opuppet/module-puppetdb
5
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Use ini_file to manage settings, and add validation

Browse source 
This commit does the following:

* Use the new inifile module to manage puppet.conf
* More comprehensive management of config files
* Validate database connectivity before applying puppetdb
  config changes
* Validate puppetdb connectivity before applying puppet
  master config changes
* Documentation
This commit is contained in:
Chris Price 2012-09-17 15:26:32 -07:00
parent b4bf8d8249
commit 8fbda3c4d6
22 changed files with 808 additions and 275 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
README.md
View file

@ -3,18 +3,4 @@ puppetlabs-puppetdb
A puppet module for installing and managing puppetdb
This is a work in progress; currently supports a very limited
setup for single-node (everything on the puppet master machine)
installation using either hsql or postgres.
This module depends on the following other puppet modules:
* puppetlabs-firewall (from the forge)
* puppetlabs-stdlib (a new version that hasn't been published to the forge
yet; relies on a commit made on June 10, 2012 (pull req #75)
* inkling/puppetlabs-postgres (relies on commits made on June 14, 2012,
in this fork/branch:
https://github.com/cprice-puppet/puppet-postgresql/tree/feature/master/align-with-puppetlabs-mysql
Hopefully after a bit more polish, all of these will be published to the forge.
#TODO: more docs

6
files/routes.yaml Normal file
View file

@ -0,0 +1,6 @@
# This file was automatically generated by the puppetdb module.
master:
facts:
terminus: puppetdb
cache: yaml

63
lib/puppet/provider/puppetdb_conn_validator/puppet_https.rb Normal file
View file

@ -0,0 +1,63 @@
require 'puppet/network/http_pool'
# This file contains a provider for the resource type `puppetdb_conn_validator`,
# which validates the puppetdb connection by attempting an https connection.
# Utility method; attempts to make an https connection to the puppetdb server.
# This is abstracted out into a method so that it can be called multiple times
# for retry attempts.
#
# @return true if the connection is successful, false otherwise.
def attempt_connection
begin
host = resource[:puppetdb_server]
port = resource[:puppetdb_port]
# All that we care about is that we are able to connect successfully via
# https, so here we're simpling hitting a somewhat arbitrary low-impact URL
# on the puppetdb server.
path = "/metrics/mbean/java.lang:type=Memory"
headers = {"Accept" => "application/json"}
conn = Puppet::Network::HttpPool.http_instance(host, port, true)
response = conn.get(path, headers)
unless response.kind_of?(Net::HTTPSuccess)
Puppet.err "Unable to connect to puppetdb server (#{host}:#{port}): [#{response.code}] #{response.msg}"
return false
end
return true
rescue Errno::ECONNREFUSED => e
Puppet.warning "Unable to connect to puppetdb server (#{host}:#{port}): #{e.inspect} "
return false
end
end
Puppet::Type.type(:puppetdb_conn_validator).provide(:puppet_https) do
desc "A provider for the resource type `puppetdb_conn_validator`,
which validates the puppetdb connection by attempting an https
connection to the puppetdb server. Uses the puppet SSL certificate
setup from the local puppet environment to authenticate."
def exists?
success = attempt_connection
unless success
# It can take several seconds for the puppetdb server to start up;
# especially on the first install. Therefore, our first connection attempt
# may fail. Here we have somewhat arbitrarily chosen to retry one time
# after ten seconds if that situation arises. May want to revisit this,
# but it seems to work OK for the common use case.
Puppet.notice("Failed to connect to puppetdb; sleeping 10 seconds before retry")
sleep 10
success = attempt_connection
end
success
end
def create
# If `#create` is called, that means that `#exists?` returned false, which
# means that the connection could not be established... so we need to
# cause a failure here.
raise Puppet::Error, "Unable to connect to puppetdb server! (#{resource[:puppetdb_server]}:#{resource[:puppetdb_port]})"
end
end

26
lib/puppet/type/puppetdb_conn_validator.rb Normal file
View file

@ -0,0 +1,26 @@
Puppet::Type.newtype(:puppetdb_conn_validator) do
@doc = "Verify that a connection can be successfully established between a node
and the puppetdb server. Its primary use is as a precondition to
prevent configuration changes from being applied if the puppetdb
server cannot be reached, but it could potentially be used for other
purposes such as monitoring."
ensurable do
defaultvalues
defaultto :present
end
newparam(:name, :namevar => true) do
desc 'An arbitrary name used as the identity of the resource.'
end
newparam(:puppetdb_server) do
desc 'The DNS name or IP address of the server where puppetdb should be running.'
end
newparam(:puppetdb_port) do
desc 'The port that the puppetdb server should be listening on.'
end
end

