Add the option to set up a certificate whitelist file and configure it
in PuppetDB so that only specific hosts (i.e. the Puppet master(s)) have
access.
This patch fixes some of the lint warnings/errors we've been getting on the
forge.
In some cases I've fixed real bugs also, in particular double quotes/single
quotes in cases, which would have broken variable interpolation.
Signed-off-by: Ken Barber <ken@bob.sh>
This commit moves to managing the Postgres repos by default. The
reason for this is so that the `puppetdb` class will "just work" by
default on most systems, because PostgreSQL 9.4 is not installed on 6/7
of the distros we support we need to manage the repos so we can install
the latest version.
This commit adds a globals class to PuppetDB which allows us to change
the param defaults for the module depending on what version of PuppetDB
they are using (similar to the PostgreSQL module).
This commit also changes the default PuppetDB 3.x configuration pathing
to assume AIO Puppet.
This commit updates the handling of the `test_url` parameter to be
smarter, using the PuppetDB `2.x` default for PuppetDB `2.x` and using
the `3.x` default for PuppetDB `3.x`.
* stable:
(maint) Ignore ruby specific files when packaging module
Release 4.3.0 of module
(PDB-1455) Provide mechanism for modifying default HSQLDB path
This provides an override mechanism for providing a custom path to HSQLDB.
This allows users to provide any path to their HSQLDB database. It is needed
specifically for managing the as-yet-unreleased version of PuppetDB as well.
Signed-off-by: Ken Barber <ken@bob.sh>
This commit changes the terminus configuration to use the new root
prefix for PuppetDB and changes the connection validator to do the same.
This commit also adds the terminus package name changes `terminus` to
`termini` and tries to be smart about the default, checking to see what
version of PuppetDB was passed in and defaulting off of that value.
command-processing section.
Added new class server/config_ini.pp to manage contents of the config.ini.
Three new parameters added:
* command_threads
* store_usage
* temp_usage
All three default to 'undef'. This makes sure (potential) custom settings
done to that file with regard to above three variables are 'absent',
and let PuppetDB built-in defaults take care.
Documentation to the README.md added, as well as unit tests.
My use-case was, that I have on some nodes a too small /var partition,
so I had to lower the values of store-usage and temp-usage in the config.ini
manually.
This commit adds conditionals to use `$settings::confdir` to introspect
the value for `$puppet_confdir` when available. This change is necessary
for compatibility with the path changes in Puppet 4.
Currently the module only allows PuppetDB to be configured in a
agent/master setup configuration, by configuring the master section of
the puppet.conf and applying on the routes for such a configuration.
This commit allows one to use this module to configure the main section of
the puppet.conf and applying the proper routes so the module can configure
nodes to use PuppetDB in a masterless setup.
Doc about puppet.conf configure in masterless way available here
https://docs.puppetlabs.com/puppetdb/2.2/connect_puppet_apply.html#manage-puppetconf
the module triggers puppetlabs-postgresql which is able to handle yum/apt repos from the postgres devs. Usefull in cases that your operating system doesn't provide the newest release. this feature is disabled by default
fix typo
For some reasons we switched this to use /usr/share/puppetdb/db, which has a
softlink to /var/lib/puppetdb/db. This is not aligned with the PuppetDB core
nor is it following FHS.
Signed-off-by: Ken Barber <ken@bob.sh>
This provides a number of cleanups as the code has been unloved for a while.
I've added the ssl-* parameters the robinbowes added in his last patch to the
docs, and found some other cleanups as well where applicable.
I've added the ability to override the test_url also, so that in the future
if a user wishes to they can customize this.
Signed-off-by: Ken Barber <ken@bob.sh>
is_pe being a fact, its smarter her to coerce the value of it too a boolean, in
case we still receive the value as a string. In the future structured facts
will become the norm.
I've also removed the patch against the values for puppetdb_service_status, matching
against a bareword boolean while it looks good, if the value is indeed a boolean the
in will fail in the current parser. This can be brought up again in the future.
Signed-off-by: Ken Barber <ken@bob.sh>
...rather than the custom logic that was used previously. Using a
uniform canon fact across all modules that need to differentiate between
PE and POSS makes unusual situations (such as having a missing
/opt/puppet/pe_version file) more, well, uniform.
This updates the module to be able to use puppetlabs-postgresql.
Since this change is a major change, it marks this patch as a breaking change.
I have prepared a suitable amount of upgrade notes for upgrading to this later
version of the module plus removed anything marked deprecated.
As cleanup, I've removed the troublesome 'tests' directory in favour of good
README.md documentation. I've also removed any puppet docs from each module
until such times as puppet docs become automated through the forge. This is
just to avoid contributors having to double their efforts - the README.md
is the authority now.
Signed-off-by: Ken Barber <ken@bob.sh>
PostgreSQL supports secure connections through SSL. For PuppetDB
to connect with SSL, "?ssl=true" has to be specified on the
connection string.
This patch adds such a switch, by default PuppetDB will not use SSL
to connect to the database.
This patch adds all the missing parameters now defined in the 1.4.0 release.
This includes some new database parameters mainly, but also adds gc_interval
to the `puppetdb` and `puppetdb::server` classes, as previously this wasn't
configurable using this method.
To avoid documentation duplication the Puppet headers have been removed in
favour of documenting classes from the README.md. Until such times as the
forge can turn Puppet docs into HTML automatically, this is just duplicate
noise and prone to update slippage. The README.md is more authoritative in
this area and is pubicly displayed on the forge project page so it should be
used for now.
Signed-off-by: Ken Barber <ken@bob.sh>
Chris Barker reported that the default value of `$::clientcert`
was not the best choice for some things we were using it for
in the module; specifically, for the default value of
the jetty ssl listen address. He suggested using `$::fqdn` instead.
This commit makes that change; rspec-system tests pass, but I'm
not 100% sure that there aren't edge cases that would be
affected by this.