opuppet/module-puppetdb
5
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

(GH-93) Switch to using puppetlabs-postgresql 3.x

Browse source 
This updates the module to be able to use puppetlabs-postgresql.

Since this change is a major change, it marks this patch as a breaking change.

I have prepared a suitable amount of upgrade notes for upgrading to this later
version of the module plus removed anything marked deprecated.

As cleanup, I've removed the troublesome 'tests' directory in favour of good
README.md documentation. I've also removed any puppet docs from each module
until such times as puppet docs become automated through the forge. This is
just to avoid contributors having to double their efforts - the README.md
is the authority now.

Signed-off-by: Ken Barber <ken@bob.sh>
This commit is contained in:
Ken Barber 2013-10-21 16:21:12 +01:00
parent 3ceca19f30
commit 603df7381d
27 changed files with 318 additions and 613 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.fixtures.yml
View file

@ -4,7 +4,7 @@ fixtures:
stdlib: 'git://github.com/puppetlabs/puppetlabs-stdlib.git'
postgresql:
repo: 'git://github.com/puppetlabs/puppet-postgresql.git'
ref: '2.5.0'
ref: '3.0.0'
firewall: 'git://github.com/puppetlabs/puppetlabs-firewall.git'
apt: 'git://github.com/puppetlabs/puppetlabs-apt.git'
concat: 'git://github.com/ripienaar/puppet-concat.git'

21
.travis.yml
View file

@ -6,35 +6,20 @@ rvm:
- 2.0.0
- ruby-head
env:
- PUPPET_GEM_VERSION="~> 2.6"
- PUPPET_GEM_VERSION="~> 2.7"
- PUPPET_GEM_VERSION="~> 3.0"
- PUPPET_GEM_VERSION="~> 3.1"
- PUPPET_GEM_VERSION="> 3.1"
- PUPPET_GEM_VERSION="~> 3.3"
- PUPPET_GEM_VERSION="> 3.3"
matrix:
allow_failures:
- rvm: 2.0.0
- rvm: ruby-head
exclude:
- rvm: 2.0.0
env: PUPPET_GEM_VERSION="~> 3.1"
- rvm: ruby-head
env: PUPPET_GEM_VERSION="~> 3.1"
- rvm: 2.0.0
env: PUPPET_GEM_VERSION="~> 3.0"
- rvm: ruby-head
env: PUPPET_GEM_VERSION="~> 3.0"
- rvm: 1.9.3
env: PUPPET_GEM_VERSION="~> 2.7"
- rvm: 2.0.0
env: PUPPET_GEM_VERSION="~> 2.7"
- rvm: ruby-head
env: PUPPET_GEM_VERSION="~> 2.7"
- rvm: 1.9.3
env: PUPPET_GEM_VERSION="~> 2.6"
- rvm: 2.0.0
env: PUPPET_GEM_VERSION="~> 2.6"
- rvm: ruby-head
env: PUPPET_GEM_VERSION="~> 2.6"
env: PUPPET_GEM_VERSION="~> 3.3"
notifications:
email: false

209
LICENSE
View file

@ -1,17 +1,202 @@
Puppet Firewall Module - Puppet module for managing Firewalls
Copyright (C) 2011-2013 Puppet Labs, Inc.
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
Puppet Labs can be contacted at: info@puppetlabs.com
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
1. Definitions.
http://www.apache.org/licenses/LICENSE-2.0
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

2
Modulefile
View file

@ -8,6 +8,6 @@ license 'ASL 2.0'
project_page 'https://github.com/puppetlabs/puppetlabs-puppetdb'
dependency 'puppetlabs/inifile', '1.x'
dependency 'puppetlabs/postgresql', '2.x'
dependency 'puppetlabs/postgresql', '>= 3.0.0 <4.0.0'
dependency 'puppetlabs/firewall', '>= 0.0.4'
dependency 'puppetlabs/stdlib', '>= 2.2.0'

5
NOTICE Normal file
View file

@ -0,0 +1,5 @@
Puppet Firewall Module - Puppet module for managing Firewalls
Copyright (C) 2011-2013 Puppet Labs, Inc.
Puppet Labs can be contacted at: info@puppetlabs.com

