Skip to content

(PDB-1415) Add jdbc_ssl_properties parameter #206

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ajroetker merged 1 commit into from
Sep 1, 2015
Merged

(PDB-1415) Add jdbc_ssl_properties parameter #206

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 13 additions & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -290,11 +290,23 @@ The password for the database user (defaults to `puppetdb`; ignored for `embedde

The name of the database instance to connect to (defaults to `puppetdb`; ignored for `embedded` db).

####`database_ssl`
####`database_ssl` (DEPRECATED)

If true, puppetdb will use SSL to connect to the postgres database (defaults to false; ignored for `embedded` db).
Setting up proper trust- and keystores has to be managed outside of the puppetdb module.

This parameter is deprecated and will be retired in a future release. Please use
the `jdbc_ssl_properties` parameter with the value `?ssl=true`.

####`jdbc_ssl_properties`

The text to append to the JDBC connection URI. This should begin with a '?'
character. For example, to use SSL for the PostgreSQL connection, set this
parameter's value to `?ssl=true`.

This setting is only available when using PostgreSQL; when using HyperSQL (the
'embedded' database), it does nothing.

####`database_validate`

If true, the module will attempt to connect to the database using the specified settings and fail if it is not able to do so. (defaults to true)
Expand Down
244 changes: 124 additions & 120 deletions manifests/init.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,129 +1,133 @@
# All in one class for setting up a PuppetDB instance. See README.md for more
# details.
class puppetdb (
$listen_address = $puppetdb::params::listen_address,
$listen_port = $puppetdb::params::listen_port,
$open_listen_port = $puppetdb::params::open_listen_port,
$ssl_listen_address = $puppetdb::params::ssl_listen_address,
$ssl_listen_port = $puppetdb::params::ssl_listen_port,
$disable_ssl = $puppetdb::params::disable_ssl,
$open_ssl_listen_port = $puppetdb::params::open_ssl_listen_port,
$ssl_dir = $puppetdb::params::ssl_dir,
$ssl_set_cert_paths = $puppetdb::params::ssl_set_cert_paths,
$ssl_cert_path = $puppetdb::params::ssl_cert_path,
$ssl_key_path = $puppetdb::params::ssl_key_path,
$ssl_ca_cert_path = $puppetdb::params::ssl_ca_cert_path,
$ssl_deploy_certs = $puppetdb::params::ssl_deploy_certs,
$ssl_key = $puppetdb::params::ssl_key,
$ssl_cert = $puppetdb::params::ssl_cert,
$ssl_ca_cert = $puppetdb::params::ssl_ca_cert,
$ssl_protocols = $puppetdb::params::ssl_protocols,
$manage_dbserver = $puppetdb::params::manage_dbserver,
$manage_package_repo = $puppetdb::params::manage_pg_repo,
$postgres_version = $puppetdb::params::postgres_version,
$database = $puppetdb::params::database,
$database_host = $puppetdb::params::database_host,
$database_port = $puppetdb::params::database_port,
$database_username = $puppetdb::params::database_username,
$database_password = $puppetdb::params::database_password,
$database_name = $puppetdb::params::database_name,
$database_ssl = $puppetdb::params::database_ssl,
$database_listen_address = $puppetdb::params::postgres_listen_addresses,
$database_validate = $puppetdb::params::database_validate,
$database_embedded_path = $puppetdb::params::database_embedded_path,
$node_ttl = $puppetdb::params::node_ttl,
$node_purge_ttl = $puppetdb::params::node_purge_ttl,
$report_ttl = $puppetdb::params::report_ttl,
$gc_interval = $puppetdb::params::gc_interval,
$log_slow_statements = $puppetdb::params::log_slow_statements,
$conn_max_age = $puppetdb::params::conn_max_age,
$conn_keep_alive = $puppetdb::params::conn_keep_alive,
$conn_lifetime = $puppetdb::params::conn_lifetime,
$puppetdb_package = $puppetdb::params::puppetdb_package,
$puppetdb_service = $puppetdb::params::puppetdb_service,
$puppetdb_service_status = $puppetdb::params::puppetdb_service_status,
$puppetdb_user = $puppetdb::params::puppetdb_user,
$puppetdb_group = $puppetdb::params::puppetdb_group,
$read_database = $puppetdb::params::read_database,
$read_database_host = $puppetdb::params::read_database_host,
$read_database_port = $puppetdb::params::read_database_port,
$read_database_username = $puppetdb::params::read_database_username,
$read_database_password = $puppetdb::params::read_database_password,
