run super

README.md

@@ -0,0 +1,53 @@
+# PuppetDB API Abfragen
+
+Dieses Dokument beschreibt, wie man die PuppetDB-API direkt über `curl` abfragt, um Informationen über den Status der Puppet-Clients zu erhalten.
+
+Alle Befehle werden innerhalb des `openvox` (Puppet Master) Containers ausgeführt.
+
+## Alle aktiven Clients (Nodes) auflisten
+
+Um eine Liste aller von PuppetDB verwalteten Clients zu erhalten, die aktiv sind, verwenden Sie den folgenden Befehl:
+
+```bash
+docker compose exec openvox curl -s http://openvoxdb:8080/pdb/query/v4/nodes
+```
+
+**Beispiel-Ausgabe (gekürzt):**
+
+```json
+[
+  {
+    "certname": "arch-2.lxd",
+    "latest_report_status": "changed",
+    "facts_environment": "production",
+    ...
+  }
+]
+```
+Dies zeigt Ihnen den `certname` jedes Clients, den Sie für weitere Abfragen verwenden können.
+
+## Reports für einen bestimmten Client abrufen
+
+Um zu sehen, was auf einem bestimmten Client gelaufen ist, können Sie dessen Reports abfragen. Ersetzen Sie `arch-2.lxd` mit dem `certname` des gewünschten Clients.
+
+```bash
+docker compose exec openvox curl -s -G http://openvoxdb:8080/pdb/query/v4/reports --data-urlencode 'query=["=","certname","arch-2.lxd"]'
+```
+
+### Interpretation der Report-Ausgabe
+
+Die Ausgabe ist ein JSON-Array von Reports. Jeder Report enthält wichtige Informationen:
+
+*   `"status"`: Zeigt das Ergebnis des Puppet-Laufs.
+    *   `"changed"`: Der Lauf war erfolgreich und es wurden Änderungen am System vorgenommen.
+    *   `"unchanged"`: Der Lauf war erfolgreich, es waren aber keine Änderungen nötig.
+    *   `"failed"`: Der Lauf ist fehlgeschlagen (z.B. wegen eines Kompilierungsfehlers).
+*   `"logs"`: Enthält die Log-Meldungen des Puppet-Agenten während des Laufs. Hier finden Sie Details zu Fehlern oder erfolgreichen Aktionen.
+*   `"resource_events"`: Zeigt im Detail, welche Ressourcen geändert wurden.
+
+Anhand dieser Reports können Sie genau nachvollziehen, welche Aktionen auf einem Client erfolgreich waren und welche nicht.
+
+## Weiterführende Informationen
+
+Für komplexere Abfragen können Sie die offizielle Dokumentation der PuppetDB API konsultieren:
+[PuppetDB Query API Documentation](https://puppet.com/docs/puppetdb/latest/api/query/v4/overview.html)

