opuppet/module-puppetdb
5
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Make database validation optional

Browse source
This commit is contained in:
Robin Bowes 2014-12-16 09:08:35 +00:00
parent cb71baa1e9
commit 1a5a4efef5
6 changed files with 61 additions and 32 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
README.md
View file

@ -253,6 +253,10 @@ The name of the database instance to connect to (defaults to `puppetdb`; ignored
If true, puppetdb will use SSL to connect to the postgres database (defaults to false; ignored for `embedded` db).
Setting up proper trust- and keystores has to be managed outside of the puppetdb module.
####`database_validate`
If true, the module will attempt to connect to the database using the specified settings and fail if it is not able to do so. (defaults to true)
####`node_ttl`
The length of time a node can go without receiving any new data before it's automatically deactivated. (defaults to '0', which disables auto-deactivation). This option is supported in PuppetDB >= 1.1.0.

4
manifests/init.pp
View file

@ -27,6 +27,7 @@ class puppetdb (
$database_name = $puppetdb::params::database_name,
$database_ssl = $puppetdb::params::database_ssl,
$database_listen_address = $puppetdb::params::postgres_listen_addresses,
$database_validate = $puppetdb::params::database_validate,
$node_ttl = $puppetdb::params::node_ttl,
$node_purge_ttl = $puppetdb::params::node_purge_ttl,
$report_ttl = $puppetdb::params::report_ttl,
@ -48,6 +49,7 @@ class puppetdb (
$read_database_password = $puppetdb::params::read_database_password,
$read_database_name = $puppetdb::params::read_database_name,
$read_database_ssl = $puppetdb::params::read_database_ssl,
$read_database_validate = $puppetdb::params::read_database_validate,
$read_log_slow_statements = $puppetdb::params::read_log_slow_statements,
$read_conn_max_age = $puppetdb::params::read_conn_max_age,
$read_conn_keep_alive = $puppetdb::params::read_conn_keep_alive,
@ -83,6 +85,7 @@ class puppetdb (
database_password => $database_password,
database_name => $database_name,
database_ssl => $database_ssl,
database_validate => $database_validate,
node_ttl => $node_ttl,
node_purge_ttl => $node_purge_ttl,
report_ttl => $report_ttl,
@ -105,6 +108,7 @@ class puppetdb (
read_database_password => $read_database_password,
read_database_name => $read_database_name,
read_database_ssl => $read_database_ssl,
read_database_validate => $read_database_validate,
read_log_slow_statements => $read_log_slow_statements,
read_conn_max_age => $read_conn_max_age,
read_conn_keep_alive => $read_conn_keep_alive,

3
manifests/params.pp
View file

@ -22,6 +22,7 @@ class puppetdb::params {
$database_username = 'puppetdb'
$database_password = 'puppetdb'
$database_ssl = false
$database_validate = true
# These settings manage the various auto-deactivation and auto-purge settings
$node_ttl = '0s'
@ -47,6 +48,7 @@ class puppetdb::params {
$read_database_username = 'puppetdb'
$read_database_password = 'puppetdb'
$read_database_ssl = false
$read_database_validate = true
$read_log_slow_statements = '10'
$read_conn_max_age = '60'
$read_conn_keep_alive = '45'
@ -98,4 +100,5 @@ class puppetdb::params {
$ssl_key = undef
$ssl_cert = undef
$ssl_ca_cert = undef
}

4
manifests/server.pp
View file

@ -24,6 +24,7 @@ class puppetdb::server (
$database_password = $puppetdb::params::database_password,
$database_name = $puppetdb::params::database_name,
$database_ssl = $puppetdb::params::database_ssl,
$database_validate = $puppetdb::params::database_validate,
$node_ttl = $puppetdb::params::node_ttl,
$node_purge_ttl = $puppetdb::params::node_purge_ttl,
$report_ttl = $puppetdb::params::report_ttl,
@ -45,6 +46,7 @@ class puppetdb::server (
$read_database_password = $puppetdb::params::read_database_password,
$read_database_name = $puppetdb::params::read_database_name,
$read_database_ssl = $puppetdb::params::read_database_ssl,
$read_database_validate = $puppetdb::params::read_database_validate,
$read_log_slow_statements = $puppetdb::params::read_log_slow_statements,
$read_conn_max_age = $puppetdb::params::read_conn_max_age,
$read_conn_keep_alive = $puppetdb::params::read_conn_keep_alive,
@ -122,6 +124,7 @@ class puppetdb::server (
database_password => $database_password,
database_name => $database_name,
database_ssl => $database_ssl,
database_validate => $database_validate,
node_ttl => $node_ttl,
node_purge_ttl => $node_purge_ttl,
report_ttl => $report_ttl,
@ -142,6 +145,7 @@ class puppetdb::server (
database_password => $read_database_password,
database_name => $read_database_name,
database_ssl => $read_database_ssl,
database_validate => $read_database_validate,
log_slow_statements => $read_log_slow_statements,
conn_max_age => $read_conn_max_age,
conn_keep_alive => $read_conn_keep_alive,

