Skip to content

Commit 1a5a4ef

Browse files
robinbowesrobinbowes
committed
Make database validation optional
1 parent cb71baa commit 1a5a4ef

6 files changed

Lines changed: 61 additions & 32 deletions

File tree

README.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -253,6 +253,10 @@ The name of the database instance to connect to (defaults to `puppetdb`; ignored
253253
If true, puppetdb will use SSL to connect to the postgres database (defaults to false; ignored for `embedded` db).
254254
Setting up proper trust- and keystores has to be managed outside of the puppetdb module.
255255

256+
####`database_validate`
257+
258+
If true, the module will attempt to connect to the database using the specified settings and fail if it is not able to do so. (defaults to true)
259+
256260
####`node_ttl`
257261

258262
The length of time a node can go without receiving any new data before it's automatically deactivated. (defaults to '0', which disables auto-deactivation). This option is supported in PuppetDB >= 1.1.0.

manifests/init.pp

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,7 @@
2727
$database_name = $puppetdb::params::database_name,
2828
$database_ssl = $puppetdb::params::database_ssl,
2929
$database_listen_address = $puppetdb::params::postgres_listen_addresses,
30+
$database_validate = $puppetdb::params::database_validate,
3031
$node_ttl = $puppetdb::params::node_ttl,
3132
$node_purge_ttl = $puppetdb::params::node_purge_ttl,
3233
$report_ttl = $puppetdb::params::report_ttl,
@@ -48,6 +49,7 @@
4849
$read_database_password = $puppetdb::params::read_database_password,
4950
$read_database_name = $puppetdb::params::read_database_name,
5051
$read_database_ssl = $puppetdb::params::read_database_ssl,
52+
$read_database_validate = $puppetdb::params::read_database_validate,
5153
$read_log_slow_statements = $puppetdb::params::read_log_slow_statements,
5254
$read_conn_max_age = $puppetdb::params::read_conn_max_age,
5355
$read_conn_keep_alive = $puppetdb::params::read_conn_keep_alive,
@@ -83,6 +85,7 @@
8385
database_password => $database_password,
8486
database_name => $database_name,
8587
database_ssl => $database_ssl,
88+
database_validate => $database_validate,
8689
node_ttl => $node_ttl,
8790
node_purge_ttl => $node_purge_ttl,
8891
report_ttl => $report_ttl,
@@ -105,6 +108,7 @@
105108
read_database_password => $read_database_password,
106109
read_database_name => $read_database_name,
107110
read_database_ssl => $read_database_ssl,
111+
read_database_validate => $read_database_validate,
108112
read_log_slow_statements => $read_log_slow_statements,
109113
read_conn_max_age => $read_conn_max_age,
110114
read_conn_keep_alive => $read_conn_keep_alive,

manifests/params.pp

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,7 @@
2222
$database_username = 'puppetdb'
2323
$database_password = 'puppetdb'
2424
$database_ssl = false
25+
$database_validate = true
2526

2627
# These settings manage the various auto-deactivation and auto-purge settings
2728
$node_ttl = '0s'
@@ -47,6 +48,7 @@
4748
$read_database_username = 'puppetdb'
4849
$read_database_password = 'puppetdb'
4950
$read_database_ssl = false
51+
$read_database_validate = true
5052
$read_log_slow_statements = '10'
5153
$read_conn_max_age = '60'
5254
$read_conn_keep_alive = '45'
@@ -98,4 +100,5 @@
98100
$ssl_key = undef
99101
$ssl_cert = undef
100102
$ssl_ca_cert = undef
103+
101104
}

manifests/server.pp

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,7 @@
2424
$database_password = $puppetdb::params::database_password,
2525
$database_name = $puppetdb::params::database_name,
2626
$database_ssl = $puppetdb::params::database_ssl,
27+
$database_validate = $puppetdb::params::database_validate,
2728
$node_ttl = $puppetdb::params::node_ttl,
2829
$node_purge_ttl = $puppetdb::params::node_purge_ttl,
2930
$report_ttl = $puppetdb::params::report_ttl,
@@ -45,6 +46,7 @@
4546
$read_database_password = $puppetdb::params::read_database_password,
4647
$read_database_name = $puppetdb::params::read_database_name,
4748
$read_database_ssl = $puppetdb::params::read_database_ssl,
49+
$read_database_validate = $puppetdb::params::read_database_validate,
4850
$read_log_slow_statements = $puppetdb::params::read_log_slow_statements,
4951
$read_conn_max_age = $puppetdb::params::read_conn_max_age,
5052
$read_conn_keep_alive = $puppetdb::params::read_conn_keep_alive,
@@ -122,6 +124,7 @@
122124
database_password => $database_password,
123125
database_name => $database_name,
124126
database_ssl => $database_ssl,
127+
database_validate => $database_validate,
125128
node_ttl => $node_ttl,
126129
node_purge_ttl => $node_purge_ttl,
127130
report_ttl => $report_ttl,
@@ -142,6 +145,7 @@
142145
database_password => $read_database_password,
143146
database_name => $read_database_name,
144147
database_ssl => $read_database_ssl,
148+
database_validate => $read_database_validate,
145149
log_slow_statements => $read_log_slow_statements,
146150
conn_max_age => $read_conn_max_age,
147151
conn_keep_alive => $read_conn_keep_alive,

