Add switch to configure database SSL connection

PostgreSQL supports secure connections through SSL. For PuppetDB to connect with SSL, "?ssl=true" has to be specified on the connection string. This patch adds such a switch, by default PuppetDB will not use SSL to connect to the database.
2013-08-21 10:36:15 +02:00 · 2013-08-21 10:36:15 +02:00 · 84c5fa79ea
commit 84c5fa79ea
parent 79ef2823d4
4 changed files with 26 additions and 16 deletions
--- a/manifests/init.pp
+++ b/manifests/init.pp
@ -24,6 +24,7 @@ class puppetdb(
  $database_username         = $puppetdb::params::database_username,
  $database_password         = $puppetdb::params::database_password,
  $database_name             = $puppetdb::params::database_name,
+  $database_ssl              = $puppetdb::params::database_ssl,
  $node_ttl                  = $puppetdb::params::node_ttl,
  $node_purge_ttl            = $puppetdb::params::node_purge_ttl,
  $report_ttl                = $puppetdb::params::report_ttl,
@ -94,6 +95,7 @@ class puppetdb(
    database_username       => $database_username,
    database_password       => $database_password,
    database_name           => $database_name,
+    database_ssl            => $database_ssl,
    node_ttl                => $node_ttl,
    node_purge_ttl          => $node_purge_ttl,
    report_ttl              => $report_ttl,
--- a/manifests/params.pp
+++ b/manifests/params.pp
@ -30,6 +30,7 @@ class puppetdb::params {
  $database_name          = 'puppetdb'
  $database_username      = 'puppetdb'
  $database_password      = 'puppetdb'
+  $database_ssl           = false

  # These settings manage the various auto-deactivation and auto-purge settings
  $node_ttl               = '0s'
--- a/manifests/server.pp
+++ b/manifests/server.pp
@ -32,6 +32,7 @@ class puppetdb::server(
  $database_username       = $puppetdb::params::database_username,
  $database_password       = $puppetdb::params::database_password,
  $database_name           = $puppetdb::params::database_name,
+  $database_ssl            = $puppetdb::params::database_ssl,
  $node_ttl                = $puppetdb::params::node_ttl,
  $node_purge_ttl          = $puppetdb::params::node_purge_ttl,
  $report_ttl              = $puppetdb::params::report_ttl,
@ -99,22 +100,23 @@ class puppetdb::server(
  }

  class { 'puppetdb::server::database_ini':
-    database          => $database,
-    database_host     => $database_host,
-    database_port     => $database_port,
-    database_username => $database_username,
-    database_password => $database_password,
-    database_name     => $database_name,
-    node_ttl          => $node_ttl,
-    node_purge_ttl    => $node_purge_ttl,
-    report_ttl        => $report_ttl,
-    gc_interval       => $gc_interval,
+    database            => $database,
+    database_host       => $database_host,
+    database_port       => $database_port,
+    database_username   => $database_username,
+    database_password   => $database_password,
+    database_name       => $database_name,
+    database_ssl        => $database_ssl,
+    node_ttl            => $node_ttl,
+    node_purge_ttl      => $node_purge_ttl,
+    report_ttl          => $report_ttl,
+    gc_interval         => $gc_interval,
    log_slow_statements => $log_slow_statements,
-    conn_max_age      => $conn_max_age,
-    conn_keep_alive   => $conn_keep_alive,
-    conn_lifetime     => $conn_lifetime,
-    confdir           => $confdir,
-    notify            => Service[$puppetdb_service],
+    conn_max_age        => $conn_max_age,
+    conn_keep_alive     => $conn_keep_alive,
+    conn_lifetime       => $conn_lifetime,
+    confdir             => $confdir,
+    notify              => Service[$puppetdb_service],
  }

  class { 'puppetdb::server::jetty_ini':
--- a/manifests/server/database_ini.pp
+++ b/manifests/server/database_ini.pp
@ -6,6 +6,7 @@ class puppetdb::server::database_ini(
  $database_username = $puppetdb::params::database_username,
  $database_password = $puppetdb::params::database_password,
  $database_name     = $puppetdb::params::database_name,
+  $database_ssl      = $puppetdb::params::database_ssl,
  $node_ttl          = $puppetdb::params::node_ttl,
  $node_purge_ttl    = $puppetdb::params::node_purge_ttl,
  $report_ttl        = $puppetdb::params::report_ttl,
@ -46,7 +47,11 @@ class puppetdb::server::database_ini(
  } elsif $database == 'postgres' {
    $classname = 'org.postgresql.Driver'
    $subprotocol = 'postgresql'
-    $subname = "//${database_host}:${database_port}/${database_name}"
+
+    $subname = $database_ssl ? {
+      true    => "//${database_host}:${database_port}/${database_name}?ssl=true",
+      default => "//${database_host}:${database_port}/${database_name}",
+    }

    ##Only setup for postgres
    ini_setting {'puppetdb_psdatabase_username':