The tests were failing on Ubuntu, and I noticed that the OOM killer
was killing java. This patch increases the memory size for each
image to avoid this.
Signed-off-by: Ken Barber <ken@bob.sh>
This updates the module to be able to use puppetlabs-postgresql.
Since this change is a major change, it marks this patch as a breaking change.
I have prepared a suitable amount of upgrade notes for upgrading to this later
version of the module plus removed anything marked deprecated.
As cleanup, I've removed the troublesome 'tests' directory in favour of good
README.md documentation. I've also removed any puppet docs from each module
until such times as puppet docs become automated through the forge. This is
just to avoid contributors having to double their efforts - the README.md
is the authority now.
Signed-off-by: Ken Barber <ken@bob.sh>
PostgreSQL supports secure connections through SSL. For PuppetDB
to connect with SSL, "?ssl=true" has to be specified on the
connection string.
This patch adds such a switch, by default PuppetDB will not use SSL
to connect to the database.
In some cases it may not be possible to securely specify a password for
PuppetDB. When that is true, it's impossible to use the module to manage
PuppetDB, because specifying undef for the password will cause database
validation to fail, or for the setting in database.ini to be overridden.
This change will simply check that database_password is set, and will
skip validation and changing database.ini in the case where it is not.
This patch adds all the missing parameters now defined in the 1.4.0 release.
This includes some new database parameters mainly, but also adds gc_interval
to the `puppetdb` and `puppetdb::server` classes, as previously this wasn't
configurable using this method.
To avoid documentation duplication the Puppet headers have been removed in
favour of documenting classes from the README.md. Until such times as the
forge can turn Puppet docs into HTML automatically, this is just duplicate
noise and prone to update slippage. The README.md is more authoritative in
this area and is pubicly displayed on the forge project page so it should be
used for now.
Signed-off-by: Ken Barber <ken@bob.sh>
Chris Barker reported that the default value of `$::clientcert`
was not the best choice for some things we were using it for
in the module; specifically, for the default value of
the jetty ssl listen address. He suggested using `$::fqdn` instead.
This commit makes that change; rspec-system tests pass, but I'm
not 100% sure that there aren't edge cases that would be
affected by this.
This adds a basic test to run the standard 1 node setup until it succeeds.
This also fixes a bug with the connection validation facilities. Before this
patch we would keep retrying the connection to PuppetDB until the timeout
expired, this patch fixes that bug making provisioning faster and well, more
reliable. I've also increased the timeout as some systems take longer than
15 seconds for PuppetDB to start.
Signed-off-by: Ken Barber <ken@bob.sh>
This patch introduces the optional parameter $disable_ssl, which
defaults to false. If set to true, the settings ssl-host and ssl-port
are completely removed from the Jetty section of the PuppetDB config
files.
This disables serving of HTTPS requests by PuppetDB, which can be useful
when SSL handling is offloaded to a reverse proxy server like Apache or
Nginx, as suggested in the PuppetDB documentation (see
http://docs.puppetlabs.com/puppetdb/1.2/connect_puppet_apply.html#option-a-set-up-an-ssl-proxy-for-puppetdb).
Prior to this commit, the deprecated `manage_redhat_firewall` param
was not actually backward compatible because there were several
cases where we couldn't tell the difference between the user
explicitly specifying `false` for that parameter as opposed to
not specifying it at all. This commit is a bit ugly because it
sets some defaults to `undef` in order to allow us to tell the
difference between the two cases, but it should resolve backwards
compatibility issues.
Prior to this commit the module did not provide a way to set a bind address for the HTTP port. This
commit allows users to not only bind to an address and port other than localhost and 8080, but it also
opens the firewall if explicitly requested.
Prior to this commit if you tried to use the classes
`puppetdb::master::routes` or `puppetdb::master::storeconfigs`
directly (rather than implicitly through
`puppetdb::master::config`), you would get a failure about
`puppetdb::params` not having been evaluated. This is because
the classes were missing an `inherits` statement; this commit
fixes both of them.
Prior to this commit if you tried to use the class
`puppetdb::master::puppetdb_conf` directly (rather than
implicitly through `puppetdb::master::config`), you would
get a failure about `puppetdb::params` not having been
evaluated. This is because the class was missing an
`inherits` statement; this commit fixes the bug.
The subname value in database.ini when using an embedded database varies
between the Puppet Enterprise package and the FOSS Puppet package.
Previously, the PuppetDB module could not successfully manage an
embedded database on a PE master. This commit adds an additional
parameter and utilization to account for this.
In some environments, puppetdb can take longer than 10 seconds
to start up. Prior to this commit, that value was hard coded
and the module would sometimes fail when it wouldn't have failed
with a slightly larger timeout. This commit makes the timeout
configurable, and also increases the default value to 15 seconds.
This is just a small add-on to Hunter's commits where he added
extra parameters to support PE. This commit just cleans up
some of my old comments that were made irrelevant or inaccurate
due to the work that he did, and adds a bit of documentation to
the new test manifest that he created.