Commit gráf

51 commits

Szerző SHA1 Üzenet Dátum
Kevin Paulisse
4f03c6cf6b
Merge remote-tracking branch 'upstream1/master' into kpaulisse-dbconnections 2016-05-28 23:13:25 -05:00
Andrew Roetker
867e9fe22e (PDB-2696) Remove the dependency cycle cause by typo
This commit removes the dependency cycle caused by a typo in the config
name for config.ini and properly threads through the vardir setting to
the puppetdb::server::global class.
2016-05-13 14:26:40 -07:00
Ken Barber
59100fd6bc (PDB-2571) Ensure all managed ini files have correct permissions
Much like read-database.ini, we need to ensure the permissions for puppetdb.ini and others are set explicitly
to ensure permissions are still correct after configuration. Without this users with different umask
settings may find their files are no longer accessible after the module runs.

This patch fixes the globally for all the ini files we currently manage (repl.ini is not managed fwiw).

This also fixes a bug whereby we were missing puppetdb::server::global from the main server class, it adds this
back and fixes the tests to ensure we don't lose it.

Signed-off-by: Ken Barber <ken@bob.sh>
2016-05-12 18:31:50 +01:00
Nathan Ward
46f1b03145 Manage the maximum-pool-size configuration parameter in database.ini 2016-05-02 16:41:53 +12:00
Ken Barber
ed371ce829 Merge pull request #215 from michaelweiser/qr2
Restrict access to the Puppet master by default
2015-10-15 15:16:16 +01:00
Michael Weiser
3889cc56a4 Add option to restrict access to PuppetDB
Add the option to set up a certificate whitelist file and configure it
in PuppetDB so that only specific hosts (i.e. the Puppet master(s)) have
access.
2015-10-15 09:33:52 +02:00
Michael Weiser
fea383feb1 Add option to disable cleartext HTTP port 2015-10-14 22:32:51 +02:00
Ken Barber
b3f685b5e1 (maint) Lint fixes
This patch fixes some of the lint warnings/errors we've been getting on the
forge.

In some cases I've fixed real bugs also, in particular double quotes/single
quotes in cases, which would have broken variable interpolation.

Signed-off-by: Ken Barber <ken@bob.sh>
2015-10-05 13:40:54 -07:00
Wyatt Alt
4a1f3245d0 (PDB-1430) overwritable java_args
this creates a new config setting, merge_default_java_args, that users may set
to false to override the default java_args.
2015-09-21 15:27:23 -07:00
Wyatt Alt
2990f80ef1 (PDB-1913) manage vardir
This updates the module to manage vardir, and also makes room for general
management of the global ini section.
2015-09-16 15:26:50 -07:00
Russell Mull
28d23d5a9e (PDB-1415) Add jdbc_ssl_properties parameter 2015-09-01 14:27:51 -07:00
Andrew Roetker
b95fc919b7 (maint) Add pathing for AIO, defaulting to non-AIO for older PDBs
This commit adds a globals class to PuppetDB which allows us to change
the param defaults for the module depending on what version of PuppetDB
they are using (similar to the PostgreSQL module).
This commit also changes the default PuppetDB 3.x configuration pathing
to assume AIO Puppet.
2015-06-24 14:55:09 +01:00
Andrew Roetker
2a70b8d33b (maint) Use smarter defaults when managing test_url
This commit updates the handling of the `test_url` parameter to be
smarter, using the PuppetDB `2.x` default for PuppetDB `2.x` and using
the `3.x` default for PuppetDB `3.x`.
2015-06-17 14:09:32 -07:00
Ken Barber
1b661fdf5b (PDB-1455) Provide mechanism for modifying default HSQLDB path
This provides an override mechanism for providing a custom path to HSQLDB.

This allows users to provide any path to their HSQLDB database. It is needed
specifically for managing the as-yet-unreleased version of PuppetDB as well.

Signed-off-by: Ken Barber <ken@bob.sh>
2015-06-10 19:04:20 +01:00
Ken Barber
ec13bc4553 (PDB-1467) Ordering problem with read_database_ini
This fixes the ordering for the read_database_ini class, and fixes a small
notification problem with config_ini as well.

Signed-off-by: Ken Barber <ken@bob.sh>
2015-05-06 13:58:44 +01:00
Sebastian Reitenbach
72e1924b11 Enable the module to manage entries in $confdir/config.ini, in the
command-processing section.

