Cleanups, missing doc items and new test_url capability
This provides a number of cleanups as the code has been unloved for a while. I've added the ssl-* parameters the robinbowes added in his last patch to the docs, and found some other cleanups as well where applicable. I've added the ability to override the test_url also, so that in the future if a user wishes to they can customize this. Signed-off-by: Ken Barber <ken@bob.sh>
This commit is contained in:
parent
8cad042fb9
commit
f6f6e55b33
23 changed files with 281 additions and 224 deletions
4
Gemfile
4
Gemfile
|
@ -3,11 +3,11 @@ source ENV['GEM_SOURCE'] || "https://rubygems.org"
|
|||
group :development, :test do
|
||||
gem 'rake'
|
||||
gem 'puppetlabs_spec_helper', :require => false
|
||||
gem 'rspec-puppet', '~>1.0'
|
||||
gem 'puppet-lint', '~> 0.3.2'
|
||||
gem 'beaker', :require => false
|
||||
gem 'beaker-rspec', :require => false
|
||||
gem 'serverspec', :require => false
|
||||
gem 'rspec-puppet', '~> 1.0'
|
||||
gem 'puppet-lint', '~> 1.1'
|
||||
end
|
||||
|
||||
if puppetversion = ENV['PUPPET_GEM_VERSION']
|
||||
|
|
2
NOTICE
2
NOTICE
|
@ -1,5 +1,5 @@
|
|||
Puppet PuppetDB Module - Puppet module for managing PuppetDB
|
||||
|
||||
Copyright (C) 2012-2013 Puppet Labs, Inc.
|
||||
Copyright (C) 2012-2014 Puppet Labs, Inc.
|
||||
|
||||
Puppet Labs can be contacted at: info@puppetlabs.com
|
||||
|
|
56
README.md
56
README.md
|
@ -224,6 +224,10 @@ If true, the PostgreSQL server will be managed by this module (defaults to true)
|
|||
|
||||
Which database backend to use; legal values are `postgres` (default) or `embedded`. The `embedded` db can be used for very small installations or for testing, but is not recommended for use in production environments. For more info, see the [puppetdb docs](http://docs.puppetlabs.com/puppetdb/).
|
||||
|
||||
####`database_host`
|
||||
|
||||
Hostname to use for the database connection. For single case installations this should be left as the default. (defaults to `localhost`; ignored for `embedded` db).
|
||||
|
||||
####`database_port`
|
||||
|
||||
The port that the database server listens on (defaults to `5432`; ignored for `embedded` db).
|
||||
|
@ -370,23 +374,51 @@ The maximum time (in minutes) a pooled read database connection should remain op
|
|||
|
||||
If not supplied, we won't terminate connections based on their age alone. This option is supported in PuppetDB >= 1.6.
|
||||
|
||||
####`ssl_dir`
|
||||
|
||||
Base directory for PuppetDB SSL configuration. Defaults to `/etc/puppetdb/ssl` or `/etc/puppetlabs/puppetdb/ssl` for FOSS and PE respectively.
|
||||
|
||||
####`ssl_set_cert_paths`
|
||||
|
||||
A switch to enable or disable the management of SSL certificates in your `jetty.ini` configuration file.
|
||||
|
||||
####`ssl_cert_path`
|
||||
|
||||
Path to your SSL certificate for populating `jetty.ini`.
|
||||
|
||||
####`ssl_key_path`
|
||||
|
||||
Path to your SSL key for populating `jetty.ini`.
|
||||
|
||||
####`ssl_ca_cert_path`
|
||||
|
||||
Path to your SSL CA for populating `jetty.ini`.
|
||||
|
||||
####`ssl_deploy_certs`
|
||||
|
||||
A boolean switch to enable or disable the management of SSL keys in your `ssl_dir`. Default is `false`.
|
||||
|
||||
####`ssl_key`
|
||||
|
||||
Contents of your SSL key, as a string.
|
||||
|
||||
####`ssl_cert`
|
||||
|
||||
Contents of your SSL certificate, as a string.
|
||||
|
||||
####`ssl_ca_cert`
|
||||
|
||||
Contents of your SSL CA certificate, as a string.
|
||||
|
||||
|
||||
### puppetdb::server
|
||||
|
||||
The `puppetdb::server` class manages the puppetdb server independently of the underlying database that it depends on. It will manage the puppetdb package, service, config files, etc., but will still allow you to manage the database (e.g. postgresql) however you see fit.
