This commit removes the dependency cycle caused by a typo in the config
name for config.ini and properly threads through the vardir setting to
the puppetdb::server::global class.
Add the option to set up a certificate whitelist file and configure it
in PuppetDB so that only specific hosts (i.e. the Puppet master(s)) have
access.
This patch fixes some of the lint warnings/errors we've been getting on the
forge.
In some cases I've fixed real bugs also, in particular double quotes/single
quotes in cases, which would have broken variable interpolation.
Signed-off-by: Ken Barber <ken@bob.sh>
This commit moves to managing the Postgres repos by default. The
reason for this is so that the `puppetdb` class will "just work" by
default on most systems, because PostgreSQL 9.4 is not installed on 6/7
of the distros we support we need to manage the repos so we can install
the latest version.
This commit adds a globals class to PuppetDB which allows us to change
the param defaults for the module depending on what version of PuppetDB
they are using (similar to the PostgreSQL module).
This commit also changes the default PuppetDB 3.x configuration pathing
to assume AIO Puppet.
This provides an override mechanism for providing a custom path to HSQLDB.
This allows users to provide any path to their HSQLDB database. It is needed
specifically for managing the as-yet-unreleased version of PuppetDB as well.
Signed-off-by: Ken Barber <ken@bob.sh>
This commit fixes a bug where if a user tried to turn off database
validation there would be a `before` statement requiring an absent
validation resource.
command-processing section.
Added new class server/config_ini.pp to manage contents of the config.ini.
Three new parameters added:
* command_threads
* store_usage
* temp_usage
All three default to 'undef'. This makes sure (potential) custom settings
done to that file with regard to above three variables are 'absent',
and let PuppetDB built-in defaults take care.
Documentation to the README.md added, as well as unit tests.
My use-case was, that I have on some nodes a too small /var partition,
so I had to lower the values of store-usage and temp-usage in the config.ini
manually.
the module triggers puppetlabs-postgresql which is able to handle yum/apt repos from the postgres devs. Usefull in cases that your operating system doesn't provide the newest release. this feature is disabled by default
fix typo
the param manage_firewall was added in an earlier release to puppetdb::server. The class isn't called directly but via the init.pp. the puppetdb class had already the param manage_firewall but this wasn't forwarded to puppetdb::server
puppetdb::server calls puppetdb::server:jetty_ini,
jetty_ini is able to set ssl_protocols, but this param isn't
present in the puppetdb::server class nor in the puppetdb class
This provides a number of cleanups as the code has been unloved for a while.
I've added the ssl-* parameters the robinbowes added in his last patch to the
docs, and found some other cleanups as well where applicable.
I've added the ability to override the test_url also, so that in the future
if a user wishes to they can customize this.
Signed-off-by: Ken Barber <ken@bob.sh>
is_pe being a fact, its smarter her to coerce the value of it too a boolean, in
case we still receive the value as a string. In the future structured facts
will become the norm.
I've also removed the patch against the values for puppetdb_service_status, matching
against a bareword boolean while it looks good, if the value is indeed a boolean the
in will fail in the current parser. This can be brought up again in the future.
Signed-off-by: Ken Barber <ken@bob.sh>
Ensure that for PostgreSQL backends, the database validation functions
are not run until the initial database creation and user role creation
has been completed.
Closes-Bug: #1298605
This updates the module to be able to use puppetlabs-postgresql.
Since this change is a major change, it marks this patch as a breaking change.
I have prepared a suitable amount of upgrade notes for upgrading to this later
version of the module plus removed anything marked deprecated.
As cleanup, I've removed the troublesome 'tests' directory in favour of good
README.md documentation. I've also removed any puppet docs from each module
until such times as puppet docs become automated through the forge. This is
just to avoid contributors having to double their efforts - the README.md
is the authority now.
Signed-off-by: Ken Barber <ken@bob.sh>
PostgreSQL supports secure connections through SSL. For PuppetDB
to connect with SSL, "?ssl=true" has to be specified on the
connection string.
This patch adds such a switch, by default PuppetDB will not use SSL
to connect to the database.
This patch adds all the missing parameters now defined in the 1.4.0 release.
This includes some new database parameters mainly, but also adds gc_interval
to the `puppetdb` and `puppetdb::server` classes, as previously this wasn't
configurable using this method.
To avoid documentation duplication the Puppet headers have been removed in
favour of documenting classes from the README.md. Until such times as the
forge can turn Puppet docs into HTML automatically, this is just duplicate
noise and prone to update slippage. The README.md is more authoritative in
this area and is pubicly displayed on the forge project page so it should be
used for now.
Signed-off-by: Ken Barber <ken@bob.sh>
Chris Barker reported that the default value of `$::clientcert`
was not the best choice for some things we were using it for
in the module; specifically, for the default value of
the jetty ssl listen address. He suggested using `$::fqdn` instead.
This commit makes that change; rspec-system tests pass, but I'm
not 100% sure that there aren't edge cases that would be
affected by this.
This patch introduces the optional parameter $disable_ssl, which
defaults to false. If set to true, the settings ssl-host and ssl-port
are completely removed from the Jetty section of the PuppetDB config
files.
This disables serving of HTTPS requests by PuppetDB, which can be useful
when SSL handling is offloaded to a reverse proxy server like Apache or
Nginx, as suggested in the PuppetDB documentation (see
http://docs.puppetlabs.com/puppetdb/1.2/connect_puppet_apply.html#option-a-set-up-an-ssl-proxy-for-puppetdb).
