(PDB-1415) Add jdbc_ssl_properties parameter
This commit is contained in:
Russell Mull
parent
908c8a82a0
commit
28d23d5a9e
7 changed files with 367 additions and 204 deletions
14
README.md
14
README.md
|
|
@ -290,11 +290,23 @@ The password for the database user (defaults to `puppetdb`; ignored for `embedde
|
|||
|
||||
The name of the database instance to connect to (defaults to `puppetdb`; ignored for `embedded` db).
|
||||
|
||||
####`database_ssl`
|
||||
####`database_ssl` (DEPRECATED)
|
||||
|
||||
If true, puppetdb will use SSL to connect to the postgres database (defaults to false; ignored for `embedded` db).
|
||||
Setting up proper trust- and keystores has to be managed outside of the puppetdb module.
|
||||
|
||||
This parameter is deprecated and will be retired in a future release. Please use
|
||||
the `jdbc_ssl_properties` parameter with the value `?ssl=true`.
|
||||
|
||||
####`jdbc_ssl_properties`
|
||||
|
||||
The text to append to the JDBC connection URI. This should begin with a '?'
|
||||
character. For example, to use SSL for the PostgreSQL connection, set this
|
||||
parameter's value to `?ssl=true`.
|
||||
|
||||
This setting is only available when using PostgreSQL; when using HyperSQL (the
|
||||
'embedded' database), it does nothing.
|
||||
|
||||
####`database_validate`
|
||||
|
||||
If true, the module will attempt to connect to the database using the specified settings and fail if it is not able to do so. (defaults to true)
|
||||
|
|
|
|||
|
|
@ -1,129 +1,133 @@
|
|||
# All in one class for setting up a PuppetDB instance. See README.md for more
|
||||
# details.
|
||||
class puppetdb (
|
||||
$listen_address = $puppetdb::params::listen_address,
|
||||
$listen_port = $puppetdb::params::listen_port,
|
||||
$open_listen_port = $puppetdb::params::open_listen_port,
|
||||
$ssl_listen_address = $puppetdb::params::ssl_listen_address,
|
||||
$ssl_listen_port = $puppetdb::params::ssl_listen_port,
|
||||
$disable_ssl = $puppetdb::params::disable_ssl,
|
||||
$open_ssl_listen_port = $puppetdb::params::open_ssl_listen_port,
|
||||
$ssl_dir = $puppetdb::params::ssl_dir,
|
||||
$ssl_set_cert_paths = $puppetdb::params::ssl_set_cert_paths,
|
||||
$ssl_cert_path = $puppetdb::params::ssl_cert_path,
|
||||
$ssl_key_path = $puppetdb::params::ssl_key_path,
|
||||
$ssl_ca_cert_path = $puppetdb::params::ssl_ca_cert_path,
|
||||
$ssl_deploy_certs = $puppetdb::params::ssl_deploy_certs,
|
||||
$ssl_key = $puppetdb::params::ssl_key,
|
||||
$ssl_cert = $puppetdb::params::ssl_cert,
|
||||
$ssl_ca_cert = $puppetdb::params::ssl_ca_cert,
|
||||
$ssl_protocols = $puppetdb::params::ssl_protocols,
|
||||
$manage_dbserver = $puppetdb::params::manage_dbserver,
|
||||
$manage_package_repo = $puppetdb::params::manage_pg_repo,
|
||||
$postgres_version = $puppetdb::params::postgres_version,
|
||||
$database = $puppetdb::params::database,
|
||||
$database_host = $puppetdb::params::database_host,
|
||||
$database_port = $puppetdb::params::database_port,
|
||||
$database_username = $puppetdb::params::database_username,
|
||||
$database_password = $puppetdb::params::database_password,
|
||||
$database_name = $puppetdb::params::database_name,
|
||||
$database_ssl = $puppetdb::params::database_ssl,
|
||||
$database_listen_address = $puppetdb::params::postgres_listen_addresses,
|
||||
$database_validate = $puppetdb::params::database_validate,
|
||||
$database_embedded_path = $puppetdb::params::database_embedded_path,
|
||||
$node_ttl = $puppetdb::params::node_ttl,
|
||||
$node_purge_ttl = $puppetdb::params::node_purge_ttl,
|
||||
$report_ttl = $puppetdb::params::report_ttl,
|
||||
$gc_interval = $puppetdb::params::gc_interval,
|
||||
$log_slow_statements = $puppetdb::params::log_slow_statements,
|
||||
$conn_max_age = $puppetdb::params::conn_max_age,
|
||||
$conn_keep_alive = $puppetdb::params::conn_keep_alive,
|
||||
$conn_lifetime = $puppetdb::params::conn_lifetime,
|
||||
$puppetdb_package = $puppetdb::params::puppetdb_package,
|
||||
$puppetdb_service = $puppetdb::params::puppetdb_service,
|
||||
$puppetdb_service_status = $puppetdb::params::puppetdb_service_status,
|
||||
$puppetdb_user = $puppetdb::params::puppetdb_user,