$read_database_name = $puppetdb::params::read_database_name,
$read_database_ssl = $puppetdb::params::read_database_ssl,
$read_database_validate = $puppetdb::params::read_database_validate,
$read_log_slow_statements = $puppetdb::params::read_log_slow_statements,
$read_conn_max_age = $puppetdb::params::read_conn_max_age,
$read_conn_keep_alive = $puppetdb::params::read_conn_keep_alive,
$read_conn_lifetime = $puppetdb::params::read_conn_lifetime,
$confdir = $puppetdb::params::confdir,
$manage_firewall = $puppetdb::params::manage_firewall,
$java_args = $puppetdb::params::java_args,
$max_threads = $puppetdb::params::max_threads,
$command_threads = $puppetdb::params::command_threads,
$store_usage = $puppetdb::params::store_usage,
$temp_usage = $puppetdb::params::temp_usage
$listen_address = $puppetdb::params::listen_address,
$listen_port = $puppetdb::params::listen_port,
$open_listen_port = $puppetdb::params::open_listen_port,
$ssl_listen_address = $puppetdb::params::ssl_listen_address,
$ssl_listen_port = $puppetdb::params::ssl_listen_port,
$disable_ssl = $puppetdb::params::disable_ssl,
$open_ssl_listen_port = $puppetdb::params::open_ssl_listen_port,
$ssl_dir = $puppetdb::params::ssl_dir,
$ssl_set_cert_paths = $puppetdb::params::ssl_set_cert_paths,
$ssl_cert_path = $puppetdb::params::ssl_cert_path,
$ssl_key_path = $puppetdb::params::ssl_key_path,
$ssl_ca_cert_path = $puppetdb::params::ssl_ca_cert_path,
$ssl_deploy_certs = $puppetdb::params::ssl_deploy_certs,
$ssl_key = $puppetdb::params::ssl_key,
$ssl_cert = $puppetdb::params::ssl_cert,
$ssl_ca_cert = $puppetdb::params::ssl_ca_cert,
$ssl_protocols = $puppetdb::params::ssl_protocols,
$manage_dbserver = $puppetdb::params::manage_dbserver,
$manage_package_repo = $puppetdb::params::manage_pg_repo,
$postgres_version = $puppetdb::params::postgres_version,
$database = $puppetdb::params::database,
$database_host = $puppetdb::params::database_host,
$database_port = $puppetdb::params::database_port,
$database_username = $puppetdb::params::database_username,
$database_password = $puppetdb::params::database_password,
$database_name = $puppetdb::params::database_name,
$database_ssl = $puppetdb::params::database_ssl,
$jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties,
$database_listen_address = $puppetdb::params::postgres_listen_addresses,
$database_validate = $puppetdb::params::database_validate,
$database_embedded_path = $puppetdb::params::database_embedded_path,
$node_ttl = $puppetdb::params::node_ttl,
$node_purge_ttl = $puppetdb::params::node_purge_ttl,
$report_ttl = $puppetdb::params::report_ttl,
$gc_interval = $puppetdb::params::gc_interval,
$log_slow_statements = $puppetdb::params::log_slow_statements,
$conn_max_age = $puppetdb::params::conn_max_age,
$conn_keep_alive = $puppetdb::params::conn_keep_alive,
$conn_lifetime = $puppetdb::params::conn_lifetime,
$puppetdb_package = $puppetdb::params::puppetdb_package,
$puppetdb_service = $puppetdb::params::puppetdb_service,
$puppetdb_service_status = $puppetdb::params::puppetdb_service_status,
$puppetdb_user = $puppetdb::params::puppetdb_user,
$puppetdb_group = $puppetdb::params::puppetdb_group,
$read_database = $puppetdb::params::read_database,
$read_database_host = $puppetdb::params::read_database_host,
$read_database_port = $puppetdb::params::read_database_port,
$read_database_username = $puppetdb::params::read_database_username,
$read_database_password = $puppetdb::params::read_database_password,
$read_database_name = $puppetdb::params::read_database_name,
$read_database_ssl = $puppetdb::params::read_database_ssl,
$read_database_jdbc_ssl_properties = $puppetdb::params::read_database_jdbc_ssl_properties,
$read_database_validate = $puppetdb::params::read_database_validate,
$read_log_slow_statements = $puppetdb::params::read_log_slow_statements,
$read_conn_max_age = $puppetdb::params::read_conn_max_age,
$read_conn_keep_alive = $puppetdb::params::read_conn_keep_alive,
$read_conn_lifetime = $puppetdb::params::read_conn_lifetime,
$confdir = $puppetdb::params::confdir,
$manage_firewall = $puppetdb::params::manage_firewall,
$java_args = $puppetdb::params::java_args,
$max_threads = $puppetdb::params::max_threads,
$command_threads = $puppetdb::params::command_threads,
$store_usage = $puppetdb::params::store_usage,
$temp_usage = $puppetdb::params::temp_usage
) inherits puppetdb::params {

