module-puppetdb/manifests/server/jetty_ini.pp

# Class: puppetdb::server::jetty_ini
#
# This class manages puppetdb's `jetty.ini` file, which contains the configuration
# for puppetdb's embedded web server.
#
# Parameters:
#   ['listen_address']     - The address that the web server should bind to
#                            for HTTP requests.  (defaults to `localhost`.)
#   ['listen_port']        - The port on which the puppetdb web server should
#                            accept HTTP requests (defaults to 8080).
#   ['ssl_listen_address'] - The address that the web server should bind to
#                            for HTTPS requests.  (defaults to `$::clientcert`.)
#   ['ssl_listen_port']    - The port on which the puppetdb web server should
#                            accept HTTPS requests.
#   ['disable_ssl']        - If true, disable HTTPS and only serve
#                            HTTP requests. Defaults to false.
#   ['database_name']   - The name of the database instance to connect to.
#                         (defaults to `puppetdb`; ignored for `embedded` db)
#   ['confdir']         - The puppetdb configuration directory; defaults to
#                         `/etc/puppetdb/conf.d`.
#
# Actions:
# - Manages puppetdb's `jetty.ini` file
#
# Requires:
# - Inifile
#
# Sample Usage:
#   class { 'puppetdb::server::jetty_ini':
#       ssl_listen_address      => 'my.https.interface.hostname',
#       ssl_listen_port         => 8081,
#   }
#
class puppetdb::server::jetty_ini(
  $listen_address     = $puppetdb::params::listen_address,
  $listen_port        = $puppetdb::params::listen_port,  
  $ssl_listen_address = $puppetdb::params::ssl_listen_address,
  $ssl_listen_port    = $puppetdb::params::ssl_listen_port,
  $disable_ssl        = $puppetdb::params::disable_ssl,
  $confdir            = $puppetdb::params::confdir,
) inherits puppetdb::params {

  #Set the defaults
  Ini_setting {
    path    => "${confdir}/jetty.ini",
    ensure  => present,
    section => 'jetty',
  }

  # TODO: figure out some way to make sure that the ini_file module is installed,
  #  because otherwise these will silently fail to do anything.

  ini_setting {'puppetdb_host':
    setting => 'host',
    value   => $listen_address,
  }

  ini_setting {'puppetdb_port':
    setting => 'port',
    value   => $listen_port,
  }

  $ssl_setting_ensure = $disable_ssl ? {
    true    => 'absent',
    default => 'present',
  }

  ini_setting {'puppetdb_sslhost':
    ensure  => $ssl_setting_ensure,
    setting => 'ssl-host',
    value   => $ssl_listen_address,
  }