|
||||
$puppetdb_group = $puppetdb::params::puppetdb_group,
|
||||
$read_database = $puppetdb::params::read_database,
|
||||
$read_database_host = $puppetdb::params::read_database_host,
|
||||
$read_database_port = $puppetdb::params::read_database_port,
|
||||
$read_database_username = $puppetdb::params::read_database_username,
|
||||
$read_database_password = $puppetdb::params::read_database_password,
|
||||
$read_database_name = $puppetdb::params::read_database_name,
|
||||
$read_database_ssl = $puppetdb::params::read_database_ssl,
|
||||
$read_database_validate = $puppetdb::params::read_database_validate,
|
||||
$read_log_slow_statements = $puppetdb::params::read_log_slow_statements,
|
||||
$read_conn_max_age = $puppetdb::params::read_conn_max_age,
|
||||
$read_conn_keep_alive = $puppetdb::params::read_conn_keep_alive,
|
||||
$read_conn_lifetime = $puppetdb::params::read_conn_lifetime,
|
||||
$confdir = $puppetdb::params::confdir,
|
||||
$manage_firewall = $puppetdb::params::manage_firewall,
|
||||
$java_args = $puppetdb::params::java_args,
|
||||
$max_threads = $puppetdb::params::max_threads,
|
||||
$command_threads = $puppetdb::params::command_threads,
|
||||
$store_usage = $puppetdb::params::store_usage,
|
||||
$temp_usage = $puppetdb::params::temp_usage
|
||||
$listen_address = $puppetdb::params::listen_address,
|
||||
$listen_port = $puppetdb::params::listen_port,
|
||||
$open_listen_port = $puppetdb::params::open_listen_port,
|
||||
$ssl_listen_address = $puppetdb::params::ssl_listen_address,
|
||||
$ssl_listen_port = $puppetdb::params::ssl_listen_port,
|
||||
$disable_ssl = $puppetdb::params::disable_ssl,
|
||||
$open_ssl_listen_port = $puppetdb::params::open_ssl_listen_port,
|
||||
$ssl_dir = $puppetdb::params::ssl_dir,
|
||||
$ssl_set_cert_paths = $puppetdb::params::ssl_set_cert_paths,
|
||||
$ssl_cert_path = $puppetdb::params::ssl_cert_path,
|
||||
$ssl_key_path = $puppetdb::params::ssl_key_path,
|
||||
$ssl_ca_cert_path = $puppetdb::params::ssl_ca_cert_path,
|
||||
$ssl_deploy_certs = $puppetdb::params::ssl_deploy_certs,
|
||||
$ssl_key = $puppetdb::params::ssl_key,
|
||||
$ssl_cert = $puppetdb::params::ssl_cert,
|
||||
$ssl_ca_cert = $puppetdb::params::ssl_ca_cert,
|
||||
$ssl_protocols = $puppetdb::params::ssl_protocols,
|
||||
$manage_dbserver = $puppetdb::params::manage_dbserver,
|
||||
$manage_package_repo = $puppetdb::params::manage_pg_repo,
|
||||
$postgres_version = $puppetdb::params::postgres_version,
|
||||
$database = $puppetdb::params::database,
|
||||
$database_host = $puppetdb::params::database_host,
|
||||
$database_port = $puppetdb::params::database_port,
|
||||
$database_username = $puppetdb::params::database_username,
|
||||
$database_password = $puppetdb::params::database_password,
|
||||
$database_name = $puppetdb::params::database_name,
|
||||
$database_ssl = $puppetdb::params::database_ssl,
|
||||
$jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties,
|
||||
$database_listen_address = $puppetdb::params::postgres_listen_addresses,
|
||||
$database_validate = $puppetdb::params::database_validate,
|
||||
$database_embedded_path = $puppetdb::params::database_embedded_path,
|
||||
$node_ttl = $puppetdb::params::node_ttl,
|
||||
$node_purge_ttl = $puppetdb::params::node_purge_ttl,
|
||||
$report_ttl = $puppetdb::params::report_ttl,
|
||||
$gc_interval = $puppetdb::params::gc_interval,
|
||||
$log_slow_statements = $puppetdb::params::log_slow_statements,
|
||||
$conn_max_age = $puppetdb::params::conn_max_age,
|
||||
$conn_keep_alive = $puppetdb::params::conn_keep_alive,
|
||||
$conn_lifetime = $puppetdb::params::conn_lifetime,
|
||||
$puppetdb_package = $puppetdb::params::puppetdb_package,
|
||||
$puppetdb_service = $puppetdb::params::puppetdb_service,
|
||||
$puppetdb_service_status = $puppetdb::params::puppetdb_service_status,
|
||||
$puppetdb_user = $puppetdb::params::puppetdb_user,
|
||||
$puppetdb_group = $puppetdb::params::puppetdb_group,
|
||||
$read_database = $puppetdb::params::read_database,
|
||||
$read_database_host = $puppetdb::params::read_database_host,
|
||||
$read_database_port = $puppetdb::params::read_database_port,
|
||||
