JonnyBravo/openvox-docker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

run super

Browse Source
This commit is contained in:
jonnybravo
2025-12-08 18:50:29 +01:00
parent ee282d194d
commit 85bcb598df
13 changed files with 219 additions and 359 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
README.md Normal file
View File

@@ -0,0 +1,53 @@
# PuppetDB API Abfragen
Dieses Dokument beschreibt, wie man die PuppetDB-API direkt über `curl` abfragt, um Informationen über den Status der Puppet-Clients zu erhalten.
Alle Befehle werden innerhalb des `openvox` (Puppet Master) Containers ausgeführt.
## Alle aktiven Clients (Nodes) auflisten
Um eine Liste aller von PuppetDB verwalteten Clients zu erhalten, die aktiv sind, verwenden Sie den folgenden Befehl:
```bash
docker compose exec openvox curl -s http://openvoxdb:8080/pdb/query/v4/nodes
```
**Beispiel-Ausgabe (gekürzt):**
```json
[
{
"certname": "arch-2.lxd",
"latest_report_status": "changed",
"facts_environment": "production",
...
}
]
```
Dies zeigt Ihnen den `certname` jedes Clients, den Sie für weitere Abfragen verwenden können.
## Reports für einen bestimmten Client abrufen
Um zu sehen, was auf einem bestimmten Client gelaufen ist, können Sie dessen Reports abfragen. Ersetzen Sie `arch-2.lxd` mit dem `certname` des gewünschten Clients.
```bash
docker compose exec openvox curl -s -G http://openvoxdb:8080/pdb/query/v4/reports --data-urlencode 'query=["=","certname","arch-2.lxd"]'
```
### Interpretation der Report-Ausgabe
Die Ausgabe ist ein JSON-Array von Reports. Jeder Report enthält wichtige Informationen:
* `"status"`: Zeigt das Ergebnis des Puppet-Laufs.
* `"changed"`: Der Lauf war erfolgreich und es wurden Änderungen am System vorgenommen.
* `"unchanged"`: Der Lauf war erfolgreich, es waren aber keine Änderungen nötig.
* `"failed"`: Der Lauf ist fehlgeschlagen (z.B. wegen eines Kompilierungsfehlers).
* `"logs"`: Enthält die Log-Meldungen des Puppet-Agenten während des Laufs. Hier finden Sie Details zu Fehlern oder erfolgreichen Aktionen.
* `"resource_events"`: Zeigt im Detail, welche Ressourcen geändert wurden.
Anhand dieser Reports können Sie genau nachvollziehen, welche Aktionen auf einem Client erfolgreich waren und welche nicht.
## Weiterführende Informationen
Für komplexere Abfragen können Sie die offizielle Dokumentation der PuppetDB API konsultieren:
[PuppetDB Query API Documentation](https://puppet.com/docs/puppetdb/latest/api/query/v4/overview.html)

