2013-10-21 17:21:12 +02:00
# Class to configure a PuppetDB server. See README. md for more details.
2014-10-07 16:06:54 +02:00
class puppetdb: : server (
2015-09-01 23:27:51 +02:00
$ listen_address = $ puppetdb: : params: : listen_address,
$ listen_port = $ puppetdb: : params: : listen_port,
2015-10-13 19:39:15 +02:00
$d isable_cleartext = $ puppetdb: : params: : disable_cleartext,
2015-09-01 23:27:51 +02:00
$ open_listen_port = $ puppetdb: : params: : open_listen_port,
$ ssl_listen_address = $ puppetdb: : params: : ssl_listen_address,
$ ssl_listen_port = $ puppetdb: : params: : ssl_listen_port,
$d isable_ssl = $ puppetdb: : params: : disable_ssl,
$ open_ssl_listen_port = $ puppetdb: : params: : open_ssl_listen_port,
$ ssl_dir = $ puppetdb: : params: : ssl_dir,
$ ssl_set_cert_paths = $ puppetdb: : params: : ssl_set_cert_paths,
$ ssl_cert_path = $ puppetdb: : params: : ssl_cert_path,
$ ssl_key_path = $ puppetdb: : params: : ssl_key_path,
$ ssl_ca_cert_path = $ puppetdb: : params: : ssl_ca_cert_path,
$ ssl_deploy_certs = $ puppetdb: : params: : ssl_deploy_certs,
$ ssl_key = $ puppetdb: : params: : ssl_key,
$ ssl_cert = $ puppetdb: : params: : ssl_cert,
$ ssl_ca_cert = $ puppetdb: : params: : ssl_ca_cert,
$ ssl_protocols = $ puppetdb: : params: : ssl_protocols,
$da tabase = $ puppetdb: : params: : database,
$da tabase_host = $ puppetdb: : params: : database_host,
$da tabase_port = $ puppetdb: : params: : database_port,
$da tabase_username = $ puppetdb: : params: : database_username,
$da tabase_password = $ puppetdb: : params: : database_password,
$da tabase_name = $ puppetdb: : params: : database_name,
$da tabase_ssl = $ puppetdb: : params: : database_ssl,
$ jdbc_ssl_properties = $ puppetdb: : params: : jdbc_ssl_properties,
$da tabase_validate = $ puppetdb: : params: : database_validate,
$da tabase_embedded_path = $ puppetdb: : params: : database_embedded_path,
$ node_ttl = $ puppetdb: : params: : node_ttl,
$ node_purge_ttl = $ puppetdb: : params: : node_purge_ttl,
$ report_ttl = $ puppetdb: : params: : report_ttl,
$ gc_interval = $ puppetdb: : params: : gc_interval,
$ log_slow_statements = $ puppetdb: : params: : log_slow_statements,
$c onn_max_age = $ puppetdb: : params: : conn_max_age,
$c onn_keep_alive = $ puppetdb: : params: : conn_keep_alive,
$c onn_lifetime = $ puppetdb: : params: : conn_lifetime,
$ puppetdb_package = $ puppetdb: : params: : puppetdb_package,
$ puppetdb_service = $ puppetdb: : params: : puppetdb_service,
$ puppetdb_service_status = $ puppetdb: : params: : puppetdb_service_status,
$ puppetdb_user = $ puppetdb: : params: : puppetdb_user,
$ puppetdb_group = $ puppetdb: : params: : puppetdb_group,
$ read_database = $ puppetdb: : params: : read_database,
$ read_database_host = $ puppetdb: : params: : read_database_host,
$ read_database_port = $ puppetdb: : params: : read_database_port,
$ read_database_username = $ puppetdb: : params: : read_database_username,
$ read_database_password = $ puppetdb: : params: : read_database_password,
$ read_database_name = $ puppetdb: : params: : read_database_name,
$ read_database_ssl = $ puppetdb: : params: : read_database_ssl,
$ read_database_jdbc_ssl_properties = $ puppetdb: : params: : read_database_jdbc_ssl_properties,
$ read_database_validate = $ puppetdb: : params: : read_database_validate,
$ read_log_slow_statements = $ puppetdb: : params: : read_log_slow_statements,
$ read_conn_max_age = $ puppetdb: : params: : read_conn_max_age,
