diff --git a/CHANGELOG b/CHANGELOG index 966d032..c2f5361 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,16 @@ +1.1.4 +======== + +This is a bugfix release, mostly around fixing backward-compatibility for the +deprecated `manage_redhat_firewall` parameter. It wasn't actually entirely +backwards-compatible in the 1.1.3 release. + +2013-01-17 - Chris Price + * Fix backward compatibility of `manage_redhat_firewall` parameter (de20b44) + +2013-01-16 - Chris Price + * Fix deprecation warnings around manage_redhat_firewall (448f8bc) + 1.1.3 ======== diff --git a/Modulefile b/Modulefile index 44516c8..b2aa3d6 100644 --- a/Modulefile +++ b/Modulefile @@ -1,5 +1,5 @@ name 'puppetlabs-puppetdb' -version '1.1.3' +version '1.1.4' source 'git://github.com/puppetlabs-puppet/puppetlabs-puppetdb.git' author 'Puppet Labs' description 'PuppetDB resource types' diff --git a/manifests/database/postgresql.pp b/manifests/database/postgresql.pp index c5c1685..0863d5a 100644 --- a/manifests/database/postgresql.pp +++ b/manifests/database/postgresql.pp @@ -34,16 +34,29 @@ class puppetdb::database::postgresql( # TODO: expose more of the parameters from `inkling/postgresql`! $listen_addresses = $puppetdb::params::database_host, - $manage_redhat_firewall = $puppetdb::params::manage_redhat_firewall, + $manage_redhat_firewall = $puppetdb::params::open_postgres_port, ) inherits puppetdb::params { + # This technically defaults to 'true', but in order to preserve backwards + # compatibility with the deprecated 'manage_redhat_firewall' parameter, we + # had to specify 'undef' as the default so that we could tell whether or + # not the user explicitly specified a value. Here's where we're resolving + # that and setting the 'real' default. We should be able to get rid of + # this block when we remove `manage_redhat_firewall`. + if ($manage_redhat_firewall != undef) { + $final_manage_redhat_firewall = $manage_redhat_firewall + } else { + $final_manage_redhat_firewall = true + } + + # get the pg server up and running class { '::postgresql::server': config_hash => { # TODO: make this stuff configurable 'ip_mask_allow_all_users' => '0.0.0.0/0', 'listen_addresses' => $listen_addresses, - 'manage_redhat_firewall' => $manage_redhat_firewall, + 'manage_redhat_firewall' => $final_manage_redhat_firewall, }, } diff --git a/manifests/init.pp b/manifests/init.pp index 9529824..20e5e2f 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -89,7 +89,7 @@ class puppetdb( $confdir = $puppetdb::params::confdir ) inherits puppetdb::params { - if ($manage_redhat_firewall) { + if ($manage_redhat_firewall != undef) { notify {'Deprecation notice: `$manage_redhat_firewall` has been deprecated in `puppetdb` class and will be removed in a future versions. Use $open_ssl_listen_port and $open_postgres_port instead.':} } @@ -116,7 +116,8 @@ class puppetdb( class { 'puppetdb::database::postgresql': manage_redhat_firewall => $manage_redhat_firewall ? { true => $manage_redhat_firewall, - false => $open_postgres_port, + false => $manage_redhat_firewall, + undef => $open_postgres_port, }, listen_addresses => $postgres_listen_addresses, before => Class['puppetdb::server'] diff --git a/manifests/params.pp b/manifests/params.pp index b01d692..eb7b241 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -16,9 +16,21 @@ class puppetdb::params { $open_listen_port = false $ssl_listen_address = $::clientcert $ssl_listen_port = '8081' - $open_ssl_listen_port = true + # This technically defaults to 'true', but in order to preserve backwards + # compatibility with the deprecated 'manage_redhat_firewall' parameter, we + # need to specify 'undef' as the default so that we can tell whether or + # not the user explicitly specified a value. See implementation in + # `firewall.pp`. We should change this back to `true` when we get rid + # of `manage_redhat_firewall`. + $open_ssl_listen_port = undef $postgres_listen_addresses = 'localhost' - $open_postgres_port = true + # This technically defaults to 'true', but in order to preserve backwards + # compatibility with the deprecated 'manage_redhat_firewall' parameter, we + # need to specify 'undef' as the default so that we can tell whether or + # not the user explicitly specified a value. See implementation in + # `postgresql.pp`. We should change this back to `true` when we get rid + # of `manage_redhat_firewall`. + $open_postgres_port = undef $database = 'postgres' @@ -32,7 +44,7 @@ class puppetdb::params { $puppetdb_version = 'present' # TODO: figure out a way to make this not platform-specific - $manage_redhat_firewall = false + $manage_redhat_firewall = undef $gc_interval = '60' diff --git a/manifests/server/firewall.pp b/manifests/server/firewall.pp index c0cfc39..a377c1f 100644 --- a/manifests/server/firewall.pp +++ b/manifests/server/firewall.pp @@ -11,10 +11,10 @@ class puppetdb::server::firewall( # TODO: the firewall module should be able to handle this itself if ($puppetdb::params::firewall_supported) { - if ($manage_redhat_firewall) { + if ($manage_redhat_firewall != undef) { notify {'Deprecation notice: `$manage_redhat_firewall` is deprecated in the `puppetdb::service::firewall` class and will be removed in a future version. Use `open_http_port` and `open_ssl_port` instead.':} - if ($open_ssl_port) { + if ($open_ssl_port != undef) { fail('`$manage_redhat_firewall` and `$open_ssl_port` cannot both be specified.') } } @@ -42,7 +42,19 @@ class puppetdb::server::firewall( proto => 'tcp', action => 'accept', } - } + } + + # This technically defaults to 'true', but in order to preserve backwards + # compatibility with the deprecated 'manage_redhat_firewall' parameter, we + # had to specify 'undef' as the default so that we could tell whether or + # not the user explicitly specified a value. Here's where we're resolving + # that and setting the 'real' default. We should be able to get rid of + # this block when we remove `manage_redhat_firewall`. + if ($open_ssl_port != undef) { + $final_open_ssl_port = $open_ssl_port + } else { + $final_open_ssl_port = true + } if ($open_ssl_port or $manage_redhat_firewall) { if ($ssl_port) {