39
manifests/server/database_ini.pp
View file

@ -7,6 +7,7 @@ class puppetdb::server::database_ini (
$database_password = $puppetdb::params::database_password,
$database_name = $puppetdb::params::database_name,
$database_ssl = $puppetdb::params::database_ssl,
$database_validate = $puppetdb::params::database_validate,
$node_ttl = $puppetdb::params::node_ttl,
$node_purge_ttl = $puppetdb::params::node_purge_ttl,
$report_ttl = $puppetdb::params::report_ttl,
@ -18,29 +19,35 @@ class puppetdb::server::database_ini (
$confdir = $puppetdb::params::confdir,
) inherits puppetdb::params {
# Validate the database connection. If we can't connect, we want to fail
# and skip the rest of the configuration, so that we don't leave puppetdb
# in a broken state.
#
# NOTE:
# Because of a limitation in the postgres module this will break with
# a duplicate declaration if read and write database host+name are the
# same.
class { 'puppetdb::server::validate_db':
database => $database,
database_host => $database_host,
database_port => $database_port,
database_username => $database_username,
database_password => $database_password,
database_name => $database_name,
if str2bool($database_validate) {
# Validate the database connection. If we can't connect, we want to fail
# and skip the rest of the configuration, so that we don't leave puppetdb
# in a broken state.
#
# NOTE:
# Because of a limitation in the postgres module this will break with
# a duplicate declaration if read and write database host+name are the
# same.
class { 'puppetdb::server::validate_db':
database => $database,
database_host => $database_host,
database_port => $database_port,
database_username => $database_username,
database_password => $database_password,
database_name => $database_name,
}
}
$ini_setting_require = str2bool($database_validate) ? {
false => undef,
default => Class['puppetdb::server::validate_db'],
}
# Set the defaults
Ini_setting {
path => "${confdir}/database.ini",
ensure => present,
section => 'database',
require => Class['puppetdb::server::validate_db'],
require => $ini_setting_require
}
if $database == 'embedded' {

39
manifests/server/read_database_ini.pp
View file

@ -7,6 +7,7 @@ class puppetdb::server::read_database_ini (
$database_password = $puppetdb::params::read_database_password,
$database_name = $puppetdb::params::read_database_name,
$database_ssl = $puppetdb::params::read_database_ssl,
$database_validate = $puppetdb::params::read_database_validate,
$log_slow_statements = $puppetdb::params::read_log_slow_statements,
$conn_max_age = $puppetdb::params::read_conn_max_age,
$conn_keep_alive = $puppetdb::params::read_conn_keep_alive,
@ -18,21 +19,23 @@ class puppetdb::server::read_database_ini (
# Only add the read database configuration if database host is defined.
if $database_host != undef {
# Validate the database connection. If we can't connect, we want to fail
# and skip the rest of the configuration, so that we don't leave puppetdb
# in a broken state.
#
# NOTE:
# Because of a limitation in the postgres module this will break with
# a duplicate declaration if read and write database host+name are the
# same.
class { 'puppetdb::server::validate_read_db':
database => $database,
database_host => $database_host,
database_port => $database_port,
database_username => $database_username,
database_password => $database_password,
database_name => $database_name,
if str2bool($database_validate) {
# Validate the database connection. If we can't connect, we want to fail
# and skip the rest of the configuration, so that we don't leave puppetdb
# in a broken state.
#
# NOTE:
# Because of a limitation in the postgres module this will break with
# a duplicate declaration if read and write database host+name are the
# same.
class { 'puppetdb::server::validate_read_db':
database => $database,
database_host => $database_host,
database_port => $database_port,
database_username => $database_username,
database_password => $database_password,
database_name => $database_name,
}
}
file { "${confdir}/read_database.ini":
@ -42,12 +45,16 @@ class puppetdb::server::read_database_ini (
mode => '0600';
}
$ini_setting_require = str2bool($database_validate) ? {
false => undef,
default => Class['puppetdb::server::validate_read_db'],
}
# Set the defaults
Ini_setting {
path => "${confdir}/read_database.ini",
ensure => present,
section => 'read-database',
require => Class['puppetdb::server::validate_db'],
require => $ini_setting_require,
}
if $database == 'postgres' {