$ read_conn_keep_alive = $ puppetdb: : params: : read_conn_keep_alive,
$ read_conn_lifetime = $ puppetdb: : params: : read_conn_lifetime,
$c onfdir = $ puppetdb: : params: : confdir,
$ manage_firewall = $ puppetdb: : params: : manage_firewall,
$ java_args = $ puppetdb: : params: : java_args,
2015-09-21 23:23:12 +02:00
$ merge_default_java_args = $ puppetdb: : params: : merge_default_java_args,
2015-09-01 23:27:51 +02:00
$ max_threads = $ puppetdb: : params: : max_threads,
$c ommand_threads = $ puppetdb: : params: : command_threads,
$ store_usage = $ puppetdb: : params: : store_usage,
$ temp_usage = $ puppetdb: : params: : temp_usage,
2015-10-14 13:05:45 +02:00
$ce rtificate_whitelist_file = $ puppetdb: : params: : certificate_whitelist_file,
$ce rtificate_whitelist = $ puppetdb: : params: : certificate_whitelist,
2012-06-15 00:04:42 +02:00
) inherits puppetdb: : params {
2015-09-01 23:27:51 +02:00
# deprecation warnings
if $da tabase_ssl ! = undef {
warning( '$database_ssl is deprecated and will be removed in the next major release. Please use $jdbc_ssl_properties = "?ssl=true" instead.' )
}
if $ read_database_ssl ! = undef {
warning( '$read_database_ssl is deprecated and will be removed in the next major release. Please use $read_database_jdbc_ssl_properties = "?ssl=true" instead.' )
}
2012-06-15 00:04:42 +02:00
2013-04-08 23:49:18 +02:00
# Apply necessary suffix if zero is specified.
if $ node_ttl = = '0' {
$ node_ttl_real = '0s'
} else {
$ node_ttl_real = downcase( $ node_ttl)
}
# Validate node_ttl
2013-10-29 17:15:35 +01:00
validate_re ( $ node_ttl_real, [ '^\d+(d|h|m|s|ms)$' ] , "node_ttl is <${node_ttl}> which does not match the regex validation" )
2013-04-08 23:49:18 +02:00
# Apply necessary suffix if zero is specified.
if $ node_purge_ttl = = '0' {
$ node_purge_ttl_real = '0s'
} else {
$ node_purge_ttl_real = downcase( $ node_purge_ttl)
}
# Validate node_purge_ttl
2013-10-29 17:15:35 +01:00
validate_re ( $ node_purge_ttl_real, [ '^\d+(d|h|m|s|ms)$' ] , "node_purge_ttl is <${node_purge_ttl}> which does not match the regex validation" )
2013-04-08 23:49:18 +02:00
# Apply necessary suffix if zero is specified.
if $ report_ttl = = '0' {
$ report_ttl_real = '0s'
} else {
$ report_ttl_real = downcase( $ report_ttl)
}
# Validate report_ttl
2013-10-29 17:15:35 +01:00
validate_re ( $ report_ttl_real, [ '^\d+(d|h|m|s|ms)$' ] , "report_ttl is <${report_ttl}> which does not match the regex validation" )
2013-04-08 23:49:18 +02:00
2013-09-02 11:30:31 +02:00
# Validate puppetdb_service_status
2015-06-18 22:45:51 +02:00
$ service_enabled = $ puppetdb_service_status ? {
/ ( running| true ) / = > true ,
/ ( stopped| false ) / = > false ,
default = > fail( "puppetdb_service_status valid values are 'true', 'running', 'false', and 'stopped'. You provided '${puppetdb_service_status}'" ) ,
2013-09-02 11:30:31 +02:00
}
2015-06-17 21:02:09 +02:00
# Validate database type ( Currently only postgres and embedded are supported)
2014-10-07 16:06:54 +02:00
if ! ( $da tabase in [ 'postgres' , 'embedded' ] ) {
fail( "database must must be 'postgres' or 'embedded'. You provided '${database}'" )
}
2014-08-04 13:06:07 +02:00
# Validate read - database type ( Currently only postgres is supported)
if ! ( $ read_database in [ 'postgres' ] ) {
fail( "read_database must be 'postgres'. You provided '${read_database}'" )
}
2012-09-28 20:03:19 +02:00
package { $ puppetdb_package:
2015-06-18 22:45:51 +02:00