1
ca-ssl/ca
View File

@@ -1 +0,0 @@
/etc/puppetlabs/puppetserver/ca

63
ca-ssl/certs/ca.pem
View File

@@ -1,63 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIFgTCCA2mgAwIBAgIBAjANBgkqhkiG9w0BAQsFADApMScwJQYDVQQDDB5QdXBw
ZXQgUm9vdCBDQTogZmZmNjYxYWI3NDBlMjIwHhcNMjUxMjA0MjI1MDE3WhcNMzAx
MjA0MjI1MDE5WjBFMUMwQQYDVQQDDDpQdXBwZXQgQ0EgZ2VuZXJhdGVkIG9uIHB1
cHBldCBhdCAyMDI1LTEyLTA1IDIyOjUwOjE3ICswMDAwMIICIjANBgkqhkiG9w0B
AQEFAAOCAg8AMIICCgKCAgEArc99Lx0gu8A7HgTaBIyIIVteGLOMxQtWj5KtsqH8
LgpteNFVQFfOsnFW8LaKGAFCET3I5viNmD+txJVoIkac8NjajViW+y21J3vOxYVI
Etb7eNOyrlBoyzCLVDKgJWySdju7x73Qw1HzAbgSgcM59J88q4YfAvFHpatX6+cp
QQe1WO5JFAHN4hR4Pf47wPi5F4q2s+RRR/Kl9aRflg3dVCQs8MM9tYv8Ca3DYKmw
ZbZM7fFCMnqoAA8CY5f6U6tGiHFi6IOaJQVmNZosep7zzIohhrNx4cW+ORLFaCW1
5JDy30396jo0sP6QseJEFTue9Q+7ReRXlC5FEIRjGdaQbTN6nUx4ObPl5nmnEkBF
MPqRfSXz1FMsepaOVwpss9Ggb8+91HL+rxyqE6IWUP5A4n/7y3iU/oFFrQ9RC7rE
l3NxyFi87wLyME4gMIkAYZHr5SWFexcYk3Z0zGlMhfysc1HRykh/bMGt8lzUmhRE
Bh1CWs0DumYU7G2z5jdAIlyLSWNU/Vvm+nZMveVPn781DFS+wHYWtgVb0j5giHbl
ph19aidPlIgzCiVKpgi1XCwmlpIUs+yp3VPnkFR5lk1vTSZJkaKnH3kr1WW3J4CU
KDw1ftK3CwV5KAA34xcs1xNI0NxvsdIwQAlGw/KyVaRPmcwwm3dmUjPVtA64Ij6V
VkECAwEAAaOBlzCBlDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAd
BgNVHQ4EFgQUaN0DSCpQ9X/vRbjswjh6FRRngmcwMQYJYIZIAYb4QgENBCQWIlB1
cHBldCBTZXJ2ZXIgSW50ZXJuYWwgQ2VydGlmaWNhdGUwHwYDVR0jBBgwFoAUHZnQ
f1RICLo0IiFV9LjEjG9/9VYwDQYJKoZIhvcNAQELBQADggIBABYWZhcDPtT06g3A
OvdEuejnfj6JFB8SH1OxLV5aKjUWT2fVKqngKlBTDUIX+MosN1yMlkk+gePnIy1Q
+ykEuBgB9b3SVXvT4Qj1j0JNt2e+BoklC2NOmxJHV283DJ7YH0YIl9c3G+5/njb/
5lKKmk3yDRKxH+rw5U3DOXW0m9Qyj/SOHrBeewGsA0NWvkYRnxvOF8pUdmhaNhTE
wI7PectNkm8rXn+7nVaCXDhW8IEj90ZnirQCoLFASPVhzm5SS3cvXrXuWGaVw0wg
i0qmRWybqXGbpU/NmoYcFfkzBfcPplQU1TXzWS2HtukIKRT1EydljVxw8suFt1sL
02QQgRCxiDNUnQkcXcC/c2Wb8tAs2YQZ6mgxtNb1T05Cf67RfjxGeICsXBa335I+
ioUp2xt+EBk3qjSJ+TtpfG1vGABxC5T8SOxD3DMyKa/C1SnF8nAAYuIVHJBdkvUR
d8kDnmcWl/bcjS7Zm/KO9ZJud0nb6X54iUnOOQ5IV5WWh1BGCxRvGZD6ItlW21cn
uw+vdmu32RRulApXjZfw4HnG87lZC5LcB3xPpzpA7eAg2nm2bxO/tyJ5RWdVGmKJ
M2uXH67935uckRbQ6hPYji8LMt0OfKDKBXcALeR73RZIbMikdOM0K5AzCBHle0gH
YnDivlWp+jCR7Y21BzJ1jQDgFKK8
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFZTCCA02gAwIBAgIBATANBgkqhkiG9w0BAQsFADApMScwJQYDVQQDDB5QdXBw
ZXQgUm9vdCBDQTogZmZmNjYxYWI3NDBlMjIwHhcNMjUxMjA0MjI1MDE3WhcNMzAx
MjA0MjI1MDE4WjApMScwJQYDVQQDDB5QdXBwZXQgUm9vdCBDQTogZmZmNjYxYWI3
NDBlMjIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCY3JYtGQJW6xeD
wg9S/GJ5wQUTgIyHKU+pCB/nD5O7i9VLHjxdttMGvalk8FksVxhIPX1Y6XBAoE6O
3vdmm7pHt+byzpggZhxZQr7oGBopq9iAjDe6s1vX6hRfLYQ5MOBRsiBOJXmE1Px+
CeIEXrYQYQkkDEh/cXKVuDoUtnue/CmhBn58u2R3jyIp9RRpvMokv9XUujg0oPlL
F+5h66baDZr2USdddj97g7gFOoMiTcG7ZwqSpL7sPfMOzHeOjMCIIAMERJkEC56R
ns+KverL56skAFNUndJpOaTwQEQo1kdjYkkwbLp9sTUTAiYbDBAalEwWKltQ5kOF
J2khyA7nv7LfMU1ob879xAxg47aFwoQEX/aLShBP8lWukr0BfzYrJwMSWRNql35w
Flyzh9Z5jd/WX+aceVkYJ1k4FSCpzUqtszLT1scDFrdbwnxeur2qfA779W5DIAx9
rNEypRVpj6BqM5ckhHD8v8SgAitEETXV9lyIlJYtnFU2rfwIRujRIoVNwxw76aip
aWDcPO2cH90lLyInh43Ab+8Mf+KL86VeGKDrwkB6L3rMnFfVyefC9DfH0Yvmo3vI
i8jb1znM8WLhHDIz3Ikj+vTyfffx0qyatrpthcNNZ5TbdL5WWksu8iyqdiPvoxfX
FPSbWGN7CR/WxjOf952B+Ni2rWTRSwIDAQABo4GXMIGUMA8GA1UdEwEB/wQFMAMB
Af8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBQdmdB/VEgIujQiIVX0uMSMb3/1
VjAxBglghkgBhvhCAQ0EJBYiUHVwcGV0IFNlcnZlciBJbnRlcm5hbCBDZXJ0aWZp
Y2F0ZTAfBgNVHSMEGDAWgBQdmdB/VEgIujQiIVX0uMSMb3/1VjANBgkqhkiG9w0B
AQsFAAOCAgEAgo+7VyVvAuYmUvw+fR78zjQpijFBAJuPMGKFRgJnOe+PaCBRDtex
3vFtwZR2BjhkW4/1+33gD45cjAIjZ65oeTBo0M7Z3LbGlIsZCl/zAK7pjBuJpiFP
mgxaRPm/zO8Hgz9uozoMlDq/Bao2HfxD4tf/yOhgkA8rZ2UMdMNZhpXQU3zK+3MJ
5lIhGzkrGLxbKjYXiTL0POQCYK5IhNStfsl2Kmk7I3K6G52Y9oYt0D0heZdzrorp
RsoGwJGRgX+RRcMybWppHCNWrFtBDUA0yZ6daJjXpEMizErsocS+Fla/YnjbJVMh
xxfHVMvFKZVNnYic0qi+ip4uA0SfrtV63pmBCGPmab0e7FiZUYJZkTxmszF3i0wP
L9CcXnrU1uH0tog38jcDzTVKqjDQULyctygc/7N+CJLCkgE3ch/aDrtEdcKxOuQf
xXfkG189jf5HYgzNCGvzPbq964PnAA+Vx/gkMXhSItUWr1tzD62vFI6AiS4p0fQo
PGQYiVKGUKnkDCwLceENTJZ88g9+YeWQQtPtcc2yfD9OCWNMpij/gr5xCkQL+cCf
ER2RAQLYGCcUuVkC6ObDcy/FxKDtgIHhoRNox+mehmjEoHWU40wjvTshUin5+F57
OkFoxPyB9VE0hzJM0ccgY4iRo1Dt0R8EZnTqtDotRESo+aNtB7bEUlc=
-----END CERTIFICATE-----