57
manifests/database/postgresql.pp Normal file
View file

@ -0,0 +1,57 @@
# Class: puppetdb::database::postgresql
#
# This class manages a postgresql server and database instance suitable for use
# with puppetdb. It uses the `inkling/postgresql` puppet module for getting
# the postgres server up and running, and then also for creating the puppetdb
# database instance and user account.
#
# This class is intended as a high-level abstraction to help simplify the process
# of getting your puppetdb postgres server up and running; for maximum
# configurability, you may choose not to use this class. You may prefer to
# use `inkling/postgresql` directly, use a different puppet postgres module,
# or manage your postgres setup on your own. All of these approaches should
# be compatible with puppetdb.
#
# Parameters:
# ['listen_addresses'] - A comma-separated list of hostnames or IP addresses
# on which the postgres server should listen for incoming
# connections. (Defaults to 'localhost'. This parameter
# maps directly to postgresql's 'listen_addresses' config
# option; use a '*' to allow connections on any accessible
# address.
# Actions:
# - Creates and manages a postgres server and database instance for use by
# puppetdb
#
# Requires:
# - `inkling/postgresql`
#
# Sample Usage:
# class { 'puppetdb::database::postgresql':
# listen_addresses => 'my.postgres.host.name',
# }
#
class puppetdb::database::postgresql(
# TODO: expose more of the parameters from `inkling/postgresql`!
$listen_addresses = $puppetdb::params::database_host,
) inherits puppetdb::params {
# get the pg server up and running
class { '::postgresql::server':
config_hash => {
# TODO: make this stuff configurable
'ip_mask_allow_all_users' => '0.0.0.0/0',
'listen_addresses' => $listen_addresses,
'manage_redhat_firewall' => true,
},
}
# create the puppetdb database
postgresql::db{ 'puppetdb':
user => 'puppetdb',
password => 'puppetdb',
grant => 'all',
require => Class['::postgresql::server'],
}
}

48
manifests/init.pp Normal file
View file

@ -0,0 +1,48 @@
# Class: puppetdb
#
# This class provides a simple way to get a puppetdb instance up and running
# with minimal effort. It will install and configure all necessary packages,
# including the database server and instance.
#
# This class is intended as a high-level abstraction to help simplify the process
# of getting your puppetdb server up and running; it wraps the slightly-lower-level
# classes `puppetdb::server` and `puppetdb::database::*`. For maximum
# configurability, you may choose not to use this class. You may prefer to
# use the `puppetdb::server` class directly, or manage your puppetdb setup on your
# own.
#
# In addition to this class, you'll need to configure your puppet master to use
# puppetdb. You can use the `puppetdb::master::config` class to accomplish this.
#
# Parameters:
# ['database'] - Which database backend to use; legal values are
# `postgres` (default) or `embedded`. (The `embedded`
# db can be used for very small installations or for
# testing, but is not recommended for use in production
# environments. For more info, see the puppetdb docs.)
#
# Actions:
# - Creates and manages a puppetdb server and its database server/instance.
#
# Requires:
# - `inkling/postgresql`
#
# Sample Usage:
# include puppetdb
#
# TODO: expose more parameters
class puppetdb(
$database = $puppetdb::params::database,
) inherits puppetdb::params {
class { 'puppetdb::server':
database => $database,
}
if ($database == "postgres") {
class { 'puppetdb::database::postgresql':
before => Class['puppetdb::server']
}
}
}