ca-ssl/ca

@@ -1 +0,0 @@
-/etc/puppetlabs/puppetserver/ca

ca-ssl/certs/ca.pem

@@ -1,63 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFgTCCA2mgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMScwJQYDVQQDDB5QdXBw
-ZXQgUm9vdCBDQTogZmZmNjYxYWI3NDBlMjIwHhcNMjUxMjA0MjI1MDE3WhcNMzAx
-MjA0MjI1MDE5WjBFMUMwQQYDVQQDDDpQdXBwZXQgQ0EgZ2VuZXJhdGVkIG9uIHB1
-cHBldCBhdCAyMDI1LTEyLTA1IDIyOjUwOjE3ICswMDAwMIICIjANBgkqhkiG9w0B
-AQEFAAOCAg8AMIICCgKCAgEArc99Lx0gu8A7HgTaBIyIIVteGLOMxQtWj5KtsqH8
-LgpteNFVQFfOsnFW8LaKGAFCET3I5viNmD+txJVoIkac8NjajViW+y21J3vOxYVI
-Etb7eNOyrlBoyzCLVDKgJWySdju7x73Qw1HzAbgSgcM59J88q4YfAvFHpatX6+cp
-QQe1WO5JFAHN4hR4Pf47wPi5F4q2s+RRR/Kl9aRflg3dVCQs8MM9tYv8Ca3DYKmw
-ZbZM7fFCMnqoAA8CY5f6U6tGiHFi6IOaJQVmNZosep7zzIohhrNx4cW+ORLFaCW1
-5JDy30396jo0sP6QseJEFTue9Q+7ReRXlC5FEIRjGdaQbTN6nUx4ObPl5nmnEkBF
-MPqRfSXz1FMsepaOVwpss9Ggb8+91HL+rxyqE6IWUP5A4n/7y3iU/oFFrQ9RC7rE
-l3NxyFi87wLyME4gMIkAYZHr5SWFexcYk3Z0zGlMhfysc1HRykh/bMGt8lzUmhRE
-Bh1CWs0DumYU7G2z5jdAIlyLSWNU/Vvm+nZMveVPn781DFS+wHYWtgVb0j5giHbl
-ph19aidPlIgzCiVKpgi1XCwmlpIUs+yp3VPnkFR5lk1vTSZJkaKnH3kr1WW3J4CU
-KDw1ftK3CwV5KAA34xcs1xNI0NxvsdIwQAlGw/KyVaRPmcwwm3dmUjPVtA64Ij6V
-VkECAwEAAaOBlzCBlDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAd
-BgNVHQ4EFgQUaN0DSCpQ9X/vRbjswjh6FRRngmcwMQYJYIZIAYb4QgENBCQWIlB1
-cHBldCBTZXJ2ZXIgSW50ZXJuYWwgQ2VydGlmaWNhdGUwHwYDVR0jBBgwFoAUHZnQ
-f1RICLo0IiFV9LjEjG9/9VYwDQYJKoZIhvcNAQELBQADggIBABYWZhcDPtT06g3A
-OvdEuejnfj6JFB8SH1OxLV5aKjUWT2fVKqngKlBTDUIX+MosN1yMlkk+gePnIy1Q
-+ykEuBgB9b3SVXvT4Qj1j0JNt2e+BoklC2NOmxJHV283DJ7YH0YIl9c3G+5/njb/
-5lKKmk3yDRKxH+rw5U3DOXW0m9Qyj/SOHrBeewGsA0NWvkYRnxvOF8pUdmhaNhTE
-wI7PectNkm8rXn+7nVaCXDhW8IEj90ZnirQCoLFASPVhzm5SS3cvXrXuWGaVw0wg
-i0qmRWybqXGbpU/NmoYcFfkzBfcPplQU1TXzWS2HtukIKRT1EydljVxw8suFt1sL
-02QQgRCxiDNUnQkcXcC/c2Wb8tAs2YQZ6mgxtNb1T05Cf67RfjxGeICsXBa335I+
-ioUp2xt+EBk3qjSJ+TtpfG1vGABxC5T8SOxD3DMyKa/C1SnF8nAAYuIVHJBdkvUR
-d8kDnmcWl/bcjS7Zm/KO9ZJud0nb6X54iUnOOQ5IV5WWh1BGCxRvGZD6ItlW21cn
-uw+vdmu32RRulApXjZfw4HnG87lZC5LcB3xPpzpA7eAg2nm2bxO/tyJ5RWdVGmKJ
-M2uXH67935uckRbQ6hPYji8LMt0OfKDKBXcALeR73RZIbMikdOM0K5AzCBHle0gH
-YnDivlWp+jCR7Y21BzJ1jQDgFKK8
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIFZTCCA02gAwIBAgIBATANBgkqhkiG9w0BAQsFADApMScwJQYDVQQDDB5QdXBw
-ZXQgUm9vdCBDQTogZmZmNjYxYWI3NDBlMjIwHhcNMjUxMjA0MjI1MDE3WhcNMzAx
-MjA0MjI1MDE4WjApMScwJQYDVQQDDB5QdXBwZXQgUm9vdCBDQTogZmZmNjYxYWI3
-NDBlMjIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCY3JYtGQJW6xeD
-wg9S/GJ5wQUTgIyHKU+pCB/nD5O7i9VLHjxdttMGvalk8FksVxhIPX1Y6XBAoE6O
-3vdmm7pHt+byzpggZhxZQr7oGBopq9iAjDe6s1vX6hRfLYQ5MOBRsiBOJXmE1Px+
-CeIEXrYQYQkkDEh/cXKVuDoUtnue/CmhBn58u2R3jyIp9RRpvMokv9XUujg0oPlL
-F+5h66baDZr2USdddj97g7gFOoMiTcG7ZwqSpL7sPfMOzHeOjMCIIAMERJkEC56R
-ns+KverL56skAFNUndJpOaTwQEQo1kdjYkkwbLp9sTUTAiYbDBAalEwWKltQ5kOF
-J2khyA7nv7LfMU1ob879xAxg47aFwoQEX/aLShBP8lWukr0BfzYrJwMSWRNql35w
-Flyzh9Z5jd/WX+aceVkYJ1k4FSCpzUqtszLT1scDFrdbwnxeur2qfA779W5DIAx9
-rNEypRVpj6BqM5ckhHD8v8SgAitEETXV9lyIlJYtnFU2rfwIRujRIoVNwxw76aip
-aWDcPO2cH90lLyInh43Ab+8Mf+KL86VeGKDrwkB6L3rMnFfVyefC9DfH0Yvmo3vI
-i8jb1znM8WLhHDIz3Ikj+vTyfffx0qyatrpthcNNZ5TbdL5WWksu8iyqdiPvoxfX
-FPSbWGN7CR/WxjOf952B+Ni2rWTRSwIDAQABo4GXMIGUMA8GA1UdEwEB/wQFMAMB
-Af8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBQdmdB/VEgIujQiIVX0uMSMb3/1
-VjAxBglghkgBhvhCAQ0EJBYiUHVwcGV0IFNlcnZlciBJbnRlcm5hbCBDZXJ0aWZp
-Y2F0ZTAfBgNVHSMEGDAWgBQdmdB/VEgIujQiIVX0uMSMb3/1VjANBgkqhkiG9w0B
-AQsFAAOCAgEAgo+7VyVvAuYmUvw+fR78zjQpijFBAJuPMGKFRgJnOe+PaCBRDtex
-3vFtwZR2BjhkW4/1+33gD45cjAIjZ65oeTBo0M7Z3LbGlIsZCl/zAK7pjBuJpiFP
-mgxaRPm/zO8Hgz9uozoMlDq/Bao2HfxD4tf/yOhgkA8rZ2UMdMNZhpXQU3zK+3MJ
-5lIhGzkrGLxbKjYXiTL0POQCYK5IhNStfsl2Kmk7I3K6G52Y9oYt0D0heZdzrorp
-RsoGwJGRgX+RRcMybWppHCNWrFtBDUA0yZ6daJjXpEMizErsocS+Fla/YnjbJVMh
-xxfHVMvFKZVNnYic0qi+ip4uA0SfrtV63pmBCGPmab0e7FiZUYJZkTxmszF3i0wP
-L9CcXnrU1uH0tog38jcDzTVKqjDQULyctygc/7N+CJLCkgE3ch/aDrtEdcKxOuQf
-xXfkG189jf5HYgzNCGvzPbq964PnAA+Vx/gkMXhSItUWr1tzD62vFI6AiS4p0fQo
-PGQYiVKGUKnkDCwLceENTJZ88g9+YeWQQtPtcc2yfD9OCWNMpij/gr5xCkQL+cCf
-ER2RAQLYGCcUuVkC6ObDcy/FxKDtgIHhoRNox+mehmjEoHWU40wjvTshUin5+F57
-OkFoxPyB9VE0hzJM0ccgY4iRo1Dt0R8EZnTqtDotRESo+aNtB7bEUlc=
------END CERTIFICATE-----

