Merge pull request #80 from stdietrich/add_ssl_switch
Add switch to configure database SSL connection
This commit is contained in:
Ken Barber
commit
c09ac02f95
6 changed files with 36 additions and 18 deletions
|
|
@ -210,6 +210,11 @@ The password for the database user (defaults to `puppetdb`; ignored for `embedde
|
|||
|
||||
The name of the database instance to connect to (defaults to `puppetdb`; ignored for `embedded` db).
|
||||
|
||||
####`database_ssl`
|
||||
|
||||
If true, puppetdb will use SSL to connect to the postgres database (defaults to false; ignored for `embedded` db).
|
||||
Setting up proper trust- and keystores has to be managed outside of the puppetdb module.
|
||||
|
||||
####`node_ttl`
|
||||
|
||||
The length of time a node can go without receiving any new data before it's automatically deactivated. (defaults to '0', which disables auto-deactivation). This option is supported in PuppetDB >= 1.1.0.
|
||||
|
|
|
|||
|
|
@ -24,6 +24,7 @@ class puppetdb(
|
|||
$database_username = $puppetdb::params::database_username,
|
||||
$database_password = $puppetdb::params::database_password,
|
||||
$database_name = $puppetdb::params::database_name,
|
||||
$database_ssl = $puppetdb::params::database_ssl,
|
||||
$node_ttl = $puppetdb::params::node_ttl,
|
||||
$node_purge_ttl = $puppetdb::params::node_purge_ttl,
|
||||
$report_ttl = $puppetdb::params::report_ttl,
|
||||
|
|
@ -94,6 +95,7 @@ class puppetdb(
|
|||
database_username => $database_username,
|
||||
database_password => $database_password,
|
||||
database_name => $database_name,
|
||||
database_ssl => $database_ssl,
|
||||
node_ttl => $node_ttl,
|
||||
node_purge_ttl => $node_purge_ttl,
|
||||
report_ttl => $report_ttl,
|
||||
|
|
|
|||
|
|
@ -30,6 +30,7 @@ class puppetdb::params {
|
|||
$database_name = 'puppetdb'
|
||||
$database_username = 'puppetdb'
|
||||
$database_password = 'puppetdb'
|
||||
$database_ssl = false
|
||||
|
||||
# These settings manage the various auto-deactivation and auto-purge settings
|
||||
$node_ttl = '0s'
|
||||
|
|
|
|||
|
|
@ -32,6 +32,7 @@ class puppetdb::server(
|
|||
$database_username = $puppetdb::params::database_username,
|
||||
$database_password = $puppetdb::params::database_password,
|
||||
$database_name = $puppetdb::params::database_name,
|
||||
$database_ssl = $puppetdb::params::database_ssl,
|
||||
$node_ttl = $puppetdb::params::node_ttl,
|
||||
$node_purge_ttl = $puppetdb::params::node_purge_ttl,
|
||||
$report_ttl = $puppetdb::params::report_ttl,
|
||||
|
|
@ -99,22 +100,23 @@ class puppetdb::server(
|
|||
}
|
||||
|
||||
class { 'puppetdb::server::database_ini':
|
||||
database => $database,
|
||||
database_host => $database_host,
|
||||
database_port => $database_port,
|
||||
database_username => $database_username,
|
||||
database_password => $database_password,
|
||||
database_name => $database_name,
|
||||
node_ttl => $node_ttl,
|
||||
node_purge_ttl => $node_purge_ttl,
|
||||
report_ttl => $report_ttl,
|
||||
gc_interval => $gc_interval,
|
||||
database => $database,
|
||||
database_host => $database_host,
|
||||
database_port => $database_port,
|
||||
database_username => $database_username,
|
||||
database_password => $database_password,
|
||||
database_name => $database_name,
|
||||
database_ssl => $database_ssl,
|
||||
node_ttl => $node_ttl,
|
||||
node_purge_ttl => $node_purge_ttl,
|
||||
report_ttl => $report_ttl,
|
||||
gc_interval => $gc_interval,
|
||||
log_slow_statements => $log_slow_statements,
|
||||
conn_max_age => $conn_max_age,
|
||||
conn_keep_alive => $conn_keep_alive,
|
||||
conn_lifetime => $conn_lifetime,
|
||||
confdir => $confdir,
|
||||
notify => Service[$puppetdb_service],
|
||||
conn_max_age => $conn_max_age,
|
||||
conn_keep_alive => $conn_keep_alive,
|
||||
conn_lifetime => $conn_lifetime,
|
||||
confdir => $confdir,
|
||||
notify => Service[$puppetdb_service],
|
||||
}
|
||||
|
||||
class { 'puppetdb::server::jetty_ini':
|
||||
|
|
|
|||
|
|
@ -6,6 +6,7 @@ class puppetdb::server::database_ini(
|
|||
$database_username = $puppetdb::params::database_username,
|
||||
$database_password = $puppetdb::params::database_password,
|
||||
$database_name = $puppetdb::params::database_name,
|
||||
$database_ssl = $puppetdb::params::database_ssl,
|
||||
$node_ttl = $puppetdb::params::node_ttl,
|
||||
$node_purge_ttl = $puppetdb::params::node_purge_ttl,
|
||||
$report_ttl = $puppetdb::params::report_ttl,
|
||||
|
|
@ -46,7 +47,11 @@ class puppetdb::server::database_ini(
|
|||
} elsif $database == 'postgres' {
|
||||
$classname = 'org.postgresql.Driver'
|
||||
$subprotocol = 'postgresql'
|
||||
$subname = "//${database_host}:${database_port}/${database_name}"
|
||||
|
||||
$subname = $database_ssl ? {
|
||||
true => "//${database_host}:${database_port}/${database_name}?ssl=true",
|
||||
default => "//${database_host}:${database_port}/${database_name}",
|
||||
}
|
||||
|
||||
##Only setup for postgres
|
||||
ini_setting {'puppetdb_psdatabase_username':
|
||||
|
|
|
|||
|
|
@ -48,11 +48,14 @@ class puppetdb::server::validate_db(
|
|||
$database_port = $puppetdb::params::database_port,
|
||||
$database_username = $puppetdb::params::database_username,
|
||||
$database_password = $puppetdb::params::database_password,
|
||||
$database_name = $puppetdb::params::database_name
|
||||
$database_name = $puppetdb::params::database_name,
|
||||
$database_ssl = $puppetdb::params::database_ssl
|
||||
) inherits puppetdb::params {
|
||||
|
||||
# We don't need any validation for the embedded database, presumably.
|
||||
if ($database == 'postgres' and $database_password != undef) {
|
||||
if ($database == 'postgres' and (
|
||||
$database_password != undef and $database_ssl == false)
|
||||
) {
|
||||
postgresql::validate_db_connection { 'validate puppetdb postgres connection':
|
||||
database_host => $database_host,
|
||||
database_port => $database_port,
|
||||
|
|
|
|||
Loading…
Reference in a new issue