Ensure that for PostgreSQL backends, the database validation functions
are not run until the initial database creation and user role creation
has been completed.
Closes-Bug: #1298605
...rather than the custom logic that was used previously. Using a
uniform canon fact across all modules that need to differentiate between
PE and POSS makes unusual situations (such as having a missing
/opt/puppet/pe_version file) more, well, uniform.
The tests were failing on Ubuntu, and I noticed that the OOM killer
was killing java. This patch increases the memory size for each
image to avoid this.
Signed-off-by: Ken Barber <ken@bob.sh>
This updates the module to be able to use puppetlabs-postgresql.
Since this change is a major change, it marks this patch as a breaking change.
I have prepared a suitable amount of upgrade notes for upgrading to this later
version of the module plus removed anything marked deprecated.
As cleanup, I've removed the troublesome 'tests' directory in favour of good
README.md documentation. I've also removed any puppet docs from each module
until such times as puppet docs become automated through the forge. This is
just to avoid contributors having to double their efforts - the README.md
is the authority now.
Signed-off-by: Ken Barber <ken@bob.sh>
PostgreSQL supports secure connections through SSL. For PuppetDB
to connect with SSL, "?ssl=true" has to be specified on the
connection string.
This patch adds such a switch, by default PuppetDB will not use SSL
to connect to the database.
In some cases it may not be possible to securely specify a password for
PuppetDB. When that is true, it's impossible to use the module to manage
PuppetDB, because specifying undef for the password will cause database
validation to fail, or for the setting in database.ini to be overridden.
This change will simply check that database_password is set, and will
skip validation and changing database.ini in the case where it is not.
This patch adds all the missing parameters now defined in the 1.4.0 release.
This includes some new database parameters mainly, but also adds gc_interval
to the `puppetdb` and `puppetdb::server` classes, as previously this wasn't
configurable using this method.
To avoid documentation duplication the Puppet headers have been removed in
favour of documenting classes from the README.md. Until such times as the
forge can turn Puppet docs into HTML automatically, this is just duplicate
noise and prone to update slippage. The README.md is more authoritative in
this area and is pubicly displayed on the forge project page so it should be
used for now.
Signed-off-by: Ken Barber <ken@bob.sh>
Chris Barker reported that the default value of `$::clientcert`
was not the best choice for some things we were using it for
in the module; specifically, for the default value of
the jetty ssl listen address. He suggested using `$::fqdn` instead.
This commit makes that change; rspec-system tests pass, but I'm
not 100% sure that there aren't edge cases that would be
affected by this.
This adds a basic test to run the standard 1 node setup until it succeeds.
This also fixes a bug with the connection validation facilities. Before this
patch we would keep retrying the connection to PuppetDB until the timeout
expired, this patch fixes that bug making provisioning faster and well, more
reliable. I've also increased the timeout as some systems take longer than
15 seconds for PuppetDB to start.
Signed-off-by: Ken Barber <ken@bob.sh>
This patch introduces the optional parameter $disable_ssl, which
defaults to false. If set to true, the settings ssl-host and ssl-port
are completely removed from the Jetty section of the PuppetDB config
files.
This disables serving of HTTPS requests by PuppetDB, which can be useful
when SSL handling is offloaded to a reverse proxy server like Apache or
Nginx, as suggested in the PuppetDB documentation (see
http://docs.puppetlabs.com/puppetdb/1.2/connect_puppet_apply.html#option-a-set-up-an-ssl-proxy-for-puppetdb).
