opuppet/module-puppetdb
5
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
module-puppetdb/manifests/init.pp
Christian Berg 28e23581c7 (#51) Add option to disable SSL in Jetty 
This patch introduces the optional parameter $disable_ssl, which
defaults to false. If set to true, the settings ssl-host and ssl-port
are completely removed from the Jetty section of the PuppetDB config
files.

This disables serving of HTTPS requests by PuppetDB, which can be useful
when SSL handling is offloaded to a reverse proxy server like Apache or
Nginx, as suggested in the PuppetDB documentation (see
http://docs.puppetlabs.com/puppetdb/1.2/connect_puppet_apply.html#option-a-set-up-an-ssl-proxy-for-puppetdb).
2013-04-09 00:39:04 +02:00

150 lines
8.3 KiB
Puppet
Raw Blame History

# Class: puppetdb
#
# This class provides a simple way to get a puppetdb instance up and running
# with minimal effort. It will install and configure all necessary packages,
# including the database server and instance.
#
# This class is intended as a high-level abstraction to help simplify the process
# of getting your puppetdb server up and running; it wraps the slightly-lower-level
# classes `puppetdb::server` and `puppetdb::database::*`. For maximum
# configurability, you may choose not to use this class. You may prefer to
# use the `puppetdb::server` class directly, or manage your puppetdb setup on your
# own.
#
# In addition to this class, you'll need to configure your puppet master to use
# puppetdb. You can use the `puppetdb::master::config` class to accomplish this.
#
# Parameters:
# ['listen_address'] - The address that the web server should bind to
# for HTTP requests. (defaults to `localhost`.
# '0.0.0.0' = all)
# ['listen_port'] - The port on which the puppetdb web server should
# accept HTTP requests (defaults to 8080).
# ['open_listen_port'] - If true, open the http listen port on the firewall.
# (defaults to false).
# ['ssl_listen_address'] - The address that the web server should bind to
# for HTTPS requests. (defaults to `$::clientcert`.)
# Set to '0.0.0.0' to listen on all addresses.
# ['ssl_listen_port'] - The port on which the puppetdb web server should
# accept HTTPS requests (defaults to 8081).
# ['disable_ssl'] - If true, disable HTTPS and only serve
# HTTP requests. Defaults to false.
# ['open_ssl_listen_port'] - If true, open the ssl listen port on the firewall.
# (defaults to true).
# ['database'] - Which database backend to use; legal values are
# `postgres` (default) or `embedded`. (The `embedded`
# db can be used for very small installations or for
# testing, but is not recommended for use in production
# environments. For more info, see the puppetdb docs.)
# ['database_port'] - The port that the database server listens on.
# (defaults to `5432`; ignored for `embedded` db)
# ['database_username'] - The name of the database user to connect as.
# (defaults to `puppetdb`; ignored for `embedded` db)
# ['database_password'] - The password for the database user.
# (defaults to `puppetdb`; ignored for `embedded` db)
# ['database_name'] - The name of the database instance to connect to.
# (defaults to `puppetdb`; ignored for `embedded` db)
# ['node_ttl'] - The length of time a node can go without receiving
# any new data before it's automatically deactivated.
# (defaults to '0', which disables auto-deactivation)
# This option is supported in PuppetDB >= 1.1.0.
# ['node_purge_ttl'] - The length of time a node can be deactivated before
# it's deleted from the database.
# (defaults to '0', which disables purging)
# This option is supported in PuppetDB >= 1.2.0.
# ['report_ttl'] - The length of time reports should be stored before
# being deleted.
# (defaults to '7d', which is a 7-day period)
# This option is supported in PuppetDB >= 1.1.0.
# ['open_postgres_port'] - If true, open the postgres port on the firewall.
# (defaults to true).
# ['puppetdb_package'] - The puppetdb package name in the package manager
# ['puppetdb_version'] - The version of the `puppetdb` package that should
# be installed. You may specify an explicit version
# number, 'present', or 'latest'. (defaults to
# 'present')
# ['puppetdb_service'] - The name of the puppetdb service.
# ['manage_redhat_firewall'] - DEPRECATED: Use open_ssl_listen_port instead.
# boolean indicating whether or not the module
# should open a port in the firewall on redhat-based
# systems. Defaults to `false`. This parameter is
# likely to change in future versions. Possible
# changes include support for non-RedHat systems and
# finer-grained control over the firewall rule
# (currently, it simply opens up the postgres port to
# all TCP connections).
# ['confdir'] - The puppetdb configuration directory; defaults to
# `/etc/puppetdb/conf.d`.
#
# Actions:
# - Creates and manages a puppetdb server and its database server/instance.
#
# Requires:
# - `inkling/postgresql`
#
# Sample Usage:
# include puppetdb
#
class puppetdb(
$listen_address = $puppetdb::params::listen_address,
$listen_port = $puppetdb::params::listen_port,
$open_listen_port = $puppetdb::params::open_listen_port,
$ssl_listen_address = $puppetdb::params::ssl_listen_address,
$ssl_listen_port = $puppetdb::params::ssl_listen_port,
$disable_ssl = $puppetdb::params::disable_ssl,
$open_ssl_listen_port = $puppetdb::params::open_ssl_listen_port,
$database = $puppetdb::params::database,
$database_port = $puppetdb::params::database_port,
$database_username = $puppetdb::params::database_username,
$database_password = $puppetdb::params::database_password,
$database_name = $puppetdb::params::database_name,
$node_ttl = $puppetdb::params::node_ttl,
$node_purge_ttl = $puppetdb::params::node_purge_ttl,
$report_ttl = $puppetdb::params::report_ttl,
$puppetdb_package = $puppetdb::params::puppetdb_package,
$puppetdb_version = $puppetdb::params::puppetdb_version,
$puppetdb_service = $puppetdb::params::puppetdb_service,
$open_postgres_port = $puppetdb::params::open_postgres_port,
$manage_redhat_firewall = $puppetdb::params::manage_redhat_firewall,
$confdir = $puppetdb::params::confdir
) inherits puppetdb::params {
if ($manage_redhat_firewall != undef) {
notify {'Deprecation notice: `$manage_redhat_firewall` has been deprecated in `puppetdb` class and will be removed in a future versions. Use $open_ssl_listen_port and $open_postgres_port instead.':}
}
class { 'puppetdb::server':
listen_address => $listen_address,
listen_port => $listen_port,
open_listen_port => $open_listen_port,
ssl_listen_address => $ssl_listen_address,
ssl_listen_port => $ssl_listen_port,
disable_ssl => $disable_ssl,
open_ssl_listen_port => $open_ssl_listen_port,
database => $database,
database_port => $database_port,
database_username => $database_username,
database_password => $database_password,
database_name => $database_name,
puppetdb_package => $puppetdb_package,
puppetdb_version => $puppetdb_version,
puppetdb_service => $puppetdb_service,
manage_redhat_firewall => $manage_redhat_firewall,
confdir => $confdir
}
if ($database == 'postgres') {
class { 'puppetdb::database::postgresql':
manage_redhat_firewall => $manage_redhat_firewall ? {
true => $manage_redhat_firewall,
false => $manage_redhat_firewall,
undef => $open_postgres_port,
},
listen_addresses => $puppetdb::params::postgres_listen_addresses,
database_name => $database_name,
database_username => $database_username,
database_password => $database_password,
before => Class['puppetdb::server']
}
}
}
Reference in a new issue View git blame Copy permalink