Add the option to set up a certificate whitelist file and configure it
in PuppetDB so that only specific hosts (i.e. the Puppet master(s)) have
access.
This patch fixes some of the lint warnings/errors we've been getting on the
forge.
In some cases I've fixed real bugs also, in particular double quotes/single
quotes in cases, which would have broken variable interpolation.
Signed-off-by: Ken Barber <ken@bob.sh>
This commit moves to managing the Postgres repos by default. The
reason for this is so that the `puppetdb` class will "just work" by
default on most systems, because PostgreSQL 9.4 is not installed on 6/7
of the distros we support we need to manage the repos so we can install
the latest version.
This commit adds a globals class to PuppetDB which allows us to change
the param defaults for the module depending on what version of PuppetDB
they are using (similar to the PostgreSQL module).
This commit also changes the default PuppetDB 3.x configuration pathing
to assume AIO Puppet.
This commit updates the handling of the `test_url` parameter to be
smarter, using the PuppetDB `2.x` default for PuppetDB `2.x` and using
the `3.x` default for PuppetDB `3.x`.
* stable:
(maint) Ignore ruby specific files when packaging module
Release 4.3.0 of module
(PDB-1455) Provide mechanism for modifying default HSQLDB path
This provides an override mechanism for providing a custom path to HSQLDB.
This allows users to provide any path to their HSQLDB database. It is needed
specifically for managing the as-yet-unreleased version of PuppetDB as well.
Signed-off-by: Ken Barber <ken@bob.sh>
This commit changes the terminus configuration to use the new root
prefix for PuppetDB and changes the connection validator to do the same.
This commit also adds the terminus package name changes `terminus` to
`termini` and tries to be smart about the default, checking to see what
version of PuppetDB was passed in and defaulting off of that value.
This commit fixes a bug where if a user tried to turn off database
validation there would be a `before` statement requiring an absent
validation resource.
This fixes the ordering for the read_database_ini class, and fixes a small
notification problem with config_ini as well.
Signed-off-by: Ken Barber <ken@bob.sh>
command-processing section.
Added new class server/config_ini.pp to manage contents of the config.ini.
Three new parameters added:
* command_threads
* store_usage
* temp_usage
All three default to 'undef'. This makes sure (potential) custom settings
done to that file with regard to above three variables are 'absent',
and let PuppetDB built-in defaults take care.
Documentation to the README.md added, as well as unit tests.
My use-case was, that I have on some nodes a too small /var partition,
so I had to lower the values of store-usage and temp-usage in the config.ini
manually.
This commit adds conditionals to use `$settings::confdir` to introspect
the value for `$puppet_confdir` when available. This change is necessary
for compatibility with the path changes in Puppet 4.
Currently the module only allows PuppetDB to be configured in a
agent/master setup configuration, by configuring the master section of
the puppet.conf and applying on the routes for such a configuration.
This commit allows one to use this module to configure the main section of
the puppet.conf and applying the proper routes so the module can configure
nodes to use PuppetDB in a masterless setup.
Doc about puppet.conf configure in masterless way available here
https://docs.puppetlabs.com/puppetdb/2.2/connect_puppet_apply.html#manage-puppetconf
the module triggers puppetlabs-postgresql which is able to handle yum/apt repos from the postgres devs. Usefull in cases that your operating system doesn't provide the newest release. this feature is disabled by default
fix typo
the param manage_firewall was added in an earlier release to puppetdb::server. The class isn't called directly but via the init.pp. the puppetdb class had already the param manage_firewall but this wasn't forwarded to puppetdb::server
puppetdb::server calls puppetdb::server:jetty_ini,
jetty_ini is able to set ssl_protocols, but this param isn't
present in the puppetdb::server class nor in the puppetdb class
For some reasons we switched this to use /usr/share/puppetdb/db, which has a
softlink to /var/lib/puppetdb/db. This is not aligned with the PuppetDB core
nor is it following FHS.
Signed-off-by: Ken Barber <ken@bob.sh>
Previously the defined check wasn't working as expected, this patches fixes
this by relying on the check for the `puppetdb` class instead.
Tests have been added, and the README has been updated to include the new
puppetdb_disable_ssl parameter for the `puppetdb::master::config` class.