opuppet/module-puppetdb
5
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
module-puppetdb/manifests/server/jetty_ini.pp
Garrett Honeycutt af10eedfc6 Add ability to specify SSL protocols. 
This is in response to CVE-2014-3566 - POODLE
2014-10-29 19:29:15 -04:00

92 lines
2.4 KiB
Puppet
Raw Blame History

# PRIVATE CLASS - do not use directly
class puppetdb::server::jetty_ini (
$listen_address = $puppetdb::params::listen_address,
$listen_port = $puppetdb::params::listen_port,
$ssl_listen_address = $puppetdb::params::ssl_listen_address,
$ssl_listen_port = $puppetdb::params::ssl_listen_port,
$disable_ssl = $puppetdb::params::disable_ssl,
$ssl_set_cert_paths = $puppetdb::params::ssl_set_cert_paths,
$ssl_cert_path = $puppetdb::params::ssl_cert_path,
$ssl_key_path = $puppetdb::params::ssl_key_path,
$ssl_ca_cert_path = $puppetdb::params::ssl_ca_cert_path,
$ssl_protocols = $puppetdb::params::ssl_protocols,
$confdir = $puppetdb::params::confdir,
$max_threads = $puppetdb::params::max_threads,
) inherits puppetdb::params {
# Set the defaults
Ini_setting {
path => "${confdir}/jetty.ini",
ensure => present,
section => 'jetty',
}
ini_setting { 'puppetdb_host':
setting => 'host',
value => $listen_address,
}
ini_setting { 'puppetdb_port':
setting => 'port',
value => $listen_port,
}
$ssl_setting_ensure = $disable_ssl ? {
true => 'absent',
default => 'present',
}
ini_setting { 'puppetdb_sslhost':
ensure => $ssl_setting_ensure,
setting => 'ssl-host',
value => $ssl_listen_address,
}
ini_setting { 'puppetdb_sslport':
ensure => $ssl_setting_ensure,
setting => 'ssl-port',
value => $ssl_listen_port,
}
if $ssl_protocols != undef {
validate_string($ssl_protocols)
ini_setting { 'puppetdb_sslprotocols':
ensure => $ssl_setting_ensure,
setting => 'ssl-protocols',
value => $ssl_protocols,
}
}
if str2bool($ssl_set_cert_paths) == true {
# assume paths have been validated in calling class
ini_setting { 'puppetdb_ssl_key':
ensure => present,
setting => 'ssl-key',
value => $ssl_key_path,
}
ini_setting { 'puppetdb_ssl_cert':
ensure => present,
setting => 'ssl-cert',
value => $ssl_cert_path,
}
ini_setting { 'puppetdb_ssl_ca_cert':
ensure => present,
setting => 'ssl-ca-cert',
value => $ssl_ca_cert_path,
}
}
if ($max_threads) {
ini_setting { 'puppetdb_max_threads':
setting => 'max-threads',
value => $max_threads,
}
} else {
ini_setting { 'puppetdb_max_threads':
ensure => absent,
setting => 'max-threads',
}
}
}
Reference in a new issue View git blame Copy permalink