63
README.md
View file

@ -30,10 +30,10 @@ Setup
**What PuppetDB affects:**
* package/service/configuration files for PuppetDB
* **note**: Using the `database_host` class will cause your routes.yaml file to be overwritten entirely (see **Usage** below for options and more information )
* package/service/configuration files for PostgreSQL (optional, but set as default)
* puppet master's runtime (via plugins)
* puppet master's configuration
* **note**: Using the `puppetdb::master::config` class will cause your routes.yaml file to be overwritten entirely (see **Usage** below for options and more information )
* system firewall (optional)
* listened-to ports
@ -139,6 +139,19 @@ You can also manually trigger puppet runs on the nodes in the correct order (Pos
Upgrading
---------
###Upgrading from 2.x to version 3.x
For this release a major dependency has changed. The module `pupppetlabs/postgresql` must now be version 3.x. Upgrading the module should upgrade the `puppetlabs/postgresql` module for you, but if another module has a fixed dependency that module will have to be fixed before you can continue.
Some other changes include:
* The parameter `manage_redhat_firewall` for the class `puppetdb` has now been removed completely in favor of `open_postgres_port` and `open_ssl_listen_port`.
* The parameter `manage_redhat_firewall` for the class `puppetdb::database::postgresql`, has now been renamed to `manage_firewall`.
* The parameter `manage_redhat_firewall` for the class `puppetdb::server` has now been removed completely in favor of `open_listen_port` and `open_ssl_listen_port`.
* The internal class: `puppetdb::database::postgresql_db` has been removed. If you were using this, it is now defunct.
* The class `puppetdb::server::firewall` has been marked as private, do not use it directly.
* The class `puppetdb::server::jetty_ini` and `puppetdb::server::database_ini` have been marked as private, do not use it directly.
###Upgrading from 1.x to version 2.x
A major dependency has been changed, so now when you upgrade to 2.0 the dependency `cprice404/inifile` has been replaced with `puppetlabs/inifile`. This may interfer with other modules as they may depend on the old `cprice404/inifile` instead, so upgrading should be done with caution. Check that your other modules use the newer `puppetlabs/inifile` module as interoperation with the old `cprice404/inifile` module will no longer be supported by this module.
@ -147,7 +160,6 @@ Depending on how you install your modules, changing the dependency may require m
Otherwise, all existing parameters from 1.x should still work correctly.
Usage
------
@ -271,12 +283,6 @@ The name of the puppetdb service.
Sets whether the service should be running or stopped. When set to stopped the service doesn't start on boot either. Valid values are 'true', 'running', 'false', and 'stopped'.
####`manage_redhat_firewall`
*DEPRECATED: Use open_ssl_listen_port instead.*
Supports a Boolean of true or false, indicating whether or not the module should open a port in the firewall on RedHat-based systems. Defaults to `false`. This parameter is likely to change in future versions. Possible changes include support for non-RedHat systems and finer-grained control over the firewall rule (currently, it simply opens up the postgres port to all TCP connections).
####`confdir`
The puppetdb configuration directory (defaults to `/etc/puppetdb/conf.d`).
@ -363,6 +369,14 @@ Puppet's config file (defaults to `/etc/puppet/puppet.conf`).
The version of the `puppetdb` package that should be installed. You may specify an explicit version number, 'present', or 'latest' (defaults to 'present').
####`terminus_package`
Name of the package to use that represents the PuppetDB terminus code.
####`puppet_service_name`
Name of the service that represents Puppet. You can change this to `apache2` or `httpd` depending on your operating system, if you plan on having Puppet run using Apache/Passenger for example.
####`puppetdb_startup_timeout`
The maximum amount of time that the module should wait for PuppetDB to start up. This is most important during the initial install of PuppetDB (defaults to 15 seconds).
@ -378,10 +392,25 @@ The `puppetdb::database::postgresql` class manages a postgresql server for use b
listen_addresses => 'my.postgres.host.name',
}
The `listen_address` is a comma-separated list of hostnames or IP addresses on which the postgres server should listen for incoming connections. This defaults to `localhost`. This parameter maps directly to postgresql's `listen_addresses` config option; use a '*' to allow connections on any accessible address.
####`listen_addresses`
### puppetdb::database::postgresql_db
The `puppetdb::database::postgresql_db` class sets up the puppetdb database and database user accounts. This is included from the `puppetdb::database::postgresql` class but can be used on its own if you want to use your own classes to configure the postgresql server itself in a way that the `puppetdb::database::postgresql` doesn't support.
The `listen_address` is a comma-separated list of hostnames or IP addresses on which the postgres server should listen for incoming connections. This defaults to `localhost`. This parameter maps directly to postgresql's `listen_addresses` config option; use a `*` to allow connections on any accessible address.
####`manage_firewall`
If set to `true` this will enable open the local firewall for PostgreSQL protocol access. Defaults to `false`.
####`database_name`
Sets the name of the database. Defaults to `puppetdb`.
####`database_username`
Creates a user for access the database. Defaults to `puppetdb`.
####`database_password`
Sets the password for the database user above. Defaults to `puppetdb`.
Implementation
---------------
@ -406,18 +435,6 @@ Configures the puppet master to enable storeconfigs and to use PuppetDB as the s
puppet_conf => '/etc/puppet/puppet.conf'
}
**puppetdb::server::database_ini**
Manages PuppetDB's `database.ini` file.
class { 'puppetdb::server::database_ini':
database_host => 'my.postgres.host',
database_port => '5432',
database_username => 'puppetdb_pguser',
database_password => 'puppetdb_pgpasswd',
database_name => 'puppetdb',
}
**puppetdb::server::validate_db**
Validates that a successful database connection can be established between the node on which this resource is run and the specified puppetdb database instance (host/port/user/password/database name).