ca-ssl/certs/puppet.speedport.ip.pem

@@ -1,34 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIF1DCCA7ygAwIBAgIBATANBgkqhkiG9w0BAQsFADBFMUMwQQYDVQQDDDpQdXBw
-ZXQgQ0EgZ2VuZXJhdGVkIG9uIHB1cHBldCBhdCAyMDI1LTEyLTA1IDIyOjUwOjE3
-ICswMDAwMB4XDTI1MTIwNDIyNTAxN1oXDTMwMTIwNDIyNTAyMlowHjEcMBoGA1UE
-AwwTcHVwcGV0LnNwZWVkcG9ydC5pcDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC
-AgoCggIBAMPWIb7BpU7q9ROWWDnhbY/YWU26j13DW5Kxz4rWUOXzv3ebqyFTA+e9
-tExvCHfCq555ROAtYAlHKRQSz6aA7bLoQGNywxpdbeJfcG0C9cGv1C3bHk9+qql5
-YeNNfirj1THRanH/ZbW1fNUO3XehntKveEXb8mgFfAh4CQAXOcVR0eSjY7LyfPRX
-vXYkd/LtHlTDaR9PNnBUaAZcur3/ylTPvBR8UwOKbchGr7ZEkzqW6EaEA0r8Culy
-OJY+StBlHU0owuPi6u6HsIR2YEA/rRx/ERtUhROPXXsymQPWjp07Rl1JFLPIRYwW
-8F2fH50ViFloouQPNnj/HDzX6+Zfcc388EpE3l42/z4Hm3l8JjrFlDzSq+mk1frW
-uZz3n+NsZGTkWKZa4qp3UiIxidjwJgrrGres3UgBv65hgq54fg/5jGAOstSnYKzU
-biNAxytSipECRstUWsKIuX0cIdMZzhYVIRSnaDWzUa/EiareBVG3uZ7AD6BFQyhv
-MOMCtG3hcmC+SjVTZWs4JSHJs84Bo20+uS7AjG9FDrbPrqPi5SoCPQuBLsggghkN
-YMiB/sNqErbpT2KtVEcn1jIT71HqSQ9NGLi5g4fg+YnOIIYVBIHG+PD7AsatUWwQ
-84imemjwq4HW9u48lw9H/JQk6kb9X5pz4MAlXd1B1ApZSuQtg+DXAgMBAAGjgfUw
-gfIwDAYDVR0TAQH/BAIwADAxBglghkgBhvhCAQ0EJBYiUHVwcGV0IFNlcnZlciBJ
-bnRlcm5hbCBDZXJ0aWZpY2F0ZTAfBgNVHSMEGDAWgBRo3QNIKlD1f+9FuOzCOHoV
-FGeCZzAgBgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDgYDVR0PAQH/
-BAQDAgWgMB0GA1UdDgQWBBSztTQjy5ZflFlzOoyfzXRJK7BpVjAVBgsrBgEEAYKM
-TAEDJwQGDAR0cnVlMCYGA1UdEQQfMB2CBnB1cHBldIITcHVwcGV0LnNwZWVkcG9y
-dC5pcDANBgkqhkiG9w0BAQsFAAOCAgEARLvJc6SeWMXrPLunZBsdFc6WuBrQgkh4
-1lUwqZ3hYViCWP/Enm3BefloZAst0ZXUDV6nFADCwU4ODv07KmWeG5jUL4GcA6G4
-zMrwmUNWzioI42oVtPqFT6dvCz6WMh9UqZmp5upkMp3Yi2S+kEwOlPD4VVx2CGSt
-JC28rA59EcWMhoVzsnlgzyLcBPDHj05D/pU23zwl9aHommTMczpiqDuKgihTNwZt
-sMpLQoyqorZyJ8+1QkHXH2etYevv01x3g5l/NuXOavDrFcSYEaEKmtORkRMOF6fA
-L4N5I1olc0RaMelWccx+XyaUQm1G1NVY0qLM25T3QpODylLLEkfxxVsAS5uHwotZ
-M+GhwI5JLrCluaJ6BXpcoQj6kZ8b5NF9R0DbCZlNC1lwLRPtDuyLTDxqMStRIIVn
-Jt9JCnA+6PKSfPZ0soPkbZE0oYOkar3gAP5FAVBZJi/0AXMCs9/VJLW8Ow6tQW1q
-6YshhtXEALZaFnZ9gqS+9y5/cTi62g4vZ9faACf9E/h5xhow2YlUyz3at8U7Xlno
-VAmaOBxmB+zVzbyL+XjUfyW8aIhPRap6t6R14077GunuSH8XYYi3XHoz0pd4uZ3S
-NQZ0H+NPCqH/RWN0+BglrdfIOoTkMM2PUu2ekWLHzp0pM3WHQqb8nJJ9V5/4QbsB
-11h1JX9+0Zw=
------END CERTIFICATE-----

