This commit removes the dependency cycle caused by a typo in the config
name for config.ini and properly threads through the vardir setting to
the puppetdb::server::global class.
Much like read-database.ini, we need to ensure the permissions for puppetdb.ini and others are set explicitly
to ensure permissions are still correct after configuration. Without this users with different umask
settings may find their files are no longer accessible after the module runs.
This patch fixes the globally for all the ini files we currently manage (repl.ini is not managed fwiw).
This also fixes a bug whereby we were missing puppetdb::server::global from the main server class, it adds this
back and fixes the tests to ensure we don't lose it.
Signed-off-by: Ken Barber <ken@bob.sh>
The firewall module requires selinux and the iptables_persistent_version facts to be defined
up front for our tests to pass. This patch includes those static facts, so we pass.
Signed-off-by: Ken Barber <ken@bob.sh>
Add the option to set up a certificate whitelist file and configure it
in PuppetDB so that only specific hosts (i.e. the Puppet master(s)) have
access.
This commit moves to managing the Postgres repos by default. The
reason for this is so that the `puppetdb` class will "just work" by
default on most systems, because PostgreSQL 9.4 is not installed on 6/7
of the distros we support we need to manage the repos so we can install
the latest version.
This commit adds a globals class to PuppetDB which allows us to change
the param defaults for the module depending on what version of PuppetDB
they are using (similar to the PostgreSQL module).
This commit also changes the default PuppetDB 3.x configuration pathing
to assume AIO Puppet.
* stable:
Specify kernel in spec tests as the firewall module requires it
Support Puppet v4
Test against the latest version of Puppet 3.x and with future parser
This commit updates the handling of the `test_url` parameter to be
smarter, using the PuppetDB `2.x` default for PuppetDB `2.x` and using
the `3.x` default for PuppetDB `3.x`.
* stable:
(maint) Ignore ruby specific files when packaging module
Release 4.3.0 of module
(PDB-1455) Provide mechanism for modifying default HSQLDB path
This provides an override mechanism for providing a custom path to HSQLDB.
This allows users to provide any path to their HSQLDB database. It is needed
specifically for managing the as-yet-unreleased version of PuppetDB as well.
Signed-off-by: Ken Barber <ken@bob.sh>
This commit changes the terminus configuration to use the new root
prefix for PuppetDB and changes the connection validator to do the same.
This commit also adds the terminus package name changes `terminus` to
`termini` and tries to be smart about the default, checking to see what
version of PuppetDB was passed in and defaulting off of that value.
command-processing section.
Added new class server/config_ini.pp to manage contents of the config.ini.
Three new parameters added:
* command_threads
* store_usage
* temp_usage
All three default to 'undef'. This makes sure (potential) custom settings
done to that file with regard to above three variables are 'absent',
and let PuppetDB built-in defaults take care.
Documentation to the README.md added, as well as unit tests.
My use-case was, that I have on some nodes a too small /var partition,
so I had to lower the values of store-usage and temp-usage in the config.ini
manually.
Previously the defined check wasn't working as expected, this patches fixes
this by relying on the check for the `puppetdb` class instead.
Tests have been added, and the README has been updated to include the new
puppetdb_disable_ssl parameter for the `puppetdb::master::config` class.
This updates the module to be able to use puppetlabs-postgresql.
Since this change is a major change, it marks this patch as a breaking change.
I have prepared a suitable amount of upgrade notes for upgrading to this later
version of the module plus removed anything marked deprecated.
As cleanup, I've removed the troublesome 'tests' directory in favour of good
README.md documentation. I've also removed any puppet docs from each module
until such times as puppet docs become automated through the forge. This is
just to avoid contributors having to double their efforts - the README.md
is the authority now.
Signed-off-by: Ken Barber <ken@bob.sh>
Chris Barker reported that the default value of `$::clientcert`
was not the best choice for some things we were using it for
in the module; specifically, for the default value of
the jetty ssl listen address. He suggested using `$::fqdn` instead.
This commit makes that change; rspec-system tests pass, but I'm
not 100% sure that there aren't edge cases that would be
affected by this.