|
||||
|
||||
class { 'puppetdb::server':
|
||||
database_host => 'puppetdb-postgres',
|
||||
database_host => 'pg1.mydomain.com',
|
||||
}
|
||||
|
||||
**Parameters within `puppetdb::server`:**
|
||||
|
||||
Uses the same parameters as `puppetdb`, with one addition:
|
||||
|
||||
####`database_host`
|
||||
|
||||
The hostname or IP address of the database server (defaults to `localhost`; ignored for `embedded` db).
|
||||
|
||||
### puppetdb::master::config
|
||||
|
||||
The `puppetdb::master::config` class directs your puppet master to use PuppetDB, which means that this class should be used on your puppet master node. It’ll verify that it can successfully communicate with your puppetdb server, and then configure your master to use PuppetDB.
|
||||
|
@ -490,6 +522,10 @@ Sets the password for the database user above. Defaults to `puppetdb`.
|
|||
|
||||
Conditionally manages the PostgresQL server via `postgresql::server`. Defaults to `true`. If set to false, this class will create the database and user via `postgresql::server::db` but not attempt to install or manage the server itself.
|
||||
|
||||
####`test_url`
|
||||
|
||||
The URL to use for testing if the PuppetDB instance is running. Defaults to `/v3/version`.
|
||||
|
||||
Implementation
|
||||
---------------
|
||||
|
||||
|
@ -567,4 +603,4 @@ Puppet Labs modules on the Puppet Forge are open projects, and community contrib
|
|||
|
||||
We want to keep it as easy as possible to contribute changes so that our modules work in your environment. There are a few guidelines that we need contributors to follow so that we can have a chance of keeping on top of things.
|
||||
|
||||
You can read the complete module contribution guide [on the Puppet Labs wiki.](http://projects.puppetlabs.com/projects/module-site/wiki/Module_contributing)
|
||||
You can read the complete contribution guide [on the Puppet Labs documentation website](https://docs.puppetlabs.com/contribute.html)
|
||||
|
|
|
@ -14,10 +14,19 @@ require 'puppet/util/puppetdb_validator'
|
|||
|
||||
Puppet::Type.type(:puppetdb_conn_validator).provide(:puppet_https) do
|
||||
desc "A provider for the resource type `puppetdb_conn_validator`,
|
||||
which validates the puppetdb connection by attempting an https
|
||||
which validates the puppetdb connection by attempting an http(s)
|
||||
connection to the puppetdb server. Uses the puppet SSL certificate
|
||||
setup from the local puppet environment to authenticate."
|
||||
setup from the local puppet environment to authenticate if use_ssl
|
||||
is set to true."
|
||||
|
||||
# Test to see if the resource exists, returns true if it does, false if it
|
||||
# does not.
|
||||
#
|
||||
# Here we simply monopolize the resource API, to execute a test to see if the
|
||||
# database is connectable. When we return a state of `false` it triggers the
|
||||
# create method where we can return an error message.
|
||||
#
|
||||
# @return [bool] did the test succeed?
|
||||
def exists?
|
||||
start_time = Time.now
|
||||
timeout = resource[:timeout]
|
||||
|
@ -41,6 +50,9 @@ Puppet::Type.type(:puppetdb_conn_validator).provide(:puppet_https) do
|
|||
success
|
||||
end
|
||||
|
||||
# This method is called when the exists? method returns false.
|
||||
#
|
||||
# @return [void]
|
||||
def create
|
||||
# If `#create` is called, that means that `#exists?` returned false, which
|
||||
# means that the connection could not be established... so we need to
|
||||
|
@ -48,6 +60,9 @@ Puppet::Type.type(:puppetdb_conn_validator).provide(:puppet_https) do
|
|||
raise Puppet::Error, "Unable to connect to puppetdb server! (#{@validator.puppetdb_server}:#{@validator.puppetdb_port})"
|
||||
end
|
||||
|
||||
# Returns the existing validator, if one exists otherwise creates a new object
|
||||
# from the class.
|
||||
#
|
||||
# @api private
|
||||
def validator
|
||||
@validator ||= Puppet::Util::PuppetdbValidator.new(resource[:puppetdb_server], resource[:puppetdb_port], resource[:use_ssl])
|
||||
|
|
|
@ -28,6 +28,10 @@ Puppet::Type.newtype(:puppetdb_conn_validator) do
|
|||
defaultto true
|
||||
end
|
||||
|
||||
newparam(:test_url) do
|
||||
desc 'URL to use for testing if the PuppetDB database is up'
|
||||
end
|
||||
|
||||
newparam(:timeout) do
|
||||
desc 'The max number of seconds that the validator should wait before giving up and deciding that puppetdb is not running; defaults to 15 seconds.'