34
ca-ssl/certs/puppet.speedport.ip.pem
View File

@@ -1,34 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIF1DCCA7ygAwIBAgIBATANBgkqhkiG9w0BAQsFADBFMUMwQQYDVQQDDDpQdXBw
ZXQgQ0EgZ2VuZXJhdGVkIG9uIHB1cHBldCBhdCAyMDI1LTEyLTA1IDIyOjUwOjE3
ICswMDAwMB4XDTI1MTIwNDIyNTAxN1oXDTMwMTIwNDIyNTAyMlowHjEcMBoGA1UE
AwwTcHVwcGV0LnNwZWVkcG9ydC5pcDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC
AgoCggIBAMPWIb7BpU7q9ROWWDnhbY/YWU26j13DW5Kxz4rWUOXzv3ebqyFTA+e9
tExvCHfCq555ROAtYAlHKRQSz6aA7bLoQGNywxpdbeJfcG0C9cGv1C3bHk9+qql5
YeNNfirj1THRanH/ZbW1fNUO3XehntKveEXb8mgFfAh4CQAXOcVR0eSjY7LyfPRX
vXYkd/LtHlTDaR9PNnBUaAZcur3/ylTPvBR8UwOKbchGr7ZEkzqW6EaEA0r8Culy
OJY+StBlHU0owuPi6u6HsIR2YEA/rRx/ERtUhROPXXsymQPWjp07Rl1JFLPIRYwW
8F2fH50ViFloouQPNnj/HDzX6+Zfcc388EpE3l42/z4Hm3l8JjrFlDzSq+mk1frW
uZz3n+NsZGTkWKZa4qp3UiIxidjwJgrrGres3UgBv65hgq54fg/5jGAOstSnYKzU
biNAxytSipECRstUWsKIuX0cIdMZzhYVIRSnaDWzUa/EiareBVG3uZ7AD6BFQyhv
MOMCtG3hcmC+SjVTZWs4JSHJs84Bo20+uS7AjG9FDrbPrqPi5SoCPQuBLsggghkN
YMiB/sNqErbpT2KtVEcn1jIT71HqSQ9NGLi5g4fg+YnOIIYVBIHG+PD7AsatUWwQ
84imemjwq4HW9u48lw9H/JQk6kb9X5pz4MAlXd1B1ApZSuQtg+DXAgMBAAGjgfUw
gfIwDAYDVR0TAQH/BAIwADAxBglghkgBhvhCAQ0EJBYiUHVwcGV0IFNlcnZlciBJ
bnRlcm5hbCBDZXJ0aWZpY2F0ZTAfBgNVHSMEGDAWgBRo3QNIKlD1f+9FuOzCOHoV
FGeCZzAgBgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDgYDVR0PAQH/
BAQDAgWgMB0GA1UdDgQWBBSztTQjy5ZflFlzOoyfzXRJK7BpVjAVBgsrBgEEAYKM
TAEDJwQGDAR0cnVlMCYGA1UdEQQfMB2CBnB1cHBldIITcHVwcGV0LnNwZWVkcG9y
dC5pcDANBgkqhkiG9w0BAQsFAAOCAgEARLvJc6SeWMXrPLunZBsdFc6WuBrQgkh4
1lUwqZ3hYViCWP/Enm3BefloZAst0ZXUDV6nFADCwU4ODv07KmWeG5jUL4GcA6G4
zMrwmUNWzioI42oVtPqFT6dvCz6WMh9UqZmp5upkMp3Yi2S+kEwOlPD4VVx2CGSt
JC28rA59EcWMhoVzsnlgzyLcBPDHj05D/pU23zwl9aHommTMczpiqDuKgihTNwZt
sMpLQoyqorZyJ8+1QkHXH2etYevv01x3g5l/NuXOavDrFcSYEaEKmtORkRMOF6fA
L4N5I1olc0RaMelWccx+XyaUQm1G1NVY0qLM25T3QpODylLLEkfxxVsAS5uHwotZ
M+GhwI5JLrCluaJ6BXpcoQj6kZ8b5NF9R0DbCZlNC1lwLRPtDuyLTDxqMStRIIVn
Jt9JCnA+6PKSfPZ0soPkbZE0oYOkar3gAP5FAVBZJi/0AXMCs9/VJLW8Ow6tQW1q
6YshhtXEALZaFnZ9gqS+9y5/cTi62g4vZ9faACf9E/h5xhow2YlUyz3at8U7Xlno
VAmaOBxmB+zVzbyL+XjUfyW8aIhPRap6t6R14077GunuSH8XYYi3XHoz0pd4uZ3S
NQZ0H+NPCqH/RWN0+BglrdfIOoTkMM2PUu2ekWLHzp0pM3WHQqb8nJJ9V5/4QbsB
11h1JX9+0Zw=
-----END CERTIFICATE-----