ca-ssl/crl.pem

@@ -1,34 +0,0 @@
------BEGIN X509 CRL-----
-MIICvzCBqAIBATANBgkqhkiG9w0BAQsFADBFMUMwQQYDVQQDDDpQdXBwZXQgQ0Eg
-Z2VuZXJhdGVkIG9uIHB1cHBldCBhdCAyMDI1LTEyLTA1IDIyOjUwOjE3ICswMDAw
-Fw0yNTEyMDQyMjUwMTdaFw0zMDEyMDQyMjUwMTlaoC8wLTAfBgNVHSMEGDAWgBRo
-3QNIKlD1f+9FuOzCOHoVFGeCZzAKBgNVHRQEAwIBADANBgkqhkiG9w0BAQsFAAOC
-AgEAVrcpf7vF0dD8t4LfLFvh4wWMCHgo+veFNTMqHUbandRjMTLHUqbujnHj3C5B
-qrbHtTp6lzTDw8W25niJtIkLSMiYue666RzePcvBoknDvvw4/OEIPa6gaSSJgc9k
-DGu1qRd7btbILeXWO5jCb0KElS8aWSHT51gH9eAbTRICETltAKwbXWPFg/0AQv3R
-ab5Fyj7vYO9+JfdfP8BNyUSKeQls+7UVTOsFOYACFZqhXzPUUlc4+vKj/gpeujgc
-58w+IPPMNyPXG8xeleFYTzZ1/zMIXbW14YTBdTtPPWjcU2DriRL9fJmH5wYkU2/0
-MDfaZOByf8twhe1V7nT3hiBkjflYywNXFgsojE+TYqkoIrtkMmFtpL40UA8zAUW9
-GfV6O+6wzkG9FXKiG/ZUbviQFd5sE3/5fPJt6qukH9E7612PJ5C1mgdiW4c+181v
-TqaZuHkWTY1U7Ciwn0aj0Cxp00HyIeKDAVp17rNCYnfhNbwZC6Vu0Edyn2r1qztN
-BQrRL3AmbS4yjkEGIwtj/FP3UvyZqNBVyEbgDlDZClyo/aOoW090DNx9V4b1jzX6
-UpjOLTvb0u72e6vCbo6zhMD1TqnLBzzUaGbMkVg+xmsdrxAmTvy0B/roldkCdxQ2
-FtEFGyLnh8m8wInA7J8s4noutmS4GWOAX3h+PAqufrXY/Hw=
------END X509 CRL-----
------BEGIN X509 CRL-----
-MIICozCBjAIBATANBgkqhkiG9w0BAQsFADApMScwJQYDVQQDDB5QdXBwZXQgUm9v
-dCBDQTogZmZmNjYxYWI3NDBlMjIXDTI1MTIwNDIyNTAxN1oXDTMwMTIwNDIyNTAx
-OFqgLzAtMB8GA1UdIwQYMBaAFB2Z0H9USAi6NCIhVfS4xIxvf/VWMAoGA1UdFAQD
-AgEAMA0GCSqGSIb3DQEBCwUAA4ICAQArWJW4adDARe/rySBK2oq7IDXdz+8HRghZ
-bOs4E9pdrmVSVNYdTTvbcAPd2T0RhJaZPph+djfyj+/yijmaunnACTAwLiaoroJf
-LcHCgOSu/n3zUMkszkzsuVYN7p0sV3OAUKMknvzz2qNV/P0ErQUN4yShemi71K0N
-HklGuVIk3UOswVzw/6jn0DglCIOtpYgRiB2fixYUMMSK1u0FxtXDTQqdholqjv3F
-1kRDCiy7qXQeQe6Xa5tc+Jm1UILk7pUo1MulTIJpuEQXqjVaVU8/HrWGCAYejN9A
-9IW97leVo6x3tsP3OYixX2jefpvkLbnJWe+tFCqhMjF3Tpy32ru93ThCB8EAz0BN
-THiqMQZ21YLsxSgd7elaEtV66lior9ciJC6wUNuYmXlwXuzMtI+Z39I+bXacmUNg
-6sk0Mos+Bnmf0vGypRMxsrhe2v30ndFdkYKTG1PP4nMowJ5DYxEG+KS72LpsysHt
-aQHiwZ2HJLX5E79q2gvJ9KMWTijSy0ZnSLa4c1fBuSkJ0t8pLFFUP9nvbpbw8P5H
-9LG+mYfopxOgeRPg4my5Fxh5Y4+rAxZRuetzuVi8nDU63QGCiwoU8Hc7CBdGAUvd
-MD3aiZAB6w/tJ1+IAoZw7yoSqOeqs9YaXA2bZG+1NYsjOB+ttglte3TDTPsCd75I
-lRa0kJ2NoQ==
------END X509 CRL-----