$read_database_username = $puppetdb::params::read_database_username,
|
||||
$read_database_password = $puppetdb::params::read_database_password,
|
||||
$read_database_name = $puppetdb::params::read_database_name,
|
||||
$read_database_ssl = $puppetdb::params::read_database_ssl,
|
||||
$read_database_jdbc_ssl_properties = $puppetdb::params::read_database_jdbc_ssl_properties,
|
||||
$read_database_validate = $puppetdb::params::read_database_validate,
|
||||
$read_log_slow_statements = $puppetdb::params::read_log_slow_statements,
|
||||
$read_conn_max_age = $puppetdb::params::read_conn_max_age,
|
||||
$read_conn_keep_alive = $puppetdb::params::read_conn_keep_alive,
|
||||
$read_conn_lifetime = $puppetdb::params::read_conn_lifetime,
|
||||
$confdir = $puppetdb::params::confdir,
|
||||
$manage_firewall = $puppetdb::params::manage_firewall,
|
||||
$java_args = $puppetdb::params::java_args,
|
||||
$max_threads = $puppetdb::params::max_threads,
|
||||
$command_threads = $puppetdb::params::command_threads,
|
||||
$store_usage = $puppetdb::params::store_usage,
|
||||
$temp_usage = $puppetdb::params::temp_usage
|
||||
) inherits puppetdb::params {
|
||||
|
||||
class { '::puppetdb::server':
|
||||
listen_address => $listen_address,
|
||||
listen_port => $listen_port,
|
||||
open_listen_port => $open_listen_port,
|
||||
ssl_listen_address => $ssl_listen_address,
|
||||
ssl_listen_port => $ssl_listen_port,
|
||||
disable_ssl => $disable_ssl,
|
||||
open_ssl_listen_port => $open_ssl_listen_port,
|
||||
ssl_dir => $ssl_dir,
|
||||
ssl_set_cert_paths => $ssl_set_cert_paths,
|
||||
ssl_cert_path => $ssl_cert_path,
|
||||
ssl_key_path => $ssl_key_path,
|
||||
ssl_ca_cert_path => $ssl_ca_cert_path,
|
||||
ssl_deploy_certs => $ssl_deploy_certs,
|
||||
ssl_key => $ssl_key,
|
||||
ssl_cert => $ssl_cert,
|
||||
ssl_ca_cert => $ssl_ca_cert,
|
||||
ssl_protocols => $ssl_protocols,
|
||||
database => $database,
|
||||
database_host => $database_host,
|
||||
database_port => $database_port,
|
||||
database_username => $database_username,
|
||||
database_password => $database_password,
|
||||
database_name => $database_name,
|
||||
database_ssl => $database_ssl,
|
||||
database_validate => $database_validate,
|
||||
database_embedded_path => $database_embedded_path,
|
||||
node_ttl => $node_ttl,
|
||||
node_purge_ttl => $node_purge_ttl,
|
||||
report_ttl => $report_ttl,
|
||||
gc_interval => $gc_interval,
|
||||
log_slow_statements => $log_slow_statements,
|
||||
conn_max_age => $conn_max_age,
|
||||
conn_keep_alive => $conn_keep_alive,
|
||||
conn_lifetime => $conn_lifetime,
|
||||
puppetdb_package => $puppetdb_package,
|
||||
puppetdb_service => $puppetdb_service,
|
||||
puppetdb_service_status => $puppetdb_service_status,
|
||||
confdir => $confdir,
|
||||
java_args => $java_args,
|
||||
max_threads => $max_threads,
|
||||
read_database => $read_database,
|
||||
read_database_host => $read_database_host,
|
||||
read_database_port => $read_database_port,
|
||||
read_database_username => $read_database_username,
|
||||
read_database_password => $read_database_password,
|
||||
read_database_name => $read_database_name,
|
||||
read_database_ssl => $read_database_ssl,
|
||||
read_database_validate => $read_database_validate,
|
||||
read_log_slow_statements => $read_log_slow_statements,
|
||||
read_conn_max_age => $read_conn_max_age,
|
||||
read_conn_keep_alive => $read_conn_keep_alive,
|
||||
read_conn_lifetime => $read_conn_lifetime,
|
||||
puppetdb_user => $puppetdb_user,
|
||||
puppetdb_group => $puppetdb_group,
|
||||
manage_firewall => $manage_firewall,
|
||||
command_threads => $command_threads,
|
||||
store_usage => $store_usage,
|
||||
temp_usage => $temp_usage,
|
||||
listen_address => $listen_address,
|
||||
listen_port => $listen_port,
|
||||
open_listen_port => $open_listen_port,
|
||||
ssl_listen_address => $ssl_listen_address,
|
||||
ssl_listen_port => $ssl_listen_port,
|
||||
disable_ssl => $disable_ssl,
|
||||
open_ssl_listen_port => $open_ssl_listen_port,
|
||||
ssl_dir => $ssl_dir,
|
||||
ssl_set_cert_paths => $ssl_set_cert_paths,
|
||||
ssl_cert_path => $ssl_cert_path,
|
||||
ssl_key_path => $ssl_key_path,
|
||||
