28e23581c7
This patch introduces the optional parameter $disable_ssl, which defaults to false. If set to true, the settings ssl-host and ssl-port are completely removed from the Jetty section of the PuppetDB config files. This disables serving of HTTPS requests by PuppetDB, which can be useful when SSL handling is offloaded to a reverse proxy server like Apache or Nginx, as suggested in the PuppetDB documentation (see http://docs.puppetlabs.com/puppetdb/1.2/connect_puppet_apply.html#option-a-set-up-an-ssl-proxy-for-puppetdb).
79 lines
2.6 KiB
Puppet
79 lines
2.6 KiB
Puppet
# Class: puppetdb::server::jetty_ini
|
|
#
|
|
# This class manages puppetdb's `jetty.ini` file, which contains the configuration
|
|
# for puppetdb's embedded web server.
|
|
#
|
|
# Parameters:
|
|
# ['listen_address'] - The address that the web server should bind to
|
|
# for HTTP requests. (defaults to `localhost`.)
|
|
# ['listen_port'] - The port on which the puppetdb web server should
|
|
# accept HTTP requests (defaults to 8080).
|
|
# ['ssl_listen_address'] - The address that the web server should bind to
|
|
# for HTTPS requests. (defaults to `$::clientcert`.)
|
|
# ['ssl_listen_port'] - The port on which the puppetdb web server should
|
|
# accept HTTPS requests.
|
|
# ['disable_ssl'] - If true, disable HTTPS and only serve
|
|
# HTTP requests. Defaults to false.
|
|
# ['database_name'] - The name of the database instance to connect to.
|
|
# (defaults to `puppetdb`; ignored for `embedded` db)
|
|
# ['confdir'] - The puppetdb configuration directory; defaults to
|
|
# `/etc/puppetdb/conf.d`.
|
|
#
|
|
# Actions:
|
|
# - Manages puppetdb's `jetty.ini` file
|
|
#
|
|
# Requires:
|
|
# - Inifile
|
|
#
|
|
# Sample Usage:
|
|
# class { 'puppetdb::server::jetty_ini':
|
|
# ssl_listen_address => 'my.https.interface.hostname',
|
|
# ssl_listen_port => 8081,
|
|
# }
|
|
#
|
|
class puppetdb::server::jetty_ini(
|
|
$listen_address = $puppetdb::params::listen_address,
|
|
$listen_port = $puppetdb::params::listen_port,
|
|
$ssl_listen_address = $puppetdb::params::ssl_listen_address,
|
|
$ssl_listen_port = $puppetdb::params::ssl_listen_port,
|
|
$disable_ssl = $puppetdb::params::disable_ssl,
|
|
$confdir = $puppetdb::params::confdir,
|
|
) inherits puppetdb::params {
|
|
|
|
#Set the defaults
|
|
Ini_setting {
|
|
path => "${confdir}/jetty.ini",
|
|
ensure => present,
|
|
section => 'jetty',
|
|
}
|
|
|
|
# TODO: figure out some way to make sure that the ini_file module is installed,
|
|
# because otherwise these will silently fail to do anything.
|
|
|
|
ini_setting {'puppetdb_host':
|
|
setting => 'host',
|
|
value => $listen_address,
|
|
}
|
|
|
|
ini_setting {'puppetdb_port':
|
|
setting => 'port',
|
|
value => $listen_port,
|
|
}
|
|
|
|
$ssl_setting_ensure = $disable_ssl ? {
|
|
true => 'absent',
|
|
default => 'present',
|
|
}
|
|
|
|
ini_setting {'puppetdb_sslhost':
|
|
ensure => $ssl_setting_ensure,
|
|
setting => 'ssl-host',
|
|
value => $ssl_listen_address,
|
|
}
|
|
|
|
ini_setting {'puppetdb_sslport':
|
|
ensure => $ssl_setting_ensure,
|
|
setting => 'ssl-port',
|
|
value => $ssl_listen_port,
|
|
}
|
|
}
|