ca-ssl/private_keys/puppet.speedport.ip.pem

@@ -1,51 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIJKQIBAAKCAgEAw9YhvsGlTur1E5ZYOeFtj9hZTbqPXcNbkrHPitZQ5fO/d5ur
-IVMD5720TG8Id8KrnnlE4C1gCUcpFBLPpoDtsuhAY3LDGl1t4l9wbQL1wa/ULdse
-T36qqXlh401+KuPVMdFqcf9ltbV81Q7dd6Ge0q94RdvyaAV8CHgJABc5xVHR5KNj
-svJ89Fe9diR38u0eVMNpH082cFRoBly6vf/KVM+8FHxTA4ptyEavtkSTOpboRoQD
-SvwK6XI4lj5K0GUdTSjC4+Lq7oewhHZgQD+tHH8RG1SFE49dezKZA9aOnTtGXUkU
-s8hFjBbwXZ8fnRWIWWii5A82eP8cPNfr5l9xzfzwSkTeXjb/PgebeXwmOsWUPNKr
-6aTV+ta5nPef42xkZORYplriqndSIjGJ2PAmCusat6zdSAG/rmGCrnh+D/mMYA6y
-1KdgrNRuI0DHK1KKkQJGy1Rawoi5fRwh0xnOFhUhFKdoNbNRr8SJqt4FUbe5nsAP
-oEVDKG8w4wK0beFyYL5KNVNlazglIcmzzgGjbT65LsCMb0UOts+uo+LlKgI9C4Eu
-yCCCGQ1gyIH+w2oStulPYq1URyfWMhPvUepJD00YuLmDh+D5ic4ghhUEgcb48PsC
-xq1RbBDziKZ6aPCrgdb27jyXD0f8lCTqRv1fmnPgwCVd3UHUCllK5C2D4NcCAwEA
-AQKCAgARGra/znH9vo/BMjRqecHz+lVycITtD48D9PvHiIhwTSW/8Jy1wGZq6yrA
-MkJvE1Wh9b2KRuxIYyq3Uh1I0aHxKk/VX8SinN5oEyXin4uPaygBCU5QayPEwZFH
-JRGL9XI9c6j0Y/YiNMO+aBn3xOn2RNUgZOF7LF907eb7Vwv4q/jFG3AtxPgc7zzh
-ALZpRUSM6rRXw7dhgD3FsHuu9JRba/llYKZvfLux7lqSdNLXHy8SWZ1gAzuAwDUp
-Ci/Gm84/WvwKo1sZkkhciWpGskkQYBjCZlNpLfBgPj8XErpKCU9P/n4MZcWNQsOj
-qa49LhBGntj7SkjbsIxq1AEKkfOCfuWDv1en0qglpTc+UVPs1/VVK4VyIA6UInyA
-HccfOstXLrIL8/jzj1KI/r5LX8EsqdXGvmEfvBhNoIdRqtOUG3LNbtqQyoVK9jbZ
-kaW+FCEXUbDatBsWhpqLEfJ4SZEp10jv92XNan9VTeClsURoVDrjFjtitOHeFb02
-OKbK3Lb97ikUHrj3QORAa3twC2wBkk7jXyVL3RFiSx012xLfQ02Ukz57E8RYKKYQ
-ICwFB1oaoubGfA7JOlDZl+9KJvm+41uv5qXkog2TCzXvdQMiVxEeJduj3e65752z
-jINP/50+EsemVZJsIqn+1nWbUzZjM+KfBxSCZkF0fl1EHmJt4QKCAQEA+mjevs/a
-79Nx9yVk/wNOx4a6zVsJNgecbloYWintBEy0uTZxECKNE/H1ZIMGW01Wm2SvMyIB
-8YI91+BNtdt8Tdqy++14yebNU6b/N5BHXVkiUwXgRHy3UkwmcT6VY0cOFM7gPvKe
-3esIPF+sumi6o0kCkmzrivAX55UX2vnvLPeFAjs8QQGIKnxO7ZN29w4rQU1mupbh
-NN79wTKbZBi9muBD2ACNepeP0iOdtJMEoeJmrMQaNyXeTmoZ35TInyDoFv5qn8OU
-HfYuta0mA92oA5l2Wq9R4UZp6Jt/KKwqpVPG925Fmz0rm62VqYBNlT4TtKigGLJU
-pR2sTeFfaA2RtQKCAQEAyDVeEXF6xDh8Nz3tdsZV52ogIGQfsdxQZ/ymrqs6evDH
-g0Y6CCklyLdIePo0hlTW4fBTyKFrClWxQr/MLkZQcwhmsXOei3LUbvx2IIBtzYPt
-k4RYJUE2m9Axb2zkFaKbkf87AyAKYw2Suc9PzxQzOjjTOmfOp99dePh2ogxFqMTN
-jN/SQqS83Y8BBuOJXLGoZM1iI/vcUFqvu1HzA91QZhKLKD0nDEU9VcuIn3Ap9/4i
-Nx0zOahb62XWVfJTWDiHOqONJXoJO0+yAPi2V4VWLR/qqTDaKSG77Pd4fJqyzbPJ
-LxC/pziJ0Zo9+ENujAMvWBf4+V64nIo8a5RXtIgv2wKCAQEAoA2hufKfLMVIxcB4
-Emtp0ixyf8mdVJR+zyX1BMRhg2sH5I5ArCB5bfMsdycsS/Vd0wsC1Lr65QPrRW1Q
-HloA1L5hwpbhqqNEQCCwZjJo+uh7APfzhbL1dbvIon9u+rqy7GfiezmWg5+zbut0
-Ot2v1ahX5YGK+A5IKTRpwAQadPJsaKW1+JLjFszHoiCsXHMJAL9ZVxATODkDlpYj
-LlKF9lU75/dKdr4jJhyvs3h48IQGPo1FeFRTCGnWycqOhO+CiRfqzN00cgYliuf2
-MWhe+JYBSStgOY5JKW0iVLvesjefKA2qnfP2SJYl3+ZrMGYyMDnLwp1RbwxNUqYn
-1hk+NQKCAQBGeSqknzpkqbFnzJ+zCHuimuO2IyhY9kFDaVbO8y0Bq5G/LtAsoTdQ
-oNuc4g3tHx4IqA0F+XPxTlq4MUVRIKUe6N0lJ5quYXxPmQSHyk1cY00UeSiB7KOp
-Uy6jl0PuLa/vQ1VlczjUxylXyJbCQM0LeIc57uJ6ixCfDW7M+d7nWmc0aHDdzplA
-sB7fauamP08UNIuQOQ7DJjjniiAtwxCS7YIYZvZAxnqhoaR04wmS5tzqY5ftesro
-YI+C72rRCgzn4jxD7eIkA5iX6PReeGvuNGboqW6RvfMlpbK+wcGg0OFHdPDRjwBM
-TKv1oN7f4BshOkcEmIgJakt8XtpEjQ+zAoIBAQCxiw8kpdNXybadaWhQ+Fv2pW/m
-gZsnyxuMwM7+TM5/CfCt5lepS5mUQXc064fdoOc2gCY1HaBV06PCPYQ0X00zBU3L
-8Md1F7X5apTIv7ltoF/OxeLTWepW+QUJZBXoxys3uW4qbAp1BA+m9D03hR3csZX/
-wAT7QF3mtGpmTndLBmNw2W0vGMI80P/53jAPvHqlX/AXAshvKcsnTfRt05oqbHny
-gI2stRw1TVKjvGtkAOA6KHakLZdtZNqYn3QJktYMiBNVV+eLHcjJYU+5+eT7fe/P
-7BpYp98YutcQrksgHvORNaPlX/eKKL7jca0/5LQkiW8QaQaj49D79ICVbI8z
------END RSA PRIVATE KEY-----

