $puppetdb_database_host,
},
'puppet_enterprise::profile::puppetdb' => {
'database_host' => $puppetdb_database_host,
},
},
}
# Configure the A pool for compilers. There are up to two pools for HA, each
# having an affinity for one "availability zone" or the other.
node_group { 'PE Compiler Group A':
ensure => 'present',
parent => 'PE Master',
rule => ['and',
['=', ['trusted', 'extensions', 'pp_role'], 'pe_xl::compiler'],
['=', ['trusted', 'extensions', 'pp_cluster'], 'A'],
],
classes => {
'puppet_enterprise::profile::puppetdb' => {
'database_host' => $puppetdb_database_host,
},
'puppet_enterprise::profile::master' => {
'puppetdb_host' => ['${clientcert}', $master_replica_host].filter |$_| { $_ }, # lint:ignore:single_quote_string_with_variables
'puppetdb_port' => [8081],
}
},
data => $compiler_data,
}
# Create the replica and B groups if a replica master and database host are
# supplied
if ($master_replica_host and $puppetdb_database_replica_host) {
# We need to pre-create this group so that the master replica can be
# identified as running PuppetDB, so that Puppet will create a pg_ident
# authorization rule for it on the PostgreSQL nodes.
node_group { 'PE HA Replica':
ensure => 'present',
parent => 'PE Infrastructure',
rule => ['or', ['=', 'name', $master_replica_host]],
classes => {
'puppet_enterprise::profile::primary_master_replica' => { }
},
variables => { 'pe_xl_replica' => true },
}
node_group { 'PE Master B':
ensure => present,
parent => 'PE Infrastructure',
rule => ['and',
['=', ['trusted', 'extensions', 'pp_role'], 'pe_xl::master'],
['=', ['trusted', 'extensions', 'pp_cluster'], 'B'],
],
data => {
'puppet_enterprise::profile::primary_master_replica' => {
'database_host_puppetdb' => $puppetdb_database_replica_host,
},
'puppet_enterprise::profile::puppetdb' => {
'database_host' => $puppetdb_database_replica_host,
},
},
}
node_group { 'PE Compiler Group B':
ensure => 'present',
parent => 'PE Master',
rule => ['and',
['=', ['trusted', 'extensions', 'pp_role'], 'pe_xl::compiler'],
['=', ['trusted', 'extensions', 'pp_cluster'], 'B'],
],
classes => {
'puppet_enterprise::profile::puppetdb' => {
'database_host' => $puppetdb_database_replica_host,
},
'puppet_enterprise::profile::master' => {
'puppetdb_host' => ['${clientcert}', $master_host], # lint:ignore:single_quote_string_with_variables
'puppetdb_port' => [8081],
}
},
data => $compiler_data,
}
}
}
include configure_node_groups
EOF