82
manifests/database/postgresql.pp
View file

@ -1,78 +1,24 @@
# Class: puppetdb::database::postgresql
#
# This class manages a postgresql server and database instance suitable for use
# with puppetdb. It uses the `inkling/postgresql` puppet module for getting
# the postgres server up and running, and then also for creating the puppetdb
# database instance and user account.
#
# This class is intended as a high-level abstraction to help simplify the process
# of getting your puppetdb postgres server up and running; for maximum
# configurability, you may choose not to use this class. You may prefer to
# use `inkling/postgresql` directly, use a different puppet postgres module,
# or manage your postgres setup on your own. All of these approaches should
# be compatible with puppetdb.
#
# Parameters:
# ['listen_addresses'] - A comma-separated list of hostnames or IP addresses
# on which the postgres server should listen for incoming
# connections. (Defaults to 'localhost'. This parameter
# maps directly to postgresql's 'listen_addresses' config
# option; use a '*' to allow connections on any accessible
# address.
# ['database_name'] - The name of the database instance to connect to.
# (defaults to `puppetdb`)
# ['database_username'] - The name of the database user to connect as.
# (defaults to `puppetdb`)
# ['database_password'] - The password for the database user.
# (defaults to `puppetdb`)
# Actions:
# - Creates and manages a postgres server and database instance for use by
# puppetdb
#
# Requires:
# - `inkling/postgresql`
#
# Sample Usage:
# class { 'puppetdb::database::postgresql':
# listen_addresses => 'my.postgres.host.name',
# }
#
# Class for creating the PuppetDB postgresql database. See README.md for more
# information.
class puppetdb::database::postgresql(
# TODO: expose more of the parameters from `inkling/postgresql`!
$listen_addresses = $puppetdb::params::database_host,
$manage_redhat_firewall = $puppetdb::params::open_postgres_port,
$database_name = $puppetdb::params::database_name,
$database_username = $puppetdb::params::database_username,
$database_password = $puppetdb::params::database_password,
$manage_firewall = $puppetdb::params::open_postgres_port,
$listen_addresses = $puppetdb::params::database_host,
$database_name = $puppetdb::params::database_name,
$database_username = $puppetdb::params::database_username,
$database_password = $puppetdb::params::database_password,
) inherits puppetdb::params {
# This technically defaults to 'true', but in order to preserve backwards
# compatibility with the deprecated 'manage_redhat_firewall' parameter, we
# had to specify 'undef' as the default so that we could tell whether or
# not the user explicitly specified a value. Here's where we're resolving
# that and setting the 'real' default. We should be able to get rid of
# this block when we remove `manage_redhat_firewall`.
if ($manage_redhat_firewall != undef) {
$final_manage_redhat_firewall = $manage_redhat_firewall
} else {
$final_manage_redhat_firewall = true
}
# get the pg server up and running
class { '::postgresql::server':
config_hash => {
# TODO: make this stuff configurable
'ip_mask_allow_all_users' => '0.0.0.0/0',
'listen_addresses' => $listen_addresses,
'manage_redhat_firewall' => $final_manage_redhat_firewall,
},
ip_mask_allow_all_users => '0.0.0.0/0',
listen_addresses => $listen_addresses,
manage_firewall => $manage_firewall,
}
# create the puppetdb database
class { 'puppetdb::database::postgresql_db':
database_name => $database_name,
database_username => $database_username,
database_password => $database_password,
postgresql::server::db { $database_name:
user => $database_username,
password => $database_password,
grant => 'all',
}
}

41
manifests/database/postgresql_db.pp
View file

@ -1,41 +0,0 @@
# Class: puppetdb::database::postgresql_db
#
# This class manages a postgresql database instance suitable for use
# with puppetdb. It uses the `inkling/postgresql` puppet module for
# for creating the puppetdb database instance and user account.
#
# This class is included from the puppetdb::database::postgresql class
# but for maximum configurability, you may choose to use this class directly
# and set up the database server itself using `puppetlabs/postgresql` yourself.
#
# Parameters:
# ['database_name'] - The name of the database instance to connect to.
# (defaults to `puppetdb`)
# ['database_username'] - The name of the database user to connect as.
# (defaults to `puppetdb`)
# ['database_password'] - The password for the database user.
# (defaults to `puppetdb`)
# Actions:
# - Creates and manages a postgres database instance for use by
# puppetdb
#
# Requires:
# - `inkling/postgresql`
#
# Sample Usage:
# include puppetdb::database::postgresql_db
#
class puppetdb::database::postgresql_db(
$database_name = $puppetdb::params::database_name,
$database_username = $puppetdb::params::database_username,
$database_password = $puppetdb::params::database_password,
) inherits puppetdb::params {
# create the puppetdb database
postgresql::db{ $database_name:
user => $database_username,
password => $database_password,
grant => 'all',
require => Class['::postgresql::server'],
}
}