class { '::puppetdb::server':
listen_address => $listen_address,
listen_port => $listen_port,
open_listen_port => $open_listen_port,
ssl_listen_address => $ssl_listen_address,
ssl_listen_port => $ssl_listen_port,
disable_ssl => $disable_ssl,
open_ssl_listen_port => $open_ssl_listen_port,
ssl_dir => $ssl_dir,
ssl_set_cert_paths => $ssl_set_cert_paths,
ssl_cert_path => $ssl_cert_path,
ssl_key_path => $ssl_key_path,
ssl_ca_cert_path => $ssl_ca_cert_path,
ssl_deploy_certs => $ssl_deploy_certs,
ssl_key => $ssl_key,
ssl_cert => $ssl_cert,
ssl_ca_cert => $ssl_ca_cert,
ssl_protocols => $ssl_protocols,
database => $database,
database_host => $database_host,
database_port => $database_port,
database_username => $database_username,
database_password => $database_password,
database_name => $database_name,
database_ssl => $database_ssl,
database_validate => $database_validate,
database_embedded_path => $database_embedded_path,
node_ttl => $node_ttl,
node_purge_ttl => $node_purge_ttl,
report_ttl => $report_ttl,
gc_interval => $gc_interval,
log_slow_statements => $log_slow_statements,
conn_max_age => $conn_max_age,
conn_keep_alive => $conn_keep_alive,
conn_lifetime => $conn_lifetime,
puppetdb_package => $puppetdb_package,
puppetdb_service => $puppetdb_service,
puppetdb_service_status => $puppetdb_service_status,
confdir => $confdir,
java_args => $java_args,
max_threads => $max_threads,
read_database => $read_database,
read_database_host => $read_database_host,
read_database_port => $read_database_port,
read_database_username => $read_database_username,
read_database_password => $read_database_password,
read_database_name => $read_database_name,
read_database_ssl => $read_database_ssl,
read_database_validate => $read_database_validate,
read_log_slow_statements => $read_log_slow_statements,
read_conn_max_age => $read_conn_max_age,
read_conn_keep_alive => $read_conn_keep_alive,
read_conn_lifetime => $read_conn_lifetime,
puppetdb_user => $puppetdb_user,
puppetdb_group => $puppetdb_group,
manage_firewall => $manage_firewall,
command_threads => $command_threads,
store_usage => $store_usage,
temp_usage => $temp_usage,
listen_address => $listen_address,
listen_port => $listen_port,
open_listen_port => $open_listen_port,
ssl_listen_address => $ssl_listen_address,
ssl_listen_port => $ssl_listen_port,
disable_ssl => $disable_ssl,
open_ssl_listen_port => $open_ssl_listen_port,
ssl_dir => $ssl_dir,
ssl_set_cert_paths => $ssl_set_cert_paths,
ssl_cert_path => $ssl_cert_path,
ssl_key_path => $ssl_key_path,
ssl_ca_cert_path => $ssl_ca_cert_path,
ssl_deploy_certs => $ssl_deploy_certs,
ssl_key => $ssl_key,
ssl_cert => $ssl_cert,
ssl_ca_cert => $ssl_ca_cert,
ssl_protocols => $ssl_protocols,
database => $database,
database_host => $database_host,
database_port => $database_port,
database_username => $database_username,
database_password => $database_password,
database_name => $database_name,
database_ssl => $database_ssl,
jdbc_ssl_properties => $jdbc_ssl_properties,
database_validate => $database_validate,
database_embedded_path => $database_embedded_path,
node_ttl => $node_ttl,
node_purge_ttl => $node_purge_ttl,
report_ttl => $report_ttl,
gc_interval => $gc_interval,
log_slow_statements => $log_slow_statements,
conn_max_age => $conn_max_age,
conn_keep_alive => $conn_keep_alive,
conn_lifetime => $conn_lifetime,
puppetdb_package => $puppetdb_package,
puppetdb_service => $puppetdb_service,
puppetdb_service_status => $puppetdb_service_status,
confdir => $confdir,
java_args => $java_args,
max_threads => $max_threads,
read_database => $read_database,
read_database_host => $read_database_host,
read_database_port => $read_database_port,
read_database_username => $read_database_username,
read_database_password => $read_database_password,
read_database_name => $read_database_name,
read_database_ssl => $read_database_ssl,
read_database_jdbc_ssl_properties => $read_database_jdbc_ssl_properties,
read_database_validate => $read_database_validate,
read_log_slow_statements => $read_log_slow_statements,
read_conn_max_age => $read_conn_max_age,
read_conn_keep_alive => $read_conn_keep_alive,
read_conn_lifetime => $read_conn_lifetime,
puppetdb_user => $puppetdb_user,
puppetdb_group => $puppetdb_group,
manage_firewall => $manage_firewall,
command_threads => $command_threads,
store_usage => $store_usage,
temp_usage => $temp_usage,
}