91
manifests/master/config.pp Normal file
View file

@ -0,0 +1,91 @@
# Class: puppetdb::master::config
#
# This class configures the puppet master to use puppetdb. This includes installing
# all of the required master-specific puppetdb packages and managing or deploying
# the necessary config files (`puppet.conf`, `routes.yaml`, and `puppetdb.conf`).
#
# ***WARNING***: the default behavior of this module is to overwrite puppet's
# `routes.yaml` file, to configure it to use puppetdb. If you have any custom
# settings in your `routes.yaml` file, you'll want to pass `false` for
# the `manage_routes` parameter and you'll have to manage that file yourself.
#
# Parameters:
# ['puppetdb_server'] - The dns name or ip of the puppetdb server
# (defaults to the certname of the current node)
# ['puppetdb_port'] - The port that the puppetdb server is running on (defaults to 8081)
# ['manage_routes'] - If true, the module will overwrite the puppet master's routes
# file to configure it to use puppetdb (defaults to true)
# ['manage_storeconfigs'] - If true, the module will manage the puppet master's
# storeconfig settings (defaults to true)
# ['puppet_confdir'] - Puppet's config directory; defaults to /etc/puppet
# ['puppet_conf'] - Puppet's config file; defaults to /etc/puppet/puppet.conf
#
# Actions:
# - Configures the puppet master to use puppetdb.
#
# Requires:
# - Inifile
#
# Sample Usage:
# class { 'puppetdb::master::config':
# puppetdb_server => 'my.host.name',
# puppetdb_port => 8081,
# }
#
# TODO: port this to use params
class puppetdb::master::config(
$puppetdb_server = $::clientcert,
$puppetdb_port = 8081,
$manage_routes = true,
$manage_storeconfigs = true,
$puppet_confdir = '/etc/puppet',
$puppet_conf = '/etc/puppet/puppet.conf',
)
{
package { 'puppetdb-terminus':
ensure => present,
}
# Validate the puppetdb connection. If we can't connect to puppetdb then we
# *must* not perform the other configuration steps, or else
puppetdb_conn_validator { 'puppetdb_conn':
puppetdb_server => $puppetdb_server,
puppetdb_port => $puppetdb_port,
require => Package['puppetdb-terminus'],
}
# This is a bit of puppet chicanery that allows us to create a
# conditional dependency. Basically, we're saying that "if the PuppetDB
# service is being managed in this same catalog, it needs to come before
# this validator."
Service<|title == 'puppetdb'|> -> Puppetdb_conn_validator['puppetdb_conn']
# Conditionally manage the `routes.yaml` file.
if ($manage_routes) {
class { 'puppetdb::master::routes':
puppet_confdir => $puppet_confdir,
require => Puppetdb_conn_validator['puppetdb_conn'],
}
}
# Conditionally manage the storeconfigs settings in `puppet.conf`.
if ($manage_storeconfigs) {
class { 'puppetdb::master::storeconfigs':
puppet_conf => $puppet_conf,
require => Puppetdb_conn_validator['puppetdb_conn'],
}
}
# Manage the `puppetdb.conf` file.
class { 'puppetdb::master::puppetdb_conf':
server => $puppetdb_server,
port => $puppetdb_port,
puppet_confdir => $puppet_confdir,
require => Puppetdb_conn_validator['puppetdb_conn'],
}
}

47
manifests/master/puppetdb_conf.pp Normal file
View file

@ -0,0 +1,47 @@
# Class: puppetdb::master::puppetdb_conf
#
# This class manages the puppetdb.conf file for the puppet master.
#
# Parameters:
# ['server'] - The dns name or ip of the puppetdb server (defaults to localhost)
# ['port'] - The port that the puppetdb server is running on (defaults to 8081)
# ['puppet_confdir'] - The config directory of puppet (defaults to /etc/puppet)
#
# Actions:
# - Configures the required puppetdb settings for the puppet master by managing
# the puppetdb.conf file.
#
# Requires:
# - Inifile
#
# Sample Usage:
# class { 'puppetdb::master::puppetdb_conf':
# server => 'my.puppetdb.server'
# }
#
# TODO: port this to use params
class puppetdb::master::puppetdb_conf(
$server = 'localhost',
$port = 8081,
$puppet_confdir = '/etc/puppet',
)
{
Ini_setting {
ensure => present,
section => 'main',
path => "${puppet_confdir}/puppetdb.conf",
}
ini_setting {'puppetdbserver':
setting => 'server',
value => $server,
}
ini_setting {'puppetdbport':
setting => 'port',
value => $port,
}
}

37
manifests/master/routes.pp Normal file
View file

@ -0,0 +1,37 @@
# Class: puppetdb::master::routes
#
# This class configures the puppet master to use puppetdb as the facts terminus.
#
# WARNING: the current implementation simply overwrites your routes.yaml file;
# if you have an existing routes.yaml file that you are using for other purposes,
# you should *not* use this.
#
# Parameters:
# ['puppet_confdir'] - The puppet config directory (defaults to /etc/puppet)
#
# Actions:
# - Configures the puppet master to use puppetdb as a facts terminus by
# overwriting routes.yaml
#
# Sample Usage:
# class { 'puppetdb::master::routes':
# puppet_confdir => '/etc/puppet'
# }
#
# TODO: port this to use params
class puppetdb::master::routes(
$puppet_confdir = '/etc/puppet',
)
{
# TODO: this will overwrite any existing routes.yaml;
# to handle this properly we should just be ensuring
# that the proper settings exist, but to do that we'd need
# to parse the yaml file and rewrite it, dealing with indentation issues etc.
# I don't think there is currently a puppet module or an augeas lens for this.
file { "${puppet_confdir}/routes.yaml":
ensure => file,
source => 'puppet:///modules/puppetdb/routes.yaml',
}
}

