...rather than the custom logic that was used previously. Using a
uniform canon fact across all modules that need to differentiate between
PE and POSS makes unusual situations (such as having a missing
/opt/puppet/pe_version file) more, well, uniform.
This updates the module to be able to use puppetlabs-postgresql.
Since this change is a major change, it marks this patch as a breaking change.
I have prepared a suitable amount of upgrade notes for upgrading to this later
version of the module plus removed anything marked deprecated.
As cleanup, I've removed the troublesome 'tests' directory in favour of good
README.md documentation. I've also removed any puppet docs from each module
until such times as puppet docs become automated through the forge. This is
just to avoid contributors having to double their efforts - the README.md
is the authority now.
Signed-off-by: Ken Barber <ken@bob.sh>
PostgreSQL supports secure connections through SSL. For PuppetDB
to connect with SSL, "?ssl=true" has to be specified on the
connection string.
This patch adds such a switch, by default PuppetDB will not use SSL
to connect to the database.
This patch adds all the missing parameters now defined in the 1.4.0 release.
This includes some new database parameters mainly, but also adds gc_interval
to the `puppetdb` and `puppetdb::server` classes, as previously this wasn't
configurable using this method.
To avoid documentation duplication the Puppet headers have been removed in
favour of documenting classes from the README.md. Until such times as the
forge can turn Puppet docs into HTML automatically, this is just duplicate
noise and prone to update slippage. The README.md is more authoritative in
this area and is pubicly displayed on the forge project page so it should be
used for now.
Signed-off-by: Ken Barber <ken@bob.sh>
Chris Barker reported that the default value of `$::clientcert`
was not the best choice for some things we were using it for
in the module; specifically, for the default value of
the jetty ssl listen address. He suggested using `$::fqdn` instead.
This commit makes that change; rspec-system tests pass, but I'm
not 100% sure that there aren't edge cases that would be
affected by this.
This adds a basic test to run the standard 1 node setup until it succeeds.
This also fixes a bug with the connection validation facilities. Before this
patch we would keep retrying the connection to PuppetDB until the timeout
expired, this patch fixes that bug making provisioning faster and well, more
reliable. I've also increased the timeout as some systems take longer than
15 seconds for PuppetDB to start.
Signed-off-by: Ken Barber <ken@bob.sh>
This patch introduces the optional parameter $disable_ssl, which
defaults to false. If set to true, the settings ssl-host and ssl-port
are completely removed from the Jetty section of the PuppetDB config
files.
This disables serving of HTTPS requests by PuppetDB, which can be useful
when SSL handling is offloaded to a reverse proxy server like Apache or
Nginx, as suggested in the PuppetDB documentation (see
http://docs.puppetlabs.com/puppetdb/1.2/connect_puppet_apply.html#option-a-set-up-an-ssl-proxy-for-puppetdb).
Prior to this commit, the deprecated `manage_redhat_firewall` param
was not actually backward compatible because there were several
cases where we couldn't tell the difference between the user
explicitly specifying `false` for that parameter as opposed to
not specifying it at all. This commit is a bit ugly because it
sets some defaults to `undef` in order to allow us to tell the
difference between the two cases, but it should resolve backwards
compatibility issues.
Prior to this commit the module did not provide a way to set a bind address for the HTTP port. This
commit allows users to not only bind to an address and port other than localhost and 8080, but it also
opens the firewall if explicitly requested.
The subname value in database.ini when using an embedded database varies
between the Puppet Enterprise package and the FOSS Puppet package.
Previously, the PuppetDB module could not successfully manage an
embedded database on a PE master. This commit adds an additional
parameter and utilization to account for this.
In some environments, puppetdb can take longer than 10 seconds
to start up. Prior to this commit, that value was hard coded
and the module would sometimes fail when it wouldn't have failed
with a slightly larger timeout. This commit makes the timeout
configurable, and also increases the default value to 15 seconds.
This is just a small add-on to Hunter's commits where he added
extra parameters to support PE. This commit just cleans up
some of my old comments that were made irrelevant or inaccurate
due to the work that he did, and adds a bit of documentation to
the new test manifest that he created.
Prior to this commit, users needed to be aware that the puppet
master service would need a restart if certain config files
were changed (routes.yaml, puppetdb.conf). This commit
adds a notification that will trigger a service restart if
those files are modified.
Prior to this commit, all of the puppetdb packages were being
installed with 'ensure=present'. This commit changes things
so that you can explicitly specify a version if you desire;
the default is still 'present'.
This commit does the following:
* Use the new inifile module to manage puppet.conf
* More comprehensive management of config files
* Validate database connectivity before applying puppetdb
config changes
* Validate puppetdb connectivity before applying puppet
master config changes
* Documentation
The test manifests for single-node (everything installed on
the master machine) now work properly. You have to
edit your puppet.conf by hand to turn on storeconfigs and
point it at puppetdb, but other than that, this successfully
handles everything that you need for either an hsql or
postgres setup.