34
ca-ssl/crl.pem
View File

@@ -1,34 +0,0 @@
-----BEGIN X509 CRL-----
MIICvzCBqAIBATANBgkqhkiG9w0BAQsFADBFMUMwQQYDVQQDDDpQdXBwZXQgQ0Eg
Z2VuZXJhdGVkIG9uIHB1cHBldCBhdCAyMDI1LTEyLTA1IDIyOjUwOjE3ICswMDAw
Fw0yNTEyMDQyMjUwMTdaFw0zMDEyMDQyMjUwMTlaoC8wLTAfBgNVHSMEGDAWgBRo
3QNIKlD1f+9FuOzCOHoVFGeCZzAKBgNVHRQEAwIBADANBgkqhkiG9w0BAQsFAAOC
AgEAVrcpf7vF0dD8t4LfLFvh4wWMCHgo+veFNTMqHUbandRjMTLHUqbujnHj3C5B
qrbHtTp6lzTDw8W25niJtIkLSMiYue666RzePcvBoknDvvw4/OEIPa6gaSSJgc9k
DGu1qRd7btbILeXWO5jCb0KElS8aWSHT51gH9eAbTRICETltAKwbXWPFg/0AQv3R
ab5Fyj7vYO9+JfdfP8BNyUSKeQls+7UVTOsFOYACFZqhXzPUUlc4+vKj/gpeujgc
58w+IPPMNyPXG8xeleFYTzZ1/zMIXbW14YTBdTtPPWjcU2DriRL9fJmH5wYkU2/0
MDfaZOByf8twhe1V7nT3hiBkjflYywNXFgsojE+TYqkoIrtkMmFtpL40UA8zAUW9
GfV6O+6wzkG9FXKiG/ZUbviQFd5sE3/5fPJt6qukH9E7612PJ5C1mgdiW4c+181v
TqaZuHkWTY1U7Ciwn0aj0Cxp00HyIeKDAVp17rNCYnfhNbwZC6Vu0Edyn2r1qztN
BQrRL3AmbS4yjkEGIwtj/FP3UvyZqNBVyEbgDlDZClyo/aOoW090DNx9V4b1jzX6
UpjOLTvb0u72e6vCbo6zhMD1TqnLBzzUaGbMkVg+xmsdrxAmTvy0B/roldkCdxQ2
FtEFGyLnh8m8wInA7J8s4noutmS4GWOAX3h+PAqufrXY/Hw=
-----END X509 CRL-----
-----BEGIN X509 CRL-----
MIICozCBjAIBATANBgkqhkiG9w0BAQsFADApMScwJQYDVQQDDB5QdXBwZXQgUm9v
dCBDQTogZmZmNjYxYWI3NDBlMjIXDTI1MTIwNDIyNTAxN1oXDTMwMTIwNDIyNTAx
OFqgLzAtMB8GA1UdIwQYMBaAFB2Z0H9USAi6NCIhVfS4xIxvf/VWMAoGA1UdFAQD
AgEAMA0GCSqGSIb3DQEBCwUAA4ICAQArWJW4adDARe/rySBK2oq7IDXdz+8HRghZ
bOs4E9pdrmVSVNYdTTvbcAPd2T0RhJaZPph+djfyj+/yijmaunnACTAwLiaoroJf
LcHCgOSu/n3zUMkszkzsuVYN7p0sV3OAUKMknvzz2qNV/P0ErQUN4yShemi71K0N
HklGuVIk3UOswVzw/6jn0DglCIOtpYgRiB2fixYUMMSK1u0FxtXDTQqdholqjv3F
1kRDCiy7qXQeQe6Xa5tc+Jm1UILk7pUo1MulTIJpuEQXqjVaVU8/HrWGCAYejN9A
9IW97leVo6x3tsP3OYixX2jefpvkLbnJWe+tFCqhMjF3Tpy32ru93ThCB8EAz0BN
THiqMQZ21YLsxSgd7elaEtV66lior9ciJC6wUNuYmXlwXuzMtI+Z39I+bXacmUNg
6sk0Mos+Bnmf0vGypRMxsrhe2v30ndFdkYKTG1PP4nMowJ5DYxEG+KS72LpsysHt
aQHiwZ2HJLX5E79q2gvJ9KMWTijSy0ZnSLa4c1fBuSkJ0t8pLFFUP9nvbpbw8P5H
9LG+mYfopxOgeRPg4my5Fxh5Y4+rAxZRuetzuVi8nDU63QGCiwoU8Hc7CBdGAUvd
MD3aiZAB6w/tJ1+IAoZw7yoSqOeqs9YaXA2bZG+1NYsjOB+ttglte3TDTPsCd75I
lRa0kJ2NoQ==
-----END X509 CRL-----