43
manifests/master/storeconfigs.pp Normal file
View file

@ -0,0 +1,43 @@
# Class: puppetdb::master::storeconfigs
#
# This class configures the puppet master to enable storeconfigs and to
# use puppetdb as the storeconfigs backend.
#
# Parameters:
# ['puppet_conf'] - The puppet config file (defaults to /etc/puppet/puppet.conf)
#
# Actions:
# - Configures the puppet master to use puppetdb for stored configs
#
# Requires:
# - Inifile
#
# Sample Usage:
# class { 'puppetdb::master::storeconfigs':
# puppet_conf => '/etc/puppet/puppet.conf'
# }
#
# TODO: port this to use params
class puppetdb::master::storeconfigs(
$puppet_conf = '/etc/puppet/puppet.conf',
)
{
Ini_setting{
section => 'master',
path => $puppet_conf,
ensure => present,
}
ini_setting {'puppetmasterstoreconfig':
setting => 'storeconfigs',
value => true,
}
ini_setting {'puppetmasterstorebackend':
setting => 'storeconfigs_backend',
value => 'puppetdb',
}
}

39
manifests/params.pp
View file

@ -1,11 +1,32 @@
# Class: puppetdb::params
#
# The puppetdb configuration settings.
#
# Parameters:
#
# Actions:
#
# Requires:
#
# Sample Usage:
#
class puppetdb::params {
# TODO: need to condition this based on whether we are a PE install or not
$psqldatabase_host = 'localhost'
$psqldatabase_port = '5432'
$psqldatabase = 'puppetdb'
$psqldatabase_username = 'puppetdb'
$psqldatabase_password = 'puppetdb'
$gc_interval = 60
$confdir = '/etc/puppetdb/conf.d'
}
$ssl_listen_address = $::clientcert
$ssl_listen_port = 8081
$database = 'postgres'
# The remaining database settings are not used for an embedded database
$database_host = 'localhost'
$database_port = '5432'
$database_name = 'puppetdb'
$database_username = 'puppetdb'
$database_password = 'puppetdb'
$gc_interval = 60
$confdir = '/etc/puppetdb/conf.d'
}

21
manifests/postgresql/server.pp
View file

@ -1,21 +0,0 @@
class puppetdb::postgresql::server {
class { '::postgresql::server':
config_hash => {
# TODO: make this stuff configurable
'ip_mask_allow_all_users' => '0.0.0.0/0',
'listen_addresses' => 'localhost',
'manage_redhat_firewall' => false,
#'ip_mask_deny_postgres_user' => '0.0.0.0/32',
#'postgres_password' => 'puppet',
},
}
postgresql::db{ 'puppetdb':
user => 'puppetdb',
password => 'puppetdb',
grant => 'all',
}
}