31
manifests/init.pp
View file

@ -1,16 +1,5 @@
# This class provides a simple way to get a puppetdb instance up and running
# with minimal effort. It will install and configure all necessary packages,
# including the database server and instance.
#
# This class is intended as a high-level abstraction to help simplify the process
# of getting your puppetdb server up and running; it wraps the slightly-lower-level
# classes `puppetdb::server` and `puppetdb::database::*`. For maximum
# configurability, you may choose not to use this class. You may prefer to
# use the `puppetdb::server` class directly, or manage your puppetdb setup on your
# own.
#
# In addition to this class, you'll need to configure your puppet master to use
# puppetdb. You can use the `puppetdb::master::config` class to accomplish this.
# All in one class for setting up a PuppetDB instance. See README.md for more
# details.
class puppetdb(
$listen_address = $puppetdb::params::listen_address,
$listen_port = $puppetdb::params::listen_port,
@ -38,7 +27,6 @@ class puppetdb(
$puppetdb_service = $puppetdb::params::puppetdb_service,
$puppetdb_service_status = $puppetdb::params::puppetdb_service_status,
$open_postgres_port = $puppetdb::params::open_postgres_port,
$manage_redhat_firewall = $puppetdb::params::manage_redhat_firewall,
$confdir = $puppetdb::params::confdir,
$java_args = {}
) inherits puppetdb::params {
@ -78,10 +66,6 @@ class puppetdb(
fail("puppetdb_service_status valid values are 'true', 'running', 'false', and 'stopped'. You provided '${puppetdb_service_status}'")
}
if ($manage_redhat_firewall != undef) {
notify {'Deprecation notice: `$manage_redhat_firewall` has been deprecated in `puppetdb` class and will be removed in a future version. Use $open_ssl_listen_port and $open_postgres_port instead.':}
}
class { 'puppetdb::server':
listen_address => $listen_address,
listen_port => $listen_port,
@ -100,22 +84,21 @@ class puppetdb(
node_purge_ttl => $node_purge_ttl,
report_ttl => $report_ttl,
gc_interval => $gc_interval,
log_slow_statements => $log_slow_statements,
conn_max_age => $conn_max_age,
conn_keep_alive => $conn_keep_alive,
conn_lifetime => $conn_lifetime,
puppetdb_package => $puppetdb_package,
puppetdb_version => $puppetdb_version,
puppetdb_service => $puppetdb_service,
puppetdb_service_status => $puppetdb_service_status,
manage_redhat_firewall => $manage_redhat_firewall,
confdir => $confdir,
java_args => $java_args,
}
if ($database == 'postgres') {
class { 'puppetdb::database::postgresql':
manage_redhat_firewall => $manage_redhat_firewall ? {
true => $manage_redhat_firewall,
false => $manage_redhat_firewall,
undef => $open_postgres_port,
},
manage_firewall => $open_postgres_port,
listen_addresses => $puppetdb::params::postgres_listen_addresses,
database_name => $database_name,
database_username => $database_username,

65
manifests/master/config.pp
View file

@ -1,66 +1,4 @@
# Class: puppetdb::master::config
#
# This class configures the puppet master to use puppetdb. This includes installing
# all of the required master-specific puppetdb packages and managing or deploying
# the necessary config files (`puppet.conf`, `routes.yaml`, and `puppetdb.conf`).
#
# ***WARNING***: the default behavior of this module is to overwrite puppet's
# `routes.yaml` file, to configure it to use puppetdb. If you have any custom
# settings in your `routes.yaml` file, you'll want to pass `false` for
# the `manage_routes` parameter and you'll have to manage that file yourself.
#
# Parameters:
# ['puppetdb_server'] - The dns name or ip of the puppetdb server
# (defaults to the certname of the current node)
# ['puppetdb_port'] - The port that the puppetdb server is running on (defaults to 8081)
# ['puppetdb_soft_write_failure'] - Boolean to fail in a soft-manner if PuppetDB is not
# accessable for command submission (defaults to false)
# ['manage_routes'] - If true, the module will overwrite the puppet master's routes
# file to configure it to use puppetdb (defaults to true)
# ['manage_storeconfigs'] - If true, the module will manage the puppet master's
# storeconfig settings (defaults to true)
# ['manage_config'] - If true, the module will store values from puppetdb_server
# and puppetdb_port parameters in the puppetdb configuration file.
# If false, an existing puppetdb configuration file will be used
# to retrieve server and port values.
# ['manage_report_processor'] - If true, the module will manage the 'reports' field
# in the puppet.conf file to enable or disable the puppetdb
# report processor. Defaults to 'false'.
# ['strict_validation'] - If true, the module will fail if puppetdb is not reachable,
# otherwise it will preconfigure puppetdb without checking.
# ['enable_reports'] - Ignored unless 'manage_report_processor' is `true`, in which
# case this setting will determine whether or not the puppetdb
# report processor is enabled (`true`) or disabled (`false`) in
# the puppet.conf file.
# ['puppet_confdir'] - Puppet's config directory; defaults to /etc/puppet
# ['puppet_conf'] - Puppet's config file; defaults to /etc/puppet/puppet.conf
# ['puppetdb_version'] - The version of the `puppetdb` package that should
# be installed. You may specify an explicit version
# number, 'present', or 'latest'. Defaults to
# 'present'.
# ['puppetdb_startup_timeout'] - The maximum amount of time that the module
# should wait for puppetdb to start up; this is most
# important during the initial install of puppetdb.
# Defaults to 15 seconds.
# ['restart_puppet'] - If true, the module will restart the puppet master when
# necessary. The default is 'true'. If set to 'false',
# you must restart the service manually in order to pick
# up changes to the config files (other than `puppet.conf`).
#
# Actions:
# - Configures the puppet master to use puppetdb.
#
# Requires:
# - Inifile
#
# Sample Usage:
# class { 'puppetdb::master::config':
# puppetdb_server => 'my.host.name',
# puppetdb_port => 8081,
# }
#
# TODO: finish porting this to use params
#
# Manage puppet configuration. See README.md for more details.
class puppetdb::master::config(
$puppetdb_server = $::fqdn,
$puppetdb_port = 8081,
@ -159,7 +97,6 @@ class puppetdb::master::config(
if ($manage_routes) {
Class['puppetdb::master::routes'] ~> Service[$puppet_service_name]
}
}
}