51
ca-ssl/private_keys/puppet.speedport.ip.pem
View File

@@ -1,51 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIIJKQIBAAKCAgEAw9YhvsGlTur1E5ZYOeFtj9hZTbqPXcNbkrHPitZQ5fO/d5ur
IVMD5720TG8Id8KrnnlE4C1gCUcpFBLPpoDtsuhAY3LDGl1t4l9wbQL1wa/ULdse
T36qqXlh401+KuPVMdFqcf9ltbV81Q7dd6Ge0q94RdvyaAV8CHgJABc5xVHR5KNj
svJ89Fe9diR38u0eVMNpH082cFRoBly6vf/KVM+8FHxTA4ptyEavtkSTOpboRoQD
SvwK6XI4lj5K0GUdTSjC4+Lq7oewhHZgQD+tHH8RG1SFE49dezKZA9aOnTtGXUkU
s8hFjBbwXZ8fnRWIWWii5A82eP8cPNfr5l9xzfzwSkTeXjb/PgebeXwmOsWUPNKr
6aTV+ta5nPef42xkZORYplriqndSIjGJ2PAmCusat6zdSAG/rmGCrnh+D/mMYA6y
1KdgrNRuI0DHK1KKkQJGy1Rawoi5fRwh0xnOFhUhFKdoNbNRr8SJqt4FUbe5nsAP
oEVDKG8w4wK0beFyYL5KNVNlazglIcmzzgGjbT65LsCMb0UOts+uo+LlKgI9C4Eu
yCCCGQ1gyIH+w2oStulPYq1URyfWMhPvUepJD00YuLmDh+D5ic4ghhUEgcb48PsC
xq1RbBDziKZ6aPCrgdb27jyXD0f8lCTqRv1fmnPgwCVd3UHUCllK5C2D4NcCAwEA
AQKCAgARGra/znH9vo/BMjRqecHz+lVycITtD48D9PvHiIhwTSW/8Jy1wGZq6yrA
MkJvE1Wh9b2KRuxIYyq3Uh1I0aHxKk/VX8SinN5oEyXin4uPaygBCU5QayPEwZFH
JRGL9XI9c6j0Y/YiNMO+aBn3xOn2RNUgZOF7LF907eb7Vwv4q/jFG3AtxPgc7zzh
ALZpRUSM6rRXw7dhgD3FsHuu9JRba/llYKZvfLux7lqSdNLXHy8SWZ1gAzuAwDUp
Ci/Gm84/WvwKo1sZkkhciWpGskkQYBjCZlNpLfBgPj8XErpKCU9P/n4MZcWNQsOj
qa49LhBGntj7SkjbsIxq1AEKkfOCfuWDv1en0qglpTc+UVPs1/VVK4VyIA6UInyA
HccfOstXLrIL8/jzj1KI/r5LX8EsqdXGvmEfvBhNoIdRqtOUG3LNbtqQyoVK9jbZ
kaW+FCEXUbDatBsWhpqLEfJ4SZEp10jv92XNan9VTeClsURoVDrjFjtitOHeFb02
OKbK3Lb97ikUHrj3QORAa3twC2wBkk7jXyVL3RFiSx012xLfQ02Ukz57E8RYKKYQ
ICwFB1oaoubGfA7JOlDZl+9KJvm+41uv5qXkog2TCzXvdQMiVxEeJduj3e65752z
jINP/50+EsemVZJsIqn+1nWbUzZjM+KfBxSCZkF0fl1EHmJt4QKCAQEA+mjevs/a
79Nx9yVk/wNOx4a6zVsJNgecbloYWintBEy0uTZxECKNE/H1ZIMGW01Wm2SvMyIB
8YI91+BNtdt8Tdqy++14yebNU6b/N5BHXVkiUwXgRHy3UkwmcT6VY0cOFM7gPvKe
3esIPF+sumi6o0kCkmzrivAX55UX2vnvLPeFAjs8QQGIKnxO7ZN29w4rQU1mupbh
NN79wTKbZBi9muBD2ACNepeP0iOdtJMEoeJmrMQaNyXeTmoZ35TInyDoFv5qn8OU
HfYuta0mA92oA5l2Wq9R4UZp6Jt/KKwqpVPG925Fmz0rm62VqYBNlT4TtKigGLJU
pR2sTeFfaA2RtQKCAQEAyDVeEXF6xDh8Nz3tdsZV52ogIGQfsdxQZ/ymrqs6evDH
g0Y6CCklyLdIePo0hlTW4fBTyKFrClWxQr/MLkZQcwhmsXOei3LUbvx2IIBtzYPt
k4RYJUE2m9Axb2zkFaKbkf87AyAKYw2Suc9PzxQzOjjTOmfOp99dePh2ogxFqMTN
jN/SQqS83Y8BBuOJXLGoZM1iI/vcUFqvu1HzA91QZhKLKD0nDEU9VcuIn3Ap9/4i
Nx0zOahb62XWVfJTWDiHOqONJXoJO0+yAPi2V4VWLR/qqTDaKSG77Pd4fJqyzbPJ
LxC/pziJ0Zo9+ENujAMvWBf4+V64nIo8a5RXtIgv2wKCAQEAoA2hufKfLMVIxcB4
Emtp0ixyf8mdVJR+zyX1BMRhg2sH5I5ArCB5bfMsdycsS/Vd0wsC1Lr65QPrRW1Q
HloA1L5hwpbhqqNEQCCwZjJo+uh7APfzhbL1dbvIon9u+rqy7GfiezmWg5+zbut0
Ot2v1ahX5YGK+A5IKTRpwAQadPJsaKW1+JLjFszHoiCsXHMJAL9ZVxATODkDlpYj
LlKF9lU75/dKdr4jJhyvs3h48IQGPo1FeFRTCGnWycqOhO+CiRfqzN00cgYliuf2
MWhe+JYBSStgOY5JKW0iVLvesjefKA2qnfP2SJYl3+ZrMGYyMDnLwp1RbwxNUqYn
1hk+NQKCAQBGeSqknzpkqbFnzJ+zCHuimuO2IyhY9kFDaVbO8y0Bq5G/LtAsoTdQ
oNuc4g3tHx4IqA0F+XPxTlq4MUVRIKUe6N0lJ5quYXxPmQSHyk1cY00UeSiB7KOp
Uy6jl0PuLa/vQ1VlczjUxylXyJbCQM0LeIc57uJ6ixCfDW7M+d7nWmc0aHDdzplA
sB7fauamP08UNIuQOQ7DJjjniiAtwxCS7YIYZvZAxnqhoaR04wmS5tzqY5ftesro
YI+C72rRCgzn4jxD7eIkA5iX6PReeGvuNGboqW6RvfMlpbK+wcGg0OFHdPDRjwBM
TKv1oN7f4BshOkcEmIgJakt8XtpEjQ+zAoIBAQCxiw8kpdNXybadaWhQ+Fv2pW/m
gZsnyxuMwM7+TM5/CfCt5lepS5mUQXc064fdoOc2gCY1HaBV06PCPYQ0X00zBU3L
8Md1F7X5apTIv7ltoF/OxeLTWepW+QUJZBXoxys3uW4qbAp1BA+m9D03hR3csZX/
wAT7QF3mtGpmTndLBmNw2W0vGMI80P/53jAPvHqlX/AXAshvKcsnTfRt05oqbHny
gI2stRw1TVKjvGtkAOA6KHakLZdtZNqYn3QJktYMiBNVV+eLHcjJYU+5+eT7fe/P
7BpYp98YutcQrksgHvORNaPlX/eKKL7jca0/5LQkiW8QaQaj49D79ICVbI8z
-----END RSA PRIVATE KEY-----

