2015-10-14 13:05:45 +02:00
|
|
|
# PRIVATE CLASS - do not use directly
|
|
|
|
class puppetdb::server::puppetdb (
|
|
|
|
$certificate_whitelist_file = $puppetdb::params::certificate_whitelist_file,
|
|
|
|
$certificate_whitelist = $puppetdb::params::certificate_whitelist,
|
|
|
|
$confdir = $puppetdb::params::confdir,
|
2016-04-28 13:39:54 +02:00
|
|
|
$puppetdb_user = $puppetdb::params::puppetdb_user,
|
|
|
|
$puppetdb_group = $puppetdb::params::puppetdb_group,
|
2015-10-14 13:05:45 +02:00
|
|
|
) inherits puppetdb::params {
|
|
|
|
|
2016-05-13 21:23:49 +02:00
|
|
|
$puppetdb_ini = "${confdir}/puppetdb.ini"
|
|
|
|
|
|
|
|
file { $puppetdb_ini:
|
2016-04-28 13:39:54 +02:00
|
|
|
ensure => file,
|
2016-05-13 21:23:49 +02:00
|
|
|
owner => $puppetdb_user,
|
|
|
|
group => $puppetdb_group,
|
|
|
|
mode => '0600',
|
2016-04-28 13:39:54 +02:00
|
|
|
}
|
|
|
|
|
2015-10-14 13:05:45 +02:00
|
|
|
# Set the defaults
|
|
|
|
Ini_setting {
|
2016-05-13 21:23:49 +02:00
|
|
|
path => $puppetdb_ini,
|
2015-10-14 13:05:45 +02:00
|
|
|
ensure => present,
|
|
|
|
section => 'puppetdb',
|
2016-05-13 21:23:49 +02:00
|
|
|
require => File[$puppetdb_ini],
|
2015-10-14 13:05:45 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
$certificate_whitelist_setting_ensure = empty($certificate_whitelist) ? {
|
|
|
|
true => 'absent',
|
|
|
|
default => 'present',
|
|
|
|
}
|
|
|
|
|
|
|
|
# accept connections only from puppet master
|
|
|
|
ini_setting {'puppetdb-connections-from-master-only':
|
|
|
|
ensure => $certificate_whitelist_setting_ensure,
|
|
|
|
section => 'puppetdb',
|
|
|
|
setting => 'certificate-whitelist',
|
|
|
|
value => $certificate_whitelist_file,
|
|
|
|
}
|
|
|
|
|
|
|
|
file { $certificate_whitelist_file:
|
|
|
|
ensure => $certificate_whitelist_setting_ensure,
|
|
|
|
content => template('puppetdb/certificate-whitelist.erb'),
|
|
|
|
mode => '0644',
|
|
|
|
owner => 0,
|
|
|
|
group => 0,
|
|
|
|
}
|
|
|
|
}
|