ensure = > $ puppetdb: : params: : puppetdb_version,
2012-09-28 20:03:19 +02:00
notify = > Service[ $ puppetdb_service] ,
2012-09-20 23:46:26 +02:00
}
2012-06-15 00:04:42 +02:00
2014-02-14 07:02:34 +01:00
if $ manage_firewall {
class { 'puppetdb::server::firewall' :
2014-09-05 18:54:54 +02:00
http_port = > $ listen_port,
open_http_port = > $ open_listen_port,
ssl_port = > $ ssl_listen_port,
open_ssl_port = > $ open_ssl_listen_port,
2014-02-14 07:02:34 +01:00
}
2012-09-20 23:46:26 +02:00
}
2012-09-18 02:06:48 +02:00
2015-09-16 00:21:33 +02:00
class { 'puppetdb::server::command_processing' :
2015-04-08 16:29:03 +02:00
command_threads = > $c ommand_threads,
store_usage = > $ store_usage,
temp_usage = > $ temp_usage,
confdir = > $c onfdir,
2015-05-06 14:58:44 +02:00
notify = > Service[ $ puppetdb_service] ,
2015-04-08 16:29:03 +02:00
}
2015-09-16 00:21:33 +02:00
class { 'puppetdb::server::database' :
2015-06-10 13:46:54 +02:00
database = > $da tabase,
database_host = > $da tabase_host,
database_port = > $da tabase_port,
database_username = > $da tabase_username,
database_password = > $da tabase_password,
database_name = > $da tabase_name,
database_ssl = > $da tabase_ssl,
2015-09-01 23:27:51 +02:00
jdbc_ssl_properties = > $ jdbc_ssl_properties,
2015-06-10 13:46:54 +02:00
database_validate = > $da tabase_validate,
database_embedded_path = > $da tabase_embedded_path,
node_ttl = > $ node_ttl,
node_purge_ttl = > $ node_purge_ttl,
report_ttl = > $ report_ttl,
gc_interval = > $ gc_interval,
log_slow_statements = > $ log_slow_statements,
conn_max_age = > $c onn_max_age,
conn_keep_alive = > $c onn_keep_alive,
conn_lifetime = > $c onn_lifetime,
confdir = > $c onfdir,
notify = > Service[ $ puppetdb_service] ,
2012-09-20 23:46:26 +02:00
}
2012-09-06 16:56:26 +02:00
2015-09-16 00:21:33 +02:00
class { 'puppetdb::server::read_database' :
2014-08-04 13:06:07 +02:00
database = > $ read_database,
database_host = > $ read_database_host,
database_port = > $ read_database_port,
database_username = > $ read_database_username,
database_password = > $ read_database_password,
database_name = > $ read_database_name,
database_ssl = > $ read_database_ssl,
2015-09-01 23:27:51 +02:00
jdbc_ssl_properties = > $ read_database_jdbc_ssl_properties,
2014-12-16 10:08:35 +01:00
database_validate = > $ read_database_validate,
2014-08-04 13:06:07 +02:00
log_slow_statements = > $ read_log_slow_statements,
conn_max_age = > $ read_conn_max_age,
conn_keep_alive = > $ read_conn_keep_alive,
conn_lifetime = > $ read_conn_lifetime,
confdir = > $c onfdir,
notify = > Service[ $ puppetdb_service] ,
}
2015-10-05 22:40:54 +02:00
if str2bool( $ ssl_set_cert_paths) = = true
or str2bool( $ ssl_deploy_certs) = = true {
2014-09-06 01:18:46 +02:00
validate_absolute_path( $ ssl_key_path)
validate_absolute_path( $ ssl_cert_path)
validate_absolute_path( $ ssl_ca_cert_path)
}
if str2bool( $ ssl_deploy_certs) = = true {
validate_absolute_path( $ ssl_dir)
file {
$ ssl_dir:
2014-10-07 16:06:54 +02:00
ensure = > directory,
2014-09-06 01:18:46 +02:00
owner = > $ puppetdb_user,
group = > $ puppetdb_group,
mode = > '0700' ;
$ ssl_key_path:
ensure = > file ,
content = > $ ssl_key,
owner = > $ puppetdb_user,
group = > $ puppetdb_group,
2014-12-18 17:04:56 +01:00
mode = > '0600' ,
notify = > Service[ $ puppetdb_service] ;
2014-09-06 01:18:46 +02:00
$ ssl_cert_path:
ensure = > file ,
content = > $ ssl_cert,
owner = > $ puppetdb_user,
group = > $ puppetdb_group,
2014-12-18 17:04:56 +01:00
