Allow puppetdb conn validation when ssl is disabled

for my use case, I am not able to validate the
ssl endpoint b/c I am creating my puppet certificates
during my puppet run, so they are not available to
the http get request.

This patch adds a new resource parameter to
the puppetdb_conn_validator that allows it
to make a non-ssl connection. This allows me
to declare my own http only resource that I
can use to verify the puppetdb connection.
This commit is contained in:
Dan Bode 2013-06-06 11:20:57 -07:00
parent 7e056f1c4c
commit cfffea0a79
4 changed files with 30 additions and 4 deletions

View file

@ -50,7 +50,7 @@ Puppet::Type.type(:puppetdb_conn_validator).provide(:puppet_https) do
# @api private # @api private
def validator def validator
@validator ||= Puppet::Util::PuppetdbValidator.new(resource[:puppetdb_server], resource[:puppetdb_port]) @validator ||= Puppet::Util::PuppetdbValidator.new(resource[:puppetdb_server], resource[:puppetdb_port], resource[:use_ssl])
end end
end end

View file

@ -23,6 +23,11 @@ Puppet::Type.newtype(:puppetdb_conn_validator) do
desc 'The port that the puppetdb server should be listening on.' desc 'The port that the puppetdb server should be listening on.'
end end
newparam(:use_ssl) do
desc 'Whether the connection will be attemped using https'
defaultto true
end
newparam(:timeout) do newparam(:timeout) do
desc 'The max number of seconds that the validator should wait before giving up and deciding that puppetdb is not running; defaults to 15 seconds.' desc 'The max number of seconds that the validator should wait before giving up and deciding that puppetdb is not running; defaults to 15 seconds.'
defaultto 15 defaultto 15

View file

@ -6,9 +6,10 @@ module Puppet
attr_reader :puppetdb_server attr_reader :puppetdb_server
attr_reader :puppetdb_port attr_reader :puppetdb_port
def initialize(puppetdb_server, puppetdb_port) def initialize(puppetdb_server, puppetdb_port, use_ssl=true)
@puppetdb_server = puppetdb_server @puppetdb_server = puppetdb_server
@puppetdb_port = puppetdb_port @puppetdb_port = puppetdb_port
@use_ssl = use_ssl
end end
# Utility method; attempts to make an https connection to the puppetdb server. # Utility method; attempts to make an https connection to the puppetdb server.
@ -22,7 +23,16 @@ module Puppet
# on the puppetdb server. # on the puppetdb server.
path = "/metrics/mbean/java.lang:type=Memory" path = "/metrics/mbean/java.lang:type=Memory"
headers = {"Accept" => "application/json"} headers = {"Accept" => "application/json"}
conn = Puppet::Network::HttpPool.http_instance(@puppetdb_server, @puppetdb_port, true) if @use_ssl
conn = Puppet::Network::HttpPool.http_instance(@puppetdb_server, @puppetdb_port, @use_ssl)
else
# the Puppet httppool only supports disabling ssl in Puppet > 3.x
# this code allows ssl to be disabled for the connection on both 2.7 and 3.x
conn = Net::HTTP.new(@puppetdb_server, @puppetdb_port)
conn.read_timeout = Puppet[:configtimeout]
conn.open_timeout = Puppet[:configtimeout]
end
response = conn.get(path, headers) response = conn.get(path, headers)
unless response.kind_of?(Net::HTTPSuccess) unless response.kind_of?(Net::HTTPSuccess)
Puppet.notice "Unable to connect to puppetdb server (#{@puppetdb_server}:#{@puppetdb_port}): [#{response.code}] #{response.msg}" Puppet.notice "Unable to connect to puppetdb server (#{@puppetdb_server}:#{@puppetdb_port}): [#{response.code}] #{response.msg}"

View file

@ -13,6 +13,8 @@ describe 'Puppet::Util::PuppetdbValidator' do
conn_ok = stub() conn_ok = stub()
conn_ok.stubs(:get).with('/metrics/mbean/java.lang:type=Memory', {"Accept" => "application/json"}).returns(response_ok) conn_ok.stubs(:get).with('/metrics/mbean/java.lang:type=Memory', {"Accept" => "application/json"}).returns(response_ok)
conn_ok.stubs(:read_timeout=).with(2)
conn_ok.stubs(:open_timeout=).with(2)
conn_not_found = stub() conn_not_found = stub()
conn_not_found.stubs(:get).with('/metrics/mbean/java.lang:type=Memory', {"Accept" => "application/json"}).returns(response_not_found) conn_not_found.stubs(:get).with('/metrics/mbean/java.lang:type=Memory', {"Accept" => "application/json"}).returns(response_not_found)
@ -21,6 +23,7 @@ describe 'Puppet::Util::PuppetdbValidator' do
Puppet::Network::HttpPool.stubs(:http_instance).with('mypuppetdb.com', 8080, true).raises('Connection refused') Puppet::Network::HttpPool.stubs(:http_instance).with('mypuppetdb.com', 8080, true).raises('Connection refused')
Puppet::Network::HttpPool.stubs(:http_instance).with('mypuppetdb.com', 8081, true).returns(conn_ok) Puppet::Network::HttpPool.stubs(:http_instance).with('mypuppetdb.com', 8081, true).returns(conn_ok)
Puppet::Network::HttpPool.stubs(:http_instance).with('wrongserver.com', 8081, true).returns(conn_not_found) Puppet::Network::HttpPool.stubs(:http_instance).with('wrongserver.com', 8081, true).returns(conn_not_found)
Net::HTTP.stubs(:new).with('mypuppetdb.com', 8080).returns(conn_ok)
end end
it 'returns true if connection succeeds' do it 'returns true if connection succeeds' do
@ -28,6 +31,12 @@ describe 'Puppet::Util::PuppetdbValidator' do
validator.attempt_connection.should be_true validator.attempt_connection.should be_true
end end
it 'should still validate without ssl' do
Puppet[:configtimeout] = 2
validator = Puppet::Util::PuppetdbValidator.new('mypuppetdb.com', 8080, false)
validator.attempt_connection.should be_true
end
it 'returns false and issues an appropriate notice if connection is refused' do it 'returns false and issues an appropriate notice if connection is refused' do
puppetdb_server = 'mypuppetdb.com' puppetdb_server = 'mypuppetdb.com'
puppetdb_port = 8080 puppetdb_port = 8080
@ -53,4 +62,6 @@ describe 'Puppet::Util::PuppetdbValidator' do
Puppet.expects(:notice).with("Unable to connect to puppetdb server (#{puppetdb_server}:#{puppetdb_port}): Unknown host") Puppet.expects(:notice).with("Unable to connect to puppetdb server (#{puppetdb_server}:#{puppetdb_port}): Unknown host")
validator.attempt_connection.should be_false validator.attempt_connection.should be_false
end end
end end