Added new class server/config_ini.pp to manage contents of the config.ini.
Three new parameters added:
  * command_threads
  * store_usage
  * temp_usage

All three default to 'undef'. This makes sure (potential) custom settings
done to that file with regard to above three variables are 'absent',
and let PuppetDB built-in defaults take care.

Documentation to the README.md added, as well as unit tests.

My use-case was, that I have on some nodes a too small /var partition,
so I had to lower the values of store-usage and temp-usage in the config.ini
manually.
2015-04-22 06:19:35 +02:00
Robin Bowes
1a5a4efef5 Make database validation optional 2015-01-12 16:37:21 +00:00
Erik Dalén
1c6f37a4ee Restart the service if certificates change 2014-12-18 17:04:56 +01:00
Tim Meusel
c3cdd86d55 Add ssl_protocol param to puppetdb & puppetdb::server classes
puppetdb::server calls puppetdb::server:jetty_ini,
jetty_ini is able to set ssl_protocols, but this param isn't
present in the puppetdb::server class nor in the puppetdb class
2014-11-28 18:15:16 +00:00
Ken Barber
f6f6e55b33 Cleanups, missing doc items and new test_url capability
This provides a number of cleanups as the code has been unloved for a while.

I've added the ssl-* parameters the robinbowes added in his last patch to the
docs, and found some other cleanups as well where applicable.

I've added the ability to override the test_url also, so that in the future
if a user wishes to they can customize this.

Signed-off-by: Ken Barber <ken@bob.sh>
2014-10-07 15:06:54 +01:00
Robin Bowes
8c68fc1dd2 Add the ability to a) deploy ssl keys, b) set paths to ssl keys in jetty.ini
This also adds parameters for puppetdb user/group to support PE correctly.
2014-10-07 15:04:37 +01:00
Ken Barber
8ce1856222 Use str2bool for backwards compatibility, and avoid changing puppetdb_service_status
is_pe being a fact, its smarter her to coerce the value of it too a boolean, in
case we still receive the value as a string. In the future structured facts
will become the norm.

I've also removed the patch against the values for puppetdb_service_status, matching
against a bareword boolean while it looks good, if the value is indeed a boolean the
in will fail in the current parser. This can be brought up again in the future.

Signed-off-by: Ken Barber <ken@bob.sh>
2014-09-15 22:59:38 +01:00
Matthias Baur
9d607f55f3 Fix some Puppet Lint errors
Fix wrong indention
2014-09-15 21:08:34 +01:00
Taylan Develioglu
27840d6959 Add read-database support 2014-08-04 13:54:38 +02:00
Stefan Andres
3061b90127 implement max_threads option for jetty 2014-06-26 17:15:34 +02:00
Spencer Krum
9e4e88ecf1 Adding option to disable management of the firewall
Some users will manage the firewall externally from this module.
2014-02-14 18:34:48 +00:00
Scott Duckworth
d25044f6c7 fix validation regular expressions 2013-10-29 12:15:35 -04:00
Ken Barber
c29fb59a68 Adjust memory for PuppetDB tests to avoid OOM killer
The tests were failing on Ubuntu, and I noticed that the OOM killer
was killing java. This patch increases the memory size for each
image to avoid this.

Signed-off-by: Ken Barber <ken@bob.sh>
2013-10-27 00:52:18 +02:00
Ken Barber
603df7381d (GH-93) Switch to using puppetlabs-postgresql 3.x
This updates the module to be able to use puppetlabs-postgresql.

Since this change is a major change, it marks this patch as a breaking change.

I have prepared a suitable amount of upgrade notes for upgrading to this later
version of the module plus removed anything marked deprecated.

As cleanup, I've removed the troublesome 'tests' directory in favour of good
README.md documentation. I've also removed any puppet docs from each module
until such times as puppet docs become automated through the forge. This is
just to avoid contributors having to double their efforts - the README.md
is the authority now.

Signed-off-by: Ken Barber <ken@bob.sh>
2013-10-21 18:43:41 +01:00
Stefan Dietrich
84c5fa79ea Add switch to configure database SSL connection
PostgreSQL supports secure connections through SSL. For PuppetDB
to connect with SSL, "?ssl=true" has to be specified on the
connection string.

This patch adds such a switch, by default PuppetDB will not use SSL
to connect to the database.
2013-10-19 19:56:46 +02:00
Akos Hencz
0868426c32 Added puppetdb service control 2013-09-02 11:30:31 +02:00
Ken Barber
9c41392312 Add missing parameters for 1.4.0 release
This patch adds all the missing parameters now defined in the 1.4.0 release.