ssl_ca_cert_path => $ssl_ca_cert_path,
|
||||
ssl_deploy_certs => $ssl_deploy_certs,
|
||||
ssl_key => $ssl_key,
|
||||
ssl_cert => $ssl_cert,
|
||||
ssl_ca_cert => $ssl_ca_cert,
|
||||
ssl_protocols => $ssl_protocols,
|
||||
database => $database,
|
||||
database_host => $database_host,
|
||||
database_port => $database_port,
|
||||
database_username => $database_username,
|
||||
database_password => $database_password,
|
||||
database_name => $database_name,
|
||||
database_ssl => $database_ssl,
|
||||
jdbc_ssl_properties => $jdbc_ssl_properties,
|
||||
database_validate => $database_validate,
|
||||
database_embedded_path => $database_embedded_path,
|
||||
node_ttl => $node_ttl,
|
||||
node_purge_ttl => $node_purge_ttl,
|
||||
report_ttl => $report_ttl,
|
||||
gc_interval => $gc_interval,
|
||||
log_slow_statements => $log_slow_statements,
|
||||
conn_max_age => $conn_max_age,
|
||||
conn_keep_alive => $conn_keep_alive,
|
||||
conn_lifetime => $conn_lifetime,
|
||||
puppetdb_package => $puppetdb_package,
|
||||
puppetdb_service => $puppetdb_service,
|
||||
puppetdb_service_status => $puppetdb_service_status,
|
||||
confdir => $confdir,
|
||||
java_args => $java_args,
|
||||
max_threads => $max_threads,
|
||||
read_database => $read_database,
|
||||
read_database_host => $read_database_host,
|
||||
read_database_port => $read_database_port,
|
||||
read_database_username => $read_database_username,
|
||||
read_database_password => $read_database_password,
|
||||
read_database_name => $read_database_name,
|
||||
read_database_ssl => $read_database_ssl,
|
||||
read_database_jdbc_ssl_properties => $read_database_jdbc_ssl_properties,
|
||||
read_database_validate => $read_database_validate,
|
||||
read_log_slow_statements => $read_log_slow_statements,
|
||||
read_conn_max_age => $read_conn_max_age,
|
||||
read_conn_keep_alive => $read_conn_keep_alive,
|
||||
read_conn_lifetime => $read_conn_lifetime,
|
||||
puppetdb_user => $puppetdb_user,
|
||||
puppetdb_group => $puppetdb_group,
|
||||
manage_firewall => $manage_firewall,
|
||||
command_threads => $command_threads,
|
||||
store_usage => $store_usage,
|
||||
temp_usage => $temp_usage,
|
||||
}
|
||||
|
||||
if ($database == 'postgres') {
|
||||
|
|
|
|||
|
|
@ -19,13 +19,14 @@ class puppetdb::params inherits puppetdb::globals {
|
|||
$postgres_version = '9.4'
|
||||
|
||||
# The remaining database settings are not used for an embedded database
|
||||
$database_host = 'localhost'
|
||||
$database_port = '5432'
|
||||
$database_name = 'puppetdb'
|
||||
$database_username = 'puppetdb'
|
||||
$database_password = 'puppetdb'
|
||||
$database_ssl = false
|
||||
$database_validate = true
|
||||
$database_host = 'localhost'
|
||||
$database_port = '5432'
|
||||
$database_name = 'puppetdb'
|
||||
$database_username = 'puppetdb'
|
||||
$database_password = 'puppetdb'
|
||||
$database_ssl = undef
|
||||
$jdbc_ssl_properties = ''
|
||||
$database_validate = true
|
||||
|
||||
# These settings manage the various auto-deactivation and auto-purge settings
|
||||
$node_ttl = '0s'
|
||||
|
|
@ -42,18 +43,19 @@ class puppetdb::params inherits puppetdb::globals {
|
|||
$max_threads = undef
|
||||
|
||||
# These settings are for the read database
|
||||
$read_database = 'postgres'
|
||||
$read_database_host = undef
|
||||
$read_database_port = '5432'
|
||||
$read_database_name = 'puppetdb'
|
||||
$read_database_username = 'puppetdb'
|
||||
$read_database_password = 'puppetdb'
|
||||
$read_database_ssl = false
|
||||
$read_database_validate = true
|
||||
$read_log_slow_statements = '10'
|
||||
$read_conn_max_age = '60'
|
||||
$read_conn_keep_alive = '45'
|
||||
$read_conn_lifetime = '0'
|
||||
$read_database = 'postgres'
|
||||
$read_database_host = undef
|
||||
$read_database_port = '5432'
|
||||
$read_database_name = 'puppetdb'
|
||||
$read_database_username = 'puppetdb'
|
||||
$read_database_password = 'puppetdb'
|
||||
$read_database_ssl = undef
|
||||
$read_database_jdbc_ssl_properties = ''
|
||||
$read_database_validate = true
|
||||
$read_log_slow_statements = '10'
|
||||
$read_conn_max_age = '60'
|
||||
$read_conn_keep_alive = '45'
|
||||
$read_conn_lifetime = '0'