|
||||
defaultto 15
|
||||
|
|
|
@ -2,45 +2,41 @@ require 'puppet/network/http_pool'
|
|||
|
||||
module Puppet
|
||||
module Util
|
||||
# Validator class, for testing that PuppetDB is alive
|
||||
class PuppetdbValidator
|
||||
attr_reader :puppetdb_server
|
||||
attr_reader :puppetdb_port
|
||||
attr_reader :use_ssl
|
||||
attr_reader :test_path
|
||||
attr_reader :test_headers
|
||||
|
||||
def initialize(puppetdb_server, puppetdb_port, use_ssl=true)
|
||||
def initialize(puppetdb_server, puppetdb_port, use_ssl=true, test_path = "/v3/version")
|
||||
@puppetdb_server = puppetdb_server
|
||||
@puppetdb_port = puppetdb_port
|
||||
@use_ssl = use_ssl
|
||||
@test_path = test_path
|
||||
@test_headers = { "Accept" => "application/json" }
|
||||
end
|
||||
|
||||
# Utility method; attempts to make an https connection to the puppetdb server.
|
||||
# Utility method; attempts to make an http/https connection to the puppetdb server.
|
||||
# This is abstracted out into a method so that it can be called multiple times
|
||||
# for retry attempts.
|
||||
#
|
||||
# @return true if the connection is successful, false otherwise.
|
||||
def attempt_connection
|
||||
# All that we care about is that we are able to connect successfully via
|
||||
# https, so here we're simpling hitting a somewhat arbitrary low-impact URL
|
||||
# http(s), so here we're simpling hitting a somewhat arbitrary low-impact URL
|
||||
# on the puppetdb server.
|
||||
path = "/v2/metrics/mbean/java.lang:type=Memory"
|
||||
headers = {"Accept" => "application/json"}
|
||||
if @use_ssl
|
||||
conn = Puppet::Network::HttpPool.http_instance(@puppetdb_server, @puppetdb_port, @use_ssl)
|
||||
else
|
||||
# the Puppet httppool only supports disabling ssl in Puppet > 3.x
|
||||
# this code allows ssl to be disabled for the connection on both 2.7 and 3.x
|
||||
conn = Net::HTTP.new(@puppetdb_server, @puppetdb_port)
|
||||
conn.read_timeout = Puppet[:configtimeout]
|
||||
conn.open_timeout = Puppet[:configtimeout]
|
||||
end
|
||||
conn = Puppet::Network::HttpPool.http_instance(puppetdb_server, puppetdb_port, use_ssl)
|
||||
|
||||
response = conn.get(path, headers)
|
||||
response = conn.get(test_path, test_headers)
|
||||
unless response.kind_of?(Net::HTTPSuccess)
|
||||
Puppet.notice "Unable to connect to puppetdb server (#{@puppetdb_server}:#{@puppetdb_port}): [#{response.code}] #{response.msg}"
|
||||
Puppet.notice "Unable to connect to puppetdb server (#{puppetdb_server}:#{puppetdb_port}): [#{response.code}] #{response.msg}"
|
||||
return false
|
||||
end
|
||||
return true
|
||||
rescue Exception => e
|
||||
Puppet.notice "Unable to connect to puppetdb server (#{@puppetdb_server}:#{@puppetdb_port}): #{e.message}"
|
||||
Puppet.notice "Unable to connect to puppetdb server (#{puppetdb_server}:#{puppetdb_port}): #{e.message}"
|
||||
return false
|
||||
end
|
||||
end
|
||||
|
|
|
@ -8,8 +8,18 @@ class puppetdb(
|
|||
$ssl_listen_port = $puppetdb::params::ssl_listen_port,
|
||||
$disable_ssl = $puppetdb::params::disable_ssl,
|
||||
$open_ssl_listen_port = $puppetdb::params::open_ssl_listen_port,
|
||||
$ssl_dir = $puppetdb::params::ssl_dir,
|
||||
$ssl_set_cert_paths = $puppetdb::params::ssl_set_cert_paths,
|
||||
$ssl_cert_path = $puppetdb::params::ssl_cert_path,
|
||||
