diff --git a/data/subnets/vagrant.yaml b/data/subnets/vagrant.yaml --- a/data/subnets/vagrant.yaml +++ b/data/subnets/vagrant.yaml @@ -53,8 +53,9 @@ puppet::master::manage_puppetdb: true puppetdb::listen_address: 0.0.0.0 -puppetdb::confdir: /etc/puppetdb/conf.d -puppetdb::ssl_dir: '/etc/puppetdb/ssl' +swh::puppetdb::etcdir: /etc/puppetdb +puppetdb::confdir: "%{lookup('swh::puppetdb::etcdir')}/conf.d" +puppetdb::ssl_dir: "%{lookup('swh::puppetdb::etcdir')}/ssl" swh::puppetdb::ssl_key_path: "%{lookup('puppetdb::ssl_dir')}/key.pem" swh::puppetdb::ssl_key: "%{::puppet_vardir}/ssl/private_keys/pergamon.softwareheritage.org.pem" swh::puppetdb::ssl_cert: "%{::puppet_vardir}/ssl/certs/pergamon.softwareheritage.org.pem" diff --git a/site-modules/profile/manifests/puppet/master.pp b/site-modules/profile/manifests/puppet/master.pp --- a/site-modules/profile/manifests/puppet/master.pp +++ b/site-modules/profile/manifests/puppet/master.pp @@ -9,6 +9,7 @@ # is touched in production if $manage_puppetdb { # $puppetdb_listen_address = lookup('puppetdb::listen_address') + $puppetdb_etcdir = lookup('swh::puppetdb::etcdir') $puppetdb_ssl_cert_path = lookup('swh::puppetdb::ssl_cert_path') $puppetdb_ssl_key_path = lookup('swh::puppetdb::ssl_key_path') $puppetdb_ssl_ca_cert_path = lookup('swh::puppetdb::ssl_ca_cert_path') @@ -17,6 +18,13 @@ $puppetdb_ssl_key = lookup('swh::puppetdb::ssl_key') $puppetdb_ssl_ca_cert = lookup('swh::puppetdb::ssl_ca_cert') + file { $puppetdb_etcdir: + ensure => directory, + owner => 'root', + group => 'root', + mode => '0775' + } + class { '::puppetdb': # confdir => '/etc/puppetdb/conf.d', vardir => '/var/lib/puppetdb', @@ -32,7 +40,8 @@ manage_package_repo => false, # already manage by swh::apt_config postgres_version => '11', ssl_deploy_certs => true, - require => [Class['Profile::Swh::Apt_config']], + require => [Class['Profile::Swh::Apt_config'], + File[$puppetdb_etcdir]], } }