  ini_setting {'puppetdb_sslport':
    ensure  => $ssl_setting_ensure,
    setting => 'ssl-port',
    value   => $ssl_listen_port,
  }
}
Use ini_file to manage settings, and add validation This commit does the following: * Use the new inifile module to manage puppet.conf * More comprehensive management of config files * Validate database connectivity before applying puppetdb config changes * Validate puppetdb connectivity before applying puppet master config changes * Documentation 2012-09-18 00:26:32 +02:00			`# Class: puppetdb::server::jetty_ini`
			`#`
			# This class manages puppetdb's `jetty.ini` file, which contains the configuration
			`# for puppetdb's embedded web server.`
			`#`
			`# Parameters:`
17594 - PuppetDB - Add ability to set standard host listen address and open firewall to standard port Prior to this commit the module did not provide a way to set a bind address for the HTTP port. This commit allows users to not only bind to an address and port other than localhost and 8080, but it also opens the firewall if explicitly requested. 2012-11-13 21:38:38 +01:00			`# ['listen_address'] - The address that the web server should bind to`
			# for HTTP requests. (defaults to `localhost`.)
			`# ['listen_port'] - The port on which the puppetdb web server should`
			`# accept HTTP requests (defaults to 8080).`
Use ini_file to manage settings, and add validation This commit does the following: * Use the new inifile module to manage puppet.conf * More comprehensive management of config files * Validate database connectivity before applying puppetdb config changes * Validate puppetdb connectivity before applying puppet master config changes * Documentation 2012-09-18 00:26:32 +02:00			`# ['ssl_listen_address'] - The address that the web server should bind to`
			# for HTTPS requests. (defaults to `$::clientcert`.)
			`# ['ssl_listen_port'] - The port on which the puppetdb web server should`
			`# accept HTTPS requests.`
(#51) Add option to disable SSL in Jetty This patch introduces the optional parameter $disable_ssl, which defaults to false. If set to true, the settings ssl-host and ssl-port are completely removed from the Jetty section of the PuppetDB config files. This disables serving of HTTPS requests by PuppetDB, which can be useful when SSL handling is offloaded to a reverse proxy server like Apache or Nginx, as suggested in the PuppetDB documentation (see http://docs.puppetlabs.com/puppetdb/1.2/connect_puppet_apply.html#option-a-set-up-an-ssl-proxy-for-puppetdb). 2013-04-09 00:39:04 +02:00			`# ['disable_ssl'] - If true, disable HTTPS and only serve`
			`# HTTP requests. Defaults to false.`
Use ini_file to manage settings, and add validation This commit does the following: * Use the new inifile module to manage puppet.conf * More comprehensive management of config files * Validate database connectivity before applying puppetdb config changes * Validate puppetdb connectivity before applying puppet master config changes * Documentation 2012-09-18 00:26:32 +02:00			`# ['database_name'] - The name of the database instance to connect to.`
			# (defaults to `puppetdb`; ignored for `embedded` db)
			`# ['confdir'] - The puppetdb configuration directory; defaults to`
			# `/etc/puppetdb/conf.d`.
			`#`
			`# Actions:`
			# - Manages puppetdb's `jetty.ini` file
			`#`
			`# Requires:`
			`# - Inifile`
			`#`
			`# Sample Usage:`
			`# class { 'puppetdb::server::jetty_ini':`
			`# ssl_listen_address => 'my.https.interface.hostname',`
			`# ssl_listen_port => 8081,`
			`# }`
			`#`
			`class puppetdb::server::jetty_ini(`
17594 - PuppetDB - Add ability to set standard host listen address and open firewall to standard port Prior to this commit the module did not provide a way to set a bind address for the HTTP port. This commit allows users to not only bind to an address and port other than localhost and 8080, but it also opens the firewall if explicitly requested. 2012-11-13 21:38:38 +01:00			`$listen_address = $puppetdb::params::listen_address,`
			`$listen_port = $puppetdb::params::listen_port,`
complies with style guide 2012-09-20 23:46:26 +02:00			`$ssl_listen_address = $puppetdb::params::ssl_listen_address,`
			`$ssl_listen_port = $puppetdb::params::ssl_listen_port,`
(#51) Add option to disable SSL in Jetty This patch introduces the optional parameter $disable_ssl, which defaults to false. If set to true, the settings ssl-host and ssl-port are completely removed from the Jetty section of the PuppetDB config files. This disables serving of HTTPS requests by PuppetDB, which can be useful when SSL handling is offloaded to a reverse proxy server like Apache or Nginx, as suggested in the PuppetDB documentation (see http://docs.puppetlabs.com/puppetdb/1.2/connect_puppet_apply.html#option-a-set-up-an-ssl-proxy-for-puppetdb). 2013-04-09 00:39:04 +02:00			`$disable_ssl = $puppetdb::params::disable_ssl,`
complies with style guide 2012-09-20 23:46:26 +02:00			`$confdir = $puppetdb::params::confdir,`
Use ini_file to manage settings, and add validation This commit does the following: * Use the new inifile module to manage puppet.conf * More comprehensive management of config files * Validate database connectivity before applying puppetdb config changes * Validate puppetdb connectivity before applying puppet master config changes * Documentation 2012-09-18 00:26:32 +02:00			`) inherits puppetdb::params {`
complies with style guide 2012-09-20 23:46:26 +02:00
Use ini_file to manage settings, and add validation This commit does the following: * Use the new inifile module to manage puppet.conf * More comprehensive management of config files * Validate database connectivity before applying puppetdb config changes * Validate puppetdb connectivity before applying puppet master config changes * Documentation 2012-09-18 00:26:32 +02:00			`#Set the defaults`
			`Ini_setting {`
complies with style guide 2012-09-20 23:46:26 +02:00			`path => "${confdir}/jetty.ini",`
			`ensure => present,`
			`section => 'jetty',`
Use ini_file to manage settings, and add validation This commit does the following: * Use the new inifile module to manage puppet.conf * More comprehensive management of config files * Validate database connectivity before applying puppetdb config changes * Validate puppetdb connectivity before applying puppet master config changes * Documentation 2012-09-18 00:26:32 +02:00			`}`