mode = > '0600' ,
notify = > Service[ $ puppetdb_service] ;
2014-09-06 01:18:46 +02:00
$ ssl_ca_cert_path:
ensure = > file ,
content = > $ ssl_ca_cert,
owner = > $ puppetdb_user,
group = > $ puppetdb_group,
2014-12-18 17:04:56 +01:00
mode = > '0600' ,
notify = > Service[ $ puppetdb_service] ;
2014-09-06 01:18:46 +02:00
}
}
2015-09-16 00:21:33 +02:00
class { 'puppetdb::server::jetty' :
2014-09-05 18:54:54 +02:00
listen_address = > $ listen_address,
listen_port = > $ listen_port,
2015-10-13 19:39:15 +02:00
disable_cleartext = > $d isable_cleartext,
2014-09-05 18:54:54 +02:00
ssl_listen_address = > $ ssl_listen_address,
ssl_listen_port = > $ ssl_listen_port,
2014-09-06 01:18:46 +02:00
ssl_set_cert_paths = > $ ssl_set_cert_paths,
ssl_key_path = > $ ssl_key_path,
ssl_cert_path = > $ ssl_cert_path,
ssl_ca_cert_path = > $ ssl_ca_cert_path,
2014-11-20 14:29:27 +01:00
ssl_protocols = > $ ssl_protocols,
2014-09-05 18:54:54 +02:00
disable_ssl = > $d isable_ssl,
confdir = > $c onfdir,
max_threads = > $ max_threads,
notify = > Service[ $ puppetdb_service] ,
2012-09-20 23:46:26 +02:00
}
2012-09-06 16:56:26 +02:00
2015-10-14 13:05:45 +02:00
class { 'puppetdb::server::puppetdb' :
certificate_whitelist_file = > $ce rtificate_whitelist_file,
certificate_whitelist = > $ce rtificate_whitelist,
confdir = > $c onfdir,
notify = > Service[ $ puppetdb_service] ,
}
2013-02-15 17:16:36 +01:00
if ! empty( $ java_args) {
2015-09-21 23:23:12 +02:00
if $ merge_default_java_args {
create_resources(
'ini_subsetting' ,
puppetdb_create_subsetting_resource_hash(
2015-10-05 22:40:54 +02:00
$ java_args, {
ensure = > present,
section = > '' ,
key_val_separator = > '=' ,
path = > $ puppetdb: : params: : puppetdb_initconf,
setting = > 'JAVA_ARGS' ,
require = > Package [ $ puppetdb_package] ,
notify = > Service[ $ puppetdb_service] ,
2015-09-21 23:23:12 +02:00
} ) )
} else {
2015-10-05 22:40:54 +02:00
ini_setting { 'java_args' :
ensure = > present,
2015-09-21 23:23:12 +02:00
section = > '' ,
2015-10-05 22:40:54 +02:00
path = > $ puppetdb: : params: : puppetdb_initconf,
2015-09-21 23:23:12 +02:00
setting = > 'JAVA_ARGS' ,
require = > Package [ $ puppetdb_package] ,
2015-10-05 22:40:54 +02:00
notify = > Service[ $ puppetdb_service] ,
value = > puppetdb_flatten_java_args( $ java_args) ,
2015-09-21 23:23:12 +02:00
}
}
2013-02-15 17:16:36 +01:00
}
2012-09-28 20:03:19 +02:00
service { $ puppetdb_service:
2013-09-02 11:30:31 +02:00
ensure = > $ puppetdb_service_status,
enable = > $ service_enabled,
2012-09-20 23:46:26 +02:00
}
2012-09-06 16:56:26 +02:00
2014-09-05 18:54:54 +02:00
if $ manage_firewall {
2014-02-14 07:02:34 +01:00
Package [ $ puppetdb_package] - >
Class [ 'puppetdb::server::firewall' ] - >
2015-09-16 00:21:33 +02:00
Class [ 'puppetdb::server::command_processing' ] - >
Class [ 'puppetdb::server::database' ] - >
Class [ 'puppetdb::server::read_database' ] - >
Class [ 'puppetdb::server::jetty' ] - >
2015-10-14 13:05:45 +02:00
Class [ 'puppetdb::server::puppetdb' ] - >
2014-02-14 07:02:34 +01:00
Service[ $ puppetdb_service]
} else {
Package [ $ puppetdb_package] - >
2015-09-16 00:21:33 +02:00
Class [ 'puppetdb::server::command_processing' ] - >
Class [ 'puppetdb::server::database' ] - >
Class [ 'puppetdb::server::read_database' ] - >
Class [ 'puppetdb::server::jetty' ] - >
2015-10-14 13:05:45 +02:00
Class [ 'puppetdb::server::puppetdb' ] - >
2014-02-14 07:02:34 +01:00
Service[ $ puppetdb_service]
}
2012-09-18 00:26:32 +02:00
}