|
||||
|
||||
$manage_firewall = true
|
||||
$java_args = {}
|
||||
|
|
|
|||
|
|
@ -1,64 +1,74 @@
|
|||
# Class to configure a PuppetDB server. See README.md for more details.
|
||||
class puppetdb::server (
|
||||
$listen_address = $puppetdb::params::listen_address,
|
||||
$listen_port = $puppetdb::params::listen_port,
|
||||
$open_listen_port = $puppetdb::params::open_listen_port,
|
||||
$ssl_listen_address = $puppetdb::params::ssl_listen_address,
|
||||
$ssl_listen_port = $puppetdb::params::ssl_listen_port,
|
||||
$disable_ssl = $puppetdb::params::disable_ssl,
|
||||
$open_ssl_listen_port = $puppetdb::params::open_ssl_listen_port,
|
||||
$ssl_dir = $puppetdb::params::ssl_dir,
|
||||
$ssl_set_cert_paths = $puppetdb::params::ssl_set_cert_paths,
|
||||
$ssl_cert_path = $puppetdb::params::ssl_cert_path,
|
||||
$ssl_key_path = $puppetdb::params::ssl_key_path,
|
||||
$ssl_ca_cert_path = $puppetdb::params::ssl_ca_cert_path,
|
||||
$ssl_deploy_certs = $puppetdb::params::ssl_deploy_certs,
|
||||
$ssl_key = $puppetdb::params::ssl_key,
|
||||
$ssl_cert = $puppetdb::params::ssl_cert,
|
||||
$ssl_ca_cert = $puppetdb::params::ssl_ca_cert,
|
||||
$ssl_protocols = $puppetdb::params::ssl_protocols,
|
||||
$database = $puppetdb::params::database,
|
||||
$database_host = $puppetdb::params::database_host,
|
||||
$database_port = $puppetdb::params::database_port,
|
||||
$database_username = $puppetdb::params::database_username,
|
||||
$database_password = $puppetdb::params::database_password,
|
||||
$database_name = $puppetdb::params::database_name,
|
||||
$database_ssl = $puppetdb::params::database_ssl,
|
||||
$database_validate = $puppetdb::params::database_validate,
|
||||
$database_embedded_path = $puppetdb::params::database_embedded_path,
|
||||
$node_ttl = $puppetdb::params::node_ttl,
|
||||
$node_purge_ttl = $puppetdb::params::node_purge_ttl,
|
||||
$report_ttl = $puppetdb::params::report_ttl,
|
||||
$gc_interval = $puppetdb::params::gc_interval,
|
||||
$log_slow_statements = $puppetdb::params::log_slow_statements,
|
||||
$conn_max_age = $puppetdb::params::conn_max_age,
|
||||
$conn_keep_alive = $puppetdb::params::conn_keep_alive,
|
||||
$conn_lifetime = $puppetdb::params::conn_lifetime,
|
||||
$puppetdb_package = $puppetdb::params::puppetdb_package,
|
||||
$puppetdb_service = $puppetdb::params::puppetdb_service,
|
||||
$puppetdb_service_status = $puppetdb::params::puppetdb_service_status,
|
||||
$puppetdb_user = $puppetdb::params::puppetdb_user,
|
||||
$puppetdb_group = $puppetdb::params::puppetdb_group,
|
||||
$read_database = $puppetdb::params::read_database,
|
||||
$read_database_host = $puppetdb::params::read_database_host,
|
||||
$read_database_port = $puppetdb::params::read_database_port,
|
||||
$read_database_username = $puppetdb::params::read_database_username,
|
||||
$read_database_password = $puppetdb::params::read_database_password,
|
||||
$read_database_name = $puppetdb::params::read_database_name,
|
||||
$read_database_ssl = $puppetdb::params::read_database_ssl,
|
||||
$read_database_validate = $puppetdb::params::read_database_validate,
|
||||
$read_log_slow_statements = $puppetdb::params::read_log_slow_statements,
|
||||
$read_conn_max_age = $puppetdb::params::read_conn_max_age,
|
||||
$read_conn_keep_alive = $puppetdb::params::read_conn_keep_alive,
|
||||
$read_conn_lifetime = $puppetdb::params::read_conn_lifetime,
|
||||
$confdir = $puppetdb::params::confdir,
|
||||
$manage_firewall = $puppetdb::params::manage_firewall,
|
||||
$java_args = $puppetdb::params::java_args,
|
||||
$max_threads = $puppetdb::params::max_threads,
|
||||
$command_threads = $puppetdb::params::command_threads,
|
||||
$store_usage = $puppetdb::params::store_usage,
|
||||
$temp_usage = $puppetdb::params::temp_usage,
|
||||
$listen_address = $puppetdb::params::listen_address,
|
||||
$listen_port = $puppetdb::params::listen_port,
