From 84c5fa79eaec1c896a9d35fa6eb7f25abd42369a Mon Sep 17 00:00:00 2001 From: Stefan Dietrich Date: Wed, 21 Aug 2013 10:36:15 +0200 Subject: [PATCH] Add switch to configure database SSL connection PostgreSQL supports secure connections through SSL. For PuppetDB to connect with SSL, "?ssl=true" has to be specified on the connection string. This patch adds such a switch, by default PuppetDB will not use SSL to connect to the database. --- manifests/init.pp | 2 ++ manifests/params.pp | 1 + manifests/server.pp | 32 +++++++++++++++++--------------- manifests/server/database_ini.pp | 7 ++++++- 4 files changed, 26 insertions(+), 16 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index 54c4fdd..1aee9b3 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -24,6 +24,7 @@ class puppetdb( $database_username = $puppetdb::params::database_username, $database_password = $puppetdb::params::database_password, $database_name = $puppetdb::params::database_name, + $database_ssl = $puppetdb::params::database_ssl, $node_ttl = $puppetdb::params::node_ttl, $node_purge_ttl = $puppetdb::params::node_purge_ttl, $report_ttl = $puppetdb::params::report_ttl, @@ -94,6 +95,7 @@ class puppetdb( database_username => $database_username, database_password => $database_password, database_name => $database_name, + database_ssl => $database_ssl, node_ttl => $node_ttl, node_purge_ttl => $node_purge_ttl, report_ttl => $report_ttl, diff --git a/manifests/params.pp b/manifests/params.pp index 3fc8633..76b6692 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -30,6 +30,7 @@ class puppetdb::params { $database_name = 'puppetdb' $database_username = 'puppetdb' $database_password = 'puppetdb' + $database_ssl = false # These settings manage the various auto-deactivation and auto-purge settings $node_ttl = '0s' diff --git a/manifests/server.pp b/manifests/server.pp index a9a0932..2e456f7 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -32,6 +32,7 @@ class puppetdb::server( $database_username = $puppetdb::params::database_username, $database_password = $puppetdb::params::database_password, $database_name = $puppetdb::params::database_name, + $database_ssl = $puppetdb::params::database_ssl, $node_ttl = $puppetdb::params::node_ttl, $node_purge_ttl = $puppetdb::params::node_purge_ttl, $report_ttl = $puppetdb::params::report_ttl, @@ -99,22 +100,23 @@ class puppetdb::server( } class { 'puppetdb::server::database_ini': - database => $database, - database_host => $database_host, - database_port => $database_port, - database_username => $database_username, - database_password => $database_password, - database_name => $database_name, - node_ttl => $node_ttl, - node_purge_ttl => $node_purge_ttl, - report_ttl => $report_ttl, - gc_interval => $gc_interval, + database => $database, + database_host => $database_host, + database_port => $database_port, + database_username => $database_username, + database_password => $database_password, + database_name => $database_name, + database_ssl => $database_ssl, + node_ttl => $node_ttl, + node_purge_ttl => $node_purge_ttl, + report_ttl => $report_ttl, + gc_interval => $gc_interval, log_slow_statements => $log_slow_statements, - conn_max_age => $conn_max_age, - conn_keep_alive => $conn_keep_alive, - conn_lifetime => $conn_lifetime, - confdir => $confdir, - notify => Service[$puppetdb_service], + conn_max_age => $conn_max_age, + conn_keep_alive => $conn_keep_alive, + conn_lifetime => $conn_lifetime, + confdir => $confdir, + notify => Service[$puppetdb_service], } class { 'puppetdb::server::jetty_ini': diff --git a/manifests/server/database_ini.pp b/manifests/server/database_ini.pp index cf2d501..fab7996 100644 --- a/manifests/server/database_ini.pp +++ b/manifests/server/database_ini.pp @@ -6,6 +6,7 @@ class puppetdb::server::database_ini( $database_username = $puppetdb::params::database_username, $database_password = $puppetdb::params::database_password, $database_name = $puppetdb::params::database_name, + $database_ssl = $puppetdb::params::database_ssl, $node_ttl = $puppetdb::params::node_ttl, $node_purge_ttl = $puppetdb::params::node_purge_ttl, $report_ttl = $puppetdb::params::report_ttl, @@ -46,7 +47,11 @@ class puppetdb::server::database_ini( } elsif $database == 'postgres' { $classname = 'org.postgresql.Driver' $subprotocol = 'postgresql' - $subname = "//${database_host}:${database_port}/${database_name}" + + $subname = $database_ssl ? { + true => "//${database_host}:${database_port}/${database_name}?ssl=true", + default => "//${database_host}:${database_port}/${database_name}", + } ##Only setup for postgres ini_setting {'puppetdb_psdatabase_username':