14
ca-ssl/public_keys/puppet.speedport.ip.pem
View File

@@ -1,14 +0,0 @@
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAw9YhvsGlTur1E5ZYOeFt
j9hZTbqPXcNbkrHPitZQ5fO/d5urIVMD5720TG8Id8KrnnlE4C1gCUcpFBLPpoDt
suhAY3LDGl1t4l9wbQL1wa/ULdseT36qqXlh401+KuPVMdFqcf9ltbV81Q7dd6Ge
0q94RdvyaAV8CHgJABc5xVHR5KNjsvJ89Fe9diR38u0eVMNpH082cFRoBly6vf/K
VM+8FHxTA4ptyEavtkSTOpboRoQDSvwK6XI4lj5K0GUdTSjC4+Lq7oewhHZgQD+t
HH8RG1SFE49dezKZA9aOnTtGXUkUs8hFjBbwXZ8fnRWIWWii5A82eP8cPNfr5l9x
zfzwSkTeXjb/PgebeXwmOsWUPNKr6aTV+ta5nPef42xkZORYplriqndSIjGJ2PAm
Cusat6zdSAG/rmGCrnh+D/mMYA6y1KdgrNRuI0DHK1KKkQJGy1Rawoi5fRwh0xnO
FhUhFKdoNbNRr8SJqt4FUbe5nsAPoEVDKG8w4wK0beFyYL5KNVNlazglIcmzzgGj
bT65LsCMb0UOts+uo+LlKgI9C4EuyCCCGQ1gyIH+w2oStulPYq1URyfWMhPvUepJ
D00YuLmDh+D5ic4ghhUEgcb48PsCxq1RbBDziKZ6aPCrgdb27jyXD0f8lCTqRv1f
mnPgwCVd3UHUCllK5C2D4NcCAwEAAQ==
-----END PUBLIC KEY-----

67
code/environments/production/manifests/all_system.pp
View File

@@ -4,13 +4,37 @@ class all_system {
owner => 'root',
group => 'root',
mode => '0644',
content => "Willkommen auf diesem Server von JonnyBravo ein neuer Nerd am Himmel DANIEL. Er wird von Puppet verwaltet.\n",
}
content => "<-----------------------Dieser Server wird zum Teil von Puppet verwaltet.----------------------->\n",
}
user { 'jonnybravo':
ensure => present, # Der Benutzer soll vorhanden sein
managehome => true, # Stellt sicher, dass das Home-Verzeichnis erstellt wird
purge_ssh_keys => true,
shell => '/bin/fish', # Setzt die Standard-Shell für den Benutzer
}
class apt_upgrade {
ssh_authorized_key { 'jonnybravo_root':
ensure => present,
user => 'jonnybravo',
type => 'ssh-rsa',
key => 'AAAAB3NzaC1yc2EAAAADAQABAAABgQC0N6XKCM67FFpM0VRlEjZXIVROWNOPV1xDDA5VW4VAhe9II+rLnAg4KMNaJZgutANh1pQGh2Yv6SUPTmgjxi+uBv+HLNvJ41NWrPMH0w7XUSzvOXJbYx8GdebvhuurBiH+3kjyubE8YCq6xZHDqpuhZaZySc9AEp8QFgtN86jUD1U5pMpMKmw7tTLtZK9WWIktFzLjjqk+xnLHVsN4mS0VaJRWzLIqwI5AT38CMpuBTZEhY2ySORY0bUvEpxU6oqcNwHEJ3KLCOPZrtOtmUAo8s8NEN+cgxd6m9DkkU2x/jFVdnfNlfIG1Qk2XvkLPrakBy8czQvBsdlPoaRg+qawEl9PlE0p5G1fMbUKQjqSPUfcnkKjdQThOIU632Az3XnOQ4T9xXyXPzMwTRaI51uUnwCkIRKq3EuSG83PFTCPTMZ31P0mT9+Nm4lTAfzBbuO4rV58tPL4+zNe1HJt6pq+GI4Swe76xE588iWgFbCmJHKPHHOxDUnCK5afJwvs/4tE=',
}
case $facts['os']['name'] {
'CentOS', 'RedHat': {
# Configuration for RedHat-based systems
}
'Ubuntu', 'Debian': {
# Configuration for Debian-based systems
file { '/usr/bin/apt-get':
ensure => 'file',
owner => 'root',
group => 'root',
mode => '0755',
}
cron { 'apt_update_upgrade':
command => '/usr/bin/apt-get update && /usr/bin/apt-get -y upgrade',
user => 'root',
@@ -19,11 +43,40 @@ class apt_upgrade {
minute => '0',
require => File['/usr/bin/apt-get'],
}
package { 'apache2':
ensure => 'present',
provider => 'apt',
}
}
'Archlinux' : {
# Configuration for Arch-based systems
$basic_package_list = ['fish', 'tmux', 'python']
file { '/usr/bin/apt-get':
ensure => 'file',
owner => 'root',
package { $basic_package_list:
ensure => 'present',
provider => 'pacman',
}
# Configuration for Arch-based systems
schedule { 'weekly':
period => weekly,
repeat => 1,
}
# Führen Sie die Systemaktualisierung durch
exec { 'pacman-update':
command => '/usr/bin/pacman -Syu --noconfirm',
provider => 'shell',
logoutput => 'on_failure',
schedule => 'weekly',
path => ['/usr/bin', '/bin'],
user => 'root',
group => 'root',
mode => '0755',
timeout => 0,
}
}
default: {
fail("Unsupported operating system ${facts['os']['name']}")
}
}
}