ca-ssl/public_keys/puppet.speedport.ip.pem

@@ -1,14 +0,0 @@
------BEGIN PUBLIC KEY-----
-MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAw9YhvsGlTur1E5ZYOeFt
-j9hZTbqPXcNbkrHPitZQ5fO/d5urIVMD5720TG8Id8KrnnlE4C1gCUcpFBLPpoDt
-suhAY3LDGl1t4l9wbQL1wa/ULdseT36qqXlh401+KuPVMdFqcf9ltbV81Q7dd6Ge
-0q94RdvyaAV8CHgJABc5xVHR5KNjsvJ89Fe9diR38u0eVMNpH082cFRoBly6vf/K
-VM+8FHxTA4ptyEavtkSTOpboRoQDSvwK6XI4lj5K0GUdTSjC4+Lq7oewhHZgQD+t
-HH8RG1SFE49dezKZA9aOnTtGXUkUs8hFjBbwXZ8fnRWIWWii5A82eP8cPNfr5l9x
-zfzwSkTeXjb/PgebeXwmOsWUPNKr6aTV+ta5nPef42xkZORYplriqndSIjGJ2PAm
-Cusat6zdSAG/rmGCrnh+D/mMYA6y1KdgrNRuI0DHK1KKkQJGy1Rawoi5fRwh0xnO
-FhUhFKdoNbNRr8SJqt4FUbe5nsAPoEVDKG8w4wK0beFyYL5KNVNlazglIcmzzgGj
-bT65LsCMb0UOts+uo+LlKgI9C4EuyCCCGQ1gyIH+w2oStulPYq1URyfWMhPvUepJ
-D00YuLmDh+D5ic4ghhUEgcb48PsCxq1RbBDziKZ6aPCrgdb27jyXD0f8lCTqRv1f
-mnPgwCVd3UHUCllK5C2D4NcCAwEAAQ==
------END PUBLIC KEY-----

code/environments/production/manifests/all_system.pp

@@ -4,13 +4,37 @@ class all_system {
 	owner   => 'root',
 	group   => 'root',
 	mode    => '0644',
-	content => "Willkommen auf diesem Server von JonnyBravo ein neuer Nerd am Himmel DANIEL. Er wird von Puppet verwaltet.\n",
+	content => "<-----------------------Dieser Server wird zum Teil von Puppet verwaltet.----------------------->\n",
 	}
-}
 
 
+  user { 'jonnybravo':
+    ensure     => present,        # Der Benutzer soll vorhanden sein
+    managehome => true,           # Stellt sicher, dass das Home-Verzeichnis erstellt wird
+    purge_ssh_keys => true,
+    shell      => '/bin/fish',    # Setzt die Standard-Shell für den Benutzer
+  }
 
-class apt_upgrade {
+  ssh_authorized_key { 'jonnybravo_root':
+                        ensure => present,
+                        user   => 'jonnybravo',
+                        type   => 'ssh-rsa',
+                        key    => 'AAAAB3NzaC1yc2EAAAADAQABAAABgQC0N6XKCM67FFpM0VRlEjZXIVROWNOPV1xDDA5VW4VAhe9II+rLnAg4KMNaJZgutANh1pQGh2Yv6SUPTmgjxi+uBv+HLNvJ41NWrPMH0w7XUSzvOXJbYx8GdebvhuurBiH+3kjyubE8YCq6xZHDqpuhZaZySc9AEp8QFgtN86jUD1U5pMpMKmw7tTLtZK9WWIktFzLjjqk+xnLHVsN4mS0VaJRWzLIqwI5AT38CMpuBTZEhY2ySORY0bUvEpxU6oqcNwHEJ3KLCOPZrtOtmUAo8s8NEN+cgxd6m9DkkU2x/jFVdnfNlfIG1Qk2XvkLPrakBy8czQvBsdlPoaRg+qawEl9PlE0p5G1fMbUKQjqSPUfcnkKjdQThOIU632Az3XnOQ4T9xXyXPzMwTRaI51uUnwCkIRKq3EuSG83PFTCPTMZ31P0mT9+Nm4lTAfzBbuO4rV58tPL4+zNe1HJt6pq+GI4Swe76xE588iWgFbCmJHKPHHOxDUnCK5afJwvs/4tE=',
+    }
+
+
+	case $facts['os']['name'] {
+    'CentOS', 'RedHat': {
+      # Configuration for RedHat-based systems
+    }
+    'Ubuntu', 'Debian': {
+      # Configuration for Debian-based systems
+      file { '/usr/bin/apt-get':
+        ensure => 'file',
+        owner  => 'root',
+        group  => 'root',
+        mode   => '0755',
+      }
       cron { 'apt_update_upgrade':
         command  => '/usr/bin/apt-get update && /usr/bin/apt-get -y upgrade',
         user     => 'root',
@@ -19,11 +43,40 @@ class apt_upgrade {
         minute   => '0',
         require  => File['/usr/bin/apt-get'],
       }
+      package { 'apache2':
+        ensure   => 'present',
+        provider => 'apt',
+      }
+  }
+    'Archlinux' : {
+      # Configuration for Arch-based systems
+      $basic_package_list = ['fish', 'tmux', 'python']
       
-  file { '/usr/bin/apt-get':
+      package { $basic_package_list:
-    ensure => 'file',
+        ensure   => 'present',
-    owner  => 'root',
+        provider => 'pacman',
+      }
+      # Configuration for Arch-based systems
+      schedule { 'weekly':
+        period => weekly,
+        repeat => 1,
+      }
+
+      # Führen Sie die Systemaktualisierung durch
+      exec { 'pacman-update':
+        command   => '/usr/bin/pacman -Syu --noconfirm',
+        provider  => 'shell',
+        logoutput => 'on_failure',
+        schedule  => 'weekly',
+        path      => ['/usr/bin', '/bin'],
+        user      => 'root',
         group     => 'root',
-    mode   => '0755',
+        timeout   => 0,
+      }
+    }
+    default: {
+      fail("Unsupported operating system ${facts['os']['name']}")
+    }
   }
 }
+

config/openvoxdb/database.ini

@@ -0,0 +1,17 @@
+# This file configures the database connections for PuppetDB.
+# It is mounted from the host system via docker-compose.yml.
+
+[database]
+classname = org.postgresql.Driver
+subprotocol = postgresql
+# The subname points to the postgres service defined in docker-compose.
+subname = //postgres:5432/openvoxdb
+username = openvox
+password = StartStart1234
+
+[read-database]
+classname = org.postgresql.Driver
+subprotocol = postgresql
+subname = //postgres:5432/openvoxdb
+username = openvox_ro
+password = Start1234

