opuppet/module-puppetdb
5
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Add option to disable cleartext HTTP port

Browse source
This commit is contained in:
Michael Weiser 2015-10-13 19:39:15 +02:00
parent b3f685b5e1
commit fea383feb1
6 changed files with 41 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
README.md
View file

@ -238,6 +238,10 @@ The address that the web server should bind to for HTTP requests (defaults to `l
The port on which the puppetdb web server should accept HTTP requests (defaults to '8080').
####`disable_cleartext`
If true, the puppetdb web server will only serve HTTPS and not HTTP requests (defaults to false).
####`open_listen_port`
If true, open the http_listen\_port on the firewall (defaults to false).

2
manifests/init.pp
View file

@ -3,6 +3,7 @@
class puppetdb (
$listen_address = $puppetdb::params::listen_address,
$listen_port = $puppetdb::params::listen_port,
$disable_cleartext = $puppetdb::params::disable_cleartext,
$open_listen_port = $puppetdb::params::open_listen_port,
$ssl_listen_address = $puppetdb::params::ssl_listen_address,
$ssl_listen_port = $puppetdb::params::ssl_listen_port,
@ -71,6 +72,7 @@ class puppetdb (
class { '::puppetdb::server':
listen_address => $listen_address,
listen_port => $listen_port,
disable_cleartext => $disable_cleartext,
open_listen_port => $open_listen_port,
ssl_listen_address => $ssl_listen_address,
ssl_listen_port => $ssl_listen_port,

1
manifests/params.pp
View file

@ -4,6 +4,7 @@
class puppetdb::params inherits puppetdb::globals {
$listen_address = 'localhost'
$listen_port = '8080'
$disable_cleartext = false
$open_listen_port = false
$ssl_listen_address = '0.0.0.0'
$ssl_listen_port = '8081'

2
manifests/server.pp
View file

@ -2,6 +2,7 @@
class puppetdb::server (
$listen_address = $puppetdb::params::listen_address,
$listen_port = $puppetdb::params::listen_port,
$disable_cleartext = $puppetdb::params::disable_cleartext,
$open_listen_port = $puppetdb::params::open_listen_port,
$ssl_listen_address = $puppetdb::params::ssl_listen_address,
$ssl_listen_port = $puppetdb::params::ssl_listen_port,
@ -223,6 +224,7 @@ class puppetdb::server (
class { 'puppetdb::server::jetty':
listen_address => $listen_address,
listen_port => $listen_port,
disable_cleartext => $disable_cleartext,
ssl_listen_address => $ssl_listen_address,
ssl_listen_port => $ssl_listen_port,
ssl_set_cert_paths => $ssl_set_cert_paths,

8
manifests/server/jetty.pp
View file

@ -2,6 +2,7 @@
class puppetdb::server::jetty (
$listen_address = $puppetdb::params::listen_address,
$listen_port = $puppetdb::params::listen_port,
$disable_cleartext = $puppetdb::params::disable_cleartext,
$ssl_listen_address = $puppetdb::params::ssl_listen_address,
$ssl_listen_port = $puppetdb::params::ssl_listen_port,
$disable_ssl = $puppetdb::params::disable_ssl,
@ -21,12 +22,19 @@ class puppetdb::server::jetty (
section => 'jetty',
}
$cleartext_setting_ensure = $disable_cleartext ? {
true => 'absent',
default => 'present',
}
ini_setting { 'puppetdb_host':
ensure => $cleartext_setting_ensure,
setting => 'host',
value => $listen_address,
}
ini_setting { 'puppetdb_port':
ensure => $cleartext_setting_ensure,
setting => 'port',
value => $listen_port,
}

24
spec/unit/classes/server/jetty_ini_spec.rb
View file

@ -163,5 +163,29 @@ describe 'puppetdb::server::jetty', :type => :class do
end
end
end
describe 'when disabling the cleartext HTTP port' do
let(:params) do
{
'disable_cleartext' => true
}
end
it { should contain_ini_setting('puppetdb_host').
with(
'ensure' => 'absent',
'path' => '/etc/puppetlabs/puppetdb/conf.d/jetty.ini',
'section' => 'jetty',
'setting' => 'host',
'value' => 'localhost'
)}
it { should contain_ini_setting('puppetdb_port').
with(
'ensure' => 'absent',
'path' => '/etc/puppetlabs/puppetdb/conf.d/jetty.ini',
'section' => 'jetty',
'setting' => 'port',
'value' => 8080
)}
end
end
end