|
71 | 71 | if !($puppetdb_version in ['latest','present','absent']) and versioncmp($puppetdb_version, '3.0.0') < 0 { |
72 | 72 | case $::osfamily { |
73 | 73 | 'RedHat', 'Suse', 'Archlinux','Debian': { |
74 | | - $confdir = '/etc/puppetdb/conf.d' |
| 74 | + $etcdir = '/etc/puppetdb' |
75 | 75 | $vardir = '/var/lib/puppetdb' |
76 | 76 | $database_embedded_path = "${vardir}/db/db" |
77 | 77 | $puppet_confdir = pick($settings::confdir,'/etc/puppet') |
78 | 78 | $puppet_service_name = 'puppetmaster' |
79 | | - $ssl_dir = '/etc/puppetdb/ssl' |
80 | 79 | } |
81 | 80 | 'OpenBSD': { |
82 | | - $confdir = '/etc/puppetdb/conf.d' |
| 81 | + $etcdir = '/etc/puppetdb' |
83 | 82 | $vardir = '/var/db/puppetdb' |
84 | 83 | $database_embedded_path = "${vardir}/db/db" |
85 | 84 | $puppet_confdir = pick($settings::confdir,'/etc/puppet') |
86 | 85 | $puppet_service_name = 'puppetmasterd' |
87 | | - $ssl_dir = '/etc/puppetdb/ssl' |
88 | 86 | } |
89 | 87 | 'FreeBSD': { |
90 | | - $confdir = '/usr/local/etc/puppetdb/conf.d' |
| 88 | + $etcdir = '/usr/local/etc/puppetdb' |
91 | 89 | $vardir = '/var/db/puppetdb' |
92 | 90 | $database_embedded_path = "${vardir}/db/db" |
93 | 91 | $puppet_confdir = pick($settings::confdir,'/usr/local/etc/puppet') |
94 | 92 | $puppet_service_name = 'puppetmaster' |
95 | | - $ssl_dir = '/usr/local/etc/puppetdb/ssl' |
96 | 93 | } |
97 | 94 | default: { |
98 | 95 | fail("The fact 'osfamily' is set to ${::osfamily} which is not supported by the puppetdb module.") |
|
103 | 100 | } else { |
104 | 101 | case $::osfamily { |
105 | 102 | 'RedHat', 'Suse', 'Archlinux','Debian': { |
106 | | - $confdir = '/etc/puppetlabs/puppetdb/conf.d' |
| 103 | + $etcdir = '/etc/puppetlabs/puppetdb' |
107 | 104 | $puppet_confdir = pick($settings::confdir,'/etc/puppetlabs/puppet') |
108 | 105 | $puppet_service_name = 'puppetserver' |
109 | | - $ssl_dir = '/etc/puppetlabs/puppetdb/ssl' |
110 | 106 | } |
111 | 107 | 'OpenBSD': { |
112 | | - $confdir = '/etc/puppetlabs/puppetdb/conf.d' |
| 108 | + $etcdir = '/etc/puppetlabs/puppetdb' |
113 | 109 | $puppet_confdir = pick($settings::confdir,'/etc/puppetlabs/puppet') |
114 | 110 | $puppet_service_name = undef |
115 | | - $ssl_dir = '/etc/puppetlabs/puppetdb/ssl' |
116 | 111 | } |
117 | 112 | 'FreeBSD': { |
118 | | - $confdir = '/usr/local/etc/puppetlabs/puppetdb/conf.d' |
| 113 | + $etcdir = '/usr/local/etc/puppetlabs/puppetdb' |
119 | 114 | $puppet_confdir = pick($settings::confdir,'/usr/local/etc/puppetlabs/puppet') |
120 | 115 | $puppet_service_name = undef |
121 | | - $ssl_dir = '/usr/local/etc/puppetlabs/puppetdb/ssl' |
122 | 116 | } |
123 | 117 | default: { |
124 | 118 | fail("The fact 'osfamily' is set to ${::osfamily} which is not supported by the puppetdb module.") |
|
130 | 124 | $database_embedded_path = "${vardir}/db/db" |
131 | 125 | } |
132 | 126 |
|
| 127 | + $confdir = "${etcdir}/conf.d" |
| 128 | + $ssl_dir = "${etcdir}/ssl" |
| 129 | + |
133 | 130 | case $::osfamily { |
134 | 131 | 'RedHat', 'Suse', 'Archlinux': { |
135 | 132 | $puppetdb_initconf = '/etc/sysconfig/puppetdb' |
|
161 | 158 | $ssl_key = undef |
162 | 159 | $ssl_cert = undef |
163 | 160 | $ssl_ca_cert = undef |
| 161 | + |
| 162 | + $certificate_whitelist_file = "${etcdir}/certificate-whitelist" |
| 163 | + # the default is free access for now |
| 164 | + $certificate_whitelist = [ ] |
| 165 | + # change to this to only allow access by the puppet master by default: |
| 166 | + #$certificate_whitelist = [ $::servername ] |
164 | 167 | } |
0 commit comments