This commit removes the dependency cycle caused by a typo in the config
name for config.ini and properly threads through the vardir setting to
the puppetdb::server::global class.
Much like read-database.ini, we need to ensure the permissions for puppetdb.ini and others are set explicitly
to ensure permissions are still correct after configuration. Without this users with different umask
settings may find their files are no longer accessible after the module runs.
This patch fixes the globally for all the ini files we currently manage (repl.ini is not managed fwiw).
This also fixes a bug whereby we were missing puppetdb::server::global from the main server class, it adds this
back and fixes the tests to ensure we don't lose it.
Signed-off-by: Ken Barber <ken@bob.sh>
The firewall module requires selinux and the iptables_persistent_version facts to be defined
up front for our tests to pass. This patch includes those static facts, so we pass.
Signed-off-by: Ken Barber <ken@bob.sh>
Add the option to set up a certificate whitelist file and configure it
in PuppetDB so that only specific hosts (i.e. the Puppet master(s)) have
access.
This commit moves to managing the Postgres repos by default. The
reason for this is so that the `puppetdb` class will "just work" by
default on most systems, because PostgreSQL 9.4 is not installed on 6/7
of the distros we support we need to manage the repos so we can install
the latest version.
This commit adds a globals class to PuppetDB which allows us to change
the param defaults for the module depending on what version of PuppetDB
they are using (similar to the PostgreSQL module).
This commit also changes the default PuppetDB 3.x configuration pathing
to assume AIO Puppet.
* stable:
Specify kernel in spec tests as the firewall module requires it
Support Puppet v4
Test against the latest version of Puppet 3.x and with future parser
This commit updates the handling of the `test_url` parameter to be
smarter, using the PuppetDB `2.x` default for PuppetDB `2.x` and using
the `3.x` default for PuppetDB `3.x`.
* stable:
(maint) Ignore ruby specific files when packaging module
Release 4.3.0 of module
(PDB-1455) Provide mechanism for modifying default HSQLDB path
This provides an override mechanism for providing a custom path to HSQLDB.
This allows users to provide any path to their HSQLDB database. It is needed
specifically for managing the as-yet-unreleased version of PuppetDB as well.
Signed-off-by: Ken Barber <ken@bob.sh>
This commit changes the terminus configuration to use the new root
prefix for PuppetDB and changes the connection validator to do the same.
This commit also adds the terminus package name changes `terminus` to
`termini` and tries to be smart about the default, checking to see what
version of PuppetDB was passed in and defaulting off of that value.
command-processing section.
Added new class server/config_ini.pp to manage contents of the config.ini.
Three new parameters added:
* command_threads
* store_usage
* temp_usage
All three default to 'undef'. This makes sure (potential) custom settings
done to that file with regard to above three variables are 'absent',
and let PuppetDB built-in defaults take care.
Documentation to the README.md added, as well as unit tests.
My use-case was, that I have on some nodes a too small /var partition,
so I had to lower the values of store-usage and temp-usage in the config.ini
manually.
This fixes the file_concat dependency issue postgresql module has brought in,
plus removes some deprecation warnings from our rspec tests.
I've also bumped rspec-puppet as well, while I was at it.
Signed-off-by: Ken Barber <ken@bob.sh>
Previously the defined check wasn't working as expected, this patches fixes
this by relying on the check for the `puppetdb` class instead.
Tests have been added, and the README has been updated to include the new
puppetdb_disable_ssl parameter for the `puppetdb::master::config` class.
This provides a number of cleanups as the code has been unloved for a while.
I've added the ssl-* parameters the robinbowes added in his last patch to the
docs, and found some other cleanups as well where applicable.
I've added the ability to override the test_url also, so that in the future
if a user wishes to they can customize this.
Signed-off-by: Ken Barber <ken@bob.sh>
This updates the module to be able to use puppetlabs-postgresql.
Since this change is a major change, it marks this patch as a breaking change.
I have prepared a suitable amount of upgrade notes for upgrading to this later
version of the module plus removed anything marked deprecated.
As cleanup, I've removed the troublesome 'tests' directory in favour of good
README.md documentation. I've also removed any puppet docs from each module
until such times as puppet docs become automated through the forge. This is
just to avoid contributors having to double their efforts - the README.md
is the authority now.
Signed-off-by: Ken Barber <ken@bob.sh>
for my use case, I am not able to validate the
ssl endpoint b/c I am creating my puppet certificates
during my puppet run, so they are not available to
the http get request.
This patch adds a new resource parameter to
the puppetdb_conn_validator that allows it
to make a non-ssl connection. This allows me
to declare my own http only resource that I
can use to verify the puppetdb connection.
Chris Barker reported that the default value of `$::clientcert`
was not the best choice for some things we were using it for
in the module; specifically, for the default value of
the jetty ssl listen address. He suggested using `$::fqdn` instead.
This commit makes that change; rspec-system tests pass, but I'm
not 100% sure that there aren't edge cases that would be
affected by this.