29
manifests/master/puppetdb_conf.pp
View file

@ -1,33 +1,10 @@
# == Class: puppetdb::master::puppetdb_conf
#
# This class manages the puppetdb.conf file for the puppet master.
#
# Parameters:
# ['server'] - The dns name or ip of the puppetdb server (defaults to localhost)
# ['port'] - The port that the puppetdb server is running on (defaults to 8081)
# ['soft_write_failure'] - Boolean to fail in a soft-manner if PuppetDB is not accessable for command submission (defaults to false)
# ['puppet_confdir'] - The config directory of puppet (defaults to /etc/puppet)
#
# Actions:
# - Configures the required puppetdb settings for the puppet master by managing
# the puppetdb.conf file.
#
# Requires:
# - Inifile
#
# Sample Usage:
# class { 'puppetdb::master::puppetdb_conf':
# server => 'my.puppetdb.server'
# }
#
#
# TODO: finish porting this to use params
#
# Managed the puppetdb.conf file on the puppeet master. See README.md for more
# details.
class puppetdb::master::puppetdb_conf (
$server = 'localhost',
$port = '8081',
$soft_write_failure = false,
$puppet_confdir = $puppetdb::params::puppet_confdir,
$puppet_confdir = $puppetdb::params::puppet_confdir,
) inherits puppetdb::params {
Ini_setting {

24
manifests/master/report_processor.pp
View file

@ -1,29 +1,9 @@
# Class: puppetdb::master::report_processor
#
# This class configures the puppet master to enable the puppetdb report
# processor
#
# Parameters:
# ['puppet_conf'] - The puppet config file (defaults to /etc/puppet/puppet.conf)
#
# Actions:
# - Configures the puppet master to use the puppetdb report processor
#
# Requires:
# - Inifile
#
# Sample Usage:
# class { 'puppetdb::master::report_processor':
# puppet_conf => '/etc/puppet/puppet.conf',
# enable => true
# }
#
#
# Manages the installation of the report processor on the master. See README.md
# for more details.
class puppetdb::master::report_processor(
$puppet_conf = $puppetdb::params::puppet_conf,
$enable = false
) inherits puppetdb::params {
ini_subsetting { 'puppet.conf/reports/puppetdb':
ensure => $enable ? {
true => present,

23
manifests/master/routes.pp
View file

@ -1,24 +1,5 @@
# Class: puppetdb::master::routes
#
# This class configures the puppet master to use puppetdb as the facts terminus.
#
# WARNING: the current implementation simply overwrites your routes.yaml file;
# if you have an existing routes.yaml file that you are using for other purposes,
# you should *not* use this.
#
# Parameters:
# ['puppet_confdir'] - The puppet config directory (defaults to /etc/puppet)
#
# Actions:
# - Configures the puppet master to use puppetdb as a facts terminus by
# overwriting routes.yaml
#
# Sample Usage:
# class { 'puppetdb::master::routes':
# puppet_confdir => '/etc/puppet'
# }
#
#
# Manages the routes configuration file on the master. See README.md for more
# details.
class puppetdb::master::routes(
$puppet_confdir = $puppetdb::params::puppet_confdir,
) inherits puppetdb::params {

26
manifests/master/storeconfigs.pp
View file

@ -1,23 +1,5 @@
# Class: puppetdb::master::storeconfigs
#
# This class configures the puppet master to enable storeconfigs and to
# use puppetdb as the storeconfigs backend.
#
# Parameters:
# ['puppet_conf'] - The puppet config file (defaults to /etc/puppet/puppet.conf)
#
# Actions:
# - Configures the puppet master to use puppetdb for stored configs
#
# Requires:
# - Inifile
#
# Sample Usage:
# class { 'puppetdb::master::storeconfigs':
# puppet_conf => '/etc/puppet/puppet.conf'
# }
#
#
# This class configures the puppet master to enable storeconfigs and to use
# puppetdb as the storeconfigs backend. See README.md for more details.
class puppetdb::master::storeconfigs(
$puppet_conf = $puppetdb::params::puppet_conf
) inherits puppetdb::params {
@ -28,12 +10,12 @@ class puppetdb::master::storeconfigs(
ensure => present,
}
ini_setting {'puppetmasterstoreconfig':
ini_setting { 'puppet.conf/master/storeconfigs':
setting => 'storeconfigs',
value => true,
}
ini_setting {'puppetmasterstorebackend':
ini_setting { 'puppet.conf/master/storeconfigs_backend':
setting => 'storeconfigs_backend',
value => 'puppetdb',
}

