opuppet/module-puppetdb
5
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
module-puppetdb/manifests/server.pp
Drew Blessing 57445ef70f 17594 - PuppetDB - Add ability to set standard host listen address and open firewall to standard port 
Prior to this commit the module did not provide a way to set a bind address for the HTTP port.  This
commit allows users to not only bind to an address and port other than localhost and 8080, but it also
opens the firewall if explicitly requested.
2012-11-14 09:00:15 -06:00

146 lines
7.2 KiB
Puppet
Raw Blame History

# Class: puppetdb::server
#
# This class provides a simple way to get a puppetdb instance up and running
# with minimal effort. It will install and configure all necessary packages for
# the puppetdb server, but will *not* manage the database (e.g., postgres) server
# or instance (unless you are using the embedded database, in which case there
# is not much to manage).
#
# This class is intended as a high-level abstraction to help simplify the process
# of getting your puppetdb server up and running; it manages the puppetdb
# package and service, as well as several puppetdb configuration files. For
# maximum configurability, you may choose not to use this class. You may prefer to
# manage the puppetdb package / service on your own, and perhaps use the
# individual classes inside of the `puppetdb::server` namespace to manage some
# or all of your configuration files.
#
# In addition to this class, you'll need to configure your puppetdb postgres
# database if you are using postgres. You can optionally do by using the
# `puppetdb::database::postgresql` class.
#
# You'll also need to configure your puppet master to use puppetdb. You can
# use the `puppetdb::master::config` class to accomplish this.
#
# Parameters:
# ['listen_address'] - The address that the web server should bind to
# for HTTP requests. (defaults to `localhost`.)
# Set to '0.0.0.0' to listen on all addresses.
# ['listen_port'] - The port on which the puppetdb web server should
# accept HTTP requests (defaults to 8080).
# ['open_listen_port'] - If true, open the http listen port on the firewall.
# (defaults to false).
# ['ssl_listen_address'] - The address that the web server should bind to
# for HTTPS requests. (defaults to `$::clientcert`.)
# Set to '0.0.0.0' to listen on all addresses.
# ['ssl_listen_port'] - The port on which the puppetdb web server should
# accept HTTPS requests (defaults to 8081).
# ['open_ssl_listen_port'] - If true, open the ssl listen port on the firewall.
# (defaults to false).
# ['database'] - Which database backend to use; legal values are
# `postgres` (default) or `embedded`. (The `embedded`
# db can be used for very small installations or for
# testing, but is not recommended for use in production
# environments. For more info, see the puppetdb docs.)
# ['database_host'] - The hostname or IP address of the database server.
# (defaults to `localhost`; ignored for `embedded` db)
# ['database_port'] - The port that the database server listens on.
# (defaults to `5432`; ignored for `embedded` db)
# ['database_username'] - The name of the database user to connect as.
# (defaults to `puppetdb`; ignored for `embedded` db)
# ['database_password'] - The password for the database user.
# (defaults to `puppetdb`; ignored for `embedded` db)
# ['database_name'] - The name of the database instance to connect to.
# (defaults to `puppetdb`; ignored for `embedded` db)
# ['database_package'] - The puppetdb package name in the package manager
# ['puppetdb_version'] - The version of the `puppetdb` package that should
# be installed. You may specify an explicit version
# number, 'present', or 'latest'. Defaults to
# 'present'.
# ['puppetdb_service'] - The name of the puppetdb service.
# ['manage_redhat_firewall'] - DEPRECATED: Use open_ssl_listen_port instead.
# boolean indicating whether or not the module
# should open a port in the firewall on redhat-based
# systems. Defaults to `true`. This parameter is
# likely to change in future versions. Possible
# changes include support for non-RedHat systems and
# finer-grained control over the firewall rule
# (currently, it simply opens up the postgres port to
# all TCP connections).
# ['confdir'] - The puppetdb configuration directory; defaults to
# `/etc/puppetdb/conf.d`.
#
# Actions:
# - Creates and manages a puppetdb server
#
# Requires:
# - `inkling/postgresql`
#
# Sample Usage:
# class { 'puppetdb::server':
# database_host => 'puppetdb-postgres',
# }
#
class puppetdb::server(
$listen_address = $puppetdb::params::listen_address,
$listen_port = $puppetdb::params::listen_port,
$open_listen_port = $puppetdb::params::open_listen_port,
$ssl_listen_address = $puppetdb::params::ssl_listen_address,
$ssl_listen_port = $puppetdb::params::ssl_listen_port,
$open_ssl_listen_port = $puppetdb::params::open_ssl_listen_port,
$database = $puppetdb::params::database,
$database_host = $puppetdb::params::database_host,
$database_port = $puppetdb::params::database_port,
$database_username = $puppetdb::params::database_username,
$database_password = $puppetdb::params::database_password,
$database_name = $puppetdb::params::database_name,
$puppetdb_package = $puppetdb::params::puppetdb_package,
$puppetdb_version = $puppetdb::params::puppetdb_version,
$puppetdb_service = $puppetdb::params::puppetdb_service,
$manage_redhat_firewall = $puppetdb::params::manage_redhat_firewall,
$confdir = $puppetdb::params::confdir,
) inherits puppetdb::params {
package { $puppetdb_package:
ensure => $puppetdb_version,
notify => Service[$puppetdb_service],
}
class { 'puppetdb::server::firewall':
http_port => $listen_port,
open_http_port => $open_listen_port,
ssl_port => $ssl_listen_port,
open_ssl_port => $open_ssl_listen_port,
manage_redhat_firewall => $manage_redhat_firewall
}
class { 'puppetdb::server::database_ini':
database => $database,
database_host => $database_host,
database_port => $database_port,
database_username => $database_username,
database_password => $database_password,
database_name => $database_name,
confdir => $confdir,
notify => Service[$puppetdb_service],
}
class { 'puppetdb::server::jetty_ini':
listen_address => $listen_address,
listen_port => $listen_port,
ssl_listen_address => $ssl_listen_address,
ssl_listen_port => $ssl_listen_port,
confdir => $confdir,
notify => Service[$puppetdb_service],
}
service { $puppetdb_service:
ensure => running,
enable => true,
}
Package[$puppetdb_package] ->
Class['puppetdb::server::firewall'] ->
Class['puppetdb::server::database_ini'] ->
Class['puppetdb::server::jetty_ini'] ->
Service[$puppetdb_service]
}
Reference in a new issue View git blame Copy permalink