$ssl_key_path = $puppetdb::params::ssl_key_path,
|
||||
$ssl_ca_cert_path = $puppetdb::params::ssl_ca_cert_path,
|
||||
$ssl_deploy_certs = $puppetdb::params::ssl_deploy_certs,
|
||||
$ssl_key = $puppetdb::params::ssl_key,
|
||||
$ssl_cert = $puppetdb::params::ssl_cert,
|
||||
$ssl_ca_cert = $puppetdb::params::ssl_ca_cert,
|
||||
$manage_dbserver = $puppetdb::params::manage_dbserver,
|
||||
$database = $puppetdb::params::database,
|
||||
$database_host = $puppetdb::params::database_host,
|
||||
$database_port = $puppetdb::params::database_port,
|
||||
$database_username = $puppetdb::params::database_username,
|
||||
$database_password = $puppetdb::params::database_password,
|
||||
|
@ -28,6 +38,8 @@ class puppetdb(
|
|||
$puppetdb_version = $puppetdb::params::puppetdb_version,
|
||||
$puppetdb_service = $puppetdb::params::puppetdb_service,
|
||||
$puppetdb_service_status = $puppetdb::params::puppetdb_service_status,
|
||||
$puppetdb_user = $puppetdb::params::puppetdb_user,
|
||||
$puppetdb_group = $puppetdb::params::puppetdb_group,
|
||||
$read_database = $puppetdb::params::read_database,
|
||||
$read_database_host = $puppetdb::params::read_database_host,
|
||||
$read_database_port = $puppetdb::params::read_database_port,
|
||||
|
@ -40,45 +52,11 @@ class puppetdb(
|
|||
$read_conn_keep_alive = $puppetdb::params::read_conn_keep_alive,
|
||||
$read_conn_lifetime = $puppetdb::params::read_conn_lifetime,
|
||||
$confdir = $puppetdb::params::confdir,
|
||||
$java_args = {},
|
||||
$max_threads = $puppetdb::params::max_threads
|
||||
$manage_firewall = $puppetdb::params::manage_firewall,
|
||||
$java_args = $puppetdb::params::java_args,
|
||||
$max_threads = $puppetdb::params::max_threads,
|
||||
) inherits puppetdb::params {
|
||||
|
||||
# Apply necessary suffix if zero is specified.
|
||||
if $node_ttl == '0' {
|
||||
$node_ttl_real = '0s'
|
||||
} else {
|
||||
$node_ttl_real = downcase($node_ttl)
|
||||
}
|
||||
|
||||
# Validate node_ttl
|
||||
validate_re ($node_ttl_real, ['^\d+(d|h|m|s|ms)$'], "node_ttl is <${node_ttl}> which does not match the regex validation")
|
||||
|
||||
# Apply necessary suffix if zero is specified.
|
||||
if $node_purge_ttl == '0' {
|
||||
$node_purge_ttl_real = '0s'
|
||||
} else {
|
||||
$node_purge_ttl_real = downcase($node_purge_ttl)
|
||||
}
|
||||
|
||||
# Validate node_purge_ttl
|
||||
validate_re ($node_purge_ttl_real, ['^\d+(d|h|m|s|ms)$'], "node_purge_ttl is <${node_purge_ttl}> which does not match the regex validation")
|
||||
|
||||
# Apply necessary suffix if zero is specified.
|
||||
if $report_ttl == '0' {
|
||||
$report_ttl_real = '0s'
|
||||
} else {
|
||||
$report_ttl_real = downcase($report_ttl)
|
||||
}
|
||||
|
||||
# Validate report_ttl
|
||||
validate_re ($report_ttl_real, ['^\d+(d|h|m|s|ms)$'], "report_ttl is <${report_ttl}> which does not match the regex validation")
|
||||
|
||||
# Validate puppetdb_service_status
|
||||
if !($puppetdb_service_status in ['true', 'running', 'false', 'stopped']) {
|
||||
fail("puppetdb_service_status valid values are 'true', 'running', 'false', and 'stopped'. You provided '${puppetdb_service_status}'")
|
||||
}
|
||||
|
||||
class { 'puppetdb::server':
|
||||
listen_address => $listen_address,
|
||||
listen_port => $listen_port,
|
||||
|
@ -87,7 +65,17 @@ class puppetdb(
|
|||
