17594 - PuppetDB - Add ability to set standard host listen address and open firewall to standard port#21
Conversation
…d open firewall to standard port Prior to this commit the module did not provide a way to set a bind address for the HTTP port. This commit allows users to not only bind to an address and port other than localhost and 8080, but it also opens the firewall if explicitly requested.
There was a problem hiding this comment.
I added this parameter so users can run postgres on a separate server from puppetdb. Without this, it would not be possible because postgres listens on localhost only. They would also need to open the firewall port....
There was a problem hiding this comment.
So, the idea of the top-level class (init.pp) is to be a super-simple high-level abstraction around installing PuppetDB all on one machine. It's always going to install postgres on the same machine as PuppetDB, so I don't think we need this parameter or thedatabase_host parameter.
The idea is that if folks want something more complicated, they'd use the lower level ::server and ::database classes on different machines... does that make sense? I'm open to feedback about changing that but I think that seems reasonable. I also think that most of the rest of the parameters are probably OK to add in.
There was a problem hiding this comment.
Sounds good to me. I actually waffled about this when I did it. I'll take some of those out.
|
@cprice-puppet - I feel like I stayed with what we discussed but there ended up being a ton of changes. If this oversteps what you were envisioning I am completely open to changing it. Thanks for reviewing. |
|
@bke-drewb thanks! I was expecting it to be a non-trivial number of changes. Reviewing now! |
There was a problem hiding this comment.
I think that we need for this to default to true, because otherwise the puppet master can't connect.
There was a problem hiding this comment.
Ah, yes. It will always been to be open unless puppetdb, postgres and puppet master run on the same box. So, will people more often run all 3 together, or split postgres/puppetdb from the puppet master?
There was a problem hiding this comment.
Good question. I think I've been presuming that the most common scenario would be that PuppetDB and postgres would be on the same machine, but that would be a separate machine from the puppet master. Not entirely sure if that assumption is valid but that was how I'd chosen the defaults before.
|
Sorry for the herky-jerky responses to the pull req, I kept having to leave for meetings before I finished. Overall this looks awesome, thanks so much for the submission. I think with the one fix re Thanks! |
|
Hey @bke-drewb : thanks again for this submission. Are you still actively working on this? If not, I will try to find some time in the next week or two to follow up on the last few changes so that I can merge it. |
|
Hi @cprice-puppet. Yeah I am. I got stuck on a few other things. I will have time in the next 2 days or so no problem. Thanks. |
|
awesome -- thanks! |
|
I submitted this pull request from a commit instead of from my issue branch. I am closing this pull request and all cumulative changes are in pull request #22 |
2 participants
I tested various combinations of the old manage_redhat_firewall param and the new open port params. The deprecation notices and fail messages work great.
I also adjusted the distributed example file to show how to open ports for postgres and puppetdb when necessary.
See notes on pull request code for more information.