if ($database == 'postgres') {
Expand Down
40 changes: 21 additions & 19 deletions manifests/params.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,13 +19,14 @@
$postgres_version = '9.4'

# The remaining database settings are not used for an embedded database
$database_host = 'localhost'
$database_port = '5432'
$database_name = 'puppetdb'
$database_username = 'puppetdb'
$database_password = 'puppetdb'
$database_ssl = false
$database_validate = true
$database_host = 'localhost'
$database_port = '5432'
$database_name = 'puppetdb'
$database_username = 'puppetdb'
$database_password = 'puppetdb'
$database_ssl = undef
$jdbc_ssl_properties = ''
$database_validate = true

# These settings manage the various auto-deactivation and auto-purge settings
$node_ttl = '0s'
Expand All @@ -42,18 +43,19 @@
$max_threads = undef

# These settings are for the read database
$read_database = 'postgres'
$read_database_host = undef
$read_database_port = '5432'
$read_database_name = 'puppetdb'
$read_database_username = 'puppetdb'
$read_database_password = 'puppetdb'
$read_database_ssl = false
$read_database_validate = true
$read_log_slow_statements = '10'
$read_conn_max_age = '60'
$read_conn_keep_alive = '45'
$read_conn_lifetime = '0'
$read_database = 'postgres'
$read_database_host = undef
$read_database_port = '5432'
$read_database_name = 'puppetdb'
$read_database_username = 'puppetdb'
$read_database_password = 'puppetdb'
$read_database_ssl = undef
$read_database_jdbc_ssl_properties = ''
$read_database_validate = true
$read_log_slow_statements = '10'
$read_conn_max_age = '60'
$read_conn_keep_alive = '45'
$read_conn_lifetime = '0'

$manage_firewall = true
$java_args = {}
Expand Down
Loading