ssl_listen_port => $ssl_listen_port,
|
||||
disable_ssl => $disable_ssl,
|
||||
open_ssl_listen_port => $open_ssl_listen_port,
|
||||
ssl_dir => $ssl_dir,
|
||||
ssl_set_cert_paths => $ssl_set_cert_paths,
|
||||
ssl_cert_path => $ssl_cert_path,
|
||||
ssl_key_path => $ssl_key_path,
|
||||
ssl_ca_cert_path => $ssl_ca_cert_path,
|
||||
ssl_deploy_certs => $ssl_deploy_certs,
|
||||
ssl_key => $ssl_key,
|
||||
ssl_cert => $ssl_cert,
|
||||
ssl_ca_cert => $ssl_ca_cert,
|
||||
database => $database,
|
||||
database_host => $database_host,
|
||||
database_port => $database_port,
|
||||
database_username => $database_username,
|
||||
database_password => $database_password,
|
||||
|
@ -119,6 +107,8 @@ class puppetdb(
|
|||
read_conn_max_age => $read_conn_max_age,
|
||||
read_conn_keep_alive => $read_conn_keep_alive,
|
||||
read_conn_lifetime => $read_conn_lifetime,
|
||||
puppetdb_user => $puppetdb_user,
|
||||
puppetdb_group => $puppetdb_group,
|
||||
}
|
||||
|
||||
if ($database == 'postgres') {
|
||||
|
|
|
@ -2,7 +2,10 @@
|
|||
class puppetdb::master::config (
|
||||
$puppetdb_server = $::fqdn,
|
||||
$puppetdb_port = defined('$puppetdb::disable_ssl') ? {
|
||||
true => $puppetdb::disable_ssl ? { true => 8080, default => 8081, },
|
||||
true => $puppetdb::disable_ssl ? {
|
||||
true => 8080,
|
||||
default => 8081,
|
||||
},
|
||||
default => 8081,
|
||||
},
|
||||
$puppetdb_soft_write_failure = false,
|
||||
|
@ -18,7 +21,8 @@ class puppetdb::master::config(
|
|||
$terminus_package = $puppetdb::params::terminus_package,
|
||||
$puppet_service_name = $puppetdb::params::puppet_service_name,
|
||||
$puppetdb_startup_timeout = $puppetdb::params::puppetdb_startup_timeout,
|
||||
$restart_puppet = true
|
||||
$test_url = $puppetdb::params::test_url,
|
||||
$restart_puppet = true,
|
||||
) inherits puppetdb::params {
|
||||
|
||||
package { $terminus_package:
|
||||
|
@ -43,6 +47,7 @@ class puppetdb::master::config(
|
|||
},
|
||||
timeout => $puppetdb_startup_timeout,
|
||||
require => Package[$terminus_package],
|
||||
test_url => $test_url,
|
||||
}
|
||||
|
||||
# This is a bit of puppet chicanery that allows us to create a
|
||||
|
|
|
@ -1,9 +1,12 @@
|
|||
# Managed the puppetdb.conf file on the puppeet master. See README.md for more
|
||||
# Manage the puppetdb.conf file on the puppeet master. See README.md for more
|
||||
# details.
|
||||
class puppetdb::master::puppetdb_conf (
|
||||
$server = 'localhost',
|
||||
$port = '8081',
|
||||
$soft_write_failure = $puppetdb::disable_ssl ? { true => true, default => false, },
|
||||
$soft_write_failure = $puppetdb::disable_ssl ? {
|
||||
true => true,
|
||||
default => false,
|
||||
},
|
||||
$puppet_confdir = $puppetdb::params::puppet_confdir,
|
||||
) inherits puppetdb::params {
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# Manages the installation of the report processor on the master. See README.md
|
||||
# Manage the installation of the report processor on the master. See README.md
|
||||
# for more details.
|
||||
class puppetdb::master::report_processor (
|
||||
$puppet_conf = $puppetdb::params::puppet_conf,
|
||||
|
@ -13,6 +13,6 @@ class puppetdb::master::report_processor(
|
|||
section => 'master',
|
||||
setting => 'reports',
|
||||
subsetting => 'puppetdb',
|
||||
subsetting_separator => ','