|
||||
$open_listen_port = $puppetdb::params::open_listen_port,
|
||||
$ssl_listen_address = $puppetdb::params::ssl_listen_address,
|
||||
$ssl_listen_port = $puppetdb::params::ssl_listen_port,
|
||||
$disable_ssl = $puppetdb::params::disable_ssl,
|
||||
$open_ssl_listen_port = $puppetdb::params::open_ssl_listen_port,
|
||||
$ssl_dir = $puppetdb::params::ssl_dir,
|
||||
$ssl_set_cert_paths = $puppetdb::params::ssl_set_cert_paths,
|
||||
$ssl_cert_path = $puppetdb::params::ssl_cert_path,
|
||||
$ssl_key_path = $puppetdb::params::ssl_key_path,
|
||||
$ssl_ca_cert_path = $puppetdb::params::ssl_ca_cert_path,
|
||||
$ssl_deploy_certs = $puppetdb::params::ssl_deploy_certs,
|
||||
$ssl_key = $puppetdb::params::ssl_key,
|
||||
$ssl_cert = $puppetdb::params::ssl_cert,
|
||||
$ssl_ca_cert = $puppetdb::params::ssl_ca_cert,
|
||||
$ssl_protocols = $puppetdb::params::ssl_protocols,
|
||||
$database = $puppetdb::params::database,
|
||||
$database_host = $puppetdb::params::database_host,
|
||||
$database_port = $puppetdb::params::database_port,
|
||||
$database_username = $puppetdb::params::database_username,
|
||||
$database_password = $puppetdb::params::database_password,
|
||||
$database_name = $puppetdb::params::database_name,
|
||||
$database_ssl = $puppetdb::params::database_ssl,
|
||||
$jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties,
|
||||
$database_validate = $puppetdb::params::database_validate,
|
||||
$database_embedded_path = $puppetdb::params::database_embedded_path,
|
||||
$node_ttl = $puppetdb::params::node_ttl,
|
||||
$node_purge_ttl = $puppetdb::params::node_purge_ttl,
|
||||
$report_ttl = $puppetdb::params::report_ttl,
|
||||
$gc_interval = $puppetdb::params::gc_interval,
|
||||
$log_slow_statements = $puppetdb::params::log_slow_statements,
|
||||
$conn_max_age = $puppetdb::params::conn_max_age,
|
||||
$conn_keep_alive = $puppetdb::params::conn_keep_alive,
|
||||
$conn_lifetime = $puppetdb::params::conn_lifetime,
|
||||
$puppetdb_package = $puppetdb::params::puppetdb_package,
|
||||
$puppetdb_service = $puppetdb::params::puppetdb_service,
|
||||
$puppetdb_service_status = $puppetdb::params::puppetdb_service_status,
|
||||
$puppetdb_user = $puppetdb::params::puppetdb_user,
|
||||
$puppetdb_group = $puppetdb::params::puppetdb_group,
|
||||
$read_database = $puppetdb::params::read_database,
|
||||
$read_database_host = $puppetdb::params::read_database_host,
|
||||
$read_database_port = $puppetdb::params::read_database_port,
|
||||
$read_database_username = $puppetdb::params::read_database_username,
|
||||
$read_database_password = $puppetdb::params::read_database_password,
|
||||
$read_database_name = $puppetdb::params::read_database_name,
|
||||
$read_database_ssl = $puppetdb::params::read_database_ssl,
|
||||
$read_database_jdbc_ssl_properties = $puppetdb::params::read_database_jdbc_ssl_properties,
|
||||
$read_database_validate = $puppetdb::params::read_database_validate,
|
||||
$read_log_slow_statements = $puppetdb::params::read_log_slow_statements,
|
||||
$read_conn_max_age = $puppetdb::params::read_conn_max_age,
|
||||
$read_conn_keep_alive = $puppetdb::params::read_conn_keep_alive,
|
||||
$read_conn_lifetime = $puppetdb::params::read_conn_lifetime,
|
||||
$confdir = $puppetdb::params::confdir,
|
||||
$manage_firewall = $puppetdb::params::manage_firewall,
|
||||
$java_args = $puppetdb::params::java_args,
|
||||
$max_threads = $puppetdb::params::max_threads,
|
||||
$command_threads = $puppetdb::params::command_threads,
|
||||
$store_usage = $puppetdb::params::store_usage,
|
||||
$temp_usage = $puppetdb::params::temp_usage,
|
||||
) inherits puppetdb::params {
|
||||
# deprecation warnings
|
||||
if $database_ssl != undef {
|
||||
warning('$database_ssl is deprecated and will be removed in the next major release. Please use $jdbc_ssl_properties = "?ssl=true" instead.')