167
manifests/server.pp
View file

@ -1,96 +1,105 @@
# Class: puppetdb::server
#
# This class provides a simple way to get a puppetdb instance up and running
# with minimal effort. It will install and configure all necessary packages for
# the puppetdb server, but will *not* manage the database (e.g., postgres) server
# or instance (unless you are using the embedded database, in which case there
# is not much to manage).
#
# This class is intended as a high-level abstraction to help simplify the process
# of getting your puppetdb server up and running; it manages the puppetdb
# package and service, as well as several puppetdb configuration files. For
# maximum configurability, you may choose not to use this class. You may prefer to
# manage the puppetdb package / service on your own, and perhaps use the
# individual classes inside of the `puppetdb::server` namespace to manage some
# or all of your configuration files.
#
# In addition to this class, you'll need to configure your puppetdb postgres
# database if you are using postgres. You can optionally do by using the
# `puppetdb::database::postgresql` class.
#
# You'll also need to configure your puppet master to use puppetdb. You can
# use the `puppetdb::master::config` class to accomplish this.
#
# Parameters:
# ['ssl_listen_address'] - The address that the web server should bind to
# for HTTPS requests. (defaults to `$::clientcert`.)
# ['ssl_listen_port'] - The port on which the puppetdb web server should
# accept HTTPS requests.
# ['database'] - Which database backend to use; legal values are
# `postgres` (default) or `embedded`. (The `embedded`
# db can be used for very small installations or for
# testing, but is not recommended for use in production
# environments. For more info, see the puppetdb docs.)
# ['database_host'] - The hostname or IP address of the database server.
# (defaults to `localhost`; ignored for `embedded` db)
# ['database_port'] - The port that the database server listens on.
# (defaults to `5432`; ignored for `embedded` db)
# ['database_user'] - The name of the database user to connect as.
# (defaults to `puppetdb`; ignored for `embedded` db)
# ['database_password'] - The password for the database user.
# (defaults to `puppetdb`; ignored for `embedded` db)
# ['database_name'] - The name of the database instance to connect to.
# (defaults to `puppetdb`; ignored for `embedded` db)
# ['confdir'] - The puppetdb configuration directory; defaults to
# `/etc/puppetdb/conf.d`.
#
# Actions:
# - Creates and manages a puppetdb server
#
# Requires:
# - `inkling/postgresql`
#
# Sample Usage:
# class { 'puppetdb::server':
# database_host => 'puppetdb-postgres',
# }
#
class puppetdb::server(
$database = 'embedded',
$psqldatabase_host = $puppetdb::params::psqldatabase_host,
$psqldatabase_port = $puppetdb::params::psqldatabase_port,
$psqldatabase_username = $puppetdb::params::psqldatabase_username,
$psqldatabase_password = $puppetdb::params::psqldatabase_password,
$psqldatabase = $puppetdb::params::psqldatabase,
$ssl_listen_address = $puppetdb::params::ssl_listen_address,
$ssl_listen_port = $puppetdb::params::ssl_listen_port,
$database = $puppetdb::params::database,
$database_host = $puppetdb::params::database_host,
$database_port = $puppetdb::params::database_port,
$database_username = $puppetdb::params::database_username,
$database_password = $puppetdb::params::database_password,
$database_name = $puppetdb::params::database_name,
$confdir = $puppetdb::params::confdir,
$gc_interval = $puppetdb::params::gc_interval,
$version = 'present',
) inherits puppetdb::params {
package { 'puppetdb':
ensure => present,
notify => Service['puppetdb'],
}
file { "${confdir}/database.ini":
ensure => file,
require => Package['puppetdb'],
class { 'puppetdb::server::database_ini':
database => $database,
database_host => $database_host,
database_port => $database_port,
database_username => $database_username,
database_password => $database_password,
database_name => $database_name,
confdir => $confdir,
notify => Service['puppetdb'],
}
class { 'puppetdb::server::jetty_ini':
ssl_listen_address => $ssl_listen_address,
ssl_listen_port => $ssl_listen_port,
confdir => $confdir,
notify => Service['puppetdb'],
}
service { 'puppetdb':
ensure => running,
enable => true,
require => File["${confdir}/database.ini"],
}
#Set the defaults
Ini_setting {
path => "${confdir}/database.ini",
require => File["${confdir}/database.ini"],
notify => Service['puppetdb'],
}
if $database == 'embedded'{
$classname = 'org.hsqldb.jdbcDriver'
$subprotocol = 'hsqldb'
$subname = 'file:/usr/share/puppetdb/db/db;hsqldb.tx=mvcc;sql.syntax_pgs=true'
} elsif $database == 'postgres' {
$classname = 'org.postgresql.Driver'
$subprotocol = 'postgresql'
$subname = "//${psqldatabase_host}:${psqldatabase_port}/${psqldatabase}"
Package['puppetdb'] ->
Class['puppetdb::server::database_ini'] ->
Class['puppetdb::server::jetty_ini'] ->
Service['puppetdb']
##Only setup for postgres
ini_setting {'puppetdb_psdatabase_username':
ensure => present,
section => 'database',
setting => 'username',
value => $psqldatabase_username,
}
ini_setting {'puppetdb_psdatabase_password':
ensure => present,
section => 'database',
setting => 'password',
value => $psqldatabase_password,
}
}
ini_setting {'puppetdb_classname':
ensure => present,
section => 'database',
setting => 'classname',
value => $classname,
}
ini_setting {'puppetdb_subprotocol':
ensure => present,
section => 'database',
setting => 'subprotocol',
value => $subprotocol,
}
ini_setting {'puppetdb_pgs':
ensure => present,
section => 'database',
setting => 'syntax_pgs',
value => true,
}
ini_setting {'puppetdb_subname':
ensure => present,
section => 'database',
setting => 'subname',
value => $subname,
}
ini_setting {'puppetdb_gc_interval':
ensure => present,
section => 'database',
setting => 'gc-interval',
value => $gc_interval ,
}
}
}