This includes some new database parameters mainly, but also adds gc_interval
to the `puppetdb` and `puppetdb::server` classes, as previously this wasn't
configurable using this method.

To avoid documentation duplication the Puppet headers have been removed in
favour of documenting classes from the README.md. Until such times as the
forge can turn Puppet docs into HTML automatically, this is just duplicate
noise and prone to update slippage. The README.md is more authoritative in
this area and is pubicly displayed on the forge project page so it should be
used for now.

Signed-off-by: Ken Barber <ken@bob.sh>
2013-08-07 15:32:19 +01:00
Erik Dalén
02d0c48438 Style guideline fixes 2013-06-04 14:19:53 +02:00
Chris Price
b79214066a Use fqdn for ssl listen address instead of clientcert
Chris Barker reported that the default value of `$::clientcert`
was not the best choice for some things we were using it for
in the module; specifically, for the default value of
the jetty ssl listen address.  He suggested using `$::fqdn` instead.

This commit makes that change; rspec-system tests pass, but I'm
not 100% sure that there aren't edge cases that would be
affected by this.
2013-05-21 16:35:42 -07:00
Karel Brezina
7a1557a79f Added support for Java VM options 2013-04-12 15:24:52 +02:00
Christian Berg
f10f4a97fb Remove trailing whitespace 2013-04-09 23:40:48 +02:00
Christian Berg
0a9d936670 Merge branch 'master' into feature/master/option_to_disable_ssl 2013-04-09 23:38:40 +02:00
fsalum
46684c4ab6 the new settings report_ttl, node_ttl and node_purge_ttl were added but they are not working, this fixes it 2013-04-09 13:38:30 +01:00
Christian Berg
28e23581c7 (#51) Add option to disable SSL in Jetty
This patch introduces the optional parameter $disable_ssl, which
defaults to false. If set to true, the settings ssl-host and ssl-port
are completely removed from the Jetty section of the PuppetDB config
files.

This disables serving of HTTPS requests by PuppetDB, which can be useful
when SSL handling is offloaded to a reverse proxy server like Apache or
Nginx, as suggested in the PuppetDB documentation (see
http://docs.puppetlabs.com/puppetdb/1.2/connect_puppet_apply.html#option-a-set-up-an-ssl-proxy-for-puppetdb).
2013-04-09 00:39:04 +02:00
Garrett Honeycutt
fc3f8dc747 allows for 0 _ttl's without time signifier and enables tests 2013-04-08 23:49:18 +02:00
Nick Lewis
735f18fba9 Document which versions of PuppetDB the ttl settings work in 2013-02-27 16:44:40 -08:00
Nick Lewis
9efe80b95a Add params and ini_settings for node/report/purge ttls 2013-02-06 15:25:20 -08:00
Drew Blessing
0cf963279a 17594 - Fixes suggested by cprice-puppet 2012-11-29 07:46:05 -06:00
Drew Blessing
57445ef70f 17594 - PuppetDB - Add ability to set standard host listen address and open firewall to standard port
Prior to this commit the module did not provide a way to set a bind address for the HTTP port.  This
commit allows users to not only bind to an address and port other than localhost and 8080, but it also
opens the firewall if explicitly requested.
2012-11-14 09:00:15 -06:00
Hunter Haugen
df6f7cc345 Add parameters to enable usage of enterprise versions of PuppetDB 2012-09-28 11:03:19 -07:00
Garrett Honeycutt
1aab5d98b0 complies with style guide 2012-09-20 14:46:26 -07:00
Chris Price
aef363a8bb Add support for specifying the version of the puppetdb packages
Prior to this commit, all of the puppetdb packages were being
installed with 'ensure=present'.  This commit changes things
so that you can explicitly specify a version if you desire;
the default is still 'present'.
2012-09-18 15:52:10 -07:00
Chris Price
b80866ebef Add support for opening puppetdb port in firewall 2012-09-17 17:06:48 -07:00
Chris Price
8fbda3c4d6 Use ini_file to manage settings, and add validation
This commit does the following:

* Use the new inifile module to manage puppet.conf
* More comprehensive management of config files
* Validate database connectivity before applying puppetdb
  config changes
* Validate puppetdb connectivity before applying puppet
  master config changes
* Documentation
2012-09-17 15:26:32 -07:00
Stephen
56ccf0ad17 refactor to use inifile add spec tests and fixture file 2012-09-06 15:56:26 +01:00