15
manifests/params.pp
View file

@ -6,20 +6,8 @@ class puppetdb::params {
$ssl_listen_address = $::fqdn
$ssl_listen_port = '8081'
$disable_ssl = false
# This technically defaults to 'true', but in order to preserve backwards
# compatibility with the deprecated 'manage_redhat_firewall' parameter, we
# need to specify 'undef' as the default so that we can tell whether or
# not the user explicitly specified a value. See implementation in
# `firewall.pp`. We should change this back to `true` when we get rid
# of `manage_redhat_firewall`.
$open_ssl_listen_port = undef
$postgres_listen_addresses = 'localhost'
# This technically defaults to 'true', but in order to preserve backwards
# compatibility with the deprecated 'manage_redhat_firewall' parameter, we
# need to specify 'undef' as the default so that we can tell whether or
# not the user explicitly specified a value. See implementation in
# `postgresql.pp`. We should change this back to `true` when we get rid
# of `manage_redhat_firewall`.
$open_postgres_port = undef
$database = 'postgres'
@ -39,9 +27,6 @@ class puppetdb::params {
$puppetdb_version = 'present'
# TODO: figure out a way to make this not platform-specific
$manage_redhat_firewall = undef
$gc_interval = '60'
$log_slow_statements = '10'

26
manifests/server.pp
View file

@ -1,23 +1,4 @@
# This class provides a simple way to get a puppetdb instance up and running
# with minimal effort. It will install and configure all necessary packages for
# the puppetdb server, but will *not* manage the database (e.g., postgres) server
# or instance (unless you are using the embedded database, in which case there
# is not much to manage).
#
# This class is intended as a high-level abstraction to help simplify the process
# of getting your puppetdb server up and running; it manages the puppetdb
# package and service, as well as several puppetdb configuration files. For
# maximum configurability, you may choose not to use this class. You may prefer to
# manage the puppetdb package / service on your own, and perhaps use the
# individual classes inside of the `puppetdb::server` namespace to manage some
# or all of your configuration files.
#
# In addition to this class, you'll need to configure your puppetdb postgres
# database if you are using postgres. You can optionally do by using the
# `puppetdb::database::postgresql` class.
#
# You'll also need to configure your puppet master to use puppetdb. You can
# use the `puppetdb::master::config` class to accomplish this.
# Class to configure a PuppetDB server. See README.md for more details.
class puppetdb::server(
$listen_address = $puppetdb::params::listen_address,
$listen_port = $puppetdb::params::listen_port,
@ -40,12 +21,11 @@ class puppetdb::server(
$log_slow_statements = $puppetdb::params::log_slow_statements,
$conn_max_age = $puppetdb::params::conn_max_age,
$conn_keep_alive = $puppetdb::params::conn_keep_alive,
$conn_lifetime = $puppetdb::params::lifetime,
$conn_lifetime = $puppetdb::params::conn_lifetime,
$puppetdb_package = $puppetdb::params::puppetdb_package,
$puppetdb_version = $puppetdb::params::puppetdb_version,
$puppetdb_service = $puppetdb::params::puppetdb_service,
$puppetdb_service_status = $puppetdb::params::puppetdb_service_status,
$manage_redhat_firewall = $puppetdb::params::manage_redhat_firewall,
$confdir = $puppetdb::params::confdir,
$java_args = {}
) inherits puppetdb::params {
@ -85,7 +65,6 @@ class puppetdb::server(
fail("puppetdb_service_status valid values are 'true', 'running', 'false', and 'stopped'. You provided '${puppetdb_service_status}'")
}
package { $puppetdb_package:
ensure => $puppetdb_version,
notify => Service[$puppetdb_service],
@ -96,7 +75,6 @@ class puppetdb::server(
open_http_port => $open_listen_port,
ssl_port => $ssl_listen_port,
open_ssl_port => $open_ssl_listen_port,
manage_redhat_firewall => $manage_redhat_firewall
}
class { 'puppetdb::server::database_ini':

2
manifests/server/database_ini.pp
View file

@ -1,4 +1,4 @@
# This class manages puppetdb's `database.ini` file.
# PRIVATE CLASS - do not use directly
class puppetdb::server::database_ini(
$database = $puppetdb::params::database,
$database_host = $puppetdb::params::database_host,