109
manifests/server/database_ini.pp Normal file
View file

@ -0,0 +1,109 @@
# Class: puppetdb::server::database_ini
#
# This class manages puppetdb's `database.ini` file.
#
# Parameters:
# ['database'] - Which database backend to use; legal values are
# `postgres` (default) or `embedded`. (The `embedded`
# db can be used for very small installations or for
# testing, but is not recommended for use in production
# environments. For more info, see the puppetdb docs.)
# ['database_host'] - The hostname or IP address of the database server.
# (defaults to `localhost`; ignored for `embedded` db)
# ['database_port'] - The port that the database server listens on.
# (defaults to `5432`; ignored for `embedded` db)
# ['database_user'] - The name of the database user to connect as.
# (defaults to `puppetdb`; ignored for `embedded` db)
# ['database_password'] - The password for the database user.
# (defaults to `puppetdb`; ignored for `embedded` db)
# ['database_name'] - The name of the database instance to connect to.
# (defaults to `puppetdb`; ignored for `embedded` db)
# ['confdir'] - The puppetdb configuration directory; defaults to
# `/etc/puppetdb/conf.d`.
#
# Actions:
# - Manages puppetdb's `database.ini` file
#
# Requires:
# - Inifile
#
# Sample Usage:
# class { 'puppetdb::server::database_ini':
# database_host => 'my.postgres.host',
# database_port => 5432,
# database_username => 'puppetdb_pguser',
# database_password => 'puppetdb_pgpasswd',
# database_name => 'puppetdb',
# }
#
class puppetdb::server::database_ini(
$database = $puppetdb::params::database,
$database_host = $puppetdb::params::database_host,
$database_port = $puppetdb::params::database_port,
$database_username = $puppetdb::params::database_username,
$database_password = $puppetdb::params::database_password,
$database_name = $puppetdb::params::database_name,
$confdir = $puppetdb::params::confdir,
) inherits puppetdb::params {
# Validate the database connection. If we can't connect, we want to fail
# and skip the rest of the configuration, so that we don't leave puppetdb
# in a broken state.
class { 'puppetdb::server::validate_db':
database => $database,
database_host => $database_host,
database_port => $database_port,
database_username => $database_username,
database_password => $database_password,
database_name => $database_name,
}
#Set the defaults
Ini_setting {
path => "${confdir}/database.ini",
ensure => present,
section => 'database',
require => Class['puppetdb::server::validate_db'],
}
if $database == 'embedded'{
$classname = 'org.hsqldb.jdbcDriver'
$subprotocol = 'hsqldb'
$subname = 'file:/usr/share/puppetdb/db/db;hsqldb.tx=mvcc;sql.syntax_pgs=true'
} elsif $database == 'postgres' {
$classname = 'org.postgresql.Driver'
$subprotocol = 'postgresql'
$subname = "//${database_host}:${database_port}/${database}"
##Only setup for postgres
ini_setting {'puppetdb_psdatabase_username':
setting => 'username',
value => $database_username,
}
ini_setting {'puppetdb_psdatabase_password':
setting => 'password',
value => $database_password,
}
}
ini_setting {'puppetdb_classname':
setting => 'classname',
value => $classname,
}
ini_setting {'puppetdb_subprotocol':
setting => 'subprotocol',
value => $subprotocol,
}
ini_setting {'puppetdb_pgs':
setting => 'syntax_pgs',
value => true,
}
ini_setting {'puppetdb_subname':
setting => 'subname',
value => $subname,
}
ini_setting {'puppetdb_gc_interval':
setting => 'gc-interval',
value => $gc_interval ,
}
}