|
||||
}
|
||||
|
||||
if $read_database_ssl != undef {
|
||||
warning('$read_database_ssl is deprecated and will be removed in the next major release. Please use $read_database_jdbc_ssl_properties = "?ssl=true" instead.')
|
||||
}
|
||||
|
||||
# Apply necessary suffix if zero is specified.
|
||||
if $node_ttl == '0' {
|
||||
|
|
@ -137,6 +147,7 @@ class puppetdb::server (
|
|||
database_password => $database_password,
|
||||
database_name => $database_name,
|
||||
database_ssl => $database_ssl,
|
||||
jdbc_ssl_properties => $jdbc_ssl_properties,
|
||||
database_validate => $database_validate,
|
||||
database_embedded_path => $database_embedded_path,
|
||||
node_ttl => $node_ttl,
|
||||
|
|
@ -159,6 +170,7 @@ class puppetdb::server (
|
|||
database_password => $read_database_password,
|
||||
database_name => $read_database_name,
|
||||
database_ssl => $read_database_ssl,
|
||||
jdbc_ssl_properties => $read_database_jdbc_ssl_properties,
|
||||
database_validate => $read_database_validate,
|
||||
log_slow_statements => $read_log_slow_statements,
|
||||
conn_max_age => $read_conn_max_age,
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ class puppetdb::server::database_ini (
|
|||
$database_password = $puppetdb::params::database_password,
|
||||
$database_name = $puppetdb::params::database_name,
|
||||
$database_ssl = $puppetdb::params::database_ssl,
|
||||
$jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties,
|
||||
$database_validate = $puppetdb::params::database_validate,
|
||||
$database_embedded_path = $puppetdb::params::database_embedded_path,
|
||||
$node_ttl = $puppetdb::params::node_ttl,
|
||||
|
|
@ -61,10 +62,17 @@ class puppetdb::server::database_ini (
|
|||
$classname = 'org.postgresql.Driver'
|
||||
$subprotocol = 'postgresql'
|
||||
|
||||
$subname = $database_ssl ? {
|
||||
true => "//${database_host}:${database_port}/${database_name}?ssl=true",
|
||||
default => "//${database_host}:${database_port}/${database_name}",
|
||||
if !empty($jdbc_ssl_properties) {
|
||||
$database_suffix = $jdbc_ssl_properties
|
||||
}
|
||||
elsif $database_ssl {
|
||||
$database_suffix = "?ssl=true"
|
||||
}
|
||||
else {
|
||||
$database_suffix = ''
|
||||
}
|
||||
|
||||
$subname = "//${database_host}:${database_port}/${database_name}${database_suffix}"
|
||||
|
||||
##Only setup for postgres
|
||||
ini_setting {'puppetdb_psdatabase_username':
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ class puppetdb::server::read_database_ini (
|
|||
$database_password = $puppetdb::params::read_database_password,
|
||||
$database_name = $puppetdb::params::read_database_name,
|
||||
$database_ssl = $puppetdb::params::read_database_ssl,
|
||||
$jdbc_ssl_properties = $puppetdb::params::read_database_jdbc_ssl_properties,
|
||||
$database_validate = $puppetdb::params::read_database_validate,
|
||||
$log_slow_statements = $puppetdb::params::read_log_slow_statements,
|
||||
$conn_max_age = $puppetdb::params::read_conn_max_age,
|
||||
|
|
@ -61,10 +62,17 @@ class puppetdb::server::read_database_ini (
|
|||
$classname = 'org.postgresql.Driver'
|
||||
$subprotocol = 'postgresql'
|
||||
|
||||
$subname = $database_ssl ? {
|
||||
true => "//${database_host}:${database_port}/${database_name}?ssl=true",
|
||||
default => "//${database_host}:${database_port}/${database_name}",
|
||||
if !empty($jdbc_ssl_properties) {
|
||||
$database_suffix = $jdbc_ssl_properties
|
||||
}
|
||||
elsif $database_ssl {
|
||||
$database_suffix = "?ssl=true"
|
||||
}
|
||||
else {
|
||||
$database_suffix = ''
|
||||
}
|
||||
|
||||
$subname = "//${database_host}:${database_port}/${database_name}${database_suffix}"
|
||||
|
||||
ini_setting { 'puppetdb_read_psdatabase_username':
|
||||
setting => 'username',
|
||||
|
|
|
|||
117
spec/unit/classes/server/db_connection_uri_spec.rb
Normal file
117
spec/unit/classes/server/db_connection_uri_spec.rb
Normal file
|
|
@ -0,0 +1,117 @@
|
|||
require 'spec_helper'
|
||||
|
||||
describe 'puppetdb::server::database_ini', :type => :class do
|
||||
context 'on a supported platform' do
|
||||
let(:facts) do
|
||||
{
|
||||
:osfamily => 'RedHat',
|
||||
:operatingsystem => 'RedHat',
|
||||
:operatingsystemrelease => '7.0',
|
||||
:fqdn => 'test.domain.local',
|
||||
}
|
||||
end
|
||||
|
||||
describe 'when setting database_ssl flag' do
|
||||
let(:params) do
|
||||
{
|
||||
'database_ssl' => true,
|
||||
}
|
||||
end
|
||||
it { should contain_ini_setting('puppetdb_subname').