manifests/server/database_ini.pp

Lines changed: 23 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@
77
$database_password = $puppetdb::params::database_password,
88
$database_name = $puppetdb::params::database_name,
99
$database_ssl = $puppetdb::params::database_ssl,
10+
$database_validate = $puppetdb::params::database_validate,
1011
$node_ttl = $puppetdb::params::node_ttl,
1112
$node_purge_ttl = $puppetdb::params::node_purge_ttl,
1213
$report_ttl = $puppetdb::params::report_ttl,
@@ -18,29 +19,35 @@
1819
$confdir = $puppetdb::params::confdir,
1920
) inherits puppetdb::params {
2021

21-
# Validate the database connection. If we can't connect, we want to fail
22-
# and skip the rest of the configuration, so that we don't leave puppetdb
23-
# in a broken state.
24-
#
25-
# NOTE:
26-
# Because of a limitation in the postgres module this will break with
27-
# a duplicate declaration if read and write database host+name are the
28-
# same.
29-
class { 'puppetdb::server::validate_db':
30-
database => $database,
31-
database_host => $database_host,
32-
database_port => $database_port,
33-
database_username => $database_username,
34-
database_password => $database_password,
35-
database_name => $database_name,
22+
if str2bool($database_validate) {
23+
# Validate the database connection. If we can't connect, we want to fail
24+
# and skip the rest of the configuration, so that we don't leave puppetdb
25+
# in a broken state.
26+
#
27+
# NOTE:
28+
# Because of a limitation in the postgres module this will break with
29+
# a duplicate declaration if read and write database host+name are the
30+
# same.
31+
class { 'puppetdb::server::validate_db':
32+
database => $database,
33+
database_host => $database_host,
34+
database_port => $database_port,
35+
database_username => $database_username,
36+
database_password => $database_password,
37+
database_name => $database_name,
38+
}
3639
}
3740

41+
$ini_setting_require = str2bool($database_validate) ? {
42+
false => undef,
43+
default => Class['puppetdb::server::validate_db'],
44+
}
3845
# Set the defaults
3946
Ini_setting {
4047
path => "${confdir}/database.ini",
4148
ensure => present,
4249
section => 'database',
43-
require => Class['puppetdb::server::validate_db'],
50+
require => $ini_setting_require
4451
}
4552

4653
if $database == 'embedded' {

manifests/server/read_database_ini.pp

Lines changed: 23 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@
77
$database_password = $puppetdb::params::read_database_password,
88
$database_name = $puppetdb::params::read_database_name,
99
$database_ssl = $puppetdb::params::read_database_ssl,
10+
$database_validate = $puppetdb::params::read_database_validate,
1011
$log_slow_statements = $puppetdb::params::read_log_slow_statements,
1112
$conn_max_age = $puppetdb::params::read_conn_max_age,
1213
$conn_keep_alive = $puppetdb::params::read_conn_keep_alive,
@@ -18,21 +19,23 @@
1819

1920
# Only add the read database configuration if database host is defined.
2021
if $database_host != undef {
21-
# Validate the database connection. If we can't connect, we want to fail
22-
# and skip the rest of the configuration, so that we don't leave puppetdb
23-
# in a broken state.
24-
#
25-
# NOTE:
26-
# Because of a limitation in the postgres module this will break with
27-
# a duplicate declaration if read and write database host+name are the
28-
# same.
29-
class { 'puppetdb::server::validate_read_db':
30-
database => $database,
31-
database_host => $database_host,
32-
database_port => $database_port,
33-
database_username => $database_username,
34-
database_password => $database_password,
35-
database_name => $database_name,
22+
if str2bool($database_validate) {
23+
# Validate the database connection. If we can't connect, we want to fail
24+
# and skip the rest of the configuration, so that we don't leave puppetdb
25+
# in a broken state.
26+
#
27+
# NOTE:
28+
# Because of a limitation in the postgres module this will break with
29+
# a duplicate declaration if read and write database host+name are the
30+
# same.
31+
class { 'puppetdb::server::validate_read_db':
32+
database => $database,
33+
database_host => $database_host,
34+
database_port => $database_port,
35+
database_username => $database_username,
36+
database_password => $database_password,
37+
database_name => $database_name,
38+
}
3639
}
3740

3841
file { "${confdir}/read_database.ini":
@@ -42,12 +45,16 @@
4245
mode => '0600';
4346
}
4447

48+
$ini_setting_require = str2bool($database_validate) ? {
49+
false => undef,
50+
default => Class['puppetdb::server::validate_read_db'],
51+
}
4552
# Set the defaults
4653
Ini_setting {
4754
path => "${confdir}/read_database.ini",
4855
ensure => present,
4956
section => 'read-database',
50-
require => Class['puppetdb::server::validate_db'],
57+
require => $ini_setting_require,
5158
}
5259

5360
if $database == 'postgres' {

0 commit comments

Comments
 (0)