81
manifests/server/firewall.pp
View file

@ -1,72 +1,25 @@
# PRIVATE CLASS - do not use directly
class puppetdb::server::firewall(
$port = '',
$http_port = $puppetdb::params::listen_port,
$open_http_port = $puppetdb::params::open_listen_port,
$ssl_port = $puppetdb::params::ssl_listen_port,
$open_ssl_port = $puppetdb::params::open_ssl_listen_port,
$manage_redhat_firewall = $puppetdb::params::manage_redhat_firewall,
$http_port = $puppetdb::params::listen_port,
$open_http_port = $puppetdb::params::open_listen_port,
$ssl_port = $puppetdb::params::ssl_listen_port,
$open_ssl_port = $puppetdb::params::open_ssl_listen_port,
) inherits puppetdb::params {
# TODO: figure out a way to make this not platform-specific; debian and ubuntu
# have an out-of-the-box firewall configuration that seems trickier to manage.
# TODO: the firewall module should be able to handle this itself
if ($puppetdb::params::firewall_supported) {
include firewall
if ($manage_redhat_firewall != undef) {
notify {'Deprecation notice: `$manage_redhat_firewall` is deprecated in the `puppetdb::service::firewall` class and will be removed in a future version. Use `open_http_port` and `open_ssl_port` instead.':}
if ($open_ssl_port != undef) {
fail('`$manage_redhat_firewall` and `$open_ssl_port` cannot both be specified.')
}
if ($open_http_port) {
firewall { "${http_port} accept - puppetdb":
port => $http_port,
proto => 'tcp',
action => 'accept',
}
}
exec { 'puppetdb-persist-firewall':
command => $puppetdb::params::persist_firewall_command,
refreshonly => true,
}
Firewall {
notify => Exec['puppetdb-persist-firewall']
}
if ($port) {
notify { 'Deprecation notice: `port` parameter will be removed in future versions of the puppetdb module. Please use ssl_port instead.': }
}
if ($port and $ssl_port) {
fail('`port` and `ssl_port` cannot both be defined. `port` is deprecated in favor of `ssl_port`')
}
if ($open_http_port) {
firewall { "${http_port} accept - puppetdb":
port => $http_port,
proto => 'tcp',
action => 'accept',
}
}
# This technically defaults to 'true', but in order to preserve backwards
# compatibility with the deprecated 'manage_redhat_firewall' parameter, we
# had to specify 'undef' as the default so that we could tell whether or
# not the user explicitly specified a value. Here's where we're resolving
# that and setting the 'real' default. We should be able to get rid of
# this block when we remove `manage_redhat_firewall`.
if ($open_ssl_port != undef) {
$final_open_ssl_port = $open_ssl_port
} else {
$final_open_ssl_port = true
}
if ($open_ssl_port or $manage_redhat_firewall) {
if ($ssl_port) {
$final_ssl_port = $ssl_port
} else {
$final_ssl_port = $port
}
firewall { "${final_ssl_port} accept - puppetdb":
port => $final_ssl_port,
proto => 'tcp',
action => 'accept',
}
if ($open_ssl_port) {
firewall { "${ssl_port} accept - puppetdb":
port => $ssl_port,
proto => 'tcp',
action => 'accept',
}
}
}

34
manifests/server/jetty_ini.pp
View file

@ -1,36 +1,4 @@
# Class: puppetdb::server::jetty_ini
#
# This class manages puppetdb's `jetty.ini` file, which contains the configuration
# for puppetdb's embedded web server.
#
# Parameters:
# ['listen_address'] - The address that the web server should bind to
# for HTTP requests. (defaults to `localhost`.)
# ['listen_port'] - The port on which the puppetdb web server should
# accept HTTP requests (defaults to 8080).
# ['ssl_listen_address'] - The address that the web server should bind to
# for HTTPS requests. (defaults to `$::fqdn`.)
# ['ssl_listen_port'] - The port on which the puppetdb web server should
# accept HTTPS requests.
# ['disable_ssl'] - If true, disable HTTPS and only serve
# HTTP requests. Defaults to false.
# ['database_name'] - The name of the database instance to connect to.
# (defaults to `puppetdb`; ignored for `embedded` db)
# ['confdir'] - The puppetdb configuration directory; defaults to
# `/etc/puppetdb/conf.d`.
#
# Actions:
# - Manages puppetdb's `jetty.ini` file
#
# Requires:
# - Inifile
#
# Sample Usage:
# class { 'puppetdb::server::jetty_ini':
# ssl_listen_address => 'my.https.interface.hostname',
# ssl_listen_port => 8081,
# }
#
# PRIVATE CLASS - do not use directly
class puppetdb::server::jetty_ini(
$listen_address = $puppetdb::params::listen_address,
$listen_port = $puppetdb::params::listen_port,

45
manifests/server/validate_db.pp
View file

@ -1,47 +1,4 @@
# Class: puppetdb::server::validate_db
#
# This type validates that a successful database connection can be established
# between the node on which this resource is run and the specified puppetdb
# database instance (host/port/user/password/database name).
#
# Parameters:
# [*database*] - Which database backend to use; legal values are
# `postgres` (default) or `embedded`. There is no
# validation for the `embedded` database, so the
# rest of the parameters will be ignored in that
# case. (The `embedded` db can be used for very small
# installations or for testing, but is not recommended
# for use in production environments. For more info,
# see the puppetdb docs.)
# [*database_host*] - the hostname or IP address of the machine where the
# postgres server should be running.
# [*database_port*] - the port on which postgres server should be
# listening (defaults to 5432).
# [*database_username*] - the postgres username
# [*database_password*] - the postgres user's password
# [*database_name*] - the database name that the connection should be
# established against
#
# Actions:
#
# Attempts to establish a connection to the specified puppetdb database. If
# a connection cannot be established, the resource will fail; this allows you
# to use it as a dependency for other resources that would be negatively
# impacted if they were applied without the postgres connection being available.
#
# Requires:
#
# `inkling/postgresql`
#
# Sample Usage:
#
# puppetdb::server::validate_db { 'validate my puppetdb database connection':
# database_host => 'my.postgres.host',
# database_username => 'mydbuser',
# database_password => 'mydbpassword',
# database_name => 'mydbname',
# }
#
# This validates a database connection. See README.md for more details.
class puppetdb::server::validate_db(
$database = $puppetdb::params::database,
$database_host = $puppetdb::params::database_host,