config/postgres/script/setup_readonly_user.sql

@@ -0,0 +1,33 @@
+-- Dieses Skript enthält die Logik zur Erstellung eines dedizierten Read-Only-Benutzers
+-- und zur Anpassung des Hauptbenutzers.
+
+-- Dieses Skript enthält die Logik zur Erstellung eines dedizierten Read-Only-Benutzers
+-- und zur Anpassung des Hauptbenutzers.
+
+-- 1. Erstellen Sie einen neuen Benutzer mit einem sicheren Passwort.
+CREATE USER openvox_ro WITH PASSWORD 'Start1234';
+
+-- 2. Entziehen Sie alle Standardberechtigungen für den neuen Benutzer.
+ALTER DEFAULT PRIVILEGES IN SCHEMA public REVOKE ALL ON TABLES FROM openvox_ro;
+ALTER DEFAULT PRIVILEGES IN SCHEMA public REVOKE ALL ON SEQUENCES FROM openvox_ro;
+ALTER DEFAULT PRIVILEGES IN SCHEMA public REVOKE ALL ON FUNCTIONS FROM openvox_ro;
+
+-- 3. Erteilen Sie die erforderlichen Mindestberechtigungen.
+-- Erlauben Sie die Verbindung zur Datenbank.
+GRANT CONNECT ON DATABASE openvoxdb TO openvox_ro;
+
+-- Erlauben Sie die Nutzung des 'public'-Schemas.
+GRANT USAGE ON SCHEMA public TO openvox_ro;
+
+-- Erteilen Sie Lesezugriff (SELECT) auf alle vorhandenen Tabellen.
+GRANT SELECT ON ALL TABLES IN SCHEMA public TO openvox_ro;
+
+-- 4. Stellen Sie sicher, dass der Benutzer auch Lesezugriff auf zukünftig erstellte Tabellen hat.
+ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO openvox_ro;
+
+-- HINWEIS: Der Hauptbenutzer 'openvox' sollte idealerweise kein Superuser sein,
+-- nachdem die Initialisierung abgeschlossen ist. Der folgende Befehl würde dies tun,
+-- könnte aber zukünftige Schema-Migrationen verhindern oder mit Postgres 18+ zu Fehlern führen.
+-- ALTER USER openvox NOSUPERUSER;
+
+COMMIT;

config/puppet/puppet.conf

@@ -0,0 +1,30 @@
+[main]
+confdir = /etc/puppetlabs/puppet
+vardir = /opt/puppetlabs/puppet/cache
+logdir = /var/log/puppetlabs/puppet
+codedir = /etc/puppetlabs/code
+rundir = /var/run/puppetlabs
+manage_internal_file_permissions = false
+serverport = 8140
+# This file can be used to override the default puppet settings.
+# See the following links for more details on what settings are available:
+# - https://puppet.com/docs/puppet/latest/config_important_settings.html
+# - https://puppet.com/docs/puppet/latest/config_about_settings.html
+# - https://puppet.com/docs/puppet/latest/config_file_main.html
+# - https://puppet.com/docs/puppet/latest/configuration.html
+[server]
+vardir = /opt/puppetlabs/server/data/puppetserver
+logdir = /var/log/puppetlabs/puppetserver
+rundir = /var/run/puppetlabs/puppetserver
+pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid
+codedir = /etc/puppetlabs/code
+environmentpath = /etc/puppetlabs/code/environments
+hiera_config = $confdir/hiera.yaml
+autosign = true
+environment_timeout = 10
+storeconfigs_backend = puppetdb
+storeconfigs = true
+reports = puppetdb
+ca_ttl = 157680000
+ca_server = puppet
+ca_port = 8140

docker-compose.yml

@@ -1,6 +1,7 @@
 services:
   openvox:
-    image: ghcr.io/openvoxproject/openvoxserver:8.8.0-latest
+    image: ghcr.io/openvoxproject/openvoxserver:latest
+    # image: ghcr.io/openvoxproject/openvoxserver:8.8.0-latest
     container_name: openvox
     hostname: puppet
     ports:
@@ -8,15 +9,17 @@ services:
       - "8141:8141"  # Puppet Server HTTP
       - "8142:8142"  # Puppet Server HTTPS
     volumes:
+      - ./config/puppet/puppet.conf:/etc/puppetlabs/puppet/puppet.conf
       - ./code:/etc/puppetlabs/code
-      - ./ca-ssl:/etc/puppetlabs/puppet/ssl
+      - ca_ssl_data:/etc/puppetlabs/puppet/ssl
     environment:
       - OPENVOXSERVER_ENVIRONMENT_TIMEOUT=10
     networks:
       - openvox_network
 
   postgres:
-    image: postgres:16.2
+    image: postgres:latest
+    # image: postgres:16.2
     container_name: postgres
     hostname: postgres
     environment:
@@ -25,9 +28,9 @@ services:
       POSTGRES_DB: openvoxdb
       POSTGRES_EXTENSIONS: pg_trgm
     volumes:
-      - postgres_data:/var/lib/postgresql/data
+      - postgres_data:/var/lib/postgresql
-      - ./config/postgres/postgresql.conf:/etc/postgresql/postgresql.conf
+    #  - ./config/postgres/postgresql.conf:/etc/postgresql/postgresql.conf
-      - ./config/postgres/pg_hba.conf:/etc/postgresql/pg_hba.conf
+    #  - ./config/postgres/pg_hba.conf:/etc/postgresql/pg_hba.conf
       - ./config/postgres/script:/docker-entrypoint-initdb.d
     ports:
       - "5432:5432"
@@ -41,16 +44,17 @@ services:
       start_period: 10s
 