|
||||
with(
|
||||
'section' => 'database',
|
||||
'setting' => 'subname',
|
||||
'value' => '//localhost:5432/puppetdb?ssl=true'
|
||||
)}
|
||||
end
|
||||
|
||||
describe 'when passing jdbc subparams' do
|
||||
let(:params) do
|
||||
{
|
||||
'jdbc_ssl_properties' => '?ssl=true',
|
||||
}
|
||||
end
|
||||
it { should contain_ini_setting('puppetdb_subname').
|
||||
with(
|
||||
'section' => 'database',
|
||||
'setting' => 'subname',
|
||||
'value' => '//localhost:5432/puppetdb?ssl=true'
|
||||
)}
|
||||
end
|
||||
|
||||
describe 'when passing both database_ssl and jdbc subparams' do
|
||||
let(:params) do
|
||||
{
|
||||
'database_ssl' => true,
|
||||
'jdbc_ssl_properties' => '?ssl=true&sslmode=verify-full',
|
||||
}
|
||||
end
|
||||
it { should contain_ini_setting('puppetdb_subname').
|
||||
with(
|
||||
'section' => 'database',
|
||||
'setting' => 'subname',
|
||||
'value' => '//localhost:5432/puppetdb?ssl=true&sslmode=verify-full'
|
||||
)}
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe 'puppetdb::server::read_database_ini', :type => :class do
|
||||
context 'on a supported platform' do
|
||||
let(:facts) do
|
||||
{
|
||||
:osfamily => 'RedHat',
|
||||
:operatingsystem => 'RedHat',
|
||||
:operatingsystemrelease => '7.0',
|
||||
:fqdn => 'test.domain.local',
|
||||
}
|
||||
end
|
||||
|
||||
describe 'when setting database_ssl flag' do
|
||||
let(:params) do
|
||||
{
|
||||
# this sets read_database_host
|
||||
'database_host' => 'localhost',
|
||||
'database_ssl' => true,
|
||||
}
|
||||
end
|
||||
it { should contain_ini_setting('puppetdb_read_subname').
|
||||
with(
|
||||
'section' => 'read-database',
|
||||
'setting' => 'subname',
|
||||
'value' => '//localhost:5432/puppetdb?ssl=true'
|
||||
)}
|
||||
end
|
||||
|
||||
describe 'when passing jdbc subparams' do
|
||||
let(:params) do
|
||||
{
|
||||
'database_host' => 'localhost',
|
||||
'jdbc_ssl_properties' => '?ssl=true',
|
||||
}
|
||||
end
|
||||
it { should contain_ini_setting('puppetdb_read_subname').
|
||||
with(
|
||||
'section' => 'read-database',
|
||||
'setting' => 'subname',
|
||||
'value' => '//localhost:5432/puppetdb?ssl=true'
|
||||
)}
|
||||
end
|
||||
|
||||
describe 'when passing both database_ssl and jdbc subparams' do
|
||||
let(:params) do
|
||||
{
|
||||
'database_host' => 'localhost',
|
||||
'database_ssl' => true,
|
||||
'jdbc_ssl_properties' => '?ssl=true&sslmode=verify-full',
|
||||
}
|
||||
end
|
||||
it { should contain_ini_setting('puppetdb_read_subname').
|
||||
with(
|
||||
'section' => 'read-database',
|
||||
'setting' => 'subname',
|
||||
'value' => '//localhost:5432/puppetdb?ssl=true&sslmode=verify-full'
|
||||
)}
|
||||
end
|
||||
end
|
||||
end
|
||||
Loading…
Reference in a new issue