19
metadata.json
View file

@ -8,9 +8,6 @@
"license": "Apache-2.0",
"operatingsystem_support": [
"RedHat",
"OpenSUSE",
"SLES",
"SLED",
"Debian",
"Ubuntu"
],
@ -22,21 +19,21 @@
"3.3"
],
"dependencies": [
{
"name": "puppetlabs/stdlib",
"version_requirement": ">=2.2.0"
},
{
"name": "puppetlabs/postgresql",
"version_requirement": "2.x"
},
{
"name": "puppetlabs/inifile",
"version_requirement": "1.x"
},
{
"name": "puppetlabs/postgresql",
"version_requirement": ">=3.0.0 <4.0.0"
},
{
"name": "puppetlabs/firewall",
"version_requirement": ">= 0.0.4"
},
{
"name": "puppetlabs/stdlib",
"version_requirement": ">=2.2.0"
}
]
}

2
spec/system/basic_spec.rb
View file

@ -28,7 +28,7 @@ class { 'puppetdb::master::config': }
it 'make sure it runs without error' do
shell('puppet module install puppetlabs/stdlib')
shell('puppet module install puppetlabs/postgresql --version 2.5.0')
shell('puppet module install puppetlabs/postgresql --version 3.0.0')
shell('puppet module install puppetlabs/firewall')
shell('puppet module install puppetlabs/inifile')

10
spec/unit/classes/init_spec.rb
View file

@ -6,8 +6,10 @@ describe 'puppetdb', :type => :class do
context 'on a supported platform' do
let(:facts) do
{
:osfamily => 'RedHat',
:postgres_default_version => '9.1',
:osfamily => 'Debian',
:operatingsystem => 'Debian',
:operatingsystemrelease => '6.0',
:kernel => 'Linux',
:concat_basedir => '/var/lib/puppet/concat',
}
end
@ -21,7 +23,9 @@ describe 'puppetdb', :type => :class do
let(:facts) do
{
:osfamily => 'RedHat',
:postgres_default_version => '9.1',
:operatingsystem => 'Debian',
:operatingsystemrelease => '6.0',
:kernel => 'Linux',
:concat_basedir => '/var/lib/puppet/concat',
}
end

20
tests/pe-puppetdb-postgres.pp
View file

@ -1,20 +0,0 @@
# This manifest shows an example of how you might set up puppetdb to work with
# a Puppet Enterprise environment consisting of a puppet master and a puppetdb
# server, as opposed to puppet open source.
node 'puppetmaster.example.com' {
class { 'puppetdb::master::config':
puppetdb_server => 'puppetdb.example.com',
puppet_confdir => '/etc/puppetlabs/puppet',
terminus_package => 'pe-puppetdb-terminus',
puppet_service_name => 'pe-httpd',
}
}
node 'puppetdb.example.com' {
class { 'puppetdb':
puppetdb_package => 'pe-puppetdb',
puppetdb_service => 'pe-puppetdb',
confdir => '/etc/puppetlabs/puppetdb/conf.d',
}
}

11
tests/puppetdb-embeddeddb-on-master-node.pp
View file

@ -1,11 +0,0 @@
# This is an example of how to get puppetdb up and running on the same node
# where your puppet master is running, using the embedded database (which is
# mostly just for testing or very small-scale deployments).
# Configure puppetdb.
class { 'puppetdb':
database => 'embedded',
}
# Configure the puppet master to use puppetdb.
include puppetdb::master::config

34
tests/puppetdb-postgres-distributed.pp
View file

@ -1,34 +0,0 @@
# This is an example of a very basic 3-node setup for puppetdb.
# This node is our puppet master.
node puppet {
# Here we configure the puppet master to use puppetdb.
class { 'puppetdb::master::config':
puppetdb_server => 'puppetdb',
}
}
# This node is our postgres server
node puppetdb-postgres {
# Here we install and configure postgres and the puppetdb database instance
# Optionally, open the firewall port for postgres so puppetdb server can
# gain access.
class { 'puppetdb::database::postgresql':
listen_addresses => 'puppetdb-postgres',
manage_redhat_firewall => true,
}
}
# This node is our main puppetdb server
node puppetdb {
# Here we install and configure the puppetdb server, and tell it where to
# find the postgres database.
# Set open_ssl_listen_port to allow the puppet master to gain access to
# puppetdb. Optionally, set open_listen_port to open the HTTP port so
# you can access the PuppetDB dashboard.
class { 'puppetdb::server':
database_host => 'puppetdb-postgres',
open_ssl_listen_port => true,
open_listen_port => true,
}
}

9
tests/puppetdb-postgres-on-master-node.pp
View file

@ -1,9 +0,0 @@
# This is an example of how to get puppetdb up and running on the same node
# where your puppet master is running, using our recommended database server
# (postgresql).
# Configure puppetdb and its postgres database:
include puppetdb
# Configure the puppet master to use puppetdb.
include puppetdb::master::config