			`# TODO: figure out some way to make sure that the ini_file module is installed,`
			`# because otherwise these will silently fail to do anything.`

17594 - PuppetDB - Add ability to set standard host listen address and open firewall to standard port Prior to this commit the module did not provide a way to set a bind address for the HTTP port. This commit allows users to not only bind to an address and port other than localhost and 8080, but it also opens the firewall if explicitly requested. 2012-11-13 21:38:38 +01:00			`ini_setting {'puppetdb_host':`
			`setting => 'host',`
			`value => $listen_address,`
			`}`

			`ini_setting {'puppetdb_port':`
			`setting => 'port',`
			`value => $listen_port,`
			`}`

(#51) Add option to disable SSL in Jetty This patch introduces the optional parameter $disable_ssl, which defaults to false. If set to true, the settings ssl-host and ssl-port are completely removed from the Jetty section of the PuppetDB config files. This disables serving of HTTPS requests by PuppetDB, which can be useful when SSL handling is offloaded to a reverse proxy server like Apache or Nginx, as suggested in the PuppetDB documentation (see http://docs.puppetlabs.com/puppetdb/1.2/connect_puppet_apply.html#option-a-set-up-an-ssl-proxy-for-puppetdb). 2013-04-09 00:39:04 +02:00			`$ssl_setting_ensure = $disable_ssl ? {`
			`true => 'absent',`
			`default => 'present',`
			`}`

Use ini_file to manage settings, and add validation This commit does the following: * Use the new inifile module to manage puppet.conf * More comprehensive management of config files * Validate database connectivity before applying puppetdb config changes * Validate puppetdb connectivity before applying puppet master config changes * Documentation 2012-09-18 00:26:32 +02:00			`ini_setting {'puppetdb_sslhost':`
(#51) Add option to disable SSL in Jetty This patch introduces the optional parameter $disable_ssl, which defaults to false. If set to true, the settings ssl-host and ssl-port are completely removed from the Jetty section of the PuppetDB config files. This disables serving of HTTPS requests by PuppetDB, which can be useful when SSL handling is offloaded to a reverse proxy server like Apache or Nginx, as suggested in the PuppetDB documentation (see http://docs.puppetlabs.com/puppetdb/1.2/connect_puppet_apply.html#option-a-set-up-an-ssl-proxy-for-puppetdb). 2013-04-09 00:39:04 +02:00			`ensure => $ssl_setting_ensure,`
complies with style guide 2012-09-20 23:46:26 +02:00			`setting => 'ssl-host',`
			`value => $ssl_listen_address,`
Use ini_file to manage settings, and add validation This commit does the following: * Use the new inifile module to manage puppet.conf * More comprehensive management of config files * Validate database connectivity before applying puppetdb config changes * Validate puppetdb connectivity before applying puppet master config changes * Documentation 2012-09-18 00:26:32 +02:00			`}`
complies with style guide 2012-09-20 23:46:26 +02:00
Use ini_file to manage settings, and add validation This commit does the following: * Use the new inifile module to manage puppet.conf * More comprehensive management of config files * Validate database connectivity before applying puppetdb config changes * Validate puppetdb connectivity before applying puppet master config changes * Documentation 2012-09-18 00:26:32 +02:00			`ini_setting {'puppetdb_sslport':`
(#51) Add option to disable SSL in Jetty This patch introduces the optional parameter $disable_ssl, which defaults to false. If set to true, the settings ssl-host and ssl-port are completely removed from the Jetty section of the PuppetDB config files. This disables serving of HTTPS requests by PuppetDB, which can be useful when SSL handling is offloaded to a reverse proxy server like Apache or Nginx, as suggested in the PuppetDB documentation (see http://docs.puppetlabs.com/puppetdb/1.2/connect_puppet_apply.html#option-a-set-up-an-ssl-proxy-for-puppetdb). 2013-04-09 00:39:04 +02:00			`ensure => $ssl_setting_ensure,`
complies with style guide 2012-09-20 23:46:26 +02:00			`setting => 'ssl-port',`
			`value => $ssl_listen_port,`
Use ini_file to manage settings, and add validation This commit does the following: * Use the new inifile module to manage puppet.conf * More comprehensive management of config files * Validate database connectivity before applying puppetdb config changes * Validate puppetdb connectivity before applying puppet master config changes * Documentation 2012-09-18 00:26:32 +02:00			`}`
			`}`