54
manifests/server/jetty_ini.pp Normal file
View file

@ -0,0 +1,54 @@
# Class: puppetdb::server::jetty_ini
#
# This class manages puppetdb's `jetty.ini` file, which contains the configuration
# for puppetdb's embedded web server.
#
# Parameters:
# ['ssl_listen_address'] - The address that the web server should bind to
# for HTTPS requests. (defaults to `$::clientcert`.)
# ['ssl_listen_port'] - The port on which the puppetdb web server should
# accept HTTPS requests.
# ['database_name'] - The name of the database instance to connect to.
# (defaults to `puppetdb`; ignored for `embedded` db)
# ['confdir'] - The puppetdb configuration directory; defaults to
# `/etc/puppetdb/conf.d`.
#
# Actions:
# - Manages puppetdb's `jetty.ini` file
#
# Requires:
# - Inifile
#
# Sample Usage:
# class { 'puppetdb::server::jetty_ini':
# ssl_listen_address => 'my.https.interface.hostname',
# ssl_listen_port => 8081,
# }
#
#TODO add support for non-ssl config
class puppetdb::server::jetty_ini(
$ssl_listen_address = $puppetdb::params::ssl_listen_address,
$ssl_listen_port = $puppetdb::params::ssl_listen_port,
$confdir = $puppetdb::params::confdir,
) inherits puppetdb::params {
#Set the defaults
Ini_setting {
path => "${confdir}/jetty.ini",
ensure => present,
section => 'jetty',
}
# TODO: figure out some way to make sure that the ini_file module is installed,
# because otherwise these will silently fail to do anything.
ini_setting {'puppetdb_sslhost':
setting => 'ssl-host',
value => $ssl_listen_address,
}
ini_setting {'puppetdb_sslport':
setting => 'ssl-port',
value => $ssl_listen_port,
}
}

64
manifests/server/validate_db.pp Normal file
View file

@ -0,0 +1,64 @@
# Class: puppetdb::server::validate_db
#
# This type validates that a successful database connection can be established
# between the node on which this resource is run and the specified puppetdb
# database instance (host/port/user/password/database name).
#
# Parameters:
# [*database*] - Which database backend to use; legal values are
# `postgres` (default) or `embedded`. There is no
# validation for the `embedded` database, so the
# rest of the parameters will be ignored in that
# case. (The `embedded` db can be used for very small
# installations or for testing, but is not recommended
# for use in production environments. For more info,
# see the puppetdb docs.)
# [*database_host*] - the hostname or IP address of the machine where the
# postgres server should be running.
# [*database_port*] - the port on which postgres server should be
# listening (defaults to 5432).
# [*database_username*] - the postgres username
# [*database_password*] - the postgres user's password
# [*database_name*] - the database name that the connection should be
# established against
#
# Actions:
#
# Attempts to establish a connection to the specified puppetdb database. If
# a connection cannot be established, the resource will fail; this allows you
# to use it as a dependency for other resources that would be negatively
# impacted if they were applied without the postgres connection being available.
#
# Requires:
#
# `inkling/postgresql`
#
# Sample Usage:
#
# puppetdb::server::validate_db { 'validate my puppetdb database connection':
# database_host => 'my.postgres.host',
# database_username => 'mydbuser',
# database_password => 'mydbpassword',
# database_name => 'mydbname',
# }
#
class puppetdb::server::validate_db(
$database = $puppetdb::params::database,
$database_host = $puppetdb::params::database_host,
$database_port = $puppetdb::params::database_port,
$database_username = $puppetdb::params::database_username,
$database_password = $puppetdb::params::database_password,
$database_name = $puppetdb::params::database_name
) inherits puppetdb::params {
# We don't need any validation for the embedded database, presumably.
if ($database == "postgres") {
::postgresql::validate_db_connection { 'validate puppetdb postgres connection':
database_host => $database_host,
database_port => $database_port,
database_username => $database_username,
database_password => $database_password,
database_name => $database_name,
}
}
}

60
manifests/storeconfigs.pp
View file

@ -1,60 +0,0 @@
# Class: puppetdb::storeconfigs
#
# This class installs and configures the puppetdb terminus pacakge
#
# Parameters:
# ['puppet_confdir'] - The config directory of puppet
# ['dbport'] - The port of the puppetdb
# ['dbserver'] - The dns name of the puppetdb server
# ['puppet_conf'] - The puppet config file
#
# Actions:
# - Configures the puppet to use stored configs
#
# Requires:
# - Inifile
# - Class['puppetdb::storeconfigs']
#
# Sample Usage:
# class { 'puppetdb::storeconfigs':
# dbserver => 'localhost'
# dbport => 8081,
# }
#
class puppetdb::storeconfigs(
$dbserver = 'localhost',
$dbport = '8081',
$puppet_confdir = '/etc/puppet/',
$puppet_conf = '/etc/puppet/puppet.conf',
)
{
class{ 'puppetdb::terminus':
puppet_confdir => $puppet_confdir,
dbport => $dbport,
dbserver => $dbserver,
}
Ini_setting{
section => 'master',
path => $puppet_conf,
require => Class[puppetdb::terminus],
}
ini_setting {'puppetmasterstoreconfigserver':
ensure => present,
setting => 'server',
value => $dbserver,
}
ini_setting {'puppetmasterstoreconfig':
ensure => present,
setting => 'storeconfigs',
value => true,
}
ini_setting {'puppetmasterstorebackend':
ensure => present,
setting => 'storeconfigs_backend',
value => 'puppetdb',
}
}