|
||||
subsetting_separator => ',',
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
# This class configures the puppet master to enable storeconfigs and to use
|
||||
# puppetdb as the storeconfigs backend. See README.md for more details.
|
||||
class puppetdb::master::storeconfigs (
|
||||
$puppet_conf = $puppetdb::params::puppet_conf
|
||||
$puppet_conf = $puppetdb::params::puppet_conf,
|
||||
) inherits puppetdb::params {
|
||||
|
||||
Ini_setting {
|
||||
|
|
|
@ -1,3 +1,5 @@
|
|||
# PRIVATE CLASS - do not use directly
|
||||
#
|
||||
# The puppetdb default configuration settings.
|
||||
class puppetdb::params {
|
||||
$listen_address = 'localhost'
|
||||
|
@ -7,15 +9,6 @@ class puppetdb::params {
|
|||
$ssl_listen_port = '8081'
|
||||
$disable_ssl = false
|
||||
$open_ssl_listen_port = undef
|
||||
$ssl_dir = '/etc/puppetdb/ssl'
|
||||
$ssl_set_cert_paths = false
|
||||
$ssl_cert_path = "${ssl_dir}/public.pem"
|
||||
$ssl_key_path = "${ssl_dir}/private.pem"
|
||||
$ssl_ca_cert_path = "${ssl_dir}/ca.pem"
|
||||
$ssl_deploy_certs = false
|
||||
$ssl_key = undef
|
||||
$ssl_cert = undef
|
||||
$ssl_ca_cert = undef
|
||||
$postgres_listen_addresses = 'localhost'
|
||||
|
||||
$database = 'postgres'
|
||||
|
@ -58,6 +51,10 @@ class puppetdb::params {
|
|||
$read_conn_keep_alive = '45'
|
||||
$read_conn_lifetime = '0'
|
||||
|
||||
$manage_firewall = true
|
||||
$java_args = {}
|
||||
$test_url = '/v3/version'
|
||||
|
||||
case $::osfamily {
|
||||
'RedHat': {
|
||||
$firewall_supported = true
|
||||
|
@ -84,6 +81,7 @@ class puppetdb::params {
|
|||
$puppet_confdir = '/etc/puppetlabs/puppet'
|
||||
$terminus_package = 'pe-puppetdb-terminus'
|
||||
$embedded_subname = 'file:/opt/puppet/share/puppetdb/db/db;hsqldb.tx=mvcc;sql.syntax_pgs=true'
|
||||
$ssl_dir = '/etc/puppetlabs/puppetdb/ssl'
|
||||
|
||||
case $::osfamily {
|
||||
'RedHat', 'Suse': {
|
||||
|
@ -104,6 +102,7 @@ class puppetdb::params {
|
|||
$confdir = '/etc/puppetdb/conf.d'
|
||||
$puppet_confdir = '/etc/puppet'
|
||||
$terminus_package = 'puppetdb-terminus'
|
||||
$ssl_dir = '/etc/puppetdb/ssl'
|
||||
|
||||
case $::osfamily {
|
||||
'RedHat', 'Suse', 'Archlinux': {
|
||||
|
@ -130,4 +129,13 @@ class puppetdb::params {
|
|||
$puppet_conf = "${puppet_confdir}/puppet.conf"
|
||||
$puppetdb_startup_timeout = 120
|
||||
$puppetdb_service_status = 'running'
|
||||
|
||||
$ssl_set_cert_paths = false
|
||||
$ssl_cert_path = "${ssl_dir}/public.pem"
|
||||
$ssl_key_path = "${ssl_dir}/private.pem"
|
||||
$ssl_ca_cert_path = "${ssl_dir}/ca.pem"