   openvoxdb:
-    image: ghcr.io/openvoxproject/openvoxdb:8.9.0-latest
+    image: ghcr.io/openvoxproject/openvoxdb:latest
+    # image: ghcr.io/openvoxproject/openvoxdb:8-latest
     container_name: openvoxdb
     environment:
-      OPENVOXDB_POSTGRES_HOSTNAME: postgres
-      OPENVOXDB_POSTGRES_PORT: 5432
-      OPENVOXDB_POSTGRES_USER: openvox
-      OPENVOXDB_POSTGRES_DATABASE: openvoxdb
-      OPENVOXDB_POSTGRES_PASSWORD: StartStart1234
       OPENVOXSERVER_HOSTNAME: puppet
       OPENVOXSERVER_PORT: 8140
+      OPENVOXDB_POSTGRES_HOSTNAME: postgres
+      OPENVOXDB_POSTGRES_PORT: 5432
+      OPENVOXDB_POSTGRES_DATABASE: openvoxdb
+      OPENVOXDB_POSTGRES_USER: openvox
+      OPENVOXDB_POSTGRES_PASSWORD: StartStart1234
     networks:
       - openvox_network
     volumes:
@@ -70,6 +74,7 @@ volumes:
   postgres_data:
   openvoxdb_data:
   openvoxdb_ca:
+  ca_ssl_data:
 
 networks:
   openvox_network:

docker-entrypoint-debug.sh

@@ -1,134 +0,0 @@
-#!/bin/bash
-# bash is required to pass ENV vars with dots as sh cannot
-
-set -o errexit
-set -o pipefail
-set -o nounset
-
-pid=0 # Initialize pid to 0
-
-echoerr() { echo "$@" 1>&2; }
-
-echoerr "Entrypoint PID $$"
-
-## Pre execution handler
-pre_execution_handler() {
-  export CA_ENABLED=true # Force CA_ENABLED to true
-  if [ -d /docker-custom-entrypoint.d/ ]; then
-    if [ -d /docker-custom-entrypoint.d/pre-default/ ]; then
-      find /docker-custom-entrypoint.d/pre-default/ -type f -name "*.sh" \
-        -exec chmod +x {} \;
-      sync
-      for f in /docker-custom-entrypoint.d/pre-default/*.sh; do
-        if [[ -f "$f" && -x $(realpath "$f") ]]; then
-          echo "Running $f"
-          "$f"
-        fi
-      done
-    fi
-  fi
-
-  # Removed 'set -x' as it was only for pre-execution scripts
-  # set -x # Enable debug output for pre-execution scripts
-  echo "CA_ENABLED is: $CA_ENABLED"
-  for f in /docker-entrypoint.d/*.sh; do
-    echo "Running $f"
-    "$f"
-  done
-
-  if [ -d /docker-custom-entrypoint.d/ ]; then
-    find /docker-custom-entrypoint.d/ -type f -name "*.sh" \
-      -exec chmod +x {} \;
-    sync
-    for f in /docker-custom-entrypoint.d/*.sh; do
-      if [[ -f "$f" && -x $(realpath "$f") ]]; then
-        echo "Running $f"
-        "$f"
-      fi
-    done
-  fi
-}
-
-## Post startup handler
-post_startup_handler() {
-  if [ -d /docker-custom-entrypoint.d/ ]; then
-    if [ -d /docker-custom-entrypoint.d/post-startup/ ]; then
-      find /docker-custom-entrypoint.d/post-startup/ -type f -name "*.sh" \
-        -exec chmod +x {} \;
-      sync
-      for f in /docker-custom-entrypoint.d/post-startup/*.sh; do
-        if [[ -f "$f" && -x $(realpath "$f") ]]; then
-          echo "Running $f"
-          "$f"
-        fi
-      done
-    fi
-  fi
-}
-
-## Post execution handler
-post_execution_handler() {
-  if [ -d /docker-custom-entrypoint.d/ ]; then
-    if [ -d /docker-custom-entrypoint.d/post-execution/ ]; then
-      find /docker-custom-entrypoint.d/post-execution/ -type f -name "*.sh" \
-        -exec chmod +x {} \;
-      sync
-      for f in /docker-custom-entrypoint.d/post-execution/*.sh; do
-        if [[ -f "$f" && -x $(realpath "$f") ]]; then
-          echo "Running $f"
-          "$f"
-        fi
-      done
-    fi
-  fi
-}
-
-## Sigterm Handler
-sigterm_handler() { 
-  echoerr "Catching SIGTERM"
-  if [ $pid -ne 0 ]; then
-    echoerr "sigterm_handler for PID '${pid}' triggered"
-    if [ -d /docker-custom-entrypoint.d/ ]; then
-      if [ -d /docker-custom-entrypoint.d/sigterm-handler/ ]; then
-        find /docker-custom-entrypoint.d/sigterm-handler/ -type f -name "*.sh" \
-          -exec chmod +x {} \;
-        sync
-        for f in /docker-custom-entrypoint.d/sigterm-handler/*.sh; do
-          if [[ -f "$f" && -x $(realpath "$f") ]]; then
-            echo "Running $f"
-            "$f"
-          fi
-        done
-      fi
-    fi
-    kill -15 "$pid"
-    wait "$pid"
-    post_execution_handler
-  fi
-  exit 143; # 128 + 15 -- SIGTERM
-}
-
-## Setup signal trap
-trap sigterm_handler SIGTERM
-
-## Initialization
-pre_execution_handler
-
-## Start Process
-echoerr "DEBUG: Attempting to start Puppetserver in foreground."
-# run process in foreground
-# set -x # Enable debug output - moved to be after pid capture
-/opt/puppetlabs/bin/puppetserver foreground "$@" &
-pid=$! # Capture the PID of the background process
-echoerr "DEBUG: Puppetserver started with PID $pid."
-set -x # Enable debug output after pid capture
-
-wait "$pid" # Wait for the puppetserver process to finish
-return_code=$?
-echoerr "DEBUG: Puppetserver exited with code $return_code."
-exit $return_code
-
-# The following lines will not be reached if exec is successful
-# If exec fails, the script will continue here, which indicates an issue
-# echoerr "ERROR: Puppetserver failed to start in foreground."
-# exit 1