60
manifests/terminus.pp
View file

@ -1,60 +0,0 @@
# Class: puppetdb::terminus
#
# This class installs and configures the puppetdb terminus pacakge
#
# Parameters:
# ['puppet_confdir'] - The config directory of puppet
# ['dbport'] - The port of the puppetdb
# ['dbserver'] - The dns name of the puppetdb server
#
# Actions:
# - Configures the puppetdb terminus package
#
# Requires:
# - Inifile
#
# Sample Usage:
# class { 'puppet::terminus':
# puppet_confdir => '/etc/puppet/',
# dbport => 8081,
# dbserver => 'localhost'
# }
#
class puppetdb::terminus($puppet_confdir, $dbport, $dbserver)
{
package { 'puppetdb-terminus':
ensure => present,
}
# TODO: this will overwrite any existing routes.yaml;
# to handle this properly we should just be ensuring
# that the proper lines exist
file { "${puppet_confdir}/routes.yaml":
ensure => file,
source => 'puppet:///modules/puppet/routes.yaml',
require => Package['puppetdb-terminus'],
}
file { "${puppet_confdir}/puppetdb.conf":
ensure => file,
require => File["${puppet_confdir}/routes.yaml"],
}
ini_setting {'puppetterminusserver':
ensure => present,
section => 'main',
setting => 'server',
path => "${puppet_confdir}/puppetdb.conf",
value => $dbserver,
require => File["${puppet_confdir}/puppetdb.conf"],
}
ini_setting {'puppetterminusport':
ensure => present,
section => 'main',
setting => 'port',
path => "${puppet_confdir}/puppetdb.conf",
value => $dbport,
require => File["${puppet_confdir}/puppetdb.conf"],
}
}

11
tests/puppetdb-embeddeddb-on-master-node.pp Normal file
View file

@ -0,0 +1,11 @@
# This is an example of how to get puppetdb up and running on the same node
# where your puppet master is running, using the embedded database (which is
# mostly just for testing or very small-scale deployments).
# Configure puppetdb.
class { 'puppetdb':
database => 'embedded',
}
# Configure the puppet master to use puppetdb.
include puppetdb::master::config

14
tests/puppetdb-hsql-on-master-node.pp
View file

@ -1,14 +0,0 @@
# NOTE!! This manifest will set everything up *except* for your
# puppet.conf file; to that, you'll need to manually add the following
# lines to the 'main' section:
#
# server=<your certname here>
# storeconfigs=true
# storeconfigs_backend=puppetdb
#
# After that if you run 'puppet agent --test' (on the same machine), you
# should see the puppetdb being exercised (see /var/log/puppetdb)
#
include puppetdb::terminus
include puppetdb::server

26
tests/puppetdb-postgres-distributed.pp Normal file
View file

@ -0,0 +1,26 @@
# This is an example of a very basic 3-node setup for puppetdb.
# This node is our puppet master.
node puppet {
# Here we configure the puppet master to use puppetdb.
class { 'puppetdb::master::config':
puppetdb_server => 'puppetdb',
}
}
# This node is our postgres server
node puppetdb-postgres {
# Here we install and configure postgres and the puppetdb database instance
class { 'puppetdb::database::postgresql':
listen_addresses => 'puppetdb-postgres',
}
}
# This node is our main puppetdb server
node puppetdb {
# Here we install and configure the puppetdb server, and tell it where to
# find the postgres database.
class { 'puppetdb::server':
database_host => 'puppetdb-postgres',
}
}

24
tests/puppetdb-postgres-on-master-node.pp
View file

@ -1,19 +1,9 @@
# NOTE!! This manifest will set everything up *except* for your
# puppet.conf file; to that, you'll need to manually add the following
# lines to the 'main' section:
#
# server=<your certname here>
# storeconfigs=true
# storeconfigs_backend=puppetdb
#
# After that if you run 'puppet agent --test' (on the same machine), you
# should see the puppetdb being exercised (see /var/log/puppetdb)
#
# This is an example of how to get puppetdb up and running on the same node
# where your puppet master is running, using our recommended database server
# (postgresql).
include puppetdb::terminus
include puppetdb::postgresql::server
# Configure puppetdb and its postgres database:
include puppetdb
class { 'puppetdb::server':
database => 'postgres',
database_host => 'localhost',
}
# Configure the puppet master to use puppetdb.
include puppetdb::master::config