|
||||
$ssl_deploy_certs = false
|
||||
$ssl_key = undef
|
||||
$ssl_cert = undef
|
||||
$ssl_ca_cert = undef
|
||||
}
|
||||
|
|
|
@ -31,6 +31,12 @@ class puppetdb::server(
|
|||
$conn_max_age = $puppetdb::params::conn_max_age,
|
||||
$conn_keep_alive = $puppetdb::params::conn_keep_alive,
|
||||
$conn_lifetime = $puppetdb::params::conn_lifetime,
|
||||
$puppetdb_package = $puppetdb::params::puppetdb_package,
|
||||
$puppetdb_version = $puppetdb::params::puppetdb_version,
|
||||
$puppetdb_service = $puppetdb::params::puppetdb_service,
|
||||
$puppetdb_service_status = $puppetdb::params::puppetdb_service_status,
|
||||
$puppetdb_user = $puppetdb::params::puppetdb_user,
|
||||
$puppetdb_group = $puppetdb::params::puppetdb_group,
|
||||
$read_database = $puppetdb::params::read_database,
|
||||
$read_database_host = $puppetdb::params::read_database_host,
|
||||
$read_database_port = $puppetdb::params::read_database_port,
|
||||
|
@ -42,16 +48,10 @@ class puppetdb::server(
|
|||
$read_conn_max_age = $puppetdb::params::read_conn_max_age,
|
||||
$read_conn_keep_alive = $puppetdb::params::read_conn_keep_alive,
|
||||
$read_conn_lifetime = $puppetdb::params::read_conn_lifetime,
|
||||
$puppetdb_package = $puppetdb::params::puppetdb_package,
|
||||
$puppetdb_version = $puppetdb::params::puppetdb_version,
|
||||
$puppetdb_service = $puppetdb::params::puppetdb_service,
|
||||
$puppetdb_user = $puppetdb::params::puppetdb_user,
|
||||
$puppetdb_group = $puppetdb::params::puppetdb_group,
|
||||
$puppetdb_service_status = $puppetdb::params::puppetdb_service_status,
|
||||
$confdir = $puppetdb::params::confdir,
|
||||
$manage_firewall = true,
|
||||
$java_args = {},
|
||||
$max_threads = $puppetdb::params::max_threads
|
||||
$manage_firewall = $puppetdb::params::manage_firewall,
|
||||
$java_args = $puppetdb::params::java_args,
|
||||
$max_threads = $puppetdb::params::max_threads,
|
||||
) inherits puppetdb::params {
|
||||
|
||||
# Apply necessary suffix if zero is specified.
|
||||
|
@ -89,6 +89,11 @@ class puppetdb::server(
|
|||
fail("puppetdb_service_status valid values are 'true', 'running', 'false', and 'stopped'. You provided '${puppetdb_service_status}'")
|
||||
}
|
||||
|
||||
# Validate read-database type (Currently only postgres is supported)
|
||||
if !($database in ['postgres', 'embedded']) {
|
||||
fail("database must must be 'postgres' or 'embedded'. You provided '${database}'")
|
||||
}
|
||||
|
||||
# Validate read-database type (Currently only postgres is supported)
|
||||
if !($read_database in ['postgres']) {
|
||||
fail("read_database must be 'postgres'. You provided '${read_database}'")
|
||||
|
@ -195,7 +200,6 @@ class puppetdb::server(
|
|||
}
|
||||
|
||||
if !empty($java_args) {
|
||||
|
||||
create_resources(
|
||||
'ini_subsetting',
|
||||
puppetdb_create_subsetting_resource_hash(
|
||||
|
|
|
@ -20,9 +20,6 @@ class puppetdb::server::jetty_ini(
|
|||
section => 'jetty',
|
||||
}
|
||||
|
||||
# TODO: figure out some way to make sure that the inifile module is installed,
|
||||
# because otherwise these will silently fail to do anything.
|
||||
|
||||
ini_setting { 'puppetdb_host':
|
||||
setting => 'host',
|
||||
value => $listen_address,
|
||||
|
@ -38,6 +35,18 @@ class puppetdb::server::jetty_ini(
|
|||
default => 'present',
|
||||
}
|
||||
|
||||
ini_setting { 'puppetdb_sslhost':
|
||||
ensure => $ssl_setting_ensure,
|
||||
setting => 'ssl-host',
|
||||
value => $ssl_listen_address,
|
||||
}
|
||||
|
||||
ini_setting { 'puppetdb_sslport':
|
||||
ensure => $ssl_setting_ensure,
|
||||
setting => 'ssl-port',
|
||||
value => $ssl_listen_port,
|
||||
}
|
||||
|
||||
if str2bool($ssl_set_cert_paths) == true {
|
||||
# assume paths have been validated in calling class
|
||||
ini_setting { 'puppetdb_ssl_key':
|
||||
|
@ -57,18 +66,6 @@ class puppetdb::server::jetty_ini(
|
|||
}
|
||||
}
|
||||
|
||||
ini_setting {'puppetdb_sslhost':
|
||||
ensure => $ssl_setting_ensure,
|
||||
setting => 'ssl-host',
|
||||
value => $ssl_listen_address,
|
||||
}
|
||||
|
||||
ini_setting {'puppetdb_sslport':
|
||||
ensure => $ssl_setting_ensure,
|
||||
setting => 'ssl-port',
|
||||
value => $ssl_listen_port,
|
||||
}
|
||||
|
||||
if ($max_threads) {
|
||||
ini_setting { 'puppetdb_max_threads':