17
config/openvoxdb/database.ini Normal file
View File

@@ -0,0 +1,17 @@
# This file configures the database connections for PuppetDB.
# It is mounted from the host system via docker-compose.yml.
[database]
classname = org.postgresql.Driver
subprotocol = postgresql
# The subname points to the postgres service defined in docker-compose.
subname = //postgres:5432/openvoxdb
username = openvox
password = StartStart1234
[read-database]
classname = org.postgresql.Driver
subprotocol = postgresql
subname = //postgres:5432/openvoxdb
username = openvox_ro
password = Start1234

33
config/postgres/script/setup_readonly_user.sql Normal file
View File

@@ -0,0 +1,33 @@
-- Dieses Skript enthält die Logik zur Erstellung eines dedizierten Read-Only-Benutzers
-- und zur Anpassung des Hauptbenutzers.
-- Dieses Skript enthält die Logik zur Erstellung eines dedizierten Read-Only-Benutzers
-- und zur Anpassung des Hauptbenutzers.
-- 1. Erstellen Sie einen neuen Benutzer mit einem sicheren Passwort.
CREATE USER openvox_ro WITH PASSWORD 'Start1234';
-- 2. Entziehen Sie alle Standardberechtigungen für den neuen Benutzer.
ALTER DEFAULT PRIVILEGES IN SCHEMA public REVOKE ALL ON TABLES FROM openvox_ro;
ALTER DEFAULT PRIVILEGES IN SCHEMA public REVOKE ALL ON SEQUENCES FROM openvox_ro;
ALTER DEFAULT PRIVILEGES IN SCHEMA public REVOKE ALL ON FUNCTIONS FROM openvox_ro;
-- 3. Erteilen Sie die erforderlichen Mindestberechtigungen.
-- Erlauben Sie die Verbindung zur Datenbank.
GRANT CONNECT ON DATABASE openvoxdb TO openvox_ro;
-- Erlauben Sie die Nutzung des 'public'-Schemas.
GRANT USAGE ON SCHEMA public TO openvox_ro;
-- Erteilen Sie Lesezugriff (SELECT) auf alle vorhandenen Tabellen.
GRANT SELECT ON ALL TABLES IN SCHEMA public TO openvox_ro;
-- 4. Stellen Sie sicher, dass der Benutzer auch Lesezugriff auf zukünftig erstellte Tabellen hat.
ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO openvox_ro;
-- HINWEIS: Der Hauptbenutzer 'openvox' sollte idealerweise kein Superuser sein,
-- nachdem die Initialisierung abgeschlossen ist. Der folgende Befehl würde dies tun,
-- könnte aber zukünftige Schema-Migrationen verhindern oder mit Postgres 18+ zu Fehlern führen.
-- ALTER USER openvox NOSUPERUSER;
COMMIT;

30
config/puppet/puppet.conf Normal file
View File

@@ -0,0 +1,30 @@
[main]
confdir = /etc/puppetlabs/puppet
vardir = /opt/puppetlabs/puppet/cache
logdir = /var/log/puppetlabs/puppet
codedir = /etc/puppetlabs/code
rundir = /var/run/puppetlabs
manage_internal_file_permissions = false
serverport = 8140
# This file can be used to override the default puppet settings.
# See the following links for more details on what settings are available:
# - https://puppet.com/docs/puppet/latest/config_important_settings.html
# - https://puppet.com/docs/puppet/latest/config_about_settings.html
# - https://puppet.com/docs/puppet/latest/config_file_main.html
# - https://puppet.com/docs/puppet/latest/configuration.html
[server]
vardir = /opt/puppetlabs/server/data/puppetserver
logdir = /var/log/puppetlabs/puppetserver
rundir = /var/run/puppetlabs/puppetserver
pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid
codedir = /etc/puppetlabs/code
environmentpath = /etc/puppetlabs/code/environments
hiera_config = $confdir/hiera.yaml
autosign = true
environment_timeout = 10
storeconfigs_backend = puppetdb
storeconfigs = true
reports = puppetdb
ca_ttl = 157680000
ca_server = puppet
ca_port = 8140

29
docker-compose.yml
View File

@@ -1,6 +1,7 @@
services:
openvox:
image: ghcr.io/openvoxproject/openvoxserver:8.8.0-latest
image: ghcr.io/openvoxproject/openvoxserver:latest
# image: ghcr.io/openvoxproject/openvoxserver:8.8.0-latest
container_name: openvox
hostname: puppet
ports:
@@ -8,15 +9,17 @@ services:
- "8141:8141" # Puppet Server HTTP
- "8142:8142" # Puppet Server HTTPS
volumes:
- ./config/puppet/puppet.conf:/etc/puppetlabs/puppet/puppet.conf
- ./code:/etc/puppetlabs/code
- ./ca-ssl:/etc/puppetlabs/puppet/ssl
- ca_ssl_data:/etc/puppetlabs/puppet/ssl
environment:
- OPENVOXSERVER_ENVIRONMENT_TIMEOUT=10
networks:
- openvox_network
postgres:
image: postgres:16.2
image: postgres:latest
# image: postgres:16.2
container_name: postgres
hostname: postgres
environment:
@@ -25,9 +28,9 @@ services:
POSTGRES_DB: openvoxdb
POSTGRES_EXTENSIONS: pg_trgm
volumes:
- postgres_data:/var/lib/postgresql/data
- ./config/postgres/postgresql.conf:/etc/postgresql/postgresql.conf
- ./config/postgres/pg_hba.conf:/etc/postgresql/pg_hba.conf
- postgres_data:/var/lib/postgresql
# - ./config/postgres/postgresql.conf:/etc/postgresql/postgresql.conf
# - ./config/postgres/pg_hba.conf:/etc/postgresql/pg_hba.conf
- ./config/postgres/script:/docker-entrypoint-initdb.d
ports:
- "5432:5432"
@@ -41,16 +44,17 @@ services:
start_period: 10s
openvoxdb:
image: ghcr.io/openvoxproject/openvoxdb:8.9.0-latest
image: ghcr.io/openvoxproject/openvoxdb:latest
# image: ghcr.io/openvoxproject/openvoxdb:8-latest
container_name: openvoxdb
environment:
OPENVOXDB_POSTGRES_HOSTNAME: postgres
OPENVOXDB_POSTGRES_PORT: 5432
OPENVOXDB_POSTGRES_USER: openvox
OPENVOXDB_POSTGRES_DATABASE: openvoxdb
OPENVOXDB_POSTGRES_PASSWORD: StartStart1234
OPENVOXSERVER_HOSTNAME: puppet
OPENVOXSERVER_PORT: 8140
OPENVOXDB_POSTGRES_HOSTNAME: postgres
OPENVOXDB_POSTGRES_PORT: 5432
OPENVOXDB_POSTGRES_DATABASE: openvoxdb
OPENVOXDB_POSTGRES_USER: openvox
OPENVOXDB_POSTGRES_PASSWORD: StartStart1234
networks:
- openvox_network
volumes:
@@ -70,6 +74,7 @@ volumes:
postgres_data:
openvoxdb_data:
openvoxdb_ca:
ca_ssl_data:
networks:
openvox_network:

134
docker-entrypoint-debug.sh
View File

@@ -1,134 +0,0 @@
#!/bin/bash
# bash is required to pass ENV vars with dots as sh cannot
set -o errexit
set -o pipefail
set -o nounset
pid=0 # Initialize pid to 0
echoerr() { echo "$@" 1>&2; }
echoerr "Entrypoint PID $$"
## Pre execution handler
pre_execution_handler() {
export CA_ENABLED=true # Force CA_ENABLED to true
if [ -d /docker-custom-entrypoint.d/ ]; then
if [ -d /docker-custom-entrypoint.d/pre-default/ ]; then
find /docker-custom-entrypoint.d/pre-default/ -type f -name "*.sh" \
-exec chmod +x {} \;
sync
for f in /docker-custom-entrypoint.d/pre-default/*.sh; do
if [[ -f "$f" && -x $(realpath "$f") ]]; then
echo "Running $f"
"$f"
fi
done
fi
fi
# Removed 'set -x' as it was only for pre-execution scripts
# set -x # Enable debug output for pre-execution scripts
echo "CA_ENABLED is: $CA_ENABLED"
for f in /docker-entrypoint.d/*.sh; do
echo "Running $f"
"$f"
done
if [ -d /docker-custom-entrypoint.d/ ]; then
find /docker-custom-entrypoint.d/ -type f -name "*.sh" \
-exec chmod +x {} \;
sync
for f in /docker-custom-entrypoint.d/*.sh; do
if [[ -f "$f" && -x $(realpath "$f") ]]; then
echo "Running $f"
"$f"
fi
done
fi
}
## Post startup handler
post_startup_handler() {
if [ -d /docker-custom-entrypoint.d/ ]; then
if [ -d /docker-custom-entrypoint.d/post-startup/ ]; then
find /docker-custom-entrypoint.d/post-startup/ -type f -name "*.sh" \
-exec chmod +x {} \;
sync
for f in /docker-custom-entrypoint.d/post-startup/*.sh; do
if [[ -f "$f" && -x $(realpath "$f") ]]; then
echo "Running $f"
"$f"
fi
done
fi
fi
}
## Post execution handler
post_execution_handler() {
if [ -d /docker-custom-entrypoint.d/ ]; then
if [ -d /docker-custom-entrypoint.d/post-execution/ ]; then
find /docker-custom-entrypoint.d/post-execution/ -type f -name "*.sh" \
-exec chmod +x {} \;
sync
for f in /docker-custom-entrypoint.d/post-execution/*.sh; do
if [[ -f "$f" && -x $(realpath "$f") ]]; then
echo "Running $f"
"$f"
fi
done
fi
fi
}
## Sigterm Handler
sigterm_handler() {
echoerr "Catching SIGTERM"
if [ $pid -ne 0 ]; then
echoerr "sigterm_handler for PID '${pid}' triggered"
if [ -d /docker-custom-entrypoint.d/ ]; then
if [ -d /docker-custom-entrypoint.d/sigterm-handler/ ]; then
find /docker-custom-entrypoint.d/sigterm-handler/ -type f -name "*.sh" \
-exec chmod +x {} \;
sync
for f in /docker-custom-entrypoint.d/sigterm-handler/*.sh; do
if [[ -f "$f" && -x $(realpath "$f") ]]; then
echo "Running $f"
"$f"
fi
done
fi
fi
kill -15 "$pid"
wait "$pid"
post_execution_handler
fi
exit 143; # 128 + 15 -- SIGTERM
}
## Setup signal trap
trap sigterm_handler SIGTERM
## Initialization
pre_execution_handler
## Start Process
echoerr "DEBUG: Attempting to start Puppetserver in foreground."
# run process in foreground
# set -x # Enable debug output - moved to be after pid capture
/opt/puppetlabs/bin/puppetserver foreground "$@" &
pid=$! # Capture the PID of the background process
echoerr "DEBUG: Puppetserver started with PID $pid."
set -x # Enable debug output after pid capture
wait "$pid" # Wait for the puppetserver process to finish
return_code=$?
echoerr "DEBUG: Puppetserver exited with code $return_code."
exit $return_code
# The following lines will not be reached if exec is successful
# If exec fails, the script will continue here, which indicates an issue
# echoerr "ERROR: Puppetserver failed to start in foreground."
# exit 1