opuppet/module-puppetdb
5
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Merge pull request #30 from cprice-puppet/bug/master/manage-redhat-firewall

Browse source 
Bug/master/manage redhat firewall
This commit is contained in:
Chris Price 2013-01-17 10:25:43 -08:00
commit dd056a78e5
6 changed files with 62 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
CHANGELOG
View file

@ -1,3 +1,16 @@
1.1.4
========
This is a bugfix release, mostly around fixing backward-compatibility for the
deprecated `manage_redhat_firewall` parameter. It wasn't actually entirely
backwards-compatible in the 1.1.3 release.
2013-01-17 - Chris Price <chris@puppetlabs.com>
* Fix backward compatibility of `manage_redhat_firewall` parameter (de20b44)
2013-01-16 - Chris Price <chris@puppetlabs.com>
* Fix deprecation warnings around manage_redhat_firewall (448f8bc)
1.1.3
========

2
Modulefile
View file

@ -1,5 +1,5 @@
name 'puppetlabs-puppetdb'
version '1.1.3'
version '1.1.4'
source 'git://github.com/puppetlabs-puppet/puppetlabs-puppetdb.git'
author 'Puppet Labs'
description 'PuppetDB resource types'

17
manifests/database/postgresql.pp
View file

@ -34,16 +34,29 @@
class puppetdb::database::postgresql(
# TODO: expose more of the parameters from `inkling/postgresql`!
$listen_addresses = $puppetdb::params::database_host,
$manage_redhat_firewall = $puppetdb::params::manage_redhat_firewall,
$manage_redhat_firewall = $puppetdb::params::open_postgres_port,
) inherits puppetdb::params {
# This technically defaults to 'true', but in order to preserve backwards
# compatibility with the deprecated 'manage_redhat_firewall' parameter, we
# had to specify 'undef' as the default so that we could tell whether or
# not the user explicitly specified a value. Here's where we're resolving
# that and setting the 'real' default. We should be able to get rid of
# this block when we remove `manage_redhat_firewall`.
if ($manage_redhat_firewall != undef) {
$final_manage_redhat_firewall = $manage_redhat_firewall
} else {
$final_manage_redhat_firewall = true
}
# get the pg server up and running
class { '::postgresql::server':
config_hash => {
# TODO: make this stuff configurable
'ip_mask_allow_all_users' => '0.0.0.0/0',
'listen_addresses' => $listen_addresses,
'manage_redhat_firewall' => $manage_redhat_firewall,
'manage_redhat_firewall' => $final_manage_redhat_firewall,
},
}

5
manifests/init.pp
View file

@ -89,7 +89,7 @@ class puppetdb(
$confdir = $puppetdb::params::confdir
) inherits puppetdb::params {
if ($manage_redhat_firewall) {
if ($manage_redhat_firewall != undef) {
notify {'Deprecation notice: `$manage_redhat_firewall` has been deprecated in `puppetdb` class and will be removed in a future versions. Use $open_ssl_listen_port and $open_postgres_port instead.':}
}
@ -116,7 +116,8 @@ class puppetdb(
class { 'puppetdb::database::postgresql':
manage_redhat_firewall => $manage_redhat_firewall ? {
true => $manage_redhat_firewall,
false => $open_postgres_port,
false => $manage_redhat_firewall,
undef => $open_postgres_port,
},
listen_addresses => $postgres_listen_addresses,
before => Class['puppetdb::server']

18
manifests/params.pp
View file

@ -16,9 +16,21 @@ class puppetdb::params {
$open_listen_port = false
$ssl_listen_address = $::clientcert
$ssl_listen_port = '8081'
$open_ssl_listen_port = true
# This technically defaults to 'true', but in order to preserve backwards
# compatibility with the deprecated 'manage_redhat_firewall' parameter, we
# need to specify 'undef' as the default so that we can tell whether or
# not the user explicitly specified a value. See implementation in
# `firewall.pp`. We should change this back to `true` when we get rid
# of `manage_redhat_firewall`.
$open_ssl_listen_port = undef
$postgres_listen_addresses = 'localhost'
$open_postgres_port = true
# This technically defaults to 'true', but in order to preserve backwards
# compatibility with the deprecated 'manage_redhat_firewall' parameter, we
# need to specify 'undef' as the default so that we can tell whether or
# not the user explicitly specified a value. See implementation in
# `postgresql.pp`. We should change this back to `true` when we get rid
# of `manage_redhat_firewall`.
$open_postgres_port = undef
$database = 'postgres'
@ -32,7 +44,7 @@ class puppetdb::params {
$puppetdb_version = 'present'
# TODO: figure out a way to make this not platform-specific
$manage_redhat_firewall = false
$manage_redhat_firewall = undef
$gc_interval = '60'

18
manifests/server/firewall.pp
View file

@ -11,10 +11,10 @@ class puppetdb::server::firewall(
# TODO: the firewall module should be able to handle this itself
if ($puppetdb::params::firewall_supported) {
if ($manage_redhat_firewall) {
if ($manage_redhat_firewall != undef) {
notify {'Deprecation notice: `$manage_redhat_firewall` is deprecated in the `puppetdb::service::firewall` class and will be removed in a future version. Use `open_http_port` and `open_ssl_port` instead.':}
if ($open_ssl_port) {
if ($open_ssl_port != undef) {
fail('`$manage_redhat_firewall` and `$open_ssl_port` cannot both be specified.')
}
}
@ -42,7 +42,19 @@ class puppetdb::server::firewall(
proto => 'tcp',
action => 'accept',
}
}
}
# This technically defaults to 'true', but in order to preserve backwards
# compatibility with the deprecated 'manage_redhat_firewall' parameter, we
# had to specify 'undef' as the default so that we could tell whether or
# not the user explicitly specified a value. Here's where we're resolving
# that and setting the 'real' default. We should be able to get rid of
# this block when we remove `manage_redhat_firewall`.
if ($open_ssl_port != undef) {
$final_open_ssl_port = $open_ssl_port
} else {
$final_open_ssl_port = true
}
if ($open_ssl_port or $manage_redhat_firewall) {
if ($ssl_port) {