|
||||
setting => 'max-threads',
|
||||
|
|
|
@ -6,12 +6,13 @@ class puppetdb::server::validate_db(
|
|||
$database_username = $puppetdb::params::database_username,
|
||||
$database_password = $puppetdb::params::database_password,
|
||||
$database_name = $puppetdb::params::database_name,
|
||||
$database_ssl = $puppetdb::params::database_ssl
|
||||
$database_ssl = $puppetdb::params::database_ssl,
|
||||
) inherits puppetdb::params {
|
||||
|
||||
# We don't need any validation for the embedded database, presumably.
|
||||
if ($database == 'postgres' and (
|
||||
$database_password != undef and $database_ssl == false)
|
||||
if (
|
||||
$database == 'postgres' and
|
||||
($database_password != undef and $database_ssl == false)
|
||||
) {
|
||||
postgresql::validate_db_connection { 'validate puppetdb postgres connection':
|
||||
database_host => $database_host,
|
||||
|
|
|
@ -6,12 +6,13 @@ class puppetdb::server::validate_read_db(
|
|||
$database_username = $puppetdb::params::database_username,
|
||||
$database_password = $puppetdb::params::database_password,
|
||||
$database_name = $puppetdb::params::database_name,
|
||||
$database_ssl = $puppetdb::params::database_ssl
|
||||
$database_ssl = $puppetdb::params::database_ssl,
|
||||
) inherits puppetdb::params {
|
||||
|
||||
# Currently we only support postgres
|
||||
if ($database == 'postgres' and (
|
||||
$database_password != undef and $database_ssl == false)
|
||||
if (
|
||||
$database == 'postgres' and
|
||||
($database_password != undef and $database_ssl == false)
|
||||
) {
|
||||
postgresql::validate_db_connection { 'validate puppetdb postgres (read) connection':
|
||||
database_host => $database_host,
|
||||
|
|
|
@ -12,29 +12,29 @@ describe 'Puppet::Util::PuppetdbValidator' do
|
|||
response_not_found.stubs(:msg).returns('Not found')
|
||||
|
||||
conn_ok = stub()
|
||||
conn_ok.stubs(:get).with('/v2/metrics/mbean/java.lang:type=Memory', {"Accept" => "application/json"}).returns(response_ok)
|
||||
conn_ok.stubs(:get).with('/v3/version', {"Accept" => "application/json"}).returns(response_ok)
|
||||
conn_ok.stubs(:read_timeout=).with(2)
|
||||
conn_ok.stubs(:open_timeout=).with(2)
|
||||
|
||||
conn_not_found = stub()
|
||||
conn_not_found.stubs(:get).with('/v2/metrics/mbean/java.lang:type=Memory', {"Accept" => "application/json"}).returns(response_not_found)
|
||||
conn_not_found.stubs(:get).with('/v3/version', {"Accept" => "application/json"}).returns(response_not_found)
|
||||
|
||||
Puppet::Network::HttpPool.stubs(:http_instance).raises('Unknown host')
|
||||
Puppet::Network::HttpPool.stubs(:http_instance).with('mypuppetdb.com', 8080, true).raises('Connection refused')
|
||||
Puppet::Network::HttpPool.stubs(:http_instance).with('mypuppetdb.com', 8080, false).returns(conn_ok)
|
||||
Puppet::Network::HttpPool.stubs(:http_instance).with('mypuppetdb.com', 8081, true).returns(conn_ok)
|
||||
Puppet::Network::HttpPool.stubs(:http_instance).with('wrongserver.com', 8081, true).returns(conn_not_found)
|
||||
Net::HTTP.stubs(:new).with('mypuppetdb.com', 8080).returns(conn_ok)
|
||||
end
|
||||
|
||||
it 'returns true if connection succeeds' do
|
||||
validator = Puppet::Util::PuppetdbValidator.new('mypuppetdb.com', 8081)
|
||||
validator.attempt_connection.should be_true
|
||||
validator.attempt_connection.should be true
|
||||
end
|
||||
|
||||
it 'should still validate without ssl' do
|
||||
Puppet[:configtimeout] = 2
|
||||
validator = Puppet::Util::PuppetdbValidator.new('mypuppetdb.com', 8080, false)
|
||||
validator.attempt_connection.should be_true
|
||||
validator.attempt_connection.should be true
|
||||
end
|
||||
|
||||
it 'returns false and issues an appropriate notice if connection is refused' do
|
||||
|
@ -42,8 +42,7 @@ describe 'Puppet::Util::PuppetdbValidator' do
|
|||
puppetdb_port = 8080
|
||||
validator = Puppet::Util::PuppetdbValidator.new(puppetdb_server, puppetdb_port)
|
||||
Puppet.expects(:notice).with("Unable to connect to puppetdb server (#{puppetdb_server}:#{puppetdb_port}): Connection refused")
|
||||
#Puppet.expects(:notice).with("Unable to connect to puppetdb server (#{puppetdb_server}:#{puppetdb_port}): [404] Not found")
|
||||
validator.attempt_connection.should be_false
|
||||
validator.attempt_connection.should be false
|
||||
end
|
||||
|
||||
it 'returns false and issues an appropriate notice if connection succeeds but puppetdb is not available' do
|
||||
|
@ -51,17 +50,15 @@ describe 'Puppet::Util::PuppetdbValidator' do
|
|||
puppetdb_port = 8081
|
||||
validator = Puppet::Util::PuppetdbValidator.new(puppetdb_server, puppetdb_port)
|
||||
Puppet.expects(:notice).with("Unable to connect to puppetdb server (#{puppetdb_server}:#{puppetdb_port}): [404] Not found")
|
||||
validator.attempt_connection.should be_false
|
||||
validator.attempt_connection.should be false
|
||||
end
|
||||
|
||||
|
||||
it 'returns false and issues an appropriate notice if host:port is unreachable or does not exist' do
|
||||
puppetdb_server = 'non-existing.com'
|
||||
puppetdb_port = nil
|
||||
validator = Puppet::Util::PuppetdbValidator.new(puppetdb_server, puppetdb_port)
|
||||
Puppet.expects(:notice).with("Unable to connect to puppetdb server (#{puppetdb_server}:#{puppetdb_port}): Unknown host")
|
||||
validator.attempt_connection.should be_false
|
||||
validator.attempt_connection.should be false
|
||||
end
|
||||
|
||||
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue