From 5960920eac82010f0ab0a450b28394a2b3e6cb52 Mon Sep 17 00:00:00 2001 From: gustavo panizzo Date: Tue, 22 Dec 2020 17:19:02 +0100 Subject: [PATCH 01/97] Hide passwords from logs and output --- manifests/server/database.pp | 5 +++-- manifests/server/read_database.pp | 5 +++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/manifests/server/database.pp b/manifests/server/database.pp index 087f07b7..a12e234b 100644 --- a/manifests/server/database.pp +++ b/manifests/server/database.pp @@ -99,8 +99,9 @@ if $database_password != undef and $manage_db_password { ini_setting { 'puppetdb_psdatabase_password': - setting => 'password', - value => $database_password, + setting => 'password', + value => $database_password, + show_diff => false, } } diff --git a/manifests/server/read_database.pp b/manifests/server/read_database.pp index b6155162..3fa5014d 100644 --- a/manifests/server/read_database.pp +++ b/manifests/server/read_database.pp @@ -93,8 +93,9 @@ if $read_database_password != undef and $manage_db_password { ini_setting { 'puppetdb_read_database_password': - setting => 'password', - value => $read_database_password, + setting => 'password', + value => $read_database_password, + show_diff => false, } } From 5eca5fd11e1d9c9a6096227a29ac6d6b15fed839 Mon Sep 17 00:00:00 2001 From: Glenn Aaldering Date: Mon, 8 Feb 2021 12:25:52 +0100 Subject: [PATCH 02/97] cron puppetdb-dlo-cleanup requires package Fixes the following error Error: /Stage[main]/Puppetdb::Server/Cron[puppetdb-dlo-cleanup]: Could not evaluate: Cannot write the puppetdb user's crontab: The user does not exist --- manifests/server.pp | 1 + 1 file changed, 1 insertion(+) diff --git a/manifests/server.pp b/manifests/server.pp index 6cae51d5..95f878c1 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -664,6 +664,7 @@ weekday => '*', command => "/usr/bin/find ${vardir}/stockpile/discard/ -type f -mtime ${dlo_max_age} -delete", user => $puppetdb_user, + require => Package[$puppetdb_package], } } } From efc8ef2fb84b1c6961c037370aab2174b0f5d9a7 Mon Sep 17 00:00:00 2001 From: Kenyon Ralph Date: Sun, 19 Dec 2021 22:17:33 -0800 Subject: [PATCH 03/97] README: correct postgres_version docs Missed this doc update with #333. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2684a654..8bd752e2 100644 --- a/README.md +++ b/README.md @@ -959,7 +959,7 @@ be installed from the regular repository. Defaults to `true`. #### `postgres_version` If the postgresql.org repo is installed, you can install several versions of -postgres. Defaults to `9.6` in module version 6.0+ and `9.4` in older versions. +postgres. Defaults to `11` with PuppetDB version 7.0.0 or newer, and `9.6` in older versions. Implementation --------------- From 36a8cd83f29d9f032d0b1cf04bff1f00b0fc52ed Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Romain=20Tarti=C3=A8re?= Date: Mon, 7 Feb 2022 12:18:41 -1000 Subject: [PATCH 04/97] (maint) Restrict file permissions PuppetDB runs as the puppetdb user. This user must have read access to the various configuration files but does not need write access to them. This ensure the service configuration cannot be unexpectedly changed by PuppetDB itself if some vulnerability allow random code execution, limiting the possibilities of exploitation and pivoting if such a vulnerability is found. --- manifests/server.pp | 24 ++++++++----------- manifests/server/database.pp | 5 ++-- manifests/server/jetty.pp | 5 ++-- manifests/server/puppetdb.pp | 5 ++-- manifests/server/read_database.pp | 5 ++-- spec/unit/classes/server/database_ini_spec.rb | 4 ++-- spec/unit/classes/server/jetty_ini_spec.rb | 4 ++-- spec/unit/classes/server/puppetdb_ini_spec.rb | 4 ++-- .../classes/server/read_database_ini_spec.rb | 4 ++-- spec/unit/classes/server_spec.rb | 4 ++-- 10 files changed, 28 insertions(+), 36 deletions(-) diff --git a/manifests/server.pp b/manifests/server.pp index 6cae51d5..c04fd982 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -478,7 +478,6 @@ conn_max_age => $conn_max_age, conn_lifetime => $conn_lifetime, confdir => $confdir, - puppetdb_user => $puppetdb_user, puppetdb_group => $puppetdb_group, migrate => $migrate, notify => Service[$puppetdb_service], @@ -510,7 +509,6 @@ conn_max_age => $read_conn_max_age, conn_lifetime => $read_conn_lifetime, confdir => $confdir, - puppetdb_user => $puppetdb_user, puppetdb_group => $puppetdb_group, notify => Service[$puppetdb_service], database_max_pool_size => $read_database_max_pool_size, @@ -520,29 +518,29 @@ file { $ssl_dir: ensure => directory, - owner => $puppetdb_user, + owner => 'root', group => $puppetdb_group, - mode => '0700'; + mode => '0755'; $ssl_key_path: ensure => file, content => $ssl_key, - owner => $puppetdb_user, + owner => 'root', group => $puppetdb_group, - mode => '0600', + mode => '0640', notify => Service[$puppetdb_service]; $ssl_cert_path: ensure => file, content => $ssl_cert, - owner => $puppetdb_user, + owner => 'root', group => $puppetdb_group, - mode => '0600', + mode => '0644', notify => Service[$puppetdb_service]; $ssl_ca_cert_path: ensure => file, content => $ssl_ca_cert, - owner => $puppetdb_user, + owner => 'root', group => $puppetdb_group, - mode => '0600', + mode => '0644', notify => Service[$puppetdb_service]; } } @@ -560,9 +558,9 @@ file { $ssl_key_pk8_path: ensure => file, - owner => $puppetdb_user, + owner => 'root', group => $puppetdb_group, - mode => '0600', + mode => '0640', notify => Service[$puppetdb_service], } } @@ -583,7 +581,6 @@ confdir => $confdir, max_threads => $max_threads, notify => Service[$puppetdb_service], - puppetdb_user => $puppetdb_user, puppetdb_group => $puppetdb_group, } @@ -592,7 +589,6 @@ certificate_whitelist => $certificate_whitelist, disable_update_checking => $disable_update_checking, confdir => $confdir, - puppetdb_user => $puppetdb_user, puppetdb_group => $puppetdb_group, notify => Service[$puppetdb_service], } diff --git a/manifests/server/database.pp b/manifests/server/database.pp index 087f07b7..2e835e02 100644 --- a/manifests/server/database.pp +++ b/manifests/server/database.pp @@ -19,7 +19,6 @@ $conn_max_age = $puppetdb::params::conn_max_age, $conn_lifetime = $puppetdb::params::conn_lifetime, $confdir = $puppetdb::params::confdir, - $puppetdb_user = $puppetdb::params::puppetdb_user, $puppetdb_group = $puppetdb::params::puppetdb_group, $database_max_pool_size = $puppetdb::params::database_max_pool_size, $migrate = $puppetdb::params::migrate, @@ -50,9 +49,9 @@ file { $database_ini: ensure => file, - owner => $puppetdb_user, + owner => 'root', group => $puppetdb_group, - mode => '0600', + mode => '0640', } $file_require = File[$database_ini] diff --git a/manifests/server/jetty.pp b/manifests/server/jetty.pp index 1dca0670..9a4bbb47 100644 --- a/manifests/server/jetty.pp +++ b/manifests/server/jetty.pp @@ -16,16 +16,15 @@ Optional[String] $cipher_suites = $puppetdb::params::cipher_suites, $confdir = $puppetdb::params::confdir, $max_threads = $puppetdb::params::max_threads, - $puppetdb_user = $puppetdb::params::puppetdb_user, $puppetdb_group = $puppetdb::params::puppetdb_group, ) inherits puppetdb::params { $jetty_ini = "${confdir}/jetty.ini" file { $jetty_ini: ensure => file, - owner => $puppetdb_user, + owner => 'root', group => $puppetdb_group, - mode => '0600', + mode => '0640', } # Set the defaults diff --git a/manifests/server/puppetdb.pp b/manifests/server/puppetdb.pp index 1057be19..001547df 100644 --- a/manifests/server/puppetdb.pp +++ b/manifests/server/puppetdb.pp @@ -6,16 +6,15 @@ $certificate_whitelist = $puppetdb::params::certificate_whitelist, $disable_update_checking = $puppetdb::params::disable_update_checking, $confdir = $puppetdb::params::confdir, - $puppetdb_user = $puppetdb::params::puppetdb_user, $puppetdb_group = $puppetdb::params::puppetdb_group, ) inherits puppetdb::params { $puppetdb_ini = "${confdir}/puppetdb.ini" file { $puppetdb_ini: ensure => file, - owner => $puppetdb_user, + owner => 'root', group => $puppetdb_group, - mode => '0600', + mode => '0640', } # Set the defaults diff --git a/manifests/server/read_database.pp b/manifests/server/read_database.pp index b6155162..15aa2e7a 100644 --- a/manifests/server/read_database.pp +++ b/manifests/server/read_database.pp @@ -13,7 +13,6 @@ $conn_max_age = $puppetdb::params::read_conn_max_age, $conn_lifetime = $puppetdb::params::read_conn_lifetime, $confdir = $puppetdb::params::confdir, - $puppetdb_user = $puppetdb::params::puppetdb_user, $puppetdb_group = $puppetdb::params::puppetdb_group, $database_max_pool_size = $puppetdb::params::read_database_max_pool_size, $postgresql_ssl_on = $puppetdb::params::postgresql_ssl_on, @@ -44,9 +43,9 @@ file { $read_database_ini: ensure => file, - owner => $puppetdb_user, + owner => 'root', group => $puppetdb_group, - mode => '0600', + mode => '0640', } $file_require = File[$read_database_ini] diff --git a/spec/unit/classes/server/database_ini_spec.rb b/spec/unit/classes/server/database_ini_spec.rb index 4d6a5810..4d9d7fa5 100644 --- a/spec/unit/classes/server/database_ini_spec.rb +++ b/spec/unit/classes/server/database_ini_spec.rb @@ -20,9 +20,9 @@ is_expected.to contain_file("#{pdbconfdir}/database.ini") .with( 'ensure' => 'file', - 'owner' => 'puppetdb', + 'owner' => 'root', 'group' => 'puppetdb', - 'mode' => '0600', + 'mode' => '0640', ) } it { diff --git a/spec/unit/classes/server/jetty_ini_spec.rb b/spec/unit/classes/server/jetty_ini_spec.rb index ce322bc6..1baf749b 100644 --- a/spec/unit/classes/server/jetty_ini_spec.rb +++ b/spec/unit/classes/server/jetty_ini_spec.rb @@ -20,9 +20,9 @@ is_expected.to contain_file("#{pdbconfdir}/jetty.ini") .with( 'ensure' => 'file', - 'owner' => 'puppetdb', + 'owner' => 'root', 'group' => 'puppetdb', - 'mode' => '0600', + 'mode' => '0640', ) } it { diff --git a/spec/unit/classes/server/puppetdb_ini_spec.rb b/spec/unit/classes/server/puppetdb_ini_spec.rb index 14d8907e..8ccb1bc3 100644 --- a/spec/unit/classes/server/puppetdb_ini_spec.rb +++ b/spec/unit/classes/server/puppetdb_ini_spec.rb @@ -30,9 +30,9 @@ is_expected.to contain_file('/etc/puppetlabs/puppetdb/conf.d/puppetdb.ini') .with( 'ensure' => 'file', - 'owner' => 'puppetdb', + 'owner' => 'root', 'group' => 'puppetdb', - 'mode' => '0600', + 'mode' => '0640', ) } it { diff --git a/spec/unit/classes/server/read_database_ini_spec.rb b/spec/unit/classes/server/read_database_ini_spec.rb index a5f189f0..277104a3 100644 --- a/spec/unit/classes/server/read_database_ini_spec.rb +++ b/spec/unit/classes/server/read_database_ini_spec.rb @@ -20,9 +20,9 @@ is_expected.to contain_file('/etc/puppetlabs/puppetdb/conf.d/read_database.ini') .with( 'ensure' => 'file', - 'owner' => 'puppetdb', + 'owner' => 'root', 'group' => 'puppetdb', - 'mode' => '0600', + 'mode' => '0640', ) } it { diff --git a/spec/unit/classes/server_spec.rb b/spec/unit/classes/server_spec.rb index 78cd4f49..7b9a3e11 100644 --- a/spec/unit/classes/server_spec.rb +++ b/spec/unit/classes/server_spec.rb @@ -210,9 +210,9 @@ is_expected.to contain_file('/etc/puppetlabs/puppetdb/ssl/private.pk8') .with( ensure: 'file', - owner: 'puppetdb', + owner: 'root', group: 'puppetdb', - mode: '0600', + mode: '0640', ) end end From 069288e6f53e602c84f4dd24903d34fba2ad909a Mon Sep 17 00:00:00 2001 From: Jeffrey Clark Date: Tue, 19 Dec 2023 05:17:56 -0600 Subject: [PATCH 05/97] update pdk template 3.0.1 --- .gitignore | 3 +- .pdkignore | 18 +- .puppet-lint.rc | 1 + .rubocop.yml | 631 +++++++++++++++++++++++++++++++++++++++-- .sync.yml | 33 ++- .travis.yml | 53 ---- Gemfile | 56 ++-- Rakefile | 25 +- metadata.json | 6 +- pdk.yaml | 2 + spec/default_facts.yml | 7 +- spec/spec_helper.rb | 21 +- 12 files changed, 713 insertions(+), 143 deletions(-) delete mode 100644 .travis.yml create mode 100644 pdk.yaml diff --git a/.gitignore b/.gitignore index 2767022c..3f155121 100644 --- a/.gitignore +++ b/.gitignore @@ -16,7 +16,7 @@ /log/ /pkg/ /spec/fixtures/manifests/ -/spec/fixtures/modules/ +/spec/fixtures/modules/* /tmp/ /vendor/ /convert_report.txt @@ -25,3 +25,4 @@ .project .envrc /inventory.yaml +/spec/fixtures/litmus_inventory.yaml diff --git a/.pdkignore b/.pdkignore index e6215cd0..fe5cdba3 100644 --- a/.pdkignore +++ b/.pdkignore @@ -16,7 +16,7 @@ /log/ /pkg/ /spec/fixtures/manifests/ -/spec/fixtures/modules/ +/spec/fixtures/modules/* /tmp/ /vendor/ /convert_report.txt @@ -25,18 +25,26 @@ .project .envrc /inventory.yaml -/appveyor.yml +/spec/fixtures/litmus_inventory.yaml /.fixtures.yml /Gemfile /.gitattributes +/.github/ /.gitignore -/.gitlab-ci.yml /.pdkignore +/.puppet-lint.rc /Rakefile /rakelib/ /.rspec -/.rubocop.yml -/.travis.yml +/..yml /.yardopts /spec/ /.vscode/ +/.sync.yml +/.devcontainer/ +/.*.yml +/pdk.yaml +/.pmtignore +/.git* +/.editorconfig +/provision.yaml diff --git a/.puppet-lint.rc b/.puppet-lint.rc index cc96ece0..a79ce0f2 100644 --- a/.puppet-lint.rc +++ b/.puppet-lint.rc @@ -1 +1,2 @@ --relative +--no-140chars-check diff --git a/.rubocop.yml b/.rubocop.yml index 5307849e..f653becb 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -1,12 +1,12 @@ --- require: +- rubocop-performance - rubocop-rspec -- rubocop-i18n AllCops: DisplayCopNames: true - TargetRubyVersion: '2.1' + TargetRubyVersion: '2.6' Include: - - "./**/*.rb" + - "**/*.rb" Exclude: - bin/* - ".vendor/**/*" @@ -18,16 +18,10 @@ AllCops: - "**/Puppetfile" - "**/Vagrantfile" - "**/Guardfile" -Metrics/LineLength: + NewCops: enable +Layout/LineLength: Description: People have wide screens, use them. Max: 200 -GetText: - Enabled: false -GetText/DecorateString: - Description: We don't want to decorate test output. - Exclude: - - spec/**/* - Enabled: false RSpec/BeforeAfterAll: Description: Beware of using after(:all) as it may cause state to leak between tests. A necessary evil in acceptance testing. @@ -36,14 +30,13 @@ RSpec/BeforeAfterAll: RSpec/HookArgument: Description: Prefer explicit :each argument, matching existing module's style EnforcedStyle: each +RSpec/DescribeSymbol: + Exclude: + - spec/unit/facter/**/*.rb Style/BlockDelimiters: Description: Prefer braces for chaining. Mostly an aesthetical choice. Better to be consistent then. EnforcedStyle: braces_for_chaining -Style/BracesAroundHashParameters: - Description: Braces are required by Ruby 2.7. Cop removed from RuboCop v0.80.0. - See https://github.com/rubocop-hq/rubocop/pull/7643 - Enabled: true Style/ClassAndModuleChildren: Description: Compact style reduces the required amount of indentation. EnforcedStyle: compact @@ -72,7 +65,7 @@ Style/TrailingCommaInArguments: Description: Prefer always trailing comma on multiline argument lists. This makes diffs, and re-ordering nicer. EnforcedStyleForMultiline: comma -Style/TrailingCommaInLiteral: +Style/TrailingCommaInArrayLiteral: Description: Prefer always trailing comma on multiline literals. This makes diffs, and re-ordering nicer. EnforcedStyleForMultiline: comma @@ -87,26 +80,176 @@ Style/Documentation: - spec/**/* Style/WordArray: EnforcedStyle: brackets +Performance/AncestorsInclude: + Enabled: true +Performance/BigDecimalWithNumericArgument: + Enabled: true +Performance/BlockGivenWithExplicitBlock: + Enabled: true +Performance/CaseWhenSplat: + Enabled: true +Performance/ConstantRegexp: + Enabled: true +Performance/MethodObjectAsBlock: + Enabled: true +Performance/RedundantSortBlock: + Enabled: true +Performance/RedundantStringChars: + Enabled: true +Performance/ReverseFirst: + Enabled: true +Performance/SortReverse: + Enabled: true +Performance/Squeeze: + Enabled: true +Performance/StringInclude: + Enabled: true +Performance/Sum: + Enabled: true Style/CollectionMethods: Enabled: true Style/MethodCalledOnDoEndBlock: Enabled: true Style/StringMethods: Enabled: true -GetText/DecorateFunctionMessage: +Bundler/GemFilename: Enabled: false -GetText/DecorateStringFormattingUsingInterpolation: +Bundler/InsecureProtocolSource: Enabled: false -GetText/DecorateStringFormattingUsingPercent: +Capybara/CurrentPathExpectation: + Enabled: false +Capybara/VisibilityMatcher: + Enabled: false +Gemspec/DuplicatedAssignment: + Enabled: false +Gemspec/OrderedDependencies: + Enabled: false +Gemspec/RequiredRubyVersion: + Enabled: false +Gemspec/RubyVersionGlobalsUsage: + Enabled: false +Layout/ArgumentAlignment: + Enabled: false +Layout/BeginEndAlignment: + Enabled: false +Layout/ClosingHeredocIndentation: + Enabled: false +Layout/EmptyComment: + Enabled: false +Layout/EmptyLineAfterGuardClause: + Enabled: false +Layout/EmptyLinesAroundArguments: + Enabled: false +Layout/EmptyLinesAroundAttributeAccessor: Enabled: false Layout/EndOfLine: Enabled: false -Layout/IndentHeredoc: +Layout/FirstArgumentIndentation: + Enabled: false +Layout/HashAlignment: + Enabled: false +Layout/HeredocIndentation: + Enabled: false +Layout/LeadingEmptyLines: + Enabled: false +Layout/SpaceAroundMethodCallOperator: + Enabled: false +Layout/SpaceInsideArrayLiteralBrackets: + Enabled: false +Layout/SpaceInsideReferenceBrackets: + Enabled: false +Lint/BigDecimalNew: + Enabled: false +Lint/BooleanSymbol: + Enabled: false +Lint/ConstantDefinitionInBlock: + Enabled: false +Lint/DeprecatedOpenSSLConstant: + Enabled: false +Lint/DisjunctiveAssignmentInConstructor: + Enabled: false +Lint/DuplicateElsifCondition: + Enabled: false +Lint/DuplicateRequire: + Enabled: false +Lint/DuplicateRescueException: + Enabled: false +Lint/EmptyConditionalBody: + Enabled: false +Lint/EmptyFile: + Enabled: false +Lint/ErbNewArguments: + Enabled: false +Lint/FloatComparison: + Enabled: false +Lint/HashCompareByIdentity: + Enabled: false +Lint/IdentityComparison: + Enabled: false +Lint/InterpolationCheck: + Enabled: false +Lint/MissingCopEnableDirective: + Enabled: false +Lint/MixedRegexpCaptureTypes: + Enabled: false +Lint/NestedPercentLiteral: + Enabled: false +Lint/NonDeterministicRequireOrder: + Enabled: false +Lint/OrderedMagicComments: + Enabled: false +Lint/OutOfRangeRegexpRef: + Enabled: false +Lint/RaiseException: + Enabled: false +Lint/RedundantCopEnableDirective: + Enabled: false +Lint/RedundantRequireStatement: + Enabled: false +Lint/RedundantSafeNavigation: + Enabled: false +Lint/RedundantWithIndex: + Enabled: false +Lint/RedundantWithObject: + Enabled: false +Lint/RegexpAsCondition: + Enabled: false +Lint/ReturnInVoidContext: + Enabled: false +Lint/SafeNavigationConsistency: + Enabled: false +Lint/SafeNavigationWithEmpty: + Enabled: false +Lint/SelfAssignment: + Enabled: false +Lint/SendWithMixinArgument: + Enabled: false +Lint/ShadowedArgument: + Enabled: false +Lint/StructNewOverride: + Enabled: false +Lint/ToJSON: + Enabled: false +Lint/TopLevelReturnWithArgument: + Enabled: false +Lint/TrailingCommaInAttributeDeclaration: + Enabled: false +Lint/UnreachableLoop: + Enabled: false +Lint/UriEscapeUnescape: + Enabled: false +Lint/UriRegexp: + Enabled: false +Lint/UselessMethodDefinition: + Enabled: false +Lint/UselessTimes: Enabled: false Metrics/AbcSize: Enabled: false Metrics/BlockLength: Enabled: false +Metrics/BlockNesting: + Enabled: false Metrics/ClassLength: Enabled: false Metrics/CyclomaticComplexity: @@ -119,19 +262,463 @@ Metrics/ParameterLists: Enabled: false Metrics/PerceivedComplexity: Enabled: false +Migration/DepartmentName: + Enabled: false +Naming/AccessorMethodName: + Enabled: false +Naming/BlockParameterName: + Enabled: false +Naming/HeredocDelimiterCase: + Enabled: false +Naming/HeredocDelimiterNaming: + Enabled: false +Naming/MemoizedInstanceVariableName: + Enabled: false +Naming/MethodParameterName: + Enabled: false +Naming/RescuedExceptionsVariableName: + Enabled: false +Naming/VariableNumber: + Enabled: false +Performance/BindCall: + Enabled: false +Performance/DeletePrefix: + Enabled: false +Performance/DeleteSuffix: + Enabled: false +Performance/InefficientHashSearch: + Enabled: false +Performance/UnfreezeString: + Enabled: false +Performance/UriDefaultParser: + Enabled: false +RSpec/Be: + Enabled: false +RSpec/Capybara/FeatureMethods: + Enabled: false +RSpec/ContainExactly: + Enabled: false +RSpec/ContextMethod: + Enabled: false +RSpec/ContextWording: + Enabled: false RSpec/DescribeClass: Enabled: false +RSpec/EmptyHook: + Enabled: false +RSpec/EmptyLineAfterExample: + Enabled: false +RSpec/EmptyLineAfterExampleGroup: + Enabled: false +RSpec/EmptyLineAfterHook: + Enabled: false RSpec/ExampleLength: Enabled: false -RSpec/MessageExpectation: +RSpec/ExampleWithoutDescription: + Enabled: false +RSpec/ExpectChange: + Enabled: false +RSpec/ExpectInHook: + Enabled: false +RSpec/FactoryBot/AttributeDefinedStatically: + Enabled: false +RSpec/FactoryBot/CreateList: + Enabled: false +RSpec/FactoryBot/FactoryClassName: + Enabled: false +RSpec/HooksBeforeExamples: + Enabled: false +RSpec/ImplicitBlockExpectation: + Enabled: false +RSpec/ImplicitSubject: + Enabled: false +RSpec/LeakyConstantDeclaration: + Enabled: false +RSpec/LetBeforeExamples: + Enabled: false +RSpec/MatchArray: + Enabled: false +RSpec/MissingExampleGroupArgument: Enabled: false RSpec/MultipleExpectations: Enabled: false +RSpec/MultipleMemoizedHelpers: + Enabled: false +RSpec/MultipleSubjects: + Enabled: false RSpec/NestedGroups: Enabled: false -Style/AsciiComments: +RSpec/PredicateMatcher: + Enabled: false +RSpec/ReceiveCounts: + Enabled: false +RSpec/ReceiveNever: + Enabled: false +RSpec/RepeatedExampleGroupBody: + Enabled: false +RSpec/RepeatedExampleGroupDescription: + Enabled: false +RSpec/RepeatedIncludeExample: + Enabled: false +RSpec/ReturnFromStub: + Enabled: false +RSpec/SharedExamples: + Enabled: false +RSpec/StubbedMock: + Enabled: false +RSpec/UnspecifiedException: + Enabled: false +RSpec/VariableDefinition: + Enabled: false +RSpec/VoidExpect: + Enabled: false +RSpec/Yield: + Enabled: false +Security/Open: + Enabled: false +Style/AccessModifierDeclarations: + Enabled: false +Style/AccessorGrouping: + Enabled: false +Style/BisectedAttrAccessor: + Enabled: false +Style/CaseLikeIf: + Enabled: false +Style/ClassEqualityComparison: + Enabled: false +Style/ColonMethodDefinition: + Enabled: false +Style/CombinableLoops: + Enabled: false +Style/CommentedKeyword: + Enabled: false +Style/Dir: + Enabled: false +Style/DoubleCopDisableDirective: + Enabled: false +Style/EmptyBlockParameter: + Enabled: false +Style/EmptyLambdaParameter: + Enabled: false +Style/Encoding: + Enabled: false +Style/EvalWithLocation: + Enabled: false +Style/ExpandPathArguments: + Enabled: false +Style/ExplicitBlockArgument: + Enabled: false +Style/ExponentialNotation: + Enabled: false +Style/FloatDivision: + Enabled: false +Style/FrozenStringLiteralComment: + Enabled: false +Style/GlobalStdStream: + Enabled: false +Style/HashAsLastArrayItem: + Enabled: false +Style/HashLikeCase: + Enabled: false +Style/HashTransformKeys: + Enabled: false +Style/HashTransformValues: Enabled: false Style/IfUnlessModifier: Enabled: false +Style/KeywordParametersOrder: + Enabled: false +Style/MinMax: + Enabled: false +Style/MixinUsage: + Enabled: false +Style/MultilineWhenThen: + Enabled: false +Style/NegatedUnless: + Enabled: false +Style/NumericPredicate: + Enabled: false +Style/OptionalBooleanParameter: + Enabled: false +Style/OrAssignment: + Enabled: false +Style/RandomWithOffset: + Enabled: false +Style/RedundantAssignment: + Enabled: false +Style/RedundantCondition: + Enabled: false +Style/RedundantConditional: + Enabled: false +Style/RedundantFetchBlock: + Enabled: false +Style/RedundantFileExtensionInRequire: + Enabled: false +Style/RedundantRegexpCharacterClass: + Enabled: false +Style/RedundantRegexpEscape: + Enabled: false +Style/RedundantSelfAssignment: + Enabled: false +Style/RedundantSort: + Enabled: false +Style/RescueStandardError: + Enabled: false +Style/SingleArgumentDig: + Enabled: false +Style/SlicingWithRange: + Enabled: false +Style/SoleNestedConditional: + Enabled: false +Style/StderrPuts: + Enabled: false +Style/StringConcatenation: + Enabled: false +Style/Strip: + Enabled: false Style/SymbolProc: Enabled: false +Style/TrailingBodyOnClass: + Enabled: false +Style/TrailingBodyOnMethodDefinition: + Enabled: false +Style/TrailingBodyOnModule: + Enabled: false +Style/TrailingCommaInHashLiteral: + Enabled: false +Style/TrailingMethodEndStatement: + Enabled: false +Style/UnpackFirst: + Enabled: false +Capybara/MatchStyle: + Enabled: false +Capybara/NegationMatcher: + Enabled: false +Capybara/SpecificActions: + Enabled: false +Capybara/SpecificFinders: + Enabled: false +Capybara/SpecificMatcher: + Enabled: false +Gemspec/DeprecatedAttributeAssignment: + Enabled: false +Gemspec/DevelopmentDependencies: + Enabled: false +Gemspec/RequireMFA: + Enabled: false +Layout/LineContinuationLeadingSpace: + Enabled: false +Layout/LineContinuationSpacing: + Enabled: false +Layout/LineEndStringConcatenationIndentation: + Enabled: false +Layout/SpaceBeforeBrackets: + Enabled: false +Lint/AmbiguousAssignment: + Enabled: false +Lint/AmbiguousOperatorPrecedence: + Enabled: false +Lint/AmbiguousRange: + Enabled: false +Lint/ConstantOverwrittenInRescue: + Enabled: false +Lint/DeprecatedConstants: + Enabled: false +Lint/DuplicateBranch: + Enabled: false +Lint/DuplicateMagicComment: + Enabled: false +Lint/DuplicateRegexpCharacterClassElement: + Enabled: false +Lint/EmptyBlock: + Enabled: false +Lint/EmptyClass: + Enabled: false +Lint/EmptyInPattern: + Enabled: false +Lint/IncompatibleIoSelectWithFiberScheduler: + Enabled: false +Lint/LambdaWithoutLiteralBlock: + Enabled: false +Lint/NoReturnInBeginEndBlocks: + Enabled: false +Lint/NonAtomicFileOperation: + Enabled: false +Lint/NumberedParameterAssignment: + Enabled: false +Lint/OrAssignmentToConstant: + Enabled: false +Lint/RedundantDirGlobSort: + Enabled: false +Lint/RefinementImportMethods: + Enabled: false +Lint/RequireRangeParentheses: + Enabled: false +Lint/RequireRelativeSelfPath: + Enabled: false +Lint/SymbolConversion: + Enabled: false +Lint/ToEnumArguments: + Enabled: false +Lint/TripleQuotes: + Enabled: false +Lint/UnexpectedBlockArity: + Enabled: false +Lint/UnmodifiedReduceAccumulator: + Enabled: false +Lint/UselessRescue: + Enabled: false +Lint/UselessRuby2Keywords: + Enabled: false +Metrics/CollectionLiteralLength: + Enabled: false +Naming/BlockForwarding: + Enabled: false +Performance/CollectionLiteralInLoop: + Enabled: false +Performance/ConcurrentMonotonicTime: + Enabled: false +Performance/MapCompact: + Enabled: false +Performance/RedundantEqualityComparisonBlock: + Enabled: false +Performance/RedundantSplitRegexpArgument: + Enabled: false +Performance/StringIdentifierArgument: + Enabled: false +RSpec/BeEq: + Enabled: false +RSpec/BeNil: + Enabled: false +RSpec/ChangeByZero: + Enabled: false +RSpec/ClassCheck: + Enabled: false +RSpec/DuplicatedMetadata: + Enabled: false +RSpec/ExcessiveDocstringSpacing: + Enabled: false +RSpec/FactoryBot/ConsistentParenthesesStyle: + Enabled: false +RSpec/FactoryBot/FactoryNameStyle: + Enabled: false +RSpec/FactoryBot/SyntaxMethods: + Enabled: false +RSpec/IdenticalEqualityAssertion: + Enabled: false +RSpec/NoExpectationExample: + Enabled: false +RSpec/PendingWithoutReason: + Enabled: false +RSpec/Rails/AvoidSetupHook: + Enabled: false +RSpec/Rails/HaveHttpStatus: + Enabled: false +RSpec/Rails/InferredSpecType: + Enabled: false +RSpec/Rails/MinitestAssertions: + Enabled: false +RSpec/Rails/TravelAround: + Enabled: false +RSpec/RedundantAround: + Enabled: false +RSpec/SkipBlockInsideExample: + Enabled: false +RSpec/SortMetadata: + Enabled: false +RSpec/SubjectDeclaration: + Enabled: false +RSpec/VerifiedDoubleReference: + Enabled: false +Security/CompoundHash: + Enabled: false +Security/IoMethods: + Enabled: false +Style/ArgumentsForwarding: + Enabled: false +Style/ArrayIntersect: + Enabled: false +Style/CollectionCompact: + Enabled: false +Style/ComparableClamp: + Enabled: false +Style/ConcatArrayLiterals: + Enabled: false +Style/DirEmpty: + Enabled: false +Style/DocumentDynamicEvalDefinition: + Enabled: false +Style/EmptyHeredoc: + Enabled: false +Style/EndlessMethod: + Enabled: false +Style/EnvHome: + Enabled: false +Style/FetchEnvVar: + Enabled: false +Style/FileEmpty: + Enabled: false +Style/FileRead: + Enabled: false +Style/FileWrite: + Enabled: false +Style/HashConversion: + Enabled: false +Style/HashExcept: + Enabled: false +Style/IfWithBooleanLiteralBranches: + Enabled: false +Style/InPatternThen: + Enabled: false +Style/MagicCommentFormat: + Enabled: false +Style/MapCompactWithConditionalBlock: + Enabled: false +Style/MapToHash: + Enabled: false +Style/MapToSet: + Enabled: false +Style/MinMaxComparison: + Enabled: false +Style/MultilineInPatternThen: + Enabled: false +Style/NegatedIfElseCondition: + Enabled: false +Style/NestedFileDirname: + Enabled: false +Style/NilLambda: + Enabled: false +Style/NumberedParameters: + Enabled: false +Style/NumberedParametersLimit: + Enabled: false +Style/ObjectThen: + Enabled: false +Style/OpenStructUse: + Enabled: false +Style/OperatorMethodCall: + Enabled: false +Style/QuotedSymbols: + Enabled: false +Style/RedundantArgument: + Enabled: false +Style/RedundantConstantBase: + Enabled: false +Style/RedundantDoubleSplatHashBraces: + Enabled: false +Style/RedundantEach: + Enabled: false +Style/RedundantHeredocDelimiterQuotes: + Enabled: false +Style/RedundantInitialize: + Enabled: false +Style/RedundantSelfAssignmentBranch: + Enabled: false +Style/RedundantStringEscape: + Enabled: false +Style/SelectByRegexp: + Enabled: false +Style/StringChars: + Enabled: false +Style/SwapValues: + Enabled: false diff --git a/.sync.yml b/.sync.yml index c6ff6c37..9e6bb0f4 100644 --- a/.sync.yml +++ b/.sync.yml @@ -1,14 +1,19 @@ -Gemfile: - required: - ':system_tests': - - gem: 'puppet-module-posix-system-r#{minor_version}' - platforms: ruby - - gem: 'puppet-module-win-system-r#{minor_version}' - platforms: - - mswin - - mingw - - x64_mingw - - gem: 'nokogiri' - platforms: ruby - - gem: 'serverspec' - platforms: ruby +--- +.rubocop.yml: + default_configs: + AllCops: + NewCops: enable +.pdkignore: + paths: + - /.*.yml + - /pdk.yaml + - /.pmtignore + - /.git* + - /.editorconfig + - /provision.yaml +Rakefile: + default_disabled_lint_checks: + - '140chars' +spec/spec_helper.rb: + coverage_report: true + minimum_code_coverage_percentage: 100 diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index 0aaaef2b..00000000 --- a/.travis.yml +++ /dev/null @@ -1,53 +0,0 @@ ---- -os: linux -dist: xenial -language: ruby -cache: bundler -before_install: - - bundle -v - - rm -f Gemfile.lock - - "# Update system gems if requested. This is useful to temporarily workaround troubles in the test runner" - - "# See https://github.com/puppetlabs/pdk-templates/commit/705154d5c437796b821691b707156e1b056d244f for an example of how this was used" - - "# Ignore exit code of SIGPIPE'd yes to not fail with shell's pipefail set" - - '[ -z "$RUBYGEMS_VERSION" ] || (yes || true) | gem update --system $RUBYGEMS_VERSION' - - gem --version - - bundle -v -script: - - 'bundle exec rake $CHECK' -bundler_args: --without system_tests -rvm: - - 2.5.7 -stages: - - static - - spec - - acceptance - - - if: tag =~ ^v\d - name: deploy -jobs: - fast_finish: true - include: - - - env: CHECK="check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop syntax lint metadata_lint" - stage: static - - - env: PUPPET_GEM_VERSION="~> 5.0" CHECK=parallel_spec - rvm: 2.4.5 - stage: spec - - - env: PUPPET_GEM_VERSION="~> 6.0" CHECK=parallel_spec - rvm: 2.5.7 - stage: spec - - - env: PUPPET_GEM_VERSION="~> 7.0" CHECK=parallel_spec - rvm: 2.7.2 - stage: spec - - - env: DEPLOY_TO_FORGE=yes - stage: deploy -branches: - only: - - master - - /^v\d/ -notifications: - email: false diff --git a/Gemfile b/Gemfile index 0d3a975d..ca0e773e 100644 --- a/Gemfile +++ b/Gemfile @@ -13,27 +13,37 @@ def location_for(place_or_version, fake_version = nil) end end -ruby_version_segments = Gem::Version.new(RUBY_VERSION.dup).segments -minor_version = ruby_version_segments[0..1].join('.') - group :development do - gem "fast_gettext", '1.1.0', require: false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.1.0') - gem "fast_gettext", require: false if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.1.0') - gem "json_pure", '<= 2.0.1', require: false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.0.0') - gem "json", '= 1.8.1', require: false if Gem::Version.new(RUBY_VERSION.dup) == Gem::Version.new('2.1.9') - gem "json", '= 2.0.4', require: false if Gem::Requirement.create('~> 2.4.2').satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) - gem "json", '= 2.1.0', require: false if Gem::Requirement.create(['>= 2.5.0', '< 2.7.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) - gem "rb-readline", '= 0.5.5', require: false, platforms: [:mswin, :mingw, :x64_mingw] - gem "puppet-module-posix-default-r#{minor_version}", '~> 0.4', require: false, platforms: [:ruby] - gem "puppet-module-posix-dev-r#{minor_version}", '~> 0.4', require: false, platforms: [:ruby] - gem "puppet-module-win-default-r#{minor_version}", '~> 0.4', require: false, platforms: [:mswin, :mingw, :x64_mingw] - gem "puppet-module-win-dev-r#{minor_version}", '~> 0.4', require: false, platforms: [:mswin, :mingw, :x64_mingw] + gem "json", '= 2.1.0', require: false if Gem::Requirement.create(['>= 2.5.0', '< 2.7.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) + gem "json", '= 2.3.0', require: false if Gem::Requirement.create(['>= 2.7.0', '< 3.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) + gem "json", '= 2.5.1', require: false if Gem::Requirement.create(['>= 3.0.0', '< 3.0.5']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) + gem "json", '= 2.6.1', require: false if Gem::Requirement.create(['>= 3.1.0', '< 3.1.3']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) + gem "json", '= 2.6.3', require: false if Gem::Requirement.create(['>= 3.2.0', '< 4.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) + gem "racc", '~> 1.4.0', require: false if Gem::Requirement.create(['>= 2.7.0', '< 3.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) + gem "voxpupuli-puppet-lint-plugins", '~> 5.0', require: false + gem "facterdb", '~> 1.18', require: false + gem "metadata-json-lint", '~> 3.0', require: false + gem "puppetlabs_spec_helper", '~> 6.0', require: false + gem "rspec-puppet-facts", '~> 2.0', require: false + gem "codecov", '~> 0.2', require: false + gem "dependency_checker", '~> 1.0.0', require: false + gem "parallel_tests", '= 3.12.1', require: false + gem "pry", '~> 0.10', require: false + gem "simplecov-console", '~> 0.5', require: false + gem "puppet-debugger", '~> 1.0', require: false + gem "rubocop", '= 1.48.1', require: false + gem "rubocop-performance", '= 1.16.0', require: false + gem "rubocop-rspec", '= 2.19.0', require: false + gem "puppet-strings", '~> 4.0', require: false + gem "rb-readline", '= 0.5.5', require: false, platforms: [:mswin, :mingw, :x64_mingw] end group :system_tests do - gem "puppet-module-posix-system-r#{minor_version}", '~> 0.5', require: false, platforms: [:ruby] - gem "puppet-module-win-system-r#{minor_version}", '~> 0.5', require: false, platforms: [:mswin, :mingw, :x64_mingw] - gem "nokogiri", require: false, platforms: [:ruby] - gem "serverspec", require: false, platforms: [:ruby] + gem "puppet_litmus", '~> 1.0', require: false, platforms: [:ruby, :x64_mingw] + gem "serverspec", '~> 2.41', require: false +end +group :release_prep do + gem "puppet-strings", '~> 4.0', require: false + gem "puppetlabs_spec_helper", '~> 6.0', require: false end puppet_version = ENV['PUPPET_GEM_VERSION'] @@ -50,16 +60,6 @@ gems['puppet'] = location_for(puppet_version) gems['facter'] = location_for(facter_version) if facter_version gems['hiera'] = location_for(hiera_version) if hiera_version -if Gem.win_platform? && puppet_version =~ %r{^(file:///|git://)} - # If we're using a Puppet gem on Windows which handles its own win32-xxx gem - # dependencies (>= 3.5.0), set the maximum versions (see PUP-6445). - gems['win32-dir'] = ['<= 0.4.9', require: false] - gems['win32-eventlog'] = ['<= 0.6.5', require: false] - gems['win32-process'] = ['<= 0.7.5', require: false] - gems['win32-security'] = ['<= 0.2.5', require: false] - gems['win32-service'] = ['0.8.8', require: false] -end - gems.each do |gem_name, gem_params| gem gem_name, *gem_params end diff --git a/Rakefile b/Rakefile index cb7ed0cc..97ecdb6b 100644 --- a/Rakefile +++ b/Rakefile @@ -1,11 +1,11 @@ # frozen_string_literal: true -require 'puppet_litmus/rake_tasks' if Bundler.rubygems.find_name('puppet_litmus').any? +require 'bundler' +require 'puppet_litmus/rake_tasks' if Gem.loaded_specs.key? 'puppet_litmus' require 'puppetlabs_spec_helper/rake_tasks' require 'puppet-syntax/tasks/puppet-syntax' -require 'puppet_blacksmith/rake_tasks' if Bundler.rubygems.find_name('puppet-blacksmith').any? -require 'github_changelog_generator/task' if Bundler.rubygems.find_name('github_changelog_generator').any? -require 'puppet-strings/tasks' if Bundler.rubygems.find_name('puppet-strings').any? +require 'github_changelog_generator/task' if Gem.loaded_specs.key? 'github_changelog_generator' +require 'puppet-strings/tasks' if Gem.loaded_specs.key? 'puppet-strings' def changelog_user return unless Rake.application.top_level_tasks.include? "changelog" @@ -41,8 +41,10 @@ def changelog_future_release end PuppetLint.configuration.send('disable_relative') +PuppetLint.configuration.send('disable_140chars') -if Bundler.rubygems.find_name('github_changelog_generator').any? + +if Gem.loaded_specs.key? 'github_changelog_generator' GitHubChangelogGenerator::RakeTask.new :changelog do |config| raise "Set CHANGELOG_GITHUB_TOKEN environment variable eg 'export CHANGELOG_GITHUB_TOKEN=valid_token_here'" if Rake.application.top_level_tasks.include? "changelog" and ENV['CHANGELOG_GITHUB_TOKEN'].nil? config.user = "#{changelog_user}" @@ -52,7 +54,7 @@ if Bundler.rubygems.find_name('github_changelog_generator').any? config.header = "# Change log\n\nAll notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org)." config.add_pr_wo_labels = true config.issues = false - config.merge_prefix = "### UNCATEGORIZED PRS; GO LABEL THEM" + config.merge_prefix = "### UNCATEGORIZED PRS; LABEL THEM ON GITHUB" config.configure_sections = { "Changed" => { "prefix" => "### Changed", @@ -60,11 +62,11 @@ if Bundler.rubygems.find_name('github_changelog_generator').any? }, "Added" => { "prefix" => "### Added", - "labels" => ["feature", "enhancement"], + "labels" => ["enhancement", "feature"], }, "Fixed" => { "prefix" => "### Fixed", - "labels" => ["bugfix"], + "labels" => ["bug", "documentation", "bugfix"], }, } end @@ -72,16 +74,15 @@ else desc 'Generate a Changelog from GitHub' task :changelog do raise <= Gem::Version.new('2.2.2')" + version: '~> 1.15' + condition: "Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.3.0')" EOM end end diff --git a/metadata.json b/metadata.json index 7e8163d9..74f87905 100644 --- a/metadata.json +++ b/metadata.json @@ -75,7 +75,7 @@ } ], "description": "Module for installing/configuring PuppetDB", - "pdk-version": "1.18.0", - "template-url": "https://github.com/puppetlabs/pdk-templates#1.18.0", - "template-ref": "tags/1.18.0-0-g095317c" + "pdk-version": "3.0.1", + "template-url": "https://github.com/puppetlabs/pdk-templates#3.0.1", + "template-ref": "tags/3.0.1-0-gd13288a" } diff --git a/pdk.yaml b/pdk.yaml new file mode 100644 index 00000000..4bef4bd0 --- /dev/null +++ b/pdk.yaml @@ -0,0 +1,2 @@ +--- +ignore: [] diff --git a/spec/default_facts.yml b/spec/default_facts.yml index f777abfc..3346c394 100644 --- a/spec/default_facts.yml +++ b/spec/default_facts.yml @@ -2,7 +2,8 @@ # # Facts specified here will override the values provided by rspec-puppet-facts. --- -ipaddress: "172.16.254.254" -ipaddress6: "FE80:0000:0000:0000:AAAA:AAAA:AAAA" +networking: + ip: "172.16.254.254" + ip6: "FE80:0000:0000:0000:AAAA:AAAA:AAAA" + mac: "AA:AA:AA:AA:AA:AA" is_pe: false -macaddress: "AA:AA:AA:AA:AA:AA" diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index d3778cac..61df2940 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -1,5 +1,9 @@ # frozen_string_literal: true +RSpec.configure do |c| + c.mock_with :rspec +end + require 'puppetlabs_spec_helper/module_spec_helper' require 'rspec-puppet-facts' @@ -21,8 +25,8 @@ next unless File.exist?(f) && File.readable?(f) && File.size?(f) begin - default_facts.merge!(YAML.safe_load(File.read(f), [], [], true)) - rescue => e + default_facts.merge!(YAML.safe_load(File.read(f), permitted_classes: [], permitted_symbols: [], aliases: true)) + rescue StandardError => e RSpec.configuration.reporter.message "WARNING: Unable to load #{f}: #{e}" end end @@ -42,6 +46,19 @@ end c.filter_run_excluding(bolt: true) unless ENV['GEM_BOLT'] c.after(:suite) do + RSpec::Puppet::Coverage.report!(100) + end + + # Filter backtrace noise + backtrace_exclusion_patterns = [ + %r{spec_helper}, + %r{gems}, + ] + + if c.respond_to?(:backtrace_exclusion_patterns) + c.backtrace_exclusion_patterns = backtrace_exclusion_patterns + elsif c.respond_to?(:backtrace_clean_patterns) + c.backtrace_clean_patterns = backtrace_exclusion_patterns end end From 2539434c1e7549eaa789f3bf40a552aa07efefd3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Romain=20Tarti=C3=A8re?= Date: Sun, 8 Oct 2023 10:18:34 -1000 Subject: [PATCH 06/97] disable out-of-scope puppet-lint checks For now we want to have running CI. We do not care about the module being fully documented. --- .puppet-lint.rc | 3 +++ .sync.yml | 5 ++++- Rakefile | 3 +++ 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/.puppet-lint.rc b/.puppet-lint.rc index a79ce0f2..b4372aaf 100644 --- a/.puppet-lint.rc +++ b/.puppet-lint.rc @@ -1,2 +1,5 @@ --relative +--no-parameter_types-check +--no-parameter_documentation-check +--no-documentation-check --no-140chars-check diff --git a/.sync.yml b/.sync.yml index 9e6bb0f4..a2cffa38 100644 --- a/.sync.yml +++ b/.sync.yml @@ -13,7 +13,10 @@ - /provision.yaml Rakefile: default_disabled_lint_checks: - - '140chars' + - parameter_types + - parameter_documentation + - documentation + - 140chars spec/spec_helper.rb: coverage_report: true minimum_code_coverage_percentage: 100 diff --git a/Rakefile b/Rakefile index 97ecdb6b..1763bb6a 100644 --- a/Rakefile +++ b/Rakefile @@ -41,6 +41,9 @@ def changelog_future_release end PuppetLint.configuration.send('disable_relative') +PuppetLint.configuration.send('disable_parameter_types') +PuppetLint.configuration.send('disable_parameter_documentation') +PuppetLint.configuration.send('disable_documentation') PuppetLint.configuration.send('disable_140chars') From 3da561a72c13dc9e3ad1470e7752838ea510d7aa Mon Sep 17 00:00:00 2001 From: Jeffrey Clark Date: Tue, 19 Dec 2023 12:20:20 -0600 Subject: [PATCH 07/97] address pdk validation warnings --- lib/puppet/util/puppetdb_validator.rb | 2 +- manifests/database/default_read_grant.pp | 8 ++++---- manifests/database/postgresql.pp | 14 ++++++-------- manifests/database/postgresql_ssl_rules.pp | 4 ++-- manifests/database/ssl_configuration.pp | 8 ++++---- manifests/globals.pp | 4 +--- manifests/init.pp | 16 ++++++++-------- manifests/master/config.pp | 7 ++----- manifests/master/puppetdb_conf.pp | 3 +-- manifests/master/report_processor.pp | 1 - manifests/master/routes.pp | 9 ++++----- manifests/master/storeconfigs.pp | 1 - manifests/params.pp | 2 +- manifests/server.pp | 21 ++++++++++----------- manifests/server/command_processing.pp | 1 - manifests/server/database.pp | 8 ++------ manifests/server/global.pp | 1 - manifests/server/jetty.pp | 3 --- manifests/server/puppetdb.pp | 3 +-- manifests/server/read_database.pp | 14 ++++++-------- manifests/server/validate_db.pp | 1 - manifests/server/validate_read_db.pp | 1 - spec/acceptance/basic_spec.rb | 2 +- spec/spec_helper_acceptance.rb | 12 ++++++------ 24 files changed, 60 insertions(+), 86 deletions(-) diff --git a/lib/puppet/util/puppetdb_validator.rb b/lib/puppet/util/puppetdb_validator.rb index 8cd360d0..5cb966b7 100644 --- a/lib/puppet/util/puppetdb_validator.rb +++ b/lib/puppet/util/puppetdb_validator.rb @@ -63,6 +63,6 @@ def attempt_connection end rescue StandardError => e log_error(e.message) - return false + false end end diff --git a/manifests/database/default_read_grant.pp b/manifests/database/default_read_grant.pp index 80d798b1..fea87f96 100644 --- a/manifests/database/default_read_grant.pp +++ b/manifests/database/default_read_grant.pp @@ -1,12 +1,12 @@ # Private class. Grant read permissions to $database_read_only_username by default, for new tables created by # $database_username. -define puppetdb::database::default_read_grant( +define puppetdb::database::default_read_grant ( String $database_name, String $schema, String $database_username, String $database_read_only_username, ) { - postgresql_psql {"grant default select permission for ${database_read_only_username}": + postgresql_psql { "grant default select permission for ${database_read_only_username}": db => $database_name, command => "ALTER DEFAULT PRIVILEGES FOR USER \"${database_username}\" @@ -23,7 +23,7 @@ AND nspname = '${schema}'", } - postgresql_psql {"grant default usage permission for ${database_read_only_username}": + postgresql_psql { "grant default usage permission for ${database_read_only_username}": db => $database_name, command => "ALTER DEFAULT PRIVILEGES FOR USER \"${database_username}\" @@ -40,7 +40,7 @@ AND nspname = '${schema}'", } - postgresql_psql {"grant default execute permission for ${database_read_only_username}": + postgresql_psql { "grant default execute permission for ${database_read_only_username}": db => $database_name, command => "ALTER DEFAULT PRIVILEGES FOR USER \"${database_username}\" diff --git a/manifests/database/postgresql.pp b/manifests/database/postgresql.pp index 62da6464..00f8c42b 100644 --- a/manifests/database/postgresql.pp +++ b/manifests/database/postgresql.pp @@ -19,14 +19,13 @@ $read_database_password = $puppetdb::params::read_database_password, $read_database_host = $puppetdb::params::read_database_host ) inherits puppetdb::params { - if $manage_server { - class { '::postgresql::globals': + class { 'postgresql::globals': manage_package_repo => $manage_package_repo, version => $postgres_version, } # get the pg server up and running - class { '::postgresql::server': + class { 'postgresql::server': ip_mask_allow_all_users => '0.0.0.0/0', listen_addresses => $listen_addresses, port => scanf($database_port, '%i')[0], @@ -35,7 +34,7 @@ # We need to create the ssl connection for the read user, when # manage_database is set to true, or when read_database_host is defined. # Otherwise we don't create it. - if $manage_database or $read_database_host != undef{ + if $manage_database or $read_database_host != undef { $create_read_user_rule = true } else { $create_read_user_rule = false @@ -52,15 +51,14 @@ postgresql_ssl_key_path => $postgresql_ssl_key_path, postgresql_ssl_cert_path => $postgresql_ssl_cert_path, postgresql_ssl_ca_cert_path => $postgresql_ssl_ca_cert_path, - create_read_user_rule => $create_read_user_rule + create_read_user_rule => $create_read_user_rule, } } # Only install pg_trgm extension, if database it is actually managed by the module if $manage_database { - # get the pg contrib to use pg_trgm extension - class { '::postgresql::server::contrib': } + class { 'postgresql::server::contrib': } postgresql::server::extension { 'pg_trgm': database => $database_name, @@ -97,7 +95,7 @@ read_database_username => $read_database_username, database_name => $database_name, password_hash => postgresql::postgresql_password($read_database_username, $read_database_password), - database_owner => $database_username + database_owner => $database_username, } -> postgresql_psql { "grant ${read_database_username} role to ${database_username}": diff --git a/manifests/database/postgresql_ssl_rules.pp b/manifests/database/postgresql_ssl_rules.pp index 56b48395..a217d612 100644 --- a/manifests/database/postgresql_ssl_rules.pp +++ b/manifests/database/postgresql_ssl_rules.pp @@ -13,7 +13,7 @@ address => '0.0.0.0/0', auth_method => 'cert', order => 0, - auth_option => "map=${identity_map_key} clientcert=1" + auth_option => "map=${identity_map_key} clientcert=1", } postgresql::server::pg_hba_rule { "Allow certificate mapped connections to ${database_name} as ${database_username} (ipv6)": @@ -23,7 +23,7 @@ address => '::0/0', auth_method => 'cert', order => 0, - auth_option => "map=${identity_map_key} clientcert=1" + auth_option => "map=${identity_map_key} clientcert=1", } postgresql::server::pg_ident_rule { "Map the SSL certificate of the server as a ${database_username} user": diff --git a/manifests/database/ssl_configuration.pp b/manifests/database/ssl_configuration.pp index 0d2473c6..a5c085e5 100644 --- a/manifests/database/ssl_configuration.pp +++ b/manifests/database/ssl_configuration.pp @@ -31,25 +31,25 @@ postgresql::server::config_entry { 'ssl': ensure => present, value => 'on', - require => [File['postgres private key'], File['postgres public key']] + require => [File['postgres private key'], File['postgres public key']], } postgresql::server::config_entry { 'ssl_cert_file': ensure => present, value => "${postgresql::server::datadir}/server.crt", - require => [File['postgres private key'], File['postgres public key']] + require => [File['postgres private key'], File['postgres public key']], } postgresql::server::config_entry { 'ssl_key_file': ensure => present, value => "${postgresql::server::datadir}/server.key", - require => [File['postgres private key'], File['postgres public key']] + require => [File['postgres private key'], File['postgres public key']], } postgresql::server::config_entry { 'ssl_ca_file': ensure => present, value => $postgresql_ssl_ca_cert_path, - require => [File['postgres private key'], File['postgres public key']] + require => [File['postgres private key'], File['postgres public key']], } puppetdb::database::postgresql_ssl_rules { "Configure postgresql ssl rules for ${database_username}": diff --git a/manifests/globals.pp b/manifests/globals.pp index d28304a8..f703db60 100644 --- a/manifests/globals.pp +++ b/manifests/globals.pp @@ -3,10 +3,8 @@ $version = 'present', $database = 'postgres', Stdlib::Absolutepath $puppet_confdir = $settings::confdir, - ) { - +) { if !(fact('os.family') in ['RedHat', 'Suse', 'Archlinux', 'Debian', 'OpenBSD', 'FreeBSD']) { fail("${module_name} does not support your osfamily ${fact('os.family')}") } - } diff --git a/manifests/init.pp b/manifests/init.pp index c999441d..5160ed6b 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -91,8 +91,7 @@ Integer[1] $dlo_max_age = $puppetdb::params::dlo_max_age, Optional[Stdlib::Absolutepath] $java_bin = $puppetdb::params::java_bin, ) inherits puppetdb::params { - - class { '::puppetdb::server': + class { 'puppetdb::server': listen_address => $listen_address, listen_port => $listen_port, disable_cleartext => $disable_cleartext, @@ -176,14 +175,15 @@ } if ($database == 'postgres') { - $database_before = str2bool($database_validate) ? { - false => Class['::puppetdb::server'], - default => [Class['::puppetdb::server'], - Class['::puppetdb::server::validate_db']], + false => Class['puppetdb::server'], + default => [ + Class['puppetdb::server'], + Class['puppetdb::server::validate_db'] + ], } - class { '::puppetdb::database::postgresql': + class { 'puppetdb::database::postgresql': listen_addresses => $database_listen_address, database_name => $database_name, puppetdb_server => $puppetdb_server, @@ -201,7 +201,7 @@ read_database_username => $read_database_username, read_database_password => $read_database_password, read_database_host => $read_database_host, - before => $database_before + before => $database_before, } } } diff --git a/manifests/master/config.pp b/manifests/master/config.pp index 7463ed3e..eb9fb1d9 100644 --- a/manifests/master/config.pp +++ b/manifests/master/config.pp @@ -2,14 +2,14 @@ class puppetdb::master::config ( $puppetdb_server = fact('networking.fqdn'), $puppetdb_port = defined(Class['puppetdb']) ? { - true => $::puppetdb::disable_ssl ? { + true => $puppetdb::disable_ssl ? { true => 8080, default => 8081, }, default => 8081, }, $puppetdb_disable_ssl = defined(Class['puppetdb']) ? { - true => $::puppetdb::disable_ssl, + true => $puppetdb::disable_ssl, default => false, }, $masterless = $puppetdb::params::masterless, @@ -30,7 +30,6 @@ $test_url = $puppetdb::params::test_url, $restart_puppet = true, ) inherits puppetdb::params { - # **WARNING**: Ugly hack to work around a yum bug with metadata parsing. This # should not be copied, replicated or even looked at. In short, never rename # your packages... @@ -66,7 +65,6 @@ } if ($strict_validation) { - # Validate the puppetdb connection. If we can't connect to puppetdb then we # *must* not perform the other configuration steps, or else @@ -192,5 +190,4 @@ Class['puppetdb::master::report_processor'] ~> Service[$puppet_service_name] } } - } diff --git a/manifests/master/puppetdb_conf.pp b/manifests/master/puppetdb_conf.pp index a3dd72fc..3cf8d706 100644 --- a/manifests/master/puppetdb_conf.pp +++ b/manifests/master/puppetdb_conf.pp @@ -12,8 +12,7 @@ /(puppetdb-terminus)/ => true, default => false, }, - ) inherits puppetdb::params { - +) inherits puppetdb::params { Ini_setting { ensure => present, section => 'main', diff --git a/manifests/master/report_processor.pp b/manifests/master/report_processor.pp index f97130bd..4002d596 100644 --- a/manifests/master/report_processor.pp +++ b/manifests/master/report_processor.pp @@ -5,7 +5,6 @@ $masterless = $puppetdb::params::masterless, $enable = false ) inherits puppetdb::params { - if $masterless { $puppet_conf_section = 'main' } else { diff --git a/manifests/master/routes.pp b/manifests/master/routes.pp index fcdda80a..87435b06 100644 --- a/manifests/master/routes.pp +++ b/manifests/master/routes.pp @@ -5,7 +5,6 @@ $masterless = $puppetdb::params::masterless, $routes = undef, ) inherits puppetdb::params { - if $masterless { $routes_real = { 'apply' => { @@ -16,8 +15,8 @@ 'facts' => { 'terminus' => 'facter', 'cache' => 'puppetdb_apply', - } - } + }, + }, } } elsif $routes { $routes_real = $routes @@ -32,8 +31,8 @@ 'facts' => { 'terminus' => 'puppetdb', 'cache' => $default_fact_cache, - } - } + }, + }, } } diff --git a/manifests/master/storeconfigs.pp b/manifests/master/storeconfigs.pp index cb46cc09..a547e517 100644 --- a/manifests/master/storeconfigs.pp +++ b/manifests/master/storeconfigs.pp @@ -5,7 +5,6 @@ $masterless = $puppetdb::params::masterless, $enable = true, ) inherits puppetdb::params { - if $masterless { $puppet_conf_section = 'main' } else { diff --git a/manifests/params.pp b/manifests/params.pp index a57afa7f..f813596e 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -208,7 +208,7 @@ $certificate_whitelist_file = "${etcdir}/certificate-whitelist" # the default is free access for now - $certificate_whitelist = [ ] + $certificate_whitelist = [] # change to this to only allow access by the puppet master by default: #$certificate_whitelist = [ $::servername ] diff --git a/manifests/server.pp b/manifests/server.pp index b9def8af..6ec90c88 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -81,7 +81,6 @@ Integer[1] $dlo_max_age = $puppetdb::params::dlo_max_age, Optional[Stdlib::Absolutepath] $java_bin = $puppetdb::params::java_bin, ) inherits puppetdb::params { - # Apply necessary suffix if zero is specified. # Can we drop this in the next major release? if $node_ttl == '0' { @@ -263,21 +262,21 @@ if $postgresql_ssl_on { exec { $ssl_key_pk8_path: - path => [ '/opt/puppetlabs/puppet/bin', $facts['path'] ], + path => ['/opt/puppetlabs/puppet/bin', $facts['path']], command => "openssl pkcs8 -topk8 -inform PEM -outform DER -in ${ssl_key_path} -out ${ssl_key_pk8_path} -nocrypt", # Generate a .pk8 key if one doesn't exist or is older than the .pem input. # NOTE: bash file time checks, like -ot, can't always discern sub-second # differences. onlyif => "test ! -e '${ssl_key_pk8_path}' -o '${ssl_key_pk8_path}' -ot '${ssl_key_path}'", - before => File[$ssl_key_pk8_path] + before => File[$ssl_key_pk8_path], } file { $ssl_key_pk8_path: - ensure => present, + ensure => file, owner => $puppetdb_user, group => $puppetdb_group, mode => '0600', - notify => Service[$puppetdb_service] + notify => Service[$puppetdb_service], } } @@ -324,7 +323,7 @@ setting => 'JAVA_ARGS', require => Package[$puppetdb_package], notify => Service[$puppetdb_service], - })) + })) } else { ini_setting { 'java_args': ensure => present, @@ -357,14 +356,14 @@ # https://puppet.com/docs/puppetdb/5.2/maintain_and_tune.html#clean-up-the-dead-letter-office systemd::unit_file { 'puppetdb-dlo-cleanup.service': content => epp("${module_name}/puppetdb-DLO-cleanup.service.epp", { - 'puppetdb_user' => $puppetdb_user, - 'puppetdb_group' => $puppetdb_group, - 'vardir' => $vardir, - 'dlo_max_age' => $dlo_max_age + 'puppetdb_user' => $puppetdb_user, + 'puppetdb_group' => $puppetdb_group, + 'vardir' => $vardir, + 'dlo_max_age' => $dlo_max_age }), } -> systemd::unit_file { 'puppetdb-dlo-cleanup.timer': - content => epp("${module_name}/puppetdb-DLO-cleanup.timer.epp", {'cleanup_timer_interval' => $cleanup_timer_interval }), + content => epp("${module_name}/puppetdb-DLO-cleanup.timer.epp", { 'cleanup_timer_interval' => $cleanup_timer_interval }), enable => true, active => true, } diff --git a/manifests/server/command_processing.pp b/manifests/server/command_processing.pp index 6d05e562..7a3cd2a3 100644 --- a/manifests/server/command_processing.pp +++ b/manifests/server/command_processing.pp @@ -6,7 +6,6 @@ $temp_usage = $puppetdb::params::temp_usage, $confdir = $puppetdb::params::confdir, ) inherits puppetdb::params { - $config_ini = "${confdir}/config.ini" # Set the defaults diff --git a/manifests/server/database.pp b/manifests/server/database.pp index 12dff9ff..d541a1e4 100644 --- a/manifests/server/database.pp +++ b/manifests/server/database.pp @@ -30,7 +30,6 @@ $ssl_key_pk8_path = $puppetdb::params::ssl_key_pk8_path, $ssl_ca_cert_path = $puppetdb::params::ssl_ca_cert_path ) inherits puppetdb::params { - if str2bool($database_validate) { # Validate the database connection. If we can't connect, we want to fail # and skip the rest of the configuration, so that we don't leave puppetdb @@ -69,15 +68,13 @@ path => $database_ini, ensure => present, section => 'database', - require => $ini_setting_require + require => $ini_setting_require, } if $database == 'embedded' { - $classname = 'org.hsqldb.jdbcDriver' $subprotocol = 'hsqldb' $subname = "file:${database_embedded_path};hsqldb.tx=mvcc;sql.syntax_pgs=true" - } elsif $database == 'postgres' { $classname = 'org.postgresql.Driver' $subprotocol = 'postgresql' @@ -91,8 +88,7 @@ $subname_default = "//${database_host}:${database_port}/${database_name}${database_suffix}" - if $postgresql_ssl_on and !empty($jdbc_ssl_properties) - { + if $postgresql_ssl_on and !empty($jdbc_ssl_properties) { fail("Variables 'postgresql_ssl_on' and 'jdbc_ssl_properties' can not be used at the same time!") } diff --git a/manifests/server/global.pp b/manifests/server/global.pp index f03f281f..874601a8 100644 --- a/manifests/server/global.pp +++ b/manifests/server/global.pp @@ -4,7 +4,6 @@ $confdir = $puppetdb::params::confdir, $puppetdb_group = $puppetdb::params::puppetdb_group, ) inherits puppetdb::params { - $config_ini = "${confdir}/config.ini" file { $config_ini: diff --git a/manifests/server/jetty.pp b/manifests/server/jetty.pp index ea050faf..bb155ec3 100644 --- a/manifests/server/jetty.pp +++ b/manifests/server/jetty.pp @@ -17,7 +17,6 @@ $puppetdb_user = $puppetdb::params::puppetdb_user, $puppetdb_group = $puppetdb::params::puppetdb_group, ) inherits puppetdb::params { - $jetty_ini = "${confdir}/jetty.ini" file { $jetty_ini: @@ -70,7 +69,6 @@ } if $ssl_protocols { - ini_setting { 'puppetdb_sslprotocols': ensure => $ssl_setting_ensure, setting => 'ssl-protocols', @@ -79,7 +77,6 @@ } if $cipher_suites { - ini_setting { 'puppetdb_cipher-suites': ensure => $ssl_setting_ensure, setting => 'cipher-suites', diff --git a/manifests/server/puppetdb.pp b/manifests/server/puppetdb.pp index 54fa4d2d..b77e48a9 100644 --- a/manifests/server/puppetdb.pp +++ b/manifests/server/puppetdb.pp @@ -7,7 +7,6 @@ $puppetdb_user = $puppetdb::params::puppetdb_user, $puppetdb_group = $puppetdb::params::puppetdb_group, ) inherits puppetdb::params { - $puppetdb_ini = "${confdir}/puppetdb.ini" file { $puppetdb_ini: @@ -31,7 +30,7 @@ } # accept connections only from puppet master - ini_setting {'puppetdb-connections-from-master-only': + ini_setting { 'puppetdb-connections-from-master-only': ensure => $certificate_whitelist_setting_ensure, section => 'puppetdb', setting => 'certificate-whitelist', diff --git a/manifests/server/read_database.pp b/manifests/server/read_database.pp index 688a74fe..e3407b7d 100644 --- a/manifests/server/read_database.pp +++ b/manifests/server/read_database.pp @@ -22,7 +22,6 @@ $ssl_key_pk8_path = $puppetdb::params::ssl_key_pk8_path, $ssl_ca_cert_path = $puppetdb::params::ssl_ca_cert_path ) inherits puppetdb::params { - if $read_database_host != undef { if str2bool($database_validate) { # Validate the database connection. If we can't connect, we want to fail @@ -78,18 +77,17 @@ $subname_default = "//${read_database_host}:${read_database_port}/${read_database_name}${database_suffix}" - if $postgresql_ssl_on and !empty($jdbc_ssl_properties) - { + if $postgresql_ssl_on and !empty($jdbc_ssl_properties) { fail("Variables 'postgresql_ssl_on' and 'jdbc_ssl_properties' can not be used at the same time!") } if $postgresql_ssl_on { $subname = @("EOT"/L) - ${subname_default}?\ - ssl=true&sslfactory=org.postgresql.ssl.LibPQFactory&\ - sslmode=verify-full&sslrootcert=${ssl_ca_cert_path}&\ - sslkey=${ssl_key_pk8_path}&sslcert=${ssl_cert_path}\ - | EOT + ${subname_default}?\ + ssl=true&sslfactory=org.postgresql.ssl.LibPQFactory&\ + sslmode=verify-full&sslrootcert=${ssl_ca_cert_path}&\ + sslkey=${ssl_key_pk8_path}&sslcert=${ssl_cert_path}\ + | EOT } else { $subname = $subname_default } diff --git a/manifests/server/validate_db.pp b/manifests/server/validate_db.pp index cf2e5b41..faa06410 100644 --- a/manifests/server/validate_db.pp +++ b/manifests/server/validate_db.pp @@ -8,7 +8,6 @@ $database_name = $puppetdb::params::database_name, $jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties, ) inherits puppetdb::params { - # We don't need any validation for the embedded database, presumably. if ( $database == 'postgres' and diff --git a/manifests/server/validate_read_db.pp b/manifests/server/validate_read_db.pp index d857676d..bbf19986 100644 --- a/manifests/server/validate_read_db.pp +++ b/manifests/server/validate_read_db.pp @@ -8,7 +8,6 @@ $database_name = $puppetdb::params::database_name, $jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties, ) inherits puppetdb::params { - # Currently we only support postgres if ( $database == 'postgres' and diff --git a/spec/acceptance/basic_spec.rb b/spec/acceptance/basic_spec.rb index a17cb9c9..f50db3ec 100644 --- a/spec/acceptance/basic_spec.rb +++ b/spec/acceptance/basic_spec.rb @@ -7,7 +7,7 @@ # No point diagnosing any more if the module wasn't copied properly shell('ls /etc/puppetlabs/code/modules/puppetdb') do |r| r.exit_code.should be_zero - r.stdout.should =~ %r{metadata\.json} + r.stdout.should contain 'metadata.json' r.stderr.should == '' end end diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb index 0b734325..e664ea74 100644 --- a/spec/spec_helper_acceptance.rb +++ b/spec/spec_helper_acceptance.rb @@ -60,11 +60,11 @@ def build_url(platform) end hosts.each do |host| - if host['platform'] =~ %r{debian} + if host['platform'].include? 'debian' on host, 'echo \'export PATH=/var/lib/gems/1.8/bin/:${PATH}\' >> ~/.bashrc' end # install_puppet - if host['platform'] =~ %r{el-(5|6|7|8)} + if host['platform'].match? %r{el-(5|6|7|8)} relver = Regexp.last_match(1) on host, "rpm -ivh #{build_url('el')}#{relver}.noarch.rpm" on host, 'yum install -y puppetserver' @@ -77,11 +77,11 @@ def build_url(platform) on host, 'dnf install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm' on host, 'dnf -qy module disable postgresql' end - elsif host['platform'] =~ %r{fedora-(\d+)} + elsif host['platform'].match? %r{fedora-(\d+)} relver = Regexp.last_match(1) on host, "rpm -ivh #{build_url('fedora')}#{relver}.noarch.rpm" on host, 'yum install -y puppetserver' - elsif host['platform'] =~ %r{(ubuntu|debian)} + elsif host['platform'].match? %r{(ubuntu|debian)} unless host.check_for_package 'curl' on host, 'apt-get install -y curl' end @@ -121,7 +121,7 @@ def build_url(platform) 'puppet7' end install_puppet_agent_on(hosts, opts) unless ENV['BEAKER_provision'] == 'no' -install_ca_certs unless ENV['PUPPET_INSTALL_TYPE'] =~ %r{pe}i +install_ca_certs unless ENV['PUPPET_INSTALL_TYPE'].match? %r{pe}i install_module_on(hosts) install_module_dependencies_on(hosts) @@ -129,7 +129,7 @@ def build_url(platform) # Readable test descriptions c.formatter = :documentation hosts.each do |host| - if host[:platform] =~ %r{el-7-x86_64} && host[:hypervisor] =~ %r{docker} + if host[:platform].include?('el-7-x86_64') && host[:hypervisor].include?('docker') on(host, "sed -i '/nodocs/d' /etc/yum.conf") end end From d8a026a5a44864c4c342bbd92517627e8306978c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Romain=20Tarti=C3=A8re?= Date: Wed, 9 Feb 2022 09:52:47 -1000 Subject: [PATCH 08/97] Modernize/Fix CI * Fix acceptance tests to work with Litmus * Fix acceptance test installation path of puppet modules * update/add dependencies to fixtures * Fix CI failures related to legacy facts * More CI fixes with latest posgresql module * Remove local facts overrides They break adding facts from a context. * Match the ensure value of the manifest This was changed in 68d8c64b0d62c58f95441e711509829abd9e6fd3 to fix puppet lint issues, but as the test suite was not run it passed through. * Match owner / mode of the manifest This was changed in 010bf136c78ff84c54903322505aaca6af3d13f8 to match best practice, but as the test suite was not run it passed through. * Add path to the custom facts The systemd module use this to run `systemctl daemon-reload`. Set an arbitrary value to avoid: > Validation of Exec[systemd-postgresql.service-systemctl-daemon-reload] failed: 'systemctl' is not qualified and no path was specified. Please qualify the command or specify a path. --- .fixtures.yml | 17 ++- .sync.yml | 2 + spec/acceptance/basic_spec.rb | 21 ++- spec/default_facts.yml | 9 -- spec/spec_helper_acceptance.rb | 138 +----------------- spec/unit/classes/database/postgresql_spec.rb | 1 + .../database/ssl_configuration_spec.rb | 10 +- spec/unit/classes/init_spec.rb | 2 +- spec/unit/classes/master/config_spec.rb | 4 +- .../unit/classes/master/puppetdb_conf_spec.rb | 1 + .../classes/master/report_processor_spec.rb | 1 + .../classes/server/command_processing_spec.rb | 5 +- spec/unit/classes/server/database_ini_spec.rb | 10 +- .../classes/server/db_connection_uri_spec.rb | 10 +- spec/unit/classes/server/db_read_uri_spec.rb | 10 +- spec/unit/classes/server/global_ini_spec.rb | 13 +- spec/unit/classes/server/jetty_ini_spec.rb | 9 +- spec/unit/classes/server/puppetdb_ini_spec.rb | 9 +- .../classes/server/read_database_ini_spec.rb | 10 +- spec/unit/classes/server_spec.rb | 3 +- spec/unit/util/puppetdb_validator_spec.rb | 69 ++++----- 21 files changed, 133 insertions(+), 221 deletions(-) delete mode 100644 spec/default_facts.yml diff --git a/.fixtures.yml b/.fixtures.yml index 34bf88cd..591090fc 100644 --- a/.fixtures.yml +++ b/.fixtures.yml @@ -10,6 +10,17 @@ fixtures: file_concat: 'https://github.com/electrical/puppet-lib-file_concat.git' systemd: 'https://github.com/camptocamp/puppet-systemd.git' cron: 'https://github.com/voxpupuli/puppet-cron.git' - cron_core: 'https://github.com/puppetlabs/puppetlabs-cron_core.git' - yumrepo_core: 'https://github.com/puppetlabs/puppetlabs-yumrepo_core.git' - augeas_core: 'https://github.com/puppetlabs/puppetlabs-augeas_core.git' + provision: 'https://github.com/puppetlabs/provision.git' + puppet_agent: 'https://github.com/puppetlabs/puppetlabs-puppet_agent.git' + facts: 'https://github.com/puppetlabs/puppetlabs-facts.git' + cron_core: + repo: https://github.com/puppetlabs/puppetlabs-cron_core.git + puppet_version: ">= 6.0.0" + yumrepo_core: + repo: https://github.com/puppetlabs/puppetlabs-yumrepo_core.git + puppet_version: ">= 6.0.0" + augeas_core: + repo: https://github.com/puppetlabs/puppetlabs-augeas_core.git + puppet_version: ">= 6.0.0" + symlinks: + puppetdb: '#{source_dir}' diff --git a/.sync.yml b/.sync.yml index a2cffa38..55bacc5c 100644 --- a/.sync.yml +++ b/.sync.yml @@ -17,6 +17,8 @@ Rakefile: - parameter_documentation - documentation - 140chars +spec/default_facts.yml: + unmanaged: true spec/spec_helper.rb: coverage_report: true minimum_code_coverage_percentage: 100 diff --git a/spec/acceptance/basic_spec.rb b/spec/acceptance/basic_spec.rb index f50db3ec..d137456d 100644 --- a/spec/acceptance/basic_spec.rb +++ b/spec/acceptance/basic_spec.rb @@ -1,17 +1,28 @@ -require 'beaker-puppet' -require 'beaker-pe' require 'spec_helper_acceptance' describe 'basic tests:' do it 'make sure we have copied the module across' do # No point diagnosing any more if the module wasn't copied properly - shell('ls /etc/puppetlabs/code/modules/puppetdb') do |r| + run_shell('ls /etc/puppetlabs/code/environments/production/modules/puppetdb') do |r| r.exit_code.should be_zero r.stdout.should contain 'metadata.json' r.stderr.should == '' end end + describe 'setup puppetserver' do + pp = <<-EOS + package { 'puppetserver': ensure => installed, } -> + exec { '/opt/puppetlabs/bin/puppetserver ca setup': creates => '/etc/puppetlabs/puppetserver/ca/ca_crt.pem', } + service { 'puppetserver': ensure => running, enable => true, } + EOS + + it 'make sure it runs without error' do + apply_manifest(pp, catch_errors: true) + apply_manifest(pp, catch_changes: true) + end + end + describe 'single node setup' do pp = <<-EOS # Single node setup @@ -72,7 +83,7 @@ class { 'puppetdb::master::config': apply_manifest(pp, catch_errors: true) apply_manifest(pp, catch_changes: true) - shell('cat /etc/puppetlabs/puppet/puppet.conf') do |r| + run_shell('cat /etc/puppetlabs/puppet/puppet.conf') do |r| expect(r.stdout).to match(%r{^reports\s*=\s*([^,]+,)*puppetdb(,[^,]+)*$}) end end @@ -91,7 +102,7 @@ class { 'puppetdb::master::config': apply_manifest(pp, catch_errors: true) apply_manifest(pp, catch_changes: true) - shell('psql "postgresql://puppetdb-read:puppetdb-read@localhost/puppetdb" -c "create table tables(id int)" || true') do |r| + run_shell('psql "postgresql://puppetdb-read:puppetdb-read@localhost/puppetdb" -c "create table tables(id int)" || true') do |r| expect(r.stderr).to match(%r{^ERROR: permission denied for schema public.*}) end end diff --git a/spec/default_facts.yml b/spec/default_facts.yml deleted file mode 100644 index 3346c394..00000000 --- a/spec/default_facts.yml +++ /dev/null @@ -1,9 +0,0 @@ -# Use default_module_facts.yml for module specific facts. -# -# Facts specified here will override the values provided by rspec-puppet-facts. ---- -networking: - ip: "172.16.254.254" - ip6: "FE80:0000:0000:0000:AAAA:AAAA:AAAA" - mac: "AA:AA:AA:AA:AA:AA" -is_pe: false diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb index e664ea74..73a02388 100644 --- a/spec/spec_helper_acceptance.rb +++ b/spec/spec_helper_acceptance.rb @@ -1,136 +1,6 @@ -require 'beaker-rspec' -require 'beaker-puppet' -require 'beaker/puppet_install_helper' -require 'beaker/module_install_helper' +# frozen_string_literal: true -def use_puppet4? - (ENV['PUPPET_INSTALL_VERSION'] =~ %r{^2016}) ? true : false -end +require 'puppet_litmus' +PuppetLitmus.configure! -def use_puppet5? - (ENV['BEAKER_PUPPET_COLLECTION'] =~ %r{^puppet5}) ? true : false -end - -def use_puppet6? - (ENV['BEAKER_PUPPET_COLLECTION'] =~ %r{^puppet6}) ? true : false -end - -def use_puppet7? - (ENV['BEAKER_PUPPET_COLLECTION'] =~ %r{^puppet7}) ? true : false -end - -def build_url(platform) - if use_puppet4? - url4 = 'http://%{mngr}.puppetlabs.com/puppetlabs-release-pc1%{plat}' - case platform - when 'el' then url4 % { mngr: 'yum', plat: '-el-' } - when 'fedora' then url4 % { mngr: 'yum', plat: '-fedora-' } - when 'debian', 'ubuntu' then url4 % { mngr: 'apt', plat: '-' } - else - raise "build_url() called with unsupported platform '#{platform}'" - end - elsif use_puppet5? - url5 = 'http://%{mngr}.puppetlabs.com/%{dir}puppet5-release%{plat}' - case platform - when 'el' then url5 % { mngr: 'yum', dir: 'puppet5/', plat: '-el-' } - when 'fedora' then url5 % { mngr: 'yum', dir: 'puppet5/', plat: '-fedora-' } - when 'debian', 'ubuntu' then url5 % { mngr: 'apt', dir: '', plat: '-' } - else - raise "build_url() called with unsupported platform '#{platform}'" - end - elsif use_puppet6? - url6 = 'http://%{mngr}.puppetlabs.com/%{dir}puppet6-release%{plat}' - case platform - when 'el' then url6 % { mngr: 'yum', dir: 'puppet6/', plat: '-el-' } - when 'fedora' then url6 % { mngr: 'yum', dir: 'puppet6/', plat: '-fedora-' } - when 'debian', 'ubuntu' then url6 % { mngr: 'apt', dir: '', plat: '-' } - else - raise "build_url() called with unsupported platform '#{platform}'" - end - else - url7 = 'http://%{mngr}.puppetlabs.com/%{dir}puppet7-release%{plat}' - case platform - when 'el' then url7 % { mngr: 'yum', dir: 'puppet7/', plat: '-el-' } - when 'fedora' then url7 % { mngr: 'yum', dir: 'puppet7/', plat: '-fedora-' } - when 'debian', 'ubuntu' then url7 % { mngr: 'apt', dir: '', plat: '-' } - else - raise "build_url() called with unsupported platform '#{platform}'" - end - end -end - -hosts.each do |host| - if host['platform'].include? 'debian' - on host, 'echo \'export PATH=/var/lib/gems/1.8/bin/:${PATH}\' >> ~/.bashrc' - end - # install_puppet - if host['platform'].match? %r{el-(5|6|7|8)} - relver = Regexp.last_match(1) - on host, "rpm -ivh #{build_url('el')}#{relver}.noarch.rpm" - on host, 'yum install -y puppetserver' - on host, '/opt/puppetlabs/bin/puppetserver ca setup' - - # TODO: we should probably be using the relatively new postgresql - # module settings manage_dnf_module on el8 when we are managing the postgresql - # database - if relver == '8' - on host, 'dnf install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm' - on host, 'dnf -qy module disable postgresql' - end - elsif host['platform'].match? %r{fedora-(\d+)} - relver = Regexp.last_match(1) - on host, "rpm -ivh #{build_url('fedora')}#{relver}.noarch.rpm" - on host, 'yum install -y puppetserver' - elsif host['platform'].match? %r{(ubuntu|debian)} - unless host.check_for_package 'curl' - on host, 'apt-get install -y curl' - end - # For openjdk8 - if host['platform'].version == '8' && !use_puppet4? - create_remote_file(host, - '/etc/apt/sources.list.d/jessie-backports.list', - 'deb https://artifactory.delivery.puppetlabs.net/artifactory/debian_archive__remote/ jessie-backports main') - on host, 'apt-get -y -m update' - install_package(host, 'openjdk-8-jre-headless') - end - on host, 'apt-get install apt-transport-https --assume-yes' - on host, "curl -O #{build_url('debian')}$(lsb_release -c -s).deb" - if use_puppet4? - on host, 'dpkg -i puppetlabs-release-pc1-$(lsb_release -c -s).deb' - elsif use_puppet5? - on host, 'dpkg -i puppet5-release-$(lsb_release -c -s).deb' - elsif use_puppet6? - on host, 'dpkg -i puppet6-release-$(lsb_release -c -s).deb' - else - on host, 'dpkg -i puppet7-release-$(lsb_release -c -s).deb' - end - on host, 'apt-get -y -m update' - on host, 'apt-get install -y puppetserver' - on host, '/opt/puppetlabs/bin/puppetserver ca setup' - else - raise "install_puppet() called for unsupported platform '#{host['platform']}' on '#{host.name}'" - end -end - -opts = { puppet_agent_version: 'latest' } -opts[:puppet_collection] = if use_puppet5? - 'puppet5' - elsif use_puppet6? - 'puppet6' - elsif use_puppet7? - 'puppet7' - end -install_puppet_agent_on(hosts, opts) unless ENV['BEAKER_provision'] == 'no' -install_ca_certs unless ENV['PUPPET_INSTALL_TYPE'].match? %r{pe}i -install_module_on(hosts) -install_module_dependencies_on(hosts) - -RSpec.configure do |c| - # Readable test descriptions - c.formatter = :documentation - hosts.each do |host| - if host[:platform].include?('el-7-x86_64') && host[:hypervisor].include?('docker') - on(host, "sed -i '/nodocs/d' /etc/yum.conf") - end - end -end +require 'spec_helper_acceptance_local' if File.file?(File.join(File.dirname(__FILE__), 'spec_helper_acceptance_local.rb')) diff --git a/spec/unit/classes/database/postgresql_spec.rb b/spec/unit/classes/database/postgresql_spec.rb index d53066e7..efc92e69 100644 --- a/spec/unit/classes/database/postgresql_spec.rb +++ b/spec/unit/classes/database/postgresql_spec.rb @@ -16,6 +16,7 @@ release: { 'full' => '7.0', 'major' => '7' }, selinux: { 'enabled' => true }, }, + service_provider: 'systemd', } end diff --git a/spec/unit/classes/database/ssl_configuration_spec.rb b/spec/unit/classes/database/ssl_configuration_spec.rb index b5620df2..1ee8cc7a 100644 --- a/spec/unit/classes/database/ssl_configuration_spec.rb +++ b/spec/unit/classes/database/ssl_configuration_spec.rb @@ -10,13 +10,17 @@ operatingsystemrelease: '7.0', kernel: 'Linux', selinux: true, + path: '/usr/bin:/bin', os: { family: 'RedHat', name: 'RedHat', release: { 'full' => '7.0', 'major' => '7' }, selinux: { 'enabled' => true }, }, - fqdn: 'cheery-rime@puppet', + networking: { + fqdn: 'cheery-rime@puppet', + }, + service_provider: 'systemd', } end @@ -125,7 +129,7 @@ it 'has ident rule' do is_expected.to contain_postgresql__server__pg_ident_rule("Map the SSL certificate of the server as a #{params[:database_username]} user") .with_map_name(identity_map) - .with_system_username(facts[:fqdn]) + .with_system_username(facts[:networking][:fqdn]) .with_database_username(params[:database_name]) end @@ -184,7 +188,7 @@ it 'has read ident rule' do is_expected.to contain_postgresql__server__pg_ident_rule("Map the SSL certificate of the server as a #{params[:read_database_username]} user") .with_map_name(read_identity_map) - .with_system_username(facts[:fqdn]) + .with_system_username(facts[:networking][:fqdn]) .with_database_username(params[:read_database_username]) end end diff --git a/spec/unit/classes/init_spec.rb b/spec/unit/classes/init_spec.rb index d35eee37..f9532ee7 100644 --- a/spec/unit/classes/init_spec.rb +++ b/spec/unit/classes/init_spec.rb @@ -6,7 +6,7 @@ on_supported_os.each do |os, facts| context "on #{os}" do let(:facts) do - facts.merge(selinux: false) + facts.merge(selinux: false, service_provider: 'systemd') end describe 'when using default values for puppetdb class' do diff --git a/spec/unit/classes/master/config_spec.rb b/spec/unit/classes/master/config_spec.rb index 17a338ab..72496edf 100644 --- a/spec/unit/classes/master/config_spec.rb +++ b/spec/unit/classes/master/config_spec.rb @@ -5,7 +5,8 @@ context "on #{os}" do let(:facts) do facts.merge(puppetversion: Puppet.version, - fqdn: 'puppetdb.example.com', + networking: { fqdn: 'puppetdb.example.com' }, + service_provider: 'systemd', selinux: true) end @@ -114,6 +115,7 @@ release: { 'full' => '7.0', 'major' => '7' }, selinux: { 'enabled' => true }, }, + service_provider: 'systemd', } end diff --git a/spec/unit/classes/master/puppetdb_conf_spec.rb b/spec/unit/classes/master/puppetdb_conf_spec.rb index 9444eb06..f3b65c52 100644 --- a/spec/unit/classes/master/puppetdb_conf_spec.rb +++ b/spec/unit/classes/master/puppetdb_conf_spec.rb @@ -9,6 +9,7 @@ context "on #{os}" do let(:facts) do facts.merge(puppetversion: Puppet.version, + service_provider: 'systemd', selinux: false) end diff --git a/spec/unit/classes/master/report_processor_spec.rb b/spec/unit/classes/master/report_processor_spec.rb index 9a68f82c..4473f69e 100644 --- a/spec/unit/classes/master/report_processor_spec.rb +++ b/spec/unit/classes/master/report_processor_spec.rb @@ -12,6 +12,7 @@ context "on #{os}" do let(:facts) do facts.merge(puppetversion: Puppet.version, + service_provider: 'systemd', clientcert: 'test.domain.local') end diff --git a/spec/unit/classes/server/command_processing_spec.rb b/spec/unit/classes/server/command_processing_spec.rb index 06a9315f..d1d4a835 100644 --- a/spec/unit/classes/server/command_processing_spec.rb +++ b/spec/unit/classes/server/command_processing_spec.rb @@ -4,8 +4,11 @@ context 'on a supported platform' do let(:facts) do { - osfamily: 'OpenBSD', + os: { + family: 'OpenBSD', + }, puppetversion: Puppet.version, + service_provider: 'systemd', } end diff --git a/spec/unit/classes/server/database_ini_spec.rb b/spec/unit/classes/server/database_ini_spec.rb index 06f2865c..9df8a4e4 100644 --- a/spec/unit/classes/server/database_ini_spec.rb +++ b/spec/unit/classes/server/database_ini_spec.rb @@ -4,11 +4,15 @@ context 'on a supported platform' do let(:facts) do { - osfamily: 'RedHat', - operatingsystem: 'RedHat', + os: { + family: 'RedHat', + }, puppetversion: Puppet.version, operatingsystemrelease: '7.0', - fqdn: 'test.domain.local', + networking: { + fqdn: 'test.domain.local', + }, + service_provider: 'systemd', } end diff --git a/spec/unit/classes/server/db_connection_uri_spec.rb b/spec/unit/classes/server/db_connection_uri_spec.rb index 1c949e2e..80d0bad5 100644 --- a/spec/unit/classes/server/db_connection_uri_spec.rb +++ b/spec/unit/classes/server/db_connection_uri_spec.rb @@ -4,10 +4,14 @@ context 'on a supported platform' do let(:facts) do { - osfamily: 'RedHat', - operatingsystem: 'RedHat', + os: { + family: 'RedHat', + }, operatingsystemrelease: '7.0', - fqdn: 'test.domain.local', + networking: { + fqdn: 'test.domain.local', + }, + service_provider: 'systemd', } end diff --git a/spec/unit/classes/server/db_read_uri_spec.rb b/spec/unit/classes/server/db_read_uri_spec.rb index b7943e15..c9bb0992 100644 --- a/spec/unit/classes/server/db_read_uri_spec.rb +++ b/spec/unit/classes/server/db_read_uri_spec.rb @@ -4,10 +4,14 @@ context 'on a supported platform' do let(:facts) do { - osfamily: 'RedHat', - operatingsystem: 'RedHat', + os: { + family: 'RedHat', + }, operatingsystemrelease: '7.0', - fqdn: 'test.domain.local', + networking: { + fqdn: 'test.domain.local', + }, + service_provider: 'systemd', } end diff --git a/spec/unit/classes/server/global_ini_spec.rb b/spec/unit/classes/server/global_ini_spec.rb index 9b7b75a2..4101852b 100644 --- a/spec/unit/classes/server/global_ini_spec.rb +++ b/spec/unit/classes/server/global_ini_spec.rb @@ -4,8 +4,13 @@ context 'on a supported platform' do let(:facts) do { - osfamily: 'RedHat', - fqdn: 'foo.com', + os: { + family: 'RedHat', + }, + networking: { + fqdn: 'foo.com', + }, + service_provider: 'systemd', } end @@ -26,9 +31,9 @@ is_expected.to contain_file('/etc/puppetlabs/puppetdb/conf.d/config.ini') .with( 'ensure' => 'file', - 'owner' => 'puppetdb', + 'owner' => 'root', 'group' => 'puppetdb', - 'mode' => '0600', + 'mode' => '0640', ) } end diff --git a/spec/unit/classes/server/jetty_ini_spec.rb b/spec/unit/classes/server/jetty_ini_spec.rb index 749d4238..bf54959f 100644 --- a/spec/unit/classes/server/jetty_ini_spec.rb +++ b/spec/unit/classes/server/jetty_ini_spec.rb @@ -4,8 +4,13 @@ context 'on a supported platform' do let(:facts) do { - osfamily: 'RedHat', - fqdn: 'test.domain.local', + os: { + family: 'RedHat', + }, + networking: { + fqdn: 'test.domain.local', + }, + service_provider: 'systemd', } end diff --git a/spec/unit/classes/server/puppetdb_ini_spec.rb b/spec/unit/classes/server/puppetdb_ini_spec.rb index a64fb25e..abcb7bd6 100644 --- a/spec/unit/classes/server/puppetdb_ini_spec.rb +++ b/spec/unit/classes/server/puppetdb_ini_spec.rb @@ -4,8 +4,13 @@ context 'on a supported platform' do let(:facts) do { - osfamily: 'RedHat', - fqdn: 'test.domain.local', + os: { + family: 'RedHat', + }, + networking: { + fqdn: 'test.domain.local', + }, + service_provider: 'systemd', } end diff --git a/spec/unit/classes/server/read_database_ini_spec.rb b/spec/unit/classes/server/read_database_ini_spec.rb index 502cdbcd..e637428a 100644 --- a/spec/unit/classes/server/read_database_ini_spec.rb +++ b/spec/unit/classes/server/read_database_ini_spec.rb @@ -4,11 +4,15 @@ context 'on a supported platform' do let(:facts) do { - osfamily: 'RedHat', - operatingsystem: 'RedHat', + os: { + family: 'RedHat', + }, puppetversion: Puppet.version, operatingsystemrelease: '7.0', - fqdn: 'test.domain.local', + networking: { + fqdn: 'test.domain.local', + }, + service_provider: 'systemd', } end diff --git a/spec/unit/classes/server_spec.rb b/spec/unit/classes/server_spec.rb index c3d2d315..6ffbf4e3 100644 --- a/spec/unit/classes/server_spec.rb +++ b/spec/unit/classes/server_spec.rb @@ -9,6 +9,7 @@ context "on #{os}" do let(:facts) do facts.merge(puppetversion: Puppet.version, + service_provider: 'systemd', selinux: true) end @@ -201,7 +202,7 @@ it 'contains file private.pk8' do is_expected.to contain_file('/etc/puppetlabs/puppetdb/ssl/private.pk8') .with( - ensure: 'present', + ensure: 'file', owner: 'puppetdb', group: 'puppetdb', mode: '0600', diff --git a/spec/unit/util/puppetdb_validator_spec.rb b/spec/unit/util/puppetdb_validator_spec.rb index c96cd801..47355f5a 100644 --- a/spec/unit/util/puppetdb_validator_spec.rb +++ b/spec/unit/util/puppetdb_validator_spec.rb @@ -8,51 +8,34 @@ url = '/pdb/meta/v1/version' if Puppet::PUPPETVERSION.to_f < 7 - conn_ok = stub - conn_ok.stubs(:get).with(url, 'Accept' => 'application/json').returns(nethttpok) - conn_ok.stubs(:read_timeout=).with(2) - conn_ok.stubs(:open_timeout=).with(2) + conn_ok = double + allow(conn_ok).to receive(:get).with(url, 'Accept' => 'application/json').and_return(nethttpok) + allow(conn_ok).to receive(:read_timeout=).with(2) + allow(conn_ok).to receive(:open_timeout=).with(2) - conn_not_found = stub - conn_not_found.stubs(:get).with('/pdb/meta/v1/version', 'Accept' => 'application/json').returns(notfound) + conn_not_found = double + allow(conn_not_found).to receive(:get).with('/pdb/meta/v1/version', 'Accept' => 'application/json').and_return(notfound) - Puppet::Network::HttpPool.stubs(:http_instance).raises('Unknown host') - Puppet::Network::HttpPool.stubs(:http_instance).with('mypuppetdb.com', 8080, true).raises('Connection refused') - Puppet::Network::HttpPool.stubs(:http_instance).with('mypuppetdb.com', 8080, false).returns(conn_ok) - Puppet::Network::HttpPool.stubs(:http_instance).with('mypuppetdb.com', 8081, true).returns(conn_ok) - Puppet::Network::HttpPool.stubs(:http_instance).with('wrongserver.com', 8081, true).returns(conn_not_found) + allow(Puppet::Network::HttpPool).to receive(:http_instance).and_raise('Unknown host') + allow(Puppet::Network::HttpPool).to receive(:http_instance).with('mypuppetdb.com', 8080, true).and_raise('Connection refused') + allow(Puppet::Network::HttpPool).to receive(:http_instance).with('mypuppetdb.com', 8080, false).and_return(conn_ok) + allow(Puppet::Network::HttpPool).to receive(:http_instance).with('mypuppetdb.com', 8081, true).and_return(conn_ok) + allow(Puppet::Network::HttpPool).to receive(:http_instance).with('wrongserver.com', 8081, true).and_return(conn_not_found) else - http = stub - Puppet::HTTP::Client.stubs(:new).returns(http) + http = double + allow(Puppet::HTTP::Client).to receive(:new).and_return(http) - http.stubs(:get).with { |uri, _opts| - uri.hostname == 'mypuppetdb.com' && - uri.port == 8080 && - uri.scheme == 'https' - }.raises Puppet::HTTP::HTTPError, 'Connection refused' + allow(http).to receive(:get) do |uri, _opts| + raise(Puppet::HTTP::HTTPError, 'Connection refused') if uri.hostname == 'mypuppetdb.com' && uri.port == 8080 && uri.scheme == 'https' + raise Puppet::HTTP::ResponseError, Puppet::HTTP::ResponseNetHTTP.new(url, notfound) if uri.hostname == 'wrongserver.com' && uri.port == 8081 && uri.scheme == 'https' + raise Puppet::HTTP::HTTPError, 'Unknown host' if uri.hostname == 'non-existing.com' && uri.scheme == 'https' - http.stubs(:get).with { |uri, _opts| - uri.hostname == 'mypuppetdb.com' && - uri.port == 8080 && - uri.scheme == 'http' - }.returns(Puppet::HTTP::ResponseNetHTTP.new(url, nethttpok)) - - http.stubs(:get).with { |uri, _opts| - uri.hostname == 'mypuppetdb.com' && - uri.port == 8081 && - uri.scheme == 'https' - }.returns(Puppet::HTTP::ResponseNetHTTP.new(url, nethttpok)) - - http.stubs(:get).with { |uri, _opts| - uri.hostname == 'wrongserver.com' && - uri.port == 8081 && - uri.scheme == 'https' - }.raises Puppet::HTTP::ResponseError, Puppet::HTTP::ResponseNetHTTP.new(url, notfound) - - http.stubs(:get).with { |uri, _opts| - uri.hostname == 'non-existing.com' && - uri.scheme == 'https' - }.raises Puppet::HTTP::HTTPError, 'Unknown host' + if uri.hostname == 'mypuppetdb.com' && uri.port == 8080 && uri.scheme == 'http' + Puppet::HTTP::ResponseNetHTTP.new(url, nethttpok) + elsif uri.hostname == 'mypuppetdb.com' && uri.port == 8081 && uri.scheme == 'https' + Puppet::HTTP::ResponseNetHTTP.new(url, nethttpok) + end + end end end @@ -70,7 +53,7 @@ puppetdb_server = 'mypuppetdb.com' puppetdb_port = 8080 validator = Puppet::Util::PuppetdbValidator.new(puppetdb_server, puppetdb_port) - Puppet.expects(:notice).with("Unable to connect to puppetdb server (https://#{puppetdb_server}:#{puppetdb_port}): Connection refused") + expect(Puppet).to receive(:notice).with("Unable to connect to puppetdb server (https://#{puppetdb_server}:#{puppetdb_port}): Connection refused") expect(validator.attempt_connection).to be false end @@ -78,7 +61,7 @@ puppetdb_server = 'wrongserver.com' puppetdb_port = 8081 validator = Puppet::Util::PuppetdbValidator.new(puppetdb_server, puppetdb_port) - Puppet.expects(:notice).with("Unable to connect to puppetdb server (https://#{puppetdb_server}:#{puppetdb_port}): [404] Not found") + expect(Puppet).to receive(:notice).with("Unable to connect to puppetdb server (https://#{puppetdb_server}:#{puppetdb_port}): [404] Not found") expect(validator.attempt_connection).to be false end @@ -86,7 +69,7 @@ puppetdb_server = 'non-existing.com' puppetdb_port = nil validator = Puppet::Util::PuppetdbValidator.new(puppetdb_server, puppetdb_port) - Puppet.expects(:notice).with("Unable to connect to puppetdb server (https://#{puppetdb_server}:#{puppetdb_port}): Unknown host") + expect(Puppet).to receive(:notice).with("Unable to connect to puppetdb server (https://#{puppetdb_server}:#{puppetdb_port}): Unknown host") expect(validator.attempt_connection).to be false end end From fd6493bd283813e57970a3a41d9165d8f13b3dba Mon Sep 17 00:00:00 2001 From: Austin Blatt Date: Tue, 18 Apr 2023 20:39:14 -0700 Subject: [PATCH 09/97] (PDB-5611) Update legacy facts to structured form --- manifests/master/config.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/master/config.pp b/manifests/master/config.pp index 7b5eabbc..7463ed3e 100644 --- a/manifests/master/config.pp +++ b/manifests/master/config.pp @@ -52,7 +52,7 @@ # installed to revert the change. if !($puppetdb::params::puppetdb_version in ['present','absent']) and versioncmp($puppetdb::params::puppetdb_version, '3.0.0') >= 0 - and $::osfamily in ['RedHat','Suse'] { + and $facts['os']['family'] in ['RedHat','Suse'] { exec { 'Remove puppetdb-terminus metadata for upgrade': command => 'rpm -e --justdb puppetdb-terminus', path => '/sbin/:/bin/', From c92b64967addf967250dc1e4f0268583d9198a0f Mon Sep 17 00:00:00 2001 From: Austin Blatt Date: Wed, 19 Apr 2023 12:33:26 -0700 Subject: [PATCH 10/97] Update module version to 7.13.0 - Add release notes - The module should now be compatible with puppet agent 8.0.0 which removes legacy facts --- CHANGELOG.md | 4 ++++ metadata.json | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d7fb5b36..48dab6d6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,10 @@ Release notes for the puppetlabs-puppetdb module. +#### 7.13.0 - 2022/04/19 +* Replace usage of legacy ::osfamily fact with structured form + [PDB-5611](https://tickets.puppetlabs.com/browse/PDB-5611) + #### 7.12.0 - 2022/12/13 * Grant read role to write user to fix database user permissions issue [PDB-5559](https://tickets.puppetlabs.com/browse/PDB-5559) diff --git a/metadata.json b/metadata.json index ef362ab5..957fd304 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "puppetlabs-puppetdb", - "version": "7.12.0", + "version": "7.13.0", "author": "puppetlabs", "summary": "Installs PostgreSQL and PuppetDB, sets up the connection to Puppet master.", "license": "Apache-2.0", @@ -84,7 +84,7 @@ "requirements": [ { "name": "puppet", - "version_requirement": ">= 4.10.0 < 8.0.0" + "version_requirement": ">= 4.10.0 < 9.0.0" } ], "description": "Module for installing/configuring PuppetDB", From 07ece29401aca084bb1aaf6f6690dc8d54c92de6 Mon Sep 17 00:00:00 2001 From: Steffen Zieger Date: Fri, 26 May 2023 17:29:41 +0200 Subject: [PATCH 11/97] Allow newer dependencies --- metadata.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/metadata.json b/metadata.json index 957fd304..113d14da 100644 --- a/metadata.json +++ b/metadata.json @@ -10,15 +10,15 @@ "dependencies": [ { "name": "puppetlabs/inifile", - "version_requirement": ">= 1.1.3 < 6.0.0" + "version_requirement": ">= 1.1.3 < 7.0.0" }, { "name": "puppetlabs/postgresql", - "version_requirement": ">= 6.5.0 < 9.0.0" + "version_requirement": ">= 6.5.0 < 10.0.0" }, { "name": "puppetlabs/firewall", - "version_requirement": ">= 1.1.3 < 4.0.0" + "version_requirement": ">= 1.1.3 < 6.0.0" }, { "name": "puppetlabs/stdlib", From a415fe15db5ae75195eb61bcfaa43c4166248d34 Mon Sep 17 00:00:00 2001 From: Ben Ford Date: Tue, 30 May 2023 14:11:46 -0700 Subject: [PATCH 12/97] Update CODEOWNERS Adding Trusted Contributors to the CODEOWNERS will allow them to meet our branch protection rules and merge pull requests. If you would rather keep that privilege for your own team, then you can decline this PR. --- CODEOWNERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CODEOWNERS b/CODEOWNERS index 7de0852e..3f6b27b9 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -1 +1 @@ -* @puppetlabs/puppetdb +* @puppetlabs/puppetdb @bastelfreak From cbf3a76e9d77d7e795ffe0f521f270a451fe51ee Mon Sep 17 00:00:00 2001 From: Ben Ford Date: Tue, 30 May 2023 14:43:52 -0700 Subject: [PATCH 13/97] Update CODEOWNERS Reconciling trusted contributors list. --- CODEOWNERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CODEOWNERS b/CODEOWNERS index 3f6b27b9..93cbbac6 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -1 +1 @@ -* @puppetlabs/puppetdb @bastelfreak +* @puppetlabs/puppetdb @bastelfreak @smortex From 7b54f2791313cd648fefa3fbcb8cfcdf44b43bd6 Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Wed, 9 Feb 2022 21:30:30 +0100 Subject: [PATCH 14/97] Drop EoL CentOS 6 --- metadata.json | 4 ---- 1 file changed, 4 deletions(-) diff --git a/metadata.json b/metadata.json index 113d14da..5f420c47 100644 --- a/metadata.json +++ b/metadata.json @@ -29,7 +29,6 @@ { "operatingsystem": "RedHat", "operatingsystemrelease": [ - "6", "7", "8" ] @@ -37,7 +36,6 @@ { "operatingsystem": "CentOS", "operatingsystemrelease": [ - "6", "7", "8" ] @@ -45,7 +43,6 @@ { "operatingsystem": "OracleLinux", "operatingsystemrelease": [ - "6", "7", "8" ] @@ -53,7 +50,6 @@ { "operatingsystem": "Scientific", "operatingsystemrelease": [ - "6", "7" ] }, From b40d7d101a707acaffd09c848371847ccf9e0fcb Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Wed, 9 Feb 2022 21:32:27 +0100 Subject: [PATCH 15/97] Drop EoL Debian 8/9 --- metadata.json | 2 -- 1 file changed, 2 deletions(-) diff --git a/metadata.json b/metadata.json index 113d14da..d33925dc 100644 --- a/metadata.json +++ b/metadata.json @@ -66,8 +66,6 @@ { "operatingsystem": "Debian", "operatingsystemrelease": [ - "8", - "9", "10", "11" ] From 09b52c6d57fa64b0b48d34824bb7fb5c2c374298 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Romain=20Tarti=C3=A8re?= Date: Wed, 28 Jun 2023 15:13:07 -1000 Subject: [PATCH 16/97] Allow puppetlabs/stdlib 9.x --- metadata.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/metadata.json b/metadata.json index 113d14da..a294a577 100644 --- a/metadata.json +++ b/metadata.json @@ -22,7 +22,7 @@ }, { "name": "puppetlabs/stdlib", - "version_requirement": ">= 4.13.1 < 9.0.0" + "version_requirement": ">= 4.13.1 < 10.0.0" } ], "operatingsystem_support": [ From 1e2b04ecb137ac2dc3241112db6da51847b57e22 Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Sun, 30 Jul 2023 20:27:01 +0200 Subject: [PATCH 17/97] puppetlabs/firewall: Allow 6.x --- metadata.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/metadata.json b/metadata.json index a294a577..efc291ca 100644 --- a/metadata.json +++ b/metadata.json @@ -18,7 +18,7 @@ }, { "name": "puppetlabs/firewall", - "version_requirement": ">= 1.1.3 < 6.0.0" + "version_requirement": ">= 1.1.3 < 7.0.0" }, { "name": "puppetlabs/stdlib", From 25360545f2a4d19986f252e574b24b65f2e49483 Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Sun, 30 Jul 2023 20:27:55 +0200 Subject: [PATCH 18/97] cleanup .fixtures.yml --- .fixtures.yml | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) diff --git a/.fixtures.yml b/.fixtures.yml index 82acacca..34bf88cd 100644 --- a/.fixtures.yml +++ b/.fixtures.yml @@ -1,3 +1,4 @@ +--- fixtures: repositories: inifile: 'https://github.com/puppetlabs/puppetlabs-inifile.git' @@ -9,14 +10,6 @@ fixtures: file_concat: 'https://github.com/electrical/puppet-lib-file_concat.git' systemd: 'https://github.com/camptocamp/puppet-systemd.git' cron: 'https://github.com/voxpupuli/puppet-cron.git' - cron_core: - repo: https://github.com/puppetlabs/puppetlabs-cron_core.git - puppet_version: ">= 6.0.0" - yumrepo_core: - repo: https://github.com/puppetlabs/puppetlabs-yumrepo_core.git - puppet_version: ">= 6.0.0" - augeas_core: - repo: https://github.com/puppetlabs/puppetlabs-augeas_core.git - puppet_version: ">= 6.0.0" - symlinks: - puppetdb: '#{source_dir}' + cron_core: 'https://github.com/puppetlabs/puppetlabs-cron_core.git' + yumrepo_core: 'https://github.com/puppetlabs/puppetlabs-yumrepo_core.git' + augeas_core: 'https://github.com/puppetlabs/puppetlabs-augeas_core.git' From 010bf136c78ff84c54903322505aaca6af3d13f8 Mon Sep 17 00:00:00 2001 From: Ewoud Kohl van Wijngaarden Date: Fri, 16 Sep 2022 12:15:44 +0200 Subject: [PATCH 19/97] Set owner of server config.ini to root The puppetdb user doesn't need to write to the config (it's managed by Puppet after all) so setting the owner to root and using the group to only read is safer. It is also closer to packaging, which ensures the owner is root after a package update. Ideally packaging would use the same group and mode as well so there isn't an event after a package update, but this change at least trims it down from 3 changes to 2. --- manifests/server/global.pp | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/manifests/server/global.pp b/manifests/server/global.pp index 4afcc62f..f03f281f 100644 --- a/manifests/server/global.pp +++ b/manifests/server/global.pp @@ -2,7 +2,6 @@ class puppetdb::server::global ( $vardir = $puppetdb::params::vardir, $confdir = $puppetdb::params::confdir, - $puppetdb_user = $puppetdb::params::puppetdb_user, $puppetdb_group = $puppetdb::params::puppetdb_group, ) inherits puppetdb::params { @@ -10,9 +9,9 @@ file { $config_ini: ensure => file, - owner => $puppetdb_user, + owner => 'root', group => $puppetdb_group, - mode => '0600', + mode => '0640', } # Set the defaults From 41a73fa993a460577eb144149346cb15fa8850d9 Mon Sep 17 00:00:00 2001 From: cocker-cc Date: Fri, 4 Aug 2023 13:08:45 +0200 Subject: [PATCH 20/97] Fix "has no parameter named 'puppetdb_user'" Fixes 010bf136c78ff84c54903322505aaca6af3d13f8 --- manifests/server.pp | 1 - 1 file changed, 1 deletion(-) diff --git a/manifests/server.pp b/manifests/server.pp index 8fd4bd95..b9def8af 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -149,7 +149,6 @@ class { 'puppetdb::server::global': vardir => $vardir, confdir => $confdir, - puppetdb_user => $puppetdb_user, puppetdb_group => $puppetdb_group, notify => Service[$puppetdb_service], } From 0053513364d07f0c78ade801bcdcf322abfbab18 Mon Sep 17 00:00:00 2001 From: Austin Blatt Date: Mon, 9 Oct 2023 09:51:28 -0700 Subject: [PATCH 21/97] Update module version to 7.14.0 --- CHANGELOG.md | 6 +++++- metadata.json | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 48dab6d6..f864e227 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,11 @@ Release notes for the puppetlabs-puppetdb module. -#### 7.13.0 - 2022/04/19 +#### 7.14.0 - 2023/10/09 +* Owner of puppetdb config.ini is now root +* Remove support for EOL OSes CentOS 6, Debian 8 & 9. + +#### 7.13.0 - 2023/04/19 * Replace usage of legacy ::osfamily fact with structured form [PDB-5611](https://tickets.puppetlabs.com/browse/PDB-5611) diff --git a/metadata.json b/metadata.json index 123f6890..9c222262 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "puppetlabs-puppetdb", - "version": "7.13.0", + "version": "7.14.0", "author": "puppetlabs", "summary": "Installs PostgreSQL and PuppetDB, sets up the connection to Puppet master.", "license": "Apache-2.0", From 56b42fc822b8fdbaee8ddf68fd53ac3f133385f9 Mon Sep 17 00:00:00 2001 From: Jeffrey Clark Date: Thu, 14 Dec 2023 09:58:52 -0600 Subject: [PATCH 22/97] make puppet_confdir configurable $settings::<> vars should generally be configurable because they hold the compilers value. This can be a problem if for example you're trying to use this module with Bolt, which returns a temp directory. --- manifests/globals.pp | 1 + manifests/params.pp | 12 ++++++------ 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/manifests/globals.pp b/manifests/globals.pp index 413339aa..d28304a8 100644 --- a/manifests/globals.pp +++ b/manifests/globals.pp @@ -2,6 +2,7 @@ class puppetdb::globals ( $version = 'present', $database = 'postgres', + Stdlib::Absolutepath $puppet_confdir = $settings::confdir, ) { if !(fact('os.family') in ['RedHat', 'Suse', 'Archlinux', 'Debian', 'OpenBSD', 'FreeBSD']) { diff --git a/manifests/params.pp b/manifests/params.pp index 456f7b4b..a57afa7f 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -91,21 +91,21 @@ $etcdir = '/etc/puppetdb' $vardir = '/var/lib/puppetdb' $database_embedded_path = "${vardir}/db/db" - $puppet_confdir = pick($settings::confdir,'/etc/puppet') + $puppet_confdir = pick($puppetdb::globals::puppet_confdir,'/etc/puppet') $puppet_service_name = 'puppetmaster' } 'OpenBSD': { $etcdir = '/etc/puppetdb' $vardir = '/var/db/puppetdb' $database_embedded_path = "${vardir}/db/db" - $puppet_confdir = pick($settings::confdir,'/etc/puppet') + $puppet_confdir = pick($puppetdb::globals::puppet_confdir,'/etc/puppet') $puppet_service_name = 'puppetmasterd' } 'FreeBSD': { $etcdir = '/usr/local/etc/puppetdb' $vardir = '/var/db/puppetdb' $database_embedded_path = "${vardir}/db/db" - $puppet_confdir = pick($settings::confdir,'/usr/local/etc/puppet') + $puppet_confdir = pick($puppetdb::globals::puppet_confdir,'/usr/local/etc/puppet') $puppet_service_name = 'puppetmaster' } default: { @@ -118,17 +118,17 @@ case fact('os.family') { 'RedHat', 'Suse', 'Archlinux','Debian': { $etcdir = '/etc/puppetlabs/puppetdb' - $puppet_confdir = pick($settings::confdir,'/etc/puppetlabs/puppet') + $puppet_confdir = pick($puppetdb::globals::puppet_confdir,'/etc/puppetlabs/puppet') $puppet_service_name = 'puppetserver' } 'OpenBSD': { $etcdir = '/etc/puppetlabs/puppetdb' - $puppet_confdir = pick($settings::confdir,'/etc/puppetlabs/puppet') + $puppet_confdir = pick($puppetdb::globals::puppet_confdir,'/etc/puppetlabs/puppet') $puppet_service_name = undef } 'FreeBSD': { $etcdir = '/usr/local/etc/puppetlabs/puppetdb' - $puppet_confdir = pick($settings::confdir,'/usr/local/etc/puppetlabs/puppet') + $puppet_confdir = pick($puppetdb::globals::puppet_confdir,'/usr/local/etc/puppetlabs/puppet') $puppet_service_name = undef } default: { From a56f755099f399cdb8be3089f4a38a8d90506107 Mon Sep 17 00:00:00 2001 From: jonathannewman Date: Fri, 5 Jan 2024 09:04:28 -0800 Subject: [PATCH 23/97] (maint) change postgres version to supported version Postgres 11 is no longer supported as an installation method from Postgres.org. As a result, installations will fail using `puppetlabs-postgresql` with failures like: ``` Error: /Stage[main]/Postgresql::Server::Install/Package[postgresql-server]/ensure: change from 'purged' to 'present' failed: Execution of '/usr/bin/yum -d 0 -e 0 -y install postgresql11-server' returned 1: One of the configured repositories failed (PostgreSQL 11 7 - x86_64), and yum doesn't have enough cached data to continue. At this point the only safe thing yum can do is fail. There are a few ways to work "fix" this: 1. Contact the upstream for the repository and get them to fix the problem. 2. Reconfigure the baseurl/etc. for the repository, to point to a working upstream. This is most often useful if you are using a newer distribution release than is supported by the repository (and the packages for the previous distribution release still work). 3. Disable the repository, so yum won't use it by default. Yum will then just ignore the repository until you permanently enable it again or use --enablerepo for temporary usage: yum-config-manager --disable yum.postgresql.org 4. Configure the failing repository to be skipped, if it is unavailable. Note that yum will try to contact the repo. when it runs most commands, so will have to try and fail each time (and thus. yum will be be much slower). If it is a very temporary problem though, this is often a nice compromise: yum-config-manager --save --setopt=yum.postgresql.org.skip_if_unavailable=true failure: repodata/repomd.xml from yum.postgresql.org: [Errno 256] No more mirrors to try. https://download.postgresql.org/pub/repos/yum/11/redhat/rhel-7-x86_64/repodata/repomd.xml: [Errno 14] HTTPS Error 404 - Not Found ``` To make matters more complicated, `puppetlabs-postgresql` is impacted by https://yum.postgresql.org/news/pgdg-rpm-repo-gpg-key-update/ see https://github.com/puppetlabs/puppetlabs-postgresql/issues/1565 so too will not work until a new version of that is released with a fix. --- manifests/params.pp | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/manifests/params.pp b/manifests/params.pp index 151e2251..2c45b519 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -24,11 +24,7 @@ $manage_pg_repo = false } - if $puppetdb_version in ['latest','present'] or versioncmp($puppetdb_version, '7.0.0') >= 0 { - $postgres_version = '11' - } else { - $postgres_version = '9.6' - } + $postgres_version = '14' $puppetdb_major_version = $puppetdb_version ? { 'latest' => '8', From 9e170da9a5aba098d61b706c6131d541a439d661 Mon Sep 17 00:00:00 2001 From: Jeffrey Clark Date: Mon, 29 Jan 2024 10:02:31 -0600 Subject: [PATCH 24/97] (maint) drop support for < puppet 7 --- CHANGELOG.md | 3 +++ metadata.json | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f864e227..1c037abe 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,9 @@ Release notes for the puppetlabs-puppetdb module. +#### Unreleased +* Drop support for Puppet 6 + #### 7.14.0 - 2023/10/09 * Owner of puppetdb config.ini is now root * Remove support for EOL OSes CentOS 6, Debian 8 & 9. diff --git a/metadata.json b/metadata.json index 9c222262..bb963855 100644 --- a/metadata.json +++ b/metadata.json @@ -78,7 +78,7 @@ "requirements": [ { "name": "puppet", - "version_requirement": ">= 4.10.0 < 9.0.0" + "version_requirement": ">= 7.0.0 < 9.0.0" } ], "description": "Module for installing/configuring PuppetDB", From d1a60a8e194eca950aba9d2e74e5cfe8058d4253 Mon Sep 17 00:00:00 2001 From: Jeffrey Clark Date: Mon, 29 Jan 2024 10:08:48 -0600 Subject: [PATCH 25/97] drop support for Ubuntu 16 and Scientific Linux 7 --- CHANGELOG.md | 1 + metadata.json | 7 ------- 2 files changed, 1 insertion(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1c037abe..5f4c56d2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,7 @@ Release notes for the puppetlabs-puppetdb module. #### Unreleased * Drop support for Puppet 6 +* Drop support for Ubuntu 16.04 and Scientific Linux 7 #### 7.14.0 - 2023/10/09 * Owner of puppetdb config.ini is now root diff --git a/metadata.json b/metadata.json index bb963855..7e8163d9 100644 --- a/metadata.json +++ b/metadata.json @@ -47,12 +47,6 @@ "8" ] }, - { - "operatingsystem": "Scientific", - "operatingsystemrelease": [ - "7" - ] - }, { "operatingsystem": "SLES", "operatingsystemrelease": [ @@ -69,7 +63,6 @@ { "operatingsystem": "Ubuntu", "operatingsystemrelease": [ - "16.04", "18.04", "20.04" ] From 5a8cabc7e2c8df1fe226bda533ca7373c31461e1 Mon Sep 17 00:00:00 2001 From: Jeffrey Clark Date: Mon, 29 Jan 2024 15:33:58 -0600 Subject: [PATCH 26/97] pin fixtures for modules where latest is not supported --- .fixtures.yml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/.fixtures.yml b/.fixtures.yml index 591090fc..49dda66c 100644 --- a/.fixtures.yml +++ b/.fixtures.yml @@ -3,8 +3,6 @@ fixtures: repositories: inifile: 'https://github.com/puppetlabs/puppetlabs-inifile.git' stdlib: 'https://github.com/puppetlabs/puppetlabs-stdlib.git' - postgresql: 'https://github.com/puppetlabs/puppet-postgresql.git' - firewall: 'https://github.com/puppetlabs/puppetlabs-firewall.git' apt: 'https://github.com/puppetlabs/puppetlabs-apt.git' concat: 'https://github.com/puppetlabs/puppetlabs-concat.git' file_concat: 'https://github.com/electrical/puppet-lib-file_concat.git' @@ -22,5 +20,12 @@ fixtures: augeas_core: repo: https://github.com/puppetlabs/puppetlabs-augeas_core.git puppet_version: ">= 6.0.0" + forge_modules: + postgresql: + repo: 'puppetlabs/postgresql' + ref: "9.2.0" + firewall: + repo: 'puppetlabs/firewall' + ref: "6.0.0" symlinks: puppetdb: '#{source_dir}' From f648b4a864e08494a1c3fb4a8c559dbb9cc2f654 Mon Sep 17 00:00:00 2001 From: Jeffrey Clark Date: Mon, 29 Jan 2024 15:36:25 -0600 Subject: [PATCH 27/97] setup rspec defaults and helpers --- spec/spec_helper_local.rb | 14 ++++++++++++++ spec/support/unit/facts.rb | 28 ++++++++++++++++++++++++++++ 2 files changed, 42 insertions(+) create mode 100644 spec/spec_helper_local.rb create mode 100644 spec/support/unit/facts.rb diff --git a/spec/spec_helper_local.rb b/spec/spec_helper_local.rb new file mode 100644 index 00000000..67e67859 --- /dev/null +++ b/spec/spec_helper_local.rb @@ -0,0 +1,14 @@ +# frozen_string_literal: true + +include RspecPuppetFacts + +Dir['./spec/support/unit/**/*.rb'].sort.each { |f| require f } + +RSpec.configure do |c| + c.fail_if_no_examples = true + c.silence_filter_announcements = true + + c.expect_with :rspec do |expectations| + expectations.include_chain_clauses_in_custom_matcher_descriptions = true + end +end diff --git a/spec/support/unit/facts.rb b/spec/support/unit/facts.rb new file mode 100644 index 00000000..ca0dda60 --- /dev/null +++ b/spec/support/unit/facts.rb @@ -0,0 +1,28 @@ +# Rough conversion of grepping in the puppet source: +# grep defaultfor lib/puppet/provider/service/*.rb +# Source https://github.com/voxpupuli/voxpupuli-test/blob/master/lib/voxpupuli/test/facts.rb +add_custom_fact :service_provider, ->(_os, facts) do + os = RSpec.configuration.facterdb_string_keys ? facts['os'] : facts[:os] + case os['family'].downcase + when 'archlinux' + 'systemd' + when 'darwin' + 'launchd' + when 'debian' + 'systemd' + when 'freebsd' + 'freebsd' + when 'gentoo' + 'openrc' + when 'openbsd' + 'openbsd' + when 'redhat' + (os['release']['major'].to_i >= 7) ? 'systemd' : 'redhat' + when 'suse' + (os['release']['major'].to_i >= 12) ? 'systemd' : 'redhat' + when 'windows' + 'windows' + else + 'init' + end +end From 68c185275c8ea25d8737f15fe772e426808b3f35 Mon Sep 17 00:00:00 2001 From: Jeffrey Clark Date: Mon, 29 Jan 2024 15:37:27 -0600 Subject: [PATCH 28/97] 100% unit test coverage --- .../database/default_read_grant_spec.rb | 50 ++ .../database/postgresql_ssl_rules_spec.rb | 45 ++ spec/defines/database/read_grant_spec.rb | 40 ++ spec/defines/database/read_only_user_spec.rb | 46 ++ spec/support/unit/shared/database.rb | 268 ++++++++++ spec/support/unit/shared/inherits.rb | 27 + spec/support/unit/shared/server.rb | 37 ++ spec/unit/classes/database/postgresql_spec.rb | 106 +++- .../database/ssl_configuration_spec.rb | 124 +---- spec/unit/classes/globals_spec.rb | 24 + spec/unit/classes/master/config_spec.rb | 127 ++--- .../unit/classes/master/puppetdb_conf_spec.rb | 10 +- spec/unit/classes/master/routes_spec.rb | 76 +++ spec/unit/classes/master/storeconfigs_spec.rb | 40 ++ spec/unit/classes/params_spec.rb | 11 + .../classes/server/command_processing_spec.rb | 256 +++++---- spec/unit/classes/server/database_ini_spec.rb | 493 +++++++----------- spec/unit/classes/server/firewall_spec.rb | 22 + spec/unit/classes/server/global_ini_spec.rb | 92 ++-- spec/unit/classes/server/jetty_ini_spec.rb | 308 +++++------ spec/unit/classes/server/puppetdb_ini_spec.rb | 176 +++---- .../classes/server/read_database_ini_spec.rb | 286 +++++----- spec/unit/classes/server/validate_db_spec.rb | 58 +++ .../classes/server/validate_read_db_spec.rb | 58 +++ spec/unit/classes/server_spec.rb | 61 ++- 25 files changed, 1715 insertions(+), 1126 deletions(-) create mode 100644 spec/defines/database/default_read_grant_spec.rb create mode 100644 spec/defines/database/postgresql_ssl_rules_spec.rb create mode 100644 spec/defines/database/read_grant_spec.rb create mode 100644 spec/defines/database/read_only_user_spec.rb create mode 100644 spec/support/unit/shared/database.rb create mode 100644 spec/support/unit/shared/inherits.rb create mode 100644 spec/support/unit/shared/server.rb create mode 100644 spec/unit/classes/globals_spec.rb create mode 100644 spec/unit/classes/master/routes_spec.rb create mode 100644 spec/unit/classes/master/storeconfigs_spec.rb create mode 100644 spec/unit/classes/params_spec.rb create mode 100644 spec/unit/classes/server/firewall_spec.rb create mode 100644 spec/unit/classes/server/validate_db_spec.rb create mode 100644 spec/unit/classes/server/validate_read_db_spec.rb diff --git a/spec/defines/database/default_read_grant_spec.rb b/spec/defines/database/default_read_grant_spec.rb new file mode 100644 index 00000000..8a8ee4a6 --- /dev/null +++ b/spec/defines/database/default_read_grant_spec.rb @@ -0,0 +1,50 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe 'puppetdb::database::default_read_grant' do + valid = { + 'standard': { + database_name: 'puppetdb', + schema: 'public', + database_username: 'puppetdb', + database_read_only_username: 'puppetdb-read', + } + } + + invalid = { + 'no params': {}, + 'without database_name': { + schema: 'public', + database_username: 'puppetdb', + database_read_only_username: 'puppetdb-read', + } + } + + let(:facts) { on_supported_os.take(1).first[1] } + let(:pre_condition) { 'include postgresql::server' } + let(:name) { title } + let(:args) { params } + + context 'with valid parameters' do + valid.each do |name, params| + context name do + include_examples 'puppetdb::database::default_read_grant' do + let(:title) { name.to_s } + let(:params) { params } + end + end + end + end + + context 'with invalid parameters' do + invalid.each do |name, params| + context name do + include_examples 'puppetdb::database::default_read_grant', Puppet::Error do + let(:title) { name.to_s } + let(:params) { params } + end + end + end + end +end diff --git a/spec/defines/database/postgresql_ssl_rules_spec.rb b/spec/defines/database/postgresql_ssl_rules_spec.rb new file mode 100644 index 00000000..cce2e0d3 --- /dev/null +++ b/spec/defines/database/postgresql_ssl_rules_spec.rb @@ -0,0 +1,45 @@ +# frozen_string_literal: true + +require 'spec_helper' + +valid = { + 'puppetdb-read': { + database_name: 'puppetdb', + database_username: 'monitor', + puppetdb_server: 'localhost', + }, + 'monitor': { + database_name: 'opensesame', + database_username: 'grover', + puppetdb_server: 'rainbow', + }, +} + +invalid = { + 'no params': {}, +} + +describe 'puppetdb::database::postgresql_ssl_rules' do + let(:facts) { on_supported_os.take(1).first[1] } + let(:pre_condition) { 'include postgresql::server' } + let(:name) { title } + let(:args) { params } + + valid.each do |name, params| + context "for valid #{name}" do + include_examples 'puppetdb::database::postgresql_ssl_rules' do + let(:title) { name.to_s } + let(:params) { params } + end + end + end + + invalid.each do |name, params| + context "for invalid #{name}" do + include_examples 'puppetdb::database::postgresql_ssl_rules', Puppet::Error do + let(:title) { name.to_s } + let(:params) { params } + end + end + end +end diff --git a/spec/defines/database/read_grant_spec.rb b/spec/defines/database/read_grant_spec.rb new file mode 100644 index 00000000..df8b54d8 --- /dev/null +++ b/spec/defines/database/read_grant_spec.rb @@ -0,0 +1,40 @@ +# frozen_string_literal: true + +require 'spec_helper' + +valid = { + 'grant read on new objects from blah to blah': { + database_read_only_username: 'puppetdb-read', + database_name: 'puppetdb', + schema: 'public', + }, +} + +invalid = { + 'no params': {}, +} + +describe 'puppetdb::database::read_grant' do + let(:facts) { on_supported_os.take(1).first[1] } + let(:pre_condition) { 'include postgresql::server' } + let(:name) { title } + let(:args) { params } + + valid.each do |name, params| + context "for valid #{name}" do + include_examples 'puppetdb::database::read_grant' do + let(:title) { name.to_s } + let(:params) { params } + end + end + end + + invalid.each do |name, params| + context "for invalid #{name}" do + include_examples 'puppetdb::database::read_grant', Puppet::Error do + let(:title) { name.to_s } + let(:params) { params } + end + end + end +end diff --git a/spec/defines/database/read_only_user_spec.rb b/spec/defines/database/read_only_user_spec.rb new file mode 100644 index 00000000..0efc059c --- /dev/null +++ b/spec/defines/database/read_only_user_spec.rb @@ -0,0 +1,46 @@ +# frozen_string_literal: true + +require 'spec_helper' + +valid = { + 'puppetdb-read': { + read_database_username: 'puppetdb-read', + database_name: 'puppetdb', + password_hash: 'blah', + database_owner: 'puppetdb', + }, + 'spectest': { + read_database_username: 'spectest-read', + database_name: 'spectest', + database_owner: 'spectest', + }, +} + +invalid = { + 'no params': {}, +} + +describe 'puppetdb::database::read_only_user', type: :define do + let(:facts) { on_supported_os.take(1).first[1] } + let(:pre_condition) { 'include postgresql::server' } + let(:name) { title } + let(:args) { params } + + valid.each do |name, params| + context "for valid #{name}" do + include_examples 'puppetdb::database::read_only_user' do + let(:title) { name.to_s } + let(:params) { params } + end + end + end + + invalid.each do |name, params| + context "for invalid #{name}" do + include_examples 'puppetdb::database::read_only_user', Puppet::Error do + let(:title) { name.to_s } + let(:params) { params } + end + end + end +end diff --git a/spec/support/unit/shared/database.rb b/spec/support/unit/shared/database.rb new file mode 100644 index 00000000..dc667ea3 --- /dev/null +++ b/spec/support/unit/shared/database.rb @@ -0,0 +1,268 @@ +# frozen_string_literal: true + +require 'puppetlabs_spec_helper/puppetlabs_spec/puppet_internals' + +shared_examples 'postgresql_psql read grant' do + it { + is_expected.to contain_postgresql_psql("grant select permission for #{with[:database_read_only_username]}") + .with( + db: with[:database_name], + command: "GRANT SELECT + ON ALL TABLES IN SCHEMA \"public\" + TO \"#{with[:database_read_only_username]}\"", + unless: "SELECT * FROM ( + SELECT COUNT(*) + FROM pg_tables + WHERE schemaname='public' + AND has_table_privilege('#{with[:database_read_only_username]}', schemaname || '.' || tablename, 'SELECT')=false + ) x + WHERE x.count=0", + ) + } + + it { + is_expected.to contain_postgresql_psql("grant usage permission for #{with[:database_read_only_username]}") + .with( + db: with[:database_name], + command: "GRANT USAGE + ON ALL SEQUENCES IN SCHEMA \"public\" + TO \"#{with[:database_read_only_username]}\"", + unless: "SELECT * FROM ( + SELECT COUNT(*) + FROM information_schema.sequences + WHERE sequence_schema='public' + AND has_sequence_privilege('#{with[:database_read_only_username]}', sequence_schema || '.' || sequence_name, 'USAGE')=false + ) x + WHERE x.count=0", + ) + } + + it { + is_expected.to contain_postgresql_psql("grant execution permission for #{with[:database_read_only_username]}") + .with( + db: with[:database_name], + command: "GRANT EXECUTE + ON ALL FUNCTIONS IN SCHEMA \"public\" + TO \"#{with[:database_read_only_username]}\"", + unless: "SELECT * FROM ( + SELECT COUNT(*) + FROM pg_catalog.pg_proc p + LEFT JOIN pg_catalog.pg_namespace n ON n.oid = p.pronamespace + WHERE n.nspname='public' + AND has_function_privilege('#{with[:database_read_only_username]}', p.oid, 'EXECUTE')=false + ) x + WHERE x.count=0", + ) + } +end + +shared_examples 'postgresql_psql default read grant' do + it { + is_expected.to contain_postgresql_psql("grant default select permission for #{with[:database_read_only_username]}") + .with( + db: with[:database_name], + command: "ALTER DEFAULT PRIVILEGES + FOR USER \"#{with[:database_username]}\" + IN SCHEMA \"public\" + GRANT SELECT ON TABLES + TO \"#{with[:database_read_only_username]}\"", + unless: "SELECT + ns.nspname, + acl.defaclobjtype, + acl.defaclacl + FROM pg_default_acl acl + JOIN pg_namespace ns ON acl.defaclnamespace=ns.oid + WHERE acl.defaclacl::text ~ '.*\\\\\"#{with[:database_read_only_username]}\\\\\"=r/#{with[:database_username]}\\\".*' + AND nspname = 'public'", + ) + } + + it { + is_expected.to contain_postgresql_psql("grant default usage permission for #{with[:database_read_only_username]}") + .with( + db: with[:database_name], + command: "ALTER DEFAULT PRIVILEGES + FOR USER \"#{with[:database_username]}\" + IN SCHEMA \"public\" + GRANT USAGE ON SEQUENCES + TO \"#{with[:database_read_only_username]}\"", + unless: "SELECT + ns.nspname, + acl.defaclobjtype, + acl.defaclacl + FROM pg_default_acl acl + JOIN pg_namespace ns ON acl.defaclnamespace=ns.oid + WHERE acl.defaclacl::text ~ '.*\\\\\"#{with[:database_read_only_username]}\\\\\"=U/#{with[:database_username]}\\\".*' + AND nspname = 'public'", + ) + } + + it { + is_expected.to contain_postgresql_psql("grant default execute permission for #{with[:database_read_only_username]}") + .with( + db: with[:database_name], + command: "ALTER DEFAULT PRIVILEGES + FOR USER \"#{with[:database_username]}\" + IN SCHEMA \"public\" + GRANT EXECUTE ON FUNCTIONS + TO \"#{with[:database_read_only_username]}\"", + unless: "SELECT + ns.nspname, + acl.defaclobjtype, + acl.defaclacl + FROM pg_default_acl acl + JOIN pg_namespace ns ON acl.defaclnamespace=ns.oid + WHERE acl.defaclacl::text ~ '.*\\\\\"#{with[:database_read_only_username]}\\\\\"=X/#{with[:database_username]}\\\".*' + AND nspname = 'public'", + ) + } +end + +shared_examples 'puppetdb::database::read_only_user' do |error = false| + let(:defaults) do + { + read_database_username: nil, + database_name: nil, + database_owner: nil, + password_hash: false, + } + end + let(:with) { defined?(args) ? defaults.merge(args) : defaults } + + if error + it { is_expected.to raise_error(error) } + else + it { is_expected.to contain_puppetdb__database__read_only_user(name).with(with) } + + it { + is_expected.to contain_postgresql__server__role(with[:read_database_username]) + .that_comes_before("Postgresql::Server::Database_grant[#{with[:database_name]} grant connection permission to #{with[:read_database_username]}]") + .with_password_hash(with[:password_hash]) + } + + it { + btitle = "#{with[:database_name]} grant read permission on new objects from #{with[:database_owner]} to #{with[:read_database_username]}" + is_expected.to contain_postgresql__server__database_grant("#{with[:database_name]} grant connection permission to #{with[:read_database_username]}") + .that_comes_before("Puppetdb::Database::Default_read_grant[#{btitle}]") + .with( + privilege: 'CONNECT', + db: with[:database_name], + role: with[:read_database_username], + ) + } + + it { + rtitle = "#{with[:database_name]} grant read permission on new objects from #{with[:database_owner]} to #{with[:read_database_username]}" + is_expected.to contain_puppetdb__database__default_read_grant(rtitle) + .that_comes_before("Puppetdb::Database::Read_grant[#{with[:database_name]} grant read-only permission on existing objects to #{with[:read_database_username]}]") + .with( + database_username: with[:database_owner], + database_read_only_username: with[:read_database_username], + database_name: with[:database_name], + schema: 'public', + ) + } + + it_behaves_like 'postgresql_psql default read grant' do + let(:with) do + { + database_username: super()[:database_owner], + database_read_only_username: super()[:read_database_username], + database_name: super()[:database_name], + } + end + end + + it { + is_expected.to contain_puppetdb__database__read_grant("#{with[:database_name]} grant read-only permission on existing objects to #{with[:read_database_username]}") + .with( + database_read_only_username: with[:read_database_username], + database_name: with[:database_name], + schema: 'public', + ) + } + + it_behaves_like 'postgresql_psql read grant' do + let(:with) do + { + database_read_only_username: super()[:read_database_username], + database_name: super()[:database_name], + } + end + end + end +end + +shared_examples 'puppetdb::database::read_grant' do |error| + let(:defaults) { {} } + let(:with) { defined?(args) ? defaults.merge(args) : defaults } + + if error + it { is_expected.to raise_error(error) } + else + it { is_expected.to contain_puppetdb__database__read_grant(name).with(with) } + + include_examples 'postgresql_psql read grant' + end +end + +shared_examples 'puppetdb::database::default_read_grant' do |error| + let(:defaults) { {} } + let(:with) { defined?(args) ? defaults.merge(args) : defaults } + + if error + it { is_expected.to raise_error(error) } + else + it { is_expected.to contain_puppetdb__database__default_read_grant(name).with(with) } + + include_examples 'postgresql_psql default read grant' + end +end + +shared_examples 'puppetdb::database::postgresql_ssl_rules' do |error| + let(:defaults) { {} } + let(:with) { defined?(args) ? defaults.merge(args) : defaults } + + if error + it { is_expected.to raise_error(error) } + else + let(:identity_map_key) { "#{with[:database_name]}-#{with[:database_username]}-map" } + + it { is_expected.to contain_puppetdb__database__postgresql_ssl_rules(name).with(with) } + + it { + is_expected.to contain_postgresql__server__pg_hba_rule("Allow certificate mapped connections to #{with[:database_name]} as #{with[:database_username]} (ipv4)") + .with( + type: 'hostssl', + database: with[:database_name], + user: with[:database_username], + address: '0.0.0.0/0', + auth_method: 'cert', + order: 0, + auth_option: "map=#{identity_map_key} clientcert=1", + ) + } + + it { + is_expected.to contain_postgresql__server__pg_hba_rule("Allow certificate mapped connections to #{with[:database_name]} as #{with[:database_username]} (ipv6)") + .with( + type: 'hostssl', + database: with[:database_name], + user: with[:database_username], + address: '::0/0', + auth_method: 'cert', + order: 0, + auth_option: "map=#{identity_map_key} clientcert=1", + ) + } + + it { + is_expected.to contain_postgresql__server__pg_ident_rule("Map the SSL certificate of the server as a #{with[:database_username]} user") + .with( + map_name: identity_map_key, + system_username: with[:puppetdb_server], + database_username: with[:database_username], + ) + } + end +end diff --git a/spec/support/unit/shared/inherits.rb b/spec/support/unit/shared/inherits.rb new file mode 100644 index 00000000..4a5561de --- /dev/null +++ b/spec/support/unit/shared/inherits.rb @@ -0,0 +1,27 @@ +# frozen_string_literal: true + +shared_examples 'puppetdb::params' do + include_examples 'puppetdb::globals' + + it { is_expected.to contain_class('puppetdb::params') } +end + +shared_examples 'puppetdb::globals' do |error = false| + let(:defaults) do + { + version: 'present', + database: 'postgres', + puppet_confdir: Puppet[:confdir], + } + end + + let(:with) { defaults.merge(defined?(args) ? args : {}) } + + it { + if error + is_expected.to raise_error(error) + else + is_expected.to contain_class('puppetdb::globals').with(with) + end + } +end diff --git a/spec/support/unit/shared/server.rb b/spec/support/unit/shared/server.rb new file mode 100644 index 00000000..5c03dd37 --- /dev/null +++ b/spec/support/unit/shared/server.rb @@ -0,0 +1,37 @@ +# frozen_string_literal: true + +shared_examples 'puppetdb::server::firewall' do + let(:defaults) do + { + http_port: '8080', + open_http_port: false, + ssl_port: '8081', + open_ssl_port: nil, + } + end + + let(:with) { defined?(params) ? defaults.merge(params) : defaults } + + it { is_expected.to contain_class('puppetdb::server::firewall').with(with) } + it { is_expected.to contain_class('firewall') } + + it { + option = with[:open_http_port] ? 'to' : 'not_to' + is_expected.method(option).call contain_firewall("#{with[:http_port]} accept - puppetdb") + .with( + dport: with[:http_port], + proto: 'tcp', + action: 'accept', + ) + } + + it { + option = with[:open_ssl_port] ? 'to' : 'not_to' + is_expected.method(option).call contain_firewall("#{with[:ssl_port]} accept - puppetdb") + .with( + dport: with[:ssl_port], + proto: 'tcp', + action: 'accept', + ) + } +end diff --git a/spec/unit/classes/database/postgresql_spec.rb b/spec/unit/classes/database/postgresql_spec.rb index efc92e69..e1e4e104 100644 --- a/spec/unit/classes/database/postgresql_spec.rb +++ b/spec/unit/classes/database/postgresql_spec.rb @@ -1,27 +1,21 @@ +# frozen_string_literal: true + require 'spec_helper' describe 'puppetdb::database::postgresql', type: :class do - context 'on a supported platform' do - let(:facts) do - { - osfamily: 'RedHat', - operatingsystem: 'RedHat', - puppetversion: Puppet.version, - operatingsystemrelease: '7.0', - kernel: 'Linux', - selinux: true, - os: { - family: 'RedHat', - name: 'RedHat', - release: { 'full' => '7.0', 'major' => '7' }, - selinux: { 'enabled' => true }, - }, - service_provider: 'systemd', - } - end + let(:facts) { on_supported_os.take(1).first[1] } + context 'on a supported platform' do it { is_expected.to contain_class('puppetdb::database::postgresql') } + it { is_expected.to contain_class('postgresql::server::contrib') } + + it { + is_expected.to contain_postgresql__server__extension('pg_trgm') + .that_requires('Postgresql::Server::Db[puppetdb]') + .with_database('puppetdb') + } + context 'when ssl communication is used' do let(:params) do { @@ -30,6 +24,12 @@ end it { is_expected.to contain_class('puppetdb::database::ssl_configuration') } + + context 'when params disable create_read_user_rule' do + let(:params) { super().merge({ manage_database: false }) } + + it { is_expected.not_to contain_puppetdb__database__postgresql_ssl_rules('Configure postgresql ssl rules for puppetdb-read') } + end end context 'when ssl communication is not used' do @@ -41,5 +41,75 @@ it { is_expected.not_to contain_class('puppetdb::database::ssl_configuration') } end + + context 'manage database with defaults' do + let(:params) do + { + manage_database: true, + database_name: 'puppetdb', + database_username: 'puppetdb', + database_password: 'puppetdb', + read_database_username: 'puppetdb-read', + read_database_password: 'puppetdb-read', + } + end + + it { + is_expected.to contain_postgresql__server__db(params[:database_name]) + .with( + user: params[:database_username], + password: params[:database_password], + grant: 'all', + ) + } + + it { + is_expected.to contain_postgresql_psql('revoke all access on public schema') + .that_requires("Postgresql::Server::Db[#{params[:database_name]}]") + .with( + db: params[:database_name], + command: 'REVOKE CREATE ON SCHEMA public FROM public', + unless: "SELECT * FROM + (SELECT has_schema_privilege('public', 'public', 'create') can_create) privs + WHERE privs.can_create=false", + ) + } + + it { + is_expected.to contain_postgresql_psql("grant all permissions to #{params[:database_username]}") + .that_requires('Postgresql_psql[revoke all access on public schema]') + .that_comes_before("Puppetdb::Database::Read_only_user[#{params[:read_database_username]}]") + .with( + db: params[:database_name], + command: "GRANT CREATE ON SCHEMA public TO \"#{params[:database_username]}\"", + unless: "SELECT * FROM + (SELECT has_schema_privilege('#{params[:database_username]}', 'public', 'create') can_create) privs + WHERE privs.can_create=true", + ) + } + + it_behaves_like 'puppetdb::database::read_only_user' do + let(:name) { 'puppetdb-read' } + let(:args) do + { + read_database_username: params[:read_database_username], + database_name: params[:database_name], + password_hash: 'md588e898a4bade3fe1c9b96f650ec85900', # TODO: mock properly + database_owner: params[:database_username], + } + end + end + + it { + is_expected.to contain_postgresql_psql("grant #{params[:read_database_username]} role to #{params[:database_username]}") + .that_requires("Puppetdb::Database::Read_only_user[#{params[:read_database_username]}]") + .with( + db: params[:database_name], + command: "GRANT \"#{params[:read_database_username]}\" TO \"#{params[:database_username]}\"", + unless: "SELECT oid, rolname FROM pg_roles WHERE + pg_has_role( '#{params[:database_username]}', oid, 'member') and rolname = '#{params[:read_database_username]}'", + ) + } + end end end diff --git a/spec/unit/classes/database/ssl_configuration_spec.rb b/spec/unit/classes/database/ssl_configuration_spec.rb index 1ee8cc7a..59702de9 100644 --- a/spec/unit/classes/database/ssl_configuration_spec.rb +++ b/spec/unit/classes/database/ssl_configuration_spec.rb @@ -2,27 +2,7 @@ describe 'puppetdb::database::ssl_configuration', type: :class do context 'on a supported platform' do - let(:facts) do - { - osfamily: 'RedHat', - operatingsystem: 'RedHat', - puppetversion: Puppet.version, - operatingsystemrelease: '7.0', - kernel: 'Linux', - selinux: true, - path: '/usr/bin:/bin', - os: { - family: 'RedHat', - name: 'RedHat', - release: { 'full' => '7.0', 'major' => '7' }, - selinux: { 'enabled' => true }, - }, - networking: { - fqdn: 'cheery-rime@puppet', - }, - service_provider: 'systemd', - } - end + let(:facts) { on_supported_os.take(1).first[1] } let(:params) do { @@ -96,100 +76,38 @@ .that_requires('File[postgres public key]') end - it 'has hba rule for puppetdb user ipv4' do - is_expected.to contain_postgresql__server__pg_hba_rule("Allow certificate mapped connections to #{params[:database_name]} as #{params[:database_username]} (ipv4)") - .with_type('hostssl') - .with_database(params[:database_name]) - .with_user(params[:database_username]) - .with_address('0.0.0.0/0') - .with_auth_method('cert') - .with_order(0) - .with_auth_option("map=#{identity_map} clientcert=1") - end - - it 'does not create hba rule for puppetdb-read user ipv4' do - is_expected.not_to contain_postgresql__server__pg_hba_rule("Allow certificate mapped connections to #{params[:database_name]} as #{params[:read_database_username]} (ipv4)") - end - - it 'has hba rule for puppetdb user ipv6' do - is_expected.to contain_postgresql__server__pg_hba_rule("Allow certificate mapped connections to #{params[:database_name]} as #{params[:database_username]} (ipv6)") - .with_type('hostssl') - .with_database(params[:database_name]) - .with_user(params[:database_username]) - .with_address('::0/0') - .with_auth_method('cert') - .with_order(0) - .with_auth_option("map=#{identity_map} clientcert=1") - end - - it 'does not create hba rule for puppetdb-read user ipv6' do - is_expected.not_to contain_postgresql__server__pg_hba_rule("Allow certificate mapped connections to #{params[:database_name]} as #{params[:read_database_username]} (ipv6)") + context 'does not create ssl rules for puppetdb-read user by default' do + it { is_expected.not_to contain_postgresql__server__pg_hba_rule("Allow certificate mapped connections to #{params[:database_name]} as #{params[:read_database_username]} (ipv4)") } + it { is_expected.not_to contain_postgresql__server__pg_hba_rule("Allow certificate mapped connections to #{params[:database_name]} as #{params[:read_database_username]} (ipv6)") } + it { is_expected.not_to contain_postgresql__server__pg_ident_rule("Map the SSL certificate of the server as a #{params[:read_database_username]} user") } end - it 'has ident rule' do - is_expected.to contain_postgresql__server__pg_ident_rule("Map the SSL certificate of the server as a #{params[:database_username]} user") - .with_map_name(identity_map) - .with_system_username(facts[:networking][:fqdn]) - .with_database_username(params[:database_name]) - end - - it 'does not create read ident rule' do - is_expected.not_to contain_postgresql__server__pg_ident_rule("Map the SSL certificate of the server as a #{params[:read_database_username]} user") - end - - context 'when the puppetdb_server is set' do - let(:params) do + context 'configure ssl rules' do + let(:name) { "Configure postgresql ssl rules for #{args[:database_username]}" } + let(:args) do { - puppetdb_server: 'puppetdb_fqdn', - database_name: 'puppetdb', - database_username: 'puppetdb', + database_name: params[:database_name], + database_username: params[:database_username], + puppetdb_server: params[:puppetdb_server] || facts[:networking]['fqdn'], } end - it 'has ident rule with the specified puppetdb_server host' do - is_expected.to contain_postgresql__server__pg_ident_rule("Map the SSL certificate of the server as a #{params[:database_username]} user") - .with_map_name(identity_map) - .with_system_username(params[:puppetdb_server]) - .with_database_username(params[:database_name]) + context 'when the puppetdb_server is not set' do + include_examples 'puppetdb::database::postgresql_ssl_rules' end - end - context 'when the create_read_user_rule is set to true' do - let(:params) do - { - database_name: 'puppetdb', - read_database_username: 'puppetdb-read', - create_read_user_rule: true, - } - end + context 'when the puppetdb_server is set' do + let(:params) { super().merge({ puppetdb_server: 'puppetdb_fqdn' }) } - it 'has hba rule for puppetdb-read user ipv4' do - is_expected.to contain_postgresql__server__pg_hba_rule("Allow certificate mapped connections to #{params[:database_name]} as #{params[:read_database_username]} (ipv4)") - .with_type('hostssl') - .with_database(params[:database_name]) - .with_user(params[:read_database_username]) - .with_address('0.0.0.0/0') - .with_auth_method('cert') - .with_order(0) - .with_auth_option("map=#{read_identity_map} clientcert=1") + include_examples 'puppetdb::database::postgresql_ssl_rules' end - it 'has hba rule for puppetdb-read user ipv6' do - is_expected.to contain_postgresql__server__pg_hba_rule("Allow certificate mapped connections to #{params[:database_name]} as #{params[:read_database_username]} (ipv6)") - .with_type('hostssl') - .with_database(params[:database_name]) - .with_user(params[:read_database_username]) - .with_address('::0/0') - .with_auth_method('cert') - .with_order(0) - .with_auth_option("map=#{read_identity_map} clientcert=1") - end + context 'when the create_read_user_rule is true' do + let(:params) { super().merge({ create_read_user_rule: true }) } - it 'has read ident rule' do - is_expected.to contain_postgresql__server__pg_ident_rule("Map the SSL certificate of the server as a #{params[:read_database_username]} user") - .with_map_name(read_identity_map) - .with_system_username(facts[:networking][:fqdn]) - .with_database_username(params[:read_database_username]) + it_behaves_like 'puppetdb::database::postgresql_ssl_rules' do + let(:args) { super().merge({ database_username: params[:read_database_username] }) } + end end end end diff --git a/spec/unit/classes/globals_spec.rb b/spec/unit/classes/globals_spec.rb new file mode 100644 index 00000000..b1e6d11b --- /dev/null +++ b/spec/unit/classes/globals_spec.rb @@ -0,0 +1,24 @@ +require 'spec_helper' + +describe 'puppetdb::globals', type: :class do + # loop required to test fail function + on_supported_os.each do |os, facts| + context "on #{os}" do + let(:facts) { facts } + + include_examples 'puppetdb::globals' + end + end + + context 'on other os' do + include_examples 'puppetdb::globals', %r{puppetdb does not support your os} do + let(:facts) { { os: { 'family' => 'Nonsense' } } } + end + end + + context 'on invalid confdir' do + include_examples 'puppetdb::globals', Puppet::ParseError do + let(:params) { { puppet_confdir: './relative' } } + end + end +end diff --git a/spec/unit/classes/master/config_spec.rb b/spec/unit/classes/master/config_spec.rb index 72496edf..8747b41f 100644 --- a/spec/unit/classes/master/config_spec.rb +++ b/spec/unit/classes/master/config_spec.rb @@ -1,14 +1,11 @@ require 'spec_helper' describe 'puppetdb::master::config', type: :class do + let(:node) { 'puppetdb.example.com' } + on_supported_os.each do |os, facts| context "on #{os}" do - let(:facts) do - facts.merge(puppetversion: Puppet.version, - networking: { fqdn: 'puppetdb.example.com' }, - service_provider: 'systemd', - selinux: true) - end + let(:facts) { facts } context 'when PuppetDB on remote server' do context 'when using default values' do @@ -74,91 +71,63 @@ it { is_expected.to contain_package('puppetdb-terminus').with(ensure: '2.2.0') } it { is_expected.to contain_puppetdb_conn_validator('puppetdb_conn').with(test_url: '/v3/version') } + it { + is_expected.to contain_service('puppetmaster') + .with_ensure('running') + .with_enable(true) + } end end - end - end - context 'when upgrading to from v2 to v3 of PuppetDB on RedHat' do - let(:facts) do - { - osfamily: 'RedHat', - operatingsystem: 'RedHat', - puppetversion: Puppet.version, - operatingsystemrelease: '7.0', - kernel: 'Linux', - selinux: true, - os: { - family: 'RedHat', - name: 'RedHat', - release: { 'full' => '7.0' }, - selinux: { 'enabled' => true }, - }, - } - end - let(:pre_condition) { 'class { "puppetdb::globals": version => "3.1.1-1.el7", }' } - it { is_expected.to contain_exec('Remove puppetdb-terminus metadata for upgrade').with(command: 'rpm -e --justdb puppetdb-terminus') } - end + context 'when restart_puppet is true' do + let(:pre_condition) { 'class { "puppetdb": }' } - context 'when restart_puppet is true' do - let(:facts) do - { - osfamily: 'RedHat', - operatingsystem: 'RedHat', - puppetversion: Puppet.version, - operatingsystemrelease: '7.0', - kernel: 'Linux', - selinux: true, - os: { - family: 'RedHat', - name: 'RedHat', - release: { 'full' => '7.0', 'major' => '7' }, - selinux: { 'enabled' => true }, - }, - service_provider: 'systemd', - } - end + context 'with create_puppet_service_resource as default' do + let(:params) do + { + puppet_service_name: 'puppetserver', + restart_puppet: true, + } + end - let(:pre_condition) { 'class { "puppetdb": }' } + it { is_expected.to contain_service('puppetserver').with(ensure: 'running') } + end - context 'with create_puppet_service_resource as default' do - let(:params) do - { - puppet_service_name: 'puppetserver', - restart_puppet: true, - } - end + context 'with create_puppet_service_resource = true' do + let(:params) do + { + create_puppet_service_resource: true, + puppet_service_name: 'puppetserver', + restart_puppet: true, + } + end - it { is_expected.to contain_service('puppetserver').with(ensure: 'running') } - end + it { is_expected.to contain_service('puppetserver').with(ensure: 'running') } + end - context 'with create_puppet_service_resource = true' do - let(:params) do - { - create_puppet_service_resource: true, - puppet_service_name: 'puppetserver', - restart_puppet: true, - } + context 'with create_puppet_service_resource = false' do + # Also setting the various parameters that notify the service to be false. Otherwise this error surfaces: + # `Could not find resource 'Service[puppetserver]' for relationship from 'Class[Puppetdb::Master::Puppetdb_conf]'` + let(:params) do + { + create_puppet_service_resource: false, + manage_config: false, + manage_report_processor: false, + manage_routes: false, + puppet_service_name: 'puppetserver', + restart_puppet: true, + } + end + + it { is_expected.not_to contain_service('puppetserver') } + end end - it { is_expected.to contain_service('puppetserver').with(ensure: 'running') } - end + context 'when upgrading to from v2 to v3 of PuppetDB on RedHat', if: os =~ %r{^redhat-7} do + let(:pre_condition) { 'class { "puppetdb::globals": version => "3.1.1-1.el7", }' } - context 'with create_puppet_service_resource = false' do - # Also setting the various parameters that notify the service to be false. Otherwise this error surfaces: - # `Could not find resource 'Service[puppetserver]' for relationship from 'Class[Puppetdb::Master::Puppetdb_conf]'` - let(:params) do - { - create_puppet_service_resource: false, - manage_config: false, - manage_report_processor: false, - manage_routes: false, - puppet_service_name: 'puppetserver', - restart_puppet: true, - } + it { is_expected.to contain_exec('Remove puppetdb-terminus metadata for upgrade').with(command: 'rpm -e --justdb puppetdb-terminus') } end - - it { is_expected.not_to contain_service('puppetserver') } end end end diff --git a/spec/unit/classes/master/puppetdb_conf_spec.rb b/spec/unit/classes/master/puppetdb_conf_spec.rb index f3b65c52..04e93565 100644 --- a/spec/unit/classes/master/puppetdb_conf_spec.rb +++ b/spec/unit/classes/master/puppetdb_conf_spec.rb @@ -15,11 +15,17 @@ let(:pre_condition) { 'class { "puppetdb": }' } - context 'when using using default values' do + it { + is_expected.to contain_ini_setting('soft_write_failure') + .with_setting('soft_write_failure') + .with_value(false) + } + + context 'when using default values' do it { is_expected.to contain_ini_setting('puppetdbserver_urls').with(value: 'https://localhost:8081/') } end - context 'when using using default values' do + context 'when using legacy_terminus' do let(:params) { { legacy_terminus: true } } it { is_expected.to contain_ini_setting('puppetdbserver').with(value: 'localhost') } diff --git a/spec/unit/classes/master/routes_spec.rb b/spec/unit/classes/master/routes_spec.rb new file mode 100644 index 00000000..41a65534 --- /dev/null +++ b/spec/unit/classes/master/routes_spec.rb @@ -0,0 +1,76 @@ +# frozen_string_literal: true + +require 'spec_helper' + +shared_examples 'routes master.facts.cache format' do |format| + it "is expected to set master.facts.cache to equal #{format} in routes.yaml" do + yaml_data = catalogue.resource('file', "#{params[:puppet_confdir]}/routes.yaml").send(:parameters)[:content] + parsed = YAML.safe_load(yaml_data, symbolize_names: true) + + expect(parsed[:master][:facts][:cache]).to eq format.to_s + end +end + +describe 'puppetdb::master::routes', type: :class do + let(:facts) { on_supported_os.take(1).first[1] } + let(:params) do + { + puppet_confdir: Puppet[:confdir], + masterless: false, + } + end + + let(:serverversion) { Puppet.version } + + let(:routes_real) do + if params[:masterless] + { + apply: { + catalog: { + terminus: 'compiler', + cache: 'puppetdb', + }, + facts: { + terminus: 'facter', + cache: 'puppetdb_apply', + }, + }, + } + elsif params[:routes] + params[:routes] + else + { + master: { + facts: { + terminus: 'puppetdb', + cache: (Puppet::Util::Package.versioncmp(serverversion, '7.0') >= 0) ? 'json' : 'yaml' + }, + } + } + end + end + + context 'with defaults' do + it { + is_expected.to contain_file("#{params[:puppet_confdir]}/routes.yaml") + .with( + ensure: 'file', + mode: '0644', + ) + } + + it { + yaml_data = catalogue.resource('file', "#{params[:puppet_confdir]}/routes.yaml").send(:parameters)[:content] + parsed = YAML.safe_load(yaml_data, symbolize_names: true) + + expect(parsed).to eq routes_real + } + end + + # TODO: remove puppetserver 6 support + # unable to easily test puppetserver 6 with rspec + # and it's not a supported version + context "with puppetserver version #{Puppet.version}" do + include_examples 'routes master.facts.cache format', :json + end +end diff --git a/spec/unit/classes/master/storeconfigs_spec.rb b/spec/unit/classes/master/storeconfigs_spec.rb new file mode 100644 index 00000000..7e36af04 --- /dev/null +++ b/spec/unit/classes/master/storeconfigs_spec.rb @@ -0,0 +1,40 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe 'puppetdb::master::storeconfigs', type: :class do + let(:facts) { on_supported_os.take(1).first[1] } + let(:params) do + { + masterless: false, + enable: true, + } + end + + let(:param_ensure) { params[:enable] ? 'present' : 'absent' } + let(:puppet_conf_section) { params[:masterless] ? 'main' : 'master' } + let(:puppet_conf) { File.join(Puppet[:confdir], 'puppet.conf') } + + context 'with default parameters' do + it { + is_expected.to contain_ini_setting("puppet.conf/#{puppet_conf_section}/storeconfigs") + .with_ensure(param_ensure) + .with( + section: puppet_conf_section, + path: puppet_conf, + setting: 'storeconfigs', + value: true, + ) + } + it { + is_expected.to contain_ini_setting("puppet.conf/#{puppet_conf_section}/storeconfigs_backend") + .with_ensure(param_ensure) + .with( + section: puppet_conf_section, + path: puppet_conf, + setting: 'storeconfigs_backend', + value: 'puppetdb', + ) + } + end +end diff --git a/spec/unit/classes/params_spec.rb b/spec/unit/classes/params_spec.rb new file mode 100644 index 00000000..b22c743b --- /dev/null +++ b/spec/unit/classes/params_spec.rb @@ -0,0 +1,11 @@ +require 'spec_helper' + +describe 'puppetdb::params', type: :class do + # loop required to test fail function + on_supported_os.each do |os, facts| + let(:facts) { facts } + context "on #{os}" do + it { is_expected.to contain_class('puppetdb::globals') } + end + end +end diff --git a/spec/unit/classes/server/command_processing_spec.rb b/spec/unit/classes/server/command_processing_spec.rb index d1d4a835..c3c98751 100644 --- a/spec/unit/classes/server/command_processing_spec.rb +++ b/spec/unit/classes/server/command_processing_spec.rb @@ -1,147 +1,137 @@ require 'spec_helper' describe 'puppetdb::server::command_processing', type: :class do - context 'on a supported platform' do - let(:facts) do - { - os: { - family: 'OpenBSD', - }, - puppetversion: Puppet.version, - service_provider: 'systemd', - } - end + let(:facts) { on_supported_os.take(1).first[1] } - let(:pre_condition) { 'include puppetdb::server::global' } + let(:pre_condition) { 'include puppetdb::server::global' } - it { is_expected.to contain_class('puppetdb::server::command_processing') } - - describe 'when using default values' do - it { - is_expected.to contain_ini_setting('puppetdb_command_processing_threads') - .with( - 'ensure' => 'absent', - 'path' => '/etc/puppetlabs/puppetdb/conf.d/config.ini', - 'section' => 'command-processing', - 'setting' => 'threads', - ) - } - it { - is_expected.to contain_ini_setting('puppetdb_command_processing_concurrent_writes') - .with( - 'ensure' => 'absent', - 'path' => '/etc/puppetlabs/puppetdb/conf.d/config.ini', - 'section' => 'command-processing', - 'setting' => 'concurrent-writes', - ) - } - it { - is_expected.to contain_ini_setting('puppetdb_command_processing_store_usage') - .with( - 'ensure' => 'absent', - 'path' => '/etc/puppetlabs/puppetdb/conf.d/config.ini', - 'section' => 'command-processing', - 'setting' => 'store-usage', - ) - } - it { - is_expected.to contain_ini_setting('puppetdb_command_processing_temp_usage') - .with( - 'ensure' => 'absent', - 'path' => '/etc/puppetlabs/puppetdb/conf.d/config.ini', - 'section' => 'command-processing', - 'setting' => 'temp-usage', - ) - } - end + it { is_expected.to contain_class('puppetdb::server::command_processing') } - describe 'when using legacy PuppetDB' do - let(:pre_condition) do - [ - 'class { "puppetdb::globals": version => "2.2.0", }', - super(), - ].join("\n") - end + describe 'when using default values' do + it { + is_expected.to contain_ini_setting('puppetdb_command_processing_threads') + .with( + 'ensure' => 'absent', + 'path' => '/etc/puppetlabs/puppetdb/conf.d/config.ini', + 'section' => 'command-processing', + 'setting' => 'threads', + ) + } + it { + is_expected.to contain_ini_setting('puppetdb_command_processing_concurrent_writes') + .with( + 'ensure' => 'absent', + 'path' => '/etc/puppetlabs/puppetdb/conf.d/config.ini', + 'section' => 'command-processing', + 'setting' => 'concurrent-writes', + ) + } + it { + is_expected.to contain_ini_setting('puppetdb_command_processing_store_usage') + .with( + 'ensure' => 'absent', + 'path' => '/etc/puppetlabs/puppetdb/conf.d/config.ini', + 'section' => 'command-processing', + 'setting' => 'store-usage', + ) + } + it { + is_expected.to contain_ini_setting('puppetdb_command_processing_temp_usage') + .with( + 'ensure' => 'absent', + 'path' => '/etc/puppetlabs/puppetdb/conf.d/config.ini', + 'section' => 'command-processing', + 'setting' => 'temp-usage', + ) + } + end - it { - is_expected.to contain_ini_setting('puppetdb_command_processing_threads') - .with( - 'ensure' => 'absent', - 'path' => '/etc/puppetdb/conf.d/config.ini', - 'section' => 'command-processing', - 'setting' => 'threads', - ) - } - it { - is_expected.to contain_ini_setting('puppetdb_command_processing_store_usage') - .with( - 'ensure' => 'absent', - 'path' => '/etc/puppetdb/conf.d/config.ini', - 'section' => 'command-processing', - 'setting' => 'store-usage', - ) - } - it { - is_expected.to contain_ini_setting('puppetdb_command_processing_temp_usage') - .with( - 'ensure' => 'absent', - 'path' => '/etc/puppetdb/conf.d/config.ini', - 'section' => 'command-processing', - 'setting' => 'temp-usage', - ) - } + describe 'when using legacy PuppetDB' do + let(:pre_condition) do + [ + 'class { "puppetdb::globals": version => "2.2.0", }', + super(), + ].join("\n") end - describe 'when using custom values' do - let(:params) do - { - 'command_threads' => 10, - 'concurrent_writes' => 3, - 'store_usage' => 4000, - 'temp_usage' => 2000, - } - end + it { + is_expected.to contain_ini_setting('puppetdb_command_processing_threads') + .with( + 'ensure' => 'absent', + 'path' => '/etc/puppetdb/conf.d/config.ini', + 'section' => 'command-processing', + 'setting' => 'threads', + ) + } + it { + is_expected.to contain_ini_setting('puppetdb_command_processing_store_usage') + .with( + 'ensure' => 'absent', + 'path' => '/etc/puppetdb/conf.d/config.ini', + 'section' => 'command-processing', + 'setting' => 'store-usage', + ) + } + it { + is_expected.to contain_ini_setting('puppetdb_command_processing_temp_usage') + .with( + 'ensure' => 'absent', + 'path' => '/etc/puppetdb/conf.d/config.ini', + 'section' => 'command-processing', + 'setting' => 'temp-usage', + ) + } + end - it { - is_expected.to contain_ini_setting('puppetdb_command_processing_threads') - .with( - 'ensure' => 'present', - 'path' => '/etc/puppetlabs/puppetdb/conf.d/config.ini', - 'section' => 'command-processing', - 'setting' => 'threads', - 'value' => '10', - ) - } - it { - is_expected.to contain_ini_setting('puppetdb_command_processing_concurrent_writes') - .with( - 'ensure' => 'present', - 'path' => '/etc/puppetlabs/puppetdb/conf.d/config.ini', - 'section' => 'command-processing', - 'setting' => 'concurrent-writes', - 'value' => '3', - ) - } - it { - is_expected.to contain_ini_setting('puppetdb_command_processing_store_usage') - .with( - 'ensure' => 'present', - 'path' => '/etc/puppetlabs/puppetdb/conf.d/config.ini', - 'section' => 'command-processing', - 'setting' => 'store-usage', - 'value' => '4000', - ) - } - it { - is_expected.to contain_ini_setting('puppetdb_command_processing_temp_usage') - .with( - 'ensure' => 'present', - 'path' => '/etc/puppetlabs/puppetdb/conf.d/config.ini', - 'section' => 'command-processing', - 'setting' => 'temp-usage', - 'value' => '2000', - ) + describe 'when using custom values' do + let(:params) do + { + 'command_threads' => 10, + 'concurrent_writes' => 3, + 'store_usage' => 4000, + 'temp_usage' => 2000, } end + + it { + is_expected.to contain_ini_setting('puppetdb_command_processing_threads') + .with( + 'ensure' => 'present', + 'path' => '/etc/puppetlabs/puppetdb/conf.d/config.ini', + 'section' => 'command-processing', + 'setting' => 'threads', + 'value' => '10', + ) + } + it { + is_expected.to contain_ini_setting('puppetdb_command_processing_concurrent_writes') + .with( + 'ensure' => 'present', + 'path' => '/etc/puppetlabs/puppetdb/conf.d/config.ini', + 'section' => 'command-processing', + 'setting' => 'concurrent-writes', + 'value' => '3', + ) + } + it { + is_expected.to contain_ini_setting('puppetdb_command_processing_store_usage') + .with( + 'ensure' => 'present', + 'path' => '/etc/puppetlabs/puppetdb/conf.d/config.ini', + 'section' => 'command-processing', + 'setting' => 'store-usage', + 'value' => '4000', + ) + } + it { + is_expected.to contain_ini_setting('puppetdb_command_processing_temp_usage') + .with( + 'ensure' => 'present', + 'path' => '/etc/puppetlabs/puppetdb/conf.d/config.ini', + 'section' => 'command-processing', + 'setting' => 'temp-usage', + 'value' => '2000', + ) + } end end diff --git a/spec/unit/classes/server/database_ini_spec.rb b/spec/unit/classes/server/database_ini_spec.rb index 9df8a4e4..6eb41c49 100644 --- a/spec/unit/classes/server/database_ini_spec.rb +++ b/spec/unit/classes/server/database_ini_spec.rb @@ -1,26 +1,23 @@ require 'spec_helper' describe 'puppetdb::server::database', type: :class do - context 'on a supported platform' do - let(:facts) do - { - os: { - family: 'RedHat', - }, - puppetversion: Puppet.version, - operatingsystemrelease: '7.0', - networking: { - fqdn: 'test.domain.local', - }, - service_provider: 'systemd', - } - end + let(:facts) { on_supported_os.take(1).first[1] } - it { is_expected.to contain_class('puppetdb::server::database') } + it { is_expected.to contain_class('puppetdb::server::database') } + + ['default', 'legacy'].each do |values| + describe "when using #{values} values" do + let(:pre_condition) { 'class { "puppetdb::globals": version => "2.2.0", }' } if values == 'legacy' + let(:pdbconfdir) do + if values == 'legacy' + '/etc/puppetdb/conf.d' + else + '/etc/puppetlabs/puppetdb/conf.d' + end + end - describe 'when using default values' do it { - is_expected.to contain_file('/etc/puppetlabs/puppetdb/conf.d/database.ini') + is_expected.to contain_file("#{pdbconfdir}/database.ini") .with( 'ensure' => 'file', 'owner' => 'puppetdb', @@ -32,7 +29,7 @@ is_expected.to contain_ini_setting('puppetdb_psdatabase_username') .with( 'ensure' => 'present', - 'path' => '/etc/puppetlabs/puppetdb/conf.d/database.ini', + 'path' => "#{pdbconfdir}/database.ini", 'section' => 'database', 'setting' => 'username', 'value' => 'puppetdb', @@ -42,7 +39,7 @@ is_expected.to contain_ini_setting('puppetdb_psdatabase_password') .with( 'ensure' => 'present', - 'path' => '/etc/puppetlabs/puppetdb/conf.d/database.ini', + 'path' => "#{pdbconfdir}/database.ini", 'section' => 'database', 'setting' => 'password', 'value' => 'puppetdb', @@ -52,7 +49,7 @@ is_expected.to contain_ini_setting('puppetdb_classname') .with( 'ensure' => 'present', - 'path' => '/etc/puppetlabs/puppetdb/conf.d/database.ini', + 'path' => "#{pdbconfdir}/database.ini", 'section' => 'database', 'setting' => 'classname', 'value' => 'org.postgresql.Driver', @@ -62,17 +59,27 @@ is_expected.to contain_ini_setting('puppetdb_subprotocol') .with( 'ensure' => 'present', - 'path' => '/etc/puppetlabs/puppetdb/conf.d/database.ini', + 'path' => "#{pdbconfdir}/database.ini", 'section' => 'database', 'setting' => 'subprotocol', 'value' => 'postgresql', ) } + it { + is_expected.to contain_ini_setting('puppetdb_pgs') + .with( + 'ensure' => 'present', + 'path' => "#{pdbconfdir}/database.ini", + 'section' => 'database', + 'setting' => 'syntax_pgs', + 'value' => true, + ) + } it { is_expected.to contain_ini_setting('puppetdb_subname') .with( 'ensure' => 'present', - 'path' => '/etc/puppetlabs/puppetdb/conf.d/database.ini', + 'path' => "#{pdbconfdir}/database.ini", 'section' => 'database', 'setting' => 'subname', 'value' => '//localhost:5432/puppetdb', @@ -82,17 +89,27 @@ is_expected.to contain_ini_setting('puppetdb_gc_interval') .with( 'ensure' => 'present', - 'path' => '/etc/puppetlabs/puppetdb/conf.d/database.ini', + 'path' => "#{pdbconfdir}/database.ini", 'section' => 'database', 'setting' => 'gc-interval', 'value' => '60', ) } + it { + is_expected.to contain_ini_setting('puppetdb_node_purge_gc_batch_limit') + .with( + 'ensure' => 'present', + 'path' => "#{pdbconfdir}/database.ini", + 'section' => 'database', + 'setting' => 'node-purge-gc-batch-limit', + 'value' => '25', + ) + } it { is_expected.to contain_ini_setting('puppetdb_node_ttl') .with( 'ensure' => 'present', - 'path' => '/etc/puppetlabs/puppetdb/conf.d/database.ini', + 'path' => "#{pdbconfdir}/database.ini", 'section' => 'database', 'setting' => 'node-ttl', 'value' => '7d', @@ -102,7 +119,7 @@ is_expected.to contain_ini_setting('puppetdb_node_purge_ttl') .with( 'ensure' => 'present', - 'path' => '/etc/puppetlabs/puppetdb/conf.d/database.ini', + 'path' => "#{pdbconfdir}/database.ini", 'section' => 'database', 'setting' => 'node-purge-ttl', 'value' => '14d', @@ -112,7 +129,7 @@ is_expected.to contain_ini_setting('puppetdb_report_ttl') .with( 'ensure' => 'present', - 'path' => '/etc/puppetlabs/puppetdb/conf.d/database.ini', + 'path' => "#{pdbconfdir}/database.ini", 'section' => 'database', 'setting' => 'report-ttl', 'value' => '14d', @@ -122,7 +139,7 @@ is_expected.to contain_ini_setting('puppetdb_log_slow_statements') .with( 'ensure' => 'present', - 'path' => '/etc/puppetlabs/puppetdb/conf.d/database.ini', + 'path' => "#{pdbconfdir}/database.ini", 'section' => 'database', 'setting' => 'log-slow-statements', 'value' => 10, @@ -132,7 +149,7 @@ is_expected.to contain_ini_setting('puppetdb_conn_max_age') .with( 'ensure' => 'present', - 'path' => '/etc/puppetlabs/puppetdb/conf.d/database.ini', + 'path' => "#{pdbconfdir}/database.ini", 'section' => 'database', 'setting' => 'conn-max-age', 'value' => '60', @@ -142,7 +159,7 @@ is_expected.to contain_ini_setting('puppetdb_conn_keep_alive') .with( 'ensure' => 'present', - 'path' => '/etc/puppetlabs/puppetdb/conf.d/database.ini', + 'path' => "#{pdbconfdir}/database.ini", 'section' => 'database', 'setting' => 'conn-keep-alive', 'value' => '45', @@ -152,331 +169,205 @@ is_expected.to contain_ini_setting('puppetdb_conn_lifetime') .with( 'ensure' => 'present', - 'path' => '/etc/puppetlabs/puppetdb/conf.d/database.ini', + 'path' => "#{pdbconfdir}/database.ini", 'section' => 'database', 'setting' => 'conn-lifetime', 'value' => '0', ) } - it { is_expected.not_to contain_ini_setting('puppetdb_database_max_pool_size') } it { - is_expected.to contain_ini_setting('puppetdb_facts_blacklist') + is_expected.to contain_ini_setting('puppetdb_migrate') .with( - 'ensure' => 'absent', - 'path' => '/etc/puppetlabs/puppetdb/conf.d/database.ini', + 'ensure' => 'present', + 'path' => "#{pdbconfdir}/database.ini", 'section' => 'database', - 'setting' => 'facts-blacklist', + 'setting' => 'migrate', + 'value' => true, ) } - end - - describe 'when using facts_blacklist' do - let(:params) do - { - 'facts_blacklist' => [ - 'one_fact', - 'another_fact', - ], - } - end - + it { is_expected.not_to contain_ini_setting('puppetdb_database_max_pool_size') } it { is_expected.to contain_ini_setting('puppetdb_facts_blacklist') .with( - 'ensure' => 'present', - 'path' => '/etc/puppetlabs/puppetdb/conf.d/database.ini', + 'ensure' => 'absent', + 'path' => "#{pdbconfdir}/database.ini", 'section' => 'database', 'setting' => 'facts-blacklist', - 'value' => 'one_fact, another_fact', ) } end + end - describe 'when using a legacy PuppetDB version' do - let(:pre_condition) { 'class { "puppetdb::globals": version => "2.2.0", }' } - - it { - is_expected.to contain_ini_setting('puppetdb_psdatabase_username') - .with( - 'ensure' => 'present', - 'path' => '/etc/puppetdb/conf.d/database.ini', - 'section' => 'database', - 'setting' => 'username', - 'value' => 'puppetdb', - ) - } - it { - is_expected.to contain_ini_setting('puppetdb_psdatabase_password') - .with( - 'ensure' => 'present', - 'path' => '/etc/puppetdb/conf.d/database.ini', - 'section' => 'database', - 'setting' => 'password', - 'value' => 'puppetdb', - ) - } - it { - is_expected.to contain_ini_setting('puppetdb_classname') - .with( - 'ensure' => 'present', - 'path' => '/etc/puppetdb/conf.d/database.ini', - 'section' => 'database', - 'setting' => 'classname', - 'value' => 'org.postgresql.Driver', - ) - } - it { - is_expected.to contain_ini_setting('puppetdb_subprotocol') - .with( - 'ensure' => 'present', - 'path' => '/etc/puppetdb/conf.d/database.ini', - 'section' => 'database', - 'setting' => 'subprotocol', - 'value' => 'postgresql', - ) - } - it { - is_expected.to contain_ini_setting('puppetdb_subname') - .with( - 'ensure' => 'present', - 'path' => '/etc/puppetdb/conf.d/database.ini', - 'section' => 'database', - 'setting' => 'subname', - 'value' => '//localhost:5432/puppetdb', - ) - } - it { - is_expected.to contain_ini_setting('puppetdb_gc_interval') - .with( - 'ensure' => 'present', - 'path' => '/etc/puppetdb/conf.d/database.ini', - 'section' => 'database', - 'setting' => 'gc-interval', - 'value' => '60', - ) - } - it { - is_expected.to contain_ini_setting('puppetdb_node_ttl') - .with( - 'ensure' => 'present', - 'path' => '/etc/puppetdb/conf.d/database.ini', - 'section' => 'database', - 'setting' => 'node-ttl', - 'value' => '7d', - ) - } - it { - is_expected.to contain_ini_setting('puppetdb_node_purge_ttl') - .with( - 'ensure' => 'present', - 'path' => '/etc/puppetdb/conf.d/database.ini', - 'section' => 'database', - 'setting' => 'node-purge-ttl', - 'value' => '14d', - ) - } - it { - is_expected.to contain_ini_setting('puppetdb_report_ttl') - .with( - 'ensure' => 'present', - 'path' => '/etc/puppetdb/conf.d/database.ini', - 'section' => 'database', - 'setting' => 'report-ttl', - 'value' => '14d', - ) - } - it { - is_expected.to contain_ini_setting('puppetdb_log_slow_statements') - .with( - 'ensure' => 'present', - 'path' => '/etc/puppetdb/conf.d/database.ini', - 'section' => 'database', - 'setting' => 'log-slow-statements', - 'value' => 10, - ) - } - it { - is_expected.to contain_ini_setting('puppetdb_conn_max_age') - .with( - 'ensure' => 'present', - 'path' => '/etc/puppetdb/conf.d/database.ini', - 'section' => 'database', - 'setting' => 'conn-max-age', - 'value' => '60', - ) - } - it { - is_expected.to contain_ini_setting('puppetdb_conn_keep_alive') - .with( - 'ensure' => 'present', - 'path' => '/etc/puppetdb/conf.d/database.ini', - 'section' => 'database', - 'setting' => 'conn-keep-alive', - 'value' => '45', - ) - } - it { - is_expected.to contain_ini_setting('puppetdb_conn_lifetime') - .with( - 'ensure' => 'present', - 'path' => '/etc/puppetdb/conf.d/database.ini', - 'section' => 'database', - 'setting' => 'conn-lifetime', - 'value' => '0', - ) + describe 'when using facts_blacklist' do + let(:params) do + { + 'facts_blacklist' => [ + 'one_fact', + 'another_fact', + ], } - it { is_expected.not_to contain_ini_setting('puppetdb_database_max_pool_size') } end - describe 'when overriding database_path for embedded' do - let(:params) do - { - 'database' => 'embedded', - 'database_embedded_path' => '/tmp/foo', - } - end + it { + is_expected.to contain_ini_setting('puppetdb_facts_blacklist') + .with( + 'ensure' => 'present', + 'path' => '/etc/puppetlabs/puppetdb/conf.d/database.ini', + 'section' => 'database', + 'setting' => 'facts-blacklist', + 'value' => 'one_fact, another_fact', + ) + } + end - it { - is_expected.to contain_ini_setting('puppetdb_subname') - .with( - 'ensure' => 'present', - 'path' => '/etc/puppetlabs/puppetdb/conf.d/database.ini', - 'section' => 'database', - 'setting' => 'subname', - 'value' => 'file:/tmp/foo;hsqldb.tx=mvcc;sql.syntax_pgs=true', - ) + describe 'when overriding database_path for embedded' do + let(:params) do + { + 'database' => 'embedded', + 'database_embedded_path' => '/tmp/foo', } end - describe 'when setting max pool size' do - context 'on current PuppetDB' do - describe 'to a numeric value' do - let(:params) do - { - 'database_max_pool_size' => 12_345, - } - end + it { + is_expected.to contain_ini_setting('puppetdb_subname') + .with( + 'ensure' => 'present', + 'path' => '/etc/puppetlabs/puppetdb/conf.d/database.ini', + 'section' => 'database', + 'setting' => 'subname', + 'value' => 'file:/tmp/foo;hsqldb.tx=mvcc;sql.syntax_pgs=true', + ) + } + end - it { - is_expected.to contain_ini_setting('puppetdb_database_max_pool_size') - .with( - 'ensure' => 'present', - 'path' => '/etc/puppetlabs/puppetdb/conf.d/database.ini', - 'section' => 'database', - 'setting' => 'maximum-pool-size', - 'value' => '12345', - ) + describe 'when setting max pool size' do + context 'on current PuppetDB' do + describe 'to a numeric value' do + let(:params) do + { + 'database_max_pool_size' => 12_345, } end - describe 'to absent' do - let(:params) do - { - 'database_max_pool_size' => 'absent', - } - end + it { + is_expected.to contain_ini_setting('puppetdb_database_max_pool_size') + .with( + 'ensure' => 'present', + 'path' => '/etc/puppetlabs/puppetdb/conf.d/database.ini', + 'section' => 'database', + 'setting' => 'maximum-pool-size', + 'value' => '12345', + ) + } + end - it { - is_expected.to contain_ini_setting('puppetdb_database_max_pool_size') - .with( - 'ensure' => 'absent', - 'path' => '/etc/puppetlabs/puppetdb/conf.d/database.ini', - 'section' => 'database', - 'setting' => 'maximum-pool-size', - ) + describe 'to absent' do + let(:params) do + { + 'database_max_pool_size' => 'absent', } end - end - context 'on PuppetDB 3.2' do - let(:pre_condition) { 'class { "puppetdb::globals": version => "3.2.0", }' } + it { + is_expected.to contain_ini_setting('puppetdb_database_max_pool_size') + .with( + 'ensure' => 'absent', + 'path' => '/etc/puppetlabs/puppetdb/conf.d/database.ini', + 'section' => 'database', + 'setting' => 'maximum-pool-size', + ) + } + end + end - describe 'to a numeric value' do - let(:params) do - { - 'database_max_pool_size' => 12_345, - } - end + context 'on PuppetDB 3.2' do + let(:pre_condition) { 'class { "puppetdb::globals": version => "3.2.0", }' } - it { - is_expected.to contain_ini_setting('puppetdb_database_max_pool_size') - .with( - 'ensure' => 'present', - 'path' => '/etc/puppetlabs/puppetdb/conf.d/database.ini', - 'section' => 'database', - 'setting' => 'partition-conn-max', - 'value' => '12345', - ) + describe 'to a numeric value' do + let(:params) do + { + 'database_max_pool_size' => 12_345, } end - describe 'to absent' do - let(:params) do - { - 'database_max_pool_size' => 'absent', - } - end + it { + is_expected.to contain_ini_setting('puppetdb_database_max_pool_size') + .with( + 'ensure' => 'present', + 'path' => '/etc/puppetlabs/puppetdb/conf.d/database.ini', + 'section' => 'database', + 'setting' => 'partition-conn-max', + 'value' => '12345', + ) + } + end - it { - is_expected.to contain_ini_setting('puppetdb_database_max_pool_size') - .with( - 'ensure' => 'absent', - 'path' => '/etc/puppetlabs/puppetdb/conf.d/database.ini', - 'section' => 'database', - 'setting' => 'partition-conn-max', - ) + describe 'to absent' do + let(:params) do + { + 'database_max_pool_size' => 'absent', } end - end - context 'on a legacy PuppetDB version' do - let(:pre_condition) { 'class { "puppetdb::globals": version => "2.2.0", }' } + it { + is_expected.to contain_ini_setting('puppetdb_database_max_pool_size') + .with( + 'ensure' => 'absent', + 'path' => '/etc/puppetlabs/puppetdb/conf.d/database.ini', + 'section' => 'database', + 'setting' => 'partition-conn-max', + ) + } + end + end - describe 'to a numeric value' do - let(:params) do - { - 'database_max_pool_size' => 12_345, - } - end + context 'on a legacy PuppetDB version' do + let(:pre_condition) { 'class { "puppetdb::globals": version => "2.2.0", }' } - it { is_expected.not_to contain_ini_setting('puppetdb_database_max_pool_size') } + describe 'to a numeric value' do + let(:params) do + { + 'database_max_pool_size' => 12_345, + } end - describe 'to absent' do - let(:params) do - { - 'database_max_pool_size' => 'absent', - } - end + it { is_expected.not_to contain_ini_setting('puppetdb_database_max_pool_size') } + end - it { is_expected.not_to contain_ini_setting('puppetdb_database_max_pool_size') } + describe 'to absent' do + let(:params) do + { + 'database_max_pool_size' => 'absent', + } end + + it { is_expected.not_to contain_ini_setting('puppetdb_database_max_pool_size') } end end + end - describe 'when using ssl communication' do - let(:params) do - { - 'postgresql_ssl_on' => true, - 'ssl_key_pk8_path' => '/tmp/private_key.pk8', - } - end + describe 'when using ssl communication' do + let(:params) do + { + 'postgresql_ssl_on' => true, + 'ssl_key_pk8_path' => '/tmp/private_key.pk8', + } + end - it 'configures subname correctly' do - is_expected.to contain_ini_setting('puppetdb_subname') - .with( - ensure: 'present', - path: '/etc/puppetlabs/puppetdb/conf.d/database.ini', - section: 'database', - setting: 'subname', - value: '//localhost:5432/puppetdb?' \ - 'ssl=true&sslfactory=org.postgresql.ssl.LibPQFactory&' \ - 'sslmode=verify-full&' \ - 'sslrootcert=/etc/puppetlabs/puppetdb/ssl/ca.pem&' \ - 'sslkey=/tmp/private_key.pk8&' \ - 'sslcert=/etc/puppetlabs/puppetdb/ssl/public.pem', - ) - end + it 'configures subname correctly' do + is_expected.to contain_ini_setting('puppetdb_subname') + .with( + ensure: 'present', + path: '/etc/puppetlabs/puppetdb/conf.d/database.ini', + section: 'database', + setting: 'subname', + value: '//localhost:5432/puppetdb?' \ + 'ssl=true&sslfactory=org.postgresql.ssl.LibPQFactory&' \ + 'sslmode=verify-full&' \ + 'sslrootcert=/etc/puppetlabs/puppetdb/ssl/ca.pem&' \ + 'sslkey=/tmp/private_key.pk8&' \ + 'sslcert=/etc/puppetlabs/puppetdb/ssl/public.pem', + ) end end end diff --git a/spec/unit/classes/server/firewall_spec.rb b/spec/unit/classes/server/firewall_spec.rb new file mode 100644 index 00000000..3ecd8060 --- /dev/null +++ b/spec/unit/classes/server/firewall_spec.rb @@ -0,0 +1,22 @@ +require 'spec_helper' + +describe 'puppetdb::server::firewall', type: :class do + let(:facts) { on_supported_os.take(1).first[1] } + + context 'defaults' do + include_examples 'puppetdb::server::firewall' + end + + context 'custom ports and open firewall' do + let(:params) do + { + http_port: '9000', + open_http_port: true, + ssl_port: '9001', + open_ssl_port: true, + } + end + + include_examples 'puppetdb::server::firewall' + end +end diff --git a/spec/unit/classes/server/global_ini_spec.rb b/spec/unit/classes/server/global_ini_spec.rb index 4101852b..24ff8e30 100644 --- a/spec/unit/classes/server/global_ini_spec.rb +++ b/spec/unit/classes/server/global_ini_spec.rb @@ -1,56 +1,54 @@ require 'spec_helper' describe 'puppetdb::server::global', type: :class do - context 'on a supported platform' do - let(:facts) do - { - os: { - family: 'RedHat', - }, - networking: { - fqdn: 'foo.com', - }, - service_provider: 'systemd', - } - end + let(:facts) { on_supported_os.take(1).first[1] } - it { is_expected.to contain_class('puppetdb::server::global') } + describe 'when using default values' do + include_examples 'puppetdb::params' - describe 'when using default values' do - it { - is_expected.to contain_ini_setting('puppetdb_global_vardir') - .with( - 'ensure' => 'present', - 'path' => '/etc/puppetlabs/puppetdb/conf.d/config.ini', - 'section' => 'global', - 'setting' => 'vardir', - 'value' => '/opt/puppetlabs/server/data/puppetdb', - ) - } - it { - is_expected.to contain_file('/etc/puppetlabs/puppetdb/conf.d/config.ini') - .with( - 'ensure' => 'file', - 'owner' => 'root', - 'group' => 'puppetdb', - 'mode' => '0640', - ) - } - end + it { + is_expected.to contain_ini_setting('puppetdb_global_vardir') + .with( + 'ensure' => 'present', + 'path' => '/etc/puppetlabs/puppetdb/conf.d/config.ini', + 'section' => 'global', + 'setting' => 'vardir', + 'value' => '/opt/puppetlabs/server/data/puppetdb', + ) + } + it { + is_expected.to contain_file('/etc/puppetlabs/puppetdb/conf.d/config.ini') + .with( + 'ensure' => 'file', + 'owner' => 'root', + 'group' => 'puppetdb', + 'mode' => '0640', + ) + } + end + + describe 'when using a legacy puppetdb version' do + let(:pre_condition) { 'class { "puppetdb::globals": version => "2.2.0", }' } - describe 'when using a legacy puppetdb version' do - let(:pre_condition) { 'class { "puppetdb::globals": version => "2.2.0", }' } + it { + is_expected.to contain_ini_setting('puppetdb_global_vardir') + .with( + 'ensure' => 'present', + 'path' => '/etc/puppetdb/conf.d/config.ini', + 'section' => 'global', + 'setting' => 'vardir', + 'value' => '/var/lib/puppetdb', + ) + } - it { - is_expected.to contain_ini_setting('puppetdb_global_vardir') - .with( - 'ensure' => 'present', - 'path' => '/etc/puppetdb/conf.d/config.ini', - 'section' => 'global', - 'setting' => 'vardir', - 'value' => '/var/lib/puppetdb', - ) - } - end + it { + is_expected.to contain_file('/etc/puppetdb/conf.d/config.ini') + .with( + 'ensure' => 'file', + 'owner' => 'root', + 'group' => 'puppetdb', + 'mode' => '0640', + ) + } end end diff --git a/spec/unit/classes/server/jetty_ini_spec.rb b/spec/unit/classes/server/jetty_ini_spec.rb index bf54959f..ce322bc6 100644 --- a/spec/unit/classes/server/jetty_ini_spec.rb +++ b/spec/unit/classes/server/jetty_ini_spec.rb @@ -1,24 +1,23 @@ require 'spec_helper' describe 'puppetdb::server::jetty', type: :class do - context 'on a supported platform' do - let(:facts) do - { - os: { - family: 'RedHat', - }, - networking: { - fqdn: 'test.domain.local', - }, - service_provider: 'systemd', - } - end - - it { is_expected.to contain_class('puppetdb::server::jetty') } + let(:facts) { on_supported_os.take(1).first[1] } + + it { is_expected.to contain_class('puppetdb::server::jetty') } + + ['default', 'legacy'].each do |values| + describe "when using #{values} values" do + let(:pre_condition) { 'class { "puppetdb::globals": version => "2.2.0", }' } if values == 'legacy' + let(:pdbconfdir) do + if values == 'legacy' + '/etc/puppetdb/conf.d' + else + '/etc/puppetlabs/puppetdb/conf.d' + end + end - describe 'when using default values' do it { - is_expected.to contain_file('/etc/puppetlabs/puppetdb/conf.d/jetty.ini') + is_expected.to contain_file("#{pdbconfdir}/jetty.ini") .with( 'ensure' => 'file', 'owner' => 'puppetdb', @@ -30,7 +29,7 @@ is_expected.to contain_ini_setting('puppetdb_host') .with( 'ensure' => 'present', - 'path' => '/etc/puppetlabs/puppetdb/conf.d/jetty.ini', + 'path' => "#{pdbconfdir}/jetty.ini", 'section' => 'jetty', 'setting' => 'host', 'value' => 'localhost', @@ -40,7 +39,7 @@ is_expected.to contain_ini_setting('puppetdb_port') .with( 'ensure' => 'present', - 'path' => '/etc/puppetlabs/puppetdb/conf.d/jetty.ini', + 'path' => "#{pdbconfdir}/jetty.ini", 'section' => 'jetty', 'setting' => 'port', 'value' => 8080, @@ -50,7 +49,7 @@ is_expected.to contain_ini_setting('puppetdb_sslhost') .with( 'ensure' => 'present', - 'path' => '/etc/puppetlabs/puppetdb/conf.d/jetty.ini', + 'path' => "#{pdbconfdir}/jetty.ini", 'section' => 'jetty', 'setting' => 'ssl-host', 'value' => '0.0.0.0', @@ -60,7 +59,7 @@ is_expected.to contain_ini_setting('puppetdb_sslport') .with( 'ensure' => 'present', - 'path' => '/etc/puppetlabs/puppetdb/conf.d/jetty.ini', + 'path' => "#{pdbconfdir}/jetty.ini", 'section' => 'jetty', 'setting' => 'ssl-port', 'value' => 8081, @@ -68,192 +67,147 @@ } it { is_expected.not_to contain_ini_setting('puppetdb_sslprotocols') } end + end - describe 'when using a legacy PuppetDB version' do - let(:pre_condition) { 'class { "puppetdb::globals": version => "2.2.0", }' } - - it { - is_expected.to contain_ini_setting('puppetdb_host') - .with( - 'ensure' => 'present', - 'path' => '/etc/puppetdb/conf.d/jetty.ini', - 'section' => 'jetty', - 'setting' => 'host', - 'value' => 'localhost', - ) - } - it { - is_expected.to contain_ini_setting('puppetdb_port') - .with( - 'ensure' => 'present', - 'path' => '/etc/puppetdb/conf.d/jetty.ini', - 'section' => 'jetty', - 'setting' => 'port', - 'value' => 8080, - ) - } - it { - is_expected.to contain_ini_setting('puppetdb_sslhost') - .with( - 'ensure' => 'present', - 'path' => '/etc/puppetdb/conf.d/jetty.ini', - 'section' => 'jetty', - 'setting' => 'ssl-host', - 'value' => '0.0.0.0', - ) - } - it { - is_expected.to contain_ini_setting('puppetdb_sslport') - .with( - 'ensure' => 'present', - 'path' => '/etc/puppetdb/conf.d/jetty.ini', - 'section' => 'jetty', - 'setting' => 'ssl-port', - 'value' => 8081, - ) + describe 'when disabling ssl' do + let(:params) do + { + 'disable_ssl' => true, } - it { is_expected.not_to contain_ini_setting('puppetdb_sslprotocols') } end - describe 'when disabling ssl' do - let(:params) do - { - 'disable_ssl' => true, - } - end + it { + is_expected.to contain_ini_setting('puppetdb_host') + .with( + 'ensure' => 'present', + 'path' => '/etc/puppetlabs/puppetdb/conf.d/jetty.ini', + 'section' => 'jetty', + 'setting' => 'host', + 'value' => 'localhost', + ) + } + it { + is_expected.to contain_ini_setting('puppetdb_port') + .with( + 'ensure' => 'present', + 'path' => '/etc/puppetlabs/puppetdb/conf.d/jetty.ini', + 'section' => 'jetty', + 'setting' => 'port', + 'value' => 8080, + ) + } + it { + is_expected.to contain_ini_setting('puppetdb_sslhost') + .with( + 'ensure' => 'absent', + 'path' => '/etc/puppetlabs/puppetdb/conf.d/jetty.ini', + 'section' => 'jetty', + 'setting' => 'ssl-host', + ) + } + it { + is_expected.to contain_ini_setting('puppetdb_sslport') + .with( + 'ensure' => 'absent', + 'path' => '/etc/puppetlabs/puppetdb/conf.d/jetty.ini', + 'section' => 'jetty', + 'setting' => 'ssl-port', + ) + } + end - it { - is_expected.to contain_ini_setting('puppetdb_host') - .with( - 'ensure' => 'present', - 'path' => '/etc/puppetlabs/puppetdb/conf.d/jetty.ini', - 'section' => 'jetty', - 'setting' => 'host', - 'value' => 'localhost', - ) - } - it { - is_expected.to contain_ini_setting('puppetdb_port') - .with( - 'ensure' => 'present', - 'path' => '/etc/puppetlabs/puppetdb/conf.d/jetty.ini', - 'section' => 'jetty', - 'setting' => 'port', - 'value' => 8080, - ) - } - it { - is_expected.to contain_ini_setting('puppetdb_sslhost') - .with( - 'ensure' => 'absent', - 'path' => '/etc/puppetlabs/puppetdb/conf.d/jetty.ini', - 'section' => 'jetty', - 'setting' => 'ssl-host', - ) - } - it { - is_expected.to contain_ini_setting('puppetdb_sslport') - .with( - 'ensure' => 'absent', - 'path' => '/etc/puppetlabs/puppetdb/conf.d/jetty.ini', - 'section' => 'jetty', - 'setting' => 'ssl-port', - ) + describe 'when setting max_threads' do + let(:params) do + { + 'max_threads' => 150, } end - describe 'when setting max_threads' do - let(:params) do - { - 'max_threads' => 150, - } - end + it { + is_expected.to contain_ini_setting('puppetdb_max_threads') + .with( + 'ensure' => 'present', + 'path' => '/etc/puppetlabs/puppetdb/conf.d/jetty.ini', + 'section' => 'jetty', + 'setting' => 'max-threads', + 'value' => '150', + ) + } + end + + describe 'when setting ssl_protocols' do + context 'to a valid string' do + let(:params) { { 'ssl_protocols' => 'TLSv1, TLSv1.1, TLSv1.2' } } it { - is_expected.to contain_ini_setting('puppetdb_max_threads') - .with( - 'ensure' => 'present', - 'path' => '/etc/puppetlabs/puppetdb/conf.d/jetty.ini', - 'section' => 'jetty', - 'setting' => 'max-threads', - 'value' => '150', - ) + is_expected.to contain_ini_setting('puppetdb_sslprotocols').with( + 'ensure' => 'present', + 'path' => '/etc/puppetlabs/puppetdb/conf.d/jetty.ini', + 'section' => 'jetty', + 'setting' => 'ssl-protocols', + 'value' => 'TLSv1, TLSv1.1, TLSv1.2', + ) } end - describe 'when setting ssl_protocols' do - context 'to a valid string' do - let(:params) { { 'ssl_protocols' => 'TLSv1, TLSv1.1, TLSv1.2' } } - - it { - is_expected.to contain_ini_setting('puppetdb_sslprotocols').with( - 'ensure' => 'present', - 'path' => '/etc/puppetlabs/puppetdb/conf.d/jetty.ini', - 'section' => 'jetty', - 'setting' => 'ssl-protocols', - 'value' => 'TLSv1, TLSv1.1, TLSv1.2', - ) - } - end - - context 'to an invalid type (non-string)' do - let(:params) { { 'ssl_protocols' => ['invalid', 'type'] } } - - it 'fails' do - expect { - is_expected.to contain_class('puppetdb::server::jetty') - }.to raise_error(Puppet::Error) - end - end - end - - describe 'when setting cipher_suites' do - context 'to a valid string' do - let(:params) do - { - 'cipher_suites' => 'SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384, SSL_RSA_WITH_AES_256_CBC_SHA256', - } - end + context 'to an invalid type (non-string)' do + let(:params) { { 'ssl_protocols' => ['invalid', 'type'] } } - it { - is_expected.to contain_ini_setting('puppetdb_cipher-suites').with( - 'ensure' => 'present', - 'path' => '/etc/puppetlabs/puppetdb/conf.d/jetty.ini', - 'section' => 'jetty', - 'setting' => 'cipher-suites', - 'value' => 'SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384, SSL_RSA_WITH_AES_256_CBC_SHA256', - ) - } + it 'fails' do + expect { + is_expected.to contain_class('puppetdb::server::jetty') + }.to raise_error(Puppet::Error) end end + end - describe 'when disabling the cleartext HTTP port' do + describe 'when setting cipher_suites' do + context 'to a valid string' do let(:params) do { - 'disable_cleartext' => true, + 'cipher_suites' => 'SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384, SSL_RSA_WITH_AES_256_CBC_SHA256', } end it { - is_expected.to contain_ini_setting('puppetdb_host') + is_expected.to contain_ini_setting('puppetdb_cipher-suites') .with( - 'ensure' => 'absent', + 'ensure' => 'present', 'path' => '/etc/puppetlabs/puppetdb/conf.d/jetty.ini', 'section' => 'jetty', - 'setting' => 'host', - 'value' => 'localhost', + 'setting' => 'cipher-suites', + 'value' => 'SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384, SSL_RSA_WITH_AES_256_CBC_SHA256', ) } - it { - is_expected.to contain_ini_setting('puppetdb_port') - .with( - 'ensure' => 'absent', - 'path' => '/etc/puppetlabs/puppetdb/conf.d/jetty.ini', - 'section' => 'jetty', - 'setting' => 'port', - 'value' => 8080, - ) + end + end + + describe 'when disabling the cleartext HTTP port' do + let(:params) do + { + 'disable_cleartext' => true, } end + + it { + is_expected.to contain_ini_setting('puppetdb_host') + .with( + 'ensure' => 'absent', + 'path' => '/etc/puppetlabs/puppetdb/conf.d/jetty.ini', + 'section' => 'jetty', + 'setting' => 'host', + 'value' => 'localhost', + ) + } + it { + is_expected.to contain_ini_setting('puppetdb_port') + .with( + 'ensure' => 'absent', + 'path' => '/etc/puppetlabs/puppetdb/conf.d/jetty.ini', + 'section' => 'jetty', + 'setting' => 'port', + 'value' => 8080, + ) + } end end diff --git a/spec/unit/classes/server/puppetdb_ini_spec.rb b/spec/unit/classes/server/puppetdb_ini_spec.rb index abcb7bd6..14d8907e 100644 --- a/spec/unit/classes/server/puppetdb_ini_spec.rb +++ b/spec/unit/classes/server/puppetdb_ini_spec.rb @@ -1,108 +1,96 @@ require 'spec_helper' describe 'puppetdb::server::puppetdb', type: :class do - context 'on a supported platform' do - let(:facts) do - { - os: { - family: 'RedHat', - }, - networking: { - fqdn: 'test.domain.local', - }, - service_provider: 'systemd', - } - end + let(:facts) { on_supported_os.take(1).first[1] } - it { is_expected.to contain_class('puppetdb::server::puppetdb') } + it { is_expected.to contain_class('puppetdb::server::puppetdb') } - describe 'when using default values' do - it { - is_expected.to contain_ini_setting('puppetdb-connections-from-master-only') - .with( - 'ensure' => 'absent', - 'path' => '/etc/puppetlabs/puppetdb/conf.d/puppetdb.ini', - 'section' => 'puppetdb', - 'setting' => 'certificate-whitelist', - 'value' => '/etc/puppetlabs/puppetdb/certificate-whitelist', - ) - } - it { - is_expected.to contain_file('/etc/puppetlabs/puppetdb/certificate-whitelist') - .with( - 'ensure' => 'absent', - 'owner' => 0, - 'group' => 0, - 'mode' => '0644', - 'content' => '', - ) - } - it { - is_expected.to contain_file('/etc/puppetlabs/puppetdb/conf.d/puppetdb.ini') - .with( - 'ensure' => 'file', - 'owner' => 'puppetdb', - 'group' => 'puppetdb', - 'mode' => '0600', - ) - } - it { - is_expected.to contain_ini_setting('puppetdb_disable_update_checking') - .with( - 'ensure' => 'absent', - 'path' => '/etc/puppetlabs/puppetdb/conf.d/puppetdb.ini', - 'section' => 'puppetdb', - 'setting' => 'disable-update-checking', - ) - } - end - - describe 'when restricting access to puppetdb' do - let(:params) do - { - 'certificate_whitelist' => ['puppetmaster'], - } - end + describe 'when using default values' do + it { + is_expected.to contain_ini_setting('puppetdb-connections-from-master-only') + .with( + 'ensure' => 'absent', + 'path' => '/etc/puppetlabs/puppetdb/conf.d/puppetdb.ini', + 'section' => 'puppetdb', + 'setting' => 'certificate-whitelist', + 'value' => '/etc/puppetlabs/puppetdb/certificate-whitelist', + ) + } + it { + is_expected.to contain_file('/etc/puppetlabs/puppetdb/certificate-whitelist') + .with( + 'ensure' => 'absent', + 'owner' => 0, + 'group' => 0, + 'mode' => '0644', + 'content' => '', + ) + } + it { + is_expected.to contain_file('/etc/puppetlabs/puppetdb/conf.d/puppetdb.ini') + .with( + 'ensure' => 'file', + 'owner' => 'puppetdb', + 'group' => 'puppetdb', + 'mode' => '0600', + ) + } + it { + is_expected.to contain_ini_setting('puppetdb_disable_update_checking') + .with( + 'ensure' => 'absent', + 'path' => '/etc/puppetlabs/puppetdb/conf.d/puppetdb.ini', + 'section' => 'puppetdb', + 'setting' => 'disable-update-checking', + ) + } + end - it { - is_expected.to contain_ini_setting('puppetdb-connections-from-master-only') - .with( - 'ensure' => 'present', - 'path' => '/etc/puppetlabs/puppetdb/conf.d/puppetdb.ini', - 'section' => 'puppetdb', - 'setting' => 'certificate-whitelist', - 'value' => '/etc/puppetlabs/puppetdb/certificate-whitelist', - ) - } - it { - is_expected.to contain_file('/etc/puppetlabs/puppetdb/certificate-whitelist') - .with( - 'ensure' => 'present', - 'owner' => 0, - 'group' => 0, - 'mode' => '0644', - 'content' => "puppetmaster\n", - ) + describe 'when restricting access to puppetdb' do + let(:params) do + { + 'certificate_whitelist' => ['puppetmaster'], } end - describe 'when enable disable-update-checking' do - let(:params) do - { - 'disable_update_checking' => true, - } - end + it { + is_expected.to contain_ini_setting('puppetdb-connections-from-master-only') + .with( + 'ensure' => 'present', + 'path' => '/etc/puppetlabs/puppetdb/conf.d/puppetdb.ini', + 'section' => 'puppetdb', + 'setting' => 'certificate-whitelist', + 'value' => '/etc/puppetlabs/puppetdb/certificate-whitelist', + ) + } + it { + is_expected.to contain_file('/etc/puppetlabs/puppetdb/certificate-whitelist') + .with( + 'ensure' => 'present', + 'owner' => 0, + 'group' => 0, + 'mode' => '0644', + 'content' => "puppetmaster\n", + ) + } + end - it { - is_expected.to contain_ini_setting('puppetdb_disable_update_checking') - .with( - 'ensure' => 'present', - 'path' => '/etc/puppetlabs/puppetdb/conf.d/puppetdb.ini', - 'section' => 'puppetdb', - 'setting' => 'disable-update-checking', - 'value' => 'true', - ) + describe 'when enable disable-update-checking' do + let(:params) do + { + 'disable_update_checking' => true, } end + + it { + is_expected.to contain_ini_setting('puppetdb_disable_update_checking') + .with( + 'ensure' => 'present', + 'path' => '/etc/puppetlabs/puppetdb/conf.d/puppetdb.ini', + 'section' => 'puppetdb', + 'setting' => 'disable-update-checking', + 'value' => 'true', + ) + } end end diff --git a/spec/unit/classes/server/read_database_ini_spec.rb b/spec/unit/classes/server/read_database_ini_spec.rb index e637428a..7e821f79 100644 --- a/spec/unit/classes/server/read_database_ini_spec.rb +++ b/spec/unit/classes/server/read_database_ini_spec.rb @@ -1,172 +1,168 @@ require 'spec_helper' describe 'puppetdb::server::read_database', type: :class do - context 'on a supported platform' do - let(:facts) do + let(:facts) { on_supported_os.take(1).first[1] } + + it { is_expected.to contain_class('puppetdb::server::read_database') } + + describe 'when using default values' do + it { is_expected.to contain_file('/etc/puppetlabs/puppetdb/conf.d/read_database.ini').with('ensure' => 'absent') } + end + + describe 'when using minimum working values' do + let(:params) do { - os: { - family: 'RedHat', - }, - puppetversion: Puppet.version, - operatingsystemrelease: '7.0', - networking: { - fqdn: 'test.domain.local', - }, - service_provider: 'systemd', + 'read_database_host' => 'puppetdb', } end - it { is_expected.to contain_class('puppetdb::server::read_database') } - - describe 'when using default values' do - it { is_expected.to contain_file('/etc/puppetlabs/puppetdb/conf.d/read_database.ini').with('ensure' => 'absent') } - end + it { + is_expected.to contain_file('/etc/puppetlabs/puppetdb/conf.d/read_database.ini') + .with( + 'ensure' => 'file', + 'owner' => 'puppetdb', + 'group' => 'puppetdb', + 'mode' => '0600', + ) + } + it { + is_expected.to contain_ini_setting('puppetdb_read_database_username') + .with( + 'ensure' => 'present', + 'path' => '/etc/puppetlabs/puppetdb/conf.d/read_database.ini', + 'section' => 'read-database', + 'setting' => 'username', + 'value' => 'puppetdb-read', + ) + } + it { + is_expected.to contain_ini_setting('puppetdb_read_database_password') + .with( + 'ensure' => 'present', + 'path' => '/etc/puppetlabs/puppetdb/conf.d/read_database.ini', + 'section' => 'read-database', + 'setting' => 'password', + 'value' => 'puppetdb-read', + ) + } + it { + is_expected.to contain_ini_setting('puppetdb_read_classname') + .with( + 'ensure' => 'present', + 'path' => '/etc/puppetlabs/puppetdb/conf.d/read_database.ini', + 'section' => 'read-database', + 'setting' => 'classname', + 'value' => 'org.postgresql.Driver', + ) + } + it { + is_expected.to contain_ini_setting('puppetdb_read_subprotocol') + .with( + 'ensure' => 'present', + 'path' => '/etc/puppetlabs/puppetdb/conf.d/read_database.ini', + 'section' => 'read-database', + 'setting' => 'subprotocol', + 'value' => 'postgresql', + ) + } + it { + is_expected.to contain_ini_setting('puppetdb_read_pgs') + .with( + 'ensure' => 'present', + 'path' => '/etc/puppetlabs/puppetdb/conf.d/read_database.ini', + 'section' => 'read-database', + 'setting' => 'syntax_pgs', + 'value' => true, + ) + } + it { + is_expected.to contain_ini_setting('puppetdb_read_subname') + .with( + 'ensure' => 'present', + 'path' => '/etc/puppetlabs/puppetdb/conf.d/read_database.ini', + 'section' => 'read-database', + 'setting' => 'subname', + 'value' => '//puppetdb:5432/puppetdb', + ) + } + it { + is_expected.to contain_ini_setting('puppetdb_read_log_slow_statements') + .with( + 'ensure' => 'present', + 'path' => '/etc/puppetlabs/puppetdb/conf.d/read_database.ini', + 'section' => 'read-database', + 'setting' => 'log-slow-statements', + 'value' => 10, + ) + } + it { + is_expected.to contain_ini_setting('puppetdb_read_conn_max_age') + .with( + 'ensure' => 'present', + 'path' => '/etc/puppetlabs/puppetdb/conf.d/read_database.ini', + 'section' => 'read-database', + 'setting' => 'conn-max-age', + 'value' => '60', + ) + } + it { + is_expected.to contain_ini_setting('puppetdb_read_conn_keep_alive') + .with( + 'ensure' => 'present', + 'path' => '/etc/puppetlabs/puppetdb/conf.d/read_database.ini', + 'section' => 'read-database', + 'setting' => 'conn-keep-alive', + 'value' => '45', + ) + } + it { + is_expected.to contain_ini_setting('puppetdb_read_conn_lifetime') + .with( + 'ensure' => 'present', + 'path' => '/etc/puppetlabs/puppetdb/conf.d/read_database.ini', + 'section' => 'read-database', + 'setting' => 'conn-lifetime', + 'value' => '0', + ) + } - describe 'when using minimum working values' do + context 'when using ssl communication' do let(:params) do { - 'read_database_host' => 'puppetdb', + read_database_host: 'puppetdb', + postgresql_ssl_on: true, + ssl_key_pk8_path: '/tmp/private_key.pk8', } end - it { - is_expected.to contain_file('/etc/puppetlabs/puppetdb/conf.d/read_database.ini') - .with( - 'ensure' => 'file', - 'owner' => 'puppetdb', - 'group' => 'puppetdb', - 'mode' => '0600', - ) - } - it { - is_expected.to contain_ini_setting('puppetdb_read_database_username') - .with( - 'ensure' => 'present', - 'path' => '/etc/puppetlabs/puppetdb/conf.d/read_database.ini', - 'section' => 'read-database', - 'setting' => 'username', - 'value' => 'puppetdb-read', - ) - } - it { - is_expected.to contain_ini_setting('puppetdb_read_database_password') - .with( - 'ensure' => 'present', - 'path' => '/etc/puppetlabs/puppetdb/conf.d/read_database.ini', - 'section' => 'read-database', - 'setting' => 'password', - 'value' => 'puppetdb-read', - ) - } - it { - is_expected.to contain_ini_setting('puppetdb_read_classname') - .with( - 'ensure' => 'present', - 'path' => '/etc/puppetlabs/puppetdb/conf.d/read_database.ini', - 'section' => 'read-database', - 'setting' => 'classname', - 'value' => 'org.postgresql.Driver', - ) - } - it { - is_expected.to contain_ini_setting('puppetdb_read_subprotocol') - .with( - 'ensure' => 'present', - 'path' => '/etc/puppetlabs/puppetdb/conf.d/read_database.ini', - 'section' => 'read-database', - 'setting' => 'subprotocol', - 'value' => 'postgresql', - ) - } - it { + it 'configures subname correctly' do is_expected.to contain_ini_setting('puppetdb_read_subname') .with( - 'ensure' => 'present', - 'path' => '/etc/puppetlabs/puppetdb/conf.d/read_database.ini', - 'section' => 'read-database', - 'setting' => 'subname', - 'value' => '//puppetdb:5432/puppetdb', - ) - } - it { - is_expected.to contain_ini_setting('puppetdb_read_log_slow_statements') - .with( - 'ensure' => 'present', - 'path' => '/etc/puppetlabs/puppetdb/conf.d/read_database.ini', - 'section' => 'read-database', - 'setting' => 'log-slow-statements', - 'value' => 10, + ensure: 'present', + path: '/etc/puppetlabs/puppetdb/conf.d/read_database.ini', + section: 'read-database', + setting: 'subname', + value: '//puppetdb:5432/puppetdb?' \ + 'ssl=true&sslfactory=org.postgresql.ssl.LibPQFactory&' \ + 'sslmode=verify-full&' \ + 'sslrootcert=/etc/puppetlabs/puppetdb/ssl/ca.pem&' \ + 'sslkey=/tmp/private_key.pk8&' \ + 'sslcert=/etc/puppetlabs/puppetdb/ssl/public.pem', ) - } - it { - is_expected.to contain_ini_setting('puppetdb_read_conn_max_age') - .with( - 'ensure' => 'present', - 'path' => '/etc/puppetlabs/puppetdb/conf.d/read_database.ini', - 'section' => 'read-database', - 'setting' => 'conn-max-age', - 'value' => '60', - ) - } - it { - is_expected.to contain_ini_setting('puppetdb_read_conn_keep_alive') - .with( - 'ensure' => 'present', - 'path' => '/etc/puppetlabs/puppetdb/conf.d/read_database.ini', - 'section' => 'read-database', - 'setting' => 'conn-keep-alive', - 'value' => '45', - ) - } - it { - is_expected.to contain_ini_setting('puppetdb_read_conn_lifetime') - .with( - 'ensure' => 'present', - 'path' => '/etc/puppetlabs/puppetdb/conf.d/read_database.ini', - 'section' => 'read-database', - 'setting' => 'conn-lifetime', - 'value' => '0', - ) - } + end - context 'when using ssl communication' do + context 'when setting jdbc_ssl_properties as well' do let(:params) do { read_database_host: 'puppetdb', + jdbc_ssl_properties: '?ssl=true', postgresql_ssl_on: true, - ssl_key_pk8_path: '/tmp/private_key.pk8', } end - it 'configures subname correctly' do - is_expected.to contain_ini_setting('puppetdb_read_subname') - .with( - ensure: 'present', - path: '/etc/puppetlabs/puppetdb/conf.d/read_database.ini', - section: 'read-database', - setting: 'subname', - value: '//puppetdb:5432/puppetdb?' \ - 'ssl=true&sslfactory=org.postgresql.ssl.LibPQFactory&' \ - 'sslmode=verify-full&' \ - 'sslrootcert=/etc/puppetlabs/puppetdb/ssl/ca.pem&' \ - 'sslkey=/tmp/private_key.pk8&' \ - 'sslcert=/etc/puppetlabs/puppetdb/ssl/public.pem', - ) - end - - context 'when setting jdbc_ssl_properties as well' do - let(:params) do - { - read_database_host: 'puppetdb', - jdbc_ssl_properties: '?ssl=true', - postgresql_ssl_on: true, - } - end - - it 'raises an error' do - is_expected.to compile - .and_raise_error(%r{Variables 'postgresql_ssl_on' and 'jdbc_ssl_properties' can not be used at the same time!}) - end + it 'raises an error' do + is_expected.to compile + .and_raise_error(%r{Variables 'postgresql_ssl_on' and 'jdbc_ssl_properties' can not be used at the same time!}) end end end diff --git a/spec/unit/classes/server/validate_db_spec.rb b/spec/unit/classes/server/validate_db_spec.rb new file mode 100644 index 00000000..6ffd57c5 --- /dev/null +++ b/spec/unit/classes/server/validate_db_spec.rb @@ -0,0 +1,58 @@ +# frozen_string_literal: true + +require 'spec_helper' + +# FIXME: the connection validator resource in this code was deprecated and +# removed from the postgres module long ago. +# although the class is included, the resource is never added to +# the catalog, masking the unknown resource error, because +# jdbc_ssl_properties returns '' instead of false. +describe 'puppetdb::server::validate_db', type: :class do + let(:facts) { on_supported_os.take(1).first[1] } + + context 'with default params' do + it { + is_expected.to contain_class('puppetdb::server::validate_db') + .with( + database: 'postgres', + database_host: 'localhost', + database_port: '5432', + database_username: 'puppetdb', + database_password: 'puppetdb', + database_name: 'puppetdb', + jdbc_ssl_properties: '', + ) + } + + it { is_expected.not_to contain_postgresql__validate_db_connection('validate puppetdb postgres connection') } + end + + context 'with parameter tests' do + let(:params) { { jdbc_ssl_properties: false } } + + context 'with jdbc_ssl_properties set false' do + it { + is_expected.to contain_postgresql__validate_db_connection('validate puppetdb postgres connection') + .with( + database_host: 'localhost', + database_port: '5432', + database_username: 'puppetdb', + database_password: 'puppetdb', + database_name: 'puppetdb', + ) + } + end + + context 'with unsupported database' do + let(:params) { { database: 'nosql' } } + + it { is_expected.not_to contain_postgresql__validate_db_connection('validate puppetdb postgres connection') } + end + + context 'without database password' do + let(:params) { { database_password: nil } } + + it { is_expected.not_to contain_postgresql__validate_db_connection('validate puppetdb postgres connection') } + end + end +end diff --git a/spec/unit/classes/server/validate_read_db_spec.rb b/spec/unit/classes/server/validate_read_db_spec.rb new file mode 100644 index 00000000..96aa2ffa --- /dev/null +++ b/spec/unit/classes/server/validate_read_db_spec.rb @@ -0,0 +1,58 @@ +# frozen_string_literal: true + +require 'spec_helper' + +# FIXME: the connection validator resource in this code was deprecated and +# removed from the postgres module long ago. +# although the class is included, the resource is never added to +# the catalog, masking the unknown resource error, because +# jdbc_ssl_properties returns '' instead of false. +describe 'puppetdb::server::validate_read_db', type: :class do + let(:facts) { on_supported_os.take(1).first[1] } + + context 'with default params' do + it { + is_expected.to contain_class('puppetdb::server::validate_read_db') + .with( + database: 'postgres', + database_host: 'localhost', + database_port: '5432', + database_username: 'puppetdb', + database_password: 'puppetdb', + database_name: 'puppetdb', + jdbc_ssl_properties: '', + ) + } + + it { is_expected.not_to contain_postgresql__validate_db_connection('validate puppetdb postgres (read) connection') } + end + + context 'with parameter tests' do + let(:params) { { jdbc_ssl_properties: false } } + + context 'with jdbc_ssl_properties set false' do + it { + is_expected.to contain_postgresql__validate_db_connection('validate puppetdb postgres (read) connection') + .with( + database_host: 'localhost', + database_port: '5432', + database_username: 'puppetdb', + database_password: 'puppetdb', + database_name: 'puppetdb', + ) + } + end + + context 'with unsupported database' do + let(:params) { { database: 'nosql' } } + + it { is_expected.not_to contain_postgresql__validate_db_connection('validate puppetdb postgres (read) connection') } + end + + context 'without database password' do + let(:params) { { database_password: nil } } + + it { is_expected.not_to contain_postgresql__validate_db_connection('validate puppetdb postgres (read) connection') } + end + end +end diff --git a/spec/unit/classes/server_spec.rb b/spec/unit/classes/server_spec.rb index 6ffbf4e3..78cd4f49 100644 --- a/spec/unit/classes/server_spec.rb +++ b/spec/unit/classes/server_spec.rb @@ -5,20 +5,18 @@ 'test.domain.local' end + let(:pathdir) do + case facts[:os]['family'] + when 'Debian' + '/etc/default/puppetdb' + else + '/etc/sysconfig/puppetdb' + end + end + on_supported_os.each do |os, facts| context "on #{os}" do - let(:facts) do - facts.merge(puppetversion: Puppet.version, - service_provider: 'systemd', - selinux: true) - end - - pathdir = case facts[:osfamily] - when 'Debian' - '/etc/default/puppetdb' - else - '/etc/sysconfig/puppetdb' - end + let(:facts) { facts } describe 'when using default values' do it { is_expected.to contain_class('puppetdb::server') } @@ -28,6 +26,17 @@ it { is_expected.to contain_class('puppetdb::server::read_database') } it { is_expected.to contain_class('puppetdb::server::jetty') } it { is_expected.to contain_class('puppetdb::server::puppetdb') } + + it { + is_expected.to contain_package('puppetdb') + .that_notifies('Service[puppetdb]') + } + + it { + is_expected.to contain_service('puppetdb') + .with_ensure('running') + .with_enable(true) + } end describe 'when not specifying JAVA_ARGS' do @@ -43,20 +52,18 @@ } end - context 'on redhat PuppetDB' do - it { - is_expected.to contain_ini_subsetting("'-Xms'") - .with( - 'ensure' => 'present', - 'path' => pathdir.to_s, - 'section' => '', - 'key_val_separator' => '=', - 'setting' => 'JAVA_ARGS', - 'subsetting' => '-Xms', - 'value' => '2g', - ) - } - end + it { + is_expected.to contain_ini_subsetting("'-Xms'") + .with( + 'ensure' => 'present', + 'path' => pathdir.to_s, + 'section' => '', + 'key_val_separator' => '=', + 'setting' => 'JAVA_ARGS', + 'subsetting' => '-Xms', + 'value' => '2g', + ) + } end describe 'when specifying JAVA_ARGS with merge_default_java_args false' do @@ -83,7 +90,7 @@ context 'when systemd is available' do let(:facts) do - facts.merge(systemd: true) + super().merge(systemd: true) end describe 'by default dlo cleanup service is enabled' do From a8ab514eceed612b6dbc325e3e523b9d4ba7459e Mon Sep 17 00:00:00 2001 From: Jeffrey Clark Date: Mon, 29 Jan 2024 13:58:47 -0600 Subject: [PATCH 29/97] add github workflows for unit spec tests --- .github/workflows/ci.yml | 22 +++++++++ .github/workflows/module_ci.yml | 86 +++++++++++++++++++++++++++++++++ .rspec_parallel | 1 + .rubocop.yml | 1 + .sync.yml | 2 + rakelib/common.rake | 33 +++++++++++++ 6 files changed, 145 insertions(+) create mode 100644 .github/workflows/ci.yml create mode 100644 .github/workflows/module_ci.yml create mode 100644 .rspec_parallel create mode 100644 rakelib/common.rake diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 00000000..1983ccc0 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,22 @@ +name: "ci" + +on: + pull_request: + branches: + - "main" + paths-ignore: + - '**.md' + - 'examples/**' + - 'LICENSE' + - 'CODEOWNERS' + - 'AUTHORS' + workflow_dispatch: + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + Spec: + uses: ./.github/workflows/module_ci.yml + secrets: inherit diff --git a/.github/workflows/module_ci.yml b/.github/workflows/module_ci.yml new file mode 100644 index 00000000..96d9cf3c --- /dev/null +++ b/.github/workflows/module_ci.yml @@ -0,0 +1,86 @@ +# This is a generic workflow for Puppet module CI operations. +name: "Module CI" + +on: + workflow_call: + inputs: + runs_on: + description: "The operating system used for the runner." + required: false + default: "ubuntu-latest" + type: "string" + flags: + description: "Additional flags to pass to matrix_from_metadata_v2." + required: false + default: '' + type: "string" + +jobs: + setup_matrix: + name: "Setup Test Matrix" + runs-on: ${{ inputs.runs_on }} + outputs: + spec_matrix: ${{ steps.get-matrix.outputs.spec_matrix }} + + steps: + + - name: "Checkout" + uses: "actions/checkout@v4" + with: + ref: ${{ github.event.pull_request.head.sha }} + + - name: "Setup ruby" + uses: "ruby/setup-ruby@v1" + with: + ruby-version: "2.7" + bundler-cache: true + + - name: "Bundle environment" + run: | + echo ::group::bundler environment + bundle env + echo ::endgroup:: + + - name: Setup Spec Test Matrix + id: get-matrix + run: | + bundle exec matrix_from_metadata_v2 ${{ inputs.flags }} + + spec: + name: "Spec tests (Puppet: ${{matrix.puppet_version}}, Ruby Ver: ${{matrix.ruby_version}})" + needs: "setup_matrix" + runs-on: ${{ inputs.runs_on }} + strategy: + fail-fast: false + matrix: ${{ fromJson( needs.setup_matrix.outputs.spec_matrix ) }} + + env: + PUPPET_GEM_VERSION: ${{ matrix.puppet_version }} + FACTER_GEM_VERSION: 'https://github.com/puppetlabs/facter#main' # why is this set? + + steps: + - name: "Checkout" + uses: "actions/checkout@v4" + with: + ref: ${{ github.event.pull_request.head.sha }} + + - name: "Setup ruby" + uses: "ruby/setup-ruby@v1" + with: + ruby-version: ${{matrix.ruby_version}} + bundler-cache: true + + - name: "Bundle environment" + run: | + echo ::group::bundler environment + bundle env + echo ::endgroup:: + + - name: "Run Static & Syntax Tests" + run: | + bundle exec rake syntax lint metadata_lint check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop + bundle exec dependency-checker metadata.json || true # temporarily allow to fail + + - name: "Run tests" + run: | + bundle exec rake parallel_spec diff --git a/.rspec_parallel b/.rspec_parallel new file mode 100644 index 00000000..e4d136b7 --- /dev/null +++ b/.rspec_parallel @@ -0,0 +1 @@ +--format progress diff --git a/.rubocop.yml b/.rubocop.yml index f653becb..043ef9d1 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -7,6 +7,7 @@ AllCops: TargetRubyVersion: '2.6' Include: - "**/*.rb" + - "**/*.rake" Exclude: - bin/* - ".vendor/**/*" diff --git a/.sync.yml b/.sync.yml index 55bacc5c..4c5e0c81 100644 --- a/.sync.yml +++ b/.sync.yml @@ -3,6 +3,8 @@ default_configs: AllCops: NewCops: enable + Include: + - '**/*.rake' .pdkignore: paths: - /.*.yml diff --git a/rakelib/common.rake b/rakelib/common.rake new file mode 100644 index 00000000..a0054fa0 --- /dev/null +++ b/rakelib/common.rake @@ -0,0 +1,33 @@ +require 'dependency_checker' +require 'metadata_json_lint' + +# PDK validate behaviors +MetadataJsonLint.options.fail_on_warnings = true +MetadataJsonLint.options.strict_license = true +MetadataJsonLint.options.strict_puppet_version = true +MetadataJsonLint.options.strict_dependencies = true + +PuppetLint.configuration.log_forat = '%{path}:%{line}:%{check}:%{KIND}:%{message}' +PuppetLint.configuration.fail_on_warnings = true + +desc 'Run dependency-checker' +task :metadata_deps do + dpc = DependencyChecker::Runner.new + dpc.resolve_from_files(['metadata.json']) + dpc.run + raise 'dependency checker failed' unless dpc.problems.zero? +end + +# output task execution +unless Rake.application.options.trace + setup = ->(task, *_args) do + puts "===> rake: #{task}" + end + + task :log_hooker do + Rake::Task.tasks.reject { |t| t.to_s == 'log_hooker' }.each do |a_task| + a_task.actions.prepend(setup) + end + end + Rake.application.top_level_tasks.prepend(:log_hooker) +end From 94c615c0193c6fecc15a790d39364b30fdeb6371 Mon Sep 17 00:00:00 2001 From: Jeffrey Clark Date: Mon, 29 Jan 2024 14:00:07 -0600 Subject: [PATCH 30/97] generate reference documentation --- REFERENCE.md | 3538 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 3538 insertions(+) create mode 100644 REFERENCE.md diff --git a/REFERENCE.md b/REFERENCE.md new file mode 100644 index 00000000..78149e3f --- /dev/null +++ b/REFERENCE.md @@ -0,0 +1,3538 @@ +# Reference + + + +## Table of Contents + +### Classes + +* [`puppetdb`](#puppetdb): All in one class for setting up a PuppetDB instance. See README.md for more details. +* [`puppetdb::database::postgresql`](#puppetdb--database--postgresql): Class for creating the PuppetDB postgresql database. See README.md for more information. +* [`puppetdb::database::ssl_configuration`](#puppetdb--database--ssl_configuration): Class for configuring SSL connection for the PuppetDB postgresql database. See README.md for more information. +* [`puppetdb::globals`](#puppetdb--globals): Global configuration class for PuppetDB. See README.md for more details. +* [`puppetdb::master::config`](#puppetdb--master--config): Manage puppet configuration. See README.md for more details. +* [`puppetdb::master::puppetdb_conf`](#puppetdb--master--puppetdb_conf): Manage the puppetdb.conf file on the puppeet master. See README.md for more details. +* [`puppetdb::master::report_processor`](#puppetdb--master--report_processor): Manage the installation of the report processor on the master. See README.md for more details. +* [`puppetdb::master::routes`](#puppetdb--master--routes): Manages the routes configuration file on the master. See README.md for more details. +* [`puppetdb::master::storeconfigs`](#puppetdb--master--storeconfigs): This class configures the puppet master to enable storeconfigs and to use puppetdb as the storeconfigs backend. See README.md for more detail +* [`puppetdb::params`](#puppetdb--params): PRIVATE CLASS - do not use directly The puppetdb default configuration settings. +* [`puppetdb::server`](#puppetdb--server): Class to configure a PuppetDB server. See README.md for more details. +* [`puppetdb::server::command_processing`](#puppetdb--server--command_processing): PRIVATE CLASS - do not use directly +* [`puppetdb::server::database`](#puppetdb--server--database): PRIVATE CLASS - do not use directly +* [`puppetdb::server::firewall`](#puppetdb--server--firewall): PRIVATE CLASS - do not use directly +* [`puppetdb::server::global`](#puppetdb--server--global): PRIVATE CLASS - do not use directly +* [`puppetdb::server::jetty`](#puppetdb--server--jetty): PRIVATE CLASS - do not use directly +* [`puppetdb::server::puppetdb`](#puppetdb--server--puppetdb): PRIVATE CLASS - do not use directly +* [`puppetdb::server::read_database`](#puppetdb--server--read_database): PRIVATE CLASS - do not use directly +* [`puppetdb::server::validate_db`](#puppetdb--server--validate_db): This validates a database connection. See README.md for more details. +* [`puppetdb::server::validate_read_db`](#puppetdb--server--validate_read_db): This validates a database connection. See README.md for more details. + +### Defined types + +* [`puppetdb::database::default_read_grant`](#puppetdb--database--default_read_grant): Private class. Grant read permissions to $database_read_only_username by default, for new tables created by $database_username. +* [`puppetdb::database::postgresql_ssl_rules`](#puppetdb--database--postgresql_ssl_rules): Private class for configuring the pg_ident.conf and pg_hba.conf files +* [`puppetdb::database::read_grant`](#puppetdb--database--read_grant): Private class. Grant read-only permissions to $database_read_only_username for all objects in $schema of $database_name +* [`puppetdb::database::read_only_user`](#puppetdb--database--read_only_user) + +### Resource types + +* [`puppetdb_conn_validator`](#puppetdb_conn_validator): Verify that a connection can be successfully established between a node and the puppetdb server. Its primary use is as a precondition to pre + +### Functions + +* [`puppetdb::create_subsetting_resource_hash`](#puppetdb--create_subsetting_resource_hash) +* [`puppetdb::flatten_java_args`](#puppetdb--flatten_java_args) + +### Data types + +* [`Puppetdb::Ttl`](#Puppetdb--Ttl) + +### Tasks + +* [`lxd_exp`](#lxd_exp): Provision/Tear down a machine on LXD + +## Classes + +### `puppetdb` + +All in one class for setting up a PuppetDB instance. See README.md for more +details. + +#### Parameters + +The following parameters are available in the `puppetdb` class: + +* [`listen_address`](#-puppetdb--listen_address) +* [`listen_port`](#-puppetdb--listen_port) +* [`disable_cleartext`](#-puppetdb--disable_cleartext) +* [`open_listen_port`](#-puppetdb--open_listen_port) +* [`ssl_listen_address`](#-puppetdb--ssl_listen_address) +* [`ssl_listen_port`](#-puppetdb--ssl_listen_port) +* [`disable_ssl`](#-puppetdb--disable_ssl) +* [`open_ssl_listen_port`](#-puppetdb--open_ssl_listen_port) +* [`ssl_dir`](#-puppetdb--ssl_dir) +* [`ssl_set_cert_paths`](#-puppetdb--ssl_set_cert_paths) +* [`ssl_cert_path`](#-puppetdb--ssl_cert_path) +* [`ssl_key_path`](#-puppetdb--ssl_key_path) +* [`ssl_key_pk8_path`](#-puppetdb--ssl_key_pk8_path) +* [`ssl_ca_cert_path`](#-puppetdb--ssl_ca_cert_path) +* [`ssl_deploy_certs`](#-puppetdb--ssl_deploy_certs) +* [`ssl_key`](#-puppetdb--ssl_key) +* [`ssl_cert`](#-puppetdb--ssl_cert) +* [`ssl_ca_cert`](#-puppetdb--ssl_ca_cert) +* [`ssl_protocols`](#-puppetdb--ssl_protocols) +* [`postgresql_ssl_on`](#-puppetdb--postgresql_ssl_on) +* [`postgresql_ssl_folder`](#-puppetdb--postgresql_ssl_folder) +* [`postgresql_ssl_cert_path`](#-puppetdb--postgresql_ssl_cert_path) +* [`postgresql_ssl_key_path`](#-puppetdb--postgresql_ssl_key_path) +* [`postgresql_ssl_ca_cert_path`](#-puppetdb--postgresql_ssl_ca_cert_path) +* [`cipher_suites`](#-puppetdb--cipher_suites) +* [`migrate`](#-puppetdb--migrate) +* [`manage_dbserver`](#-puppetdb--manage_dbserver) +* [`manage_database`](#-puppetdb--manage_database) +* [`manage_package_repo`](#-puppetdb--manage_package_repo) +* [`postgres_version`](#-puppetdb--postgres_version) +* [`database`](#-puppetdb--database) +* [`database_host`](#-puppetdb--database_host) +* [`database_port`](#-puppetdb--database_port) +* [`database_username`](#-puppetdb--database_username) +* [`database_password`](#-puppetdb--database_password) +* [`database_name`](#-puppetdb--database_name) +* [`manage_db_password`](#-puppetdb--manage_db_password) +* [`jdbc_ssl_properties`](#-puppetdb--jdbc_ssl_properties) +* [`database_listen_address`](#-puppetdb--database_listen_address) +* [`database_validate`](#-puppetdb--database_validate) +* [`database_embedded_path`](#-puppetdb--database_embedded_path) +* [`node_ttl`](#-puppetdb--node_ttl) +* [`node_purge_ttl`](#-puppetdb--node_purge_ttl) +* [`report_ttl`](#-puppetdb--report_ttl) +* [`facts_blacklist`](#-puppetdb--facts_blacklist) +* [`gc_interval`](#-puppetdb--gc_interval) +* [`node_purge_gc_batch_limit`](#-puppetdb--node_purge_gc_batch_limit) +* [`log_slow_statements`](#-puppetdb--log_slow_statements) +* [`conn_max_age`](#-puppetdb--conn_max_age) +* [`conn_keep_alive`](#-puppetdb--conn_keep_alive) +* [`conn_lifetime`](#-puppetdb--conn_lifetime) +* [`puppetdb_package`](#-puppetdb--puppetdb_package) +* [`puppetdb_service`](#-puppetdb--puppetdb_service) +* [`puppetdb_service_status`](#-puppetdb--puppetdb_service_status) +* [`puppetdb_user`](#-puppetdb--puppetdb_user) +* [`puppetdb_group`](#-puppetdb--puppetdb_group) +* [`puppetdb_server`](#-puppetdb--puppetdb_server) +* [`read_database`](#-puppetdb--read_database) +* [`read_database_host`](#-puppetdb--read_database_host) +* [`read_database_port`](#-puppetdb--read_database_port) +* [`read_database_username`](#-puppetdb--read_database_username) +* [`read_database_password`](#-puppetdb--read_database_password) +* [`read_database_name`](#-puppetdb--read_database_name) +* [`manage_read_db_password`](#-puppetdb--manage_read_db_password) +* [`read_database_jdbc_ssl_properties`](#-puppetdb--read_database_jdbc_ssl_properties) +* [`read_database_validate`](#-puppetdb--read_database_validate) +* [`read_log_slow_statements`](#-puppetdb--read_log_slow_statements) +* [`read_conn_max_age`](#-puppetdb--read_conn_max_age) +* [`read_conn_keep_alive`](#-puppetdb--read_conn_keep_alive) +* [`read_conn_lifetime`](#-puppetdb--read_conn_lifetime) +* [`confdir`](#-puppetdb--confdir) +* [`vardir`](#-puppetdb--vardir) +* [`manage_firewall`](#-puppetdb--manage_firewall) +* [`java_args`](#-puppetdb--java_args) +* [`merge_default_java_args`](#-puppetdb--merge_default_java_args) +* [`max_threads`](#-puppetdb--max_threads) +* [`command_threads`](#-puppetdb--command_threads) +* [`concurrent_writes`](#-puppetdb--concurrent_writes) +* [`store_usage`](#-puppetdb--store_usage) +* [`temp_usage`](#-puppetdb--temp_usage) +* [`disable_update_checking`](#-puppetdb--disable_update_checking) +* [`certificate_whitelist_file`](#-puppetdb--certificate_whitelist_file) +* [`certificate_whitelist`](#-puppetdb--certificate_whitelist) +* [`database_max_pool_size`](#-puppetdb--database_max_pool_size) +* [`read_database_max_pool_size`](#-puppetdb--read_database_max_pool_size) +* [`automatic_dlo_cleanup`](#-puppetdb--automatic_dlo_cleanup) +* [`cleanup_timer_interval`](#-puppetdb--cleanup_timer_interval) +* [`dlo_max_age`](#-puppetdb--dlo_max_age) +* [`java_bin`](#-puppetdb--java_bin) + +##### `listen_address` + +Data type: `Any` + + + +Default value: `$puppetdb::params::listen_address` + +##### `listen_port` + +Data type: `Any` + + + +Default value: `$puppetdb::params::listen_port` + +##### `disable_cleartext` + +Data type: `Any` + + + +Default value: `$puppetdb::params::disable_cleartext` + +##### `open_listen_port` + +Data type: `Any` + + + +Default value: `$puppetdb::params::open_listen_port` + +##### `ssl_listen_address` + +Data type: `Any` + + + +Default value: `$puppetdb::params::ssl_listen_address` + +##### `ssl_listen_port` + +Data type: `Any` + + + +Default value: `$puppetdb::params::ssl_listen_port` + +##### `disable_ssl` + +Data type: `Any` + + + +Default value: `$puppetdb::params::disable_ssl` + +##### `open_ssl_listen_port` + +Data type: `Any` + + + +Default value: `$puppetdb::params::open_ssl_listen_port` + +##### `ssl_dir` + +Data type: `Any` + + + +Default value: `$puppetdb::params::ssl_dir` + +##### `ssl_set_cert_paths` + +Data type: `Any` + + + +Default value: `$puppetdb::params::ssl_set_cert_paths` + +##### `ssl_cert_path` + +Data type: `Any` + + + +Default value: `$puppetdb::params::ssl_cert_path` + +##### `ssl_key_path` + +Data type: `Any` + + + +Default value: `$puppetdb::params::ssl_key_path` + +##### `ssl_key_pk8_path` + +Data type: `Any` + + + +Default value: `$puppetdb::params::ssl_key_pk8_path` + +##### `ssl_ca_cert_path` + +Data type: `Any` + + + +Default value: `$puppetdb::params::ssl_ca_cert_path` + +##### `ssl_deploy_certs` + +Data type: `Any` + + + +Default value: `$puppetdb::params::ssl_deploy_certs` + +##### `ssl_key` + +Data type: `Any` + + + +Default value: `$puppetdb::params::ssl_key` + +##### `ssl_cert` + +Data type: `Any` + + + +Default value: `$puppetdb::params::ssl_cert` + +##### `ssl_ca_cert` + +Data type: `Any` + + + +Default value: `$puppetdb::params::ssl_ca_cert` + +##### `ssl_protocols` + +Data type: `Any` + + + +Default value: `$puppetdb::params::ssl_protocols` + +##### `postgresql_ssl_on` + +Data type: `Any` + + + +Default value: `$puppetdb::params::postgresql_ssl_on` + +##### `postgresql_ssl_folder` + +Data type: `Any` + + + +Default value: `$puppetdb::params::postgresql_ssl_folder` + +##### `postgresql_ssl_cert_path` + +Data type: `Any` + + + +Default value: `$puppetdb::params::postgresql_ssl_cert_path` + +##### `postgresql_ssl_key_path` + +Data type: `Any` + + + +Default value: `$puppetdb::params::postgresql_ssl_key_path` + +##### `postgresql_ssl_ca_cert_path` + +Data type: `Any` + + + +Default value: `$puppetdb::params::postgresql_ssl_ca_cert_path` + +##### `cipher_suites` + +Data type: `Any` + + + +Default value: `$puppetdb::params::cipher_suites` + +##### `migrate` + +Data type: `Any` + + + +Default value: `$puppetdb::params::migrate` + +##### `manage_dbserver` + +Data type: `Any` + + + +Default value: `$puppetdb::params::manage_dbserver` + +##### `manage_database` + +Data type: `Any` + + + +Default value: `$puppetdb::params::manage_database` + +##### `manage_package_repo` + +Data type: `Any` + + + +Default value: `$puppetdb::params::manage_pg_repo` + +##### `postgres_version` + +Data type: `Any` + + + +Default value: `$puppetdb::params::postgres_version` + +##### `database` + +Data type: `Any` + + + +Default value: `$puppetdb::params::database` + +##### `database_host` + +Data type: `Any` + + + +Default value: `$puppetdb::params::database_host` + +##### `database_port` + +Data type: `Any` + + + +Default value: `$puppetdb::params::database_port` + +##### `database_username` + +Data type: `Any` + + + +Default value: `$puppetdb::params::database_username` + +##### `database_password` + +Data type: `Any` + + + +Default value: `$puppetdb::params::database_password` + +##### `database_name` + +Data type: `Any` + + + +Default value: `$puppetdb::params::database_name` + +##### `manage_db_password` + +Data type: `Any` + + + +Default value: `$puppetdb::params::manage_db_password` + +##### `jdbc_ssl_properties` + +Data type: `Any` + + + +Default value: `$puppetdb::params::jdbc_ssl_properties` + +##### `database_listen_address` + +Data type: `Any` + + + +Default value: `$puppetdb::params::postgres_listen_addresses` + +##### `database_validate` + +Data type: `Any` + + + +Default value: `$puppetdb::params::database_validate` + +##### `database_embedded_path` + +Data type: `Any` + + + +Default value: `$puppetdb::params::database_embedded_path` + +##### `node_ttl` + +Data type: `Any` + + + +Default value: `$puppetdb::params::node_ttl` + +##### `node_purge_ttl` + +Data type: `Any` + + + +Default value: `$puppetdb::params::node_purge_ttl` + +##### `report_ttl` + +Data type: `Any` + + + +Default value: `$puppetdb::params::report_ttl` + +##### `facts_blacklist` + +Data type: `Optional[Array]` + + + +Default value: `$puppetdb::params::facts_blacklist` + +##### `gc_interval` + +Data type: `Any` + + + +Default value: `$puppetdb::params::gc_interval` + +##### `node_purge_gc_batch_limit` + +Data type: `Any` + + + +Default value: `$puppetdb::params::node_purge_gc_batch_limit` + +##### `log_slow_statements` + +Data type: `Any` + + + +Default value: `$puppetdb::params::log_slow_statements` + +##### `conn_max_age` + +Data type: `Any` + + + +Default value: `$puppetdb::params::conn_max_age` + +##### `conn_keep_alive` + +Data type: `Any` + + + +Default value: `$puppetdb::params::conn_keep_alive` + +##### `conn_lifetime` + +Data type: `Any` + + + +Default value: `$puppetdb::params::conn_lifetime` + +##### `puppetdb_package` + +Data type: `Any` + + + +Default value: `$puppetdb::params::puppetdb_package` + +##### `puppetdb_service` + +Data type: `Any` + + + +Default value: `$puppetdb::params::puppetdb_service` + +##### `puppetdb_service_status` + +Data type: `Any` + + + +Default value: `$puppetdb::params::puppetdb_service_status` + +##### `puppetdb_user` + +Data type: `Any` + + + +Default value: `$puppetdb::params::puppetdb_user` + +##### `puppetdb_group` + +Data type: `Any` + + + +Default value: `$puppetdb::params::puppetdb_group` + +##### `puppetdb_server` + +Data type: `Any` + + + +Default value: `$puppetdb::params::puppetdb_server` + +##### `read_database` + +Data type: `Any` + + + +Default value: `$puppetdb::params::read_database` + +##### `read_database_host` + +Data type: `Any` + + + +Default value: `$puppetdb::params::read_database_host` + +##### `read_database_port` + +Data type: `Any` + + + +Default value: `$puppetdb::params::read_database_port` + +##### `read_database_username` + +Data type: `Any` + + + +Default value: `$puppetdb::params::read_database_username` + +##### `read_database_password` + +Data type: `Any` + + + +Default value: `$puppetdb::params::read_database_password` + +##### `read_database_name` + +Data type: `Any` + + + +Default value: `$puppetdb::params::read_database_name` + +##### `manage_read_db_password` + +Data type: `Any` + + + +Default value: `$puppetdb::params::manage_read_db_password` + +##### `read_database_jdbc_ssl_properties` + +Data type: `Any` + + + +Default value: `$puppetdb::params::read_database_jdbc_ssl_properties` + +##### `read_database_validate` + +Data type: `Any` + + + +Default value: `$puppetdb::params::read_database_validate` + +##### `read_log_slow_statements` + +Data type: `Any` + + + +Default value: `$puppetdb::params::read_log_slow_statements` + +##### `read_conn_max_age` + +Data type: `Any` + + + +Default value: `$puppetdb::params::read_conn_max_age` + +##### `read_conn_keep_alive` + +Data type: `Any` + + + +Default value: `$puppetdb::params::read_conn_keep_alive` + +##### `read_conn_lifetime` + +Data type: `Any` + + + +Default value: `$puppetdb::params::read_conn_lifetime` + +##### `confdir` + +Data type: `Any` + + + +Default value: `$puppetdb::params::confdir` + +##### `vardir` + +Data type: `Any` + + + +Default value: `$puppetdb::params::vardir` + +##### `manage_firewall` + +Data type: `Any` + + + +Default value: `$puppetdb::params::manage_firewall` + +##### `java_args` + +Data type: `Any` + + + +Default value: `$puppetdb::params::java_args` + +##### `merge_default_java_args` + +Data type: `Any` + + + +Default value: `$puppetdb::params::merge_default_java_args` + +##### `max_threads` + +Data type: `Any` + + + +Default value: `$puppetdb::params::max_threads` + +##### `command_threads` + +Data type: `Any` + + + +Default value: `$puppetdb::params::command_threads` + +##### `concurrent_writes` + +Data type: `Any` + + + +Default value: `$puppetdb::params::concurrent_writes` + +##### `store_usage` + +Data type: `Any` + + + +Default value: `$puppetdb::params::store_usage` + +##### `temp_usage` + +Data type: `Any` + + + +Default value: `$puppetdb::params::temp_usage` + +##### `disable_update_checking` + +Data type: `Any` + + + +Default value: `$puppetdb::params::disable_update_checking` + +##### `certificate_whitelist_file` + +Data type: `Any` + + + +Default value: `$puppetdb::params::certificate_whitelist_file` + +##### `certificate_whitelist` + +Data type: `Any` + + + +Default value: `$puppetdb::params::certificate_whitelist` + +##### `database_max_pool_size` + +Data type: `Any` + + + +Default value: `$puppetdb::params::database_max_pool_size` + +##### `read_database_max_pool_size` + +Data type: `Any` + + + +Default value: `$puppetdb::params::read_database_max_pool_size` + +##### `automatic_dlo_cleanup` + +Data type: `Boolean` + + + +Default value: `$puppetdb::params::automatic_dlo_cleanup` + +##### `cleanup_timer_interval` + +Data type: `String[1]` + + + +Default value: `$puppetdb::params::cleanup_timer_interval` + +##### `dlo_max_age` + +Data type: `Integer[1]` + + + +Default value: `$puppetdb::params::dlo_max_age` + +##### `java_bin` + +Data type: `Optional[Stdlib::Absolutepath]` + + + +Default value: `$puppetdb::params::java_bin` + +### `puppetdb::database::postgresql` + +Class for creating the PuppetDB postgresql database. See README.md for more +information. + +#### Parameters + +The following parameters are available in the `puppetdb::database::postgresql` class: + +* [`listen_addresses`](#-puppetdb--database--postgresql--listen_addresses) +* [`puppetdb_server`](#-puppetdb--database--postgresql--puppetdb_server) +* [`database_name`](#-puppetdb--database--postgresql--database_name) +* [`database_username`](#-puppetdb--database--postgresql--database_username) +* [`database_password`](#-puppetdb--database--postgresql--database_password) +* [`database_port`](#-puppetdb--database--postgresql--database_port) +* [`manage_database`](#-puppetdb--database--postgresql--manage_database) +* [`manage_server`](#-puppetdb--database--postgresql--manage_server) +* [`manage_package_repo`](#-puppetdb--database--postgresql--manage_package_repo) +* [`postgres_version`](#-puppetdb--database--postgresql--postgres_version) +* [`postgresql_ssl_on`](#-puppetdb--database--postgresql--postgresql_ssl_on) +* [`postgresql_ssl_key_path`](#-puppetdb--database--postgresql--postgresql_ssl_key_path) +* [`postgresql_ssl_cert_path`](#-puppetdb--database--postgresql--postgresql_ssl_cert_path) +* [`postgresql_ssl_ca_cert_path`](#-puppetdb--database--postgresql--postgresql_ssl_ca_cert_path) +* [`read_database_username`](#-puppetdb--database--postgresql--read_database_username) +* [`read_database_password`](#-puppetdb--database--postgresql--read_database_password) +* [`read_database_host`](#-puppetdb--database--postgresql--read_database_host) + +##### `listen_addresses` + +Data type: `Any` + + + +Default value: `$puppetdb::params::database_host` + +##### `puppetdb_server` + +Data type: `Any` + + + +Default value: `$puppetdb::params::puppetdb_server` + +##### `database_name` + +Data type: `Any` + + + +Default value: `$puppetdb::params::database_name` + +##### `database_username` + +Data type: `Any` + + + +Default value: `$puppetdb::params::database_username` + +##### `database_password` + +Data type: `Any` + + + +Default value: `$puppetdb::params::database_password` + +##### `database_port` + +Data type: `Any` + + + +Default value: `$puppetdb::params::database_port` + +##### `manage_database` + +Data type: `Any` + + + +Default value: `$puppetdb::params::manage_database` + +##### `manage_server` + +Data type: `Any` + + + +Default value: `$puppetdb::params::manage_dbserver` + +##### `manage_package_repo` + +Data type: `Any` + + + +Default value: `$puppetdb::params::manage_pg_repo` + +##### `postgres_version` + +Data type: `Any` + + + +Default value: `$puppetdb::params::postgres_version` + +##### `postgresql_ssl_on` + +Data type: `Any` + + + +Default value: `$puppetdb::params::postgresql_ssl_on` + +##### `postgresql_ssl_key_path` + +Data type: `Any` + + + +Default value: `$puppetdb::params::postgresql_ssl_key_path` + +##### `postgresql_ssl_cert_path` + +Data type: `Any` + + + +Default value: `$puppetdb::params::postgresql_ssl_cert_path` + +##### `postgresql_ssl_ca_cert_path` + +Data type: `Any` + + + +Default value: `$puppetdb::params::postgresql_ssl_ca_cert_path` + +##### `read_database_username` + +Data type: `Any` + + + +Default value: `$puppetdb::params::read_database_username` + +##### `read_database_password` + +Data type: `Any` + + + +Default value: `$puppetdb::params::read_database_password` + +##### `read_database_host` + +Data type: `Any` + + + +Default value: `$puppetdb::params::read_database_host` + +### `puppetdb::database::ssl_configuration` + +Class for configuring SSL connection for the PuppetDB postgresql database. See README.md for more +information. + +#### Parameters + +The following parameters are available in the `puppetdb::database::ssl_configuration` class: + +* [`database_name`](#-puppetdb--database--ssl_configuration--database_name) +* [`database_username`](#-puppetdb--database--ssl_configuration--database_username) +* [`read_database_username`](#-puppetdb--database--ssl_configuration--read_database_username) +* [`read_database_host`](#-puppetdb--database--ssl_configuration--read_database_host) +* [`puppetdb_server`](#-puppetdb--database--ssl_configuration--puppetdb_server) +* [`postgresql_ssl_key_path`](#-puppetdb--database--ssl_configuration--postgresql_ssl_key_path) +* [`postgresql_ssl_cert_path`](#-puppetdb--database--ssl_configuration--postgresql_ssl_cert_path) +* [`postgresql_ssl_ca_cert_path`](#-puppetdb--database--ssl_configuration--postgresql_ssl_ca_cert_path) +* [`create_read_user_rule`](#-puppetdb--database--ssl_configuration--create_read_user_rule) + +##### `database_name` + +Data type: `Any` + + + +Default value: `$puppetdb::params::database_name` + +##### `database_username` + +Data type: `Any` + + + +Default value: `$puppetdb::params::database_username` + +##### `read_database_username` + +Data type: `Any` + + + +Default value: `$puppetdb::params::read_database_username` + +##### `read_database_host` + +Data type: `Any` + + + +Default value: `$puppetdb::params::read_database_host` + +##### `puppetdb_server` + +Data type: `Any` + + + +Default value: `$puppetdb::params::puppetdb_server` + +##### `postgresql_ssl_key_path` + +Data type: `Any` + + + +Default value: `$puppetdb::params::postgresql_ssl_key_path` + +##### `postgresql_ssl_cert_path` + +Data type: `Any` + + + +Default value: `$puppetdb::params::postgresql_ssl_cert_path` + +##### `postgresql_ssl_ca_cert_path` + +Data type: `Any` + + + +Default value: `$puppetdb::params::postgresql_ssl_ca_cert_path` + +##### `create_read_user_rule` + +Data type: `Any` + + + +Default value: `false` + +### `puppetdb::globals` + +Global configuration class for PuppetDB. See README.md for more details. + +#### Parameters + +The following parameters are available in the `puppetdb::globals` class: + +* [`version`](#-puppetdb--globals--version) +* [`database`](#-puppetdb--globals--database) +* [`puppet_confdir`](#-puppetdb--globals--puppet_confdir) + +##### `version` + +Data type: `Any` + + + +Default value: `'present'` + +##### `database` + +Data type: `Any` + + + +Default value: `'postgres'` + +##### `puppet_confdir` + +Data type: `Stdlib::Absolutepath` + + + +Default value: `$settings::confdir` + +### `puppetdb::master::config` + +Manage puppet configuration. See README.md for more details. + +#### Parameters + +The following parameters are available in the `puppetdb::master::config` class: + +* [`puppetdb_server`](#-puppetdb--master--config--puppetdb_server) +* [`puppetdb_port`](#-puppetdb--master--config--puppetdb_port) +* [`puppetdb_disable_ssl`](#-puppetdb--master--config--puppetdb_disable_ssl) +* [`masterless`](#-puppetdb--master--config--masterless) +* [`puppetdb_soft_write_failure`](#-puppetdb--master--config--puppetdb_soft_write_failure) +* [`manage_routes`](#-puppetdb--master--config--manage_routes) +* [`manage_storeconfigs`](#-puppetdb--master--config--manage_storeconfigs) +* [`enable_storeconfigs`](#-puppetdb--master--config--enable_storeconfigs) +* [`manage_report_processor`](#-puppetdb--master--config--manage_report_processor) +* [`manage_config`](#-puppetdb--master--config--manage_config) +* [`create_puppet_service_resource`](#-puppetdb--master--config--create_puppet_service_resource) +* [`strict_validation`](#-puppetdb--master--config--strict_validation) +* [`enable_reports`](#-puppetdb--master--config--enable_reports) +* [`puppet_confdir`](#-puppetdb--master--config--puppet_confdir) +* [`puppet_conf`](#-puppetdb--master--config--puppet_conf) +* [`terminus_package`](#-puppetdb--master--config--terminus_package) +* [`puppet_service_name`](#-puppetdb--master--config--puppet_service_name) +* [`puppetdb_startup_timeout`](#-puppetdb--master--config--puppetdb_startup_timeout) +* [`test_url`](#-puppetdb--master--config--test_url) +* [`restart_puppet`](#-puppetdb--master--config--restart_puppet) + +##### `puppetdb_server` + +Data type: `Any` + + + +Default value: `fact('networking.fqdn')` + +##### `puppetdb_port` + +Data type: `Any` + + + +Default value: + +```puppet +defined(Class['puppetdb']) ? { + true => $puppetdb::disable_ssl ? { + true => 8080, + default => 8081, + }, + default => 8081 +``` + +##### `puppetdb_disable_ssl` + +Data type: `Any` + + + +Default value: + +```puppet +defined(Class['puppetdb']) ? { + true => $puppetdb::disable_ssl, + default => false +``` + +##### `masterless` + +Data type: `Any` + + + +Default value: `$puppetdb::params::masterless` + +##### `puppetdb_soft_write_failure` + +Data type: `Any` + + + +Default value: `false` + +##### `manage_routes` + +Data type: `Any` + + + +Default value: `true` + +##### `manage_storeconfigs` + +Data type: `Any` + + + +Default value: `true` + +##### `enable_storeconfigs` + +Data type: `Any` + + + +Default value: `true` + +##### `manage_report_processor` + +Data type: `Any` + + + +Default value: `false` + +##### `manage_config` + +Data type: `Any` + + + +Default value: `true` + +##### `create_puppet_service_resource` + +Data type: `Any` + + + +Default value: `true` + +##### `strict_validation` + +Data type: `Any` + + + +Default value: `true` + +##### `enable_reports` + +Data type: `Any` + + + +Default value: `false` + +##### `puppet_confdir` + +Data type: `Any` + + + +Default value: `$puppetdb::params::puppet_confdir` + +##### `puppet_conf` + +Data type: `Any` + + + +Default value: `$puppetdb::params::puppet_conf` + +##### `terminus_package` + +Data type: `Any` + + + +Default value: `$puppetdb::params::terminus_package` + +##### `puppet_service_name` + +Data type: `Any` + + + +Default value: `$puppetdb::params::puppet_service_name` + +##### `puppetdb_startup_timeout` + +Data type: `Any` + + + +Default value: `$puppetdb::params::puppetdb_startup_timeout` + +##### `test_url` + +Data type: `Any` + + + +Default value: `$puppetdb::params::test_url` + +##### `restart_puppet` + +Data type: `Any` + + + +Default value: `true` + +### `puppetdb::master::puppetdb_conf` + +Manage the puppetdb.conf file on the puppeet master. See README.md for more +details. + +#### Parameters + +The following parameters are available in the `puppetdb::master::puppetdb_conf` class: + +* [`server`](#-puppetdb--master--puppetdb_conf--server) +* [`port`](#-puppetdb--master--puppetdb_conf--port) +* [`soft_write_failure`](#-puppetdb--master--puppetdb_conf--soft_write_failure) +* [`puppet_confdir`](#-puppetdb--master--puppetdb_conf--puppet_confdir) +* [`legacy_terminus`](#-puppetdb--master--puppetdb_conf--legacy_terminus) + +##### `server` + +Data type: `Any` + + + +Default value: `'localhost'` + +##### `port` + +Data type: `Any` + + + +Default value: `'8081'` + +##### `soft_write_failure` + +Data type: `Any` + + + +Default value: + +```puppet +$puppetdb::disable_ssl ? { + true => true, + default => false +``` + +##### `puppet_confdir` + +Data type: `Any` + + + +Default value: `$puppetdb::params::puppet_confdir` + +##### `legacy_terminus` + +Data type: `Any` + + + +Default value: + +```puppet +$puppetdb::params::terminus_package ? { + /(puppetdb-terminus)/ => true, + default => false +``` + +### `puppetdb::master::report_processor` + +Manage the installation of the report processor on the master. See README.md +for more details. + +#### Parameters + +The following parameters are available in the `puppetdb::master::report_processor` class: + +* [`puppet_conf`](#-puppetdb--master--report_processor--puppet_conf) +* [`masterless`](#-puppetdb--master--report_processor--masterless) +* [`enable`](#-puppetdb--master--report_processor--enable) + +##### `puppet_conf` + +Data type: `Any` + + + +Default value: `$puppetdb::params::puppet_conf` + +##### `masterless` + +Data type: `Any` + + + +Default value: `$puppetdb::params::masterless` + +##### `enable` + +Data type: `Any` + + + +Default value: `false` + +### `puppetdb::master::routes` + +Manages the routes configuration file on the master. See README.md for more +details. + +#### Parameters + +The following parameters are available in the `puppetdb::master::routes` class: + +* [`puppet_confdir`](#-puppetdb--master--routes--puppet_confdir) +* [`masterless`](#-puppetdb--master--routes--masterless) +* [`routes`](#-puppetdb--master--routes--routes) + +##### `puppet_confdir` + +Data type: `Any` + + + +Default value: `$puppetdb::params::puppet_confdir` + +##### `masterless` + +Data type: `Any` + + + +Default value: `$puppetdb::params::masterless` + +##### `routes` + +Data type: `Any` + + + +Default value: `undef` + +### `puppetdb::master::storeconfigs` + +This class configures the puppet master to enable storeconfigs and to use +puppetdb as the storeconfigs backend. See README.md for more details. + +#### Parameters + +The following parameters are available in the `puppetdb::master::storeconfigs` class: + +* [`puppet_conf`](#-puppetdb--master--storeconfigs--puppet_conf) +* [`masterless`](#-puppetdb--master--storeconfigs--masterless) +* [`enable`](#-puppetdb--master--storeconfigs--enable) + +##### `puppet_conf` + +Data type: `Any` + + + +Default value: `$puppetdb::params::puppet_conf` + +##### `masterless` + +Data type: `Any` + + + +Default value: `$puppetdb::params::masterless` + +##### `enable` + +Data type: `Any` + + + +Default value: `true` + +### `puppetdb::params` + +PRIVATE CLASS - do not use directly + +The puppetdb default configuration settings. + +### `puppetdb::server` + +Class to configure a PuppetDB server. See README.md for more details. + +#### Parameters + +The following parameters are available in the `puppetdb::server` class: + +* [`listen_address`](#-puppetdb--server--listen_address) +* [`listen_port`](#-puppetdb--server--listen_port) +* [`disable_cleartext`](#-puppetdb--server--disable_cleartext) +* [`open_listen_port`](#-puppetdb--server--open_listen_port) +* [`ssl_listen_address`](#-puppetdb--server--ssl_listen_address) +* [`ssl_listen_port`](#-puppetdb--server--ssl_listen_port) +* [`disable_ssl`](#-puppetdb--server--disable_ssl) +* [`open_ssl_listen_port`](#-puppetdb--server--open_ssl_listen_port) +* [`ssl_dir`](#-puppetdb--server--ssl_dir) +* [`ssl_set_cert_paths`](#-puppetdb--server--ssl_set_cert_paths) +* [`ssl_cert_path`](#-puppetdb--server--ssl_cert_path) +* [`ssl_key_path`](#-puppetdb--server--ssl_key_path) +* [`ssl_key_pk8_path`](#-puppetdb--server--ssl_key_pk8_path) +* [`ssl_ca_cert_path`](#-puppetdb--server--ssl_ca_cert_path) +* [`ssl_deploy_certs`](#-puppetdb--server--ssl_deploy_certs) +* [`ssl_key`](#-puppetdb--server--ssl_key) +* [`ssl_cert`](#-puppetdb--server--ssl_cert) +* [`ssl_ca_cert`](#-puppetdb--server--ssl_ca_cert) +* [`ssl_protocols`](#-puppetdb--server--ssl_protocols) +* [`postgresql_ssl_on`](#-puppetdb--server--postgresql_ssl_on) +* [`cipher_suites`](#-puppetdb--server--cipher_suites) +* [`migrate`](#-puppetdb--server--migrate) +* [`database`](#-puppetdb--server--database) +* [`database_host`](#-puppetdb--server--database_host) +* [`database_port`](#-puppetdb--server--database_port) +* [`database_username`](#-puppetdb--server--database_username) +* [`database_password`](#-puppetdb--server--database_password) +* [`database_name`](#-puppetdb--server--database_name) +* [`manage_db_password`](#-puppetdb--server--manage_db_password) +* [`jdbc_ssl_properties`](#-puppetdb--server--jdbc_ssl_properties) +* [`database_validate`](#-puppetdb--server--database_validate) +* [`database_embedded_path`](#-puppetdb--server--database_embedded_path) +* [`node_ttl`](#-puppetdb--server--node_ttl) +* [`node_purge_ttl`](#-puppetdb--server--node_purge_ttl) +* [`report_ttl`](#-puppetdb--server--report_ttl) +* [`facts_blacklist`](#-puppetdb--server--facts_blacklist) +* [`gc_interval`](#-puppetdb--server--gc_interval) +* [`node_purge_gc_batch_limit`](#-puppetdb--server--node_purge_gc_batch_limit) +* [`log_slow_statements`](#-puppetdb--server--log_slow_statements) +* [`conn_max_age`](#-puppetdb--server--conn_max_age) +* [`conn_keep_alive`](#-puppetdb--server--conn_keep_alive) +* [`conn_lifetime`](#-puppetdb--server--conn_lifetime) +* [`puppetdb_package`](#-puppetdb--server--puppetdb_package) +* [`puppetdb_service`](#-puppetdb--server--puppetdb_service) +* [`puppetdb_service_status`](#-puppetdb--server--puppetdb_service_status) +* [`puppetdb_user`](#-puppetdb--server--puppetdb_user) +* [`puppetdb_group`](#-puppetdb--server--puppetdb_group) +* [`read_database`](#-puppetdb--server--read_database) +* [`read_database_host`](#-puppetdb--server--read_database_host) +* [`read_database_port`](#-puppetdb--server--read_database_port) +* [`read_database_username`](#-puppetdb--server--read_database_username) +* [`read_database_password`](#-puppetdb--server--read_database_password) +* [`read_database_name`](#-puppetdb--server--read_database_name) +* [`manage_read_db_password`](#-puppetdb--server--manage_read_db_password) +* [`read_database_jdbc_ssl_properties`](#-puppetdb--server--read_database_jdbc_ssl_properties) +* [`read_database_validate`](#-puppetdb--server--read_database_validate) +* [`read_log_slow_statements`](#-puppetdb--server--read_log_slow_statements) +* [`read_conn_max_age`](#-puppetdb--server--read_conn_max_age) +* [`read_conn_keep_alive`](#-puppetdb--server--read_conn_keep_alive) +* [`read_conn_lifetime`](#-puppetdb--server--read_conn_lifetime) +* [`confdir`](#-puppetdb--server--confdir) +* [`vardir`](#-puppetdb--server--vardir) +* [`manage_firewall`](#-puppetdb--server--manage_firewall) +* [`manage_database`](#-puppetdb--server--manage_database) +* [`java_args`](#-puppetdb--server--java_args) +* [`merge_default_java_args`](#-puppetdb--server--merge_default_java_args) +* [`max_threads`](#-puppetdb--server--max_threads) +* [`command_threads`](#-puppetdb--server--command_threads) +* [`concurrent_writes`](#-puppetdb--server--concurrent_writes) +* [`store_usage`](#-puppetdb--server--store_usage) +* [`temp_usage`](#-puppetdb--server--temp_usage) +* [`disable_update_checking`](#-puppetdb--server--disable_update_checking) +* [`certificate_whitelist_file`](#-puppetdb--server--certificate_whitelist_file) +* [`certificate_whitelist`](#-puppetdb--server--certificate_whitelist) +* [`database_max_pool_size`](#-puppetdb--server--database_max_pool_size) +* [`read_database_max_pool_size`](#-puppetdb--server--read_database_max_pool_size) +* [`automatic_dlo_cleanup`](#-puppetdb--server--automatic_dlo_cleanup) +* [`cleanup_timer_interval`](#-puppetdb--server--cleanup_timer_interval) +* [`dlo_max_age`](#-puppetdb--server--dlo_max_age) +* [`java_bin`](#-puppetdb--server--java_bin) + +##### `listen_address` + +Data type: `Any` + + + +Default value: `$puppetdb::params::listen_address` + +##### `listen_port` + +Data type: `Any` + + + +Default value: `$puppetdb::params::listen_port` + +##### `disable_cleartext` + +Data type: `Any` + + + +Default value: `$puppetdb::params::disable_cleartext` + +##### `open_listen_port` + +Data type: `Any` + + + +Default value: `$puppetdb::params::open_listen_port` + +##### `ssl_listen_address` + +Data type: `Any` + + + +Default value: `$puppetdb::params::ssl_listen_address` + +##### `ssl_listen_port` + +Data type: `Any` + + + +Default value: `$puppetdb::params::ssl_listen_port` + +##### `disable_ssl` + +Data type: `Any` + + + +Default value: `$puppetdb::params::disable_ssl` + +##### `open_ssl_listen_port` + +Data type: `Any` + + + +Default value: `$puppetdb::params::open_ssl_listen_port` + +##### `ssl_dir` + +Data type: `Stdlib::Absolutepath` + + + +Default value: `$puppetdb::params::ssl_dir` + +##### `ssl_set_cert_paths` + +Data type: `Boolean` + + + +Default value: `$puppetdb::params::ssl_set_cert_paths` + +##### `ssl_cert_path` + +Data type: `Stdlib::Absolutepath` + + + +Default value: `$puppetdb::params::ssl_cert_path` + +##### `ssl_key_path` + +Data type: `Stdlib::Absolutepath` + + + +Default value: `$puppetdb::params::ssl_key_path` + +##### `ssl_key_pk8_path` + +Data type: `Stdlib::Absolutepath` + + + +Default value: `$puppetdb::params::ssl_key_pk8_path` + +##### `ssl_ca_cert_path` + +Data type: `Stdlib::Absolutepath` + + + +Default value: `$puppetdb::params::ssl_ca_cert_path` + +##### `ssl_deploy_certs` + +Data type: `Boolean` + + + +Default value: `$puppetdb::params::ssl_deploy_certs` + +##### `ssl_key` + +Data type: `Any` + + + +Default value: `$puppetdb::params::ssl_key` + +##### `ssl_cert` + +Data type: `Any` + + + +Default value: `$puppetdb::params::ssl_cert` + +##### `ssl_ca_cert` + +Data type: `Any` + + + +Default value: `$puppetdb::params::ssl_ca_cert` + +##### `ssl_protocols` + +Data type: `Any` + + + +Default value: `$puppetdb::params::ssl_protocols` + +##### `postgresql_ssl_on` + +Data type: `Any` + + + +Default value: `$puppetdb::params::postgresql_ssl_on` + +##### `cipher_suites` + +Data type: `Any` + + + +Default value: `$puppetdb::params::cipher_suites` + +##### `migrate` + +Data type: `Any` + + + +Default value: `$puppetdb::params::migrate` + +##### `database` + +Data type: `Any` + + + +Default value: `$puppetdb::params::database` + +##### `database_host` + +Data type: `Any` + + + +Default value: `$puppetdb::params::database_host` + +##### `database_port` + +Data type: `Any` + + + +Default value: `$puppetdb::params::database_port` + +##### `database_username` + +Data type: `Any` + + + +Default value: `$puppetdb::params::database_username` + +##### `database_password` + +Data type: `Any` + + + +Default value: `$puppetdb::params::database_password` + +##### `database_name` + +Data type: `Any` + + + +Default value: `$puppetdb::params::database_name` + +##### `manage_db_password` + +Data type: `Any` + + + +Default value: `$puppetdb::params::manage_db_password` + +##### `jdbc_ssl_properties` + +Data type: `Any` + + + +Default value: `$puppetdb::params::jdbc_ssl_properties` + +##### `database_validate` + +Data type: `Any` + + + +Default value: `$puppetdb::params::database_validate` + +##### `database_embedded_path` + +Data type: `Any` + + + +Default value: `$puppetdb::params::database_embedded_path` + +##### `node_ttl` + +Data type: `Any` + + + +Default value: `$puppetdb::params::node_ttl` + +##### `node_purge_ttl` + +Data type: `Any` + + + +Default value: `$puppetdb::params::node_purge_ttl` + +##### `report_ttl` + +Data type: `Any` + + + +Default value: `$puppetdb::params::report_ttl` + +##### `facts_blacklist` + +Data type: `Optional[Array]` + + + +Default value: `$puppetdb::params::facts_blacklist` + +##### `gc_interval` + +Data type: `Any` + + + +Default value: `$puppetdb::params::gc_interval` + +##### `node_purge_gc_batch_limit` + +Data type: `Any` + + + +Default value: `$puppetdb::params::node_purge_gc_batch_limit` + +##### `log_slow_statements` + +Data type: `Any` + + + +Default value: `$puppetdb::params::log_slow_statements` + +##### `conn_max_age` + +Data type: `Any` + + + +Default value: `$puppetdb::params::conn_max_age` + +##### `conn_keep_alive` + +Data type: `Any` + + + +Default value: `$puppetdb::params::conn_keep_alive` + +##### `conn_lifetime` + +Data type: `Any` + + + +Default value: `$puppetdb::params::conn_lifetime` + +##### `puppetdb_package` + +Data type: `Any` + + + +Default value: `$puppetdb::params::puppetdb_package` + +##### `puppetdb_service` + +Data type: `Any` + + + +Default value: `$puppetdb::params::puppetdb_service` + +##### `puppetdb_service_status` + +Data type: `Any` + + + +Default value: `$puppetdb::params::puppetdb_service_status` + +##### `puppetdb_user` + +Data type: `Any` + + + +Default value: `$puppetdb::params::puppetdb_user` + +##### `puppetdb_group` + +Data type: `Any` + + + +Default value: `$puppetdb::params::puppetdb_group` + +##### `read_database` + +Data type: `Any` + + + +Default value: `$puppetdb::params::read_database` + +##### `read_database_host` + +Data type: `Any` + + + +Default value: `$puppetdb::params::read_database_host` + +##### `read_database_port` + +Data type: `Any` + + + +Default value: `$puppetdb::params::read_database_port` + +##### `read_database_username` + +Data type: `Any` + + + +Default value: `$puppetdb::params::read_database_username` + +##### `read_database_password` + +Data type: `Any` + + + +Default value: `$puppetdb::params::read_database_password` + +##### `read_database_name` + +Data type: `Any` + + + +Default value: `$puppetdb::params::read_database_name` + +##### `manage_read_db_password` + +Data type: `Any` + + + +Default value: `$puppetdb::params::manage_read_db_password` + +##### `read_database_jdbc_ssl_properties` + +Data type: `Any` + + + +Default value: `$puppetdb::params::read_database_jdbc_ssl_properties` + +##### `read_database_validate` + +Data type: `Any` + + + +Default value: `$puppetdb::params::read_database_validate` + +##### `read_log_slow_statements` + +Data type: `Any` + + + +Default value: `$puppetdb::params::read_log_slow_statements` + +##### `read_conn_max_age` + +Data type: `Any` + + + +Default value: `$puppetdb::params::read_conn_max_age` + +##### `read_conn_keep_alive` + +Data type: `Any` + + + +Default value: `$puppetdb::params::read_conn_keep_alive` + +##### `read_conn_lifetime` + +Data type: `Any` + + + +Default value: `$puppetdb::params::read_conn_lifetime` + +##### `confdir` + +Data type: `Any` + + + +Default value: `$puppetdb::params::confdir` + +##### `vardir` + +Data type: `Any` + + + +Default value: `$puppetdb::params::vardir` + +##### `manage_firewall` + +Data type: `Any` + + + +Default value: `$puppetdb::params::manage_firewall` + +##### `manage_database` + +Data type: `Any` + + + +Default value: `$puppetdb::params::manage_database` + +##### `java_args` + +Data type: `Any` + + + +Default value: `$puppetdb::params::java_args` + +##### `merge_default_java_args` + +Data type: `Any` + + + +Default value: `$puppetdb::params::merge_default_java_args` + +##### `max_threads` + +Data type: `Any` + + + +Default value: `$puppetdb::params::max_threads` + +##### `command_threads` + +Data type: `Any` + + + +Default value: `$puppetdb::params::command_threads` + +##### `concurrent_writes` + +Data type: `Any` + + + +Default value: `$puppetdb::params::concurrent_writes` + +##### `store_usage` + +Data type: `Any` + + + +Default value: `$puppetdb::params::store_usage` + +##### `temp_usage` + +Data type: `Any` + + + +Default value: `$puppetdb::params::temp_usage` + +##### `disable_update_checking` + +Data type: `Any` + + + +Default value: `$puppetdb::params::disable_update_checking` + +##### `certificate_whitelist_file` + +Data type: `Any` + + + +Default value: `$puppetdb::params::certificate_whitelist_file` + +##### `certificate_whitelist` + +Data type: `Any` + + + +Default value: `$puppetdb::params::certificate_whitelist` + +##### `database_max_pool_size` + +Data type: `Any` + + + +Default value: `$puppetdb::params::database_max_pool_size` + +##### `read_database_max_pool_size` + +Data type: `Any` + + + +Default value: `$puppetdb::params::read_database_max_pool_size` + +##### `automatic_dlo_cleanup` + +Data type: `Boolean` + + + +Default value: `$puppetdb::params::automatic_dlo_cleanup` + +##### `cleanup_timer_interval` + +Data type: `String[1]` + + + +Default value: `$puppetdb::params::cleanup_timer_interval` + +##### `dlo_max_age` + +Data type: `Integer[1]` + + + +Default value: `$puppetdb::params::dlo_max_age` + +##### `java_bin` + +Data type: `Optional[Stdlib::Absolutepath]` + + + +Default value: `$puppetdb::params::java_bin` + +### `puppetdb::server::command_processing` + +PRIVATE CLASS - do not use directly + +#### Parameters + +The following parameters are available in the `puppetdb::server::command_processing` class: + +* [`command_threads`](#-puppetdb--server--command_processing--command_threads) +* [`concurrent_writes`](#-puppetdb--server--command_processing--concurrent_writes) +* [`store_usage`](#-puppetdb--server--command_processing--store_usage) +* [`temp_usage`](#-puppetdb--server--command_processing--temp_usage) +* [`confdir`](#-puppetdb--server--command_processing--confdir) + +##### `command_threads` + +Data type: `Any` + + + +Default value: `$puppetdb::params::command_threads` + +##### `concurrent_writes` + +Data type: `Any` + + + +Default value: `$puppetdb::params::concurrent_writes` + +##### `store_usage` + +Data type: `Any` + + + +Default value: `$puppetdb::params::store_usage` + +##### `temp_usage` + +Data type: `Any` + + + +Default value: `$puppetdb::params::temp_usage` + +##### `confdir` + +Data type: `Any` + + + +Default value: `$puppetdb::params::confdir` + +### `puppetdb::server::database` + +PRIVATE CLASS - do not use directly + +#### Parameters + +The following parameters are available in the `puppetdb::server::database` class: + +* [`database`](#-puppetdb--server--database--database) +* [`database_host`](#-puppetdb--server--database--database_host) +* [`database_port`](#-puppetdb--server--database--database_port) +* [`database_username`](#-puppetdb--server--database--database_username) +* [`database_password`](#-puppetdb--server--database--database_password) +* [`database_name`](#-puppetdb--server--database--database_name) +* [`manage_db_password`](#-puppetdb--server--database--manage_db_password) +* [`jdbc_ssl_properties`](#-puppetdb--server--database--jdbc_ssl_properties) +* [`database_validate`](#-puppetdb--server--database--database_validate) +* [`database_embedded_path`](#-puppetdb--server--database--database_embedded_path) +* [`node_ttl`](#-puppetdb--server--database--node_ttl) +* [`node_purge_ttl`](#-puppetdb--server--database--node_purge_ttl) +* [`report_ttl`](#-puppetdb--server--database--report_ttl) +* [`facts_blacklist`](#-puppetdb--server--database--facts_blacklist) +* [`gc_interval`](#-puppetdb--server--database--gc_interval) +* [`node_purge_gc_batch_limit`](#-puppetdb--server--database--node_purge_gc_batch_limit) +* [`log_slow_statements`](#-puppetdb--server--database--log_slow_statements) +* [`conn_max_age`](#-puppetdb--server--database--conn_max_age) +* [`conn_keep_alive`](#-puppetdb--server--database--conn_keep_alive) +* [`conn_lifetime`](#-puppetdb--server--database--conn_lifetime) +* [`confdir`](#-puppetdb--server--database--confdir) +* [`puppetdb_user`](#-puppetdb--server--database--puppetdb_user) +* [`puppetdb_group`](#-puppetdb--server--database--puppetdb_group) +* [`database_max_pool_size`](#-puppetdb--server--database--database_max_pool_size) +* [`migrate`](#-puppetdb--server--database--migrate) +* [`postgresql_ssl_on`](#-puppetdb--server--database--postgresql_ssl_on) +* [`ssl_cert_path`](#-puppetdb--server--database--ssl_cert_path) +* [`ssl_key_pk8_path`](#-puppetdb--server--database--ssl_key_pk8_path) +* [`ssl_ca_cert_path`](#-puppetdb--server--database--ssl_ca_cert_path) + +##### `database` + +Data type: `Any` + + + +Default value: `$puppetdb::params::database` + +##### `database_host` + +Data type: `Any` + + + +Default value: `$puppetdb::params::database_host` + +##### `database_port` + +Data type: `Any` + + + +Default value: `$puppetdb::params::database_port` + +##### `database_username` + +Data type: `Any` + + + +Default value: `$puppetdb::params::database_username` + +##### `database_password` + +Data type: `Any` + + + +Default value: `$puppetdb::params::database_password` + +##### `database_name` + +Data type: `Any` + + + +Default value: `$puppetdb::params::database_name` + +##### `manage_db_password` + +Data type: `Any` + + + +Default value: `$puppetdb::params::manage_db_password` + +##### `jdbc_ssl_properties` + +Data type: `Any` + + + +Default value: `$puppetdb::params::jdbc_ssl_properties` + +##### `database_validate` + +Data type: `Any` + + + +Default value: `$puppetdb::params::database_validate` + +##### `database_embedded_path` + +Data type: `Any` + + + +Default value: `$puppetdb::params::database_embedded_path` + +##### `node_ttl` + +Data type: `Any` + + + +Default value: `$puppetdb::params::node_ttl` + +##### `node_purge_ttl` + +Data type: `Any` + + + +Default value: `$puppetdb::params::node_purge_ttl` + +##### `report_ttl` + +Data type: `Any` + + + +Default value: `$puppetdb::params::report_ttl` + +##### `facts_blacklist` + +Data type: `Any` + + + +Default value: `$puppetdb::params::facts_blacklist` + +##### `gc_interval` + +Data type: `Any` + + + +Default value: `$puppetdb::params::gc_interval` + +##### `node_purge_gc_batch_limit` + +Data type: `Any` + + + +Default value: `$puppetdb::params::node_purge_gc_batch_limit` + +##### `log_slow_statements` + +Data type: `Any` + + + +Default value: `$puppetdb::params::log_slow_statements` + +##### `conn_max_age` + +Data type: `Any` + + + +Default value: `$puppetdb::params::conn_max_age` + +##### `conn_keep_alive` + +Data type: `Any` + + + +Default value: `$puppetdb::params::conn_keep_alive` + +##### `conn_lifetime` + +Data type: `Any` + + + +Default value: `$puppetdb::params::conn_lifetime` + +##### `confdir` + +Data type: `Any` + + + +Default value: `$puppetdb::params::confdir` + +##### `puppetdb_user` + +Data type: `Any` + + + +Default value: `$puppetdb::params::puppetdb_user` + +##### `puppetdb_group` + +Data type: `Any` + + + +Default value: `$puppetdb::params::puppetdb_group` + +##### `database_max_pool_size` + +Data type: `Any` + + + +Default value: `$puppetdb::params::database_max_pool_size` + +##### `migrate` + +Data type: `Any` + + + +Default value: `$puppetdb::params::migrate` + +##### `postgresql_ssl_on` + +Data type: `Any` + + + +Default value: `$puppetdb::params::postgresql_ssl_on` + +##### `ssl_cert_path` + +Data type: `Any` + + + +Default value: `$puppetdb::params::ssl_cert_path` + +##### `ssl_key_pk8_path` + +Data type: `Any` + + + +Default value: `$puppetdb::params::ssl_key_pk8_path` + +##### `ssl_ca_cert_path` + +Data type: `Any` + + + +Default value: `$puppetdb::params::ssl_ca_cert_path` + +### `puppetdb::server::firewall` + +PRIVATE CLASS - do not use directly + +#### Parameters + +The following parameters are available in the `puppetdb::server::firewall` class: + +* [`http_port`](#-puppetdb--server--firewall--http_port) +* [`open_http_port`](#-puppetdb--server--firewall--open_http_port) +* [`ssl_port`](#-puppetdb--server--firewall--ssl_port) +* [`open_ssl_port`](#-puppetdb--server--firewall--open_ssl_port) + +##### `http_port` + +Data type: `Any` + + + +Default value: `$puppetdb::params::listen_port` + +##### `open_http_port` + +Data type: `Any` + + + +Default value: `$puppetdb::params::open_listen_port` + +##### `ssl_port` + +Data type: `Any` + + + +Default value: `$puppetdb::params::ssl_listen_port` + +##### `open_ssl_port` + +Data type: `Any` + + + +Default value: `$puppetdb::params::open_ssl_listen_port` + +### `puppetdb::server::global` + +PRIVATE CLASS - do not use directly + +#### Parameters + +The following parameters are available in the `puppetdb::server::global` class: + +* [`vardir`](#-puppetdb--server--global--vardir) +* [`confdir`](#-puppetdb--server--global--confdir) +* [`puppetdb_group`](#-puppetdb--server--global--puppetdb_group) + +##### `vardir` + +Data type: `Any` + + + +Default value: `$puppetdb::params::vardir` + +##### `confdir` + +Data type: `Any` + + + +Default value: `$puppetdb::params::confdir` + +##### `puppetdb_group` + +Data type: `Any` + + + +Default value: `$puppetdb::params::puppetdb_group` + +### `puppetdb::server::jetty` + +PRIVATE CLASS - do not use directly + +#### Parameters + +The following parameters are available in the `puppetdb::server::jetty` class: + +* [`listen_address`](#-puppetdb--server--jetty--listen_address) +* [`listen_port`](#-puppetdb--server--jetty--listen_port) +* [`disable_cleartext`](#-puppetdb--server--jetty--disable_cleartext) +* [`ssl_listen_address`](#-puppetdb--server--jetty--ssl_listen_address) +* [`ssl_listen_port`](#-puppetdb--server--jetty--ssl_listen_port) +* [`disable_ssl`](#-puppetdb--server--jetty--disable_ssl) +* [`ssl_set_cert_paths`](#-puppetdb--server--jetty--ssl_set_cert_paths) +* [`ssl_cert_path`](#-puppetdb--server--jetty--ssl_cert_path) +* [`ssl_key_path`](#-puppetdb--server--jetty--ssl_key_path) +* [`ssl_ca_cert_path`](#-puppetdb--server--jetty--ssl_ca_cert_path) +* [`ssl_protocols`](#-puppetdb--server--jetty--ssl_protocols) +* [`cipher_suites`](#-puppetdb--server--jetty--cipher_suites) +* [`confdir`](#-puppetdb--server--jetty--confdir) +* [`max_threads`](#-puppetdb--server--jetty--max_threads) +* [`puppetdb_user`](#-puppetdb--server--jetty--puppetdb_user) +* [`puppetdb_group`](#-puppetdb--server--jetty--puppetdb_group) + +##### `listen_address` + +Data type: `Any` + + + +Default value: `$puppetdb::params::listen_address` + +##### `listen_port` + +Data type: `Any` + + + +Default value: `$puppetdb::params::listen_port` + +##### `disable_cleartext` + +Data type: `Any` + + + +Default value: `$puppetdb::params::disable_cleartext` + +##### `ssl_listen_address` + +Data type: `Any` + + + +Default value: `$puppetdb::params::ssl_listen_address` + +##### `ssl_listen_port` + +Data type: `Any` + + + +Default value: `$puppetdb::params::ssl_listen_port` + +##### `disable_ssl` + +Data type: `Any` + + + +Default value: `$puppetdb::params::disable_ssl` + +##### `ssl_set_cert_paths` + +Data type: `Boolean` + + + +Default value: `$puppetdb::params::ssl_set_cert_paths` + +##### `ssl_cert_path` + +Data type: `Any` + + + +Default value: `$puppetdb::params::ssl_cert_path` + +##### `ssl_key_path` + +Data type: `Any` + + + +Default value: `$puppetdb::params::ssl_key_path` + +##### `ssl_ca_cert_path` + +Data type: `Any` + + + +Default value: `$puppetdb::params::ssl_ca_cert_path` + +##### `ssl_protocols` + +Data type: `Optional[String]` + + + +Default value: `$puppetdb::params::ssl_protocols` + +##### `cipher_suites` + +Data type: `Optional[String]` + + + +Default value: `$puppetdb::params::cipher_suites` + +##### `confdir` + +Data type: `Any` + + + +Default value: `$puppetdb::params::confdir` + +##### `max_threads` + +Data type: `Any` + + + +Default value: `$puppetdb::params::max_threads` + +##### `puppetdb_user` + +Data type: `Any` + + + +Default value: `$puppetdb::params::puppetdb_user` + +##### `puppetdb_group` + +Data type: `Any` + + + +Default value: `$puppetdb::params::puppetdb_group` + +### `puppetdb::server::puppetdb` + +PRIVATE CLASS - do not use directly + +#### Parameters + +The following parameters are available in the `puppetdb::server::puppetdb` class: + +* [`certificate_whitelist_file`](#-puppetdb--server--puppetdb--certificate_whitelist_file) +* [`certificate_whitelist`](#-puppetdb--server--puppetdb--certificate_whitelist) +* [`disable_update_checking`](#-puppetdb--server--puppetdb--disable_update_checking) +* [`confdir`](#-puppetdb--server--puppetdb--confdir) +* [`puppetdb_user`](#-puppetdb--server--puppetdb--puppetdb_user) +* [`puppetdb_group`](#-puppetdb--server--puppetdb--puppetdb_group) + +##### `certificate_whitelist_file` + +Data type: `Any` + + + +Default value: `$puppetdb::params::certificate_whitelist_file` + +##### `certificate_whitelist` + +Data type: `Any` + + + +Default value: `$puppetdb::params::certificate_whitelist` + +##### `disable_update_checking` + +Data type: `Any` + + + +Default value: `$puppetdb::params::disable_update_checking` + +##### `confdir` + +Data type: `Any` + + + +Default value: `$puppetdb::params::confdir` + +##### `puppetdb_user` + +Data type: `Any` + + + +Default value: `$puppetdb::params::puppetdb_user` + +##### `puppetdb_group` + +Data type: `Any` + + + +Default value: `$puppetdb::params::puppetdb_group` + +### `puppetdb::server::read_database` + +PRIVATE CLASS - do not use directly + +#### Parameters + +The following parameters are available in the `puppetdb::server::read_database` class: + +* [`read_database`](#-puppetdb--server--read_database--read_database) +* [`read_database_host`](#-puppetdb--server--read_database--read_database_host) +* [`read_database_port`](#-puppetdb--server--read_database--read_database_port) +* [`read_database_username`](#-puppetdb--server--read_database--read_database_username) +* [`read_database_password`](#-puppetdb--server--read_database--read_database_password) +* [`read_database_name`](#-puppetdb--server--read_database--read_database_name) +* [`manage_db_password`](#-puppetdb--server--read_database--manage_db_password) +* [`jdbc_ssl_properties`](#-puppetdb--server--read_database--jdbc_ssl_properties) +* [`database_validate`](#-puppetdb--server--read_database--database_validate) +* [`log_slow_statements`](#-puppetdb--server--read_database--log_slow_statements) +* [`conn_max_age`](#-puppetdb--server--read_database--conn_max_age) +* [`conn_keep_alive`](#-puppetdb--server--read_database--conn_keep_alive) +* [`conn_lifetime`](#-puppetdb--server--read_database--conn_lifetime) +* [`confdir`](#-puppetdb--server--read_database--confdir) +* [`puppetdb_user`](#-puppetdb--server--read_database--puppetdb_user) +* [`puppetdb_group`](#-puppetdb--server--read_database--puppetdb_group) +* [`database_max_pool_size`](#-puppetdb--server--read_database--database_max_pool_size) +* [`postgresql_ssl_on`](#-puppetdb--server--read_database--postgresql_ssl_on) +* [`ssl_cert_path`](#-puppetdb--server--read_database--ssl_cert_path) +* [`ssl_key_pk8_path`](#-puppetdb--server--read_database--ssl_key_pk8_path) +* [`ssl_ca_cert_path`](#-puppetdb--server--read_database--ssl_ca_cert_path) + +##### `read_database` + +Data type: `Any` + + + +Default value: `$puppetdb::params::read_database` + +##### `read_database_host` + +Data type: `Any` + + + +Default value: `$puppetdb::params::read_database_host` + +##### `read_database_port` + +Data type: `Any` + + + +Default value: `$puppetdb::params::read_database_port` + +##### `read_database_username` + +Data type: `Any` + + + +Default value: `$puppetdb::params::read_database_username` + +##### `read_database_password` + +Data type: `Any` + + + +Default value: `$puppetdb::params::read_database_password` + +##### `read_database_name` + +Data type: `Any` + + + +Default value: `$puppetdb::params::read_database_name` + +##### `manage_db_password` + +Data type: `Any` + + + +Default value: `$puppetdb::params::manage_read_db_password` + +##### `jdbc_ssl_properties` + +Data type: `Any` + + + +Default value: `$puppetdb::params::read_database_jdbc_ssl_properties` + +##### `database_validate` + +Data type: `Any` + + + +Default value: `$puppetdb::params::read_database_validate` + +##### `log_slow_statements` + +Data type: `Any` + + + +Default value: `$puppetdb::params::read_log_slow_statements` + +##### `conn_max_age` + +Data type: `Any` + + + +Default value: `$puppetdb::params::read_conn_max_age` + +##### `conn_keep_alive` + +Data type: `Any` + + + +Default value: `$puppetdb::params::read_conn_keep_alive` + +##### `conn_lifetime` + +Data type: `Any` + + + +Default value: `$puppetdb::params::read_conn_lifetime` + +##### `confdir` + +Data type: `Any` + + + +Default value: `$puppetdb::params::confdir` + +##### `puppetdb_user` + +Data type: `Any` + + + +Default value: `$puppetdb::params::puppetdb_user` + +##### `puppetdb_group` + +Data type: `Any` + + + +Default value: `$puppetdb::params::puppetdb_group` + +##### `database_max_pool_size` + +Data type: `Any` + + + +Default value: `$puppetdb::params::read_database_max_pool_size` + +##### `postgresql_ssl_on` + +Data type: `Any` + + + +Default value: `$puppetdb::params::postgresql_ssl_on` + +##### `ssl_cert_path` + +Data type: `Any` + + + +Default value: `$puppetdb::params::ssl_cert_path` + +##### `ssl_key_pk8_path` + +Data type: `Any` + + + +Default value: `$puppetdb::params::ssl_key_pk8_path` + +##### `ssl_ca_cert_path` + +Data type: `Any` + + + +Default value: `$puppetdb::params::ssl_ca_cert_path` + +### `puppetdb::server::validate_db` + +This validates a database connection. See README.md for more details. + +#### Parameters + +The following parameters are available in the `puppetdb::server::validate_db` class: + +* [`database`](#-puppetdb--server--validate_db--database) +* [`database_host`](#-puppetdb--server--validate_db--database_host) +* [`database_port`](#-puppetdb--server--validate_db--database_port) +* [`database_username`](#-puppetdb--server--validate_db--database_username) +* [`database_password`](#-puppetdb--server--validate_db--database_password) +* [`database_name`](#-puppetdb--server--validate_db--database_name) +* [`jdbc_ssl_properties`](#-puppetdb--server--validate_db--jdbc_ssl_properties) + +##### `database` + +Data type: `Any` + + + +Default value: `$puppetdb::params::database` + +##### `database_host` + +Data type: `Any` + + + +Default value: `$puppetdb::params::database_host` + +##### `database_port` + +Data type: `Any` + + + +Default value: `$puppetdb::params::database_port` + +##### `database_username` + +Data type: `Any` + + + +Default value: `$puppetdb::params::database_username` + +##### `database_password` + +Data type: `Any` + + + +Default value: `$puppetdb::params::database_password` + +##### `database_name` + +Data type: `Any` + + + +Default value: `$puppetdb::params::database_name` + +##### `jdbc_ssl_properties` + +Data type: `Any` + + + +Default value: `$puppetdb::params::jdbc_ssl_properties` + +### `puppetdb::server::validate_read_db` + +This validates a database connection. See README.md for more details. + +#### Parameters + +The following parameters are available in the `puppetdb::server::validate_read_db` class: + +* [`database`](#-puppetdb--server--validate_read_db--database) +* [`database_host`](#-puppetdb--server--validate_read_db--database_host) +* [`database_port`](#-puppetdb--server--validate_read_db--database_port) +* [`database_username`](#-puppetdb--server--validate_read_db--database_username) +* [`database_password`](#-puppetdb--server--validate_read_db--database_password) +* [`database_name`](#-puppetdb--server--validate_read_db--database_name) +* [`jdbc_ssl_properties`](#-puppetdb--server--validate_read_db--jdbc_ssl_properties) + +##### `database` + +Data type: `Any` + + + +Default value: `$puppetdb::params::database` + +##### `database_host` + +Data type: `Any` + + + +Default value: `$puppetdb::params::database_host` + +##### `database_port` + +Data type: `Any` + + + +Default value: `$puppetdb::params::database_port` + +##### `database_username` + +Data type: `Any` + + + +Default value: `$puppetdb::params::database_username` + +##### `database_password` + +Data type: `Any` + + + +Default value: `$puppetdb::params::database_password` + +##### `database_name` + +Data type: `Any` + + + +Default value: `$puppetdb::params::database_name` + +##### `jdbc_ssl_properties` + +Data type: `Any` + + + +Default value: `$puppetdb::params::jdbc_ssl_properties` + +## Defined types + +### `puppetdb::database::default_read_grant` + +Private class. Grant read permissions to $database_read_only_username by default, for new tables created by +$database_username. + +#### Parameters + +The following parameters are available in the `puppetdb::database::default_read_grant` defined type: + +* [`database_name`](#-puppetdb--database--default_read_grant--database_name) +* [`schema`](#-puppetdb--database--default_read_grant--schema) +* [`database_username`](#-puppetdb--database--default_read_grant--database_username) +* [`database_read_only_username`](#-puppetdb--database--default_read_grant--database_read_only_username) + +##### `database_name` + +Data type: `String` + + + +##### `schema` + +Data type: `String` + + + +##### `database_username` + +Data type: `String` + + + +##### `database_read_only_username` + +Data type: `String` + + + +### `puppetdb::database::postgresql_ssl_rules` + +Private class for configuring the pg_ident.conf and pg_hba.conf files + +#### Parameters + +The following parameters are available in the `puppetdb::database::postgresql_ssl_rules` defined type: + +* [`database_name`](#-puppetdb--database--postgresql_ssl_rules--database_name) +* [`database_username`](#-puppetdb--database--postgresql_ssl_rules--database_username) +* [`puppetdb_server`](#-puppetdb--database--postgresql_ssl_rules--puppetdb_server) + +##### `database_name` + +Data type: `String` + + + +##### `database_username` + +Data type: `String` + + + +##### `puppetdb_server` + +Data type: `String` + + + +### `puppetdb::database::read_grant` + +Private class. Grant read-only permissions to $database_read_only_username for all objects in $schema of +$database_name + +#### Parameters + +The following parameters are available in the `puppetdb::database::read_grant` defined type: + +* [`database_name`](#-puppetdb--database--read_grant--database_name) +* [`schema`](#-puppetdb--database--read_grant--schema) +* [`database_read_only_username`](#-puppetdb--database--read_grant--database_read_only_username) + +##### `database_name` + +Data type: `String` + + + +##### `schema` + +Data type: `String` + + + +##### `database_read_only_username` + +Data type: `String` + + + +### `puppetdb::database::read_only_user` + +The puppetdb::database::read_only_user class. + +#### Parameters + +The following parameters are available in the `puppetdb::database::read_only_user` defined type: + +* [`read_database_username`](#-puppetdb--database--read_only_user--read_database_username) +* [`database_name`](#-puppetdb--database--read_only_user--database_name) +* [`database_owner`](#-puppetdb--database--read_only_user--database_owner) +* [`password_hash`](#-puppetdb--database--read_only_user--password_hash) + +##### `read_database_username` + +Data type: `String` + + + +##### `database_name` + +Data type: `String` + + + +##### `database_owner` + +Data type: `String` + + + +##### `password_hash` + +Data type: `Variant[String, Boolean]` + + + +Default value: `false` + +## Resource types + +### `puppetdb_conn_validator` + +Verify that a connection can be successfully established between a node +and the puppetdb server. Its primary use is as a precondition to +prevent configuration changes from being applied if the puppetdb +server cannot be reached, but it could potentially be used for other +purposes such as monitoring. + +#### Properties + +The following properties are available in the `puppetdb_conn_validator` type. + +##### `ensure` + +Valid values: `present`, `absent` + +The basic property that the resource should be in. + +Default value: `present` + +#### Parameters + +The following parameters are available in the `puppetdb_conn_validator` type. + +* [`name`](#-puppetdb_conn_validator--name) +* [`provider`](#-puppetdb_conn_validator--provider) +* [`puppetdb_port`](#-puppetdb_conn_validator--puppetdb_port) +* [`puppetdb_server`](#-puppetdb_conn_validator--puppetdb_server) +* [`test_url`](#-puppetdb_conn_validator--test_url) +* [`timeout`](#-puppetdb_conn_validator--timeout) +* [`use_ssl`](#-puppetdb_conn_validator--use_ssl) + +##### `name` + +namevar + +An arbitrary name used as the identity of the resource. + +##### `provider` + +The specific backend to use for this `puppetdb_conn_validator` resource. You will seldom need to specify this --- Puppet +will usually discover the appropriate provider for your platform. + +##### `puppetdb_port` + +The port that the puppetdb server should be listening on. + +##### `puppetdb_server` + +The DNS name or IP address of the server where puppetdb should be running. + +##### `test_url` + +URL to use for testing if the PuppetDB database is up + +##### `timeout` + +The max number of seconds that the validator should wait before giving up and deciding that puppetdb is not running; +defaults to 15 seconds. + +Default value: `15` + +##### `use_ssl` + +Whether the connection will be attempted using https + +Default value: `true` + +## Functions + +### `puppetdb::create_subsetting_resource_hash` + +Type: Ruby 4.x API + +The puppetdb::create_subsetting_resource_hash function. + +#### `puppetdb::create_subsetting_resource_hash(Hash $java_args, Any $params)` + +The puppetdb::create_subsetting_resource_hash function. + +Returns: `Any` + +##### `java_args` + +Data type: `Hash` + + + +##### `params` + +Data type: `Any` + + + +### `puppetdb::flatten_java_args` + +Type: Ruby 4.x API + +The puppetdb::flatten_java_args function. + +#### `puppetdb::flatten_java_args(Optional[Hash] $java_args)` + +The puppetdb::flatten_java_args function. + +Returns: `String` + +##### `java_args` + +Data type: `Optional[Hash]` + + + +## Data types + +### `Puppetdb::Ttl` + +The Puppetdb::Ttl data type. + +Alias of `Pattern[/^\d+(d|h|m|s|ms)$/]` + +## Tasks + +### `lxd_exp` + +Provision/Tear down a machine on LXD + +**Supports noop?** false + +#### Parameters + +##### `action` + +Data type: `Enum[provision, tear_down]` + +Action to perform, tear_down or provision + +##### `inventory` + +Data type: `Optional[String[1]]` + +Location of the inventory file + +##### `node_name` + +Data type: `Optional[String[1]]` + +The name of the node + +##### `platform` + +Data type: `Optional[String[1]]` + +Platform to provision, eg ubuntu:14.04 + +##### `vars` + +Data type: `Optional[String[1]]` + +YAML string of key/value pairs to add to the inventory vars section + From 6663970cdd55b1914d10fadb54edc26dfed849c2 Mon Sep 17 00:00:00 2001 From: Jeffrey Clark Date: Tue, 30 Jan 2024 16:14:26 -0600 Subject: [PATCH 31/97] cleanup fixtures leaving firewall and postgres pinned for now because they are a hard requirement until the code is updated. --- .fixtures.yml | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) diff --git a/.fixtures.yml b/.fixtures.yml index 49dda66c..193e0054 100644 --- a/.fixtures.yml +++ b/.fixtures.yml @@ -5,21 +5,15 @@ fixtures: stdlib: 'https://github.com/puppetlabs/puppetlabs-stdlib.git' apt: 'https://github.com/puppetlabs/puppetlabs-apt.git' concat: 'https://github.com/puppetlabs/puppetlabs-concat.git' - file_concat: 'https://github.com/electrical/puppet-lib-file_concat.git' systemd: 'https://github.com/camptocamp/puppet-systemd.git' - cron: 'https://github.com/voxpupuli/puppet-cron.git' provision: 'https://github.com/puppetlabs/provision.git' puppet_agent: 'https://github.com/puppetlabs/puppetlabs-puppet_agent.git' facts: 'https://github.com/puppetlabs/puppetlabs-facts.git' - cron_core: - repo: https://github.com/puppetlabs/puppetlabs-cron_core.git - puppet_version: ">= 6.0.0" - yumrepo_core: - repo: https://github.com/puppetlabs/puppetlabs-yumrepo_core.git - puppet_version: ">= 6.0.0" - augeas_core: - repo: https://github.com/puppetlabs/puppetlabs-augeas_core.git - puppet_version: ">= 6.0.0" + cron_core: 'https://github.com/puppetlabs/puppetlabs-cron_core.git' + yumrepo_core: 'https://github.com/puppetlabs/puppetlabs-yumrepo_core.git' + augeas_core: 'https://github.com/puppetlabs/puppetlabs-augeas_core.git' + postgresql: 'https://github.com/puppetlabs/puppetlabs-postgresql.git' + firewall: 'https://github.com/puppetlabs/puppetlabs-firewall.git' forge_modules: postgresql: repo: 'puppetlabs/postgresql' From dda29bcdde5854c407226b8c63905b4fad798ba4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Romain=20Tarti=C3=A8re?= Date: Mon, 7 Feb 2022 09:24:50 -1000 Subject: [PATCH 32/97] (maint) Fix puppet_service_name on FreeBSD --- manifests/params.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/params.pp b/manifests/params.pp index f813596e..982d3e03 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -129,7 +129,7 @@ 'FreeBSD': { $etcdir = '/usr/local/etc/puppetlabs/puppetdb' $puppet_confdir = pick($puppetdb::globals::puppet_confdir,'/usr/local/etc/puppetlabs/puppet') - $puppet_service_name = undef + $puppet_service_name = 'puppetserver' } default: { fail("The fact 'os.family' is set to ${fact('os.family')} which is not supported by the puppetdb module.") From 8b6b926cbb297e66769ae4380f2025f4dd630f65 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Romain=20Tarti=C3=A8re?= Date: Mon, 7 Feb 2022 09:36:14 -1000 Subject: [PATCH 33/97] (maint) Fix path to configuration files on FreeBSD The FreeBSD ports install PuppetDB configuration in /usr/local/etc/puppetdb. --- manifests/params.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/params.pp b/manifests/params.pp index 982d3e03..622b96c8 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -127,8 +127,8 @@ $puppet_service_name = undef } 'FreeBSD': { - $etcdir = '/usr/local/etc/puppetlabs/puppetdb' - $puppet_confdir = pick($puppetdb::globals::puppet_confdir,'/usr/local/etc/puppetlabs/puppet') + $etcdir = '/usr/local/etc/puppetdb' + $puppet_confdir = pick($puppetdb::globals::puppet_confdir,'/usr/local/etc/puppet') $puppet_service_name = 'puppetserver' } default: { From 3a662dfa5d6deb521cefa25d1974a2d46eb1a8e0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Romain=20Tarti=C3=A8re?= Date: Mon, 7 Feb 2022 10:45:06 -1000 Subject: [PATCH 34/97] (maint) Fix vardir on FreeBSD The OpenBSD path is kept unchanged but I suspect this is not the actual directory on this platform. --- manifests/params.pp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/manifests/params.pp b/manifests/params.pp index 622b96c8..dc63a654 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -120,16 +120,19 @@ $etcdir = '/etc/puppetlabs/puppetdb' $puppet_confdir = pick($puppetdb::globals::puppet_confdir,'/etc/puppetlabs/puppet') $puppet_service_name = 'puppetserver' + $vardir = '/opt/puppetlabs/server/data/puppetdb' } 'OpenBSD': { $etcdir = '/etc/puppetlabs/puppetdb' $puppet_confdir = pick($puppetdb::globals::puppet_confdir,'/etc/puppetlabs/puppet') $puppet_service_name = undef + $vardir = '/opt/puppetlabs/server/data/puppetdb' } 'FreeBSD': { $etcdir = '/usr/local/etc/puppetdb' $puppet_confdir = pick($puppetdb::globals::puppet_confdir,'/usr/local/etc/puppet') $puppet_service_name = 'puppetserver' + $vardir = '/var/db/puppetdb' } default: { fail("The fact 'os.family' is set to ${fact('os.family')} which is not supported by the puppetdb module.") @@ -137,7 +140,6 @@ } $terminus_package = 'puppetdb-termini' $test_url = '/pdb/meta/v1/version' - $vardir = '/opt/puppetlabs/server/data/puppetdb' $database_embedded_path = "${vardir}/db/db" } From b85c2d863046a2908f8c8e4d08b86ca95cb75a3d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Romain=20Tarti=C3=A8re?= Date: Mon, 7 Feb 2022 09:32:13 -1000 Subject: [PATCH 35/97] (maint) Fix puppetdb package names on FreeBSD FreeBSD ships with all current versions of puppet and make packages available with the major version as part of the package name, e.g. puppet7, puppetserver8, puppetdb7, puppetdb-terminus8. Gather the major from the user specified version if available, or default to the latest version if not specified to build actual package names. --- manifests/params.pp | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/manifests/params.pp b/manifests/params.pp index dc63a654..50681de0 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -31,6 +31,12 @@ $postgres_version = '9.6' } + $puppetdb_major_version = $puppetdb_version ? { + 'latest' => '8', + 'present' => '8', + default => $puppetdb_version.split('.')[0], + } + # The remaining database settings are not used for an embedded database $database_host = 'localhost' $database_port = '5432' @@ -81,13 +87,14 @@ $java_args = {} $merge_default_java_args = true - $puppetdb_package = 'puppetdb' $puppetdb_service = 'puppetdb' $masterless = false if !($puppetdb_version in ['latest','present','absent']) and versioncmp($puppetdb_version, '3.0.0') < 0 { case fact('os.family') { 'RedHat', 'Suse', 'Archlinux','Debian': { + $puppetdb_package = 'puppetdb' + $terminus_package = 'puppetdb-terminus' $etcdir = '/etc/puppetdb' $vardir = '/var/lib/puppetdb' $database_embedded_path = "${vardir}/db/db" @@ -95,6 +102,8 @@ $puppet_service_name = 'puppetmaster' } 'OpenBSD': { + $puppetdb_package = 'puppetdb' + $terminus_package = 'puppetdb-terminus' $etcdir = '/etc/puppetdb' $vardir = '/var/db/puppetdb' $database_embedded_path = "${vardir}/db/db" @@ -102,6 +111,8 @@ $puppet_service_name = 'puppetmasterd' } 'FreeBSD': { + $puppetdb_package = inline_epp('puppetdb<%= $puppetdb::params::puppetdb_major_version %>') + $terminus_package = inline_epp('puppetdb-terminus<%= $puppetdb::params::puppetdb_major_version %>') $etcdir = '/usr/local/etc/puppetdb' $vardir = '/var/db/puppetdb' $database_embedded_path = "${vardir}/db/db" @@ -112,23 +123,28 @@ fail("The fact 'os.family' is set to ${fact('os.family')} which is not supported by the puppetdb module.") } } - $terminus_package = 'puppetdb-terminus' $test_url = '/v3/version' } else { case fact('os.family') { 'RedHat', 'Suse', 'Archlinux','Debian': { + $puppetdb_package = 'puppetdb' + $terminus_package = 'puppetdb-termini' $etcdir = '/etc/puppetlabs/puppetdb' $puppet_confdir = pick($puppetdb::globals::puppet_confdir,'/etc/puppetlabs/puppet') $puppet_service_name = 'puppetserver' $vardir = '/opt/puppetlabs/server/data/puppetdb' } 'OpenBSD': { + $puppetdb_package = 'puppetdb' + $terminus_package = 'puppetdb-termini' $etcdir = '/etc/puppetlabs/puppetdb' $puppet_confdir = pick($puppetdb::globals::puppet_confdir,'/etc/puppetlabs/puppet') $puppet_service_name = undef $vardir = '/opt/puppetlabs/server/data/puppetdb' } 'FreeBSD': { + $puppetdb_package = inline_epp('puppetdb<%= $puppetdb::params::puppetdb_major_version %>') + $terminus_package = inline_epp('puppetdb-terminus<%= $puppetdb::params::puppetdb_major_version %>') $etcdir = '/usr/local/etc/puppetdb' $puppet_confdir = pick($puppetdb::globals::puppet_confdir,'/usr/local/etc/puppet') $puppet_service_name = 'puppetserver' @@ -138,7 +154,6 @@ fail("The fact 'os.family' is set to ${fact('os.family')} which is not supported by the puppetdb module.") } } - $terminus_package = 'puppetdb-termini' $test_url = '/pdb/meta/v1/version' $database_embedded_path = "${vardir}/db/db" } From aeaa7c903c53c2ff9a4f009340fec801e86e2626 Mon Sep 17 00:00:00 2001 From: Jeffrey Clark Date: Wed, 31 Jan 2024 09:21:45 -0600 Subject: [PATCH 36/97] update acceptance testing and add workflow --- .fixtures.yml | 9 +- .github/workflows/ci.yml | 41 +++++- .github/workflows/matrix.yml | 49 +++++++ .github/workflows/module_acceptance.yml | 127 ++++++++++++++++++ .github/workflows/module_ci.yml | 86 ------------ .github/workflows/module_spec.yml | 88 ++++++++++++ .nodeset.yml | 45 ------- provision.yaml | 28 ++++ rakelib/common.rake | 2 + rakelib/litmus.rake | 40 ++++++ spec/acceptance/basic_spec.rb | 110 --------------- spec/acceptance/nodesets/centos-510-x64.yml | 10 -- spec/acceptance/nodesets/centos-59-x64.yml | 10 -- spec/acceptance/nodesets/centos-64-x64-pe.yml | 12 -- spec/acceptance/nodesets/centos-64-x64.yml | 10 -- spec/acceptance/nodesets/debian-607-x64.yml | 10 -- spec/acceptance/nodesets/debian-73-x64.yml | 10 -- spec/acceptance/nodesets/default.yml | 10 -- spec/acceptance/nodesets/docker/centos-7.yml | 13 -- spec/acceptance/nodesets/docker/debian-8.yml | 12 -- .../nodesets/docker/ubuntu-14.04.yml | 20 --- .../nodesets/ubuntu-server-10044-x64.yml | 10 -- .../nodesets/ubuntu-server-12042-x64.yml | 10 -- spec/acceptance/standalone_spec.rb | 109 +++++++++++++++ spec/spec_helper_acceptance_local.rb | 23 ++++ spec/support/acceptance/shared/puppetdb.rb | 62 +++++++++ .../support/acceptance/shared/puppetserver.pp | 78 +++++++++++ .../support/acceptance/shared/puppetserver.rb | 9 ++ 28 files changed, 659 insertions(+), 384 deletions(-) create mode 100644 .github/workflows/matrix.yml create mode 100644 .github/workflows/module_acceptance.yml delete mode 100644 .github/workflows/module_ci.yml create mode 100644 .github/workflows/module_spec.yml delete mode 100644 .nodeset.yml create mode 100644 provision.yaml create mode 100644 rakelib/litmus.rake delete mode 100644 spec/acceptance/basic_spec.rb delete mode 100644 spec/acceptance/nodesets/centos-510-x64.yml delete mode 100644 spec/acceptance/nodesets/centos-59-x64.yml delete mode 100644 spec/acceptance/nodesets/centos-64-x64-pe.yml delete mode 100644 spec/acceptance/nodesets/centos-64-x64.yml delete mode 100644 spec/acceptance/nodesets/debian-607-x64.yml delete mode 100644 spec/acceptance/nodesets/debian-73-x64.yml delete mode 100755 spec/acceptance/nodesets/default.yml delete mode 100644 spec/acceptance/nodesets/docker/centos-7.yml delete mode 100644 spec/acceptance/nodesets/docker/debian-8.yml delete mode 100644 spec/acceptance/nodesets/docker/ubuntu-14.04.yml delete mode 100644 spec/acceptance/nodesets/ubuntu-server-10044-x64.yml delete mode 100644 spec/acceptance/nodesets/ubuntu-server-12042-x64.yml create mode 100644 spec/acceptance/standalone_spec.rb create mode 100644 spec/spec_helper_acceptance_local.rb create mode 100644 spec/support/acceptance/shared/puppetdb.rb create mode 100644 spec/support/acceptance/shared/puppetserver.pp create mode 100644 spec/support/acceptance/shared/puppetserver.rb diff --git a/.fixtures.yml b/.fixtures.yml index 193e0054..3482bac5 100644 --- a/.fixtures.yml +++ b/.fixtures.yml @@ -14,12 +14,11 @@ fixtures: augeas_core: 'https://github.com/puppetlabs/puppetlabs-augeas_core.git' postgresql: 'https://github.com/puppetlabs/puppetlabs-postgresql.git' firewall: 'https://github.com/puppetlabs/puppetlabs-firewall.git' - forge_modules: postgresql: - repo: 'puppetlabs/postgresql' - ref: "9.2.0" + repo: 'https://github.com/puppetlabs/puppetlabs-postgresql.git' + ref: 'v9.2.0' firewall: - repo: 'puppetlabs/firewall' - ref: "6.0.0" + repo: 'https://github.com/puppetlabs/puppetlabs-firewall.git' + ref: 'v6.0.0' symlinks: puppetdb: '#{source_dir}' diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1983ccc0..97c5f5a9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -2,6 +2,10 @@ name: "ci" on: pull_request: + types: + - opened + - labeled + - synchronize branches: - "main" paths-ignore: @@ -11,12 +15,47 @@ on: - 'CODEOWNERS' - 'AUTHORS' workflow_dispatch: + inputs: + debug: + description: "Debug" + type: boolean + required: false + default: true + run_spec: + description: "Run Spec job" + type: boolean + required: false + default: true + run_acceptance: + description: "Run Acceptance job" + type: boolean + required: false + default: false concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true jobs: + Matrix: + uses: ./.github/workflows/matrix.yml + with: + flags: "--exclude-platforms '[\"Ubuntu-18.04\"]'" # TODO: remove after postgres module update Spec: - uses: ./.github/workflows/module_ci.yml + if: ${{ github.event_name == 'pull_request' || inputs.run_spec == 'true' }} + needs: Matrix + uses: ./.github/workflows/module_spec.yml secrets: inherit + with: + debug: ${{ github.events.inputs.debug == 'true' || contains(github.event.pull_request.labels.*.name, 'debug') }} + ignore_dependency_check: true # TODO: remove after module updates + matrix: ${{ needs.Matrix.outputs.spec_matrix }} + Acceptance: + if: ${{ github.event_name == 'pull_request' || inputs.run_acceptance == 'true' }} + needs: [ Matrix, Spec ] + uses: ./.github/workflows/module_acceptance.yml + secrets: inherit + with: + debug: ${{ github.events.inputs.debug == 'true' || contains(github.event.pull_request.labels.*.name, 'debug') }} + matrix: ${{ needs.Matrix.outputs.acceptance_matrix }} + runs_on: ubuntu-20.04 # TODO: cgroupv1 containers do not provision on ubuntu-latest diff --git a/.github/workflows/matrix.yml b/.github/workflows/matrix.yml new file mode 100644 index 00000000..ee9fdfaf --- /dev/null +++ b/.github/workflows/matrix.yml @@ -0,0 +1,49 @@ +--- +on: + workflow_call: + inputs: + runs_on: + description: "The operating system used for the runner." + required: false + default: "ubuntu-latest" + type: "string" + flags: + description: "Additional flags to pass to matrix_from_metadata_v2." + required: false + default: '' + type: "string" + outputs: + spec_matrix: + description: "Spec matrix from metadata" + value: ${{ jobs.generate-json-matrix.outputs.spec_matrix }} + acceptance_matrix: + description: "Acceptance matrix from metadata" + value: ${{ jobs.generate-json-matrix.outputs.acceptance_matrix }} + +jobs: + generate-json-matrix: + name: Generate + runs-on: ${{ inputs.runs_on }} + outputs: + spec_matrix: ${{ steps.get-matrix.outputs.spec_matrix }} + acceptance_matrix: ${{ steps.get-matrix.outputs.matrix }} + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 1 + - name: Activate Ruby 2.7 + uses: ruby/setup-ruby@v1 + with: + ruby-version: "2.7" + bundler-cache: true + - name: Setup Test Matrix + id: get-matrix + run: | + bundle exec matrix_from_metadata_v2 ${{ inputs.flags }} + echo ::group::spec matrix + sed -n 's/^spec_matrix=\(.*\)/\1/p' $GITHUB_OUTPUT | jq + echo ::endgroup:: + echo ::group::acceptance matrix + sed -n 's/^matrix=\(.*\)/\1/p' $GITHUB_OUTPUT | jq + echo ::endgroup:: diff --git a/.github/workflows/module_acceptance.yml b/.github/workflows/module_acceptance.yml new file mode 100644 index 00000000..c9e744b8 --- /dev/null +++ b/.github/workflows/module_acceptance.yml @@ -0,0 +1,127 @@ +# This is a generic workflow for Puppet module acceptance operations. +name: "Module Acceptance" + +on: + workflow_call: + inputs: + matrix: + description: "JSON matrix" + type: "string" + required: true + debug: + description: "Run jobs with debug steps and flags enabled" + type: "boolean" + required: false + default: false + puppet_version: + description: "Version of Puppet used to run tests" + type: "string" + required: false + default: "~> 7.24" + ruby_version: + description: "Version of Ruby to install" + type: "string" + required: false + default: "2.7" + runs_on: + description: "The operating system used for the runner" + type: "string" + required: false + default: "ubuntu-latest" + +jobs: + Test: + name: "Test ${{ matrix.platforms.label }} with ${{ matrix.collection }}" + runs-on: ${{ inputs.runs_on }} + strategy: + fail-fast: false + matrix: ${{ fromJson(inputs.matrix) }} + env: + PUPPET_GEM_VERSION: ${{ inputs.puppet_version }} + FACTER_GEM_VERSION: 'https://github.com/puppetlabs/facter#main' + BOLT_GEM: 1 + steps: + - name: Checkout Source + uses: actions/checkout@v4 + with: + fetch-depth: 1 + + - name: Activate Ruby ${{ inputs.ruby_version }} + uses: ruby/setup-ruby@v1 + with: + ruby-version: ${{ inputs.ruby_version }} + bundler-cache: true + + - name: Debug + if: ${{ inputs.debug == true }} + run: | + echo ::group::bundler environment + bundle env + echo ::endgroup:: + echo ::group::docker info + docker info + echo ::endgroup:: + echo "RSPEC_DEBUG=1" >> $GITHUB_ENV + echo "DEBUG=1" >> $GITHUB_ENV + + - name: Cache fixture modules + id: cache-fixtures + uses: actions/cache@v4 + env: + cache-name: cache-fixtures-modules + with: + path: spec/fixtures/modules + key: test-${{ env.cache-name }}-${{ hashFiles('metadata.json', '.fixtures.yml') }} + restore-keys: | + test-${{ env.cache-name }}- + test- + + - name: Provision test environment + timeout-minutes: 10 + run: | + bundle exec rake 'litmus:provision[${{matrix.platforms.provider}},${{ matrix.platforms.image }}]' + FILE='spec/fixtures/litmus_inventory.yaml' + sed -e 's/password: .*/password: "[redacted]"/' < $FILE || true + if [ "${{ inputs.debug }}" == "true" ] ; then + while read CN ; do + echo ::group::docker container $CN + docker inspect "$CN" + echo ::endgroup:: + done < <(docker ps --format '{{.Names}}') + fi + + - name: Install agent + run: | + echo ::group::agent + bundle exec rake 'litmus:install_agent[${{ matrix.collection }}]' + echo ::endgroup:: + + - name: Install module + run: bundle exec rake 'litmus:install_module' + + - name: Run acceptance tests + id: run-acceptance + timeout-minutes: 15 + run: bundle exec rake 'litmus:acceptance' + + - name: Failure Logs + if: ${{ failure() && steps.run-acceptance.conclusion == 'failure' }} + continue-on-error: true + run: | + echo ::group::last 100 lines in runner journal + journalctl -n 100 + echo ::endgroup:: + echo ::group::last 100 lines in container journal + bundle exec bolt command run 'journalctl -n 100' -t all -i spec/fixtures/litmus_inventory.yaml + echo ::endgroup:: + echo ::group::last 50 lines of puppetlabs logs + bundle exec bolt command run 'tail -n 50 /var/log/puppetlabs/*/*.log' -t all -i spec/fixtures/litmus_inventory.yaml + echo ::endgroup:: + + - name: Tear down + if: ${{ always() }} + continue-on-error: true + run: | + if [[ -f spec/fixtures/litmus_inventory.yaml ]]; then + bundle exec rake 'litmus:tear_down' + fi diff --git a/.github/workflows/module_ci.yml b/.github/workflows/module_ci.yml deleted file mode 100644 index 96d9cf3c..00000000 --- a/.github/workflows/module_ci.yml +++ /dev/null @@ -1,86 +0,0 @@ -# This is a generic workflow for Puppet module CI operations. -name: "Module CI" - -on: - workflow_call: - inputs: - runs_on: - description: "The operating system used for the runner." - required: false - default: "ubuntu-latest" - type: "string" - flags: - description: "Additional flags to pass to matrix_from_metadata_v2." - required: false - default: '' - type: "string" - -jobs: - setup_matrix: - name: "Setup Test Matrix" - runs-on: ${{ inputs.runs_on }} - outputs: - spec_matrix: ${{ steps.get-matrix.outputs.spec_matrix }} - - steps: - - - name: "Checkout" - uses: "actions/checkout@v4" - with: - ref: ${{ github.event.pull_request.head.sha }} - - - name: "Setup ruby" - uses: "ruby/setup-ruby@v1" - with: - ruby-version: "2.7" - bundler-cache: true - - - name: "Bundle environment" - run: | - echo ::group::bundler environment - bundle env - echo ::endgroup:: - - - name: Setup Spec Test Matrix - id: get-matrix - run: | - bundle exec matrix_from_metadata_v2 ${{ inputs.flags }} - - spec: - name: "Spec tests (Puppet: ${{matrix.puppet_version}}, Ruby Ver: ${{matrix.ruby_version}})" - needs: "setup_matrix" - runs-on: ${{ inputs.runs_on }} - strategy: - fail-fast: false - matrix: ${{ fromJson( needs.setup_matrix.outputs.spec_matrix ) }} - - env: - PUPPET_GEM_VERSION: ${{ matrix.puppet_version }} - FACTER_GEM_VERSION: 'https://github.com/puppetlabs/facter#main' # why is this set? - - steps: - - name: "Checkout" - uses: "actions/checkout@v4" - with: - ref: ${{ github.event.pull_request.head.sha }} - - - name: "Setup ruby" - uses: "ruby/setup-ruby@v1" - with: - ruby-version: ${{matrix.ruby_version}} - bundler-cache: true - - - name: "Bundle environment" - run: | - echo ::group::bundler environment - bundle env - echo ::endgroup:: - - - name: "Run Static & Syntax Tests" - run: | - bundle exec rake syntax lint metadata_lint check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop - bundle exec dependency-checker metadata.json || true # temporarily allow to fail - - - name: "Run tests" - run: | - bundle exec rake parallel_spec diff --git a/.github/workflows/module_spec.yml b/.github/workflows/module_spec.yml new file mode 100644 index 00000000..c59bd19a --- /dev/null +++ b/.github/workflows/module_spec.yml @@ -0,0 +1,88 @@ +# This is a generic workflow for Puppet module CI operations. +name: "Module Spec Matrix" + +on: + workflow_call: + inputs: + matrix: + description: "JSON matrix" + required: true + type: "string" + ignore_dependency_check: + description: "Ignore dependency check failure" + required: false + type: "boolean" + default: false + debug: + description: "Run jobs with debug steps and flags enabled" + required: false + type: "boolean" + default: false + runs_on: + description: "The operating system used for the runner" + required: false + default: "ubuntu-latest" + type: "string" + +jobs: + Test: + name: "Test Puppet ${{ matrix.puppet_version }} with ruby ${{ matrix.ruby_version }}" + runs-on: ${{ inputs.runs_on }} + strategy: + fail-fast: false + matrix: ${{ fromJson(inputs.matrix) }} + env: + PUPPET_GEM_VERSION: ${{ matrix.puppet_version }} + FACTER_GEM_VERSION: 'https://github.com/puppetlabs/facter#main' # why is this set? + + steps: + - name: "Checkout" + uses: "actions/checkout@v4" + with: + ref: ${{ github.event.pull_request.head.sha }} + fetch-depth: 1 + + - name: "Setup ruby" + uses: "ruby/setup-ruby@v1" + with: + ruby-version: ${{ matrix.ruby_version }} + bundler-cache: true + + - name: Debug + if: ${{ inputs.debug == true }} + run: | + echo ::group::bundler environment + bundle env + echo ::endgroup:: + echo "RSPEC_DEBUG=1" >> $GITHUB_ENV + echo "DEBUG=1" >> $GITHUB_ENV + + - name: "Cache fixture modules" + id: cache-fixtures + uses: actions/cache@v4 + env: + cache-name: cache-fixtures-modules + with: + path: spec/fixtures/modules + key: test-${{ env.cache-name }}-${{ hashFiles('metadata.json', '.fixtures.yml') }} + restore-keys: | + test-${{ env.cache-name }}- + test- + + - name: "Run static & syntax tests" + run: bundle exec rake syntax lint metadata_lint check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop + + - name: "Dependency check" + run: | + bundle exec dependency-checker metadata.json && EC=$? || EC=$? + if [ "${{ inputs.ignore_dependency_check }}" == "true" ] ; then + echo '::warning title=::ignoring dependency check failure' + else + exit $EC + fi + + - name: "Install modules" + run: bundle exec rake spec_prep + + - name: "Run tests" + run: bundle exec rake parallel_spec_standalone diff --git a/.nodeset.yml b/.nodeset.yml deleted file mode 100644 index 5603b35e..00000000 --- a/.nodeset.yml +++ /dev/null @@ -1,45 +0,0 @@ ---- -default_set: 'centos-64-x64' -sets: - 'centos-59-x64': - nodes: - "main.foo.vm": - prefab: 'centos-59-x64' - options: - memory: 1024 #mb - 'centos-64-x64': - nodes: - "main.foo.vm": - prefab: 'centos-64-x64' - options: - memory: 1024 #mb - 'fedora-18-x64': - nodes: - "main.foo.vm": - prefab: 'fedora-18-x64' - options: - memory: 1024 #mb - 'debian-607-x64': - nodes: - "main.foo.vm": - prefab: 'debian-607-x64' - options: - memory: 1024 #mb - 'debian-70rc1-x64': - nodes: - "main.foo.vm": - prefab: 'debian-70rc1-x64' - options: - memory: 1024 #mb - 'ubuntu-server-10044-x64': - nodes: - "main.foo.vm": - prefab: 'ubuntu-server-10044-x64' - options: - memory: 1024 #mb - 'ubuntu-server-12042-x64': - nodes: - "main.foo.vm": - prefab: 'ubuntu-server-12042-x64' - options: - memory: 1024 #mb diff --git a/provision.yaml b/provision.yaml new file mode 100644 index 00000000..8b1553fb --- /dev/null +++ b/provision.yaml @@ -0,0 +1,28 @@ +--- +default: + provisioner: docker + images: + - litmusimage/ubuntu:20.04 +yum: + provisioner: docker + images: + - litmusimage/centos:7 +dnf: + provisioner: docker + images: + - litmusimage/centos:8 +apt: + provisioner: docker + images: + - litmusimage/ubuntu:20.04 +ci: + provisioner: docker + images: + - litmusimage/centos:7 + - litmusimage/centos:8 + - litmusimage/oraclelinux:7 + - litmusimage/oraclelinux:8 + - litmusimage/debian:10 + - litmusimage/debian:11 + - litmusimage/ubuntu:18.04 + - litmusimage/ubuntu:20.04 diff --git a/rakelib/common.rake b/rakelib/common.rake index a0054fa0..37d51254 100644 --- a/rakelib/common.rake +++ b/rakelib/common.rake @@ -9,6 +9,8 @@ MetadataJsonLint.options.strict_dependencies = true PuppetLint.configuration.log_forat = '%{path}:%{line}:%{check}:%{KIND}:%{message}' PuppetLint.configuration.fail_on_warnings = true +PuppetLint.configuration.ignore_paths.reject! { |c| c == 'spec/**/*.pp' } +PuppetLint.configuration.ignore_paths << 'spec/fixtures/**/*.pp' desc 'Run dependency-checker' task :metadata_deps do diff --git a/rakelib/litmus.rake b/rakelib/litmus.rake new file mode 100644 index 00000000..f73e6fdc --- /dev/null +++ b/rakelib/litmus.rake @@ -0,0 +1,40 @@ +# frozen_string_literal: true + +litmus_cleanup = false +at_exit { Rake::Task['litmus:tear_down'].invoke if litmus_cleanup } + +desc "Provision machines, run acceptance tests, and tear down\n(defaults: group=default, tag=nil)" +task :acceptance, [:group, :tag] do |_task, args| + args.with_defaults(group: 'default', tag: nil) + Rake::Task['spec_prep'].invoke + litmus_cleanup = ENV.fetch('LITMUS_teardown', 'true').downcase.match?(%r{(true|auto)}) + Rake::Task['litmus:provision_list'].invoke args[:group] + Rake::Task['litmus:install_agent'].invoke + Rake::Task['litmus:install_modules'].invoke + begin + Rake::Task['litmus:acceptance:parallel'].invoke args[:tag] + rescue SystemExit + litmus_cleanup = false if ENV.fetch('LITMUS_teardown', '').casecmp('auto').zero? + raise + end +end + +namespace :litmus do + desc "Run tests against all nodes in the litmus inventory\n(defaults: tag=nil)" + task :acceptance, [:tag] do |_task, args| + args.with_defaults(tag: nil) + + Rake::Task.tasks.select { |t| t.to_s =~ %r{^litmus:acceptance:(?!(localhost|parallel)$)} }.each do |litmus_task| + puts "Running task #{litmus_task}" + litmus_task.invoke(*args) + end + end + + desc "install all fixture modules\n(defaults: resolve_dependencies=false)" + task :install_modules_from_fixtures, [:resolve_dependencies] do |_task, args| + args.with_defaults(resolve_dependencies: false) + + Rake::Task['spec_prep'].invoke + Rake::Task['litmus:install_modules_from_directory'].invoke(nil, nil, nil, !args[:resolve_dependencies]) + end +end diff --git a/spec/acceptance/basic_spec.rb b/spec/acceptance/basic_spec.rb deleted file mode 100644 index d137456d..00000000 --- a/spec/acceptance/basic_spec.rb +++ /dev/null @@ -1,110 +0,0 @@ -require 'spec_helper_acceptance' - -describe 'basic tests:' do - it 'make sure we have copied the module across' do - # No point diagnosing any more if the module wasn't copied properly - run_shell('ls /etc/puppetlabs/code/environments/production/modules/puppetdb') do |r| - r.exit_code.should be_zero - r.stdout.should contain 'metadata.json' - r.stderr.should == '' - end - end - - describe 'setup puppetserver' do - pp = <<-EOS - package { 'puppetserver': ensure => installed, } -> - exec { '/opt/puppetlabs/bin/puppetserver ca setup': creates => '/etc/puppetlabs/puppetserver/ca/ca_crt.pem', } - service { 'puppetserver': ensure => running, enable => true, } - EOS - - it 'make sure it runs without error' do - apply_manifest(pp, catch_errors: true) - apply_manifest(pp, catch_changes: true) - end - end - - describe 'single node setup' do - pp = <<-EOS - # Single node setup - class { 'puppetdb': disable_ssl => true, } -> - class { 'puppetdb::master::config': puppetdb_port => '8080', puppetdb_server => 'localhost' } - EOS - - it 'make sure it runs without error' do - apply_manifest(pp, catch_errors: true) - apply_manifest(pp, catch_changes: true) - end - end - - describe 'single node with ssl' do - ssl_config = <<-EOS - class { 'puppetdb': postgresql_ssl_on => true, - database_listen_address => '0.0.0.0', - database_host => $facts['fqdn'],} - EOS - - it 'make sure it runs without error' do - apply_manifest(ssl_config, catch_errors: true) - apply_manifest(ssl_config, catch_changes: true) - end - - change_password = <<-EOS - ini_setting { "puppetdb password": - ensure => present, - path => '/etc/puppetlabs/puppetdb/conf.d/database.ini', - section => 'database', - setting => 'password', - value => 'random_password', - notify => Service[puppetdb] - } - - service { 'puppetdb': - ensure => 'running', - } - EOS - it 'make sure it starts with wrong password' do - apply_manifest(change_password, catch_errors: true) - apply_manifest(change_password, catch_changes: true) - end - end - - describe 'enabling report processor' do - pp = <<-EOS - class { 'puppetdb': disable_ssl => true, } -> - class { 'puppetdb::master::config': - puppetdb_port => '8080', - manage_report_processor => true, - enable_reports => true, - puppetdb_server => 'localhost' - } - EOS - - it 'adds the puppetdb report processor to puppet.conf' do - apply_manifest(pp, catch_errors: true) - apply_manifest(pp, catch_changes: true) - - run_shell('cat /etc/puppetlabs/puppet/puppet.conf') do |r| - expect(r.stdout).to match(%r{^reports\s*=\s*([^,]+,)*puppetdb(,[^,]+)*$}) - end - end - end - - describe 'read only user' do - pp = <<-EOS - class { 'puppetdb': disable_ssl => true, } -> - class { 'puppetdb::master::config': - puppetdb_port => '8080', - puppetdb_server => 'localhost' - } - EOS - - it 'can not create tables' do - apply_manifest(pp, catch_errors: true) - apply_manifest(pp, catch_changes: true) - - run_shell('psql "postgresql://puppetdb-read:puppetdb-read@localhost/puppetdb" -c "create table tables(id int)" || true') do |r| - expect(r.stderr).to match(%r{^ERROR: permission denied for schema public.*}) - end - end - end -end diff --git a/spec/acceptance/nodesets/centos-510-x64.yml b/spec/acceptance/nodesets/centos-510-x64.yml deleted file mode 100644 index aed61676..00000000 --- a/spec/acceptance/nodesets/centos-510-x64.yml +++ /dev/null @@ -1,10 +0,0 @@ -HOSTS: - centos-510-x64: - roles: - - master - platform: el-5-x86_64 - box : centos-510-x64-virtualbox-nocm - box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-510-x64-virtualbox-nocm.box - hypervisor : vagrant -CONFIG: - type: foss diff --git a/spec/acceptance/nodesets/centos-59-x64.yml b/spec/acceptance/nodesets/centos-59-x64.yml deleted file mode 100644 index b41a9471..00000000 --- a/spec/acceptance/nodesets/centos-59-x64.yml +++ /dev/null @@ -1,10 +0,0 @@ -HOSTS: - centos-59-x64: - roles: - - master - platform: el-5-x86_64 - box : centos-59-x64-vbox4210-nocm - box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-59-x64-vbox4210-nocm.box - hypervisor : vagrant -CONFIG: - type: foss diff --git a/spec/acceptance/nodesets/centos-64-x64-pe.yml b/spec/acceptance/nodesets/centos-64-x64-pe.yml deleted file mode 100644 index 7d9242f1..00000000 --- a/spec/acceptance/nodesets/centos-64-x64-pe.yml +++ /dev/null @@ -1,12 +0,0 @@ -HOSTS: - centos-64-x64: - roles: - - master - - database - - dashboard - platform: el-6-x86_64 - box : centos-64-x64-vbox4210-nocm - box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-64-x64-vbox4210-nocm.box - hypervisor : vagrant -CONFIG: - type: pe diff --git a/spec/acceptance/nodesets/centos-64-x64.yml b/spec/acceptance/nodesets/centos-64-x64.yml deleted file mode 100644 index ab026968..00000000 --- a/spec/acceptance/nodesets/centos-64-x64.yml +++ /dev/null @@ -1,10 +0,0 @@ -HOSTS: - centos-64-x64.local: - roles: - - master - platform: el-6-x86_64 - box : centos-64-x64-vbox4210-nocm - box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-64-x64-vbox4210-nocm.box - hypervisor : vagrant -CONFIG: - type: foss diff --git a/spec/acceptance/nodesets/debian-607-x64.yml b/spec/acceptance/nodesets/debian-607-x64.yml deleted file mode 100644 index 43df6a57..00000000 --- a/spec/acceptance/nodesets/debian-607-x64.yml +++ /dev/null @@ -1,10 +0,0 @@ -HOSTS: - debian-607-x64: - roles: - - master - platform: debian-6-amd64 - box : debian-607-x64-vbox4210-nocm - box_url : http://puppet-vagrant-boxes.puppetlabs.com/debian-607-x64-vbox4210-nocm.box - hypervisor : vagrant -CONFIG: - type: foss diff --git a/spec/acceptance/nodesets/debian-73-x64.yml b/spec/acceptance/nodesets/debian-73-x64.yml deleted file mode 100644 index 5b87870a..00000000 --- a/spec/acceptance/nodesets/debian-73-x64.yml +++ /dev/null @@ -1,10 +0,0 @@ -HOSTS: - debian-73-x64: - roles: - - master - platform: debian-7-amd64 - box : debian-73-x64-virtualbox-nocm - box_url : http://puppet-vagrant-boxes.puppetlabs.com/debian-73-x64-virtualbox-nocm.box - hypervisor : vagrant -CONFIG: - type: foss diff --git a/spec/acceptance/nodesets/default.yml b/spec/acceptance/nodesets/default.yml deleted file mode 100755 index ab026968..00000000 --- a/spec/acceptance/nodesets/default.yml +++ /dev/null @@ -1,10 +0,0 @@ -HOSTS: - centos-64-x64.local: - roles: - - master - platform: el-6-x86_64 - box : centos-64-x64-vbox4210-nocm - box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-64-x64-vbox4210-nocm.box - hypervisor : vagrant -CONFIG: - type: foss diff --git a/spec/acceptance/nodesets/docker/centos-7.yml b/spec/acceptance/nodesets/docker/centos-7.yml deleted file mode 100644 index 61575930..00000000 --- a/spec/acceptance/nodesets/docker/centos-7.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -HOSTS: - centos-7-x64: - platform: el-7-x86_64 - hypervisor: docker - image: centos:7 - docker_preserve_image: true - docker_cmd: '["/usr/sbin/init"]' - # install various tools required to get the image up to usable levels - docker_image_commands: - - 'yum install -y crontabs tar wget openssl sysvinit-tools iproute which initscripts' -CONFIG: - trace_limit: 200 \ No newline at end of file diff --git a/spec/acceptance/nodesets/docker/debian-8.yml b/spec/acceptance/nodesets/docker/debian-8.yml deleted file mode 100644 index 8b47d9fa..00000000 --- a/spec/acceptance/nodesets/docker/debian-8.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -HOSTS: - debian-8-x64: - platform: debian-8-amd64 - hypervisor: docker - image: debian:8 - docker_preserve_image: true - docker_cmd: '["/sbin/init"]' - docker_image_commands: - - 'apt-get update && apt-get install -y net-tools wget locales strace lsof && echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && locale-gen' -CONFIG: - trace_limit: 200 \ No newline at end of file diff --git a/spec/acceptance/nodesets/docker/ubuntu-14.04.yml b/spec/acceptance/nodesets/docker/ubuntu-14.04.yml deleted file mode 100644 index 7ead34b7..00000000 --- a/spec/acceptance/nodesets/docker/ubuntu-14.04.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -HOSTS: - ubuntu-1404-x64: - roles: - - master - platform: ubuntu-14.04-amd64 - hypervisor: docker - image: ubuntu:14.04 - docker_preserve_image: true - docker_cmd: '["/sbin/init"]' - docker_image_commands: - # ensure that upstart is booting correctly in the container - - 'sudo apt-get install apt-transport-https --assume-yes' - - 'wget -O - https://apt.postgresql.org/pub/repos/apt/ACCC4CF8.asc | sudo apt-key add -' - - 'sh -c "echo deb https://apt.postgresql.org/pub/repos/apt/ trusty-pgdg main >> /etc/apt/sources.list.d/postgresql.list"' - - 'sudo apt-get update' - - 'rm /usr/sbin/policy-rc.d && rm /sbin/initctl && dpkg-divert --rename --remove /sbin/initctl && apt-get update && apt-get install -y net-tools wget && locale-gen en_US.UTF-8' - -CONFIG: - trace_limit: 200 \ No newline at end of file diff --git a/spec/acceptance/nodesets/ubuntu-server-10044-x64.yml b/spec/acceptance/nodesets/ubuntu-server-10044-x64.yml deleted file mode 100644 index 5ca1514e..00000000 --- a/spec/acceptance/nodesets/ubuntu-server-10044-x64.yml +++ /dev/null @@ -1,10 +0,0 @@ -HOSTS: - ubuntu-server-10044-x64: - roles: - - master - platform: ubuntu-10.04-amd64 - box : ubuntu-server-10044-x64-vbox4210-nocm - box_url : http://puppet-vagrant-boxes.puppetlabs.com/ubuntu-server-10044-x64-vbox4210-nocm.box - hypervisor : vagrant -CONFIG: - type: foss diff --git a/spec/acceptance/nodesets/ubuntu-server-12042-x64.yml b/spec/acceptance/nodesets/ubuntu-server-12042-x64.yml deleted file mode 100644 index d065b304..00000000 --- a/spec/acceptance/nodesets/ubuntu-server-12042-x64.yml +++ /dev/null @@ -1,10 +0,0 @@ -HOSTS: - ubuntu-server-12042-x64: - roles: - - master - platform: ubuntu-12.04-amd64 - box : ubuntu-server-12042-x64-vbox4210-nocm - box_url : http://puppet-vagrant-boxes.puppetlabs.com/ubuntu-server-12042-x64-vbox4210-nocm.box - hypervisor : vagrant -CONFIG: - type: foss diff --git a/spec/acceptance/standalone_spec.rb b/spec/acceptance/standalone_spec.rb new file mode 100644 index 00000000..3c2a31f1 --- /dev/null +++ b/spec/acceptance/standalone_spec.rb @@ -0,0 +1,109 @@ +require 'spec_helper_acceptance' + +describe 'standalone' do + it_behaves_like 'puppetserver' + + let(:puppetdb_params) {} + let(:puppetdb_master_config_params) {} + + # TODO: temporary work-around for EL installs + let(:postgres_version) { "(getvar('facts.os.family') == 'RedHat') ? { true => '12', default => undef }" } + let(:manage_firewall) { "(getvar('facts.os.family') == 'RedHat' and Integer(getvar('facts.os.release.major')) > 7)" } + + describe 'with defaults' do + it_behaves_like 'puppetdb' + + describe service('puppetdb'), :status do + it { is_expected.to be_enabled } + it { is_expected.to be_running } + end + + describe port(8080), :status do + it { is_expected.to be_listening } + end + + describe port(8081), :status do + it { is_expected.to be_listening } + end + + context 'puppetdb postgres user', :status do + it 'is not allowing read-only user to create tables' do + run_shell('psql "postgresql://puppetdb-read:puppetdb-read@localhost/puppetdb" -c "create table tables(id int)"', expect_failures: true) do |r| + expect(r.stderr).to match(%r{^ERROR: permission denied for schema public.*}) + expect(r.exit_code).to eq 1 + end + end + + it 'is allowing normal user to manage schema' do + run_shell('psql "postgresql://puppetdb:puppetdb@localhost/puppetdb" -c "create table testing(id int); drop table testing"') do |r| + expect(r.exit_status).to eq 0 + end + end + + it 'is allowing read-only user to select' do + run_shell('psql "postgresql://puppetdb-read:puppetdb-read@localhost/puppetdb" -c "select * from catalogs limit 1"') do |r| + expect(r.exit_status).to eq 0 + end + end + end + end + + context 'with manage report processor', :change do + ['remove', 'add'].each do |outcome| + context "#{outcome}s puppet config puppetdb report processor" do + let(:enable_reports) { (outcome == 'add') ? true : false } + + let(:puppetdb_master_config_params) do + <<~EOS + manage_report_processor => true, + enable_reports => #{enable_reports}, + EOS + end + + it_behaves_like 'puppetdb' + + describe command('puppet config print --section master reports') do + its(:stdout) do + option = enable_reports ? 'to' : 'not_to' + is_expected.method(option).call match 'puppetdb' + end + end + end + end + end + + describe 'puppetdb with postgresql ssl', :change do + let(:puppetdb_params) do + <<~EOS + postgresql_ssl_on => true, + database_listen_address => '0.0.0.0', + database_host => $facts['networking']['fqdn'], + EOS + end + + it_behaves_like 'puppetdb' + end + + describe 'set wrong database password in puppetdb conf', :change do + it 'applies manifest' do + pp = <<~EOS + ini_setting { "puppetdb password": + ensure => present, + path => '/etc/puppetlabs/puppetdb/conf.d/database.ini', + section => 'database', + setting => 'password', + value => 'random_password', + } + ~> service { 'puppetdb': + ensure => 'running', + } + EOS + + apply_manifest(pp, expect_failures: false, debug: ENV.key?('DEBUG')) + end + + describe service('puppetdb') do + it { is_expected.to be_running } + end + end +end diff --git a/spec/spec_helper_acceptance_local.rb b/spec/spec_helper_acceptance_local.rb new file mode 100644 index 00000000..993d7fe8 --- /dev/null +++ b/spec/spec_helper_acceptance_local.rb @@ -0,0 +1,23 @@ +# frozen_string_literal: true + +require 'singleton' +class LitmusHelper + include Singleton + include PuppetLitmus +end + +Dir['./spec/support/acceptance/**/*.rb'].sort.each { |f| require f } + +RSpec.configure do |c| + c.fail_fast = true +end + +RSpec::Matchers.define(:be_one_of) do |expected| + match do |actual| + expected.include?(actual) + end + + failure_message do |actual| + "expected one of #{expected}, got #{actual}" + end +end diff --git a/spec/support/acceptance/shared/puppetdb.rb b/spec/support/acceptance/shared/puppetdb.rb new file mode 100644 index 00000000..27c0a80e --- /dev/null +++ b/spec/support/acceptance/shared/puppetdb.rb @@ -0,0 +1,62 @@ +# frozen_string_literal: true + +shared_examples 'puppetdb' do + let(:pp) do + <<~PP + # FIXME: temporary work-around for EL installs + if $facts['os']['family'] == 'RedHat' { + $gpg_key_file = $facts['os']['release']['major'] ? { + '7' => 'PGDG-RPM-GPG-KEY-RHEL7', + default => 'PGDG-RPM-GPG-KEY-RHEL', + } + file { "/etc/pki/rpm-gpg/${gpg_key_file}": + source => "https://download.postgresql.org/pub/repos/yum/keys/${gpg_key_file}", + } + -> Yumrepo <| tag == 'postgresql::repo' |> { + gpgkey => "file:///etc/pki/rpm-gpg/${gpg_key_file}", + } + + if $facts['virtual'] == 'docker' { + # Work-around EL systemd in docker bug affecting forked services + file_line { 'puppetdb-unit-remove-pidfile': + path => '/lib/systemd/system/puppetdb.service', + line => '#PIDFile=/run/puppetlabs/puppetdb/puppetdb.pid', + match => '^PIDFile.*', + append_on_no_match => false, + require => Package['puppetdb'], + notify => Service['puppetdb'], + } + } + } + + # reduce pgs memory + postgresql::server::config_entry { 'max_connections': value => '20' } + postgresql::server::config_entry { 'shared_buffers': value => '128kB' } + postgresql::server::config_entry { 'effective_cache_size': value => '24MB' } + postgresql::server::config_entry { 'maintenance_work_mem': value => '1MB' } + postgresql::server::config_entry { 'checkpoint_completion_target': value => '0.9' } + postgresql::server::config_entry { 'wal_buffers': value => '32kB' } + postgresql::server::config_entry { 'random_page_cost': value => '4' } + postgresql::server::config_entry { 'effective_io_concurrency': value => '2' } + postgresql::server::config_entry { 'work_mem': value => '204kB' } + postgresql::server::config_entry { 'huge_pages': value => 'off' } + postgresql::server::config_entry { 'min_wal_size': value => '80MB' } + postgresql::server::config_entry { 'max_wal_size': value => '1GB' } + + class { 'puppetdb': + postgres_version => #{postgres_version}, + manage_firewall => #{manage_firewall}, + database_max_pool_size => '2', + read_database_max_pool_size => '2', + #{puppetdb_params} + } + -> class { 'puppetdb::master::config': + #{puppetdb_master_config_params} + } + PP + end + + it 'applies idempotently' do + idempotent_apply(pp, debug: ENV.key?('DEBUG')) + end +end diff --git a/spec/support/acceptance/shared/puppetserver.pp b/spec/support/acceptance/shared/puppetserver.pp new file mode 100644 index 00000000..d9b8d624 --- /dev/null +++ b/spec/support/acceptance/shared/puppetserver.pp @@ -0,0 +1,78 @@ +# some provision environments (docker) may not setup or isolate domains +# this ensures the instance FQDN is always resolved locally +host { 'primary': + name => $facts['networking']['fqdn'], + ip => $facts['networking']['ip'], + host_aliases => [ + $facts['networking']['hostname'], + ], +} + +if $facts['os']['family'] == 'RedHat' { + # TODO: backport to litmusimage, required for serverspec port tests + package { 'iproute': ensure => installed } + + # TODO: rework this hack, maybe not needed for newer version of postgresl module? + if versioncmp($facts['os']['release']['major'], '8') >= 0 { + package { 'disable-builtin-dnf-postgresql-module': + ensure => 'disabled', + name => 'postgresql', + provider => 'dnfmodule', + } + + Yumrepo <| tag == 'postgresql::repo' |> + -> Package['disable-dnf-postgresql-module'] + -> Package <| tag == 'postgresql' |> + } + + if $facts['virtual'] == 'docker' { + # Work-around EL systemd in docker with cgroupsv1? issue and forked services + # Without this, the puppet agent will stall for 300 seconds waiting for + # the service to start... then miserably fail. + # systemd error message: + # New main PID 1411 does not belong to service, and PID file is not + # owned by root. Refusing. + # PIDFile is not needed, but it cannot be reset by a drop-in, therefor the + # original unit must be modified + file_line { 'puppetserver-unit-remove-pidfile': + path => '/lib/systemd/system/puppetserver.service', + line => '#PIDFile=/run/puppetlabs/puppetserver.pid', + match => '^PIDFile.*', + append_on_no_match => false, + require => Package['puppetserver'], + notify => Service['puppetserver'], + } + } +} + +$sysconfdir = $facts['os']['family'] ? { + 'Debian' => '/etc/default', + default => '/etc/sysconfig', +} + +package { 'puppetserver': + ensure => installed, +} +# savagely disable dropsonde +~> file { + [ + '/opt/puppetlabs/server/data/puppetserver/dropsonde/bin/dropsonde', + '/opt/puppetlabs/server/apps/puppetserver/cli/apps/dropsonde', + ]: + ensure => absent, +} +-> exec { '/opt/puppetlabs/bin/puppetserver ca setup': + creates => '/etc/puppetlabs/puppetserver/ca/ca_crt.pem', +} +# drop memory requirements to fit on a low memory containers +-> augeas { 'puppetserver-environment': + context => "/files${sysconfdir}/puppetserver", + changes => [ + 'set JAVA_ARGS \'"-Xms512m -Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger"\'', + "set START_TIMEOUT '30'", + ], +} +-> service { 'puppetserver': + ensure => running, + enable => true, +} diff --git a/spec/support/acceptance/shared/puppetserver.rb b/spec/support/acceptance/shared/puppetserver.rb new file mode 100644 index 00000000..d4732cd5 --- /dev/null +++ b/spec/support/acceptance/shared/puppetserver.rb @@ -0,0 +1,9 @@ +# frozen_string_literal: true + +shared_examples 'puppetserver' do + let(:pp) { File.read(File.join(File.dirname(__FILE__), 'puppetserver.pp')) } + + it 'applies idempotently' do + idempotent_apply(pp, debug: ENV.key?('DEBUG')) + end +end From a8583415d57c030a7e089ff1dc97673dba5df32f Mon Sep 17 00:00:00 2001 From: Jeffrey Clark Date: Fri, 2 Feb 2024 00:07:50 -0600 Subject: [PATCH 37/97] looks like facter virtual doesnt work in docker on gha --- spec/support/acceptance/shared/puppetdb.rb | 18 +++++----- .../support/acceptance/shared/puppetserver.pp | 33 +++++++++---------- 2 files changed, 23 insertions(+), 28 deletions(-) diff --git a/spec/support/acceptance/shared/puppetdb.rb b/spec/support/acceptance/shared/puppetdb.rb index 27c0a80e..20fac66b 100644 --- a/spec/support/acceptance/shared/puppetdb.rb +++ b/spec/support/acceptance/shared/puppetdb.rb @@ -16,16 +16,14 @@ gpgkey => "file:///etc/pki/rpm-gpg/${gpg_key_file}", } - if $facts['virtual'] == 'docker' { - # Work-around EL systemd in docker bug affecting forked services - file_line { 'puppetdb-unit-remove-pidfile': - path => '/lib/systemd/system/puppetdb.service', - line => '#PIDFile=/run/puppetlabs/puppetdb/puppetdb.pid', - match => '^PIDFile.*', - append_on_no_match => false, - require => Package['puppetdb'], - notify => Service['puppetdb'], - } + # Work-around EL systemd in docker bug affecting forked services + file_line { 'puppetdb-unit-remove-pidfile': + path => '/lib/systemd/system/puppetdb.service', + line => '#PIDFile=/run/puppetlabs/puppetdb/puppetdb.pid', + match => '^PIDFile.*', + append_on_no_match => false, + require => Package['puppetdb'], + notify => Service['puppetdb'], } } diff --git a/spec/support/acceptance/shared/puppetserver.pp b/spec/support/acceptance/shared/puppetserver.pp index d9b8d624..d653d38e 100644 --- a/spec/support/acceptance/shared/puppetserver.pp +++ b/spec/support/acceptance/shared/puppetserver.pp @@ -25,23 +25,21 @@ -> Package <| tag == 'postgresql' |> } - if $facts['virtual'] == 'docker' { - # Work-around EL systemd in docker with cgroupsv1? issue and forked services - # Without this, the puppet agent will stall for 300 seconds waiting for - # the service to start... then miserably fail. - # systemd error message: - # New main PID 1411 does not belong to service, and PID file is not - # owned by root. Refusing. - # PIDFile is not needed, but it cannot be reset by a drop-in, therefor the - # original unit must be modified - file_line { 'puppetserver-unit-remove-pidfile': - path => '/lib/systemd/system/puppetserver.service', - line => '#PIDFile=/run/puppetlabs/puppetserver.pid', - match => '^PIDFile.*', - append_on_no_match => false, - require => Package['puppetserver'], - notify => Service['puppetserver'], - } + # Work-around EL systemd in docker with cgroupsv1? issue and forked services + # Without this, the puppet agent will stall for 300 seconds waiting for + # the service to start... then miserably fail. + # systemd error message: + # New main PID 1411 does not belong to service, and PID file is not + # owned by root. Refusing. + # PIDFile is not needed, but it cannot be reset by a drop-in, therefor the + # original unit must be modified + file_line { 'puppetserver-unit-remove-pidfile': + path => '/lib/systemd/system/puppetserver.service', + line => '#PIDFile=/run/puppetlabs/puppetserver.pid', + match => '^PIDFile.*', + append_on_no_match => false, + require => Package['puppetserver'], + notify => Service['puppetserver'], } } @@ -69,7 +67,6 @@ context => "/files${sysconfdir}/puppetserver", changes => [ 'set JAVA_ARGS \'"-Xms512m -Djruby.logger.class=com.puppetlabs.jruby_utils.jruby.Slf4jLogger"\'', - "set START_TIMEOUT '30'", ], } -> service { 'puppetserver': From 3c3a8cc43c8d81d8dc0b3431dcadeac7921a7adf Mon Sep 17 00:00:00 2001 From: Jeffrey Clark Date: Fri, 2 Feb 2024 00:53:14 -0600 Subject: [PATCH 38/97] remove timeouts --- .github/workflows/module_acceptance.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/module_acceptance.yml b/.github/workflows/module_acceptance.yml index c9e744b8..4d0a7439 100644 --- a/.github/workflows/module_acceptance.yml +++ b/.github/workflows/module_acceptance.yml @@ -77,7 +77,6 @@ jobs: test- - name: Provision test environment - timeout-minutes: 10 run: | bundle exec rake 'litmus:provision[${{matrix.platforms.provider}},${{ matrix.platforms.image }}]' FILE='spec/fixtures/litmus_inventory.yaml' @@ -101,7 +100,6 @@ jobs: - name: Run acceptance tests id: run-acceptance - timeout-minutes: 15 run: bundle exec rake 'litmus:acceptance' - name: Failure Logs From f6b6f8d4b6b7552f7975624ac5f80c3140349618 Mon Sep 17 00:00:00 2001 From: Jeffrey Clark Date: Sat, 3 Feb 2024 08:52:37 -0600 Subject: [PATCH 39/97] document manifests --- .puppet-lint.rc | 1 - .sync.yml | 1 - REFERENCE.md | 1577 +------------------- Rakefile | 1 - manifests/database/default_read_grant.pp | 5 +- manifests/database/postgresql.pp | 4 +- manifests/database/postgresql_ssl_rules.pp | 4 +- manifests/database/read_grant.pp | 5 +- manifests/database/read_only_user.pp | 4 +- manifests/database/ssl_configuration.pp | 5 +- manifests/globals.pp | 3 +- manifests/init.pp | 4 +- manifests/master/config.pp | 3 +- manifests/master/puppetdb_conf.pp | 5 +- manifests/master/report_processor.pp | 5 +- manifests/master/routes.pp | 5 +- manifests/master/storeconfigs.pp | 6 +- manifests/params.pp | 4 +- manifests/server.pp | 3 +- manifests/server/command_processing.pp | 4 +- manifests/server/database.pp | 4 +- manifests/server/firewall.pp | 4 +- manifests/server/global.pp | 4 +- manifests/server/jetty.pp | 4 +- manifests/server/puppetdb.pp | 4 +- manifests/server/read_database.pp | 4 +- manifests/server/validate_db.pp | 4 +- manifests/server/validate_read_db.pp | 4 +- 28 files changed, 146 insertions(+), 1535 deletions(-) diff --git a/.puppet-lint.rc b/.puppet-lint.rc index b4372aaf..d779fd47 100644 --- a/.puppet-lint.rc +++ b/.puppet-lint.rc @@ -1,5 +1,4 @@ --relative --no-parameter_types-check --no-parameter_documentation-check ---no-documentation-check --no-140chars-check diff --git a/.sync.yml b/.sync.yml index 4c5e0c81..2698b3ce 100644 --- a/.sync.yml +++ b/.sync.yml @@ -17,7 +17,6 @@ Rakefile: default_disabled_lint_checks: - parameter_types - parameter_documentation - - documentation - 140chars spec/default_facts.yml: unmanaged: true diff --git a/REFERENCE.md b/REFERENCE.md index 78149e3f..d0b37c5a 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -6,33 +6,40 @@ ### Classes -* [`puppetdb`](#puppetdb): All in one class for setting up a PuppetDB instance. See README.md for more details. -* [`puppetdb::database::postgresql`](#puppetdb--database--postgresql): Class for creating the PuppetDB postgresql database. See README.md for more information. -* [`puppetdb::database::ssl_configuration`](#puppetdb--database--ssl_configuration): Class for configuring SSL connection for the PuppetDB postgresql database. See README.md for more information. -* [`puppetdb::globals`](#puppetdb--globals): Global configuration class for PuppetDB. See README.md for more details. -* [`puppetdb::master::config`](#puppetdb--master--config): Manage puppet configuration. See README.md for more details. -* [`puppetdb::master::puppetdb_conf`](#puppetdb--master--puppetdb_conf): Manage the puppetdb.conf file on the puppeet master. See README.md for more details. -* [`puppetdb::master::report_processor`](#puppetdb--master--report_processor): Manage the installation of the report processor on the master. See README.md for more details. -* [`puppetdb::master::routes`](#puppetdb--master--routes): Manages the routes configuration file on the master. See README.md for more details. -* [`puppetdb::master::storeconfigs`](#puppetdb--master--storeconfigs): This class configures the puppet master to enable storeconfigs and to use puppetdb as the storeconfigs backend. See README.md for more detail -* [`puppetdb::params`](#puppetdb--params): PRIVATE CLASS - do not use directly The puppetdb default configuration settings. -* [`puppetdb::server`](#puppetdb--server): Class to configure a PuppetDB server. See README.md for more details. -* [`puppetdb::server::command_processing`](#puppetdb--server--command_processing): PRIVATE CLASS - do not use directly -* [`puppetdb::server::database`](#puppetdb--server--database): PRIVATE CLASS - do not use directly -* [`puppetdb::server::firewall`](#puppetdb--server--firewall): PRIVATE CLASS - do not use directly -* [`puppetdb::server::global`](#puppetdb--server--global): PRIVATE CLASS - do not use directly -* [`puppetdb::server::jetty`](#puppetdb--server--jetty): PRIVATE CLASS - do not use directly -* [`puppetdb::server::puppetdb`](#puppetdb--server--puppetdb): PRIVATE CLASS - do not use directly -* [`puppetdb::server::read_database`](#puppetdb--server--read_database): PRIVATE CLASS - do not use directly -* [`puppetdb::server::validate_db`](#puppetdb--server--validate_db): This validates a database connection. See README.md for more details. -* [`puppetdb::server::validate_read_db`](#puppetdb--server--validate_read_db): This validates a database connection. See README.md for more details. +#### Public Classes + +* [`puppetdb`](#puppetdb): manage PuppetDB +* [`puppetdb::database::postgresql`](#puppetdb--database--postgresql): create the PuppetDB postgresql database +* [`puppetdb::globals`](#puppetdb--globals): global configuration class for PuppetDB +* [`puppetdb::master::config`](#puppetdb--master--config): manage the puppet configuration on the primary +* [`puppetdb::server`](#puppetdb--server): manage the PuppetDB server + +#### Private Classes + +* `puppetdb::database::ssl_configuration`: configure SSL for the PuppetDB postgresql database +* `puppetdb::master::puppetdb_conf`: manage the puppetdb.conf file on the puppet primary +* `puppetdb::master::report_processor`: manage the installation of the report processor on the primary +* `puppetdb::master::routes`: manages the routes configuration file on the master +* `puppetdb::master::storeconfigs`: configure the puppet master to enable storeconfigs and to use puppetdb as the storeconfigs backend +* `puppetdb::params`: default configuration settings +* `puppetdb::server::command_processing`: manage puppetdb config ini +* `puppetdb::server::database`: manage puppetdb database ini +* `puppetdb::server::firewall`: manage puppetdb firewall rules +* `puppetdb::server::global`: manage puppetdb global setting +* `puppetdb::server::jetty`: configures puppetdb jetty ini +* `puppetdb::server::puppetdb`: manage puppetdb ini +* `puppetdb::server::read_database`: manage puppetdb read_database ini +* `puppetdb::server::validate_db`: validates the database connection +* `puppetdb::server::validate_read_db`: validates the read only database connection ### Defined types -* [`puppetdb::database::default_read_grant`](#puppetdb--database--default_read_grant): Private class. Grant read permissions to $database_read_only_username by default, for new tables created by $database_username. -* [`puppetdb::database::postgresql_ssl_rules`](#puppetdb--database--postgresql_ssl_rules): Private class for configuring the pg_ident.conf and pg_hba.conf files -* [`puppetdb::database::read_grant`](#puppetdb--database--read_grant): Private class. Grant read-only permissions to $database_read_only_username for all objects in $schema of $database_name -* [`puppetdb::database::read_only_user`](#puppetdb--database--read_only_user) +#### Private Defined types + +* `puppetdb::database::default_read_grant`: grant read permissions to $database_read_only_username by default, for new tables created by $database_username +* `puppetdb::database::postgresql_ssl_rules`: manage the pg_ident.conf and pg_hba.conf files +* `puppetdb::database::read_grant`: grant read-only permissions to $database_read_only_username for all objects in $schema of $database_name +* `puppetdb::database::read_only_user`: A define type to manage the creation of a read-only postgres users. In particular, it manages the necessary grants to enable such a user to h ### Resource types @@ -47,16 +54,11 @@ * [`Puppetdb::Ttl`](#Puppetdb--Ttl) -### Tasks - -* [`lxd_exp`](#lxd_exp): Provision/Tear down a machine on LXD - ## Classes ### `puppetdb` -All in one class for setting up a PuppetDB instance. See README.md for more -details. +manage PuppetDB #### Parameters @@ -866,8 +868,7 @@ Default value: `$puppetdb::params::java_bin` ### `puppetdb::database::postgresql` -Class for creating the PuppetDB postgresql database. See README.md for more -information. +create the PuppetDB postgresql database #### Parameters @@ -1027,100 +1028,9 @@ Data type: `Any` Default value: `$puppetdb::params::read_database_host` -### `puppetdb::database::ssl_configuration` - -Class for configuring SSL connection for the PuppetDB postgresql database. See README.md for more -information. - -#### Parameters - -The following parameters are available in the `puppetdb::database::ssl_configuration` class: - -* [`database_name`](#-puppetdb--database--ssl_configuration--database_name) -* [`database_username`](#-puppetdb--database--ssl_configuration--database_username) -* [`read_database_username`](#-puppetdb--database--ssl_configuration--read_database_username) -* [`read_database_host`](#-puppetdb--database--ssl_configuration--read_database_host) -* [`puppetdb_server`](#-puppetdb--database--ssl_configuration--puppetdb_server) -* [`postgresql_ssl_key_path`](#-puppetdb--database--ssl_configuration--postgresql_ssl_key_path) -* [`postgresql_ssl_cert_path`](#-puppetdb--database--ssl_configuration--postgresql_ssl_cert_path) -* [`postgresql_ssl_ca_cert_path`](#-puppetdb--database--ssl_configuration--postgresql_ssl_ca_cert_path) -* [`create_read_user_rule`](#-puppetdb--database--ssl_configuration--create_read_user_rule) - -##### `database_name` - -Data type: `Any` - - - -Default value: `$puppetdb::params::database_name` - -##### `database_username` - -Data type: `Any` - - - -Default value: `$puppetdb::params::database_username` - -##### `read_database_username` - -Data type: `Any` - - - -Default value: `$puppetdb::params::read_database_username` - -##### `read_database_host` - -Data type: `Any` - - - -Default value: `$puppetdb::params::read_database_host` - -##### `puppetdb_server` - -Data type: `Any` - - - -Default value: `$puppetdb::params::puppetdb_server` - -##### `postgresql_ssl_key_path` - -Data type: `Any` - - - -Default value: `$puppetdb::params::postgresql_ssl_key_path` - -##### `postgresql_ssl_cert_path` - -Data type: `Any` - - - -Default value: `$puppetdb::params::postgresql_ssl_cert_path` - -##### `postgresql_ssl_ca_cert_path` - -Data type: `Any` - - - -Default value: `$puppetdb::params::postgresql_ssl_ca_cert_path` - -##### `create_read_user_rule` - -Data type: `Any` - - - -Default value: `false` - ### `puppetdb::globals` -Global configuration class for PuppetDB. See README.md for more details. +global configuration class for PuppetDB #### Parameters @@ -1156,7 +1066,7 @@ Default value: `$settings::confdir` ### `puppetdb::master::config` -Manage puppet configuration. See README.md for more details. +manage the puppet configuration on the primary #### Parameters @@ -1358,193 +1268,9 @@ Data type: `Any` Default value: `true` -### `puppetdb::master::puppetdb_conf` - -Manage the puppetdb.conf file on the puppeet master. See README.md for more -details. - -#### Parameters - -The following parameters are available in the `puppetdb::master::puppetdb_conf` class: - -* [`server`](#-puppetdb--master--puppetdb_conf--server) -* [`port`](#-puppetdb--master--puppetdb_conf--port) -* [`soft_write_failure`](#-puppetdb--master--puppetdb_conf--soft_write_failure) -* [`puppet_confdir`](#-puppetdb--master--puppetdb_conf--puppet_confdir) -* [`legacy_terminus`](#-puppetdb--master--puppetdb_conf--legacy_terminus) - -##### `server` - -Data type: `Any` - - - -Default value: `'localhost'` - -##### `port` - -Data type: `Any` - - - -Default value: `'8081'` - -##### `soft_write_failure` - -Data type: `Any` - - - -Default value: - -```puppet -$puppetdb::disable_ssl ? { - true => true, - default => false -``` - -##### `puppet_confdir` - -Data type: `Any` - - - -Default value: `$puppetdb::params::puppet_confdir` - -##### `legacy_terminus` - -Data type: `Any` - - - -Default value: - -```puppet -$puppetdb::params::terminus_package ? { - /(puppetdb-terminus)/ => true, - default => false -``` - -### `puppetdb::master::report_processor` - -Manage the installation of the report processor on the master. See README.md -for more details. - -#### Parameters - -The following parameters are available in the `puppetdb::master::report_processor` class: - -* [`puppet_conf`](#-puppetdb--master--report_processor--puppet_conf) -* [`masterless`](#-puppetdb--master--report_processor--masterless) -* [`enable`](#-puppetdb--master--report_processor--enable) - -##### `puppet_conf` - -Data type: `Any` - - - -Default value: `$puppetdb::params::puppet_conf` - -##### `masterless` - -Data type: `Any` - - - -Default value: `$puppetdb::params::masterless` - -##### `enable` - -Data type: `Any` - - - -Default value: `false` - -### `puppetdb::master::routes` - -Manages the routes configuration file on the master. See README.md for more -details. - -#### Parameters - -The following parameters are available in the `puppetdb::master::routes` class: - -* [`puppet_confdir`](#-puppetdb--master--routes--puppet_confdir) -* [`masterless`](#-puppetdb--master--routes--masterless) -* [`routes`](#-puppetdb--master--routes--routes) - -##### `puppet_confdir` - -Data type: `Any` - - - -Default value: `$puppetdb::params::puppet_confdir` - -##### `masterless` - -Data type: `Any` - - - -Default value: `$puppetdb::params::masterless` - -##### `routes` - -Data type: `Any` - - - -Default value: `undef` - -### `puppetdb::master::storeconfigs` - -This class configures the puppet master to enable storeconfigs and to use -puppetdb as the storeconfigs backend. See README.md for more details. - -#### Parameters - -The following parameters are available in the `puppetdb::master::storeconfigs` class: - -* [`puppet_conf`](#-puppetdb--master--storeconfigs--puppet_conf) -* [`masterless`](#-puppetdb--master--storeconfigs--masterless) -* [`enable`](#-puppetdb--master--storeconfigs--enable) - -##### `puppet_conf` - -Data type: `Any` - - - -Default value: `$puppetdb::params::puppet_conf` - -##### `masterless` - -Data type: `Any` - - - -Default value: `$puppetdb::params::masterless` - -##### `enable` - -Data type: `Any` - - - -Default value: `true` - -### `puppetdb::params` - -PRIVATE CLASS - do not use directly - -The puppetdb default configuration settings. - ### `puppetdb::server` -Class to configure a PuppetDB server. See README.md for more details. +manage the PuppetDB server #### Parameters @@ -2271,1184 +1997,81 @@ Data type: `Optional[Stdlib::Absolutepath]` Default value: `$puppetdb::params::java_bin` -### `puppetdb::server::command_processing` +## Resource types -PRIVATE CLASS - do not use directly +### `puppetdb_conn_validator` -#### Parameters +Verify that a connection can be successfully established between a node +and the puppetdb server. Its primary use is as a precondition to +prevent configuration changes from being applied if the puppetdb +server cannot be reached, but it could potentially be used for other +purposes such as monitoring. -The following parameters are available in the `puppetdb::server::command_processing` class: +#### Properties -* [`command_threads`](#-puppetdb--server--command_processing--command_threads) -* [`concurrent_writes`](#-puppetdb--server--command_processing--concurrent_writes) -* [`store_usage`](#-puppetdb--server--command_processing--store_usage) -* [`temp_usage`](#-puppetdb--server--command_processing--temp_usage) -* [`confdir`](#-puppetdb--server--command_processing--confdir) +The following properties are available in the `puppetdb_conn_validator` type. -##### `command_threads` +##### `ensure` -Data type: `Any` +Valid values: `present`, `absent` +The basic property that the resource should be in. +Default value: `present` -Default value: `$puppetdb::params::command_threads` +#### Parameters -##### `concurrent_writes` +The following parameters are available in the `puppetdb_conn_validator` type. -Data type: `Any` +* [`name`](#-puppetdb_conn_validator--name) +* [`provider`](#-puppetdb_conn_validator--provider) +* [`puppetdb_port`](#-puppetdb_conn_validator--puppetdb_port) +* [`puppetdb_server`](#-puppetdb_conn_validator--puppetdb_server) +* [`test_url`](#-puppetdb_conn_validator--test_url) +* [`timeout`](#-puppetdb_conn_validator--timeout) +* [`use_ssl`](#-puppetdb_conn_validator--use_ssl) +##### `name` +namevar -Default value: `$puppetdb::params::concurrent_writes` +An arbitrary name used as the identity of the resource. -##### `store_usage` +##### `provider` -Data type: `Any` +The specific backend to use for this `puppetdb_conn_validator` resource. You will seldom need to specify this --- Puppet +will usually discover the appropriate provider for your platform. +##### `puppetdb_port` +The port that the puppetdb server should be listening on. -Default value: `$puppetdb::params::store_usage` +##### `puppetdb_server` -##### `temp_usage` +The DNS name or IP address of the server where puppetdb should be running. -Data type: `Any` +##### `test_url` +URL to use for testing if the PuppetDB database is up +##### `timeout` -Default value: `$puppetdb::params::temp_usage` +The max number of seconds that the validator should wait before giving up and deciding that puppetdb is not running; +defaults to 15 seconds. -##### `confdir` +Default value: `15` -Data type: `Any` +##### `use_ssl` +Whether the connection will be attempted using https +Default value: `true` -Default value: `$puppetdb::params::confdir` +## Functions -### `puppetdb::server::database` +### `puppetdb::create_subsetting_resource_hash` -PRIVATE CLASS - do not use directly - -#### Parameters - -The following parameters are available in the `puppetdb::server::database` class: - -* [`database`](#-puppetdb--server--database--database) -* [`database_host`](#-puppetdb--server--database--database_host) -* [`database_port`](#-puppetdb--server--database--database_port) -* [`database_username`](#-puppetdb--server--database--database_username) -* [`database_password`](#-puppetdb--server--database--database_password) -* [`database_name`](#-puppetdb--server--database--database_name) -* [`manage_db_password`](#-puppetdb--server--database--manage_db_password) -* [`jdbc_ssl_properties`](#-puppetdb--server--database--jdbc_ssl_properties) -* [`database_validate`](#-puppetdb--server--database--database_validate) -* [`database_embedded_path`](#-puppetdb--server--database--database_embedded_path) -* [`node_ttl`](#-puppetdb--server--database--node_ttl) -* [`node_purge_ttl`](#-puppetdb--server--database--node_purge_ttl) -* [`report_ttl`](#-puppetdb--server--database--report_ttl) -* [`facts_blacklist`](#-puppetdb--server--database--facts_blacklist) -* [`gc_interval`](#-puppetdb--server--database--gc_interval) -* [`node_purge_gc_batch_limit`](#-puppetdb--server--database--node_purge_gc_batch_limit) -* [`log_slow_statements`](#-puppetdb--server--database--log_slow_statements) -* [`conn_max_age`](#-puppetdb--server--database--conn_max_age) -* [`conn_keep_alive`](#-puppetdb--server--database--conn_keep_alive) -* [`conn_lifetime`](#-puppetdb--server--database--conn_lifetime) -* [`confdir`](#-puppetdb--server--database--confdir) -* [`puppetdb_user`](#-puppetdb--server--database--puppetdb_user) -* [`puppetdb_group`](#-puppetdb--server--database--puppetdb_group) -* [`database_max_pool_size`](#-puppetdb--server--database--database_max_pool_size) -* [`migrate`](#-puppetdb--server--database--migrate) -* [`postgresql_ssl_on`](#-puppetdb--server--database--postgresql_ssl_on) -* [`ssl_cert_path`](#-puppetdb--server--database--ssl_cert_path) -* [`ssl_key_pk8_path`](#-puppetdb--server--database--ssl_key_pk8_path) -* [`ssl_ca_cert_path`](#-puppetdb--server--database--ssl_ca_cert_path) - -##### `database` - -Data type: `Any` - - - -Default value: `$puppetdb::params::database` - -##### `database_host` - -Data type: `Any` - - - -Default value: `$puppetdb::params::database_host` - -##### `database_port` - -Data type: `Any` - - - -Default value: `$puppetdb::params::database_port` - -##### `database_username` - -Data type: `Any` - - - -Default value: `$puppetdb::params::database_username` - -##### `database_password` - -Data type: `Any` - - - -Default value: `$puppetdb::params::database_password` - -##### `database_name` - -Data type: `Any` - - - -Default value: `$puppetdb::params::database_name` - -##### `manage_db_password` - -Data type: `Any` - - - -Default value: `$puppetdb::params::manage_db_password` - -##### `jdbc_ssl_properties` - -Data type: `Any` - - - -Default value: `$puppetdb::params::jdbc_ssl_properties` - -##### `database_validate` - -Data type: `Any` - - - -Default value: `$puppetdb::params::database_validate` - -##### `database_embedded_path` - -Data type: `Any` - - - -Default value: `$puppetdb::params::database_embedded_path` - -##### `node_ttl` - -Data type: `Any` - - - -Default value: `$puppetdb::params::node_ttl` - -##### `node_purge_ttl` - -Data type: `Any` - - - -Default value: `$puppetdb::params::node_purge_ttl` - -##### `report_ttl` - -Data type: `Any` - - - -Default value: `$puppetdb::params::report_ttl` - -##### `facts_blacklist` - -Data type: `Any` - - - -Default value: `$puppetdb::params::facts_blacklist` - -##### `gc_interval` - -Data type: `Any` - - - -Default value: `$puppetdb::params::gc_interval` - -##### `node_purge_gc_batch_limit` - -Data type: `Any` - - - -Default value: `$puppetdb::params::node_purge_gc_batch_limit` - -##### `log_slow_statements` - -Data type: `Any` - - - -Default value: `$puppetdb::params::log_slow_statements` - -##### `conn_max_age` - -Data type: `Any` - - - -Default value: `$puppetdb::params::conn_max_age` - -##### `conn_keep_alive` - -Data type: `Any` - - - -Default value: `$puppetdb::params::conn_keep_alive` - -##### `conn_lifetime` - -Data type: `Any` - - - -Default value: `$puppetdb::params::conn_lifetime` - -##### `confdir` - -Data type: `Any` - - - -Default value: `$puppetdb::params::confdir` - -##### `puppetdb_user` - -Data type: `Any` - - - -Default value: `$puppetdb::params::puppetdb_user` - -##### `puppetdb_group` - -Data type: `Any` - - - -Default value: `$puppetdb::params::puppetdb_group` - -##### `database_max_pool_size` - -Data type: `Any` - - - -Default value: `$puppetdb::params::database_max_pool_size` - -##### `migrate` - -Data type: `Any` - - - -Default value: `$puppetdb::params::migrate` - -##### `postgresql_ssl_on` - -Data type: `Any` - - - -Default value: `$puppetdb::params::postgresql_ssl_on` - -##### `ssl_cert_path` - -Data type: `Any` - - - -Default value: `$puppetdb::params::ssl_cert_path` - -##### `ssl_key_pk8_path` - -Data type: `Any` - - - -Default value: `$puppetdb::params::ssl_key_pk8_path` - -##### `ssl_ca_cert_path` - -Data type: `Any` - - - -Default value: `$puppetdb::params::ssl_ca_cert_path` - -### `puppetdb::server::firewall` - -PRIVATE CLASS - do not use directly - -#### Parameters - -The following parameters are available in the `puppetdb::server::firewall` class: - -* [`http_port`](#-puppetdb--server--firewall--http_port) -* [`open_http_port`](#-puppetdb--server--firewall--open_http_port) -* [`ssl_port`](#-puppetdb--server--firewall--ssl_port) -* [`open_ssl_port`](#-puppetdb--server--firewall--open_ssl_port) - -##### `http_port` - -Data type: `Any` - - - -Default value: `$puppetdb::params::listen_port` - -##### `open_http_port` - -Data type: `Any` - - - -Default value: `$puppetdb::params::open_listen_port` - -##### `ssl_port` - -Data type: `Any` - - - -Default value: `$puppetdb::params::ssl_listen_port` - -##### `open_ssl_port` - -Data type: `Any` - - - -Default value: `$puppetdb::params::open_ssl_listen_port` - -### `puppetdb::server::global` - -PRIVATE CLASS - do not use directly - -#### Parameters - -The following parameters are available in the `puppetdb::server::global` class: - -* [`vardir`](#-puppetdb--server--global--vardir) -* [`confdir`](#-puppetdb--server--global--confdir) -* [`puppetdb_group`](#-puppetdb--server--global--puppetdb_group) - -##### `vardir` - -Data type: `Any` - - - -Default value: `$puppetdb::params::vardir` - -##### `confdir` - -Data type: `Any` - - - -Default value: `$puppetdb::params::confdir` - -##### `puppetdb_group` - -Data type: `Any` - - - -Default value: `$puppetdb::params::puppetdb_group` - -### `puppetdb::server::jetty` - -PRIVATE CLASS - do not use directly - -#### Parameters - -The following parameters are available in the `puppetdb::server::jetty` class: - -* [`listen_address`](#-puppetdb--server--jetty--listen_address) -* [`listen_port`](#-puppetdb--server--jetty--listen_port) -* [`disable_cleartext`](#-puppetdb--server--jetty--disable_cleartext) -* [`ssl_listen_address`](#-puppetdb--server--jetty--ssl_listen_address) -* [`ssl_listen_port`](#-puppetdb--server--jetty--ssl_listen_port) -* [`disable_ssl`](#-puppetdb--server--jetty--disable_ssl) -* [`ssl_set_cert_paths`](#-puppetdb--server--jetty--ssl_set_cert_paths) -* [`ssl_cert_path`](#-puppetdb--server--jetty--ssl_cert_path) -* [`ssl_key_path`](#-puppetdb--server--jetty--ssl_key_path) -* [`ssl_ca_cert_path`](#-puppetdb--server--jetty--ssl_ca_cert_path) -* [`ssl_protocols`](#-puppetdb--server--jetty--ssl_protocols) -* [`cipher_suites`](#-puppetdb--server--jetty--cipher_suites) -* [`confdir`](#-puppetdb--server--jetty--confdir) -* [`max_threads`](#-puppetdb--server--jetty--max_threads) -* [`puppetdb_user`](#-puppetdb--server--jetty--puppetdb_user) -* [`puppetdb_group`](#-puppetdb--server--jetty--puppetdb_group) - -##### `listen_address` - -Data type: `Any` - - - -Default value: `$puppetdb::params::listen_address` - -##### `listen_port` - -Data type: `Any` - - - -Default value: `$puppetdb::params::listen_port` - -##### `disable_cleartext` - -Data type: `Any` - - - -Default value: `$puppetdb::params::disable_cleartext` - -##### `ssl_listen_address` - -Data type: `Any` - - - -Default value: `$puppetdb::params::ssl_listen_address` - -##### `ssl_listen_port` - -Data type: `Any` - - - -Default value: `$puppetdb::params::ssl_listen_port` - -##### `disable_ssl` - -Data type: `Any` - - - -Default value: `$puppetdb::params::disable_ssl` - -##### `ssl_set_cert_paths` - -Data type: `Boolean` - - - -Default value: `$puppetdb::params::ssl_set_cert_paths` - -##### `ssl_cert_path` - -Data type: `Any` - - - -Default value: `$puppetdb::params::ssl_cert_path` - -##### `ssl_key_path` - -Data type: `Any` - - - -Default value: `$puppetdb::params::ssl_key_path` - -##### `ssl_ca_cert_path` - -Data type: `Any` - - - -Default value: `$puppetdb::params::ssl_ca_cert_path` - -##### `ssl_protocols` - -Data type: `Optional[String]` - - - -Default value: `$puppetdb::params::ssl_protocols` - -##### `cipher_suites` - -Data type: `Optional[String]` - - - -Default value: `$puppetdb::params::cipher_suites` - -##### `confdir` - -Data type: `Any` - - - -Default value: `$puppetdb::params::confdir` - -##### `max_threads` - -Data type: `Any` - - - -Default value: `$puppetdb::params::max_threads` - -##### `puppetdb_user` - -Data type: `Any` - - - -Default value: `$puppetdb::params::puppetdb_user` - -##### `puppetdb_group` - -Data type: `Any` - - - -Default value: `$puppetdb::params::puppetdb_group` - -### `puppetdb::server::puppetdb` - -PRIVATE CLASS - do not use directly - -#### Parameters - -The following parameters are available in the `puppetdb::server::puppetdb` class: - -* [`certificate_whitelist_file`](#-puppetdb--server--puppetdb--certificate_whitelist_file) -* [`certificate_whitelist`](#-puppetdb--server--puppetdb--certificate_whitelist) -* [`disable_update_checking`](#-puppetdb--server--puppetdb--disable_update_checking) -* [`confdir`](#-puppetdb--server--puppetdb--confdir) -* [`puppetdb_user`](#-puppetdb--server--puppetdb--puppetdb_user) -* [`puppetdb_group`](#-puppetdb--server--puppetdb--puppetdb_group) - -##### `certificate_whitelist_file` - -Data type: `Any` - - - -Default value: `$puppetdb::params::certificate_whitelist_file` - -##### `certificate_whitelist` - -Data type: `Any` - - - -Default value: `$puppetdb::params::certificate_whitelist` - -##### `disable_update_checking` - -Data type: `Any` - - - -Default value: `$puppetdb::params::disable_update_checking` - -##### `confdir` - -Data type: `Any` - - - -Default value: `$puppetdb::params::confdir` - -##### `puppetdb_user` - -Data type: `Any` - - - -Default value: `$puppetdb::params::puppetdb_user` - -##### `puppetdb_group` - -Data type: `Any` - - - -Default value: `$puppetdb::params::puppetdb_group` - -### `puppetdb::server::read_database` - -PRIVATE CLASS - do not use directly - -#### Parameters - -The following parameters are available in the `puppetdb::server::read_database` class: - -* [`read_database`](#-puppetdb--server--read_database--read_database) -* [`read_database_host`](#-puppetdb--server--read_database--read_database_host) -* [`read_database_port`](#-puppetdb--server--read_database--read_database_port) -* [`read_database_username`](#-puppetdb--server--read_database--read_database_username) -* [`read_database_password`](#-puppetdb--server--read_database--read_database_password) -* [`read_database_name`](#-puppetdb--server--read_database--read_database_name) -* [`manage_db_password`](#-puppetdb--server--read_database--manage_db_password) -* [`jdbc_ssl_properties`](#-puppetdb--server--read_database--jdbc_ssl_properties) -* [`database_validate`](#-puppetdb--server--read_database--database_validate) -* [`log_slow_statements`](#-puppetdb--server--read_database--log_slow_statements) -* [`conn_max_age`](#-puppetdb--server--read_database--conn_max_age) -* [`conn_keep_alive`](#-puppetdb--server--read_database--conn_keep_alive) -* [`conn_lifetime`](#-puppetdb--server--read_database--conn_lifetime) -* [`confdir`](#-puppetdb--server--read_database--confdir) -* [`puppetdb_user`](#-puppetdb--server--read_database--puppetdb_user) -* [`puppetdb_group`](#-puppetdb--server--read_database--puppetdb_group) -* [`database_max_pool_size`](#-puppetdb--server--read_database--database_max_pool_size) -* [`postgresql_ssl_on`](#-puppetdb--server--read_database--postgresql_ssl_on) -* [`ssl_cert_path`](#-puppetdb--server--read_database--ssl_cert_path) -* [`ssl_key_pk8_path`](#-puppetdb--server--read_database--ssl_key_pk8_path) -* [`ssl_ca_cert_path`](#-puppetdb--server--read_database--ssl_ca_cert_path) - -##### `read_database` - -Data type: `Any` - - - -Default value: `$puppetdb::params::read_database` - -##### `read_database_host` - -Data type: `Any` - - - -Default value: `$puppetdb::params::read_database_host` - -##### `read_database_port` - -Data type: `Any` - - - -Default value: `$puppetdb::params::read_database_port` - -##### `read_database_username` - -Data type: `Any` - - - -Default value: `$puppetdb::params::read_database_username` - -##### `read_database_password` - -Data type: `Any` - - - -Default value: `$puppetdb::params::read_database_password` - -##### `read_database_name` - -Data type: `Any` - - - -Default value: `$puppetdb::params::read_database_name` - -##### `manage_db_password` - -Data type: `Any` - - - -Default value: `$puppetdb::params::manage_read_db_password` - -##### `jdbc_ssl_properties` - -Data type: `Any` - - - -Default value: `$puppetdb::params::read_database_jdbc_ssl_properties` - -##### `database_validate` - -Data type: `Any` - - - -Default value: `$puppetdb::params::read_database_validate` - -##### `log_slow_statements` - -Data type: `Any` - - - -Default value: `$puppetdb::params::read_log_slow_statements` - -##### `conn_max_age` - -Data type: `Any` - - - -Default value: `$puppetdb::params::read_conn_max_age` - -##### `conn_keep_alive` - -Data type: `Any` - - - -Default value: `$puppetdb::params::read_conn_keep_alive` - -##### `conn_lifetime` - -Data type: `Any` - - - -Default value: `$puppetdb::params::read_conn_lifetime` - -##### `confdir` - -Data type: `Any` - - - -Default value: `$puppetdb::params::confdir` - -##### `puppetdb_user` - -Data type: `Any` - - - -Default value: `$puppetdb::params::puppetdb_user` - -##### `puppetdb_group` - -Data type: `Any` - - - -Default value: `$puppetdb::params::puppetdb_group` - -##### `database_max_pool_size` - -Data type: `Any` - - - -Default value: `$puppetdb::params::read_database_max_pool_size` - -##### `postgresql_ssl_on` - -Data type: `Any` - - - -Default value: `$puppetdb::params::postgresql_ssl_on` - -##### `ssl_cert_path` - -Data type: `Any` - - - -Default value: `$puppetdb::params::ssl_cert_path` - -##### `ssl_key_pk8_path` - -Data type: `Any` - - - -Default value: `$puppetdb::params::ssl_key_pk8_path` - -##### `ssl_ca_cert_path` - -Data type: `Any` - - - -Default value: `$puppetdb::params::ssl_ca_cert_path` - -### `puppetdb::server::validate_db` - -This validates a database connection. See README.md for more details. - -#### Parameters - -The following parameters are available in the `puppetdb::server::validate_db` class: - -* [`database`](#-puppetdb--server--validate_db--database) -* [`database_host`](#-puppetdb--server--validate_db--database_host) -* [`database_port`](#-puppetdb--server--validate_db--database_port) -* [`database_username`](#-puppetdb--server--validate_db--database_username) -* [`database_password`](#-puppetdb--server--validate_db--database_password) -* [`database_name`](#-puppetdb--server--validate_db--database_name) -* [`jdbc_ssl_properties`](#-puppetdb--server--validate_db--jdbc_ssl_properties) - -##### `database` - -Data type: `Any` - - - -Default value: `$puppetdb::params::database` - -##### `database_host` - -Data type: `Any` - - - -Default value: `$puppetdb::params::database_host` - -##### `database_port` - -Data type: `Any` - - - -Default value: `$puppetdb::params::database_port` - -##### `database_username` - -Data type: `Any` - - - -Default value: `$puppetdb::params::database_username` - -##### `database_password` - -Data type: `Any` - - - -Default value: `$puppetdb::params::database_password` - -##### `database_name` - -Data type: `Any` - - - -Default value: `$puppetdb::params::database_name` - -##### `jdbc_ssl_properties` - -Data type: `Any` - - - -Default value: `$puppetdb::params::jdbc_ssl_properties` - -### `puppetdb::server::validate_read_db` - -This validates a database connection. See README.md for more details. - -#### Parameters - -The following parameters are available in the `puppetdb::server::validate_read_db` class: - -* [`database`](#-puppetdb--server--validate_read_db--database) -* [`database_host`](#-puppetdb--server--validate_read_db--database_host) -* [`database_port`](#-puppetdb--server--validate_read_db--database_port) -* [`database_username`](#-puppetdb--server--validate_read_db--database_username) -* [`database_password`](#-puppetdb--server--validate_read_db--database_password) -* [`database_name`](#-puppetdb--server--validate_read_db--database_name) -* [`jdbc_ssl_properties`](#-puppetdb--server--validate_read_db--jdbc_ssl_properties) - -##### `database` - -Data type: `Any` - - - -Default value: `$puppetdb::params::database` - -##### `database_host` - -Data type: `Any` - - - -Default value: `$puppetdb::params::database_host` - -##### `database_port` - -Data type: `Any` - - - -Default value: `$puppetdb::params::database_port` - -##### `database_username` - -Data type: `Any` - - - -Default value: `$puppetdb::params::database_username` - -##### `database_password` - -Data type: `Any` - - - -Default value: `$puppetdb::params::database_password` - -##### `database_name` - -Data type: `Any` - - - -Default value: `$puppetdb::params::database_name` - -##### `jdbc_ssl_properties` - -Data type: `Any` - - - -Default value: `$puppetdb::params::jdbc_ssl_properties` - -## Defined types - -### `puppetdb::database::default_read_grant` - -Private class. Grant read permissions to $database_read_only_username by default, for new tables created by -$database_username. - -#### Parameters - -The following parameters are available in the `puppetdb::database::default_read_grant` defined type: - -* [`database_name`](#-puppetdb--database--default_read_grant--database_name) -* [`schema`](#-puppetdb--database--default_read_grant--schema) -* [`database_username`](#-puppetdb--database--default_read_grant--database_username) -* [`database_read_only_username`](#-puppetdb--database--default_read_grant--database_read_only_username) - -##### `database_name` - -Data type: `String` - - - -##### `schema` - -Data type: `String` - - - -##### `database_username` - -Data type: `String` - - - -##### `database_read_only_username` - -Data type: `String` - - - -### `puppetdb::database::postgresql_ssl_rules` - -Private class for configuring the pg_ident.conf and pg_hba.conf files - -#### Parameters - -The following parameters are available in the `puppetdb::database::postgresql_ssl_rules` defined type: - -* [`database_name`](#-puppetdb--database--postgresql_ssl_rules--database_name) -* [`database_username`](#-puppetdb--database--postgresql_ssl_rules--database_username) -* [`puppetdb_server`](#-puppetdb--database--postgresql_ssl_rules--puppetdb_server) - -##### `database_name` - -Data type: `String` - - - -##### `database_username` - -Data type: `String` - - - -##### `puppetdb_server` - -Data type: `String` - - - -### `puppetdb::database::read_grant` - -Private class. Grant read-only permissions to $database_read_only_username for all objects in $schema of -$database_name - -#### Parameters - -The following parameters are available in the `puppetdb::database::read_grant` defined type: - -* [`database_name`](#-puppetdb--database--read_grant--database_name) -* [`schema`](#-puppetdb--database--read_grant--schema) -* [`database_read_only_username`](#-puppetdb--database--read_grant--database_read_only_username) - -##### `database_name` - -Data type: `String` - - - -##### `schema` - -Data type: `String` - - - -##### `database_read_only_username` - -Data type: `String` - - - -### `puppetdb::database::read_only_user` - -The puppetdb::database::read_only_user class. - -#### Parameters - -The following parameters are available in the `puppetdb::database::read_only_user` defined type: - -* [`read_database_username`](#-puppetdb--database--read_only_user--read_database_username) -* [`database_name`](#-puppetdb--database--read_only_user--database_name) -* [`database_owner`](#-puppetdb--database--read_only_user--database_owner) -* [`password_hash`](#-puppetdb--database--read_only_user--password_hash) - -##### `read_database_username` - -Data type: `String` - - - -##### `database_name` - -Data type: `String` - - - -##### `database_owner` - -Data type: `String` - - - -##### `password_hash` - -Data type: `Variant[String, Boolean]` - - - -Default value: `false` - -## Resource types - -### `puppetdb_conn_validator` - -Verify that a connection can be successfully established between a node -and the puppetdb server. Its primary use is as a precondition to -prevent configuration changes from being applied if the puppetdb -server cannot be reached, but it could potentially be used for other -purposes such as monitoring. - -#### Properties - -The following properties are available in the `puppetdb_conn_validator` type. - -##### `ensure` - -Valid values: `present`, `absent` - -The basic property that the resource should be in. - -Default value: `present` - -#### Parameters - -The following parameters are available in the `puppetdb_conn_validator` type. - -* [`name`](#-puppetdb_conn_validator--name) -* [`provider`](#-puppetdb_conn_validator--provider) -* [`puppetdb_port`](#-puppetdb_conn_validator--puppetdb_port) -* [`puppetdb_server`](#-puppetdb_conn_validator--puppetdb_server) -* [`test_url`](#-puppetdb_conn_validator--test_url) -* [`timeout`](#-puppetdb_conn_validator--timeout) -* [`use_ssl`](#-puppetdb_conn_validator--use_ssl) - -##### `name` - -namevar - -An arbitrary name used as the identity of the resource. - -##### `provider` - -The specific backend to use for this `puppetdb_conn_validator` resource. You will seldom need to specify this --- Puppet -will usually discover the appropriate provider for your platform. - -##### `puppetdb_port` - -The port that the puppetdb server should be listening on. - -##### `puppetdb_server` - -The DNS name or IP address of the server where puppetdb should be running. - -##### `test_url` - -URL to use for testing if the PuppetDB database is up - -##### `timeout` - -The max number of seconds that the validator should wait before giving up and deciding that puppetdb is not running; -defaults to 15 seconds. - -Default value: `15` - -##### `use_ssl` - -Whether the connection will be attempted using https - -Default value: `true` - -## Functions - -### `puppetdb::create_subsetting_resource_hash` - -Type: Ruby 4.x API +Type: Ruby 4.x API The puppetdb::create_subsetting_resource_hash function. @@ -3496,43 +2119,3 @@ The Puppetdb::Ttl data type. Alias of `Pattern[/^\d+(d|h|m|s|ms)$/]` -## Tasks - -### `lxd_exp` - -Provision/Tear down a machine on LXD - -**Supports noop?** false - -#### Parameters - -##### `action` - -Data type: `Enum[provision, tear_down]` - -Action to perform, tear_down or provision - -##### `inventory` - -Data type: `Optional[String[1]]` - -Location of the inventory file - -##### `node_name` - -Data type: `Optional[String[1]]` - -The name of the node - -##### `platform` - -Data type: `Optional[String[1]]` - -Platform to provision, eg ubuntu:14.04 - -##### `vars` - -Data type: `Optional[String[1]]` - -YAML string of key/value pairs to add to the inventory vars section - diff --git a/Rakefile b/Rakefile index 1763bb6a..1bb57eae 100644 --- a/Rakefile +++ b/Rakefile @@ -43,7 +43,6 @@ end PuppetLint.configuration.send('disable_relative') PuppetLint.configuration.send('disable_parameter_types') PuppetLint.configuration.send('disable_parameter_documentation') -PuppetLint.configuration.send('disable_documentation') PuppetLint.configuration.send('disable_140chars') diff --git a/manifests/database/default_read_grant.pp b/manifests/database/default_read_grant.pp index fea87f96..4a037d28 100644 --- a/manifests/database/default_read_grant.pp +++ b/manifests/database/default_read_grant.pp @@ -1,5 +1,6 @@ -# Private class. Grant read permissions to $database_read_only_username by default, for new tables created by -# $database_username. +# grant read permissions to $database_read_only_username by default, for new tables created by $database_username +# +# @api private define puppetdb::database::default_read_grant ( String $database_name, String $schema, diff --git a/manifests/database/postgresql.pp b/manifests/database/postgresql.pp index 00f8c42b..b46b865c 100644 --- a/manifests/database/postgresql.pp +++ b/manifests/database/postgresql.pp @@ -1,5 +1,5 @@ -# Class for creating the PuppetDB postgresql database. See README.md for more -# information. +# create the PuppetDB postgresql database +# class puppetdb::database::postgresql ( $listen_addresses = $puppetdb::params::database_host, $puppetdb_server = $puppetdb::params::puppetdb_server, diff --git a/manifests/database/postgresql_ssl_rules.pp b/manifests/database/postgresql_ssl_rules.pp index a217d612..cf8d8bbd 100644 --- a/manifests/database/postgresql_ssl_rules.pp +++ b/manifests/database/postgresql_ssl_rules.pp @@ -1,4 +1,6 @@ -# Private class for configuring the pg_ident.conf and pg_hba.conf files +# manage the pg_ident.conf and pg_hba.conf files +# +# @api private define puppetdb::database::postgresql_ssl_rules ( String $database_name, String $database_username, diff --git a/manifests/database/read_grant.pp b/manifests/database/read_grant.pp index 7cbfbc6e..2c622af5 100644 --- a/manifests/database/read_grant.pp +++ b/manifests/database/read_grant.pp @@ -1,5 +1,6 @@ -# Private class. Grant read-only permissions to $database_read_only_username for all objects in $schema of -# $database_name +# grant read-only permissions to $database_read_only_username for all objects in $schema of $database_name +# +# @api private define puppetdb::database::read_grant ( String $database_name, String $schema, diff --git a/manifests/database/read_only_user.pp b/manifests/database/read_only_user.pp index 78269328..457218a9 100644 --- a/manifests/database/read_only_user.pp +++ b/manifests/database/read_only_user.pp @@ -1,4 +1,3 @@ -# Private class # A define type to manage the creation of a read-only postgres users. # In particular, it manages the necessary grants to enable such a user # to have read-only access to any existing objects as well as changes @@ -10,7 +9,8 @@ # @param database_owner [String] The user which owns the database (i.e. the migration user # for the database). # @param password_hash [String] The value of $_database_password in app_database. - +# +# @api private define puppetdb::database::read_only_user ( String $read_database_username, String $database_name, diff --git a/manifests/database/ssl_configuration.pp b/manifests/database/ssl_configuration.pp index a5c085e5..dc11281a 100644 --- a/manifests/database/ssl_configuration.pp +++ b/manifests/database/ssl_configuration.pp @@ -1,5 +1,6 @@ -# Class for configuring SSL connection for the PuppetDB postgresql database. See README.md for more -# information. +# configure SSL for the PuppetDB postgresql database +# +# @api private class puppetdb::database::ssl_configuration ( $database_name = $puppetdb::params::database_name, $database_username = $puppetdb::params::database_username, diff --git a/manifests/globals.pp b/manifests/globals.pp index f703db60..78e6629e 100644 --- a/manifests/globals.pp +++ b/manifests/globals.pp @@ -1,4 +1,5 @@ -# Global configuration class for PuppetDB. See README.md for more details. +# global configuration class for PuppetDB +# class puppetdb::globals ( $version = 'present', $database = 'postgres', diff --git a/manifests/init.pp b/manifests/init.pp index 5160ed6b..c6966b08 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,5 +1,5 @@ -# All in one class for setting up a PuppetDB instance. See README.md for more -# details. +# manage PuppetDB +# class puppetdb ( $listen_address = $puppetdb::params::listen_address, $listen_port = $puppetdb::params::listen_port, diff --git a/manifests/master/config.pp b/manifests/master/config.pp index eb9fb1d9..f591c518 100644 --- a/manifests/master/config.pp +++ b/manifests/master/config.pp @@ -1,4 +1,5 @@ -# Manage puppet configuration. See README.md for more details. +# manage the puppet configuration on the primary +# class puppetdb::master::config ( $puppetdb_server = fact('networking.fqdn'), $puppetdb_port = defined(Class['puppetdb']) ? { diff --git a/manifests/master/puppetdb_conf.pp b/manifests/master/puppetdb_conf.pp index 3cf8d706..d93452c3 100644 --- a/manifests/master/puppetdb_conf.pp +++ b/manifests/master/puppetdb_conf.pp @@ -1,5 +1,6 @@ -# Manage the puppetdb.conf file on the puppeet master. See README.md for more -# details. +# manage the puppetdb.conf file on the puppet primary +# +# @api private class puppetdb::master::puppetdb_conf ( $server = 'localhost', $port = '8081', diff --git a/manifests/master/report_processor.pp b/manifests/master/report_processor.pp index 4002d596..cd328f29 100644 --- a/manifests/master/report_processor.pp +++ b/manifests/master/report_processor.pp @@ -1,5 +1,6 @@ -# Manage the installation of the report processor on the master. See README.md -# for more details. +# manage the installation of the report processor on the primary +# +# @api private class puppetdb::master::report_processor ( $puppet_conf = $puppetdb::params::puppet_conf, $masterless = $puppetdb::params::masterless, diff --git a/manifests/master/routes.pp b/manifests/master/routes.pp index 87435b06..091f0ecb 100644 --- a/manifests/master/routes.pp +++ b/manifests/master/routes.pp @@ -1,5 +1,6 @@ -# Manages the routes configuration file on the master. See README.md for more -# details. +# manages the routes configuration file on the master +# +# @api private class puppetdb::master::routes ( $puppet_confdir = $puppetdb::params::puppet_confdir, $masterless = $puppetdb::params::masterless, diff --git a/manifests/master/storeconfigs.pp b/manifests/master/storeconfigs.pp index a547e517..de0121c8 100644 --- a/manifests/master/storeconfigs.pp +++ b/manifests/master/storeconfigs.pp @@ -1,5 +1,7 @@ -# This class configures the puppet master to enable storeconfigs and to use -# puppetdb as the storeconfigs backend. See README.md for more details. +# configure the puppet master to enable storeconfigs and to use puppetdb as +# the storeconfigs backend +# +# @api private class puppetdb::master::storeconfigs ( $puppet_conf = $puppetdb::params::puppet_conf, $masterless = $puppetdb::params::masterless, diff --git a/manifests/params.pp b/manifests/params.pp index 50681de0..5507615e 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -1,6 +1,6 @@ -# PRIVATE CLASS - do not use directly +# default configuration settings # -# The puppetdb default configuration settings. +# @api private class puppetdb::params inherits puppetdb::globals { $listen_address = 'localhost' $listen_port = '8080' diff --git a/manifests/server.pp b/manifests/server.pp index 6ec90c88..9e61c3df 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -1,4 +1,5 @@ -# Class to configure a PuppetDB server. See README.md for more details. +# manage the PuppetDB server +# class puppetdb::server ( $listen_address = $puppetdb::params::listen_address, $listen_port = $puppetdb::params::listen_port, diff --git a/manifests/server/command_processing.pp b/manifests/server/command_processing.pp index 7a3cd2a3..a70663db 100644 --- a/manifests/server/command_processing.pp +++ b/manifests/server/command_processing.pp @@ -1,4 +1,6 @@ -# PRIVATE CLASS - do not use directly +# manage puppetdb config ini +# +# @api private class puppetdb::server::command_processing ( $command_threads = $puppetdb::params::command_threads, $concurrent_writes = $puppetdb::params::concurrent_writes, diff --git a/manifests/server/database.pp b/manifests/server/database.pp index d541a1e4..9e5ea5ed 100644 --- a/manifests/server/database.pp +++ b/manifests/server/database.pp @@ -1,4 +1,6 @@ -# PRIVATE CLASS - do not use directly +# manage puppetdb database ini +# +# @api private class puppetdb::server::database ( $database = $puppetdb::params::database, $database_host = $puppetdb::params::database_host, diff --git a/manifests/server/firewall.pp b/manifests/server/firewall.pp index 2793660d..686d8b82 100644 --- a/manifests/server/firewall.pp +++ b/manifests/server/firewall.pp @@ -1,4 +1,6 @@ -# PRIVATE CLASS - do not use directly +# manage puppetdb firewall rules +# +# @api private class puppetdb::server::firewall ( $http_port = $puppetdb::params::listen_port, $open_http_port = $puppetdb::params::open_listen_port, diff --git a/manifests/server/global.pp b/manifests/server/global.pp index 874601a8..46853a85 100644 --- a/manifests/server/global.pp +++ b/manifests/server/global.pp @@ -1,4 +1,6 @@ -# PRIVATE CLASS - do not use directly +# manage puppetdb global setting +# +# @api private class puppetdb::server::global ( $vardir = $puppetdb::params::vardir, $confdir = $puppetdb::params::confdir, diff --git a/manifests/server/jetty.pp b/manifests/server/jetty.pp index bb155ec3..6b232163 100644 --- a/manifests/server/jetty.pp +++ b/manifests/server/jetty.pp @@ -1,4 +1,6 @@ -# PRIVATE CLASS - do not use directly +# configures puppetdb jetty ini +# +# @api private class puppetdb::server::jetty ( $listen_address = $puppetdb::params::listen_address, $listen_port = $puppetdb::params::listen_port, diff --git a/manifests/server/puppetdb.pp b/manifests/server/puppetdb.pp index b77e48a9..0c1462d7 100644 --- a/manifests/server/puppetdb.pp +++ b/manifests/server/puppetdb.pp @@ -1,4 +1,6 @@ -# PRIVATE CLASS - do not use directly +# manage puppetdb ini +# +# @api private class puppetdb::server::puppetdb ( $certificate_whitelist_file = $puppetdb::params::certificate_whitelist_file, $certificate_whitelist = $puppetdb::params::certificate_whitelist, diff --git a/manifests/server/read_database.pp b/manifests/server/read_database.pp index e3407b7d..d7796b03 100644 --- a/manifests/server/read_database.pp +++ b/manifests/server/read_database.pp @@ -1,4 +1,6 @@ -# PRIVATE CLASS - do not use directly +# manage puppetdb read_database ini +# +# @api private class puppetdb::server::read_database ( $read_database = $puppetdb::params::read_database, $read_database_host = $puppetdb::params::read_database_host, diff --git a/manifests/server/validate_db.pp b/manifests/server/validate_db.pp index faa06410..8a9d1ba3 100644 --- a/manifests/server/validate_db.pp +++ b/manifests/server/validate_db.pp @@ -1,4 +1,6 @@ -# This validates a database connection. See README.md for more details. +# validates the database connection +# +# @api private class puppetdb::server::validate_db ( $database = $puppetdb::params::database, $database_host = $puppetdb::params::database_host, diff --git a/manifests/server/validate_read_db.pp b/manifests/server/validate_read_db.pp index bbf19986..22813178 100644 --- a/manifests/server/validate_read_db.pp +++ b/manifests/server/validate_read_db.pp @@ -1,4 +1,6 @@ -# This validates a database connection. See README.md for more details. +# validates the read only database connection +# +# @api private class puppetdb::server::validate_read_db ( $database = $puppetdb::params::database, $database_host = $puppetdb::params::database_host, From c1b2b417932a2e1dd9ad3cbfca9f6eb6044a0054 Mon Sep 17 00:00:00 2001 From: Jeffrey Clark Date: Sat, 3 Feb 2024 10:52:37 -0600 Subject: [PATCH 40/97] drop everything related to embedded database support --- CHANGELOG.md | 1 + README.md | 46 ++---------- REFERENCE.md | 63 ----------------- manifests/globals.pp | 1 - manifests/init.pp | 60 +++++++--------- manifests/params.pp | 7 -- manifests/server.pp | 16 ----- manifests/server/database.pp | 70 ++++++++----------- manifests/server/read_database.pp | 64 ++++++++--------- manifests/server/validate_db.pp | 7 +- manifests/server/validate_read_db.pp | 7 +- spec/support/unit/shared/inherits.rb | 1 - spec/unit/classes/server/database_ini_spec.rb | 20 ------ spec/unit/classes/server/validate_db_spec.rb | 7 -- .../classes/server/validate_read_db_spec.rb | 7 -- 15 files changed, 94 insertions(+), 283 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5f4c56d2..48f12f8c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,7 @@ Release notes for the puppetlabs-puppetdb module. #### Unreleased * Drop support for Puppet 6 * Drop support for Ubuntu 16.04 and Scientific Linux 7 +* Remove all code related to embedded database #### 7.14.0 - 2023/10/09 * Owner of puppetdb config.ini is now root diff --git a/README.md b/README.md index 8bd752e2..158e9350 100644 --- a/README.md +++ b/README.md @@ -52,13 +52,6 @@ Setup To begin using PuppetDB, you’ll have to make a few decisions: -* Which database back-end should I use? - * PostgreSQL (default) or our embedded database - * Embedded database - * **note:** As of PuppetDB 4.0, the embedded database is no longer supported as - an option. When running PuppetDB 3.x, we suggest using the embedded database - only for experimental environments rather than production, as it does not scale - well and can cause difficulty in migrating to PostgreSQL. * Should I run the database on the same node that I run PuppetDB on? * Should I run PuppetDB on the same node that I run my master on? @@ -432,35 +425,22 @@ If true, the PostgreSQL server will be managed by this module. Defaults to `true If true, the PostgreSQL database will be managed by this module. Defaults to `true`. -#### `database` - -Which database backend to use; legal values are `postgres` (default) -or `embedded`. The `embedded` option is not supported on PuppetDB -4.0.0 or later. `embedded` can be used for very small installations or -for testing, but is not recommended for use in production -environments. For more info, see the [puppetdb -docs](https://puppet.com/docs/puppetdb/latest/). - #### `database_host` Hostname to use for the database connection. For single case installations this -should be left as the default. Defaults to `localhost`, ignored for `embedded` -database. +should be left as the default. Defaults to `localhost`. #### `database_port` -The port that the database server listens on. Defaults to `5432`, ignored for -`embedded` database. +The port that the database server listens on. Defaults to `5432`. #### `database_username` -The name of the database user to connect as. Defaults to `puppetdb`, ignored for -`embedded` database. +The name of the database user to connect as. Defaults to `puppetdb`. #### `database_password` -The password for the database user. Defaults to `puppetdb`, ignored for -`embedded` database. +The password for the database user. Defaults to `puppetdb`. #### `manage_db_password` @@ -470,8 +450,7 @@ Defaults to `true` #### `database_name` -The name of the database instance to connect to. Defaults to `puppetdb`, ignored -for `embedded` database. +The name of the database instance to connect to. Defaults to `puppetdb`. #### `jdbc_ssl_properties` @@ -479,21 +458,11 @@ The text to append to the JDBC connection URI. This should begin with a '?' character. For example, to use SSL for the PostgreSQL connection, set this parameter's value to `?ssl=true`. -This setting is only available when using PostgreSQL; when using HyperSQL (the -`embedded` database), it does nothing. - #### `database_validate` If true, the module will attempt to connect to the database using the specified settings and fail if it is not able to do so. Defaults to `true`. -#### `database_embedded_path` - -*Embedded Database Only* Changes the path location for the HSQLDB database. Does - not provide migration for old data, so if you change this value and you have an - existing database you will need to manually move the content also. (defaults to - package default for 2.x release). - #### `node_ttl` The length of time a node can go without receiving any new data before it's @@ -600,11 +569,6 @@ init config file will reflect only what is passed via the `java_args` param. Jetty option to explicitly set `max-threads`. Defaults to `undef`, so the PuppetDB-Jetty default is used. -#### `read_database` - -Which database backend to use for the read database. Only supports -`postgres` (default). This option is supported in PuppetDB >= 1.6. - #### `read_database_host` *This parameter must be set to use another PuppetDB instance for queries.* diff --git a/REFERENCE.md b/REFERENCE.md index d0b37c5a..e02dbb6e 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -94,7 +94,6 @@ The following parameters are available in the `puppetdb` class: * [`manage_database`](#-puppetdb--manage_database) * [`manage_package_repo`](#-puppetdb--manage_package_repo) * [`postgres_version`](#-puppetdb--postgres_version) -* [`database`](#-puppetdb--database) * [`database_host`](#-puppetdb--database_host) * [`database_port`](#-puppetdb--database_port) * [`database_username`](#-puppetdb--database_username) @@ -104,7 +103,6 @@ The following parameters are available in the `puppetdb` class: * [`jdbc_ssl_properties`](#-puppetdb--jdbc_ssl_properties) * [`database_listen_address`](#-puppetdb--database_listen_address) * [`database_validate`](#-puppetdb--database_validate) -* [`database_embedded_path`](#-puppetdb--database_embedded_path) * [`node_ttl`](#-puppetdb--node_ttl) * [`node_purge_ttl`](#-puppetdb--node_purge_ttl) * [`report_ttl`](#-puppetdb--report_ttl) @@ -121,7 +119,6 @@ The following parameters are available in the `puppetdb` class: * [`puppetdb_user`](#-puppetdb--puppetdb_user) * [`puppetdb_group`](#-puppetdb--puppetdb_group) * [`puppetdb_server`](#-puppetdb--puppetdb_server) -* [`read_database`](#-puppetdb--read_database) * [`read_database_host`](#-puppetdb--read_database_host) * [`read_database_port`](#-puppetdb--read_database_port) * [`read_database_username`](#-puppetdb--read_database_username) @@ -394,14 +391,6 @@ Data type: `Any` Default value: `$puppetdb::params::postgres_version` -##### `database` - -Data type: `Any` - - - -Default value: `$puppetdb::params::database` - ##### `database_host` Data type: `Any` @@ -474,14 +463,6 @@ Data type: `Any` Default value: `$puppetdb::params::database_validate` -##### `database_embedded_path` - -Data type: `Any` - - - -Default value: `$puppetdb::params::database_embedded_path` - ##### `node_ttl` Data type: `Any` @@ -610,14 +591,6 @@ Data type: `Any` Default value: `$puppetdb::params::puppetdb_server` -##### `read_database` - -Data type: `Any` - - - -Default value: `$puppetdb::params::read_database` - ##### `read_database_host` Data type: `Any` @@ -1037,7 +1010,6 @@ global configuration class for PuppetDB The following parameters are available in the `puppetdb::globals` class: * [`version`](#-puppetdb--globals--version) -* [`database`](#-puppetdb--globals--database) * [`puppet_confdir`](#-puppetdb--globals--puppet_confdir) ##### `version` @@ -1048,14 +1020,6 @@ Data type: `Any` Default value: `'present'` -##### `database` - -Data type: `Any` - - - -Default value: `'postgres'` - ##### `puppet_confdir` Data type: `Stdlib::Absolutepath` @@ -1298,7 +1262,6 @@ The following parameters are available in the `puppetdb::server` class: * [`postgresql_ssl_on`](#-puppetdb--server--postgresql_ssl_on) * [`cipher_suites`](#-puppetdb--server--cipher_suites) * [`migrate`](#-puppetdb--server--migrate) -* [`database`](#-puppetdb--server--database) * [`database_host`](#-puppetdb--server--database_host) * [`database_port`](#-puppetdb--server--database_port) * [`database_username`](#-puppetdb--server--database_username) @@ -1307,7 +1270,6 @@ The following parameters are available in the `puppetdb::server` class: * [`manage_db_password`](#-puppetdb--server--manage_db_password) * [`jdbc_ssl_properties`](#-puppetdb--server--jdbc_ssl_properties) * [`database_validate`](#-puppetdb--server--database_validate) -* [`database_embedded_path`](#-puppetdb--server--database_embedded_path) * [`node_ttl`](#-puppetdb--server--node_ttl) * [`node_purge_ttl`](#-puppetdb--server--node_purge_ttl) * [`report_ttl`](#-puppetdb--server--report_ttl) @@ -1323,7 +1285,6 @@ The following parameters are available in the `puppetdb::server` class: * [`puppetdb_service_status`](#-puppetdb--server--puppetdb_service_status) * [`puppetdb_user`](#-puppetdb--server--puppetdb_user) * [`puppetdb_group`](#-puppetdb--server--puppetdb_group) -* [`read_database`](#-puppetdb--server--read_database) * [`read_database_host`](#-puppetdb--server--read_database_host) * [`read_database_port`](#-puppetdb--server--read_database_port) * [`read_database_username`](#-puppetdb--server--read_database_username) @@ -1533,14 +1494,6 @@ Data type: `Any` Default value: `$puppetdb::params::migrate` -##### `database` - -Data type: `Any` - - - -Default value: `$puppetdb::params::database` - ##### `database_host` Data type: `Any` @@ -1605,14 +1558,6 @@ Data type: `Any` Default value: `$puppetdb::params::database_validate` -##### `database_embedded_path` - -Data type: `Any` - - - -Default value: `$puppetdb::params::database_embedded_path` - ##### `node_ttl` Data type: `Any` @@ -1733,14 +1678,6 @@ Data type: `Any` Default value: `$puppetdb::params::puppetdb_group` -##### `read_database` - -Data type: `Any` - - - -Default value: `$puppetdb::params::read_database` - ##### `read_database_host` Data type: `Any` diff --git a/manifests/globals.pp b/manifests/globals.pp index 78e6629e..361b1b9f 100644 --- a/manifests/globals.pp +++ b/manifests/globals.pp @@ -2,7 +2,6 @@ # class puppetdb::globals ( $version = 'present', - $database = 'postgres', Stdlib::Absolutepath $puppet_confdir = $settings::confdir, ) { if !(fact('os.family') in ['RedHat', 'Suse', 'Archlinux', 'Debian', 'OpenBSD', 'FreeBSD']) { diff --git a/manifests/init.pp b/manifests/init.pp index c6966b08..ae78d2f8 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -31,7 +31,6 @@ $manage_database = $puppetdb::params::manage_database, $manage_package_repo = $puppetdb::params::manage_pg_repo, $postgres_version = $puppetdb::params::postgres_version, - $database = $puppetdb::params::database, $database_host = $puppetdb::params::database_host, $database_port = $puppetdb::params::database_port, $database_username = $puppetdb::params::database_username, @@ -41,7 +40,6 @@ $jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties, $database_listen_address = $puppetdb::params::postgres_listen_addresses, $database_validate = $puppetdb::params::database_validate, - $database_embedded_path = $puppetdb::params::database_embedded_path, $node_ttl = $puppetdb::params::node_ttl, $node_purge_ttl = $puppetdb::params::node_purge_ttl, $report_ttl = $puppetdb::params::report_ttl, @@ -58,7 +56,6 @@ $puppetdb_user = $puppetdb::params::puppetdb_user, $puppetdb_group = $puppetdb::params::puppetdb_group, $puppetdb_server = $puppetdb::params::puppetdb_server, - $read_database = $puppetdb::params::read_database, $read_database_host = $puppetdb::params::read_database_host, $read_database_port = $puppetdb::params::read_database_port, $read_database_username = $puppetdb::params::read_database_username, @@ -114,7 +111,6 @@ postgresql_ssl_on => $postgresql_ssl_on, cipher_suites => $cipher_suites, migrate => $migrate, - database => $database, database_host => $database_host, database_port => $database_port, database_username => $database_username, @@ -123,7 +119,6 @@ manage_db_password => $manage_db_password, jdbc_ssl_properties => $jdbc_ssl_properties, database_validate => $database_validate, - database_embedded_path => $database_embedded_path, node_ttl => $node_ttl, node_purge_ttl => $node_purge_ttl, report_ttl => $report_ttl, @@ -142,7 +137,6 @@ java_args => $java_args, merge_default_java_args => $merge_default_java_args, max_threads => $max_threads, - read_database => $read_database, read_database_host => $read_database_host, read_database_port => $read_database_port, read_database_username => $read_database_username, @@ -174,34 +168,32 @@ java_bin => $java_bin, } - if ($database == 'postgres') { - $database_before = str2bool($database_validate) ? { - false => Class['puppetdb::server'], - default => [ - Class['puppetdb::server'], - Class['puppetdb::server::validate_db'] - ], - } + $database_before = str2bool($database_validate) ? { + false => Class['puppetdb::server'], + default => [ + Class['puppetdb::server'], + Class['puppetdb::server::validate_db'] + ], + } - class { 'puppetdb::database::postgresql': - listen_addresses => $database_listen_address, - database_name => $database_name, - puppetdb_server => $puppetdb_server, - database_username => $database_username, - database_password => $database_password, - database_port => $database_port, - manage_server => $manage_dbserver, - manage_database => $manage_database, - manage_package_repo => $manage_package_repo, - postgres_version => $postgres_version, - postgresql_ssl_on => $postgresql_ssl_on, - postgresql_ssl_key_path => $postgresql_ssl_key_path, - postgresql_ssl_cert_path => $postgresql_ssl_cert_path, - postgresql_ssl_ca_cert_path => $postgresql_ssl_ca_cert_path, - read_database_username => $read_database_username, - read_database_password => $read_database_password, - read_database_host => $read_database_host, - before => $database_before, - } + class { 'puppetdb::database::postgresql': + listen_addresses => $database_listen_address, + database_name => $database_name, + puppetdb_server => $puppetdb_server, + database_username => $database_username, + database_password => $database_password, + database_port => $database_port, + manage_server => $manage_dbserver, + manage_database => $manage_database, + manage_package_repo => $manage_package_repo, + postgres_version => $postgres_version, + postgresql_ssl_on => $postgresql_ssl_on, + postgresql_ssl_key_path => $postgresql_ssl_key_path, + postgresql_ssl_cert_path => $postgresql_ssl_cert_path, + postgresql_ssl_ca_cert_path => $postgresql_ssl_ca_cert_path, + read_database_username => $read_database_username, + read_database_password => $read_database_password, + read_database_host => $read_database_host, + before => $database_before, } } diff --git a/manifests/params.pp b/manifests/params.pp index 5507615e..a90011a5 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -15,7 +15,6 @@ $postgres_listen_addresses = 'localhost' $puppetdb_version = $puppetdb::globals::version - $database = $puppetdb::globals::database $manage_dbserver = true $manage_database = true @@ -37,7 +36,6 @@ default => $puppetdb_version.split('.')[0], } - # The remaining database settings are not used for an embedded database $database_host = 'localhost' $database_port = '5432' $database_name = 'puppetdb' @@ -68,7 +66,6 @@ $migrate = true # These settings are for the read database - $read_database = 'postgres' $read_database_host = undef $read_database_port = '5432' $read_database_name = 'puppetdb' @@ -97,7 +94,6 @@ $terminus_package = 'puppetdb-terminus' $etcdir = '/etc/puppetdb' $vardir = '/var/lib/puppetdb' - $database_embedded_path = "${vardir}/db/db" $puppet_confdir = pick($puppetdb::globals::puppet_confdir,'/etc/puppet') $puppet_service_name = 'puppetmaster' } @@ -106,7 +102,6 @@ $terminus_package = 'puppetdb-terminus' $etcdir = '/etc/puppetdb' $vardir = '/var/db/puppetdb' - $database_embedded_path = "${vardir}/db/db" $puppet_confdir = pick($puppetdb::globals::puppet_confdir,'/etc/puppet') $puppet_service_name = 'puppetmasterd' } @@ -115,7 +110,6 @@ $terminus_package = inline_epp('puppetdb-terminus<%= $puppetdb::params::puppetdb_major_version %>') $etcdir = '/usr/local/etc/puppetdb' $vardir = '/var/db/puppetdb' - $database_embedded_path = "${vardir}/db/db" $puppet_confdir = pick($puppetdb::globals::puppet_confdir,'/usr/local/etc/puppet') $puppet_service_name = 'puppetmaster' } @@ -155,7 +149,6 @@ } } $test_url = '/pdb/meta/v1/version' - $database_embedded_path = "${vardir}/db/db" } $confdir = "${etcdir}/conf.d" diff --git a/manifests/server.pp b/manifests/server.pp index 9e61c3df..064f4e44 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -23,7 +23,6 @@ $postgresql_ssl_on = $puppetdb::params::postgresql_ssl_on, $cipher_suites = $puppetdb::params::cipher_suites, $migrate = $puppetdb::params::migrate, - $database = $puppetdb::params::database, $database_host = $puppetdb::params::database_host, $database_port = $puppetdb::params::database_port, $database_username = $puppetdb::params::database_username, @@ -32,7 +31,6 @@ $manage_db_password = $puppetdb::params::manage_db_password, $jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties, $database_validate = $puppetdb::params::database_validate, - $database_embedded_path = $puppetdb::params::database_embedded_path, $node_ttl = $puppetdb::params::node_ttl, $node_purge_ttl = $puppetdb::params::node_purge_ttl, $report_ttl = $puppetdb::params::report_ttl, @@ -48,7 +46,6 @@ $puppetdb_service_status = $puppetdb::params::puppetdb_service_status, $puppetdb_user = $puppetdb::params::puppetdb_user, $puppetdb_group = $puppetdb::params::puppetdb_group, - $read_database = $puppetdb::params::read_database, $read_database_host = $puppetdb::params::read_database_host, $read_database_port = $puppetdb::params::read_database_port, $read_database_username = $puppetdb::params::read_database_username, @@ -122,16 +119,6 @@ default => fail("puppetdb_service_status valid values are 'true', 'running', 'false', and 'stopped'. You provided '${puppetdb_service_status}'"), } - # Validate database type (Currently only postgres and embedded are supported) - if !($database in ['postgres', 'embedded']) { - fail("database must must be 'postgres' or 'embedded'. You provided '${database}'") - } - - # Validate read-database type (Currently only postgres is supported) - if !($read_database in ['postgres']) { - fail("read_database must be 'postgres'. You provided '${read_database}'") - } - package { $puppetdb_package: ensure => $puppetdb::params::puppetdb_version, notify => Service[$puppetdb_service], @@ -163,7 +150,6 @@ } class { 'puppetdb::server::database': - database => $database, database_host => $database_host, database_port => $database_port, database_username => $database_username, @@ -177,7 +163,6 @@ database_max_pool_size => $database_max_pool_size, jdbc_ssl_properties => $jdbc_ssl_properties, database_validate => $database_validate, - database_embedded_path => $database_embedded_path, node_ttl => $node_ttl, node_purge_ttl => $node_purge_ttl, report_ttl => $report_ttl, @@ -206,7 +191,6 @@ } class { 'puppetdb::server::read_database': - read_database => $read_database, read_database_host => $real_database_host, read_database_port => $real_database_port, read_database_username => $read_database_username, diff --git a/manifests/server/database.pp b/manifests/server/database.pp index 9e5ea5ed..49e268be 100644 --- a/manifests/server/database.pp +++ b/manifests/server/database.pp @@ -2,7 +2,6 @@ # # @api private class puppetdb::server::database ( - $database = $puppetdb::params::database, $database_host = $puppetdb::params::database_host, $database_port = $puppetdb::params::database_port, $database_username = $puppetdb::params::database_username, @@ -11,7 +10,6 @@ $manage_db_password = $puppetdb::params::manage_db_password, $jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties, $database_validate = $puppetdb::params::database_validate, - $database_embedded_path = $puppetdb::params::database_embedded_path, $node_ttl = $puppetdb::params::node_ttl, $node_purge_ttl = $puppetdb::params::node_purge_ttl, $report_ttl = $puppetdb::params::report_ttl, @@ -42,7 +40,6 @@ # a duplicate declaration if read and write database host+name are the # same. class { 'puppetdb::server::validate_db': - database => $database, database_host => $database_host, database_port => $database_port, database_username => $database_username, @@ -73,49 +70,42 @@ require => $ini_setting_require, } - if $database == 'embedded' { - $classname = 'org.hsqldb.jdbcDriver' - $subprotocol = 'hsqldb' - $subname = "file:${database_embedded_path};hsqldb.tx=mvcc;sql.syntax_pgs=true" - } elsif $database == 'postgres' { - $classname = 'org.postgresql.Driver' - $subprotocol = 'postgresql' + $classname = 'org.postgresql.Driver' + $subprotocol = 'postgresql' - if !empty($jdbc_ssl_properties) { - $database_suffix = $jdbc_ssl_properties - } - else { - $database_suffix = '' - } + if !empty($jdbc_ssl_properties) { + $database_suffix = $jdbc_ssl_properties + } + else { + $database_suffix = '' + } - $subname_default = "//${database_host}:${database_port}/${database_name}${database_suffix}" + $subname_default = "//${database_host}:${database_port}/${database_name}${database_suffix}" - if $postgresql_ssl_on and !empty($jdbc_ssl_properties) { - fail("Variables 'postgresql_ssl_on' and 'jdbc_ssl_properties' can not be used at the same time!") - } + if $postgresql_ssl_on and !empty($jdbc_ssl_properties) { + fail("Variables 'postgresql_ssl_on' and 'jdbc_ssl_properties' can not be used at the same time!") + } - if $postgresql_ssl_on { - $subname = @("EOT"/L) - ${subname_default}?\ - ssl=true&sslfactory=org.postgresql.ssl.LibPQFactory&\ - sslmode=verify-full&sslrootcert=${ssl_ca_cert_path}&\ - sslkey=${ssl_key_pk8_path}&sslcert=${ssl_cert_path}\ - | EOT - } else { - $subname = $subname_default - } + if $postgresql_ssl_on { + $subname = @("EOT"/L) + ${subname_default}?\ + ssl=true&sslfactory=org.postgresql.ssl.LibPQFactory&\ + sslmode=verify-full&sslrootcert=${ssl_ca_cert_path}&\ + sslkey=${ssl_key_pk8_path}&sslcert=${ssl_cert_path}\ + | EOT + } else { + $subname = $subname_default + } - ##Only setup for postgres - ini_setting { 'puppetdb_psdatabase_username': - setting => 'username', - value => $database_username, - } + ini_setting { 'puppetdb_psdatabase_username': + setting => 'username', + value => $database_username, + } - if $database_password != undef and $manage_db_password { - ini_setting { 'puppetdb_psdatabase_password': - setting => 'password', - value => $database_password, - } + if $database_password != undef and $manage_db_password { + ini_setting { 'puppetdb_psdatabase_password': + setting => 'password', + value => $database_password, } } diff --git a/manifests/server/read_database.pp b/manifests/server/read_database.pp index d7796b03..291513c1 100644 --- a/manifests/server/read_database.pp +++ b/manifests/server/read_database.pp @@ -2,7 +2,6 @@ # # @api private class puppetdb::server::read_database ( - $read_database = $puppetdb::params::read_database, $read_database_host = $puppetdb::params::read_database_host, $read_database_port = $puppetdb::params::read_database_port, $read_database_username = $puppetdb::params::read_database_username, @@ -35,7 +34,6 @@ # a duplicate declaration if read and write database host+name are the # same. class { 'puppetdb::server::validate_read_db': - database => $read_database, database_host => $read_database_host, database_port => $read_database_port, database_username => $read_database_username, @@ -66,44 +64,42 @@ require => $ini_setting_require, } - if $read_database == 'postgres' { - $classname = 'org.postgresql.Driver' - $subprotocol = 'postgresql' + $classname = 'org.postgresql.Driver' + $subprotocol = 'postgresql' - if !empty($jdbc_ssl_properties) { - $database_suffix = $jdbc_ssl_properties - } - else { - $database_suffix = '' - } + if !empty($jdbc_ssl_properties) { + $database_suffix = $jdbc_ssl_properties + } + else { + $database_suffix = '' + } - $subname_default = "//${read_database_host}:${read_database_port}/${read_database_name}${database_suffix}" + $subname_default = "//${read_database_host}:${read_database_port}/${read_database_name}${database_suffix}" - if $postgresql_ssl_on and !empty($jdbc_ssl_properties) { - fail("Variables 'postgresql_ssl_on' and 'jdbc_ssl_properties' can not be used at the same time!") - } + if $postgresql_ssl_on and !empty($jdbc_ssl_properties) { + fail("Variables 'postgresql_ssl_on' and 'jdbc_ssl_properties' can not be used at the same time!") + } - if $postgresql_ssl_on { - $subname = @("EOT"/L) - ${subname_default}?\ - ssl=true&sslfactory=org.postgresql.ssl.LibPQFactory&\ - sslmode=verify-full&sslrootcert=${ssl_ca_cert_path}&\ - sslkey=${ssl_key_pk8_path}&sslcert=${ssl_cert_path}\ - | EOT - } else { - $subname = $subname_default - } + if $postgresql_ssl_on { + $subname = @("EOT"/L) + ${subname_default}?\ + ssl=true&sslfactory=org.postgresql.ssl.LibPQFactory&\ + sslmode=verify-full&sslrootcert=${ssl_ca_cert_path}&\ + sslkey=${ssl_key_pk8_path}&sslcert=${ssl_cert_path}\ + | EOT + } else { + $subname = $subname_default + } - ini_setting { 'puppetdb_read_database_username': - setting => 'username', - value => $read_database_username, - } + ini_setting { 'puppetdb_read_database_username': + setting => 'username', + value => $read_database_username, + } - if $read_database_password != undef and $manage_db_password { - ini_setting { 'puppetdb_read_database_password': - setting => 'password', - value => $read_database_password, - } + if $read_database_password != undef and $manage_db_password { + ini_setting { 'puppetdb_read_database_password': + setting => 'password', + value => $read_database_password, } } diff --git a/manifests/server/validate_db.pp b/manifests/server/validate_db.pp index 8a9d1ba3..6e101b8f 100644 --- a/manifests/server/validate_db.pp +++ b/manifests/server/validate_db.pp @@ -2,7 +2,6 @@ # # @api private class puppetdb::server::validate_db ( - $database = $puppetdb::params::database, $database_host = $puppetdb::params::database_host, $database_port = $puppetdb::params::database_port, $database_username = $puppetdb::params::database_username, @@ -10,11 +9,7 @@ $database_name = $puppetdb::params::database_name, $jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties, ) inherits puppetdb::params { - # We don't need any validation for the embedded database, presumably. - if ( - $database == 'postgres' and - ($database_password != undef and $jdbc_ssl_properties == false) - ) { + if ($database_password != undef and $jdbc_ssl_properties == false) { postgresql::validate_db_connection { 'validate puppetdb postgres connection': database_host => $database_host, database_port => $database_port, diff --git a/manifests/server/validate_read_db.pp b/manifests/server/validate_read_db.pp index 22813178..d3a7dcae 100644 --- a/manifests/server/validate_read_db.pp +++ b/manifests/server/validate_read_db.pp @@ -2,7 +2,6 @@ # # @api private class puppetdb::server::validate_read_db ( - $database = $puppetdb::params::database, $database_host = $puppetdb::params::database_host, $database_port = $puppetdb::params::database_port, $database_username = $puppetdb::params::database_username, @@ -10,11 +9,7 @@ $database_name = $puppetdb::params::database_name, $jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties, ) inherits puppetdb::params { - # Currently we only support postgres - if ( - $database == 'postgres' and - ($database_password != undef and $jdbc_ssl_properties == false) - ) { + if ($database_password != undef and $jdbc_ssl_properties == false) { postgresql::validate_db_connection { 'validate puppetdb postgres (read) connection': database_host => $database_host, database_port => $database_port, diff --git a/spec/support/unit/shared/inherits.rb b/spec/support/unit/shared/inherits.rb index 4a5561de..6057d00d 100644 --- a/spec/support/unit/shared/inherits.rb +++ b/spec/support/unit/shared/inherits.rb @@ -10,7 +10,6 @@ let(:defaults) do { version: 'present', - database: 'postgres', puppet_confdir: Puppet[:confdir], } end diff --git a/spec/unit/classes/server/database_ini_spec.rb b/spec/unit/classes/server/database_ini_spec.rb index 6eb41c49..d63ee5a4 100644 --- a/spec/unit/classes/server/database_ini_spec.rb +++ b/spec/unit/classes/server/database_ini_spec.rb @@ -220,26 +220,6 @@ } end - describe 'when overriding database_path for embedded' do - let(:params) do - { - 'database' => 'embedded', - 'database_embedded_path' => '/tmp/foo', - } - end - - it { - is_expected.to contain_ini_setting('puppetdb_subname') - .with( - 'ensure' => 'present', - 'path' => '/etc/puppetlabs/puppetdb/conf.d/database.ini', - 'section' => 'database', - 'setting' => 'subname', - 'value' => 'file:/tmp/foo;hsqldb.tx=mvcc;sql.syntax_pgs=true', - ) - } - end - describe 'when setting max pool size' do context 'on current PuppetDB' do describe 'to a numeric value' do diff --git a/spec/unit/classes/server/validate_db_spec.rb b/spec/unit/classes/server/validate_db_spec.rb index 6ffd57c5..8fbddddb 100644 --- a/spec/unit/classes/server/validate_db_spec.rb +++ b/spec/unit/classes/server/validate_db_spec.rb @@ -14,7 +14,6 @@ it { is_expected.to contain_class('puppetdb::server::validate_db') .with( - database: 'postgres', database_host: 'localhost', database_port: '5432', database_username: 'puppetdb', @@ -43,12 +42,6 @@ } end - context 'with unsupported database' do - let(:params) { { database: 'nosql' } } - - it { is_expected.not_to contain_postgresql__validate_db_connection('validate puppetdb postgres connection') } - end - context 'without database password' do let(:params) { { database_password: nil } } diff --git a/spec/unit/classes/server/validate_read_db_spec.rb b/spec/unit/classes/server/validate_read_db_spec.rb index 96aa2ffa..5bcb4430 100644 --- a/spec/unit/classes/server/validate_read_db_spec.rb +++ b/spec/unit/classes/server/validate_read_db_spec.rb @@ -14,7 +14,6 @@ it { is_expected.to contain_class('puppetdb::server::validate_read_db') .with( - database: 'postgres', database_host: 'localhost', database_port: '5432', database_username: 'puppetdb', @@ -43,12 +42,6 @@ } end - context 'with unsupported database' do - let(:params) { { database: 'nosql' } } - - it { is_expected.not_to contain_postgresql__validate_db_connection('validate puppetdb postgres (read) connection') } - end - context 'without database password' do let(:params) { { database_password: nil } } From f863b104c6fbabc502fb3c7103c5d8e281c18696 Mon Sep 17 00:00:00 2001 From: Jeffrey Clark Date: Sat, 3 Feb 2024 19:00:12 -0600 Subject: [PATCH 41/97] enable parameter documentation linter --- .puppet-lint.rc | 1 - .sync.yml | 1 - Rakefile | 1 - 3 files changed, 3 deletions(-) diff --git a/.puppet-lint.rc b/.puppet-lint.rc index d779fd47..59a96b05 100644 --- a/.puppet-lint.rc +++ b/.puppet-lint.rc @@ -1,4 +1,3 @@ --relative --no-parameter_types-check ---no-parameter_documentation-check --no-140chars-check diff --git a/.sync.yml b/.sync.yml index 2698b3ce..5fff93cf 100644 --- a/.sync.yml +++ b/.sync.yml @@ -16,7 +16,6 @@ Rakefile: default_disabled_lint_checks: - parameter_types - - parameter_documentation - 140chars spec/default_facts.yml: unmanaged: true diff --git a/Rakefile b/Rakefile index 1bb57eae..aff81190 100644 --- a/Rakefile +++ b/Rakefile @@ -42,7 +42,6 @@ end PuppetLint.configuration.send('disable_relative') PuppetLint.configuration.send('disable_parameter_types') -PuppetLint.configuration.send('disable_parameter_documentation') PuppetLint.configuration.send('disable_140chars') From 3542ca446d19b5696752c912d126401ebea4ee07 Mon Sep 17 00:00:00 2001 From: Jeffrey Clark Date: Sat, 3 Feb 2024 19:03:33 -0600 Subject: [PATCH 42/97] move class puppetdb parameter reference to pp --- README.md | 378 ---------------------------- REFERENCE.md | 611 +++++++++++++++++++++++++++------------------- manifests/init.pp | 309 +++++++++++++++++++++++ 3 files changed, 667 insertions(+), 631 deletions(-) diff --git a/README.md b/README.md index 158e9350..1467c3bc 100644 --- a/README.md +++ b/README.md @@ -360,384 +360,6 @@ You must declare the class to use it: class { 'puppetdb': } -**Parameters within `puppetdb`:** - -#### `listen_address` - -The address that the web server should bind to for HTTP requests. Defaults to -`localhost`. Set to `0.0.0.0` to listen on all addresses. - -#### `listen_port` - -The port on which the puppetdb web server should accept HTTP requests. Defaults -to `8080`. - -#### `disable_cleartext` - -If true, the puppetdb web server will only serve HTTPS and not HTTP requests (defaults to false). - -#### `open_listen_port` - -If `true`, open the `http_listen_port` on the firewall. Defaults to `false`. - -#### `ssl_listen_address` - -The address that the web server should bind to for HTTPS requests. Defaults to -`0.0.0.0` to listen on all addresses. - -#### `ssl_listen_port` - -The port on which the puppetdb web server should accept HTTPS requests. Defaults -to `8081`. - -#### `disable_ssl` - -If `true`, the puppetdb web server will only serve HTTP and not HTTPS requests. -Defaults to `false`. - -#### `open_ssl_listen_port` - -If true, open the `ssl_listen_port` on the firewall. Defaults to `undef`. - -#### `ssl_protocols` - -Specify the supported SSL protocols for PuppetDB (e.g. TLSv1, TLSv1.1, TLSv1.2.) - -### `postgresql_ssl_on` - -If `true`, it configures SSL connections between PuppetDB and the PostgreSQL database. -Defaults to `false`. - -#### `cipher_suites` - -Configure jetty's supported `cipher-suites` (e.g. `SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384`). -Defaults to `undef`. - -#### `migrate` - -If `true`, puppetdb will automatically migrate to the latest database format at startup. If `false`, if the database format supplied by this version of PuppetDB doesn't match the version expected (whether newer or older), PuppetDB will exit with an error status. Defaults to `true`. - -### `manage_dbserver` - -If true, the PostgreSQL server will be managed by this module. Defaults to `true`. - -### `manage_database` - -If true, the PostgreSQL database will be managed by this module. Defaults to `true`. - -#### `database_host` - -Hostname to use for the database connection. For single case installations this -should be left as the default. Defaults to `localhost`. - -#### `database_port` - -The port that the database server listens on. Defaults to `5432`. - -#### `database_username` - -The name of the database user to connect as. Defaults to `puppetdb`. - -#### `database_password` - -The password for the database user. Defaults to `puppetdb`. - -#### `manage_db_password` - -Whether or not the database password in database.ini will be managed by this module. -Set this to `false` if you want to set the password some other way. -Defaults to `true` - -#### `database_name` - -The name of the database instance to connect to. Defaults to `puppetdb`. - -#### `jdbc_ssl_properties` - -The text to append to the JDBC connection URI. This should begin with a '?' -character. For example, to use SSL for the PostgreSQL connection, set this -parameter's value to `?ssl=true`. - -#### `database_validate` - -If true, the module will attempt to connect to the database using the specified -settings and fail if it is not able to do so. Defaults to `true`. - -#### `node_ttl` - -The length of time a node can go without receiving any new data before it's -automatically deactivated. (defaults to '7d', which is a 7-day period. Set to -'0d' to disable auto-deactivation). This option is supported in PuppetDB >= -1.1.0. - -#### `node_purge_ttl` - -The length of time a node can be deactivated before it's deleted from the -database. (defaults to '14d', which is a 14-day period. Set to '0d' to disable -purging). This option is supported in PuppetDB >= 1.2.0. - -#### `report_ttl` - -The length of time reports should be stored before being deleted. (defaults to -`14d`, which is a 14-day period). This option is supported in PuppetDB >= 1.1.0. - -#### `gc_interval` - -This controls how often (in minutes) to compact the database. The compaction -process reclaims space and deletes unnecessary rows. If not supplied, the -default is every 60 minutes. This option is supported in PuppetDB >= 0.9. - -#### `log_slow_statements` - -This sets the number of seconds before an SQL query is considered "slow." Slow -SQL queries are logged as warnings, to assist in debugging and tuning. Note -PuppetDB does not interrupt slow queries; it simply reports them after they -complete. - -The default value is `10` seconds. A value of 0 will disable logging of slow -queries. This option is supported in PuppetDB >= 1.1. - -#### `conn_max_age` - -The maximum time (in minutes) for a pooled connection to remain unused before -it is closed off. - -If not supplied, we default to `60` minutes. This option is supported in PuppetDB >= 1.1. - -#### `conn_keep_alive` - -This sets the time (in minutes) for a connection to remain idle before sending -a test query to the DB. This is useful to prevent a DB from timing out -connections on its end. - -If not supplied, we default to 45 minutes. This option is supported in PuppetDB >= 1.1. - -#### `conn_lifetime` - -The maximum time (in minutes) a pooled connection should remain open. Any -connections older than this setting will be closed off. Connections currently in -use will not be affected until they are returned to the pool. - -If not supplied, we won't terminate connections based on their age alone. This -option is supported in PuppetDB >= 1.4. - -#### `puppetdb_package` - -The PuppetDB package name in the package manager. Defaults to `present`. - -#### `puppetdb_service` - -The name of the PuppetDB service. Defaults to `puppetdb`. - -#### `puppetdb_service_status` - -Sets whether the service should be `running ` or `stopped`. When set to `stopped` the -service doesn't start on boot either. Valid values are `true`, `running`, -`false`, and `stopped`. - -#### `confdir` - -The PuppetDB configuration directory. Defaults to `/etc/puppetdb/conf.d`. - -#### `vardir` - -The parent directory for the MQ's data directory. - -#### `java_args` - -Java VM options used for overriding default Java VM options specified in -PuppetDB package. Defaults to `{}`. See -[PuppetDB Configuration](https://puppet.com/docs/puppetdb/latest/configure.html) -to get more details about the current defaults. - -For example, to set `-Xmx512m -Xms256m` options use: - - { - '-Xmx' => '512m', - '-Xms' => '256m', - } - -#### `merge_default_java_args` - -Sets whether the provided java args should be merged with the defaults, or -should override the defaults. This setting is necessary if any of the defaults -are to be removed. Defaults to true. If `false`, the `java_args` in the PuppetDB -init config file will reflect only what is passed via the `java_args` param. - -#### `max_threads` - -Jetty option to explicitly set `max-threads`. Defaults to `undef`, so the -PuppetDB-Jetty default is used. - -#### `read_database_host` -*This parameter must be set to use another PuppetDB instance for queries.* - -The hostname or IP address of the read database server. If set to `undef`, and -`manage_database` is set to `true`, it will use the value of the `database_host` -parameter. This option is supported in PuppetDB >= 1.6. - -#### `read_database_port` - -The port that the read database server listens on. If `read_database_host` -is set to `undef`, and `manage_database` is set to `true`, it will use the value of -the `database_port` parameter. This option is supported in PuppetDB >= 1.6. - -#### `read_database_username` - -The name of the read database user to connect as. Defaults to `puppetdb-read`. This -option is supported in PuppetDB >= 1.6. - -#### `read_database_password` - -The password for the read database user. Defaults to `puppetdb-read`. This option is -supported in PuppetDB >= 1.6. - -#### `manage_read_db_password` - -Whether or not the database password in read-database.ini will be managed by this module. -Set this to `false` if you want to set the password some other way. -Defaults to `true` - -#### `read_database_name` - -The name of the read database instance to connect to. If `read_database_host` -is set to `undef`, and `manage_database` is set to `true`, it will use the value of -the `database_name` parameter. This option is supported in PuppetDB >= 1.6. - -#### `read_log_slow_statements` - -This sets the number of seconds before an SQL query to the read database is -considered "slow." Slow SQL queries are logged as warnings, to assist in -debugging and tuning. Note PuppetDB does not interrupt slow queries; it simply -reports them after they complete. - -The default value is 10 seconds. A value of 0 will disable logging of slow -queries. This option is supported in PuppetDB >= 1.6. - -#### `read_conn_max_age` - -The maximum time (in minutes) for a pooled read database connection to remain -unused before it is closed off. - -If not supplied, we default to 60 minutes. This option is supported in PuppetDB >= 1.6. - -#### `read_conn_keep_alive` - -This sets the time (in minutes) for a read database connection to remain idle -before sending a test query to the DB. This is useful to prevent a DB from -timing out connections on its end. - -If not supplied, we default to 45 minutes. This option is supported in PuppetDB >= 1.6. - -#### `read_conn_lifetime` - -The maximum time (in minutes) a pooled read database connection should remain -open. Any connections older than this setting will be closed off. Connections -currently in use will not be affected until they are returned to the pool. - -If not supplied, we won't terminate connections based on their age alone. This -option is supported in PuppetDB >= 1.6. - -#### `ssl_dir` - -Base directory for PuppetDB SSL configuration. Defaults to `/etc/puppetdb/ssl` -or `/etc/puppetlabs/puppetdb/ssl` for FOSS and PE respectively. - -#### `ssl_set_cert_paths` - -A switch to enable or disable the management of SSL certificates in your -`jetty.ini` configuration file. - -#### `ssl_cert_path` - -Path to your SSL certificate for populating `jetty.ini`. - -#### `ssl_key_path` - -Path to your SSL key for populating `jetty.ini`. - -#### `ssl_ca_cert_path` - -Path to your SSL CA for populating `jetty.ini`. - -#### `ssl_deploy_certs` - -A boolean switch to enable or disable the management of SSL keys in your -`ssl_dir`. Default is `false`. - -#### `ssl_key` - -Contents of your SSL key, as a string. - -#### `ssl_cert` - -Contents of your SSL certificate, as a string. - -#### `ssl_ca_cert` - -Contents of your SSL CA certificate, as a string. - -#### `manage_firewall` - -If `true`, puppet will manage your iptables rules for PuppetDB via the -[puppetlabs-firewall](https://forge.puppetlabs.com/puppetlabs/firewall) class. - -#### `command_threads` - -The number of command processing threads to use. Defaults to `undef`, using the -PuppetDB built-in default. - -#### `concurrent_writes` - -The number of threads allowed to write to disk at any one time. Defaults to -`undef`, which uses the PuppetDB built-in default. - -#### `store_usage` - -The amount of disk space (in MB) to allow for persistent message storage. -Defaults to `undef`, using the PuppetDB built-in default. - -#### `temp_usage` - -The amount of disk space (in MB) to allow for temporary message storage. -Defaults to `undef`, using the PuppetDB built-in default. - -#### `disable_update_checking` - -Setting this to true disables checking for updated versions of PuppetDB and sending basic analytics data to Puppet. -Defaults to `undef`, using the PuppetDB built-in default. - -#### `certificate_whitelist_file` - -The name of the certificate whitelist file to set up and configure in PuppetDB. Defaults to `/etc/puppetdb/certificate-whitelist` or `/etc/puppetlabs/puppetdb/certificate-whitelist` for FOSS and PE respectively. - -#### `certificate_whitelist` - -Array of the X.509 certificate Common Names of clients allowed to connect to PuppetDB. Defaults to empty. Be aware that this permits full access to all Puppet clients to download anything contained in PuppetDB, including the full catalogs of all nodes, which possibly contain sensitive information. Set to `[ $::servername ]` to allow access only from your (single) Puppet master, which is enough for normal operation. Set to a list of Puppet masters if you have multiple. - -#### `automatic_dlo_cleanup` - -PuppetDB creates [Dead Letter Office](https://puppet.com/docs/puppetdb/5.2/maintain_and_tune.html#clean-up-the-dead-letter-office). -Those are reports of failed requests. They spill up the disk. This parameter is -a boolean and defaults to false. You can enable automatic cleanup of DLO -reports by setting this to true. - -#### `cleanup_timer_interval` - -The DLO cleanup is a systemd timer if systemd is available, otherwise a -cronjob. The variable configures the systemd.timer option [onCalender](https://www.freedesktop.org/software/systemd/man/systemd.timer.html#OnCalendar=). -It defaults to `*-*-* ${fqdn_rand(24)}:${fqdn_rand(60)}:00`. This will start -the cleanup service on a daily basis. The exact minute and hour is random -per node based on the [fqdn_rand](https://puppet.com/docs/puppet/5.5/function.html#fqdnrand) -method. On non-systemd systems, the cron runs daily and the `$puppetdb_user` needs -to be able to run cron jobs. On systemd systems you need the [camptocamp/systemd](https://forge.puppet.com/camptocamp/systemd) -module, which is an optional dependency and not automatically installed! - -#### `dlo_max_age` - -This is a positive integer. It describes the amount of days you want to keep -the DLO reports. The default value is 90 days. - ### puppetdb::server The `puppetdb::server` class manages the PuppetDB server independently of the diff --git a/REFERENCE.md b/REFERENCE.md index e02dbb6e..e10a11c1 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -72,43 +72,24 @@ The following parameters are available in the `puppetdb` class: * [`ssl_listen_port`](#-puppetdb--ssl_listen_port) * [`disable_ssl`](#-puppetdb--disable_ssl) * [`open_ssl_listen_port`](#-puppetdb--open_ssl_listen_port) -* [`ssl_dir`](#-puppetdb--ssl_dir) -* [`ssl_set_cert_paths`](#-puppetdb--ssl_set_cert_paths) -* [`ssl_cert_path`](#-puppetdb--ssl_cert_path) -* [`ssl_key_path`](#-puppetdb--ssl_key_path) -* [`ssl_key_pk8_path`](#-puppetdb--ssl_key_pk8_path) -* [`ssl_ca_cert_path`](#-puppetdb--ssl_ca_cert_path) -* [`ssl_deploy_certs`](#-puppetdb--ssl_deploy_certs) -* [`ssl_key`](#-puppetdb--ssl_key) -* [`ssl_cert`](#-puppetdb--ssl_cert) -* [`ssl_ca_cert`](#-puppetdb--ssl_ca_cert) * [`ssl_protocols`](#-puppetdb--ssl_protocols) * [`postgresql_ssl_on`](#-puppetdb--postgresql_ssl_on) -* [`postgresql_ssl_folder`](#-puppetdb--postgresql_ssl_folder) -* [`postgresql_ssl_cert_path`](#-puppetdb--postgresql_ssl_cert_path) -* [`postgresql_ssl_key_path`](#-puppetdb--postgresql_ssl_key_path) -* [`postgresql_ssl_ca_cert_path`](#-puppetdb--postgresql_ssl_ca_cert_path) * [`cipher_suites`](#-puppetdb--cipher_suites) * [`migrate`](#-puppetdb--migrate) * [`manage_dbserver`](#-puppetdb--manage_dbserver) * [`manage_database`](#-puppetdb--manage_database) -* [`manage_package_repo`](#-puppetdb--manage_package_repo) -* [`postgres_version`](#-puppetdb--postgres_version) * [`database_host`](#-puppetdb--database_host) * [`database_port`](#-puppetdb--database_port) * [`database_username`](#-puppetdb--database_username) * [`database_password`](#-puppetdb--database_password) -* [`database_name`](#-puppetdb--database_name) * [`manage_db_password`](#-puppetdb--manage_db_password) +* [`database_name`](#-puppetdb--database_name) * [`jdbc_ssl_properties`](#-puppetdb--jdbc_ssl_properties) -* [`database_listen_address`](#-puppetdb--database_listen_address) * [`database_validate`](#-puppetdb--database_validate) * [`node_ttl`](#-puppetdb--node_ttl) * [`node_purge_ttl`](#-puppetdb--node_purge_ttl) * [`report_ttl`](#-puppetdb--report_ttl) -* [`facts_blacklist`](#-puppetdb--facts_blacklist) * [`gc_interval`](#-puppetdb--gc_interval) -* [`node_purge_gc_batch_limit`](#-puppetdb--node_purge_gc_batch_limit) * [`log_slow_statements`](#-puppetdb--log_slow_statements) * [`conn_max_age`](#-puppetdb--conn_max_age) * [`conn_keep_alive`](#-puppetdb--conn_keep_alive) @@ -116,27 +97,31 @@ The following parameters are available in the `puppetdb` class: * [`puppetdb_package`](#-puppetdb--puppetdb_package) * [`puppetdb_service`](#-puppetdb--puppetdb_service) * [`puppetdb_service_status`](#-puppetdb--puppetdb_service_status) -* [`puppetdb_user`](#-puppetdb--puppetdb_user) -* [`puppetdb_group`](#-puppetdb--puppetdb_group) -* [`puppetdb_server`](#-puppetdb--puppetdb_server) +* [`confdir`](#-puppetdb--confdir) +* [`vardir`](#-puppetdb--vardir) +* [`java_args`](#-puppetdb--java_args) +* [`merge_default_java_args`](#-puppetdb--merge_default_java_args) +* [`max_threads`](#-puppetdb--max_threads) * [`read_database_host`](#-puppetdb--read_database_host) * [`read_database_port`](#-puppetdb--read_database_port) * [`read_database_username`](#-puppetdb--read_database_username) * [`read_database_password`](#-puppetdb--read_database_password) -* [`read_database_name`](#-puppetdb--read_database_name) * [`manage_read_db_password`](#-puppetdb--manage_read_db_password) -* [`read_database_jdbc_ssl_properties`](#-puppetdb--read_database_jdbc_ssl_properties) -* [`read_database_validate`](#-puppetdb--read_database_validate) +* [`read_database_name`](#-puppetdb--read_database_name) * [`read_log_slow_statements`](#-puppetdb--read_log_slow_statements) * [`read_conn_max_age`](#-puppetdb--read_conn_max_age) * [`read_conn_keep_alive`](#-puppetdb--read_conn_keep_alive) * [`read_conn_lifetime`](#-puppetdb--read_conn_lifetime) -* [`confdir`](#-puppetdb--confdir) -* [`vardir`](#-puppetdb--vardir) +* [`ssl_dir`](#-puppetdb--ssl_dir) +* [`ssl_set_cert_paths`](#-puppetdb--ssl_set_cert_paths) +* [`ssl_cert_path`](#-puppetdb--ssl_cert_path) +* [`ssl_key_path`](#-puppetdb--ssl_key_path) +* [`ssl_ca_cert_path`](#-puppetdb--ssl_ca_cert_path) +* [`ssl_deploy_certs`](#-puppetdb--ssl_deploy_certs) +* [`ssl_key`](#-puppetdb--ssl_key) +* [`ssl_cert`](#-puppetdb--ssl_cert) +* [`ssl_ca_cert`](#-puppetdb--ssl_ca_cert) * [`manage_firewall`](#-puppetdb--manage_firewall) -* [`java_args`](#-puppetdb--java_args) -* [`merge_default_java_args`](#-puppetdb--merge_default_java_args) -* [`max_threads`](#-puppetdb--max_threads) * [`command_threads`](#-puppetdb--command_threads) * [`concurrent_writes`](#-puppetdb--concurrent_writes) * [`store_usage`](#-puppetdb--store_usage) @@ -144,18 +129,34 @@ The following parameters are available in the `puppetdb` class: * [`disable_update_checking`](#-puppetdb--disable_update_checking) * [`certificate_whitelist_file`](#-puppetdb--certificate_whitelist_file) * [`certificate_whitelist`](#-puppetdb--certificate_whitelist) -* [`database_max_pool_size`](#-puppetdb--database_max_pool_size) -* [`read_database_max_pool_size`](#-puppetdb--read_database_max_pool_size) * [`automatic_dlo_cleanup`](#-puppetdb--automatic_dlo_cleanup) * [`cleanup_timer_interval`](#-puppetdb--cleanup_timer_interval) * [`dlo_max_age`](#-puppetdb--dlo_max_age) +* [`ssl_key_pk8_path`](#-puppetdb--ssl_key_pk8_path) +* [`postgresql_ssl_folder`](#-puppetdb--postgresql_ssl_folder) +* [`postgresql_ssl_cert_path`](#-puppetdb--postgresql_ssl_cert_path) +* [`postgresql_ssl_key_path`](#-puppetdb--postgresql_ssl_key_path) +* [`postgresql_ssl_ca_cert_path`](#-puppetdb--postgresql_ssl_ca_cert_path) +* [`manage_package_repo`](#-puppetdb--manage_package_repo) +* [`postgres_version`](#-puppetdb--postgres_version) +* [`database_listen_address`](#-puppetdb--database_listen_address) +* [`facts_blacklist`](#-puppetdb--facts_blacklist) +* [`node_purge_gc_batch_limit`](#-puppetdb--node_purge_gc_batch_limit) +* [`puppetdb_user`](#-puppetdb--puppetdb_user) +* [`puppetdb_group`](#-puppetdb--puppetdb_group) +* [`puppetdb_server`](#-puppetdb--puppetdb_server) +* [`read_database_jdbc_ssl_properties`](#-puppetdb--read_database_jdbc_ssl_properties) +* [`read_database_validate`](#-puppetdb--read_database_validate) +* [`database_max_pool_size`](#-puppetdb--database_max_pool_size) +* [`read_database_max_pool_size`](#-puppetdb--read_database_max_pool_size) * [`java_bin`](#-puppetdb--java_bin) ##### `listen_address` Data type: `Any` - +The address that the web server should bind to for HTTP requests. Defaults to +`localhost`. Set to `0.0.0.0` to listen on all addresses. Default value: `$puppetdb::params::listen_address` @@ -163,7 +164,8 @@ Default value: `$puppetdb::params::listen_address` Data type: `Any` - +The port on which the puppetdb web server should accept HTTP requests. Defaults +to `8080`. Default value: `$puppetdb::params::listen_port` @@ -171,7 +173,7 @@ Default value: `$puppetdb::params::listen_port` Data type: `Any` - +If `true`, the puppetdb web server will only serve HTTPS and not HTTP requests (defaults to false). Default value: `$puppetdb::params::disable_cleartext` @@ -179,7 +181,7 @@ Default value: `$puppetdb::params::disable_cleartext` Data type: `Any` - +If `true`, open the `http_listen_port` on the firewall. Defaults to `false`. Default value: `$puppetdb::params::open_listen_port` @@ -187,7 +189,8 @@ Default value: `$puppetdb::params::open_listen_port` Data type: `Any` - +The address that the web server should bind to for HTTPS requests. Defaults to +`0.0.0.0` to listen on all addresses. Default value: `$puppetdb::params::ssl_listen_address` @@ -195,7 +198,8 @@ Default value: `$puppetdb::params::ssl_listen_address` Data type: `Any` - +The port on which the puppetdb web server should accept HTTPS requests. Defaults +to `8081`. Default value: `$puppetdb::params::ssl_listen_port` @@ -203,7 +207,8 @@ Default value: `$puppetdb::params::ssl_listen_port` Data type: `Any` - +If `true`, the puppetdb web server will only serve HTTP and not HTTPS requests. +Defaults to `false`. Default value: `$puppetdb::params::disable_ssl` @@ -211,625 +216,725 @@ Default value: `$puppetdb::params::disable_ssl` Data type: `Any` - +If true, open the `ssl_listen_port` on the firewall. Defaults to `undef`. Default value: `$puppetdb::params::open_ssl_listen_port` -##### `ssl_dir` +##### `ssl_protocols` Data type: `Any` +Specify the supported SSL protocols for PuppetDB (e.g. TLSv1, TLSv1.1, TLSv1.2.) +Default value: `$puppetdb::params::ssl_protocols` -Default value: `$puppetdb::params::ssl_dir` - -##### `ssl_set_cert_paths` +##### `postgresql_ssl_on` Data type: `Any` +If `true`, it configures SSL connections between PuppetDB and the PostgreSQL database. +Defaults to `false`. +Default value: `$puppetdb::params::postgresql_ssl_on` -Default value: `$puppetdb::params::ssl_set_cert_paths` - -##### `ssl_cert_path` +##### `cipher_suites` Data type: `Any` +Configure jetty's supported `cipher-suites` (e.g. `SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384`). +Defaults to `undef`. +Default value: `$puppetdb::params::cipher_suites` -Default value: `$puppetdb::params::ssl_cert_path` - -##### `ssl_key_path` +##### `migrate` Data type: `Any` +If `true`, puppetdb will automatically migrate to the latest database format at startup. If `false`, if the database format supplied by this version of PuppetDB doesn't match the version expected (whether newer or older), PuppetDB will exit with an error status. Defaults to `true`. +Default value: `$puppetdb::params::migrate` -Default value: `$puppetdb::params::ssl_key_path` - -##### `ssl_key_pk8_path` +##### `manage_dbserver` Data type: `Any` +If true, the PostgreSQL server will be managed by this module. Defaults to `true`. +Default value: `$puppetdb::params::manage_dbserver` -Default value: `$puppetdb::params::ssl_key_pk8_path` - -##### `ssl_ca_cert_path` +##### `manage_database` Data type: `Any` +If true, the PostgreSQL database will be managed by this module. Defaults to `true`. +Default value: `$puppetdb::params::manage_database` -Default value: `$puppetdb::params::ssl_ca_cert_path` - -##### `ssl_deploy_certs` +##### `database_host` Data type: `Any` +Hostname to use for the database connection. For single case installations this +should be left as the default. Defaults to `localhost`. +Default value: `$puppetdb::params::database_host` -Default value: `$puppetdb::params::ssl_deploy_certs` - -##### `ssl_key` +##### `database_port` Data type: `Any` +The port that the database server listens on. Defaults to `5432`. +Default value: `$puppetdb::params::database_port` -Default value: `$puppetdb::params::ssl_key` - -##### `ssl_cert` +##### `database_username` Data type: `Any` +The name of the database user to connect as. Defaults to `puppetdb`. +Default value: `$puppetdb::params::database_username` -Default value: `$puppetdb::params::ssl_cert` - -##### `ssl_ca_cert` +##### `database_password` Data type: `Any` +The password for the database user. Defaults to `puppetdb`. +Default value: `$puppetdb::params::database_password` -Default value: `$puppetdb::params::ssl_ca_cert` - -##### `ssl_protocols` +##### `manage_db_password` Data type: `Any` +Whether or not the database password in database.ini will be managed by this module. +Set this to `false` if you want to set the password some other way. +Defaults to `true` +Default value: `$puppetdb::params::manage_db_password` -Default value: `$puppetdb::params::ssl_protocols` - -##### `postgresql_ssl_on` +##### `database_name` Data type: `Any` +The name of the database instance to connect to. Defaults to `puppetdb`. +Default value: `$puppetdb::params::database_name` -Default value: `$puppetdb::params::postgresql_ssl_on` - -##### `postgresql_ssl_folder` +##### `jdbc_ssl_properties` Data type: `Any` +The text to append to the JDBC connection URI. This should begin with a '?' +character. For example, to use SSL for the PostgreSQL connection, set this +parameter's value to `?ssl=true`. +Default value: `$puppetdb::params::jdbc_ssl_properties` -Default value: `$puppetdb::params::postgresql_ssl_folder` - -##### `postgresql_ssl_cert_path` +##### `database_validate` Data type: `Any` +If true, the module will attempt to connect to the database using the specified +settings and fail if it is not able to do so. Defaults to `true`. +Default value: `$puppetdb::params::database_validate` -Default value: `$puppetdb::params::postgresql_ssl_cert_path` - -##### `postgresql_ssl_key_path` +##### `node_ttl` Data type: `Any` +The length of time a node can go without receiving any new data before it's +automatically deactivated. (defaults to '7d', which is a 7-day period. Set to +'0d' to disable auto-deactivation). This option is supported in PuppetDB >= +1.1.0. +Default value: `$puppetdb::params::node_ttl` -Default value: `$puppetdb::params::postgresql_ssl_key_path` - -##### `postgresql_ssl_ca_cert_path` +##### `node_purge_ttl` Data type: `Any` +The length of time a node can be deactivated before it's deleted from the +database. (defaults to '14d', which is a 14-day period. Set to '0d' to disable +purging). This option is supported in PuppetDB >= 1.2.0. +Default value: `$puppetdb::params::node_purge_ttl` -Default value: `$puppetdb::params::postgresql_ssl_ca_cert_path` - -##### `cipher_suites` +##### `report_ttl` Data type: `Any` +The length of time reports should be stored before being deleted. (defaults to +`14d`, which is a 14-day period). This option is supported in PuppetDB >= 1.1.0. +Default value: `$puppetdb::params::report_ttl` -Default value: `$puppetdb::params::cipher_suites` - -##### `migrate` +##### `gc_interval` Data type: `Any` +This controls how often (in minutes) to compact the database. The compaction +process reclaims space and deletes unnecessary rows. If not supplied, the +default is every 60 minutes. This option is supported in PuppetDB >= 0.9. +Default value: `$puppetdb::params::gc_interval` -Default value: `$puppetdb::params::migrate` - -##### `manage_dbserver` +##### `log_slow_statements` Data type: `Any` +This sets the number of seconds before an SQL query is considered "slow." Slow +SQL queries are logged as warnings, to assist in debugging and tuning. Note +PuppetDB does not interrupt slow queries; it simply reports them after they +complete. +The default value is `10` seconds. A value of 0 will disable logging of slow +queries. This option is supported in PuppetDB >= 1.1. -Default value: `$puppetdb::params::manage_dbserver` +Default value: `$puppetdb::params::log_slow_statements` -##### `manage_database` +##### `conn_max_age` Data type: `Any` +The maximum time (in minutes) for a pooled connection to remain unused before +it is closed off. +If not supplied, we default to `60` minutes. This option is supported in PuppetDB >= 1.1. -Default value: `$puppetdb::params::manage_database` +Default value: `$puppetdb::params::conn_max_age` -##### `manage_package_repo` +##### `conn_keep_alive` Data type: `Any` +This sets the time (in minutes) for a connection to remain idle before sending +a test query to the DB. This is useful to prevent a DB from timing out +connections on its end. +If not supplied, we default to 45 minutes. This option is supported in PuppetDB >= 1.1. -Default value: `$puppetdb::params::manage_pg_repo` +Default value: `$puppetdb::params::conn_keep_alive` -##### `postgres_version` +##### `conn_lifetime` Data type: `Any` +The maximum time (in minutes) a pooled connection should remain open. Any +connections older than this setting will be closed off. Connections currently in +use will not be affected until they are returned to the pool. +If not supplied, we won't terminate connections based on their age alone. This +option is supported in PuppetDB >= 1.4. -Default value: `$puppetdb::params::postgres_version` +Default value: `$puppetdb::params::conn_lifetime` -##### `database_host` +##### `puppetdb_package` Data type: `Any` +The PuppetDB package name in the package manager. Defaults to `present`. +Default value: `$puppetdb::params::puppetdb_package` -Default value: `$puppetdb::params::database_host` - -##### `database_port` +##### `puppetdb_service` Data type: `Any` +The name of the PuppetDB service. Defaults to `puppetdb`. +Default value: `$puppetdb::params::puppetdb_service` -Default value: `$puppetdb::params::database_port` - -##### `database_username` +##### `puppetdb_service_status` Data type: `Any` +Sets whether the service should be `running ` or `stopped`. When set to `stopped` the +service doesn't start on boot either. Valid values are `true`, `running`, +`false`, and `stopped`. +Default value: `$puppetdb::params::puppetdb_service_status` -Default value: `$puppetdb::params::database_username` - -##### `database_password` +##### `confdir` Data type: `Any` +The PuppetDB configuration directory. Defaults to `/etc/puppetdb/conf.d`. +Default value: `$puppetdb::params::confdir` -Default value: `$puppetdb::params::database_password` - -##### `database_name` +##### `vardir` Data type: `Any` +The parent directory for the MQ's data directory. +Default value: `$puppetdb::params::vardir` -Default value: `$puppetdb::params::database_name` - -##### `manage_db_password` +##### `java_args` Data type: `Any` +Java VM options used for overriding default Java VM options specified in +PuppetDB package. Defaults to `{}`. See +[PuppetDB Configuration](https://puppet.com/docs/puppetdb/latest/configure.html) +to get more details about the current defaults. +For example, to set `-Xmx512m -Xms256m` options use: -Default value: `$puppetdb::params::manage_db_password` - -##### `jdbc_ssl_properties` - -Data type: `Any` - - + { + '-Xmx' => '512m', + '-Xms' => '256m', + } -Default value: `$puppetdb::params::jdbc_ssl_properties` +Default value: `$puppetdb::params::java_args` -##### `database_listen_address` +##### `merge_default_java_args` Data type: `Any` +Sets whether the provided java args should be merged with the defaults, or +should override the defaults. This setting is necessary if any of the defaults +are to be removed. Defaults to true. If `false`, the `java_args` in the PuppetDB +init config file will reflect only what is passed via the `java_args` param. +Default value: `$puppetdb::params::merge_default_java_args` -Default value: `$puppetdb::params::postgres_listen_addresses` - -##### `database_validate` +##### `max_threads` Data type: `Any` +Jetty option to explicitly set `max-threads`. Defaults to `undef`, so the +PuppetDB-Jetty default is used. +Default value: `$puppetdb::params::max_threads` -Default value: `$puppetdb::params::database_validate` - -##### `node_ttl` +##### `read_database_host` Data type: `Any` +*This parameter must be set to use another PuppetDB instance for queries.* +The hostname or IP address of the read database server. If set to `undef`, and +`manage_database` is set to `true`, it will use the value of the `database_host` +parameter. This option is supported in PuppetDB >= 1.6. -Default value: `$puppetdb::params::node_ttl` +Default value: `$puppetdb::params::read_database_host` -##### `node_purge_ttl` +##### `read_database_port` Data type: `Any` +The port that the read database server listens on. If `read_database_host` +is set to `undef`, and `manage_database` is set to `true`, it will use the value of +the `database_port` parameter. This option is supported in PuppetDB >= 1.6. +Default value: `$puppetdb::params::read_database_port` -Default value: `$puppetdb::params::node_purge_ttl` - -##### `report_ttl` +##### `read_database_username` Data type: `Any` +The name of the read database user to connect as. Defaults to `puppetdb-read`. This +option is supported in PuppetDB >= 1.6. +Default value: `$puppetdb::params::read_database_username` -Default value: `$puppetdb::params::report_ttl` - -##### `facts_blacklist` - -Data type: `Optional[Array]` +##### `read_database_password` +Data type: `Any` +The password for the read database user. Defaults to `puppetdb-read`. This option is +supported in PuppetDB >= 1.6. -Default value: `$puppetdb::params::facts_blacklist` +Default value: `$puppetdb::params::read_database_password` -##### `gc_interval` +##### `manage_read_db_password` Data type: `Any` +Whether or not the database password in read-database.ini will be managed by this module. +Set this to `false` if you want to set the password some other way. +Defaults to `true` +Default value: `$puppetdb::params::manage_read_db_password` -Default value: `$puppetdb::params::gc_interval` - -##### `node_purge_gc_batch_limit` +##### `read_database_name` Data type: `Any` +The name of the read database instance to connect to. If `read_database_host` +is set to `undef`, and `manage_database` is set to `true`, it will use the value of +the `database_name` parameter. This option is supported in PuppetDB >= 1.6. +Default value: `$puppetdb::params::read_database_name` -Default value: `$puppetdb::params::node_purge_gc_batch_limit` - -##### `log_slow_statements` +##### `read_log_slow_statements` Data type: `Any` +This sets the number of seconds before an SQL query to the read database is +considered "slow." Slow SQL queries are logged as warnings, to assist in +debugging and tuning. Note PuppetDB does not interrupt slow queries; it simply +reports them after they complete. +The default value is 10 seconds. A value of 0 will disable logging of slow +queries. This option is supported in PuppetDB >= 1.6. -Default value: `$puppetdb::params::log_slow_statements` +Default value: `$puppetdb::params::read_log_slow_statements` -##### `conn_max_age` +##### `read_conn_max_age` Data type: `Any` +The maximum time (in minutes) for a pooled read database connection to remain +unused before it is closed off. +If not supplied, we default to 60 minutes. This option is supported in PuppetDB >= 1.6. -Default value: `$puppetdb::params::conn_max_age` +Default value: `$puppetdb::params::read_conn_max_age` -##### `conn_keep_alive` +##### `read_conn_keep_alive` Data type: `Any` +This sets the time (in minutes) for a read database connection to remain idle +before sending a test query to the DB. This is useful to prevent a DB from +timing out connections on its end. +If not supplied, we default to 45 minutes. This option is supported in PuppetDB >= 1.6. -Default value: `$puppetdb::params::conn_keep_alive` +Default value: `$puppetdb::params::read_conn_keep_alive` -##### `conn_lifetime` +##### `read_conn_lifetime` Data type: `Any` +The maximum time (in minutes) a pooled read database connection should remain +open. Any connections older than this setting will be closed off. Connections +currently in use will not be affected until they are returned to the pool. +If not supplied, we won't terminate connections based on their age alone. This +option is supported in PuppetDB >= 1.6. -Default value: `$puppetdb::params::conn_lifetime` +Default value: `$puppetdb::params::read_conn_lifetime` -##### `puppetdb_package` +##### `ssl_dir` Data type: `Any` +Base directory for PuppetDB SSL configuration. Defaults to `/etc/puppetdb/ssl` +or `/etc/puppetlabs/puppetdb/ssl` for FOSS and PE respectively. +Default value: `$puppetdb::params::ssl_dir` -Default value: `$puppetdb::params::puppetdb_package` - -##### `puppetdb_service` +##### `ssl_set_cert_paths` Data type: `Any` +A switch to enable or disable the management of SSL certificates in your +`jetty.ini` configuration file. +Default value: `$puppetdb::params::ssl_set_cert_paths` -Default value: `$puppetdb::params::puppetdb_service` - -##### `puppetdb_service_status` +##### `ssl_cert_path` Data type: `Any` +Path to your SSL certificate for populating `jetty.ini`. +Default value: `$puppetdb::params::ssl_cert_path` -Default value: `$puppetdb::params::puppetdb_service_status` - -##### `puppetdb_user` +##### `ssl_key_path` Data type: `Any` +Path to your SSL key for populating `jetty.ini`. +Default value: `$puppetdb::params::ssl_key_path` -Default value: `$puppetdb::params::puppetdb_user` - -##### `puppetdb_group` +##### `ssl_ca_cert_path` Data type: `Any` +Path to your SSL CA for populating `jetty.ini`. +Default value: `$puppetdb::params::ssl_ca_cert_path` -Default value: `$puppetdb::params::puppetdb_group` - -##### `puppetdb_server` +##### `ssl_deploy_certs` Data type: `Any` +A boolean switch to enable or disable the management of SSL keys in your +`ssl_dir`. Default is `false`. +Default value: `$puppetdb::params::ssl_deploy_certs` -Default value: `$puppetdb::params::puppetdb_server` - -##### `read_database_host` +##### `ssl_key` Data type: `Any` +Contents of your SSL key, as a string. +Default value: `$puppetdb::params::ssl_key` -Default value: `$puppetdb::params::read_database_host` - -##### `read_database_port` +##### `ssl_cert` Data type: `Any` +Contents of your SSL certificate, as a string. +Default value: `$puppetdb::params::ssl_cert` -Default value: `$puppetdb::params::read_database_port` - -##### `read_database_username` +##### `ssl_ca_cert` Data type: `Any` +Contents of your SSL CA certificate, as a string. +Default value: `$puppetdb::params::ssl_ca_cert` -Default value: `$puppetdb::params::read_database_username` - -##### `read_database_password` +##### `manage_firewall` Data type: `Any` +If `true`, puppet will manage your iptables rules for PuppetDB via the +[puppetlabs-firewall](https://forge.puppetlabs.com/puppetlabs/firewall) class. +Default value: `$puppetdb::params::manage_firewall` -Default value: `$puppetdb::params::read_database_password` - -##### `read_database_name` +##### `command_threads` Data type: `Any` +The number of command processing threads to use. Defaults to `undef`, using the +PuppetDB built-in default. +Default value: `$puppetdb::params::command_threads` -Default value: `$puppetdb::params::read_database_name` - -##### `manage_read_db_password` +##### `concurrent_writes` Data type: `Any` +The number of threads allowed to write to disk at any one time. Defaults to +`undef`, which uses the PuppetDB built-in default. +Default value: `$puppetdb::params::concurrent_writes` -Default value: `$puppetdb::params::manage_read_db_password` - -##### `read_database_jdbc_ssl_properties` +##### `store_usage` Data type: `Any` +The amount of disk space (in MB) to allow for persistent message storage. +Defaults to `undef`, using the PuppetDB built-in default. +Default value: `$puppetdb::params::store_usage` -Default value: `$puppetdb::params::read_database_jdbc_ssl_properties` - -##### `read_database_validate` +##### `temp_usage` Data type: `Any` +The amount of disk space (in MB) to allow for temporary message storage. +Defaults to `undef`, using the PuppetDB built-in default. +Default value: `$puppetdb::params::temp_usage` -Default value: `$puppetdb::params::read_database_validate` - -##### `read_log_slow_statements` +##### `disable_update_checking` Data type: `Any` +Setting this to true disables checking for updated versions of PuppetDB and sending basic analytics data to Puppet. +Defaults to `undef`, using the PuppetDB built-in default. +Default value: `$puppetdb::params::disable_update_checking` -Default value: `$puppetdb::params::read_log_slow_statements` - -##### `read_conn_max_age` +##### `certificate_whitelist_file` Data type: `Any` +The name of the certificate whitelist file to set up and configure in PuppetDB. Defaults to `/etc/puppetdb/certificate-whitelist` or `/etc/puppetlabs/puppetdb/certificate-whitelist` for FOSS and PE respectively. +Default value: `$puppetdb::params::certificate_whitelist_file` -Default value: `$puppetdb::params::read_conn_max_age` - -##### `read_conn_keep_alive` +##### `certificate_whitelist` Data type: `Any` +Array of the X.509 certificate Common Names of clients allowed to connect to PuppetDB. Defaults to empty. Be aware that this permits full access to all Puppet clients to download anything contained in PuppetDB, including the full catalogs of all nodes, which possibly contain sensitive information. Set to `[ $::servername ]` to allow access only from your (single) Puppet master, which is enough for normal operation. Set to a list of Puppet masters if you have multiple. +Default value: `$puppetdb::params::certificate_whitelist` -Default value: `$puppetdb::params::read_conn_keep_alive` +##### `automatic_dlo_cleanup` -##### `read_conn_lifetime` +Data type: `Boolean` -Data type: `Any` +PuppetDB creates [Dead Letter Office](https://puppet.com/docs/puppetdb/5.2/maintain_and_tune.html#clean-up-the-dead-letter-office). +Those are reports of failed requests. They spill up the disk. This parameter is +a boolean and defaults to false. You can enable automatic cleanup of DLO +reports by setting this to true. +Default value: `$puppetdb::params::automatic_dlo_cleanup` +##### `cleanup_timer_interval` -Default value: `$puppetdb::params::read_conn_lifetime` +Data type: `String[1]` -##### `confdir` +The DLO cleanup is a systemd timer if systemd is available, otherwise a +cronjob. The variable configures the systemd.timer option [onCalender](https://www.freedesktop.org/software/systemd/man/systemd.timer.html#OnCalendar=). +It defaults to `*-*-* ${fqdn_rand(24)}:${fqdn_rand(60)}:00`. This will start +the cleanup service on a daily basis. The exact minute and hour is random +per node based on the [fqdn_rand](https://puppet.com/docs/puppet/5.5/function.html#fqdnrand) +method. On non-systemd systems, the cron runs daily and the `$puppetdb_user` needs +to be able to run cron jobs. On systemd systems you need the [camptocamp/systemd](https://forge.puppet.com/camptocamp/systemd) +module, which is an optional dependency and not automatically installed! -Data type: `Any` +Default value: `$puppetdb::params::cleanup_timer_interval` +##### `dlo_max_age` +Data type: `Integer[1]` -Default value: `$puppetdb::params::confdir` +This is a positive integer. It describes the amount of days you want to keep +the DLO reports. The default value is 90 days. -##### `vardir` +Default value: `$puppetdb::params::dlo_max_age` + +##### `ssl_key_pk8_path` Data type: `Any` -Default value: `$puppetdb::params::vardir` +Default value: `$puppetdb::params::ssl_key_pk8_path` -##### `manage_firewall` +##### `postgresql_ssl_folder` Data type: `Any` -Default value: `$puppetdb::params::manage_firewall` +Default value: `$puppetdb::params::postgresql_ssl_folder` -##### `java_args` +##### `postgresql_ssl_cert_path` Data type: `Any` -Default value: `$puppetdb::params::java_args` +Default value: `$puppetdb::params::postgresql_ssl_cert_path` -##### `merge_default_java_args` +##### `postgresql_ssl_key_path` Data type: `Any` -Default value: `$puppetdb::params::merge_default_java_args` +Default value: `$puppetdb::params::postgresql_ssl_key_path` -##### `max_threads` +##### `postgresql_ssl_ca_cert_path` Data type: `Any` -Default value: `$puppetdb::params::max_threads` +Default value: `$puppetdb::params::postgresql_ssl_ca_cert_path` -##### `command_threads` +##### `manage_package_repo` Data type: `Any` -Default value: `$puppetdb::params::command_threads` +Default value: `$puppetdb::params::manage_pg_repo` -##### `concurrent_writes` +##### `postgres_version` Data type: `Any` -Default value: `$puppetdb::params::concurrent_writes` +Default value: `$puppetdb::params::postgres_version` -##### `store_usage` +##### `database_listen_address` Data type: `Any` -Default value: `$puppetdb::params::store_usage` +Default value: `$puppetdb::params::postgres_listen_addresses` -##### `temp_usage` +##### `facts_blacklist` -Data type: `Any` +Data type: `Optional[Array]` -Default value: `$puppetdb::params::temp_usage` +Default value: `$puppetdb::params::facts_blacklist` -##### `disable_update_checking` +##### `node_purge_gc_batch_limit` Data type: `Any` -Default value: `$puppetdb::params::disable_update_checking` +Default value: `$puppetdb::params::node_purge_gc_batch_limit` -##### `certificate_whitelist_file` +##### `puppetdb_user` Data type: `Any` -Default value: `$puppetdb::params::certificate_whitelist_file` +Default value: `$puppetdb::params::puppetdb_user` -##### `certificate_whitelist` +##### `puppetdb_group` Data type: `Any` -Default value: `$puppetdb::params::certificate_whitelist` +Default value: `$puppetdb::params::puppetdb_group` -##### `database_max_pool_size` +##### `puppetdb_server` Data type: `Any` -Default value: `$puppetdb::params::database_max_pool_size` +Default value: `$puppetdb::params::puppetdb_server` -##### `read_database_max_pool_size` +##### `read_database_jdbc_ssl_properties` Data type: `Any` -Default value: `$puppetdb::params::read_database_max_pool_size` +Default value: `$puppetdb::params::read_database_jdbc_ssl_properties` -##### `automatic_dlo_cleanup` +##### `read_database_validate` -Data type: `Boolean` +Data type: `Any` -Default value: `$puppetdb::params::automatic_dlo_cleanup` +Default value: `$puppetdb::params::read_database_validate` -##### `cleanup_timer_interval` +##### `database_max_pool_size` -Data type: `String[1]` +Data type: `Any` -Default value: `$puppetdb::params::cleanup_timer_interval` +Default value: `$puppetdb::params::database_max_pool_size` -##### `dlo_max_age` +##### `read_database_max_pool_size` -Data type: `Integer[1]` +Data type: `Any` -Default value: `$puppetdb::params::dlo_max_age` +Default value: `$puppetdb::params::read_database_max_pool_size` ##### `java_bin` diff --git a/manifests/init.pp b/manifests/init.pp index ae78d2f8..da0febad 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,5 +1,314 @@ # manage PuppetDB # +# @param listen_address +# The address that the web server should bind to for HTTP requests. Defaults to +# `localhost`. Set to `0.0.0.0` to listen on all addresses. +# +# @param listen_port +# The port on which the puppetdb web server should accept HTTP requests. Defaults +# to `8080`. +# +# @param disable_cleartext +# If `true`, the puppetdb web server will only serve HTTPS and not HTTP requests (defaults to false). +# +# @param open_listen_port +# If `true`, open the `http_listen_port` on the firewall. Defaults to `false`. +# +# @param ssl_listen_address +# The address that the web server should bind to for HTTPS requests. Defaults to +# `0.0.0.0` to listen on all addresses. +# +# @param ssl_listen_port +# The port on which the puppetdb web server should accept HTTPS requests. Defaults +# to `8081`. +# +# @param disable_ssl +# If `true`, the puppetdb web server will only serve HTTP and not HTTPS requests. +# Defaults to `false`. +# +# @param open_ssl_listen_port +# If true, open the `ssl_listen_port` on the firewall. Defaults to `undef`. +# +# @param ssl_protocols +# Specify the supported SSL protocols for PuppetDB (e.g. TLSv1, TLSv1.1, TLSv1.2.) +# +# @param postgresql_ssl_on +# If `true`, it configures SSL connections between PuppetDB and the PostgreSQL database. +# Defaults to `false`. +# +# @param cipher_suites +# Configure jetty's supported `cipher-suites` (e.g. `SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384`). +# Defaults to `undef`. +# +# @param migrate +# If `true`, puppetdb will automatically migrate to the latest database format at startup. If `false`, if the database format supplied by this version of PuppetDB doesn't match the version expected (whether newer or older), PuppetDB will exit with an error status. Defaults to `true`. +# +# @param manage_dbserver +# If true, the PostgreSQL server will be managed by this module. Defaults to `true`. +# +# @param manage_database +# If true, the PostgreSQL database will be managed by this module. Defaults to `true`. +# +# @param database_host +# Hostname to use for the database connection. For single case installations this +# should be left as the default. Defaults to `localhost`. +# +# @param database_port +# The port that the database server listens on. Defaults to `5432`. +# +# @param database_username +# The name of the database user to connect as. Defaults to `puppetdb`. +# +# @param database_password +# The password for the database user. Defaults to `puppetdb`. +# +# @param manage_db_password +# Whether or not the database password in database.ini will be managed by this module. +# Set this to `false` if you want to set the password some other way. +# Defaults to `true` +# +# @param database_name +# The name of the database instance to connect to. Defaults to `puppetdb`. +# +# @param jdbc_ssl_properties +# The text to append to the JDBC connection URI. This should begin with a '?' +# character. For example, to use SSL for the PostgreSQL connection, set this +# parameter's value to `?ssl=true`. +# +# @param database_validate +# If true, the module will attempt to connect to the database using the specified +# settings and fail if it is not able to do so. Defaults to `true`. +# +# @param node_ttl +# The length of time a node can go without receiving any new data before it's +# automatically deactivated. (defaults to '7d', which is a 7-day period. Set to +# '0d' to disable auto-deactivation). This option is supported in PuppetDB >= +# 1.1.0. +# +# @param node_purge_ttl +# The length of time a node can be deactivated before it's deleted from the +# database. (defaults to '14d', which is a 14-day period. Set to '0d' to disable +# purging). This option is supported in PuppetDB >= 1.2.0. +# +# @param report_ttl +# The length of time reports should be stored before being deleted. (defaults to +# `14d`, which is a 14-day period). This option is supported in PuppetDB >= 1.1.0. +# +# @param gc_interval +# This controls how often (in minutes) to compact the database. The compaction +# process reclaims space and deletes unnecessary rows. If not supplied, the +# default is every 60 minutes. This option is supported in PuppetDB >= 0.9. +# +# @param log_slow_statements +# This sets the number of seconds before an SQL query is considered "slow." Slow +# SQL queries are logged as warnings, to assist in debugging and tuning. Note +# PuppetDB does not interrupt slow queries; it simply reports them after they +# complete. +# +# The default value is `10` seconds. A value of 0 will disable logging of slow +# queries. This option is supported in PuppetDB >= 1.1. +# +# @param conn_max_age +# The maximum time (in minutes) for a pooled connection to remain unused before +# it is closed off. +# +# If not supplied, we default to `60` minutes. This option is supported in PuppetDB >= 1.1. +# +# @param conn_keep_alive +# This sets the time (in minutes) for a connection to remain idle before sending +# a test query to the DB. This is useful to prevent a DB from timing out +# connections on its end. +# +# If not supplied, we default to 45 minutes. This option is supported in PuppetDB >= 1.1. +# +# @param conn_lifetime +# The maximum time (in minutes) a pooled connection should remain open. Any +# connections older than this setting will be closed off. Connections currently in +# use will not be affected until they are returned to the pool. +# +# If not supplied, we won't terminate connections based on their age alone. This +# option is supported in PuppetDB >= 1.4. +# +# @param puppetdb_package +# The PuppetDB package name in the package manager. Defaults to `present`. +# +# @param puppetdb_service +# The name of the PuppetDB service. Defaults to `puppetdb`. +# +# @param puppetdb_service_status +# Sets whether the service should be `running ` or `stopped`. When set to `stopped` the +# service doesn't start on boot either. Valid values are `true`, `running`, +# `false`, and `stopped`. +# +# @param confdir +# The PuppetDB configuration directory. Defaults to `/etc/puppetdb/conf.d`. +# +# @param vardir +# The parent directory for the MQ's data directory. +# +# @param java_args +# Java VM options used for overriding default Java VM options specified in +# PuppetDB package. Defaults to `{}`. See +# [PuppetDB Configuration](https://puppet.com/docs/puppetdb/latest/configure.html) +# to get more details about the current defaults. +# +# For example, to set `-Xmx512m -Xms256m` options use: +# +# { +# '-Xmx' => '512m', +# '-Xms' => '256m', +# } +# +# @param merge_default_java_args +# Sets whether the provided java args should be merged with the defaults, or +# should override the defaults. This setting is necessary if any of the defaults +# are to be removed. Defaults to true. If `false`, the `java_args` in the PuppetDB +# init config file will reflect only what is passed via the `java_args` param. +# +# @param max_threads +# Jetty option to explicitly set `max-threads`. Defaults to `undef`, so the +# PuppetDB-Jetty default is used. +# +# @param read_database_host +# *This parameter must be set to use another PuppetDB instance for queries.* +# +# The hostname or IP address of the read database server. If set to `undef`, and +# `manage_database` is set to `true`, it will use the value of the `database_host` +# parameter. This option is supported in PuppetDB >= 1.6. +# +# @param read_database_port +# The port that the read database server listens on. If `read_database_host` +# is set to `undef`, and `manage_database` is set to `true`, it will use the value of +# the `database_port` parameter. This option is supported in PuppetDB >= 1.6. +# +# @param read_database_username +# The name of the read database user to connect as. Defaults to `puppetdb-read`. This +# option is supported in PuppetDB >= 1.6. +# +# @param read_database_password +# The password for the read database user. Defaults to `puppetdb-read`. This option is +# supported in PuppetDB >= 1.6. +# +# @param manage_read_db_password +# Whether or not the database password in read-database.ini will be managed by this module. +# Set this to `false` if you want to set the password some other way. +# Defaults to `true` +# +# @param read_database_name +# The name of the read database instance to connect to. If `read_database_host` +# is set to `undef`, and `manage_database` is set to `true`, it will use the value of +# the `database_name` parameter. This option is supported in PuppetDB >= 1.6. +# +# @param read_log_slow_statements +# This sets the number of seconds before an SQL query to the read database is +# considered "slow." Slow SQL queries are logged as warnings, to assist in +# debugging and tuning. Note PuppetDB does not interrupt slow queries; it simply +# reports them after they complete. +# +# The default value is 10 seconds. A value of 0 will disable logging of slow +# queries. This option is supported in PuppetDB >= 1.6. +# +# @param read_conn_max_age +# The maximum time (in minutes) for a pooled read database connection to remain +# unused before it is closed off. +# +# If not supplied, we default to 60 minutes. This option is supported in PuppetDB >= 1.6. +# +# @param read_conn_keep_alive +# This sets the time (in minutes) for a read database connection to remain idle +# before sending a test query to the DB. This is useful to prevent a DB from +# timing out connections on its end. +# +# If not supplied, we default to 45 minutes. This option is supported in PuppetDB >= 1.6. +# +# @param read_conn_lifetime +# The maximum time (in minutes) a pooled read database connection should remain +# open. Any connections older than this setting will be closed off. Connections +# currently in use will not be affected until they are returned to the pool. +# +# If not supplied, we won't terminate connections based on their age alone. This +# option is supported in PuppetDB >= 1.6. +# +# @param ssl_dir +# Base directory for PuppetDB SSL configuration. Defaults to `/etc/puppetdb/ssl` +# or `/etc/puppetlabs/puppetdb/ssl` for FOSS and PE respectively. +# +# @param ssl_set_cert_paths +# A switch to enable or disable the management of SSL certificates in your +# `jetty.ini` configuration file. +# +# @param ssl_cert_path +# Path to your SSL certificate for populating `jetty.ini`. +# +# @param ssl_key_path +# Path to your SSL key for populating `jetty.ini`. +# +# @param ssl_ca_cert_path +# Path to your SSL CA for populating `jetty.ini`. +# +# @param ssl_deploy_certs +# A boolean switch to enable or disable the management of SSL keys in your +# `ssl_dir`. Default is `false`. +# +# @param ssl_key +# Contents of your SSL key, as a string. +# +# @param ssl_cert +# Contents of your SSL certificate, as a string. +# +# @param ssl_ca_cert +# Contents of your SSL CA certificate, as a string. +# +# @param manage_firewall +# If `true`, puppet will manage your iptables rules for PuppetDB via the +# [puppetlabs-firewall](https://forge.puppetlabs.com/puppetlabs/firewall) class. +# +# @param command_threads +# The number of command processing threads to use. Defaults to `undef`, using the +# PuppetDB built-in default. +# +# @param concurrent_writes +# The number of threads allowed to write to disk at any one time. Defaults to +# `undef`, which uses the PuppetDB built-in default. +# +# @param store_usage +# The amount of disk space (in MB) to allow for persistent message storage. +# Defaults to `undef`, using the PuppetDB built-in default. +# +# @param temp_usage +# The amount of disk space (in MB) to allow for temporary message storage. +# Defaults to `undef`, using the PuppetDB built-in default. +# +# @param disable_update_checking +# Setting this to true disables checking for updated versions of PuppetDB and sending basic analytics data to Puppet. +# Defaults to `undef`, using the PuppetDB built-in default. +# +# @param certificate_whitelist_file +# The name of the certificate whitelist file to set up and configure in PuppetDB. Defaults to `/etc/puppetdb/certificate-whitelist` or `/etc/puppetlabs/puppetdb/certificate-whitelist` for FOSS and PE respectively. +# +# @param certificate_whitelist +# Array of the X.509 certificate Common Names of clients allowed to connect to PuppetDB. Defaults to empty. Be aware that this permits full access to all Puppet clients to download anything contained in PuppetDB, including the full catalogs of all nodes, which possibly contain sensitive information. Set to `[ $::servername ]` to allow access only from your (single) Puppet master, which is enough for normal operation. Set to a list of Puppet masters if you have multiple. +# +# @param automatic_dlo_cleanup +# PuppetDB creates [Dead Letter Office](https://puppet.com/docs/puppetdb/5.2/maintain_and_tune.html#clean-up-the-dead-letter-office). +# Those are reports of failed requests. They spill up the disk. This parameter is +# a boolean and defaults to false. You can enable automatic cleanup of DLO +# reports by setting this to true. +# +# @param cleanup_timer_interval +# The DLO cleanup is a systemd timer if systemd is available, otherwise a +# cronjob. The variable configures the systemd.timer option [onCalender](https://www.freedesktop.org/software/systemd/man/systemd.timer.html#OnCalendar=). +# It defaults to `*-*-* ${fqdn_rand(24)}:${fqdn_rand(60)}:00`. This will start +# the cleanup service on a daily basis. The exact minute and hour is random +# per node based on the [fqdn_rand](https://puppet.com/docs/puppet/5.5/function.html#fqdnrand) +# method. On non-systemd systems, the cron runs daily and the `$puppetdb_user` needs +# to be able to run cron jobs. On systemd systems you need the [camptocamp/systemd](https://forge.puppet.com/camptocamp/systemd) +# module, which is an optional dependency and not automatically installed! +# +# @param dlo_max_age +# This is a positive integer. It describes the amount of days you want to keep +# the DLO reports. The default value is 90 days. +# class puppetdb ( $listen_address = $puppetdb::params::listen_address, $listen_port = $puppetdb::params::listen_port, From 315359fd61ddea08ef85851c20c905e66dba66a3 Mon Sep 17 00:00:00 2001 From: Jeffrey Clark Date: Sat, 3 Feb 2024 19:05:13 -0600 Subject: [PATCH 43/97] move class globals parameter reference to pp --- README.md | 7 ------- REFERENCE.md | 3 ++- manifests/globals.pp | 4 ++++ 3 files changed, 6 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 1467c3bc..12bf9861 100644 --- a/README.md +++ b/README.md @@ -339,13 +339,6 @@ You must declare the class to use it: class { 'puppetdb::globals': } -**Parameters within `puppetdb::globals`:** - -#### `version` - -The version of the `puppetdb` package that should be installed. You may specify -an explicit version number, 'present', or 'latest' (defaults to 'present'). - ### puppetdb The `puppetdb` class is intended as a high-level abstraction (sort of an diff --git a/REFERENCE.md b/REFERENCE.md index e10a11c1..3aef510d 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -1121,7 +1121,8 @@ The following parameters are available in the `puppetdb::globals` class: Data type: `Any` - +The version of the `puppetdb` package that should be installed. You may specify +an explicit version number, 'present', or 'latest' (defaults to 'present'). Default value: `'present'` diff --git a/manifests/globals.pp b/manifests/globals.pp index 361b1b9f..e503d13d 100644 --- a/manifests/globals.pp +++ b/manifests/globals.pp @@ -1,5 +1,9 @@ # global configuration class for PuppetDB # +# @param version +# The version of the `puppetdb` package that should be installed. You may specify +# an explicit version number, 'present', or 'latest' (defaults to 'present'). +# class puppetdb::globals ( $version = 'present', Stdlib::Absolutepath $puppet_confdir = $settings::confdir, From 3aa0a2030a52f2d551583e1e83f26436990e6665 Mon Sep 17 00:00:00 2001 From: Jeffrey Clark Date: Sat, 3 Feb 2024 19:10:51 -0600 Subject: [PATCH 44/97] move class master::config parameter reference to pp --- README.md | 107 ------------------------------------ REFERENCE.md | 109 +++++++++++++++++++++++-------------- manifests/master/config.pp | 86 +++++++++++++++++++++++++++++ 3 files changed, 155 insertions(+), 147 deletions(-) diff --git a/README.md b/README.md index 12bf9861..730b1d7d 100644 --- a/README.md +++ b/README.md @@ -383,113 +383,6 @@ from managing that file, and you’ll need to manage it yourself. puppetdb_port => 8081, } -**Parameters within `puppetdb::master::config`:** - -#### `puppetdb_server` - -The dns name or ip of the PuppetDB server. Defaults to the hostname of the -current node, i.e. `$::fqdn`. - -#### `puppetdb_port` - -The port that the PuppetDB server is running on. Defaults to `8081`. - -#### `puppetdb_disable_ssl` - -If true, use plain HTTP to talk to PuppetDB. Defaults to the value of -`disable_ssl` if PuppetDB is on the same server as the Puppet Master, or else -false. If you set this, you probably need to set `puppetdb_port` to match the HTTP -port of the PuppetDB. - -#### `puppetdb_soft_write_failure` - -Boolean to fail in a soft manner if PuppetDB is not accessible for command -submission Defaults to `false`. - -#### `manage_routes` - -If `true`, the module will overwrite the Puppet master's routes file to -configure it to use PuppetDB. Defaults to `true`. - -#### `manage_storeconfigs` - -If `true`, the module will manage the Puppet master's storeconfig settings. -Defaults to `true`. - -#### `manage_report_processor` - -If `true`, the module will manage the 'reports' field in the puppet.conf file to -enable or disable the PuppetDB report processor. Defaults to `false`. - -#### `manage_config` - -If `true`, the module will store values from `puppetdb_server` and `puppetdb_port` -parameters in the PuppetDB configuration file. If `false`, an existing PuppetDB -configuration file will be used to retrieve server and port values. - -#### `create_puppet_service_resource` - -If `true`, AND if `restart_puppet` is true, then the module will create a service -resource for `puppet_service_name` if it has not been defined. Defaults to `true`. -If you are already declaring the `puppet_service_name` service resource in another -part of your code, setting this to `false` will avoid creation of that service -resource by this module, avoiding potential duplicate resource errors. - -#### `strict_validation` - -If `true`, the module will fail if PuppetDB is not reachable, otherwise it will -preconfigure PuppetDB without checking. - -#### `enable_reports` - -Ignored unless `manage_report_processor` is `true`, in which case this setting -will determine whether or not the PuppetDB report processor is enabled (`true`) -or disabled (`false`) in the puppet.conf file. - -#### `enable_storeconfigs` - -Ignored unless `manage_storeconfigs` is `true`, in which case this setting -will determine whether or not client configuration storage is enabled (`true`) -or disabled (`false`) in the puppet.conf file. - -#### `puppet_confdir` - -Puppet's config directory. Defaults to `/etc/puppet`. - -#### `puppet_conf` - -Puppet's config file. Defaults to `/etc/puppet/puppet.conf`. - -#### `masterless` - -A boolean switch to enable or disable the masterless setup of PuppetDB. Defaults -to `false`. - -#### `terminus_package` - -Name of the package to use that represents the PuppetDB terminus code. Defaults -to `puppetdb-termini`, when `puppetdb_version` is set to `<= 2.3.x` the default -changes to `puppetdb-terminus`. - -#### `puppet_service_name` - -Name of the service that represents Puppet. You can change this to `apache2` or -`httpd` depending on your operating system, if you plan on having Puppet run -using Apache/Passenger for example. - -#### `puppetdb_startup_timeout` - -The maximum amount of time that the module should wait for PuppetDB to start up. -This is most important during the initial install of PuppetDB (defaults to 15 -seconds). - -#### `restart_puppet` - -If `true`, the module will restart the Puppet master when PuppetDB configuration -files are changed by the module. Defaults to `true`. If set to `false`, you -must restart the service manually in order to pick up changes to the config -files (other than `puppet.conf`). - ### puppetdb::database::postgresql The `puppetdb::database::postgresql` class manages a PostgreSQL server for use diff --git a/REFERENCE.md b/REFERENCE.md index 3aef510d..a30634ff 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -1145,29 +1145,30 @@ The following parameters are available in the `puppetdb::master::config` class: * [`puppetdb_server`](#-puppetdb--master--config--puppetdb_server) * [`puppetdb_port`](#-puppetdb--master--config--puppetdb_port) * [`puppetdb_disable_ssl`](#-puppetdb--master--config--puppetdb_disable_ssl) -* [`masterless`](#-puppetdb--master--config--masterless) * [`puppetdb_soft_write_failure`](#-puppetdb--master--config--puppetdb_soft_write_failure) * [`manage_routes`](#-puppetdb--master--config--manage_routes) * [`manage_storeconfigs`](#-puppetdb--master--config--manage_storeconfigs) -* [`enable_storeconfigs`](#-puppetdb--master--config--enable_storeconfigs) * [`manage_report_processor`](#-puppetdb--master--config--manage_report_processor) * [`manage_config`](#-puppetdb--master--config--manage_config) * [`create_puppet_service_resource`](#-puppetdb--master--config--create_puppet_service_resource) * [`strict_validation`](#-puppetdb--master--config--strict_validation) * [`enable_reports`](#-puppetdb--master--config--enable_reports) +* [`enable_storeconfigs`](#-puppetdb--master--config--enable_storeconfigs) * [`puppet_confdir`](#-puppetdb--master--config--puppet_confdir) * [`puppet_conf`](#-puppetdb--master--config--puppet_conf) +* [`masterless`](#-puppetdb--master--config--masterless) * [`terminus_package`](#-puppetdb--master--config--terminus_package) * [`puppet_service_name`](#-puppetdb--master--config--puppet_service_name) * [`puppetdb_startup_timeout`](#-puppetdb--master--config--puppetdb_startup_timeout) -* [`test_url`](#-puppetdb--master--config--test_url) * [`restart_puppet`](#-puppetdb--master--config--restart_puppet) +* [`test_url`](#-puppetdb--master--config--test_url) ##### `puppetdb_server` Data type: `Any` - +The dns name or ip of the PuppetDB server. Defaults to the hostname of the +current node, i.e. `$::fqdn`. Default value: `fact('networking.fqdn')` @@ -1175,7 +1176,7 @@ Default value: `fact('networking.fqdn')` Data type: `Any` - +The port that the PuppetDB server is running on. Defaults to `8081`. Default value: @@ -1192,7 +1193,10 @@ defined(Class['puppetdb']) ? { Data type: `Any` - +If true, use plain HTTP to talk to PuppetDB. Defaults to the value of +`disable_ssl` if PuppetDB is on the same server as the Puppet Master, or else +false. If you set this, you probably need to set `puppetdb_port` to match the HTTP +port of the PuppetDB. Default value: @@ -1202,19 +1206,12 @@ defined(Class['puppetdb']) ? { default => false ``` -##### `masterless` - -Data type: `Any` - - - -Default value: `$puppetdb::params::masterless` - ##### `puppetdb_soft_write_failure` Data type: `Any` - +Boolean to fail in a soft manner if PuppetDB is not accessible for command +submission Defaults to `false`. Default value: `false` @@ -1222,7 +1219,8 @@ Default value: `false` Data type: `Any` - +If `true`, the module will overwrite the Puppet master's routes file to +configure it to use PuppetDB. Defaults to `true`. Default value: `true` @@ -1230,15 +1228,8 @@ Default value: `true` Data type: `Any` - - -Default value: `true` - -##### `enable_storeconfigs` - -Data type: `Any` - - +If `true`, the module will manage the Puppet master's storeconfig settings. +Defaults to `true`. Default value: `true` @@ -1246,7 +1237,8 @@ Default value: `true` Data type: `Any` - +If `true`, the module will manage the 'reports' field in the puppet.conf file to +enable or disable the PuppetDB report processor. Defaults to `false`. Default value: `false` @@ -1254,7 +1246,9 @@ Default value: `false` Data type: `Any` - +If `true`, the module will store values from `puppetdb_server` and `puppetdb_port` +parameters in the PuppetDB configuration file. If `false`, an existing PuppetDB +configuration file will be used to retrieve server and port values. Default value: `true` @@ -1262,7 +1256,11 @@ Default value: `true` Data type: `Any` - +If `true`, AND if `restart_puppet` is true, then the module will create a service +resource for `puppet_service_name` if it has not been defined. Defaults to `true`. +If you are already declaring the `puppet_service_name` service resource in another +part of your code, setting this to `false` will avoid creation of that service +resource by this module, avoiding potential duplicate resource errors. Default value: `true` @@ -1270,7 +1268,8 @@ Default value: `true` Data type: `Any` - +If `true`, the module will fail if PuppetDB is not reachable, otherwise it will +preconfigure PuppetDB without checking. Default value: `true` @@ -1278,15 +1277,27 @@ Default value: `true` Data type: `Any` - +Ignored unless `manage_report_processor` is `true`, in which case this setting +will determine whether or not the PuppetDB report processor is enabled (`true`) +or disabled (`false`) in the puppet.conf file. Default value: `false` -##### `puppet_confdir` +##### `enable_storeconfigs` Data type: `Any` +Ignored unless `manage_storeconfigs` is `true`, in which case this setting +will determine whether or not client configuration storage is enabled (`true`) +or disabled (`false`) in the puppet.conf file. +Default value: `true` + +##### `puppet_confdir` + +Data type: `Any` + +Puppet's config directory. Defaults to `/etc/puppet`. Default value: `$puppetdb::params::puppet_confdir` @@ -1294,15 +1305,26 @@ Default value: `$puppetdb::params::puppet_confdir` Data type: `Any` - +Puppet's config file. Defaults to `/etc/puppet/puppet.conf`. Default value: `$puppetdb::params::puppet_conf` -##### `terminus_package` +##### `masterless` Data type: `Any` +A boolean switch to enable or disable the masterless setup of PuppetDB. Defaults +to `false`. + +Default value: `$puppetdb::params::masterless` + +##### `terminus_package` + +Data type: `Any` +Name of the package to use that represents the PuppetDB terminus code. Defaults +to `puppetdb-termini`, when `puppetdb_version` is set to `<= 2.3.x` the default +changes to `puppetdb-terminus`. Default value: `$puppetdb::params::terminus_package` @@ -1310,7 +1332,9 @@ Default value: `$puppetdb::params::terminus_package` Data type: `Any` - +Name of the service that represents Puppet. You can change this to `apache2` or +`httpd` depending on your operating system, if you plan on having Puppet run +using Apache/Passenger for example. Default value: `$puppetdb::params::puppet_service_name` @@ -1318,25 +1342,30 @@ Default value: `$puppetdb::params::puppet_service_name` Data type: `Any` - +The maximum amount of time that the module should wait for PuppetDB to start up. +This is most important during the initial install of PuppetDB (defaults to 15 +seconds). Default value: `$puppetdb::params::puppetdb_startup_timeout` -##### `test_url` +##### `restart_puppet` Data type: `Any` +If `true`, the module will restart the Puppet master when PuppetDB configuration +files are changed by the module. Defaults to `true`. If set to `false`, you +must restart the service manually in order to pick up changes to the config +files (other than `puppet.conf`). +Default value: `true` -Default value: `$puppetdb::params::test_url` - -##### `restart_puppet` +##### `test_url` Data type: `Any` -Default value: `true` +Default value: `$puppetdb::params::test_url` ### `puppetdb::server` diff --git a/manifests/master/config.pp b/manifests/master/config.pp index f591c518..4bb7493a 100644 --- a/manifests/master/config.pp +++ b/manifests/master/config.pp @@ -1,5 +1,91 @@ # manage the puppet configuration on the primary # +# @param puppetdb_server +# The dns name or ip of the PuppetDB server. Defaults to the hostname of the +# current node, i.e. `$::fqdn`. +# +# @param puppetdb_port +# The port that the PuppetDB server is running on. Defaults to `8081`. +# +# @param puppetdb_disable_ssl +# If true, use plain HTTP to talk to PuppetDB. Defaults to the value of +# `disable_ssl` if PuppetDB is on the same server as the Puppet Master, or else +# false. If you set this, you probably need to set `puppetdb_port` to match the HTTP +# port of the PuppetDB. +# +# @param puppetdb_soft_write_failure +# Boolean to fail in a soft manner if PuppetDB is not accessible for command +# submission Defaults to `false`. +# +# @param manage_routes +# If `true`, the module will overwrite the Puppet master's routes file to +# configure it to use PuppetDB. Defaults to `true`. +# +# @param manage_storeconfigs +# If `true`, the module will manage the Puppet master's storeconfig settings. +# Defaults to `true`. +# +# @param manage_report_processor +# If `true`, the module will manage the 'reports' field in the puppet.conf file to +# enable or disable the PuppetDB report processor. Defaults to `false`. +# +# @param manage_config +# If `true`, the module will store values from `puppetdb_server` and `puppetdb_port` +# parameters in the PuppetDB configuration file. If `false`, an existing PuppetDB +# configuration file will be used to retrieve server and port values. +# +# @param create_puppet_service_resource +# If `true`, AND if `restart_puppet` is true, then the module will create a service +# resource for `puppet_service_name` if it has not been defined. Defaults to `true`. +# If you are already declaring the `puppet_service_name` service resource in another +# part of your code, setting this to `false` will avoid creation of that service +# resource by this module, avoiding potential duplicate resource errors. +# +# @param strict_validation +# If `true`, the module will fail if PuppetDB is not reachable, otherwise it will +# preconfigure PuppetDB without checking. +# +# @param enable_reports +# Ignored unless `manage_report_processor` is `true`, in which case this setting +# will determine whether or not the PuppetDB report processor is enabled (`true`) +# or disabled (`false`) in the puppet.conf file. +# +# @param enable_storeconfigs +# Ignored unless `manage_storeconfigs` is `true`, in which case this setting +# will determine whether or not client configuration storage is enabled (`true`) +# or disabled (`false`) in the puppet.conf file. +# +# @param puppet_confdir +# Puppet's config directory. Defaults to `/etc/puppet`. +# +# @param puppet_conf +# Puppet's config file. Defaults to `/etc/puppet/puppet.conf`. +# +# @param masterless +# A boolean switch to enable or disable the masterless setup of PuppetDB. Defaults +# to `false`. +# +# @param terminus_package +# Name of the package to use that represents the PuppetDB terminus code. Defaults +# to `puppetdb-termini`, when `puppetdb_version` is set to `<= 2.3.x` the default +# changes to `puppetdb-terminus`. +# +# @param puppet_service_name +# Name of the service that represents Puppet. You can change this to `apache2` or +# `httpd` depending on your operating system, if you plan on having Puppet run +# using Apache/Passenger for example. +# +# @param puppetdb_startup_timeout +# The maximum amount of time that the module should wait for PuppetDB to start up. +# This is most important during the initial install of PuppetDB (defaults to 15 +# seconds). +# +# @param restart_puppet +# If `true`, the module will restart the Puppet master when PuppetDB configuration +# files are changed by the module. Defaults to `true`. If set to `false`, you +# must restart the service manually in order to pick up changes to the config +# files (other than `puppet.conf`). +# class puppetdb::master::config ( $puppetdb_server = fact('networking.fqdn'), $puppetdb_port = defined(Class['puppetdb']) ? { From 54556b0ac0c8abdf8b79045437ed9a8aac40374b Mon Sep 17 00:00:00 2001 From: Jeffrey Clark Date: Sat, 3 Feb 2024 19:18:33 -0600 Subject: [PATCH 45/97] move class database::postgresql parameter reference to pp --- README.md | 40 -------------------- REFERENCE.md | 63 +++++++++++++++++++------------- manifests/database/postgresql.pp | 32 ++++++++++++++++ 3 files changed, 70 insertions(+), 65 deletions(-) diff --git a/README.md b/README.md index 730b1d7d..6759ba62 100644 --- a/README.md +++ b/README.md @@ -393,46 +393,6 @@ creating and managing the PuppetDB database and database user accounts. listen_addresses => 'my.postgres.host.name', } -#### `listen_addresses` - -The `listen_address` is a comma-separated list of hostnames or IP addresses on -which the postgres server should listen for incoming connections. This defaults -to `localhost`. This parameter maps directly to PostgreSQL's `listen_addresses` -config option. Use a `*` to allow connections on any accessible address. - -#### `database_name` - -Sets the name of the database. Defaults to `puppetdb`. - -#### `database_username` - -Creates a user for access the database. Defaults to `puppetdb`. - -#### `database_password` - -Sets the password for the database user above. Defaults to `puppetdb`. - -#### `manage_server` - -Conditionally manages the PostgreSQL server via `postgresql::server`. Defaults -to `true`. If set to `false`, this class will create the database and user via -`postgresql::server::db` but not attempt to install or manage the server itself. - -#### `test_url` - -The URL to use for testing if the PuppetDB instance is running. Defaults to -`/pdb/meta/v1/version`. - -#### `manage_package_repo` - -If `true`, the official postgresql.org repo will be added and postgres won't -be installed from the regular repository. Defaults to `true`. - -#### `postgres_version` - -If the postgresql.org repo is installed, you can install several versions of -postgres. Defaults to `11` with PuppetDB version 7.0.0 or newer, and `9.6` in older versions. - Implementation --------------- diff --git a/REFERENCE.md b/REFERENCE.md index a30634ff..8197ef17 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -953,15 +953,16 @@ create the PuppetDB postgresql database The following parameters are available in the `puppetdb::database::postgresql` class: * [`listen_addresses`](#-puppetdb--database--postgresql--listen_addresses) -* [`puppetdb_server`](#-puppetdb--database--postgresql--puppetdb_server) * [`database_name`](#-puppetdb--database--postgresql--database_name) * [`database_username`](#-puppetdb--database--postgresql--database_username) * [`database_password`](#-puppetdb--database--postgresql--database_password) -* [`database_port`](#-puppetdb--database--postgresql--database_port) -* [`manage_database`](#-puppetdb--database--postgresql--manage_database) * [`manage_server`](#-puppetdb--database--postgresql--manage_server) +* [`test_url`](#-puppetdb--database--postgresql--test_url) * [`manage_package_repo`](#-puppetdb--database--postgresql--manage_package_repo) * [`postgres_version`](#-puppetdb--database--postgresql--postgres_version) +* [`puppetdb_server`](#-puppetdb--database--postgresql--puppetdb_server) +* [`database_port`](#-puppetdb--database--postgresql--database_port) +* [`manage_database`](#-puppetdb--database--postgresql--manage_database) * [`postgresql_ssl_on`](#-puppetdb--database--postgresql--postgresql_ssl_on) * [`postgresql_ssl_key_path`](#-puppetdb--database--postgresql--postgresql_ssl_key_path) * [`postgresql_ssl_cert_path`](#-puppetdb--database--postgresql--postgresql_ssl_cert_path) @@ -974,23 +975,18 @@ The following parameters are available in the `puppetdb::database::postgresql` c Data type: `Any` - +The `listen_address` is a comma-separated list of hostnames or IP addresses on +which the postgres server should listen for incoming connections. This defaults +to `localhost`. This parameter maps directly to PostgreSQL's `listen_addresses` +config option. Use a `*` to allow connections on any accessible address. Default value: `$puppetdb::params::database_host` -##### `puppetdb_server` - -Data type: `Any` - - - -Default value: `$puppetdb::params::puppetdb_server` - ##### `database_name` Data type: `Any` - +Sets the name of the database. Defaults to `puppetdb`. Default value: `$puppetdb::params::database_name` @@ -998,7 +994,7 @@ Default value: `$puppetdb::params::database_name` Data type: `Any` - +Creates a user for access the database. Defaults to `puppetdb`. Default value: `$puppetdb::params::database_username` @@ -1006,49 +1002,66 @@ Default value: `$puppetdb::params::database_username` Data type: `Any` - +Sets the password for the database user above. Defaults to `puppetdb`. Default value: `$puppetdb::params::database_password` -##### `database_port` +##### `manage_server` Data type: `Any` +Conditionally manages the PostgreSQL server via `postgresql::server`. Defaults +to `true`. If set to `false`, this class will create the database and user via +`postgresql::server::db` but not attempt to install or manage the server itself. +Default value: `$puppetdb::params::manage_dbserver` -Default value: `$puppetdb::params::database_port` +##### `test_url` -##### `manage_database` +The URL to use for testing if the PuppetDB instance is running. Defaults to +`/pdb/meta/v1/version`. + +##### `manage_package_repo` Data type: `Any` +If `true`, the official postgresql.org repo will be added and postgres won't +be installed from the regular repository. Defaults to `true`. +Default value: `$puppetdb::params::manage_pg_repo` -Default value: `$puppetdb::params::manage_database` +##### `postgres_version` -##### `manage_server` +Data type: `Any` + +If the postgresql.org repo is installed, you can install several versions of +postgres. Defaults to `11` with PuppetDB version 7.0.0 or newer, and `9.6` in older versions. + +Default value: `$puppetdb::params::postgres_version` + +##### `puppetdb_server` Data type: `Any` -Default value: `$puppetdb::params::manage_dbserver` +Default value: `$puppetdb::params::puppetdb_server` -##### `manage_package_repo` +##### `database_port` Data type: `Any` -Default value: `$puppetdb::params::manage_pg_repo` +Default value: `$puppetdb::params::database_port` -##### `postgres_version` +##### `manage_database` Data type: `Any` -Default value: `$puppetdb::params::postgres_version` +Default value: `$puppetdb::params::manage_database` ##### `postgresql_ssl_on` diff --git a/manifests/database/postgresql.pp b/manifests/database/postgresql.pp index b46b865c..27dc38fe 100644 --- a/manifests/database/postgresql.pp +++ b/manifests/database/postgresql.pp @@ -1,5 +1,37 @@ # create the PuppetDB postgresql database # +# @param listen_addresses +# The `listen_address` is a comma-separated list of hostnames or IP addresses on +# which the postgres server should listen for incoming connections. This defaults +# to `localhost`. This parameter maps directly to PostgreSQL's `listen_addresses` +# config option. Use a `*` to allow connections on any accessible address. +# +# @param database_name +# Sets the name of the database. Defaults to `puppetdb`. +# +# @param database_username +# Creates a user for access the database. Defaults to `puppetdb`. +# +# @param database_password +# Sets the password for the database user above. Defaults to `puppetdb`. +# +# @param manage_server +# Conditionally manages the PostgreSQL server via `postgresql::server`. Defaults +# to `true`. If set to `false`, this class will create the database and user via +# `postgresql::server::db` but not attempt to install or manage the server itself. +# +# @param test_url +# The URL to use for testing if the PuppetDB instance is running. Defaults to +# `/pdb/meta/v1/version`. +# +# @param manage_package_repo +# If `true`, the official postgresql.org repo will be added and postgres won't +# be installed from the regular repository. Defaults to `true`. +# +# @param postgres_version +# If the postgresql.org repo is installed, you can install several versions of +# postgres. Defaults to `11` with PuppetDB version 7.0.0 or newer, and `9.6` in older versions. +# class puppetdb::database::postgresql ( $listen_addresses = $puppetdb::params::database_host, $puppetdb_server = $puppetdb::params::puppetdb_server, From 93d263754098dc865389ce62d3b7893994bb5471 Mon Sep 17 00:00:00 2001 From: Jeffrey Clark Date: Sat, 3 Feb 2024 21:02:24 -0600 Subject: [PATCH 46/97] add missing parameter documentation to puppetdb class --- REFERENCE.md | 319 ++++++++++++++++++++++++---------------------- manifests/init.pp | 65 ++++++++++ 2 files changed, 230 insertions(+), 154 deletions(-) diff --git a/REFERENCE.md b/REFERENCE.md index 8197ef17..88baada7 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -74,10 +74,16 @@ The following parameters are available in the `puppetdb` class: * [`open_ssl_listen_port`](#-puppetdb--open_ssl_listen_port) * [`ssl_protocols`](#-puppetdb--ssl_protocols) * [`postgresql_ssl_on`](#-puppetdb--postgresql_ssl_on) +* [`postgresql_ssl_folder`](#-puppetdb--postgresql_ssl_folder) +* [`postgresql_ssl_cert_path`](#-puppetdb--postgresql_ssl_cert_path) +* [`postgresql_ssl_key_path`](#-puppetdb--postgresql_ssl_key_path) +* [`postgresql_ssl_ca_cert_path`](#-puppetdb--postgresql_ssl_ca_cert_path) * [`cipher_suites`](#-puppetdb--cipher_suites) * [`migrate`](#-puppetdb--migrate) * [`manage_dbserver`](#-puppetdb--manage_dbserver) * [`manage_database`](#-puppetdb--manage_database) +* [`manage_package_repo`](#-puppetdb--manage_package_repo) +* [`postgres_version`](#-puppetdb--postgres_version) * [`database_host`](#-puppetdb--database_host) * [`database_port`](#-puppetdb--database_port) * [`database_username`](#-puppetdb--database_username) @@ -85,11 +91,14 @@ The following parameters are available in the `puppetdb` class: * [`manage_db_password`](#-puppetdb--manage_db_password) * [`database_name`](#-puppetdb--database_name) * [`jdbc_ssl_properties`](#-puppetdb--jdbc_ssl_properties) +* [`database_listen_address`](#-puppetdb--database_listen_address) * [`database_validate`](#-puppetdb--database_validate) * [`node_ttl`](#-puppetdb--node_ttl) * [`node_purge_ttl`](#-puppetdb--node_purge_ttl) * [`report_ttl`](#-puppetdb--report_ttl) +* [`facts_blacklist`](#-puppetdb--facts_blacklist) * [`gc_interval`](#-puppetdb--gc_interval) +* [`node_purge_gc_batch_limit`](#-puppetdb--node_purge_gc_batch_limit) * [`log_slow_statements`](#-puppetdb--log_slow_statements) * [`conn_max_age`](#-puppetdb--conn_max_age) * [`conn_keep_alive`](#-puppetdb--conn_keep_alive) @@ -97,6 +106,9 @@ The following parameters are available in the `puppetdb` class: * [`puppetdb_package`](#-puppetdb--puppetdb_package) * [`puppetdb_service`](#-puppetdb--puppetdb_service) * [`puppetdb_service_status`](#-puppetdb--puppetdb_service_status) +* [`puppetdb_user`](#-puppetdb--puppetdb_user) +* [`puppetdb_group`](#-puppetdb--puppetdb_group) +* [`puppetdb_server`](#-puppetdb--puppetdb_server) * [`confdir`](#-puppetdb--confdir) * [`vardir`](#-puppetdb--vardir) * [`java_args`](#-puppetdb--java_args) @@ -107,6 +119,8 @@ The following parameters are available in the `puppetdb` class: * [`read_database_username`](#-puppetdb--read_database_username) * [`read_database_password`](#-puppetdb--read_database_password) * [`manage_read_db_password`](#-puppetdb--manage_read_db_password) +* [`read_database_jdbc_ssl_properties`](#-puppetdb--read_database_jdbc_ssl_properties) +* [`read_database_validate`](#-puppetdb--read_database_validate) * [`read_database_name`](#-puppetdb--read_database_name) * [`read_log_slow_statements`](#-puppetdb--read_log_slow_statements) * [`read_conn_max_age`](#-puppetdb--read_conn_max_age) @@ -115,6 +129,7 @@ The following parameters are available in the `puppetdb` class: * [`ssl_dir`](#-puppetdb--ssl_dir) * [`ssl_set_cert_paths`](#-puppetdb--ssl_set_cert_paths) * [`ssl_cert_path`](#-puppetdb--ssl_cert_path) +* [`ssl_key_pk8_path`](#-puppetdb--ssl_key_pk8_path) * [`ssl_key_path`](#-puppetdb--ssl_key_path) * [`ssl_ca_cert_path`](#-puppetdb--ssl_ca_cert_path) * [`ssl_deploy_certs`](#-puppetdb--ssl_deploy_certs) @@ -129,26 +144,11 @@ The following parameters are available in the `puppetdb` class: * [`disable_update_checking`](#-puppetdb--disable_update_checking) * [`certificate_whitelist_file`](#-puppetdb--certificate_whitelist_file) * [`certificate_whitelist`](#-puppetdb--certificate_whitelist) +* [`database_max_pool_size`](#-puppetdb--database_max_pool_size) +* [`read_database_max_pool_size`](#-puppetdb--read_database_max_pool_size) * [`automatic_dlo_cleanup`](#-puppetdb--automatic_dlo_cleanup) * [`cleanup_timer_interval`](#-puppetdb--cleanup_timer_interval) * [`dlo_max_age`](#-puppetdb--dlo_max_age) -* [`ssl_key_pk8_path`](#-puppetdb--ssl_key_pk8_path) -* [`postgresql_ssl_folder`](#-puppetdb--postgresql_ssl_folder) -* [`postgresql_ssl_cert_path`](#-puppetdb--postgresql_ssl_cert_path) -* [`postgresql_ssl_key_path`](#-puppetdb--postgresql_ssl_key_path) -* [`postgresql_ssl_ca_cert_path`](#-puppetdb--postgresql_ssl_ca_cert_path) -* [`manage_package_repo`](#-puppetdb--manage_package_repo) -* [`postgres_version`](#-puppetdb--postgres_version) -* [`database_listen_address`](#-puppetdb--database_listen_address) -* [`facts_blacklist`](#-puppetdb--facts_blacklist) -* [`node_purge_gc_batch_limit`](#-puppetdb--node_purge_gc_batch_limit) -* [`puppetdb_user`](#-puppetdb--puppetdb_user) -* [`puppetdb_group`](#-puppetdb--puppetdb_group) -* [`puppetdb_server`](#-puppetdb--puppetdb_server) -* [`read_database_jdbc_ssl_properties`](#-puppetdb--read_database_jdbc_ssl_properties) -* [`read_database_validate`](#-puppetdb--read_database_validate) -* [`database_max_pool_size`](#-puppetdb--database_max_pool_size) -* [`read_database_max_pool_size`](#-puppetdb--read_database_max_pool_size) * [`java_bin`](#-puppetdb--java_bin) ##### `listen_address` @@ -237,6 +237,38 @@ Defaults to `false`. Default value: `$puppetdb::params::postgresql_ssl_on` +##### `postgresql_ssl_folder` + +Data type: `Any` + +Path to the Postgresql SSL folder. + +Default value: `$puppetdb::params::postgresql_ssl_folder` + +##### `postgresql_ssl_cert_path` + +Data type: `Any` + +Path to the Postgresql SSL certificate. + +Default value: `$puppetdb::params::postgresql_ssl_cert_path` + +##### `postgresql_ssl_key_path` + +Data type: `Any` + +Path to the Postgresql SSL key. + +Default value: `$puppetdb::params::postgresql_ssl_key_path` + +##### `postgresql_ssl_ca_cert_path` + +Data type: `Any` + +Path to the Postgresql SSL CA. + +Default value: `$puppetdb::params::postgresql_ssl_ca_cert_path` + ##### `cipher_suites` Data type: `Any` @@ -270,6 +302,24 @@ If true, the PostgreSQL database will be managed by this module. Defaults to `tr Default value: `$puppetdb::params::manage_database` +##### `manage_package_repo` + +Data type: `Any` + +If `true`, the official postgresql.org repo will be added and postgres won't +be installed from the regular repository. Defaults to `true`. + +Default value: `$puppetdb::params::manage_pg_repo` + +##### `postgres_version` + +Data type: `Any` + +If the postgresql.org repo is installed, you can install several versions of +postgres. Defaults to `11` with PuppetDB version 7.0.0 or newer, and `9.6` in older versions. + +Default value: `$puppetdb::params::postgres_version` + ##### `database_host` Data type: `Any` @@ -331,6 +381,17 @@ parameter's value to `?ssl=true`. Default value: `$puppetdb::params::jdbc_ssl_properties` +##### `database_listen_address` + +Data type: `Any` + +A comma-separated list of hostnames or IP addresses on which the postgres +server should listen for incoming connections. This defaults to `localhost`. +This parameter maps directly to PostgreSQL's `listen_addresses` +config option. Use a `*` to allow connections on any accessible address. + +Default value: `$puppetdb::params::postgres_listen_addresses` + ##### `database_validate` Data type: `Any` @@ -370,6 +431,14 @@ The length of time reports should be stored before being deleted. (defaults to Default value: `$puppetdb::params::report_ttl` +##### `facts_blacklist` + +Data type: `Optional[Array]` + +A list of fact names to be ignored whenever submitted. + +Default value: `$puppetdb::params::facts_blacklist` + ##### `gc_interval` Data type: `Any` @@ -380,6 +449,14 @@ default is every 60 minutes. This option is supported in PuppetDB >= 0.9. Default value: `$puppetdb::params::gc_interval` +##### `node_purge_gc_batch_limit` + +Data type: `Any` + +Nodes will be purged in batches of this size, one batch per gc-interval. + +Default value: `$puppetdb::params::node_purge_gc_batch_limit` + ##### `log_slow_statements` Data type: `Any` @@ -456,6 +533,30 @@ service doesn't start on boot either. Valid values are `true`, `running`, Default value: `$puppetdb::params::puppetdb_service_status` +##### `puppetdb_user` + +Data type: `Any` + +Puppetdb service user + +Default value: `$puppetdb::params::puppetdb_user` + +##### `puppetdb_group` + +Data type: `Any` + +Puppetdb service group + +Default value: `$puppetdb::params::puppetdb_group` + +##### `puppetdb_server` + +Data type: `Any` + +Puppetdb server hostname or IP address. + +Default value: `$puppetdb::params::puppetdb_server` + ##### `confdir` Data type: `Any` @@ -560,6 +661,25 @@ Defaults to `true` Default value: `$puppetdb::params::manage_read_db_password` +##### `read_database_jdbc_ssl_properties` + +Data type: `Any` + +The text to append to the JDBC connection URI. This should begin with a '?' +character. For example, to use SSL for the PostgreSQL connection, set this +parameter's value to `?ssl=true`. + +Default value: `$puppetdb::params::read_database_jdbc_ssl_properties` + +##### `read_database_validate` + +Data type: `Any` + +If true, the module will attempt to connect to the database using the specified +settings and fail if it is not able to do so. Defaults to `true`. + +Default value: `$puppetdb::params::read_database_validate` + ##### `read_database_name` Data type: `Any` @@ -646,6 +766,15 @@ Path to your SSL certificate for populating `jetty.ini`. Default value: `$puppetdb::params::ssl_cert_path` +##### `ssl_key_pk8_path` + +Data type: `Any` + +Path to the SSL pk8 key for populating `jetty.ini`, will be generated from +the SSL key as needed automatically. + +Default value: `$puppetdb::params::ssl_key_pk8_path` + ##### `ssl_key_path` Data type: `Any` @@ -765,6 +894,24 @@ Array of the X.509 certificate Common Names of clients allowed to connect to Pup Default value: `$puppetdb::params::certificate_whitelist` +##### `database_max_pool_size` + +Data type: `Any` + +When the pool reaches this size, and no idle connections are available, attempts to get a connection will wait for connection-timeout milliseconds before timing out. +Note that PuppetDB will use one pool for writes and another for reads, so the total number of connections used will be twice this setting. + +Default value: `$puppetdb::params::database_max_pool_size` + +##### `read_database_max_pool_size` + +Data type: `Any` + +When the pool reaches this size, and no idle connections are available, attempts to get a connection will wait for connection-timeout milliseconds before timing out. +Note that PuppetDB will use one pool for writes and another for reads, so the total number of connections used will be twice this setting. + +Default value: `$puppetdb::params::read_database_max_pool_size` + ##### `automatic_dlo_cleanup` Data type: `Boolean` @@ -800,147 +947,11 @@ the DLO reports. The default value is 90 days. Default value: `$puppetdb::params::dlo_max_age` -##### `ssl_key_pk8_path` - -Data type: `Any` - - - -Default value: `$puppetdb::params::ssl_key_pk8_path` - -##### `postgresql_ssl_folder` - -Data type: `Any` - - - -Default value: `$puppetdb::params::postgresql_ssl_folder` - -##### `postgresql_ssl_cert_path` - -Data type: `Any` - - - -Default value: `$puppetdb::params::postgresql_ssl_cert_path` - -##### `postgresql_ssl_key_path` - -Data type: `Any` - - - -Default value: `$puppetdb::params::postgresql_ssl_key_path` - -##### `postgresql_ssl_ca_cert_path` - -Data type: `Any` - - - -Default value: `$puppetdb::params::postgresql_ssl_ca_cert_path` - -##### `manage_package_repo` - -Data type: `Any` - - - -Default value: `$puppetdb::params::manage_pg_repo` - -##### `postgres_version` - -Data type: `Any` - - - -Default value: `$puppetdb::params::postgres_version` - -##### `database_listen_address` - -Data type: `Any` - - - -Default value: `$puppetdb::params::postgres_listen_addresses` - -##### `facts_blacklist` - -Data type: `Optional[Array]` - - - -Default value: `$puppetdb::params::facts_blacklist` - -##### `node_purge_gc_batch_limit` - -Data type: `Any` - - - -Default value: `$puppetdb::params::node_purge_gc_batch_limit` - -##### `puppetdb_user` - -Data type: `Any` - - - -Default value: `$puppetdb::params::puppetdb_user` - -##### `puppetdb_group` - -Data type: `Any` - - - -Default value: `$puppetdb::params::puppetdb_group` - -##### `puppetdb_server` - -Data type: `Any` - - - -Default value: `$puppetdb::params::puppetdb_server` - -##### `read_database_jdbc_ssl_properties` - -Data type: `Any` - - - -Default value: `$puppetdb::params::read_database_jdbc_ssl_properties` - -##### `read_database_validate` - -Data type: `Any` - - - -Default value: `$puppetdb::params::read_database_validate` - -##### `database_max_pool_size` - -Data type: `Any` - - - -Default value: `$puppetdb::params::database_max_pool_size` - -##### `read_database_max_pool_size` - -Data type: `Any` - - - -Default value: `$puppetdb::params::read_database_max_pool_size` - ##### `java_bin` Data type: `Optional[Stdlib::Absolutepath]` - +java binary path for PuppetDB. If undef, default will be used. Default value: `$puppetdb::params::java_bin` diff --git a/manifests/init.pp b/manifests/init.pp index da0febad..2c27ac01 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -36,6 +36,18 @@ # If `true`, it configures SSL connections between PuppetDB and the PostgreSQL database. # Defaults to `false`. # +# @param postgresql_ssl_folder +# Path to the Postgresql SSL folder. +# +# @param postgresql_ssl_cert_path +# Path to the Postgresql SSL certificate. +# +# @param postgresql_ssl_key_path +# Path to the Postgresql SSL key. +# +# @param postgresql_ssl_ca_cert_path +# Path to the Postgresql SSL CA. +# # @param cipher_suites # Configure jetty's supported `cipher-suites` (e.g. `SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384`). # Defaults to `undef`. @@ -49,6 +61,14 @@ # @param manage_database # If true, the PostgreSQL database will be managed by this module. Defaults to `true`. # +# @param manage_package_repo +# If `true`, the official postgresql.org repo will be added and postgres won't +# be installed from the regular repository. Defaults to `true`. +# +# @param postgres_version +# If the postgresql.org repo is installed, you can install several versions of +# postgres. Defaults to `11` with PuppetDB version 7.0.0 or newer, and `9.6` in older versions. +# # @param database_host # Hostname to use for the database connection. For single case installations this # should be left as the default. Defaults to `localhost`. @@ -75,6 +95,12 @@ # character. For example, to use SSL for the PostgreSQL connection, set this # parameter's value to `?ssl=true`. # +# @param database_listen_address +# A comma-separated list of hostnames or IP addresses on which the postgres +# server should listen for incoming connections. This defaults to `localhost`. +# This parameter maps directly to PostgreSQL's `listen_addresses` +# config option. Use a `*` to allow connections on any accessible address. +# # @param database_validate # If true, the module will attempt to connect to the database using the specified # settings and fail if it is not able to do so. Defaults to `true`. @@ -94,11 +120,17 @@ # The length of time reports should be stored before being deleted. (defaults to # `14d`, which is a 14-day period). This option is supported in PuppetDB >= 1.1.0. # +# @param facts_blacklist +# A list of fact names to be ignored whenever submitted. +# # @param gc_interval # This controls how often (in minutes) to compact the database. The compaction # process reclaims space and deletes unnecessary rows. If not supplied, the # default is every 60 minutes. This option is supported in PuppetDB >= 0.9. # +# @param node_purge_gc_batch_limit +# Nodes will be purged in batches of this size, one batch per gc-interval. +# # @param log_slow_statements # This sets the number of seconds before an SQL query is considered "slow." Slow # SQL queries are logged as warnings, to assist in debugging and tuning. Note @@ -140,6 +172,15 @@ # service doesn't start on boot either. Valid values are `true`, `running`, # `false`, and `stopped`. # +# @param puppetdb_user +# Puppetdb service user +# +# @param puppetdb_group +# Puppetdb service group +# +# @param puppetdb_server +# Puppetdb server hostname or IP address. +# # @param confdir # The PuppetDB configuration directory. Defaults to `/etc/puppetdb/conf.d`. # @@ -194,6 +235,15 @@ # Set this to `false` if you want to set the password some other way. # Defaults to `true` # +# @param read_database_jdbc_ssl_properties +# The text to append to the JDBC connection URI. This should begin with a '?' +# character. For example, to use SSL for the PostgreSQL connection, set this +# parameter's value to `?ssl=true`. +# +# @param read_database_validate +# If true, the module will attempt to connect to the database using the specified +# settings and fail if it is not able to do so. Defaults to `true`. +# # @param read_database_name # The name of the read database instance to connect to. If `read_database_host` # is set to `undef`, and `manage_database` is set to `true`, it will use the value of @@ -240,6 +290,10 @@ # @param ssl_cert_path # Path to your SSL certificate for populating `jetty.ini`. # +# @param ssl_key_pk8_path +# Path to the SSL pk8 key for populating `jetty.ini`, will be generated from +# the SSL key as needed automatically. +# # @param ssl_key_path # Path to your SSL key for populating `jetty.ini`. # @@ -289,6 +343,14 @@ # @param certificate_whitelist # Array of the X.509 certificate Common Names of clients allowed to connect to PuppetDB. Defaults to empty. Be aware that this permits full access to all Puppet clients to download anything contained in PuppetDB, including the full catalogs of all nodes, which possibly contain sensitive information. Set to `[ $::servername ]` to allow access only from your (single) Puppet master, which is enough for normal operation. Set to a list of Puppet masters if you have multiple. # +# @param database_max_pool_size +# When the pool reaches this size, and no idle connections are available, attempts to get a connection will wait for connection-timeout milliseconds before timing out. +# Note that PuppetDB will use one pool for writes and another for reads, so the total number of connections used will be twice this setting. +# +# @param read_database_max_pool_size +# When the pool reaches this size, and no idle connections are available, attempts to get a connection will wait for connection-timeout milliseconds before timing out. +# Note that PuppetDB will use one pool for writes and another for reads, so the total number of connections used will be twice this setting. +# # @param automatic_dlo_cleanup # PuppetDB creates [Dead Letter Office](https://puppet.com/docs/puppetdb/5.2/maintain_and_tune.html#clean-up-the-dead-letter-office). # Those are reports of failed requests. They spill up the disk. This parameter is @@ -309,6 +371,9 @@ # This is a positive integer. It describes the amount of days you want to keep # the DLO reports. The default value is 90 days. # +# @param java_bin +# java binary path for PuppetDB. If undef, default will be used. +# class puppetdb ( $listen_address = $puppetdb::params::listen_address, $listen_port = $puppetdb::params::listen_port, From 1387f210d8b3f71f40aff57d3847b99666d7e87c Mon Sep 17 00:00:00 2001 From: Jeffrey Clark Date: Sat, 3 Feb 2024 21:44:08 -0600 Subject: [PATCH 47/97] add missing parameter documentation to master::config class --- REFERENCE.md | 22 +++++++++++----------- manifests/master/config.pp | 7 +++++-- 2 files changed, 16 insertions(+), 13 deletions(-) diff --git a/REFERENCE.md b/REFERENCE.md index 88baada7..ef38f18d 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -1184,8 +1184,8 @@ The following parameters are available in the `puppetdb::master::config` class: * [`terminus_package`](#-puppetdb--master--config--terminus_package) * [`puppet_service_name`](#-puppetdb--master--config--puppet_service_name) * [`puppetdb_startup_timeout`](#-puppetdb--master--config--puppetdb_startup_timeout) -* [`restart_puppet`](#-puppetdb--master--config--restart_puppet) * [`test_url`](#-puppetdb--master--config--test_url) +* [`restart_puppet`](#-puppetdb--master--config--restart_puppet) ##### `puppetdb_server` @@ -1321,7 +1321,7 @@ Default value: `true` Data type: `Any` -Puppet's config directory. Defaults to `/etc/puppet`. +Puppet's config directory. Defaults to `/etc/puppetlabs/puppet`. Default value: `$puppetdb::params::puppet_confdir` @@ -1329,7 +1329,7 @@ Default value: `$puppetdb::params::puppet_confdir` Data type: `Any` -Puppet's config file. Defaults to `/etc/puppet/puppet.conf`. +Puppet's config file. Defaults to `${puppet_confdir}/puppet.conf`. Default value: `$puppetdb::params::puppet_conf` @@ -1372,6 +1372,14 @@ seconds). Default value: `$puppetdb::params::puppetdb_startup_timeout` +##### `test_url` + +Data type: `Any` + +The URL to use for testing if the PuppetDB instance is running. + +Default value: `$puppetdb::params::test_url` + ##### `restart_puppet` Data type: `Any` @@ -1383,14 +1391,6 @@ files (other than `puppet.conf`). Default value: `true` -##### `test_url` - -Data type: `Any` - - - -Default value: `$puppetdb::params::test_url` - ### `puppetdb::server` manage the PuppetDB server diff --git a/manifests/master/config.pp b/manifests/master/config.pp index 4bb7493a..c63f693f 100644 --- a/manifests/master/config.pp +++ b/manifests/master/config.pp @@ -56,10 +56,10 @@ # or disabled (`false`) in the puppet.conf file. # # @param puppet_confdir -# Puppet's config directory. Defaults to `/etc/puppet`. +# Puppet's config directory. Defaults to `/etc/puppetlabs/puppet`. # # @param puppet_conf -# Puppet's config file. Defaults to `/etc/puppet/puppet.conf`. +# Puppet's config file. Defaults to `${puppet_confdir}/puppet.conf`. # # @param masterless # A boolean switch to enable or disable the masterless setup of PuppetDB. Defaults @@ -80,6 +80,9 @@ # This is most important during the initial install of PuppetDB (defaults to 15 # seconds). # +# @param test_url +# The URL to use for testing if the PuppetDB instance is running. +# # @param restart_puppet # If `true`, the module will restart the Puppet master when PuppetDB configuration # files are changed by the module. Defaults to `true`. If set to `false`, you From 74564f18070d312d94ec7b9d750d30397f71b6c3 Mon Sep 17 00:00:00 2001 From: Jeffrey Clark Date: Sat, 3 Feb 2024 21:45:26 -0600 Subject: [PATCH 48/97] add missing parameter documentation to database::postgresql class --- REFERENCE.md | 89 ++++++++++++++++---------------- manifests/database/postgresql.pp | 41 +++++++++++++-- 2 files changed, 82 insertions(+), 48 deletions(-) diff --git a/REFERENCE.md b/REFERENCE.md index ef38f18d..4518116a 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -964,19 +964,18 @@ create the PuppetDB postgresql database The following parameters are available in the `puppetdb::database::postgresql` class: * [`listen_addresses`](#-puppetdb--database--postgresql--listen_addresses) +* [`puppetdb_server`](#-puppetdb--database--postgresql--puppetdb_server) * [`database_name`](#-puppetdb--database--postgresql--database_name) * [`database_username`](#-puppetdb--database--postgresql--database_username) * [`database_password`](#-puppetdb--database--postgresql--database_password) +* [`database_port`](#-puppetdb--database--postgresql--database_port) +* [`manage_database`](#-puppetdb--database--postgresql--manage_database) * [`manage_server`](#-puppetdb--database--postgresql--manage_server) -* [`test_url`](#-puppetdb--database--postgresql--test_url) * [`manage_package_repo`](#-puppetdb--database--postgresql--manage_package_repo) * [`postgres_version`](#-puppetdb--database--postgresql--postgres_version) -* [`puppetdb_server`](#-puppetdb--database--postgresql--puppetdb_server) -* [`database_port`](#-puppetdb--database--postgresql--database_port) -* [`manage_database`](#-puppetdb--database--postgresql--manage_database) * [`postgresql_ssl_on`](#-puppetdb--database--postgresql--postgresql_ssl_on) -* [`postgresql_ssl_key_path`](#-puppetdb--database--postgresql--postgresql_ssl_key_path) * [`postgresql_ssl_cert_path`](#-puppetdb--database--postgresql--postgresql_ssl_cert_path) +* [`postgresql_ssl_key_path`](#-puppetdb--database--postgresql--postgresql_ssl_key_path) * [`postgresql_ssl_ca_cert_path`](#-puppetdb--database--postgresql--postgresql_ssl_ca_cert_path) * [`read_database_username`](#-puppetdb--database--postgresql--read_database_username) * [`read_database_password`](#-puppetdb--database--postgresql--read_database_password) @@ -993,6 +992,14 @@ config option. Use a `*` to allow connections on any accessible address. Default value: `$puppetdb::params::database_host` +##### `puppetdb_server` + +Data type: `Any` + +Hostname or IP address to configure for SSL rules. + +Default value: `$puppetdb::params::puppetdb_server` + ##### `database_name` Data type: `Any` @@ -1017,6 +1024,22 @@ Sets the password for the database user above. Defaults to `puppetdb`. Default value: `$puppetdb::params::database_password` +##### `database_port` + +Data type: `Any` + +The port that the database server listens on. Defaults to `5432`. + +Default value: `$puppetdb::params::database_port` + +##### `manage_database` + +Data type: `Any` + +If true, the PostgreSQL database will be managed by this module. Defaults to `true`. + +Default value: `$puppetdb::params::manage_database` + ##### `manage_server` Data type: `Any` @@ -1027,11 +1050,6 @@ to `true`. If set to `false`, this class will create the database and user via Default value: `$puppetdb::params::manage_dbserver` -##### `test_url` - -The URL to use for testing if the PuppetDB instance is running. Defaults to -`/pdb/meta/v1/version`. - ##### `manage_package_repo` Data type: `Any` @@ -1050,59 +1068,36 @@ postgres. Defaults to `11` with PuppetDB version 7.0.0 or newer, and `9.6` in ol Default value: `$puppetdb::params::postgres_version` -##### `puppetdb_server` - -Data type: `Any` - - - -Default value: `$puppetdb::params::puppetdb_server` - -##### `database_port` - -Data type: `Any` - - - -Default value: `$puppetdb::params::database_port` - -##### `manage_database` - -Data type: `Any` - - - -Default value: `$puppetdb::params::manage_database` - ##### `postgresql_ssl_on` Data type: `Any` - +If `true`, it configures SSL connections between PuppetDB and the PostgreSQL database. +Defaults to `false`. Default value: `$puppetdb::params::postgresql_ssl_on` -##### `postgresql_ssl_key_path` +##### `postgresql_ssl_cert_path` Data type: `Any` +Path to the Postgresql SSL certificate. +Default value: `$puppetdb::params::postgresql_ssl_cert_path` -Default value: `$puppetdb::params::postgresql_ssl_key_path` - -##### `postgresql_ssl_cert_path` +##### `postgresql_ssl_key_path` Data type: `Any` +Path to the Postgresql SSL key. - -Default value: `$puppetdb::params::postgresql_ssl_cert_path` +Default value: `$puppetdb::params::postgresql_ssl_key_path` ##### `postgresql_ssl_ca_cert_path` Data type: `Any` - +Path to the Postgresql SSL CA. Default value: `$puppetdb::params::postgresql_ssl_ca_cert_path` @@ -1110,7 +1105,8 @@ Default value: `$puppetdb::params::postgresql_ssl_ca_cert_path` Data type: `Any` - +The name of the read database user to connect as. Defaults to `puppetdb-read`. This +option is supported in PuppetDB >= 1.6. Default value: `$puppetdb::params::read_database_username` @@ -1118,7 +1114,8 @@ Default value: `$puppetdb::params::read_database_username` Data type: `Any` - +The password for the read database user. Defaults to `puppetdb-read`. This option is +supported in PuppetDB >= 1.6. Default value: `$puppetdb::params::read_database_password` @@ -1126,7 +1123,11 @@ Default value: `$puppetdb::params::read_database_password` Data type: `Any` +*This parameter must be set to use another PuppetDB instance for queries.* +The hostname or IP address of the read database server. If set to `undef`, and +`manage_database` is set to `true`, it will use the value of the `database_host` +parameter. This option is supported in PuppetDB >= 1.6. Default value: `$puppetdb::params::read_database_host` diff --git a/manifests/database/postgresql.pp b/manifests/database/postgresql.pp index 27dc38fe..e6c38b7b 100644 --- a/manifests/database/postgresql.pp +++ b/manifests/database/postgresql.pp @@ -6,6 +6,9 @@ # to `localhost`. This parameter maps directly to PostgreSQL's `listen_addresses` # config option. Use a `*` to allow connections on any accessible address. # +# @param puppetdb_server +# Hostname or IP address to configure for SSL rules. +# # @param database_name # Sets the name of the database. Defaults to `puppetdb`. # @@ -15,15 +18,17 @@ # @param database_password # Sets the password for the database user above. Defaults to `puppetdb`. # +# @param database_port +# The port that the database server listens on. Defaults to `5432`. +# +# @param manage_database +# If true, the PostgreSQL database will be managed by this module. Defaults to `true`. +# # @param manage_server # Conditionally manages the PostgreSQL server via `postgresql::server`. Defaults # to `true`. If set to `false`, this class will create the database and user via # `postgresql::server::db` but not attempt to install or manage the server itself. # -# @param test_url -# The URL to use for testing if the PuppetDB instance is running. Defaults to -# `/pdb/meta/v1/version`. -# # @param manage_package_repo # If `true`, the official postgresql.org repo will be added and postgres won't # be installed from the regular repository. Defaults to `true`. @@ -32,6 +37,34 @@ # If the postgresql.org repo is installed, you can install several versions of # postgres. Defaults to `11` with PuppetDB version 7.0.0 or newer, and `9.6` in older versions. # +# @param postgresql_ssl_on +# If `true`, it configures SSL connections between PuppetDB and the PostgreSQL database. +# Defaults to `false`. +# +# @param postgresql_ssl_cert_path +# Path to the Postgresql SSL certificate. +# +# @param postgresql_ssl_key_path +# Path to the Postgresql SSL key. +# +# @param postgresql_ssl_ca_cert_path +# Path to the Postgresql SSL CA. +# +# @param read_database_username +# The name of the read database user to connect as. Defaults to `puppetdb-read`. This +# option is supported in PuppetDB >= 1.6. +# +# @param read_database_password +# The password for the read database user. Defaults to `puppetdb-read`. This option is +# supported in PuppetDB >= 1.6. +# +# @param read_database_host +# *This parameter must be set to use another PuppetDB instance for queries.* +# +# The hostname or IP address of the read database server. If set to `undef`, and +# `manage_database` is set to `true`, it will use the value of the `database_host` +# parameter. This option is supported in PuppetDB >= 1.6. +# class puppetdb::database::postgresql ( $listen_addresses = $puppetdb::params::database_host, $puppetdb_server = $puppetdb::params::puppetdb_server, From 8b32c0f26696e2e1949e7c8ce76d0e37e8ae899d Mon Sep 17 00:00:00 2001 From: Jeffrey Clark Date: Sat, 3 Feb 2024 21:49:18 -0600 Subject: [PATCH 49/97] add missing parameter documentation to server class --- REFERENCE.md | 467 +++++++++++++++++++++++++++----------------- manifests/server.pp | 342 ++++++++++++++++++++++++++++++++ 2 files changed, 631 insertions(+), 178 deletions(-) diff --git a/REFERENCE.md b/REFERENCE.md index 4518116a..7a4dcb2f 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -1408,26 +1408,17 @@ The following parameters are available in the `puppetdb::server` class: * [`ssl_listen_port`](#-puppetdb--server--ssl_listen_port) * [`disable_ssl`](#-puppetdb--server--disable_ssl) * [`open_ssl_listen_port`](#-puppetdb--server--open_ssl_listen_port) -* [`ssl_dir`](#-puppetdb--server--ssl_dir) -* [`ssl_set_cert_paths`](#-puppetdb--server--ssl_set_cert_paths) -* [`ssl_cert_path`](#-puppetdb--server--ssl_cert_path) -* [`ssl_key_path`](#-puppetdb--server--ssl_key_path) -* [`ssl_key_pk8_path`](#-puppetdb--server--ssl_key_pk8_path) -* [`ssl_ca_cert_path`](#-puppetdb--server--ssl_ca_cert_path) -* [`ssl_deploy_certs`](#-puppetdb--server--ssl_deploy_certs) -* [`ssl_key`](#-puppetdb--server--ssl_key) -* [`ssl_cert`](#-puppetdb--server--ssl_cert) -* [`ssl_ca_cert`](#-puppetdb--server--ssl_ca_cert) * [`ssl_protocols`](#-puppetdb--server--ssl_protocols) * [`postgresql_ssl_on`](#-puppetdb--server--postgresql_ssl_on) * [`cipher_suites`](#-puppetdb--server--cipher_suites) * [`migrate`](#-puppetdb--server--migrate) +* [`manage_database`](#-puppetdb--server--manage_database) * [`database_host`](#-puppetdb--server--database_host) * [`database_port`](#-puppetdb--server--database_port) * [`database_username`](#-puppetdb--server--database_username) * [`database_password`](#-puppetdb--server--database_password) -* [`database_name`](#-puppetdb--server--database_name) * [`manage_db_password`](#-puppetdb--server--manage_db_password) +* [`database_name`](#-puppetdb--server--database_name) * [`jdbc_ssl_properties`](#-puppetdb--server--jdbc_ssl_properties) * [`database_validate`](#-puppetdb--server--database_validate) * [`node_ttl`](#-puppetdb--server--node_ttl) @@ -1445,25 +1436,34 @@ The following parameters are available in the `puppetdb::server` class: * [`puppetdb_service_status`](#-puppetdb--server--puppetdb_service_status) * [`puppetdb_user`](#-puppetdb--server--puppetdb_user) * [`puppetdb_group`](#-puppetdb--server--puppetdb_group) +* [`confdir`](#-puppetdb--server--confdir) +* [`vardir`](#-puppetdb--server--vardir) +* [`java_args`](#-puppetdb--server--java_args) +* [`merge_default_java_args`](#-puppetdb--server--merge_default_java_args) +* [`max_threads`](#-puppetdb--server--max_threads) * [`read_database_host`](#-puppetdb--server--read_database_host) * [`read_database_port`](#-puppetdb--server--read_database_port) * [`read_database_username`](#-puppetdb--server--read_database_username) * [`read_database_password`](#-puppetdb--server--read_database_password) -* [`read_database_name`](#-puppetdb--server--read_database_name) * [`manage_read_db_password`](#-puppetdb--server--manage_read_db_password) * [`read_database_jdbc_ssl_properties`](#-puppetdb--server--read_database_jdbc_ssl_properties) * [`read_database_validate`](#-puppetdb--server--read_database_validate) +* [`read_database_name`](#-puppetdb--server--read_database_name) * [`read_log_slow_statements`](#-puppetdb--server--read_log_slow_statements) * [`read_conn_max_age`](#-puppetdb--server--read_conn_max_age) * [`read_conn_keep_alive`](#-puppetdb--server--read_conn_keep_alive) * [`read_conn_lifetime`](#-puppetdb--server--read_conn_lifetime) -* [`confdir`](#-puppetdb--server--confdir) -* [`vardir`](#-puppetdb--server--vardir) +* [`ssl_dir`](#-puppetdb--server--ssl_dir) +* [`ssl_set_cert_paths`](#-puppetdb--server--ssl_set_cert_paths) +* [`ssl_cert_path`](#-puppetdb--server--ssl_cert_path) +* [`ssl_key_pk8_path`](#-puppetdb--server--ssl_key_pk8_path) +* [`ssl_key_path`](#-puppetdb--server--ssl_key_path) +* [`ssl_ca_cert_path`](#-puppetdb--server--ssl_ca_cert_path) +* [`ssl_deploy_certs`](#-puppetdb--server--ssl_deploy_certs) +* [`ssl_key`](#-puppetdb--server--ssl_key) +* [`ssl_cert`](#-puppetdb--server--ssl_cert) +* [`ssl_ca_cert`](#-puppetdb--server--ssl_ca_cert) * [`manage_firewall`](#-puppetdb--server--manage_firewall) -* [`manage_database`](#-puppetdb--server--manage_database) -* [`java_args`](#-puppetdb--server--java_args) -* [`merge_default_java_args`](#-puppetdb--server--merge_default_java_args) -* [`max_threads`](#-puppetdb--server--max_threads) * [`command_threads`](#-puppetdb--server--command_threads) * [`concurrent_writes`](#-puppetdb--server--concurrent_writes) * [`store_usage`](#-puppetdb--server--store_usage) @@ -1482,7 +1482,8 @@ The following parameters are available in the `puppetdb::server` class: Data type: `Any` - +The address that the web server should bind to for HTTP requests. Defaults to +`localhost`. Set to `0.0.0.0` to listen on all addresses. Default value: `$puppetdb::params::listen_address` @@ -1490,7 +1491,8 @@ Default value: `$puppetdb::params::listen_address` Data type: `Any` - +The port on which the puppetdb web server should accept HTTP requests. Defaults +to `8080`. Default value: `$puppetdb::params::listen_port` @@ -1498,7 +1500,7 @@ Default value: `$puppetdb::params::listen_port` Data type: `Any` - +If `true`, the puppetdb web server will only serve HTTPS and not HTTP requests (defaults to false). Default value: `$puppetdb::params::disable_cleartext` @@ -1506,7 +1508,7 @@ Default value: `$puppetdb::params::disable_cleartext` Data type: `Any` - +If `true`, open the `http_listen_port` on the firewall. Defaults to `false`. Default value: `$puppetdb::params::open_listen_port` @@ -1514,7 +1516,8 @@ Default value: `$puppetdb::params::open_listen_port` Data type: `Any` - +The address that the web server should bind to for HTTPS requests. Defaults to +`0.0.0.0` to listen on all addresses. Default value: `$puppetdb::params::ssl_listen_address` @@ -1522,7 +1525,8 @@ Default value: `$puppetdb::params::ssl_listen_address` Data type: `Any` - +The port on which the puppetdb web server should accept HTTPS requests. Defaults +to `8081`. Default value: `$puppetdb::params::ssl_listen_port` @@ -1530,7 +1534,8 @@ Default value: `$puppetdb::params::ssl_listen_port` Data type: `Any` - +If `true`, the puppetdb web server will only serve HTTP and not HTTPS requests. +Defaults to `false`. Default value: `$puppetdb::params::disable_ssl` @@ -1538,95 +1543,15 @@ Default value: `$puppetdb::params::disable_ssl` Data type: `Any` - +If true, open the `ssl_listen_port` on the firewall. Defaults to `undef`. Default value: `$puppetdb::params::open_ssl_listen_port` -##### `ssl_dir` - -Data type: `Stdlib::Absolutepath` - - - -Default value: `$puppetdb::params::ssl_dir` - -##### `ssl_set_cert_paths` - -Data type: `Boolean` - - - -Default value: `$puppetdb::params::ssl_set_cert_paths` - -##### `ssl_cert_path` - -Data type: `Stdlib::Absolutepath` - - - -Default value: `$puppetdb::params::ssl_cert_path` - -##### `ssl_key_path` - -Data type: `Stdlib::Absolutepath` - - - -Default value: `$puppetdb::params::ssl_key_path` - -##### `ssl_key_pk8_path` - -Data type: `Stdlib::Absolutepath` - - - -Default value: `$puppetdb::params::ssl_key_pk8_path` - -##### `ssl_ca_cert_path` - -Data type: `Stdlib::Absolutepath` - - - -Default value: `$puppetdb::params::ssl_ca_cert_path` - -##### `ssl_deploy_certs` - -Data type: `Boolean` - - - -Default value: `$puppetdb::params::ssl_deploy_certs` - -##### `ssl_key` - -Data type: `Any` - - - -Default value: `$puppetdb::params::ssl_key` - -##### `ssl_cert` - -Data type: `Any` - - - -Default value: `$puppetdb::params::ssl_cert` - -##### `ssl_ca_cert` - -Data type: `Any` - - - -Default value: `$puppetdb::params::ssl_ca_cert` - ##### `ssl_protocols` Data type: `Any` - +Specify the supported SSL protocols for PuppetDB (e.g. TLSv1, TLSv1.1, TLSv1.2.) Default value: `$puppetdb::params::ssl_protocols` @@ -1634,7 +1559,8 @@ Default value: `$puppetdb::params::ssl_protocols` Data type: `Any` - +If `true`, it configures SSL connections between PuppetDB and the PostgreSQL database. +Defaults to `false`. Default value: `$puppetdb::params::postgresql_ssl_on` @@ -1642,7 +1568,8 @@ Default value: `$puppetdb::params::postgresql_ssl_on` Data type: `Any` - +Configure jetty's supported `cipher-suites` (e.g. `SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384`). +Defaults to `undef`. Default value: `$puppetdb::params::cipher_suites` @@ -1650,15 +1577,24 @@ Default value: `$puppetdb::params::cipher_suites` Data type: `Any` - +If `true`, puppetdb will automatically migrate to the latest database format at startup. If `false`, if the database format supplied by this version of PuppetDB doesn't match the version expected (whether newer or older), PuppetDB will exit with an error status. Defaults to `true`. Default value: `$puppetdb::params::migrate` -##### `database_host` +##### `manage_database` Data type: `Any` +If true, the PostgreSQL database will be managed by this module. Defaults to `true`. + +Default value: `$puppetdb::params::manage_database` + +##### `database_host` +Data type: `Any` + +Hostname to use for the database connection. For single case installations this +should be left as the default. Defaults to `localhost`. Default value: `$puppetdb::params::database_host` @@ -1666,7 +1602,7 @@ Default value: `$puppetdb::params::database_host` Data type: `Any` - +The port that the database server listens on. Defaults to `5432`. Default value: `$puppetdb::params::database_port` @@ -1674,7 +1610,7 @@ Default value: `$puppetdb::params::database_port` Data type: `Any` - +The name of the database user to connect as. Defaults to `puppetdb`. Default value: `$puppetdb::params::database_username` @@ -1682,31 +1618,35 @@ Default value: `$puppetdb::params::database_username` Data type: `Any` - +The password for the database user. Defaults to `puppetdb`. Default value: `$puppetdb::params::database_password` -##### `database_name` +##### `manage_db_password` Data type: `Any` +Whether or not the database password in database.ini will be managed by this module. +Set this to `false` if you want to set the password some other way. +Defaults to `true` +Default value: `$puppetdb::params::manage_db_password` -Default value: `$puppetdb::params::database_name` - -##### `manage_db_password` +##### `database_name` Data type: `Any` +The name of the database instance to connect to. Defaults to `puppetdb`. - -Default value: `$puppetdb::params::manage_db_password` +Default value: `$puppetdb::params::database_name` ##### `jdbc_ssl_properties` Data type: `Any` - +The text to append to the JDBC connection URI. This should begin with a '?' +character. For example, to use SSL for the PostgreSQL connection, set this +parameter's value to `?ssl=true`. Default value: `$puppetdb::params::jdbc_ssl_properties` @@ -1714,7 +1654,8 @@ Default value: `$puppetdb::params::jdbc_ssl_properties` Data type: `Any` - +If true, the module will attempt to connect to the database using the specified +settings and fail if it is not able to do so. Defaults to `true`. Default value: `$puppetdb::params::database_validate` @@ -1722,7 +1663,10 @@ Default value: `$puppetdb::params::database_validate` Data type: `Any` - +The length of time a node can go without receiving any new data before it's +automatically deactivated. (defaults to '7d', which is a 7-day period. Set to +'0d' to disable auto-deactivation). This option is supported in PuppetDB >= +1.1.0. Default value: `$puppetdb::params::node_ttl` @@ -1730,7 +1674,9 @@ Default value: `$puppetdb::params::node_ttl` Data type: `Any` - +The length of time a node can be deactivated before it's deleted from the +database. (defaults to '14d', which is a 14-day period. Set to '0d' to disable +purging). This option is supported in PuppetDB >= 1.2.0. Default value: `$puppetdb::params::node_purge_ttl` @@ -1738,7 +1684,8 @@ Default value: `$puppetdb::params::node_purge_ttl` Data type: `Any` - +The length of time reports should be stored before being deleted. (defaults to +`14d`, which is a 14-day period). This option is supported in PuppetDB >= 1.1.0. Default value: `$puppetdb::params::report_ttl` @@ -1746,7 +1693,7 @@ Default value: `$puppetdb::params::report_ttl` Data type: `Optional[Array]` - +A list of fact names to be ignored whenever submitted. Default value: `$puppetdb::params::facts_blacklist` @@ -1754,7 +1701,9 @@ Default value: `$puppetdb::params::facts_blacklist` Data type: `Any` - +This controls how often (in minutes) to compact the database. The compaction +process reclaims space and deletes unnecessary rows. If not supplied, the +default is every 60 minutes. This option is supported in PuppetDB >= 0.9. Default value: `$puppetdb::params::gc_interval` @@ -1762,7 +1711,7 @@ Default value: `$puppetdb::params::gc_interval` Data type: `Any` - +Nodes will be purged in batches of this size, one batch per gc-interval. Default value: `$puppetdb::params::node_purge_gc_batch_limit` @@ -1770,7 +1719,13 @@ Default value: `$puppetdb::params::node_purge_gc_batch_limit` Data type: `Any` +This sets the number of seconds before an SQL query is considered "slow." Slow +SQL queries are logged as warnings, to assist in debugging and tuning. Note +PuppetDB does not interrupt slow queries; it simply reports them after they +complete. +The default value is `10` seconds. A value of 0 will disable logging of slow +queries. This option is supported in PuppetDB >= 1.1. Default value: `$puppetdb::params::log_slow_statements` @@ -1778,7 +1733,10 @@ Default value: `$puppetdb::params::log_slow_statements` Data type: `Any` +The maximum time (in minutes) for a pooled connection to remain unused before +it is closed off. +If not supplied, we default to `60` minutes. This option is supported in PuppetDB >= 1.1. Default value: `$puppetdb::params::conn_max_age` @@ -1786,7 +1744,11 @@ Default value: `$puppetdb::params::conn_max_age` Data type: `Any` +This sets the time (in minutes) for a connection to remain idle before sending +a test query to the DB. This is useful to prevent a DB from timing out +connections on its end. +If not supplied, we default to 45 minutes. This option is supported in PuppetDB >= 1.1. Default value: `$puppetdb::params::conn_keep_alive` @@ -1794,7 +1756,12 @@ Default value: `$puppetdb::params::conn_keep_alive` Data type: `Any` +The maximum time (in minutes) a pooled connection should remain open. Any +connections older than this setting will be closed off. Connections currently in +use will not be affected until they are returned to the pool. +If not supplied, we won't terminate connections based on their age alone. This +option is supported in PuppetDB >= 1.4. Default value: `$puppetdb::params::conn_lifetime` @@ -1802,7 +1769,7 @@ Default value: `$puppetdb::params::conn_lifetime` Data type: `Any` - +The PuppetDB package name in the package manager. Defaults to `present`. Default value: `$puppetdb::params::puppetdb_package` @@ -1810,7 +1777,7 @@ Default value: `$puppetdb::params::puppetdb_package` Data type: `Any` - +The name of the PuppetDB service. Defaults to `puppetdb`. Default value: `$puppetdb::params::puppetdb_service` @@ -1818,7 +1785,9 @@ Default value: `$puppetdb::params::puppetdb_service` Data type: `Any` - +Sets whether the service should be `running ` or `stopped`. When set to `stopped` the +service doesn't start on boot either. Valid values are `true`, `running`, +`false`, and `stopped`. Default value: `$puppetdb::params::puppetdb_service_status` @@ -1826,7 +1795,7 @@ Default value: `$puppetdb::params::puppetdb_service_status` Data type: `Any` - +Puppetdb service user Default value: `$puppetdb::params::puppetdb_user` @@ -1834,55 +1803,111 @@ Default value: `$puppetdb::params::puppetdb_user` Data type: `Any` - +Puppetdb service group Default value: `$puppetdb::params::puppetdb_group` -##### `read_database_host` +##### `confdir` Data type: `Any` +The PuppetDB configuration directory. Defaults to `/etc/puppetdb/conf.d`. +Default value: `$puppetdb::params::confdir` -Default value: `$puppetdb::params::read_database_host` +##### `vardir` -##### `read_database_port` +Data type: `Any` + +The parent directory for the MQ's data directory. + +Default value: `$puppetdb::params::vardir` + +##### `java_args` Data type: `Any` +Java VM options used for overriding default Java VM options specified in +PuppetDB package. Defaults to `{}`. See +[PuppetDB Configuration](https://puppet.com/docs/puppetdb/latest/configure.html) +to get more details about the current defaults. +For example, to set `-Xmx512m -Xms256m` options use: -Default value: `$puppetdb::params::read_database_port` + { + '-Xmx' => '512m', + '-Xms' => '256m', + } -##### `read_database_username` +Default value: `$puppetdb::params::java_args` + +##### `merge_default_java_args` Data type: `Any` +Sets whether the provided java args should be merged with the defaults, or +should override the defaults. This setting is necessary if any of the defaults +are to be removed. Defaults to true. If `false`, the `java_args` in the PuppetDB +init config file will reflect only what is passed via the `java_args` param. +Default value: `$puppetdb::params::merge_default_java_args` -Default value: `$puppetdb::params::read_database_username` +##### `max_threads` -##### `read_database_password` +Data type: `Any` + +Jetty option to explicitly set `max-threads`. Defaults to `undef`, so the +PuppetDB-Jetty default is used. + +Default value: `$puppetdb::params::max_threads` + +##### `read_database_host` Data type: `Any` +*This parameter must be set to use another PuppetDB instance for queries.* +The hostname or IP address of the read database server. If set to `undef`, and +`manage_database` is set to `true`, it will use the value of the `database_host` +parameter. This option is supported in PuppetDB >= 1.6. -Default value: `$puppetdb::params::read_database_password` +Default value: `$puppetdb::params::read_database_host` -##### `read_database_name` +##### `read_database_port` Data type: `Any` +The port that the read database server listens on. If `read_database_host` +is set to `undef`, and `manage_database` is set to `true`, it will use the value of +the `database_port` parameter. This option is supported in PuppetDB >= 1.6. +Default value: `$puppetdb::params::read_database_port` -Default value: `$puppetdb::params::read_database_name` +##### `read_database_username` -##### `manage_read_db_password` +Data type: `Any` + +The name of the read database user to connect as. Defaults to `puppetdb-read`. This +option is supported in PuppetDB >= 1.6. + +Default value: `$puppetdb::params::read_database_username` + +##### `read_database_password` Data type: `Any` +The password for the read database user. Defaults to `puppetdb-read`. This option is +supported in PuppetDB >= 1.6. +Default value: `$puppetdb::params::read_database_password` + +##### `manage_read_db_password` + +Data type: `Any` + +Whether or not the database password in read-database.ini will be managed by this module. +Set this to `false` if you want to set the password some other way. +Defaults to `true` Default value: `$puppetdb::params::manage_read_db_password` @@ -1890,7 +1915,9 @@ Default value: `$puppetdb::params::manage_read_db_password` Data type: `Any` - +The text to append to the JDBC connection URI. This should begin with a '?' +character. For example, to use SSL for the PostgreSQL connection, set this +parameter's value to `?ssl=true`. Default value: `$puppetdb::params::read_database_jdbc_ssl_properties` @@ -1898,15 +1925,32 @@ Default value: `$puppetdb::params::read_database_jdbc_ssl_properties` Data type: `Any` - +If true, the module will attempt to connect to the database using the specified +settings and fail if it is not able to do so. Defaults to `true`. Default value: `$puppetdb::params::read_database_validate` +##### `read_database_name` + +Data type: `Any` + +The name of the read database instance to connect to. If `read_database_host` +is set to `undef`, and `manage_database` is set to `true`, it will use the value of +the `database_name` parameter. This option is supported in PuppetDB >= 1.6. + +Default value: `$puppetdb::params::read_database_name` + ##### `read_log_slow_statements` Data type: `Any` +This sets the number of seconds before an SQL query to the read database is +considered "slow." Slow SQL queries are logged as warnings, to assist in +debugging and tuning. Note PuppetDB does not interrupt slow queries; it simply +reports them after they complete. +The default value is 10 seconds. A value of 0 will disable logging of slow +queries. This option is supported in PuppetDB >= 1.6. Default value: `$puppetdb::params::read_log_slow_statements` @@ -1914,7 +1958,10 @@ Default value: `$puppetdb::params::read_log_slow_statements` Data type: `Any` +The maximum time (in minutes) for a pooled read database connection to remain +unused before it is closed off. +If not supplied, we default to 60 minutes. This option is supported in PuppetDB >= 1.6. Default value: `$puppetdb::params::read_conn_max_age` @@ -1922,7 +1969,11 @@ Default value: `$puppetdb::params::read_conn_max_age` Data type: `Any` +This sets the time (in minutes) for a read database connection to remain idle +before sending a test query to the DB. This is useful to prevent a DB from +timing out connections on its end. +If not supplied, we default to 45 minutes. This option is supported in PuppetDB >= 1.6. Default value: `$puppetdb::params::read_conn_keep_alive` @@ -1930,71 +1981,114 @@ Default value: `$puppetdb::params::read_conn_keep_alive` Data type: `Any` +The maximum time (in minutes) a pooled read database connection should remain +open. Any connections older than this setting will be closed off. Connections +currently in use will not be affected until they are returned to the pool. +If not supplied, we won't terminate connections based on their age alone. This +option is supported in PuppetDB >= 1.6. Default value: `$puppetdb::params::read_conn_lifetime` -##### `confdir` +##### `ssl_dir` -Data type: `Any` +Data type: `Stdlib::Absolutepath` +Base directory for PuppetDB SSL configuration. Defaults to `/etc/puppetdb/ssl` +or `/etc/puppetlabs/puppetdb/ssl` for FOSS and PE respectively. +Default value: `$puppetdb::params::ssl_dir` -Default value: `$puppetdb::params::confdir` +##### `ssl_set_cert_paths` -##### `vardir` +Data type: `Boolean` -Data type: `Any` +A switch to enable or disable the management of SSL certificates in your +`jetty.ini` configuration file. +Default value: `$puppetdb::params::ssl_set_cert_paths` +##### `ssl_cert_path` -Default value: `$puppetdb::params::vardir` +Data type: `Stdlib::Absolutepath` -##### `manage_firewall` +Path to your SSL certificate for populating `jetty.ini`. -Data type: `Any` +Default value: `$puppetdb::params::ssl_cert_path` +##### `ssl_key_pk8_path` +Data type: `Stdlib::Absolutepath` -Default value: `$puppetdb::params::manage_firewall` +Path to the SSL pk8 key for populating `jetty.ini`, will be generated from +the SSL key as needed automatically. -##### `manage_database` +Default value: `$puppetdb::params::ssl_key_pk8_path` -Data type: `Any` +##### `ssl_key_path` + +Data type: `Stdlib::Absolutepath` +Path to your SSL key for populating `jetty.ini`. +Default value: `$puppetdb::params::ssl_key_path` -Default value: `$puppetdb::params::manage_database` +##### `ssl_ca_cert_path` -##### `java_args` +Data type: `Stdlib::Absolutepath` -Data type: `Any` +Path to your SSL CA for populating `jetty.ini`. +Default value: `$puppetdb::params::ssl_ca_cert_path` +##### `ssl_deploy_certs` -Default value: `$puppetdb::params::java_args` +Data type: `Boolean` -##### `merge_default_java_args` +A boolean switch to enable or disable the management of SSL keys in your +`ssl_dir`. Default is `false`. + +Default value: `$puppetdb::params::ssl_deploy_certs` + +##### `ssl_key` Data type: `Any` +Contents of your SSL key, as a string. + +Default value: `$puppetdb::params::ssl_key` +##### `ssl_cert` -Default value: `$puppetdb::params::merge_default_java_args` +Data type: `Any` -##### `max_threads` +Contents of your SSL certificate, as a string. + +Default value: `$puppetdb::params::ssl_cert` + +##### `ssl_ca_cert` Data type: `Any` +Contents of your SSL CA certificate, as a string. +Default value: `$puppetdb::params::ssl_ca_cert` -Default value: `$puppetdb::params::max_threads` +##### `manage_firewall` + +Data type: `Any` + +If `true`, puppet will manage your iptables rules for PuppetDB via the +[puppetlabs-firewall](https://forge.puppetlabs.com/puppetlabs/firewall) class. + +Default value: `$puppetdb::params::manage_firewall` ##### `command_threads` Data type: `Any` - +The number of command processing threads to use. Defaults to `undef`, using the +PuppetDB built-in default. Default value: `$puppetdb::params::command_threads` @@ -2002,7 +2096,8 @@ Default value: `$puppetdb::params::command_threads` Data type: `Any` - +The number of threads allowed to write to disk at any one time. Defaults to +`undef`, which uses the PuppetDB built-in default. Default value: `$puppetdb::params::concurrent_writes` @@ -2010,7 +2105,8 @@ Default value: `$puppetdb::params::concurrent_writes` Data type: `Any` - +The amount of disk space (in MB) to allow for persistent message storage. +Defaults to `undef`, using the PuppetDB built-in default. Default value: `$puppetdb::params::store_usage` @@ -2018,7 +2114,8 @@ Default value: `$puppetdb::params::store_usage` Data type: `Any` - +The amount of disk space (in MB) to allow for temporary message storage. +Defaults to `undef`, using the PuppetDB built-in default. Default value: `$puppetdb::params::temp_usage` @@ -2026,7 +2123,8 @@ Default value: `$puppetdb::params::temp_usage` Data type: `Any` - +Setting this to true disables checking for updated versions of PuppetDB and sending basic analytics data to Puppet. +Defaults to `undef`, using the PuppetDB built-in default. Default value: `$puppetdb::params::disable_update_checking` @@ -2034,7 +2132,7 @@ Default value: `$puppetdb::params::disable_update_checking` Data type: `Any` - +The name of the certificate whitelist file to set up and configure in PuppetDB. Defaults to `/etc/puppetdb/certificate-whitelist` or `/etc/puppetlabs/puppetdb/certificate-whitelist` for FOSS and PE respectively. Default value: `$puppetdb::params::certificate_whitelist_file` @@ -2042,7 +2140,7 @@ Default value: `$puppetdb::params::certificate_whitelist_file` Data type: `Any` - +Array of the X.509 certificate Common Names of clients allowed to connect to PuppetDB. Defaults to empty. Be aware that this permits full access to all Puppet clients to download anything contained in PuppetDB, including the full catalogs of all nodes, which possibly contain sensitive information. Set to `[ $::servername ]` to allow access only from your (single) Puppet master, which is enough for normal operation. Set to a list of Puppet masters if you have multiple. Default value: `$puppetdb::params::certificate_whitelist` @@ -2050,7 +2148,8 @@ Default value: `$puppetdb::params::certificate_whitelist` Data type: `Any` - +When the pool reaches this size, and no idle connections are available, attempts to get a connection will wait for connection-timeout milliseconds before timing out. +Note that PuppetDB will use one pool for writes and another for reads, so the total number of connections used will be twice this setting. Default value: `$puppetdb::params::database_max_pool_size` @@ -2058,7 +2157,8 @@ Default value: `$puppetdb::params::database_max_pool_size` Data type: `Any` - +When the pool reaches this size, and no idle connections are available, attempts to get a connection will wait for connection-timeout milliseconds before timing out. +Note that PuppetDB will use one pool for writes and another for reads, so the total number of connections used will be twice this setting. Default value: `$puppetdb::params::read_database_max_pool_size` @@ -2066,7 +2166,10 @@ Default value: `$puppetdb::params::read_database_max_pool_size` Data type: `Boolean` - +PuppetDB creates [Dead Letter Office](https://puppet.com/docs/puppetdb/5.2/maintain_and_tune.html#clean-up-the-dead-letter-office). +Those are reports of failed requests. They spill up the disk. This parameter is +a boolean and defaults to false. You can enable automatic cleanup of DLO +reports by setting this to true. Default value: `$puppetdb::params::automatic_dlo_cleanup` @@ -2074,7 +2177,14 @@ Default value: `$puppetdb::params::automatic_dlo_cleanup` Data type: `String[1]` - +The DLO cleanup is a systemd timer if systemd is available, otherwise a +cronjob. The variable configures the systemd.timer option [onCalender](https://www.freedesktop.org/software/systemd/man/systemd.timer.html#OnCalendar=). +It defaults to `*-*-* ${fqdn_rand(24)}:${fqdn_rand(60)}:00`. This will start +the cleanup service on a daily basis. The exact minute and hour is random +per node based on the [fqdn_rand](https://puppet.com/docs/puppet/5.5/function.html#fqdnrand) +method. On non-systemd systems, the cron runs daily and the `$puppetdb_user` needs +to be able to run cron jobs. On systemd systems you need the [camptocamp/systemd](https://forge.puppet.com/camptocamp/systemd) +module, which is an optional dependency and not automatically installed! Default value: `$puppetdb::params::cleanup_timer_interval` @@ -2082,7 +2192,8 @@ Default value: `$puppetdb::params::cleanup_timer_interval` Data type: `Integer[1]` - +This is a positive integer. It describes the amount of days you want to keep +the DLO reports. The default value is 90 days. Default value: `$puppetdb::params::dlo_max_age` @@ -2090,7 +2201,7 @@ Default value: `$puppetdb::params::dlo_max_age` Data type: `Optional[Stdlib::Absolutepath]` - +java binary path for PuppetDB. If undef, default will be used. Default value: `$puppetdb::params::java_bin` diff --git a/manifests/server.pp b/manifests/server.pp index 064f4e44..93429ad3 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -1,5 +1,347 @@ # manage the PuppetDB server # +# @param listen_address +# The address that the web server should bind to for HTTP requests. Defaults to +# `localhost`. Set to `0.0.0.0` to listen on all addresses. +# +# @param listen_port +# The port on which the puppetdb web server should accept HTTP requests. Defaults +# to `8080`. +# +# @param disable_cleartext +# If `true`, the puppetdb web server will only serve HTTPS and not HTTP requests (defaults to false). +# +# @param open_listen_port +# If `true`, open the `http_listen_port` on the firewall. Defaults to `false`. +# +# @param ssl_listen_address +# The address that the web server should bind to for HTTPS requests. Defaults to +# `0.0.0.0` to listen on all addresses. +# +# @param ssl_listen_port +# The port on which the puppetdb web server should accept HTTPS requests. Defaults +# to `8081`. +# +# @param disable_ssl +# If `true`, the puppetdb web server will only serve HTTP and not HTTPS requests. +# Defaults to `false`. +# +# @param open_ssl_listen_port +# If true, open the `ssl_listen_port` on the firewall. Defaults to `undef`. +# +# @param ssl_protocols +# Specify the supported SSL protocols for PuppetDB (e.g. TLSv1, TLSv1.1, TLSv1.2.) +# +# @param postgresql_ssl_on +# If `true`, it configures SSL connections between PuppetDB and the PostgreSQL database. +# Defaults to `false`. +# +# @param cipher_suites +# Configure jetty's supported `cipher-suites` (e.g. `SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384`). +# Defaults to `undef`. +# +# @param migrate +# If `true`, puppetdb will automatically migrate to the latest database format at startup. If `false`, if the database format supplied by this version of PuppetDB doesn't match the version expected (whether newer or older), PuppetDB will exit with an error status. Defaults to `true`. +# +# @param manage_database +# If true, the PostgreSQL database will be managed by this module. Defaults to `true`. +# +# @param database_host +# Hostname to use for the database connection. For single case installations this +# should be left as the default. Defaults to `localhost`. +# +# @param database_port +# The port that the database server listens on. Defaults to `5432`. +# +# @param database_username +# The name of the database user to connect as. Defaults to `puppetdb`. +# +# @param database_password +# The password for the database user. Defaults to `puppetdb`. +# +# @param manage_db_password +# Whether or not the database password in database.ini will be managed by this module. +# Set this to `false` if you want to set the password some other way. +# Defaults to `true` +# +# @param database_name +# The name of the database instance to connect to. Defaults to `puppetdb`. +# +# @param jdbc_ssl_properties +# The text to append to the JDBC connection URI. This should begin with a '?' +# character. For example, to use SSL for the PostgreSQL connection, set this +# parameter's value to `?ssl=true`. +# +# @param database_validate +# If true, the module will attempt to connect to the database using the specified +# settings and fail if it is not able to do so. Defaults to `true`. +# +# @param node_ttl +# The length of time a node can go without receiving any new data before it's +# automatically deactivated. (defaults to '7d', which is a 7-day period. Set to +# '0d' to disable auto-deactivation). This option is supported in PuppetDB >= +# 1.1.0. +# +# @param node_purge_ttl +# The length of time a node can be deactivated before it's deleted from the +# database. (defaults to '14d', which is a 14-day period. Set to '0d' to disable +# purging). This option is supported in PuppetDB >= 1.2.0. +# +# @param report_ttl +# The length of time reports should be stored before being deleted. (defaults to +# `14d`, which is a 14-day period). This option is supported in PuppetDB >= 1.1.0. +# +# @param facts_blacklist +# A list of fact names to be ignored whenever submitted. +# +# @param gc_interval +# This controls how often (in minutes) to compact the database. The compaction +# process reclaims space and deletes unnecessary rows. If not supplied, the +# default is every 60 minutes. This option is supported in PuppetDB >= 0.9. +# +# @param node_purge_gc_batch_limit +# Nodes will be purged in batches of this size, one batch per gc-interval. +# +# @param log_slow_statements +# This sets the number of seconds before an SQL query is considered "slow." Slow +# SQL queries are logged as warnings, to assist in debugging and tuning. Note +# PuppetDB does not interrupt slow queries; it simply reports them after they +# complete. +# +# The default value is `10` seconds. A value of 0 will disable logging of slow +# queries. This option is supported in PuppetDB >= 1.1. +# +# @param conn_max_age +# The maximum time (in minutes) for a pooled connection to remain unused before +# it is closed off. +# +# If not supplied, we default to `60` minutes. This option is supported in PuppetDB >= 1.1. +# +# @param conn_keep_alive +# This sets the time (in minutes) for a connection to remain idle before sending +# a test query to the DB. This is useful to prevent a DB from timing out +# connections on its end. +# +# If not supplied, we default to 45 minutes. This option is supported in PuppetDB >= 1.1. +# +# @param conn_lifetime +# The maximum time (in minutes) a pooled connection should remain open. Any +# connections older than this setting will be closed off. Connections currently in +# use will not be affected until they are returned to the pool. +# +# If not supplied, we won't terminate connections based on their age alone. This +# option is supported in PuppetDB >= 1.4. +# +# @param puppetdb_package +# The PuppetDB package name in the package manager. Defaults to `present`. +# +# @param puppetdb_service +# The name of the PuppetDB service. Defaults to `puppetdb`. +# +# @param puppetdb_service_status +# Sets whether the service should be `running ` or `stopped`. When set to `stopped` the +# service doesn't start on boot either. Valid values are `true`, `running`, +# `false`, and `stopped`. +# +# @param puppetdb_user +# Puppetdb service user +# +# @param puppetdb_group +# Puppetdb service group +# +# @param confdir +# The PuppetDB configuration directory. Defaults to `/etc/puppetdb/conf.d`. +# +# @param vardir +# The parent directory for the MQ's data directory. +# +# @param java_args +# Java VM options used for overriding default Java VM options specified in +# PuppetDB package. Defaults to `{}`. See +# [PuppetDB Configuration](https://puppet.com/docs/puppetdb/latest/configure.html) +# to get more details about the current defaults. +# +# For example, to set `-Xmx512m -Xms256m` options use: +# +# { +# '-Xmx' => '512m', +# '-Xms' => '256m', +# } +# +# @param merge_default_java_args +# Sets whether the provided java args should be merged with the defaults, or +# should override the defaults. This setting is necessary if any of the defaults +# are to be removed. Defaults to true. If `false`, the `java_args` in the PuppetDB +# init config file will reflect only what is passed via the `java_args` param. +# +# @param max_threads +# Jetty option to explicitly set `max-threads`. Defaults to `undef`, so the +# PuppetDB-Jetty default is used. +# +# @param read_database_host +# *This parameter must be set to use another PuppetDB instance for queries.* +# +# The hostname or IP address of the read database server. If set to `undef`, and +# `manage_database` is set to `true`, it will use the value of the `database_host` +# parameter. This option is supported in PuppetDB >= 1.6. +# +# @param read_database_port +# The port that the read database server listens on. If `read_database_host` +# is set to `undef`, and `manage_database` is set to `true`, it will use the value of +# the `database_port` parameter. This option is supported in PuppetDB >= 1.6. +# +# @param read_database_username +# The name of the read database user to connect as. Defaults to `puppetdb-read`. This +# option is supported in PuppetDB >= 1.6. +# +# @param read_database_password +# The password for the read database user. Defaults to `puppetdb-read`. This option is +# supported in PuppetDB >= 1.6. +# +# @param manage_read_db_password +# Whether or not the database password in read-database.ini will be managed by this module. +# Set this to `false` if you want to set the password some other way. +# Defaults to `true` +# +# @param read_database_jdbc_ssl_properties +# The text to append to the JDBC connection URI. This should begin with a '?' +# character. For example, to use SSL for the PostgreSQL connection, set this +# parameter's value to `?ssl=true`. +# +# @param read_database_validate +# If true, the module will attempt to connect to the database using the specified +# settings and fail if it is not able to do so. Defaults to `true`. +# +# @param read_database_name +# The name of the read database instance to connect to. If `read_database_host` +# is set to `undef`, and `manage_database` is set to `true`, it will use the value of +# the `database_name` parameter. This option is supported in PuppetDB >= 1.6. +# +# @param read_log_slow_statements +# This sets the number of seconds before an SQL query to the read database is +# considered "slow." Slow SQL queries are logged as warnings, to assist in +# debugging and tuning. Note PuppetDB does not interrupt slow queries; it simply +# reports them after they complete. +# +# The default value is 10 seconds. A value of 0 will disable logging of slow +# queries. This option is supported in PuppetDB >= 1.6. +# +# @param read_conn_max_age +# The maximum time (in minutes) for a pooled read database connection to remain +# unused before it is closed off. +# +# If not supplied, we default to 60 minutes. This option is supported in PuppetDB >= 1.6. +# +# @param read_conn_keep_alive +# This sets the time (in minutes) for a read database connection to remain idle +# before sending a test query to the DB. This is useful to prevent a DB from +# timing out connections on its end. +# +# If not supplied, we default to 45 minutes. This option is supported in PuppetDB >= 1.6. +# +# @param read_conn_lifetime +# The maximum time (in minutes) a pooled read database connection should remain +# open. Any connections older than this setting will be closed off. Connections +# currently in use will not be affected until they are returned to the pool. +# +# If not supplied, we won't terminate connections based on their age alone. This +# option is supported in PuppetDB >= 1.6. +# +# @param ssl_dir +# Base directory for PuppetDB SSL configuration. Defaults to `/etc/puppetdb/ssl` +# or `/etc/puppetlabs/puppetdb/ssl` for FOSS and PE respectively. +# +# @param ssl_set_cert_paths +# A switch to enable or disable the management of SSL certificates in your +# `jetty.ini` configuration file. +# +# @param ssl_cert_path +# Path to your SSL certificate for populating `jetty.ini`. +# +# @param ssl_key_pk8_path +# Path to the SSL pk8 key for populating `jetty.ini`, will be generated from +# the SSL key as needed automatically. +# +# @param ssl_key_path +# Path to your SSL key for populating `jetty.ini`. +# +# @param ssl_ca_cert_path +# Path to your SSL CA for populating `jetty.ini`. +# +# @param ssl_deploy_certs +# A boolean switch to enable or disable the management of SSL keys in your +# `ssl_dir`. Default is `false`. +# +# @param ssl_key +# Contents of your SSL key, as a string. +# +# @param ssl_cert +# Contents of your SSL certificate, as a string. +# +# @param ssl_ca_cert +# Contents of your SSL CA certificate, as a string. +# +# @param manage_firewall +# If `true`, puppet will manage your iptables rules for PuppetDB via the +# [puppetlabs-firewall](https://forge.puppetlabs.com/puppetlabs/firewall) class. +# +# @param command_threads +# The number of command processing threads to use. Defaults to `undef`, using the +# PuppetDB built-in default. +# +# @param concurrent_writes +# The number of threads allowed to write to disk at any one time. Defaults to +# `undef`, which uses the PuppetDB built-in default. +# +# @param store_usage +# The amount of disk space (in MB) to allow for persistent message storage. +# Defaults to `undef`, using the PuppetDB built-in default. +# +# @param temp_usage +# The amount of disk space (in MB) to allow for temporary message storage. +# Defaults to `undef`, using the PuppetDB built-in default. +# +# @param disable_update_checking +# Setting this to true disables checking for updated versions of PuppetDB and sending basic analytics data to Puppet. +# Defaults to `undef`, using the PuppetDB built-in default. +# +# @param certificate_whitelist_file +# The name of the certificate whitelist file to set up and configure in PuppetDB. Defaults to `/etc/puppetdb/certificate-whitelist` or `/etc/puppetlabs/puppetdb/certificate-whitelist` for FOSS and PE respectively. +# +# @param certificate_whitelist +# Array of the X.509 certificate Common Names of clients allowed to connect to PuppetDB. Defaults to empty. Be aware that this permits full access to all Puppet clients to download anything contained in PuppetDB, including the full catalogs of all nodes, which possibly contain sensitive information. Set to `[ $::servername ]` to allow access only from your (single) Puppet master, which is enough for normal operation. Set to a list of Puppet masters if you have multiple. +# +# @param database_max_pool_size +# When the pool reaches this size, and no idle connections are available, attempts to get a connection will wait for connection-timeout milliseconds before timing out. +# Note that PuppetDB will use one pool for writes and another for reads, so the total number of connections used will be twice this setting. +# +# @param read_database_max_pool_size +# When the pool reaches this size, and no idle connections are available, attempts to get a connection will wait for connection-timeout milliseconds before timing out. +# Note that PuppetDB will use one pool for writes and another for reads, so the total number of connections used will be twice this setting. +# +# @param automatic_dlo_cleanup +# PuppetDB creates [Dead Letter Office](https://puppet.com/docs/puppetdb/5.2/maintain_and_tune.html#clean-up-the-dead-letter-office). +# Those are reports of failed requests. They spill up the disk. This parameter is +# a boolean and defaults to false. You can enable automatic cleanup of DLO +# reports by setting this to true. +# +# @param cleanup_timer_interval +# The DLO cleanup is a systemd timer if systemd is available, otherwise a +# cronjob. The variable configures the systemd.timer option [onCalender](https://www.freedesktop.org/software/systemd/man/systemd.timer.html#OnCalendar=). +# It defaults to `*-*-* ${fqdn_rand(24)}:${fqdn_rand(60)}:00`. This will start +# the cleanup service on a daily basis. The exact minute and hour is random +# per node based on the [fqdn_rand](https://puppet.com/docs/puppet/5.5/function.html#fqdnrand) +# method. On non-systemd systems, the cron runs daily and the `$puppetdb_user` needs +# to be able to run cron jobs. On systemd systems you need the [camptocamp/systemd](https://forge.puppet.com/camptocamp/systemd) +# module, which is an optional dependency and not automatically installed! +# +# @param dlo_max_age +# This is a positive integer. It describes the amount of days you want to keep +# the DLO reports. The default value is 90 days. +# +# @param java_bin +# java binary path for PuppetDB. If undef, default will be used. +# class puppetdb::server ( $listen_address = $puppetdb::params::listen_address, $listen_port = $puppetdb::params::listen_port, From 9498d874ce93e3a8731a18395a2cdf34e922bbf3 Mon Sep 17 00:00:00 2001 From: Jeffrey Clark Date: Sat, 3 Feb 2024 21:54:11 -0600 Subject: [PATCH 50/97] add missing parameters to global class --- REFERENCE.md | 2 +- manifests/globals.pp | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/REFERENCE.md b/REFERENCE.md index 7a4dcb2f..3e3a75ce 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -1155,7 +1155,7 @@ Default value: `'present'` Data type: `Stdlib::Absolutepath` - +Puppet's config directory. Defaults to `/etc/puppetlabs/puppet`. Default value: `$settings::confdir` diff --git a/manifests/globals.pp b/manifests/globals.pp index e503d13d..c852f292 100644 --- a/manifests/globals.pp +++ b/manifests/globals.pp @@ -4,6 +4,9 @@ # The version of the `puppetdb` package that should be installed. You may specify # an explicit version number, 'present', or 'latest' (defaults to 'present'). # +# @param puppet_confdir +# Puppet's config directory. Defaults to `/etc/puppetlabs/puppet`. +# class puppetdb::globals ( $version = 'present', Stdlib::Absolutepath $puppet_confdir = $settings::confdir, From 78169f4ba0394c013ddaf3fb7ac7ceb6b4f2bc2a Mon Sep 17 00:00:00 2001 From: Jeffrey Clark Date: Sat, 3 Feb 2024 22:01:29 -0600 Subject: [PATCH 51/97] fix parameter documentation --- manifests/database/read_only_user.pp | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/manifests/database/read_only_user.pp b/manifests/database/read_only_user.pp index 457218a9..5fa23a6c 100644 --- a/manifests/database/read_only_user.pp +++ b/manifests/database/read_only_user.pp @@ -4,11 +4,14 @@ # the default access privileges so read-only access is maintained when # new objects are created by the $database_owner # -# @param database_read_only_username [String] The name of the postgres read only user. -# @param database [String] The name of the database to grant access to. -# @param database_owner [String] The user which owns the database (i.e. the migration user -# for the database). -# @param password_hash [String] The value of $_database_password in app_database. +# @param read_database_username +# The name of the postgres read only user. +# @param database_name +# The name of the database to grant access to. +# @param database_owner +# The user which owns the database (i.e. the migration user for the database). +# @param password_hash +# The value of $_database_password in app_database. # # @api private define puppetdb::database::read_only_user ( From fe396dcc6a6bce6d744c8dc9da7bc99e1c64389a Mon Sep 17 00:00:00 2001 From: Jeffrey Clark Date: Sun, 4 Feb 2024 10:41:39 -0600 Subject: [PATCH 52/97] add reference validation to ci --- .github/workflows/module_spec.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/module_spec.yml b/.github/workflows/module_spec.yml index c59bd19a..ca0ca25f 100644 --- a/.github/workflows/module_spec.yml +++ b/.github/workflows/module_spec.yml @@ -70,7 +70,7 @@ jobs: test- - name: "Run static & syntax tests" - run: bundle exec rake syntax lint metadata_lint check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop + run: bundle exec rake syntax lint metadata_lint check:symlinks check:git_ignore check:dot_underscore check:test_file strings:validate:reference rubocop - name: "Dependency check" run: | From a9b2fbbb45838c5101276356fd9d74daebb9765e Mon Sep 17 00:00:00 2001 From: Jeffrey Clark Date: Sun, 4 Feb 2024 12:47:47 -0600 Subject: [PATCH 53/97] add prefix to descriptions --- REFERENCE.md | 2 +- manifests/database/default_read_grant.pp | 2 +- manifests/database/postgresql.pp | 2 +- manifests/database/postgresql_ssl_rules.pp | 2 +- manifests/database/read_grant.pp | 2 +- manifests/database/read_only_user.pp | 3 ++- manifests/database/ssl_configuration.pp | 2 +- manifests/globals.pp | 2 +- manifests/init.pp | 2 +- manifests/master/config.pp | 2 +- manifests/master/puppetdb_conf.pp | 2 +- manifests/master/report_processor.pp | 2 +- manifests/master/routes.pp | 2 +- manifests/master/storeconfigs.pp | 3 +-- manifests/params.pp | 2 +- manifests/server.pp | 2 +- manifests/server/command_processing.pp | 2 +- manifests/server/database.pp | 2 +- manifests/server/firewall.pp | 2 +- manifests/server/global.pp | 2 +- manifests/server/jetty.pp | 2 +- manifests/server/puppetdb.pp | 2 +- manifests/server/read_database.pp | 2 +- manifests/server/validate_db.pp | 2 +- manifests/server/validate_read_db.pp | 2 +- 25 files changed, 26 insertions(+), 26 deletions(-) diff --git a/REFERENCE.md b/REFERENCE.md index 3e3a75ce..00329336 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -39,7 +39,7 @@ * `puppetdb::database::default_read_grant`: grant read permissions to $database_read_only_username by default, for new tables created by $database_username * `puppetdb::database::postgresql_ssl_rules`: manage the pg_ident.conf and pg_hba.conf files * `puppetdb::database::read_grant`: grant read-only permissions to $database_read_only_username for all objects in $schema of $database_name -* `puppetdb::database::read_only_user`: A define type to manage the creation of a read-only postgres users. In particular, it manages the necessary grants to enable such a user to h +* `puppetdb::database::read_only_user`: manage the creation of a read-only postgres users ### Resource types diff --git a/manifests/database/default_read_grant.pp b/manifests/database/default_read_grant.pp index 4a037d28..b0d52d57 100644 --- a/manifests/database/default_read_grant.pp +++ b/manifests/database/default_read_grant.pp @@ -1,4 +1,4 @@ -# grant read permissions to $database_read_only_username by default, for new tables created by $database_username +# @summary grant read permissions to $database_read_only_username by default, for new tables created by $database_username # # @api private define puppetdb::database::default_read_grant ( diff --git a/manifests/database/postgresql.pp b/manifests/database/postgresql.pp index e6c38b7b..cbab5acb 100644 --- a/manifests/database/postgresql.pp +++ b/manifests/database/postgresql.pp @@ -1,4 +1,4 @@ -# create the PuppetDB postgresql database +# @summary create the PuppetDB postgresql database # # @param listen_addresses # The `listen_address` is a comma-separated list of hostnames or IP addresses on diff --git a/manifests/database/postgresql_ssl_rules.pp b/manifests/database/postgresql_ssl_rules.pp index cf8d8bbd..4ed95b89 100644 --- a/manifests/database/postgresql_ssl_rules.pp +++ b/manifests/database/postgresql_ssl_rules.pp @@ -1,4 +1,4 @@ -# manage the pg_ident.conf and pg_hba.conf files +# @summary manage the pg_ident.conf and pg_hba.conf files # # @api private define puppetdb::database::postgresql_ssl_rules ( diff --git a/manifests/database/read_grant.pp b/manifests/database/read_grant.pp index 2c622af5..4284a25b 100644 --- a/manifests/database/read_grant.pp +++ b/manifests/database/read_grant.pp @@ -1,4 +1,4 @@ -# grant read-only permissions to $database_read_only_username for all objects in $schema of $database_name +# @summary grant read-only permissions to $database_read_only_username for all objects in $schema of $database_name # # @api private define puppetdb::database::read_grant ( diff --git a/manifests/database/read_only_user.pp b/manifests/database/read_only_user.pp index 5fa23a6c..294310ec 100644 --- a/manifests/database/read_only_user.pp +++ b/manifests/database/read_only_user.pp @@ -1,4 +1,5 @@ -# A define type to manage the creation of a read-only postgres users. +# @summary manage the creation of a read-only postgres users +# # In particular, it manages the necessary grants to enable such a user # to have read-only access to any existing objects as well as changes # the default access privileges so read-only access is maintained when diff --git a/manifests/database/ssl_configuration.pp b/manifests/database/ssl_configuration.pp index dc11281a..44aeb7c9 100644 --- a/manifests/database/ssl_configuration.pp +++ b/manifests/database/ssl_configuration.pp @@ -1,4 +1,4 @@ -# configure SSL for the PuppetDB postgresql database +# @summary configure SSL for the PuppetDB postgresql database # # @api private class puppetdb::database::ssl_configuration ( diff --git a/manifests/globals.pp b/manifests/globals.pp index c852f292..581b1673 100644 --- a/manifests/globals.pp +++ b/manifests/globals.pp @@ -1,4 +1,4 @@ -# global configuration class for PuppetDB +# @summary global configuration class for PuppetDB # # @param version # The version of the `puppetdb` package that should be installed. You may specify diff --git a/manifests/init.pp b/manifests/init.pp index 2c27ac01..10d55128 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,4 +1,4 @@ -# manage PuppetDB +# @summary manage PuppetDB # # @param listen_address # The address that the web server should bind to for HTTP requests. Defaults to diff --git a/manifests/master/config.pp b/manifests/master/config.pp index c63f693f..d29f83f4 100644 --- a/manifests/master/config.pp +++ b/manifests/master/config.pp @@ -1,4 +1,4 @@ -# manage the puppet configuration on the primary +# @summary manage the puppet configuration on the primary # # @param puppetdb_server # The dns name or ip of the PuppetDB server. Defaults to the hostname of the diff --git a/manifests/master/puppetdb_conf.pp b/manifests/master/puppetdb_conf.pp index d93452c3..999529e4 100644 --- a/manifests/master/puppetdb_conf.pp +++ b/manifests/master/puppetdb_conf.pp @@ -1,4 +1,4 @@ -# manage the puppetdb.conf file on the puppet primary +# @summary manage the puppetdb.conf file on the puppet primary # # @api private class puppetdb::master::puppetdb_conf ( diff --git a/manifests/master/report_processor.pp b/manifests/master/report_processor.pp index cd328f29..c715c109 100644 --- a/manifests/master/report_processor.pp +++ b/manifests/master/report_processor.pp @@ -1,4 +1,4 @@ -# manage the installation of the report processor on the primary +# @summary manage the installation of the report processor on the primary # # @api private class puppetdb::master::report_processor ( diff --git a/manifests/master/routes.pp b/manifests/master/routes.pp index 091f0ecb..4fd5eeb5 100644 --- a/manifests/master/routes.pp +++ b/manifests/master/routes.pp @@ -1,4 +1,4 @@ -# manages the routes configuration file on the master +# @summary manages the routes configuration file on the master # # @api private class puppetdb::master::routes ( diff --git a/manifests/master/storeconfigs.pp b/manifests/master/storeconfigs.pp index de0121c8..b22f24be 100644 --- a/manifests/master/storeconfigs.pp +++ b/manifests/master/storeconfigs.pp @@ -1,5 +1,4 @@ -# configure the puppet master to enable storeconfigs and to use puppetdb as -# the storeconfigs backend +# @summary configure the puppet master to enable storeconfigs and to use puppetdb as the storeconfigs backend # # @api private class puppetdb::master::storeconfigs ( diff --git a/manifests/params.pp b/manifests/params.pp index a90011a5..151e2251 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -1,4 +1,4 @@ -# default configuration settings +# @summary default configuration settings # # @api private class puppetdb::params inherits puppetdb::globals { diff --git a/manifests/server.pp b/manifests/server.pp index 93429ad3..ba9a510a 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -1,4 +1,4 @@ -# manage the PuppetDB server +# @summary manage the PuppetDB server # # @param listen_address # The address that the web server should bind to for HTTP requests. Defaults to diff --git a/manifests/server/command_processing.pp b/manifests/server/command_processing.pp index a70663db..9b4d0137 100644 --- a/manifests/server/command_processing.pp +++ b/manifests/server/command_processing.pp @@ -1,4 +1,4 @@ -# manage puppetdb config ini +# @summary manage puppetdb config ini # # @api private class puppetdb::server::command_processing ( diff --git a/manifests/server/database.pp b/manifests/server/database.pp index 49e268be..bdac088c 100644 --- a/manifests/server/database.pp +++ b/manifests/server/database.pp @@ -1,4 +1,4 @@ -# manage puppetdb database ini +# @summary manage puppetdb database ini # # @api private class puppetdb::server::database ( diff --git a/manifests/server/firewall.pp b/manifests/server/firewall.pp index 686d8b82..9ab95ca9 100644 --- a/manifests/server/firewall.pp +++ b/manifests/server/firewall.pp @@ -1,4 +1,4 @@ -# manage puppetdb firewall rules +# @summary manage puppetdb firewall rules # # @api private class puppetdb::server::firewall ( diff --git a/manifests/server/global.pp b/manifests/server/global.pp index 46853a85..9e7cb2ca 100644 --- a/manifests/server/global.pp +++ b/manifests/server/global.pp @@ -1,4 +1,4 @@ -# manage puppetdb global setting +# @summary manage puppetdb global setting # # @api private class puppetdb::server::global ( diff --git a/manifests/server/jetty.pp b/manifests/server/jetty.pp index 6b232163..1dca0670 100644 --- a/manifests/server/jetty.pp +++ b/manifests/server/jetty.pp @@ -1,4 +1,4 @@ -# configures puppetdb jetty ini +# @summary configures puppetdb jetty ini # # @api private class puppetdb::server::jetty ( diff --git a/manifests/server/puppetdb.pp b/manifests/server/puppetdb.pp index 0c1462d7..1057be19 100644 --- a/manifests/server/puppetdb.pp +++ b/manifests/server/puppetdb.pp @@ -1,4 +1,4 @@ -# manage puppetdb ini +# @summary manage puppetdb ini # # @api private class puppetdb::server::puppetdb ( diff --git a/manifests/server/read_database.pp b/manifests/server/read_database.pp index 291513c1..58e2f7a5 100644 --- a/manifests/server/read_database.pp +++ b/manifests/server/read_database.pp @@ -1,4 +1,4 @@ -# manage puppetdb read_database ini +# @summary manage puppetdb read_database ini # # @api private class puppetdb::server::read_database ( diff --git a/manifests/server/validate_db.pp b/manifests/server/validate_db.pp index 6e101b8f..d0609024 100644 --- a/manifests/server/validate_db.pp +++ b/manifests/server/validate_db.pp @@ -1,4 +1,4 @@ -# validates the database connection +# @summary validates the database connection # # @api private class puppetdb::server::validate_db ( diff --git a/manifests/server/validate_read_db.pp b/manifests/server/validate_read_db.pp index d3a7dcae..04c86d50 100644 --- a/manifests/server/validate_read_db.pp +++ b/manifests/server/validate_read_db.pp @@ -1,4 +1,4 @@ -# validates the read only database connection +# @summary validates the read only database connection # # @api private class puppetdb::server::validate_read_db ( From 290c3ba4d6462d8c9b31206d2c6773bcb84acc7c Mon Sep 17 00:00:00 2001 From: James Hunt Date: Thu, 11 Jan 2024 15:14:06 -0600 Subject: [PATCH 54/97] use the correct value for clientcert in pg_hba.conf for Postgresql 12 and up --- manifests/database/postgresql.pp | 3 +- manifests/database/postgresql_ssl_rules.pp | 10 ++++-- manifests/database/ssl_configuration.pp | 3 ++ .../database/ssl_configuration_spec.rb | 32 +++++++++++++++++++ 4 files changed, 45 insertions(+), 3 deletions(-) diff --git a/manifests/database/postgresql.pp b/manifests/database/postgresql.pp index cbab5acb..9df27b93 100644 --- a/manifests/database/postgresql.pp +++ b/manifests/database/postgresql.pp @@ -116,7 +116,8 @@ postgresql_ssl_key_path => $postgresql_ssl_key_path, postgresql_ssl_cert_path => $postgresql_ssl_cert_path, postgresql_ssl_ca_cert_path => $postgresql_ssl_ca_cert_path, - create_read_user_rule => $create_read_user_rule, + postgres_version => $postgres_version, + create_read_user_rule => $create_read_user_rule } } diff --git a/manifests/database/postgresql_ssl_rules.pp b/manifests/database/postgresql_ssl_rules.pp index 4ed95b89..6b1f55be 100644 --- a/manifests/database/postgresql_ssl_rules.pp +++ b/manifests/database/postgresql_ssl_rules.pp @@ -4,10 +4,16 @@ define puppetdb::database::postgresql_ssl_rules ( String $database_name, String $database_username, + String $postgres_version, String $puppetdb_server, ) { $identity_map_key = "${database_name}-${database_username}-map" + $clientcert_value = Float($postgres_version) >= 12.0 ? { + true => 'verify-full', + false => '1', + } + postgresql::server::pg_hba_rule { "Allow certificate mapped connections to ${database_name} as ${database_username} (ipv4)": type => 'hostssl', database => $database_name, @@ -15,7 +21,7 @@ address => '0.0.0.0/0', auth_method => 'cert', order => 0, - auth_option => "map=${identity_map_key} clientcert=1", + auth_option => "map=${identity_map_key} clientcert=${clientcert_value}", } postgresql::server::pg_hba_rule { "Allow certificate mapped connections to ${database_name} as ${database_username} (ipv6)": @@ -25,7 +31,7 @@ address => '::0/0', auth_method => 'cert', order => 0, - auth_option => "map=${identity_map_key} clientcert=1", + auth_option => "map=${identity_map_key} clientcert=${clientcert_value}", } postgresql::server::pg_ident_rule { "Map the SSL certificate of the server as a ${database_username} user": diff --git a/manifests/database/ssl_configuration.pp b/manifests/database/ssl_configuration.pp index 44aeb7c9..1e8e6c0b 100644 --- a/manifests/database/ssl_configuration.pp +++ b/manifests/database/ssl_configuration.pp @@ -10,6 +10,7 @@ $postgresql_ssl_key_path = $puppetdb::params::postgresql_ssl_key_path, $postgresql_ssl_cert_path = $puppetdb::params::postgresql_ssl_cert_path, $postgresql_ssl_ca_cert_path = $puppetdb::params::postgresql_ssl_ca_cert_path, + $postgres_version = $puppetdb::params::postgres_version, $create_read_user_rule = false, ) inherits puppetdb::params { File { @@ -56,6 +57,7 @@ puppetdb::database::postgresql_ssl_rules { "Configure postgresql ssl rules for ${database_username}": database_name => $database_name, database_username => $database_username, + postgres_version => $postgres_version, puppetdb_server => $puppetdb_server, } @@ -63,6 +65,7 @@ puppetdb::database::postgresql_ssl_rules { "Configure postgresql ssl rules for ${read_database_username}": database_name => $database_name, database_username => $read_database_username, + postgres_version => $postgres_version, puppetdb_server => $puppetdb_server, } } diff --git a/spec/unit/classes/database/ssl_configuration_spec.rb b/spec/unit/classes/database/ssl_configuration_spec.rb index 59702de9..f8dc1f39 100644 --- a/spec/unit/classes/database/ssl_configuration_spec.rb +++ b/spec/unit/classes/database/ssl_configuration_spec.rb @@ -110,5 +110,37 @@ end end end + + context 'when the specified Postgresql version is 12 or later' do + let(:params) do + { + database_name: 'puppetdb', + database_username: 'puppetdb', + postgres_version: '12' + } + end + + it 'has hba rule for puppetdb user ipv4' do + is_expected.to contain_postgresql__server__pg_hba_rule("Allow certificate mapped connections to #{params[:database_name]} as #{params[:database_username]} (ipv4)") + .with_type('hostssl') + .with_database(params[:database_name]) + .with_user(params[:database_username]) + .with_address('0.0.0.0/0') + .with_auth_method('cert') + .with_order(0) + .with_auth_option("map=#{identity_map} clientcert=verify-full") + end + + it 'has hba rule for puppetdb user ipv6' do + is_expected.to contain_postgresql__server__pg_hba_rule("Allow certificate mapped connections to #{params[:database_name]} as #{params[:database_username]} (ipv6)") + .with_type('hostssl') + .with_database(params[:database_name]) + .with_user(params[:database_username]) + .with_address('::0/0') + .with_auth_method('cert') + .with_order(0) + .with_auth_option("map=#{identity_map} clientcert=verify-full") + end + end end end From b1c4e7d4b18daa936372040eaa7d18524c577b0c Mon Sep 17 00:00:00 2001 From: James Hunt Date: Tue, 6 Feb 2024 09:24:48 -0600 Subject: [PATCH 55/97] fix lint and tests for clientcert value --- manifests/database/postgresql.pp | 2 +- .../database/postgresql_ssl_rules_spec.rb | 26 +++++++++++++++ spec/support/unit/shared/database.rb | 5 +-- .../database/ssl_configuration_spec.rb | 32 ------------------- 4 files changed, 30 insertions(+), 35 deletions(-) diff --git a/manifests/database/postgresql.pp b/manifests/database/postgresql.pp index 9df27b93..ca48b3b9 100644 --- a/manifests/database/postgresql.pp +++ b/manifests/database/postgresql.pp @@ -117,7 +117,7 @@ postgresql_ssl_cert_path => $postgresql_ssl_cert_path, postgresql_ssl_ca_cert_path => $postgresql_ssl_ca_cert_path, postgres_version => $postgres_version, - create_read_user_rule => $create_read_user_rule + create_read_user_rule => $create_read_user_rule, } } diff --git a/spec/defines/database/postgresql_ssl_rules_spec.rb b/spec/defines/database/postgresql_ssl_rules_spec.rb index cce2e0d3..852ca563 100644 --- a/spec/defines/database/postgresql_ssl_rules_spec.rb +++ b/spec/defines/database/postgresql_ssl_rules_spec.rb @@ -6,11 +6,28 @@ 'puppetdb-read': { database_name: 'puppetdb', database_username: 'monitor', + postgres_version: '11', puppetdb_server: 'localhost', }, 'monitor': { database_name: 'opensesame', database_username: 'grover', + postgres_version: '11', + puppetdb_server: 'rainbow', + }, +} + +valid_12plus = { + 'puppetdb-read': { + database_name: 'puppetdb', + database_username: 'monitor', + postgres_version: '12', + puppetdb_server: 'localhost', + }, + 'monitor': { + database_name: 'opensesame', + database_username: 'grover', + postgres_version: '12', puppetdb_server: 'rainbow', }, } @@ -34,6 +51,15 @@ end end + valid_12plus.each do |name, params| + context "for valid_12plus #{name}" do + include_examples 'puppetdb::database::postgresql_ssl_rules' do + let(:title) { name.to_s } + let(:params) { params } + end + end + end + invalid.each do |name, params| context "for invalid #{name}" do include_examples 'puppetdb::database::postgresql_ssl_rules', Puppet::Error do diff --git a/spec/support/unit/shared/database.rb b/spec/support/unit/shared/database.rb index dc667ea3..eaf605a2 100644 --- a/spec/support/unit/shared/database.rb +++ b/spec/support/unit/shared/database.rb @@ -227,6 +227,7 @@ it { is_expected.to raise_error(error) } else let(:identity_map_key) { "#{with[:database_name]}-#{with[:database_username]}-map" } + let(:client_cert) { (with[:postgres_version].to_f >= 12.0) ? 'verify-full' : '1' } it { is_expected.to contain_puppetdb__database__postgresql_ssl_rules(name).with(with) } @@ -239,7 +240,7 @@ address: '0.0.0.0/0', auth_method: 'cert', order: 0, - auth_option: "map=#{identity_map_key} clientcert=1", + auth_option: "map=#{identity_map_key} clientcert=#{client_cert}", ) } @@ -252,7 +253,7 @@ address: '::0/0', auth_method: 'cert', order: 0, - auth_option: "map=#{identity_map_key} clientcert=1", + auth_option: "map=#{identity_map_key} clientcert=#{client_cert}", ) } diff --git a/spec/unit/classes/database/ssl_configuration_spec.rb b/spec/unit/classes/database/ssl_configuration_spec.rb index f8dc1f39..59702de9 100644 --- a/spec/unit/classes/database/ssl_configuration_spec.rb +++ b/spec/unit/classes/database/ssl_configuration_spec.rb @@ -110,37 +110,5 @@ end end end - - context 'when the specified Postgresql version is 12 or later' do - let(:params) do - { - database_name: 'puppetdb', - database_username: 'puppetdb', - postgres_version: '12' - } - end - - it 'has hba rule for puppetdb user ipv4' do - is_expected.to contain_postgresql__server__pg_hba_rule("Allow certificate mapped connections to #{params[:database_name]} as #{params[:database_username]} (ipv4)") - .with_type('hostssl') - .with_database(params[:database_name]) - .with_user(params[:database_username]) - .with_address('0.0.0.0/0') - .with_auth_method('cert') - .with_order(0) - .with_auth_option("map=#{identity_map} clientcert=verify-full") - end - - it 'has hba rule for puppetdb user ipv6' do - is_expected.to contain_postgresql__server__pg_hba_rule("Allow certificate mapped connections to #{params[:database_name]} as #{params[:database_username]} (ipv6)") - .with_type('hostssl') - .with_database(params[:database_name]) - .with_user(params[:database_username]) - .with_address('::0/0') - .with_auth_method('cert') - .with_order(0) - .with_auth_option("map=#{identity_map} clientcert=verify-full") - end - end end end From 8cd78d04425229c8680ea36b10af05679cdb939b Mon Sep 17 00:00:00 2001 From: James Hunt Date: Fri, 9 Feb 2024 09:18:22 -0600 Subject: [PATCH 56/97] use stricter String[2,3] datatype for $postgres_version --- manifests/database/postgresql_ssl_rules.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/database/postgresql_ssl_rules.pp b/manifests/database/postgresql_ssl_rules.pp index 6b1f55be..bd1e61d2 100644 --- a/manifests/database/postgresql_ssl_rules.pp +++ b/manifests/database/postgresql_ssl_rules.pp @@ -4,7 +4,7 @@ define puppetdb::database::postgresql_ssl_rules ( String $database_name, String $database_username, - String $postgres_version, + String[2,3] $postgres_version, String $puppetdb_server, ) { $identity_map_key = "${database_name}-${database_username}-map" From f26d826df1767e367d207f90a73e19faa7d377b7 Mon Sep 17 00:00:00 2001 From: Jake Yip Date: Fri, 1 Sep 2023 21:34:55 +1000 Subject: [PATCH 57/97] Fix: Unterminated quoted string when creating read user MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit puppetdb in default config will create a read-only user, however there is a bug[1] with the syntax to set the default read grant. Fix it with help from comments[2]. [1] https://github.com/puppetlabs/puppetlabs-puppetdb/pull/330#issuecomment-935496488 [2] https://github.com/puppetlabs/puppetlabs-puppetdb/pull/339#issuecomment-1163552126 Co-authored-by: Romain Tartière Signed-off-by: Jake Yip --- manifests/database/default_read_grant.pp | 6 +++--- spec/support/unit/shared/database.rb | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/manifests/database/default_read_grant.pp b/manifests/database/default_read_grant.pp index b0d52d57..f11e40c5 100644 --- a/manifests/database/default_read_grant.pp +++ b/manifests/database/default_read_grant.pp @@ -20,7 +20,7 @@ acl.defaclacl FROM pg_default_acl acl JOIN pg_namespace ns ON acl.defaclnamespace=ns.oid - WHERE acl.defaclacl::text ~ '.*\\\\\"${database_read_only_username}\\\\\"=r/${database_username}\\\".*' + WHERE '@' || array_to_string(acl.defaclacl, '@') || '@' ~ '@(\"?)${database_read_only_username}\\1=r/(\"?)${database_username}\\2@' AND nspname = '${schema}'", } @@ -37,7 +37,7 @@ acl.defaclacl FROM pg_default_acl acl JOIN pg_namespace ns ON acl.defaclnamespace=ns.oid - WHERE acl.defaclacl::text ~ '.*\\\\\"${database_read_only_username}\\\\\"=U/${database_username}\\\".*' + WHERE '@' || array_to_string(acl.defaclacl, '@') || '@' ~ '@(\"?)${database_read_only_username}\\1=U/(\"?)${database_username}\\2@' AND nspname = '${schema}'", } @@ -54,7 +54,7 @@ acl.defaclacl FROM pg_default_acl acl JOIN pg_namespace ns ON acl.defaclnamespace=ns.oid - WHERE acl.defaclacl::text ~ '.*\\\\\"${database_read_only_username}\\\\\"=X/${database_username}\\\".*' + WHERE '@' || array_to_string(acl.defaclacl, '@') || '@' ~ '@(\"?)${database_read_only_username}\\1=X/(\"?)${database_username}\\2@' AND nspname = '${schema}'", } } diff --git a/spec/support/unit/shared/database.rb b/spec/support/unit/shared/database.rb index eaf605a2..5be30e9a 100644 --- a/spec/support/unit/shared/database.rb +++ b/spec/support/unit/shared/database.rb @@ -72,7 +72,7 @@ acl.defaclacl FROM pg_default_acl acl JOIN pg_namespace ns ON acl.defaclnamespace=ns.oid - WHERE acl.defaclacl::text ~ '.*\\\\\"#{with[:database_read_only_username]}\\\\\"=r/#{with[:database_username]}\\\".*' + WHERE '@' || array_to_string(acl.defaclacl, '@') || '@' ~ '@(\"?)#{with[:database_read_only_username]}\\1=r/(\"?)#{with[:database_username]}\\2@' AND nspname = 'public'", ) } @@ -92,7 +92,7 @@ acl.defaclacl FROM pg_default_acl acl JOIN pg_namespace ns ON acl.defaclnamespace=ns.oid - WHERE acl.defaclacl::text ~ '.*\\\\\"#{with[:database_read_only_username]}\\\\\"=U/#{with[:database_username]}\\\".*' + WHERE '@' || array_to_string(acl.defaclacl, '@') || '@' ~ '@(\"?)#{with[:database_read_only_username]}\\1=U/(\"?)#{with[:database_username]}\\2@' AND nspname = 'public'", ) } @@ -112,7 +112,7 @@ acl.defaclacl FROM pg_default_acl acl JOIN pg_namespace ns ON acl.defaclnamespace=ns.oid - WHERE acl.defaclacl::text ~ '.*\\\\\"#{with[:database_read_only_username]}\\\\\"=X/#{with[:database_username]}\\\".*' + WHERE '@' || array_to_string(acl.defaclacl, '@') || '@' ~ '@(\"?)#{with[:database_read_only_username]}\\1=X/(\"?)#{with[:database_username]}\\2@' AND nspname = 'public'", ) } From b76fe2cd6249db1ed163cc555b16e3a96febe55d Mon Sep 17 00:00:00 2001 From: david22swan Date: Wed, 13 Sep 2023 16:47:49 +0100 Subject: [PATCH 58/97] (INCOM) Update firewall manifests to use `jump` instead of `action` As part of the Firewall module rewrite the functionality of the `action` attribute has been rolled into the `jump` attribute, the two of them both managing the Firewall jump value. --- manifests/server/firewall.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/server/firewall.pp b/manifests/server/firewall.pp index 9ab95ca9..f5acf821 100644 --- a/manifests/server/firewall.pp +++ b/manifests/server/firewall.pp @@ -13,7 +13,7 @@ firewall { "${http_port} accept - puppetdb": dport => $http_port, proto => 'tcp', - action => 'accept', + jump => 'accept', } } @@ -21,7 +21,7 @@ firewall { "${ssl_port} accept - puppetdb": dport => $ssl_port, proto => 'tcp', - action => 'accept', + jump => 'accept', } } } From 7a4dcdfa4736a8df35677c204cf42e5dd9824017 Mon Sep 17 00:00:00 2001 From: david22swan Date: Wed, 13 Sep 2023 18:01:05 +0100 Subject: [PATCH 59/97] (BUGFIX) Fix alignment --- manifests/server/firewall.pp | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/manifests/server/firewall.pp b/manifests/server/firewall.pp index f5acf821..4330e053 100644 --- a/manifests/server/firewall.pp +++ b/manifests/server/firewall.pp @@ -11,17 +11,17 @@ if ($open_http_port) { firewall { "${http_port} accept - puppetdb": - dport => $http_port, - proto => 'tcp', - jump => 'accept', + dport => $http_port, + proto => 'tcp', + jump => 'accept', } } if ($open_ssl_port) { firewall { "${ssl_port} accept - puppetdb": - dport => $ssl_port, - proto => 'tcp', - jump => 'accept', + dport => $ssl_port, + proto => 'tcp', + jump => 'accept', } } } From 4e620a538db4e987fb031b5f122f94633459bdaf Mon Sep 17 00:00:00 2001 From: david22swan Date: Mon, 18 Sep 2023 09:06:09 +0100 Subject: [PATCH 60/97] (INCOM) Update Firewall compatible range to `v7.0.0` and above --- metadata.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/metadata.json b/metadata.json index 74f87905..5e11758c 100644 --- a/metadata.json +++ b/metadata.json @@ -18,7 +18,7 @@ }, { "name": "puppetlabs/firewall", - "version_requirement": ">= 1.1.3 < 7.0.0" + "version_requirement": ">= 7.0.0 < 8.0.0" }, { "name": "puppetlabs/stdlib", From cc5bf807e10548f8f4ca051c3c64f35e25222c70 Mon Sep 17 00:00:00 2001 From: david22swan Date: Wed, 14 Feb 2024 10:51:53 +0000 Subject: [PATCH 61/97] (MAINT) Remove Firewall pin in .fixtures.yml Removing pin to resolve errors in tests --- .fixtures.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.fixtures.yml b/.fixtures.yml index 3482bac5..4815848b 100644 --- a/.fixtures.yml +++ b/.fixtures.yml @@ -17,8 +17,6 @@ fixtures: postgresql: repo: 'https://github.com/puppetlabs/puppetlabs-postgresql.git' ref: 'v9.2.0' - firewall: - repo: 'https://github.com/puppetlabs/puppetlabs-firewall.git' - ref: 'v6.0.0' + firewall: 'https://github.com/puppetlabs/puppetlabs-firewall.git' symlinks: puppetdb: '#{source_dir}' From 15d386722a04b23a76c258149f7cb610adb8ae7d Mon Sep 17 00:00:00 2001 From: david22swan Date: Wed, 14 Feb 2024 11:34:34 +0000 Subject: [PATCH 62/97] (MAINT) Update tests to match expected values --- spec/support/unit/shared/server.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/spec/support/unit/shared/server.rb b/spec/support/unit/shared/server.rb index 5c03dd37..d15b4986 100644 --- a/spec/support/unit/shared/server.rb +++ b/spec/support/unit/shared/server.rb @@ -21,7 +21,7 @@ .with( dport: with[:http_port], proto: 'tcp', - action: 'accept', + jump: 'accept', ) } @@ -31,7 +31,7 @@ .with( dport: with[:ssl_port], proto: 'tcp', - action: 'accept', + jump: 'accept', ) } end From 3aaf17280d38a6dd02a45d5eb57e779971584756 Mon Sep 17 00:00:00 2001 From: Jeffrey Clark Date: Wed, 14 Feb 2024 23:00:17 -0600 Subject: [PATCH 63/97] (maint) add release workflows --- .github/workflows/release.yml | 9 +++++++++ .github/workflows/release_prep.yml | 15 +++++++++++++++ 2 files changed, 24 insertions(+) create mode 100644 .github/workflows/release.yml create mode 100644 .github/workflows/release_prep.yml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 00000000..5a45aa01 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,9 @@ +name: "Publish module" + +on: + workflow_dispatch: + +jobs: + release: + uses: "puppetlabs/cat-github-actions/.github/workflows/module_release.yml@main" + secrets: "inherit" diff --git a/.github/workflows/release_prep.yml b/.github/workflows/release_prep.yml new file mode 100644 index 00000000..bb0b7acc --- /dev/null +++ b/.github/workflows/release_prep.yml @@ -0,0 +1,15 @@ +name: "Release Prep" + +on: + workflow_dispatch: + inputs: + version: + description: "Module version to be released. Must be a valid semver string. (1.2.3)" + required: true + +jobs: + release_prep: + uses: "puppetlabs/cat-github-actions/.github/workflows/module_release_prep.yml@main" + with: + version: "${{ github.event.inputs.version }}" + secrets: "inherit" From 697d79a1936a34349b2a03806ac2082a6ae535f9 Mon Sep 17 00:00:00 2001 From: jonathannewman Date: Thu, 15 Feb 2024 09:22:34 -0800 Subject: [PATCH 64/97] (maint) unpin puppetlabs-postgresql, allow 10.x versions This removes the pin for the version of puppetlabs-postgresql in `.fixtures.yaml` and also updates the metadata to indicate that the current major version of `puppetlabs-postgresql` is supported. --- .fixtures.yml | 4 +--- metadata.json | 2 +- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/.fixtures.yml b/.fixtures.yml index 4815848b..2bc678a5 100644 --- a/.fixtures.yml +++ b/.fixtures.yml @@ -14,9 +14,7 @@ fixtures: augeas_core: 'https://github.com/puppetlabs/puppetlabs-augeas_core.git' postgresql: 'https://github.com/puppetlabs/puppetlabs-postgresql.git' firewall: 'https://github.com/puppetlabs/puppetlabs-firewall.git' - postgresql: - repo: 'https://github.com/puppetlabs/puppetlabs-postgresql.git' - ref: 'v9.2.0' + postgresql: 'https://github.com/puppetlabs/puppetlabs-postgresql.git' firewall: 'https://github.com/puppetlabs/puppetlabs-firewall.git' symlinks: puppetdb: '#{source_dir}' diff --git a/metadata.json b/metadata.json index 5e11758c..c4331077 100644 --- a/metadata.json +++ b/metadata.json @@ -14,7 +14,7 @@ }, { "name": "puppetlabs/postgresql", - "version_requirement": ">= 6.5.0 < 10.0.0" + "version_requirement": ">= 6.5.0 < 11.0.0" }, { "name": "puppetlabs/firewall", From 61a6abbd3b702b27de75245e50e75eeaeed06b0a Mon Sep 17 00:00:00 2001 From: jonathannewman Date: Thu, 15 Feb 2024 11:13:25 -0800 Subject: [PATCH 65/97] (maint) resolve test changes from updating postgresql module --- spec/acceptance/standalone_spec.rb | 3 +-- spec/support/acceptance/shared/puppetdb.rb | 12 ------------ spec/support/unit/shared/database.rb | 2 +- spec/unit/classes/database/postgresql_spec.rb | 2 +- 4 files changed, 3 insertions(+), 16 deletions(-) diff --git a/spec/acceptance/standalone_spec.rb b/spec/acceptance/standalone_spec.rb index 3c2a31f1..f1b4d25e 100644 --- a/spec/acceptance/standalone_spec.rb +++ b/spec/acceptance/standalone_spec.rb @@ -6,8 +6,7 @@ let(:puppetdb_params) {} let(:puppetdb_master_config_params) {} - # TODO: temporary work-around for EL installs - let(:postgres_version) { "(getvar('facts.os.family') == 'RedHat') ? { true => '12', default => undef }" } + let(:postgres_version) { 'undef' } # default let(:manage_firewall) { "(getvar('facts.os.family') == 'RedHat' and Integer(getvar('facts.os.release.major')) > 7)" } describe 'with defaults' do diff --git a/spec/support/acceptance/shared/puppetdb.rb b/spec/support/acceptance/shared/puppetdb.rb index 20fac66b..e269ea4c 100644 --- a/spec/support/acceptance/shared/puppetdb.rb +++ b/spec/support/acceptance/shared/puppetdb.rb @@ -3,19 +3,7 @@ shared_examples 'puppetdb' do let(:pp) do <<~PP - # FIXME: temporary work-around for EL installs if $facts['os']['family'] == 'RedHat' { - $gpg_key_file = $facts['os']['release']['major'] ? { - '7' => 'PGDG-RPM-GPG-KEY-RHEL7', - default => 'PGDG-RPM-GPG-KEY-RHEL', - } - file { "/etc/pki/rpm-gpg/${gpg_key_file}": - source => "https://download.postgresql.org/pub/repos/yum/keys/${gpg_key_file}", - } - -> Yumrepo <| tag == 'postgresql::repo' |> { - gpgkey => "file:///etc/pki/rpm-gpg/${gpg_key_file}", - } - # Work-around EL systemd in docker bug affecting forked services file_line { 'puppetdb-unit-remove-pidfile': path => '/lib/systemd/system/puppetdb.service', diff --git a/spec/support/unit/shared/database.rb b/spec/support/unit/shared/database.rb index 5be30e9a..23a77553 100644 --- a/spec/support/unit/shared/database.rb +++ b/spec/support/unit/shared/database.rb @@ -220,7 +220,7 @@ end shared_examples 'puppetdb::database::postgresql_ssl_rules' do |error| - let(:defaults) { {} } + let(:defaults) { { postgres_version: '14' } } let(:with) { defined?(args) ? defaults.merge(args) : defaults } if error diff --git a/spec/unit/classes/database/postgresql_spec.rb b/spec/unit/classes/database/postgresql_spec.rb index e1e4e104..1b89b258 100644 --- a/spec/unit/classes/database/postgresql_spec.rb +++ b/spec/unit/classes/database/postgresql_spec.rb @@ -94,7 +94,7 @@ { read_database_username: params[:read_database_username], database_name: params[:database_name], - password_hash: 'md588e898a4bade3fe1c9b96f650ec85900', # TODO: mock properly + password_hash: %r{^(md5|SCRAM)}, # TODO: mock properly database_owner: params[:database_username], } end From 22b3f1c0241878b179c69d0b21a30090c9131620 Mon Sep 17 00:00:00 2001 From: Jeffrey Clark Date: Thu, 15 Feb 2024 15:01:31 -0600 Subject: [PATCH 66/97] (maint) update postgresql connection validation --- manifests/server/validate_db.pp | 12 ++++++------ manifests/server/validate_read_db.pp | 12 ++++++------ spec/unit/classes/server/validate_db_spec.rb | 16 ++++++++-------- .../unit/classes/server/validate_read_db_spec.rb | 16 ++++++++-------- 4 files changed, 28 insertions(+), 28 deletions(-) diff --git a/manifests/server/validate_db.pp b/manifests/server/validate_db.pp index d0609024..b198d6ad 100644 --- a/manifests/server/validate_db.pp +++ b/manifests/server/validate_db.pp @@ -10,12 +10,12 @@ $jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties, ) inherits puppetdb::params { if ($database_password != undef and $jdbc_ssl_properties == false) { - postgresql::validate_db_connection { 'validate puppetdb postgres connection': - database_host => $database_host, - database_port => $database_port, - database_username => $database_username, - database_password => $database_password, - database_name => $database_name, + postgresql_conn_validator { 'validate puppetdb postgres connection': + host => $database_host, + port => $database_port, + db_username => $database_username, + db_password => $database_password, + db_name => $database_name, } } } diff --git a/manifests/server/validate_read_db.pp b/manifests/server/validate_read_db.pp index 04c86d50..99f79898 100644 --- a/manifests/server/validate_read_db.pp +++ b/manifests/server/validate_read_db.pp @@ -10,12 +10,12 @@ $jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties, ) inherits puppetdb::params { if ($database_password != undef and $jdbc_ssl_properties == false) { - postgresql::validate_db_connection { 'validate puppetdb postgres (read) connection': - database_host => $database_host, - database_port => $database_port, - database_username => $database_username, - database_password => $database_password, - database_name => $database_name, + postgresql_conn_validator { 'validate puppetdb postgres (read) connection': + host => $database_host, + port => $database_port, + db_username => $database_username, + db_password => $database_password, + db_name => $database_name, } } } diff --git a/spec/unit/classes/server/validate_db_spec.rb b/spec/unit/classes/server/validate_db_spec.rb index 8fbddddb..8ab6eeba 100644 --- a/spec/unit/classes/server/validate_db_spec.rb +++ b/spec/unit/classes/server/validate_db_spec.rb @@ -23,7 +23,7 @@ ) } - it { is_expected.not_to contain_postgresql__validate_db_connection('validate puppetdb postgres connection') } + it { is_expected.not_to contain_postgresql_conn_validateor('validate puppetdb postgres connection') } end context 'with parameter tests' do @@ -31,13 +31,13 @@ context 'with jdbc_ssl_properties set false' do it { - is_expected.to contain_postgresql__validate_db_connection('validate puppetdb postgres connection') + is_expected.to contain_postgresql_conn_validator('validate puppetdb postgres connection') .with( - database_host: 'localhost', - database_port: '5432', - database_username: 'puppetdb', - database_password: 'puppetdb', - database_name: 'puppetdb', + host: 'localhost', + port: '5432', + db_username: 'puppetdb', + db_password: 'puppetdb', + db_name: 'puppetdb', ) } end @@ -45,7 +45,7 @@ context 'without database password' do let(:params) { { database_password: nil } } - it { is_expected.not_to contain_postgresql__validate_db_connection('validate puppetdb postgres connection') } + it { is_expected.not_to contain_postgresql_conn_validator('validate puppetdb postgres connection') } end end end diff --git a/spec/unit/classes/server/validate_read_db_spec.rb b/spec/unit/classes/server/validate_read_db_spec.rb index 5bcb4430..0fa1541f 100644 --- a/spec/unit/classes/server/validate_read_db_spec.rb +++ b/spec/unit/classes/server/validate_read_db_spec.rb @@ -23,7 +23,7 @@ ) } - it { is_expected.not_to contain_postgresql__validate_db_connection('validate puppetdb postgres (read) connection') } + it { is_expected.not_to contain_postgresql_conn_validator('validate puppetdb postgres (read) connection') } end context 'with parameter tests' do @@ -31,13 +31,13 @@ context 'with jdbc_ssl_properties set false' do it { - is_expected.to contain_postgresql__validate_db_connection('validate puppetdb postgres (read) connection') + is_expected.to contain_postgresql_conn_validator('validate puppetdb postgres (read) connection') .with( - database_host: 'localhost', - database_port: '5432', - database_username: 'puppetdb', - database_password: 'puppetdb', - database_name: 'puppetdb', + host: 'localhost', + port: '5432', + db_username: 'puppetdb', + db_password: 'puppetdb', + db_name: 'puppetdb', ) } end @@ -45,7 +45,7 @@ context 'without database password' do let(:params) { { database_password: nil } } - it { is_expected.not_to contain_postgresql__validate_db_connection('validate puppetdb postgres (read) connection') } + it { is_expected.not_to contain_postgresql_conn_validator('validate puppetdb postgres (read) connection') } end end end From 321d81de008da8d814efeaeae8cb2156d6f1117d Mon Sep 17 00:00:00 2001 From: Jeffrey Clark Date: Thu, 15 Feb 2024 18:52:03 -0600 Subject: [PATCH 67/97] (maint) add puppetdb_query test --- spec/support/acceptance/shared/puppetdb.rb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/spec/support/acceptance/shared/puppetdb.rb b/spec/support/acceptance/shared/puppetdb.rb index e269ea4c..fd78af4f 100644 --- a/spec/support/acceptance/shared/puppetdb.rb +++ b/spec/support/acceptance/shared/puppetdb.rb @@ -45,4 +45,8 @@ class { 'puppetdb': it 'applies idempotently' do idempotent_apply(pp, debug: ENV.key?('DEBUG')) end + + it 'agent can puppetdb_query' do + apply_manifest("$envs = puppetdb_query('environments[name]{}')", expect_failures: false, debug: ENV.key?('DEBUG')) + end end From 011188762c55fdb99211a85a8db612ca8ac76e32 Mon Sep 17 00:00:00 2001 From: Jeffrey Clark Date: Thu, 15 Feb 2024 19:23:46 -0600 Subject: [PATCH 68/97] fix alternate database port support --- manifests/database/default_read_grant.pp | 4 ++++ manifests/database/postgresql.pp | 10 +++++++++- manifests/database/read_grant.pp | 4 ++++ manifests/database/read_only_user.pp | 5 +++++ spec/acceptance/standalone_spec.rb | 19 +++++++++++++++++++ .../database/default_read_grant_spec.rb | 17 ++++++++++------- spec/defines/database/read_grant_spec.rb | 14 +++++++++----- spec/defines/database/read_only_user_spec.rb | 15 +++++++++------ spec/unit/classes/database/postgresql_spec.rb | 6 ++++++ 9 files changed, 75 insertions(+), 19 deletions(-) diff --git a/manifests/database/default_read_grant.pp b/manifests/database/default_read_grant.pp index f11e40c5..5c5fcb84 100644 --- a/manifests/database/default_read_grant.pp +++ b/manifests/database/default_read_grant.pp @@ -6,9 +6,11 @@ String $schema, String $database_username, String $database_read_only_username, + Optional[Stdlib::Port] $database_port = undef, ) { postgresql_psql { "grant default select permission for ${database_read_only_username}": db => $database_name, + port => $database_port, command => "ALTER DEFAULT PRIVILEGES FOR USER \"${database_username}\" IN SCHEMA \"${schema}\" @@ -26,6 +28,7 @@ postgresql_psql { "grant default usage permission for ${database_read_only_username}": db => $database_name, + port => $database_port, command => "ALTER DEFAULT PRIVILEGES FOR USER \"${database_username}\" IN SCHEMA \"${schema}\" @@ -43,6 +46,7 @@ postgresql_psql { "grant default execute permission for ${database_read_only_username}": db => $database_name, + port => $database_port, command => "ALTER DEFAULT PRIVILEGES FOR USER \"${database_username}\" IN SCHEMA \"${schema}\" diff --git a/manifests/database/postgresql.pp b/manifests/database/postgresql.pp index ca48b3b9..f9817081 100644 --- a/manifests/database/postgresql.pp +++ b/manifests/database/postgresql.pp @@ -84,6 +84,8 @@ $read_database_password = $puppetdb::params::read_database_password, $read_database_host = $puppetdb::params::read_database_host ) inherits puppetdb::params { + $port = scanf($database_port, '%i')[0] + if $manage_server { class { 'postgresql::globals': manage_package_repo => $manage_package_repo, @@ -93,7 +95,7 @@ class { 'postgresql::server': ip_mask_allow_all_users => '0.0.0.0/0', listen_addresses => $listen_addresses, - port => scanf($database_port, '%i')[0], + port => $port, } # We need to create the ssl connection for the read user, when @@ -129,6 +131,7 @@ postgresql::server::extension { 'pg_trgm': database => $database_name, require => Postgresql::Server::Db[$database_name], + port => $port, } } } @@ -139,10 +142,12 @@ user => $database_username, password => $database_password, grant => 'all', + port => $port, } -> postgresql_psql { 'revoke all access on public schema': db => $database_name, + port => $port, command => 'REVOKE CREATE ON SCHEMA public FROM public', unless => "SELECT * FROM (SELECT has_schema_privilege('public', 'public', 'create') can_create) privs @@ -151,6 +156,7 @@ -> postgresql_psql { "grant all permissions to ${database_username}": db => $database_name, + port => $port, command => "GRANT CREATE ON SCHEMA public TO \"${database_username}\"", unless => "SELECT * FROM (SELECT has_schema_privilege('${database_username}', 'public', 'create') can_create) privs @@ -162,10 +168,12 @@ database_name => $database_name, password_hash => postgresql::postgresql_password($read_database_username, $read_database_password), database_owner => $database_username, + database_port => $port, } -> postgresql_psql { "grant ${read_database_username} role to ${database_username}": db => $database_name, + port => $port, command => "GRANT \"${read_database_username}\" TO \"${database_username}\"", unless => "SELECT oid, rolname FROM pg_roles WHERE pg_has_role( '${database_username}', oid, 'member') and rolname = '${read_database_username}'"; diff --git a/manifests/database/read_grant.pp b/manifests/database/read_grant.pp index 4284a25b..e81ce8fc 100644 --- a/manifests/database/read_grant.pp +++ b/manifests/database/read_grant.pp @@ -5,9 +5,11 @@ String $database_name, String $schema, String $database_read_only_username, + Optional[Stdlib::Port] $database_port = undef, ) { postgresql_psql { "grant select permission for ${database_read_only_username}": db => $database_name, + port => $database_port, command => "GRANT SELECT ON ALL TABLES IN SCHEMA \"${schema}\" TO \"${database_read_only_username}\"", @@ -22,6 +24,7 @@ postgresql_psql { "grant usage permission for ${database_read_only_username}": db => $database_name, + port => $database_port, command => "GRANT USAGE ON ALL SEQUENCES IN SCHEMA \"${schema}\" TO \"${database_read_only_username}\"", @@ -36,6 +39,7 @@ postgresql_psql { "grant execution permission for ${database_read_only_username}": db => $database_name, + port => $database_port, command => "GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA \"${schema}\" TO \"${database_read_only_username}\"", diff --git a/manifests/database/read_only_user.pp b/manifests/database/read_only_user.pp index 294310ec..e4507ca3 100644 --- a/manifests/database/read_only_user.pp +++ b/manifests/database/read_only_user.pp @@ -20,15 +20,18 @@ String $database_name, String $database_owner, Variant[String, Boolean] $password_hash = false, + Optional[Stdlib::Port] $database_port = undef, ) { postgresql::server::role { $read_database_username: password_hash => $password_hash, + port => $database_port, } -> postgresql::server::database_grant { "${database_name} grant connection permission to ${read_database_username}": privilege => 'CONNECT', db => $database_name, role => $read_database_username, + port => $database_port, } -> puppetdb::database::default_read_grant { @@ -36,6 +39,7 @@ database_username => $database_owner, database_read_only_username => $read_database_username, database_name => $database_name, + database_port => $database_port, schema => 'public', } @@ -43,6 +47,7 @@ "${database_name} grant read-only permission on existing objects to ${read_database_username}": database_read_only_username => $read_database_username, database_name => $database_name, + database_port => $database_port, schema => 'public', } } diff --git a/spec/acceptance/standalone_spec.rb b/spec/acceptance/standalone_spec.rb index f1b4d25e..72db2565 100644 --- a/spec/acceptance/standalone_spec.rb +++ b/spec/acceptance/standalone_spec.rb @@ -105,4 +105,23 @@ it { is_expected.to be_running } end end + + describe 'supports changing database port', :change do + let(:puppetdb_params) do + <<~EOS + database_port => '5433', + read_database_port => '5433', + EOS + end + + it_behaves_like 'puppetdb' + + describe port(5433), :status do + it { is_expected.to be_listening } + end + + describe service('puppetdb') do + it { is_expected.to be_running } + end + end end diff --git a/spec/defines/database/default_read_grant_spec.rb b/spec/defines/database/default_read_grant_spec.rb index 8a8ee4a6..95393df8 100644 --- a/spec/defines/database/default_read_grant_spec.rb +++ b/spec/defines/database/default_read_grant_spec.rb @@ -3,13 +3,15 @@ require 'spec_helper' describe 'puppetdb::database::default_read_grant' do + defaults = { + database_name: 'puppetdb', + schema: 'public', + database_username: 'puppetdb', + database_read_only_username: 'puppetdb-read', + } valid = { - 'standard': { - database_name: 'puppetdb', - schema: 'public', - database_username: 'puppetdb', - database_read_only_username: 'puppetdb-read', - } + 'standard': defaults, + 'standard with port': defaults.merge({ database_port: 5433 }), } invalid = { @@ -18,7 +20,8 @@ schema: 'public', database_username: 'puppetdb', database_read_only_username: 'puppetdb-read', - } + }, + 'invalid data type': defaults.merge({ database_port: '5433' }), } let(:facts) { on_supported_os.take(1).first[1] } diff --git a/spec/defines/database/read_grant_spec.rb b/spec/defines/database/read_grant_spec.rb index df8b54d8..65c0ebc5 100644 --- a/spec/defines/database/read_grant_spec.rb +++ b/spec/defines/database/read_grant_spec.rb @@ -2,16 +2,20 @@ require 'spec_helper' +defaults = { + database_read_only_username: 'puppetdb-read', + database_name: 'puppetdb', + schema: 'public', +} + valid = { - 'grant read on new objects from blah to blah': { - database_read_only_username: 'puppetdb-read', - database_name: 'puppetdb', - schema: 'public', - }, + 'grant read on new objects from blah to blah': defaults, + 'grant read on new objects from blah to blah with port': defaults.merge({ database_port: 5433 }), } invalid = { 'no params': {}, + 'invalid data type': defaults.merge({ database_port: '5433' }), } describe 'puppetdb::database::read_grant' do diff --git a/spec/defines/database/read_only_user_spec.rb b/spec/defines/database/read_only_user_spec.rb index 0efc059c..c4820243 100644 --- a/spec/defines/database/read_only_user_spec.rb +++ b/spec/defines/database/read_only_user_spec.rb @@ -2,22 +2,25 @@ require 'spec_helper' +defaults = { + read_database_username: 'puppetdb-read', + database_name: 'puppetdb', + database_owner: 'puppetdb', +} + valid = { - 'puppetdb-read': { - read_database_username: 'puppetdb-read', - database_name: 'puppetdb', - password_hash: 'blah', - database_owner: 'puppetdb', - }, + 'puppetdb-read': defaults.merge({ password_hash: 'blash' }), 'spectest': { read_database_username: 'spectest-read', database_name: 'spectest', database_owner: 'spectest', }, + 'with port': defaults.merge({ database_port: 5433 }), } invalid = { 'no params': {}, + 'invalid data type': defaults.merge({ database_port: '5433' }), } describe 'puppetdb::database::read_only_user', type: :define do diff --git a/spec/unit/classes/database/postgresql_spec.rb b/spec/unit/classes/database/postgresql_spec.rb index 1b89b258..b5b80030 100644 --- a/spec/unit/classes/database/postgresql_spec.rb +++ b/spec/unit/classes/database/postgresql_spec.rb @@ -51,6 +51,7 @@ database_password: 'puppetdb', read_database_username: 'puppetdb-read', read_database_password: 'puppetdb-read', + database_port: '5432', } end @@ -60,6 +61,7 @@ user: params[:database_username], password: params[:database_password], grant: 'all', + port: params[:database_port].to_i, ) } @@ -68,6 +70,7 @@ .that_requires("Postgresql::Server::Db[#{params[:database_name]}]") .with( db: params[:database_name], + port: params[:database_port].to_i, command: 'REVOKE CREATE ON SCHEMA public FROM public', unless: "SELECT * FROM (SELECT has_schema_privilege('public', 'public', 'create') can_create) privs @@ -81,6 +84,7 @@ .that_comes_before("Puppetdb::Database::Read_only_user[#{params[:read_database_username]}]") .with( db: params[:database_name], + port: params[:database_port].to_i, command: "GRANT CREATE ON SCHEMA public TO \"#{params[:database_username]}\"", unless: "SELECT * FROM (SELECT has_schema_privilege('#{params[:database_username]}', 'public', 'create') can_create) privs @@ -96,6 +100,7 @@ database_name: params[:database_name], password_hash: %r{^(md5|SCRAM)}, # TODO: mock properly database_owner: params[:database_username], + database_port: params[:database_port].to_i, } end end @@ -105,6 +110,7 @@ .that_requires("Puppetdb::Database::Read_only_user[#{params[:read_database_username]}]") .with( db: params[:database_name], + port: params[:database_port].to_i, command: "GRANT \"#{params[:read_database_username]}\" TO \"#{params[:database_username]}\"", unless: "SELECT oid, rolname FROM pg_roles WHERE pg_has_role( '#{params[:database_username]}', oid, 'member') and rolname = '#{params[:read_database_username]}'", From 986615925fd06d6d05f2d1dce286181b6f188990 Mon Sep 17 00:00:00 2001 From: Steve Mokris Date: Tue, 9 Aug 2022 13:57:04 -0400 Subject: [PATCH 69/97] Remove obsolete database config options --- manifests/init.pp | 8 ---- manifests/params.pp | 4 -- manifests/server.pp | 8 ---- manifests/server/database.pp | 25 ------------ manifests/server/read_database.pp | 15 ------- spec/unit/classes/server/database_ini_spec.rb | 40 ------------------- .../classes/server/read_database_ini_spec.rb | 40 ------------------- 7 files changed, 140 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index 10d55128..ff3b51a8 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -420,9 +420,7 @@ Optional[Array] $facts_blacklist = $puppetdb::params::facts_blacklist, $gc_interval = $puppetdb::params::gc_interval, $node_purge_gc_batch_limit = $puppetdb::params::node_purge_gc_batch_limit, - $log_slow_statements = $puppetdb::params::log_slow_statements, $conn_max_age = $puppetdb::params::conn_max_age, - $conn_keep_alive = $puppetdb::params::conn_keep_alive, $conn_lifetime = $puppetdb::params::conn_lifetime, $puppetdb_package = $puppetdb::params::puppetdb_package, $puppetdb_service = $puppetdb::params::puppetdb_service, @@ -438,9 +436,7 @@ $manage_read_db_password = $puppetdb::params::manage_read_db_password, $read_database_jdbc_ssl_properties = $puppetdb::params::read_database_jdbc_ssl_properties, $read_database_validate = $puppetdb::params::read_database_validate, - $read_log_slow_statements = $puppetdb::params::read_log_slow_statements, $read_conn_max_age = $puppetdb::params::read_conn_max_age, - $read_conn_keep_alive = $puppetdb::params::read_conn_keep_alive, $read_conn_lifetime = $puppetdb::params::read_conn_lifetime, $confdir = $puppetdb::params::confdir, $vardir = $puppetdb::params::vardir, @@ -499,9 +495,7 @@ facts_blacklist => $facts_blacklist, gc_interval => $gc_interval, node_purge_gc_batch_limit => $node_purge_gc_batch_limit, - log_slow_statements => $log_slow_statements, conn_max_age => $conn_max_age, - conn_keep_alive => $conn_keep_alive, conn_lifetime => $conn_lifetime, puppetdb_package => $puppetdb_package, puppetdb_service => $puppetdb_service, @@ -519,9 +513,7 @@ manage_read_db_password => $manage_read_db_password, read_database_jdbc_ssl_properties => $read_database_jdbc_ssl_properties, read_database_validate => $read_database_validate, - read_log_slow_statements => $read_log_slow_statements, read_conn_max_age => $read_conn_max_age, - read_conn_keep_alive => $read_conn_keep_alive, read_conn_lifetime => $read_conn_lifetime, puppetdb_user => $puppetdb_user, puppetdb_group => $puppetdb_group, diff --git a/manifests/params.pp b/manifests/params.pp index 2c45b519..cdef09a5 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -53,9 +53,7 @@ $gc_interval = '60' $node_purge_gc_batch_limit = '25' - $log_slow_statements = '10' $conn_max_age = '60' - $conn_keep_alive = '45' $conn_lifetime = '0' $max_threads = undef @@ -70,9 +68,7 @@ $manage_read_db_password = true $read_database_jdbc_ssl_properties = '' $read_database_validate = true - $read_log_slow_statements = '10' $read_conn_max_age = '60' - $read_conn_keep_alive = '45' $read_conn_lifetime = '0' $read_database_max_pool_size = undef diff --git a/manifests/server.pp b/manifests/server.pp index ba9a510a..3613979b 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -379,9 +379,7 @@ Optional[Array] $facts_blacklist = $puppetdb::params::facts_blacklist, $gc_interval = $puppetdb::params::gc_interval, $node_purge_gc_batch_limit = $puppetdb::params::node_purge_gc_batch_limit, - $log_slow_statements = $puppetdb::params::log_slow_statements, $conn_max_age = $puppetdb::params::conn_max_age, - $conn_keep_alive = $puppetdb::params::conn_keep_alive, $conn_lifetime = $puppetdb::params::conn_lifetime, $puppetdb_package = $puppetdb::params::puppetdb_package, $puppetdb_service = $puppetdb::params::puppetdb_service, @@ -396,9 +394,7 @@ $manage_read_db_password = $puppetdb::params::manage_read_db_password, $read_database_jdbc_ssl_properties = $puppetdb::params::read_database_jdbc_ssl_properties, $read_database_validate = $puppetdb::params::read_database_validate, - $read_log_slow_statements = $puppetdb::params::read_log_slow_statements, $read_conn_max_age = $puppetdb::params::read_conn_max_age, - $read_conn_keep_alive = $puppetdb::params::read_conn_keep_alive, $read_conn_lifetime = $puppetdb::params::read_conn_lifetime, $confdir = $puppetdb::params::confdir, $vardir = $puppetdb::params::vardir, @@ -511,9 +507,7 @@ facts_blacklist => $facts_blacklist, gc_interval => $gc_interval, node_purge_gc_batch_limit => $node_purge_gc_batch_limit, - log_slow_statements => $log_slow_statements, conn_max_age => $conn_max_age, - conn_keep_alive => $conn_keep_alive, conn_lifetime => $conn_lifetime, confdir => $confdir, puppetdb_user => $puppetdb_user, @@ -545,9 +539,7 @@ ssl_ca_cert_path => $ssl_ca_cert_path, jdbc_ssl_properties => $read_database_jdbc_ssl_properties, database_validate => $read_database_validate, - log_slow_statements => $read_log_slow_statements, conn_max_age => $read_conn_max_age, - conn_keep_alive => $read_conn_keep_alive, conn_lifetime => $read_conn_lifetime, confdir => $confdir, puppetdb_user => $puppetdb_user, diff --git a/manifests/server/database.pp b/manifests/server/database.pp index bdac088c..087f07b7 100644 --- a/manifests/server/database.pp +++ b/manifests/server/database.pp @@ -16,9 +16,7 @@ $facts_blacklist = $puppetdb::params::facts_blacklist, $gc_interval = $puppetdb::params::gc_interval, $node_purge_gc_batch_limit = $puppetdb::params::node_purge_gc_batch_limit, - $log_slow_statements = $puppetdb::params::log_slow_statements, $conn_max_age = $puppetdb::params::conn_max_age, - $conn_keep_alive = $puppetdb::params::conn_keep_alive, $conn_lifetime = $puppetdb::params::conn_lifetime, $confdir = $puppetdb::params::confdir, $puppetdb_user = $puppetdb::params::puppetdb_user, @@ -70,9 +68,6 @@ require => $ini_setting_require, } - $classname = 'org.postgresql.Driver' - $subprotocol = 'postgresql' - if !empty($jdbc_ssl_properties) { $database_suffix = $jdbc_ssl_properties } @@ -109,16 +104,6 @@ } } - ini_setting { 'puppetdb_classname': - setting => 'classname', - value => $classname, - } - - ini_setting { 'puppetdb_subprotocol': - setting => 'subprotocol', - value => $subprotocol, - } - ini_setting { 'puppetdb_pgs': setting => 'syntax_pgs', value => true, @@ -154,21 +139,11 @@ value => $report_ttl, } - ini_setting { 'puppetdb_log_slow_statements': - setting => 'log-slow-statements', - value => $log_slow_statements, - } - ini_setting { 'puppetdb_conn_max_age': setting => 'conn-max-age', value => $conn_max_age, } - ini_setting { 'puppetdb_conn_keep_alive': - setting => 'conn-keep-alive', - value => $conn_keep_alive, - } - ini_setting { 'puppetdb_conn_lifetime': setting => 'conn-lifetime', value => $conn_lifetime, diff --git a/manifests/server/read_database.pp b/manifests/server/read_database.pp index 58e2f7a5..fea62364 100644 --- a/manifests/server/read_database.pp +++ b/manifests/server/read_database.pp @@ -10,9 +10,7 @@ $manage_db_password = $puppetdb::params::manage_read_db_password, $jdbc_ssl_properties = $puppetdb::params::read_database_jdbc_ssl_properties, $database_validate = $puppetdb::params::read_database_validate, - $log_slow_statements = $puppetdb::params::read_log_slow_statements, $conn_max_age = $puppetdb::params::read_conn_max_age, - $conn_keep_alive = $puppetdb::params::read_conn_keep_alive, $conn_lifetime = $puppetdb::params::read_conn_lifetime, $confdir = $puppetdb::params::confdir, $puppetdb_user = $puppetdb::params::puppetdb_user, @@ -64,9 +62,6 @@ require => $ini_setting_require, } - $classname = 'org.postgresql.Driver' - $subprotocol = 'postgresql' - if !empty($jdbc_ssl_properties) { $database_suffix = $jdbc_ssl_properties } @@ -123,21 +118,11 @@ value => $subname, } - ini_setting { 'puppetdb_read_log_slow_statements': - setting => 'log-slow-statements', - value => $log_slow_statements, - } - ini_setting { 'puppetdb_read_conn_max_age': setting => 'conn-max-age', value => $conn_max_age, } - ini_setting { 'puppetdb_read_conn_keep_alive': - setting => 'conn-keep-alive', - value => $conn_keep_alive, - } - ini_setting { 'puppetdb_read_conn_lifetime': setting => 'conn-lifetime', value => $conn_lifetime, diff --git a/spec/unit/classes/server/database_ini_spec.rb b/spec/unit/classes/server/database_ini_spec.rb index d63ee5a4..4d6a5810 100644 --- a/spec/unit/classes/server/database_ini_spec.rb +++ b/spec/unit/classes/server/database_ini_spec.rb @@ -45,26 +45,6 @@ 'value' => 'puppetdb', ) } - it { - is_expected.to contain_ini_setting('puppetdb_classname') - .with( - 'ensure' => 'present', - 'path' => "#{pdbconfdir}/database.ini", - 'section' => 'database', - 'setting' => 'classname', - 'value' => 'org.postgresql.Driver', - ) - } - it { - is_expected.to contain_ini_setting('puppetdb_subprotocol') - .with( - 'ensure' => 'present', - 'path' => "#{pdbconfdir}/database.ini", - 'section' => 'database', - 'setting' => 'subprotocol', - 'value' => 'postgresql', - ) - } it { is_expected.to contain_ini_setting('puppetdb_pgs') .with( @@ -135,16 +115,6 @@ 'value' => '14d', ) } - it { - is_expected.to contain_ini_setting('puppetdb_log_slow_statements') - .with( - 'ensure' => 'present', - 'path' => "#{pdbconfdir}/database.ini", - 'section' => 'database', - 'setting' => 'log-slow-statements', - 'value' => 10, - ) - } it { is_expected.to contain_ini_setting('puppetdb_conn_max_age') .with( @@ -155,16 +125,6 @@ 'value' => '60', ) } - it { - is_expected.to contain_ini_setting('puppetdb_conn_keep_alive') - .with( - 'ensure' => 'present', - 'path' => "#{pdbconfdir}/database.ini", - 'section' => 'database', - 'setting' => 'conn-keep-alive', - 'value' => '45', - ) - } it { is_expected.to contain_ini_setting('puppetdb_conn_lifetime') .with( diff --git a/spec/unit/classes/server/read_database_ini_spec.rb b/spec/unit/classes/server/read_database_ini_spec.rb index 7e821f79..a5f189f0 100644 --- a/spec/unit/classes/server/read_database_ini_spec.rb +++ b/spec/unit/classes/server/read_database_ini_spec.rb @@ -45,26 +45,6 @@ 'value' => 'puppetdb-read', ) } - it { - is_expected.to contain_ini_setting('puppetdb_read_classname') - .with( - 'ensure' => 'present', - 'path' => '/etc/puppetlabs/puppetdb/conf.d/read_database.ini', - 'section' => 'read-database', - 'setting' => 'classname', - 'value' => 'org.postgresql.Driver', - ) - } - it { - is_expected.to contain_ini_setting('puppetdb_read_subprotocol') - .with( - 'ensure' => 'present', - 'path' => '/etc/puppetlabs/puppetdb/conf.d/read_database.ini', - 'section' => 'read-database', - 'setting' => 'subprotocol', - 'value' => 'postgresql', - ) - } it { is_expected.to contain_ini_setting('puppetdb_read_pgs') .with( @@ -85,16 +65,6 @@ 'value' => '//puppetdb:5432/puppetdb', ) } - it { - is_expected.to contain_ini_setting('puppetdb_read_log_slow_statements') - .with( - 'ensure' => 'present', - 'path' => '/etc/puppetlabs/puppetdb/conf.d/read_database.ini', - 'section' => 'read-database', - 'setting' => 'log-slow-statements', - 'value' => 10, - ) - } it { is_expected.to contain_ini_setting('puppetdb_read_conn_max_age') .with( @@ -105,16 +75,6 @@ 'value' => '60', ) } - it { - is_expected.to contain_ini_setting('puppetdb_read_conn_keep_alive') - .with( - 'ensure' => 'present', - 'path' => '/etc/puppetlabs/puppetdb/conf.d/read_database.ini', - 'section' => 'read-database', - 'setting' => 'conn-keep-alive', - 'value' => '45', - ) - } it { is_expected.to contain_ini_setting('puppetdb_read_conn_lifetime') .with( From 9b1bbcdfb42cf1b6b3d77cbdbf1685a6dd63c836 Mon Sep 17 00:00:00 2001 From: Kevin Crull Date: Fri, 16 Feb 2024 11:07:21 -0500 Subject: [PATCH 70/97] Resolving linting errors --- manifests/init.pp | 32 ------------------------------- manifests/server.pp | 32 ------------------------------- manifests/server/read_database.pp | 10 ---------- 3 files changed, 74 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index ff3b51a8..99f6ba24 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -131,28 +131,12 @@ # @param node_purge_gc_batch_limit # Nodes will be purged in batches of this size, one batch per gc-interval. # -# @param log_slow_statements -# This sets the number of seconds before an SQL query is considered "slow." Slow -# SQL queries are logged as warnings, to assist in debugging and tuning. Note -# PuppetDB does not interrupt slow queries; it simply reports them after they -# complete. -# -# The default value is `10` seconds. A value of 0 will disable logging of slow -# queries. This option is supported in PuppetDB >= 1.1. -# # @param conn_max_age # The maximum time (in minutes) for a pooled connection to remain unused before # it is closed off. # # If not supplied, we default to `60` minutes. This option is supported in PuppetDB >= 1.1. # -# @param conn_keep_alive -# This sets the time (in minutes) for a connection to remain idle before sending -# a test query to the DB. This is useful to prevent a DB from timing out -# connections on its end. -# -# If not supplied, we default to 45 minutes. This option is supported in PuppetDB >= 1.1. -# # @param conn_lifetime # The maximum time (in minutes) a pooled connection should remain open. Any # connections older than this setting will be closed off. Connections currently in @@ -249,28 +233,12 @@ # is set to `undef`, and `manage_database` is set to `true`, it will use the value of # the `database_name` parameter. This option is supported in PuppetDB >= 1.6. # -# @param read_log_slow_statements -# This sets the number of seconds before an SQL query to the read database is -# considered "slow." Slow SQL queries are logged as warnings, to assist in -# debugging and tuning. Note PuppetDB does not interrupt slow queries; it simply -# reports them after they complete. -# -# The default value is 10 seconds. A value of 0 will disable logging of slow -# queries. This option is supported in PuppetDB >= 1.6. -# # @param read_conn_max_age # The maximum time (in minutes) for a pooled read database connection to remain # unused before it is closed off. # # If not supplied, we default to 60 minutes. This option is supported in PuppetDB >= 1.6. # -# @param read_conn_keep_alive -# This sets the time (in minutes) for a read database connection to remain idle -# before sending a test query to the DB. This is useful to prevent a DB from -# timing out connections on its end. -# -# If not supplied, we default to 45 minutes. This option is supported in PuppetDB >= 1.6. -# # @param read_conn_lifetime # The maximum time (in minutes) a pooled read database connection should remain # open. Any connections older than this setting will be closed off. Connections diff --git a/manifests/server.pp b/manifests/server.pp index 3613979b..6cae51d5 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -102,28 +102,12 @@ # @param node_purge_gc_batch_limit # Nodes will be purged in batches of this size, one batch per gc-interval. # -# @param log_slow_statements -# This sets the number of seconds before an SQL query is considered "slow." Slow -# SQL queries are logged as warnings, to assist in debugging and tuning. Note -# PuppetDB does not interrupt slow queries; it simply reports them after they -# complete. -# -# The default value is `10` seconds. A value of 0 will disable logging of slow -# queries. This option is supported in PuppetDB >= 1.1. -# # @param conn_max_age # The maximum time (in minutes) for a pooled connection to remain unused before # it is closed off. # # If not supplied, we default to `60` minutes. This option is supported in PuppetDB >= 1.1. # -# @param conn_keep_alive -# This sets the time (in minutes) for a connection to remain idle before sending -# a test query to the DB. This is useful to prevent a DB from timing out -# connections on its end. -# -# If not supplied, we default to 45 minutes. This option is supported in PuppetDB >= 1.1. -# # @param conn_lifetime # The maximum time (in minutes) a pooled connection should remain open. Any # connections older than this setting will be closed off. Connections currently in @@ -217,28 +201,12 @@ # is set to `undef`, and `manage_database` is set to `true`, it will use the value of # the `database_name` parameter. This option is supported in PuppetDB >= 1.6. # -# @param read_log_slow_statements -# This sets the number of seconds before an SQL query to the read database is -# considered "slow." Slow SQL queries are logged as warnings, to assist in -# debugging and tuning. Note PuppetDB does not interrupt slow queries; it simply -# reports them after they complete. -# -# The default value is 10 seconds. A value of 0 will disable logging of slow -# queries. This option is supported in PuppetDB >= 1.6. -# # @param read_conn_max_age # The maximum time (in minutes) for a pooled read database connection to remain # unused before it is closed off. # # If not supplied, we default to 60 minutes. This option is supported in PuppetDB >= 1.6. # -# @param read_conn_keep_alive -# This sets the time (in minutes) for a read database connection to remain idle -# before sending a test query to the DB. This is useful to prevent a DB from -# timing out connections on its end. -# -# If not supplied, we default to 45 minutes. This option is supported in PuppetDB >= 1.6. -# # @param read_conn_lifetime # The maximum time (in minutes) a pooled read database connection should remain # open. Any connections older than this setting will be closed off. Connections diff --git a/manifests/server/read_database.pp b/manifests/server/read_database.pp index fea62364..b6155162 100644 --- a/manifests/server/read_database.pp +++ b/manifests/server/read_database.pp @@ -98,16 +98,6 @@ } } - ini_setting { 'puppetdb_read_classname': - setting => 'classname', - value => $classname, - } - - ini_setting { 'puppetdb_read_subprotocol': - setting => 'subprotocol', - value => $subprotocol, - } - ini_setting { 'puppetdb_read_pgs': setting => 'syntax_pgs', value => true, From 2ccdaa76e41051c574a15758e0ff191f87b97e9c Mon Sep 17 00:00:00 2001 From: Kevin Crull Date: Fri, 16 Feb 2024 16:23:21 -0500 Subject: [PATCH 71/97] update reference doc --- REFERENCE.md | 112 --------------------------------------------------- 1 file changed, 112 deletions(-) diff --git a/REFERENCE.md b/REFERENCE.md index 00329336..044d7047 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -99,9 +99,7 @@ The following parameters are available in the `puppetdb` class: * [`facts_blacklist`](#-puppetdb--facts_blacklist) * [`gc_interval`](#-puppetdb--gc_interval) * [`node_purge_gc_batch_limit`](#-puppetdb--node_purge_gc_batch_limit) -* [`log_slow_statements`](#-puppetdb--log_slow_statements) * [`conn_max_age`](#-puppetdb--conn_max_age) -* [`conn_keep_alive`](#-puppetdb--conn_keep_alive) * [`conn_lifetime`](#-puppetdb--conn_lifetime) * [`puppetdb_package`](#-puppetdb--puppetdb_package) * [`puppetdb_service`](#-puppetdb--puppetdb_service) @@ -122,9 +120,7 @@ The following parameters are available in the `puppetdb` class: * [`read_database_jdbc_ssl_properties`](#-puppetdb--read_database_jdbc_ssl_properties) * [`read_database_validate`](#-puppetdb--read_database_validate) * [`read_database_name`](#-puppetdb--read_database_name) -* [`read_log_slow_statements`](#-puppetdb--read_log_slow_statements) * [`read_conn_max_age`](#-puppetdb--read_conn_max_age) -* [`read_conn_keep_alive`](#-puppetdb--read_conn_keep_alive) * [`read_conn_lifetime`](#-puppetdb--read_conn_lifetime) * [`ssl_dir`](#-puppetdb--ssl_dir) * [`ssl_set_cert_paths`](#-puppetdb--ssl_set_cert_paths) @@ -457,20 +453,6 @@ Nodes will be purged in batches of this size, one batch per gc-interval. Default value: `$puppetdb::params::node_purge_gc_batch_limit` -##### `log_slow_statements` - -Data type: `Any` - -This sets the number of seconds before an SQL query is considered "slow." Slow -SQL queries are logged as warnings, to assist in debugging and tuning. Note -PuppetDB does not interrupt slow queries; it simply reports them after they -complete. - -The default value is `10` seconds. A value of 0 will disable logging of slow -queries. This option is supported in PuppetDB >= 1.1. - -Default value: `$puppetdb::params::log_slow_statements` - ##### `conn_max_age` Data type: `Any` @@ -482,18 +464,6 @@ If not supplied, we default to `60` minutes. This option is supported in PuppetD Default value: `$puppetdb::params::conn_max_age` -##### `conn_keep_alive` - -Data type: `Any` - -This sets the time (in minutes) for a connection to remain idle before sending -a test query to the DB. This is useful to prevent a DB from timing out -connections on its end. - -If not supplied, we default to 45 minutes. This option is supported in PuppetDB >= 1.1. - -Default value: `$puppetdb::params::conn_keep_alive` - ##### `conn_lifetime` Data type: `Any` @@ -690,20 +660,6 @@ the `database_name` parameter. This option is supported in PuppetDB >= 1.6. Default value: `$puppetdb::params::read_database_name` -##### `read_log_slow_statements` - -Data type: `Any` - -This sets the number of seconds before an SQL query to the read database is -considered "slow." Slow SQL queries are logged as warnings, to assist in -debugging and tuning. Note PuppetDB does not interrupt slow queries; it simply -reports them after they complete. - -The default value is 10 seconds. A value of 0 will disable logging of slow -queries. This option is supported in PuppetDB >= 1.6. - -Default value: `$puppetdb::params::read_log_slow_statements` - ##### `read_conn_max_age` Data type: `Any` @@ -715,18 +671,6 @@ If not supplied, we default to 60 minutes. This option is supported in PuppetDB Default value: `$puppetdb::params::read_conn_max_age` -##### `read_conn_keep_alive` - -Data type: `Any` - -This sets the time (in minutes) for a read database connection to remain idle -before sending a test query to the DB. This is useful to prevent a DB from -timing out connections on its end. - -If not supplied, we default to 45 minutes. This option is supported in PuppetDB >= 1.6. - -Default value: `$puppetdb::params::read_conn_keep_alive` - ##### `read_conn_lifetime` Data type: `Any` @@ -1427,9 +1371,7 @@ The following parameters are available in the `puppetdb::server` class: * [`facts_blacklist`](#-puppetdb--server--facts_blacklist) * [`gc_interval`](#-puppetdb--server--gc_interval) * [`node_purge_gc_batch_limit`](#-puppetdb--server--node_purge_gc_batch_limit) -* [`log_slow_statements`](#-puppetdb--server--log_slow_statements) * [`conn_max_age`](#-puppetdb--server--conn_max_age) -* [`conn_keep_alive`](#-puppetdb--server--conn_keep_alive) * [`conn_lifetime`](#-puppetdb--server--conn_lifetime) * [`puppetdb_package`](#-puppetdb--server--puppetdb_package) * [`puppetdb_service`](#-puppetdb--server--puppetdb_service) @@ -1449,9 +1391,7 @@ The following parameters are available in the `puppetdb::server` class: * [`read_database_jdbc_ssl_properties`](#-puppetdb--server--read_database_jdbc_ssl_properties) * [`read_database_validate`](#-puppetdb--server--read_database_validate) * [`read_database_name`](#-puppetdb--server--read_database_name) -* [`read_log_slow_statements`](#-puppetdb--server--read_log_slow_statements) * [`read_conn_max_age`](#-puppetdb--server--read_conn_max_age) -* [`read_conn_keep_alive`](#-puppetdb--server--read_conn_keep_alive) * [`read_conn_lifetime`](#-puppetdb--server--read_conn_lifetime) * [`ssl_dir`](#-puppetdb--server--ssl_dir) * [`ssl_set_cert_paths`](#-puppetdb--server--ssl_set_cert_paths) @@ -1715,20 +1655,6 @@ Nodes will be purged in batches of this size, one batch per gc-interval. Default value: `$puppetdb::params::node_purge_gc_batch_limit` -##### `log_slow_statements` - -Data type: `Any` - -This sets the number of seconds before an SQL query is considered "slow." Slow -SQL queries are logged as warnings, to assist in debugging and tuning. Note -PuppetDB does not interrupt slow queries; it simply reports them after they -complete. - -The default value is `10` seconds. A value of 0 will disable logging of slow -queries. This option is supported in PuppetDB >= 1.1. - -Default value: `$puppetdb::params::log_slow_statements` - ##### `conn_max_age` Data type: `Any` @@ -1740,18 +1666,6 @@ If not supplied, we default to `60` minutes. This option is supported in PuppetD Default value: `$puppetdb::params::conn_max_age` -##### `conn_keep_alive` - -Data type: `Any` - -This sets the time (in minutes) for a connection to remain idle before sending -a test query to the DB. This is useful to prevent a DB from timing out -connections on its end. - -If not supplied, we default to 45 minutes. This option is supported in PuppetDB >= 1.1. - -Default value: `$puppetdb::params::conn_keep_alive` - ##### `conn_lifetime` Data type: `Any` @@ -1940,20 +1854,6 @@ the `database_name` parameter. This option is supported in PuppetDB >= 1.6. Default value: `$puppetdb::params::read_database_name` -##### `read_log_slow_statements` - -Data type: `Any` - -This sets the number of seconds before an SQL query to the read database is -considered "slow." Slow SQL queries are logged as warnings, to assist in -debugging and tuning. Note PuppetDB does not interrupt slow queries; it simply -reports them after they complete. - -The default value is 10 seconds. A value of 0 will disable logging of slow -queries. This option is supported in PuppetDB >= 1.6. - -Default value: `$puppetdb::params::read_log_slow_statements` - ##### `read_conn_max_age` Data type: `Any` @@ -1965,18 +1865,6 @@ If not supplied, we default to 60 minutes. This option is supported in PuppetDB Default value: `$puppetdb::params::read_conn_max_age` -##### `read_conn_keep_alive` - -Data type: `Any` - -This sets the time (in minutes) for a read database connection to remain idle -before sending a test query to the DB. This is useful to prevent a DB from -timing out connections on its end. - -If not supplied, we default to 45 minutes. This option is supported in PuppetDB >= 1.6. - -Default value: `$puppetdb::params::read_conn_keep_alive` - ##### `read_conn_lifetime` Data type: `Any` From 9fff6b6b9ad604d170ea5becd67194dba6db9860 Mon Sep 17 00:00:00 2001 From: Greg Cox Date: Mon, 18 Mar 2024 22:47:15 +0000 Subject: [PATCH 72/97] Allow puppetlabs/firewall 8.x --- metadata.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/metadata.json b/metadata.json index c4331077..8bf65e46 100644 --- a/metadata.json +++ b/metadata.json @@ -18,7 +18,7 @@ }, { "name": "puppetlabs/firewall", - "version_requirement": ">= 7.0.0 < 8.0.0" + "version_requirement": ">= 7.0.0 < 9.0.0" }, { "name": "puppetlabs/stdlib", From 093485a5db1767a6720c01b478bfc82c477c8ea8 Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Wed, 10 Apr 2024 15:24:47 +0200 Subject: [PATCH 73/97] .fixtures.yml: delete legacy symlink --- .fixtures.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.fixtures.yml b/.fixtures.yml index 2bc678a5..c526bbb3 100644 --- a/.fixtures.yml +++ b/.fixtures.yml @@ -16,5 +16,3 @@ fixtures: firewall: 'https://github.com/puppetlabs/puppetlabs-firewall.git' postgresql: 'https://github.com/puppetlabs/puppetlabs-postgresql.git' firewall: 'https://github.com/puppetlabs/puppetlabs-firewall.git' - symlinks: - puppetdb: '#{source_dir}' From d3c592ba96a89cabdb4b1639a89ccb6720c7eaeb Mon Sep 17 00:00:00 2001 From: Jeffrey Clark Date: Thu, 11 Apr 2024 19:19:11 -0500 Subject: [PATCH 74/97] replace gha workflows --- .github/workflows/ci.yml | 57 ++--------- .github/workflows/labeller.yml | 28 ++++++ .github/workflows/matrix.yml | 49 ---------- .github/workflows/mend.yml | 16 +++ .github/workflows/module_acceptance.yml | 125 ------------------------ .github/workflows/module_spec.yml | 88 ----------------- .github/workflows/nightly.yml | 19 ++++ rakelib/common.rake | 31 +++--- 8 files changed, 84 insertions(+), 329 deletions(-) create mode 100644 .github/workflows/labeller.yml delete mode 100644 .github/workflows/matrix.yml create mode 100644 .github/workflows/mend.yml delete mode 100644 .github/workflows/module_acceptance.yml delete mode 100644 .github/workflows/module_spec.yml create mode 100644 .github/workflows/nightly.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 97c5f5a9..65c1a9fc 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,61 +1,20 @@ +--- name: "ci" on: pull_request: - types: - - opened - - labeled - - synchronize branches: - "main" - paths-ignore: - - '**.md' - - 'examples/**' - - 'LICENSE' - - 'CODEOWNERS' - - 'AUTHORS' workflow_dispatch: - inputs: - debug: - description: "Debug" - type: boolean - required: false - default: true - run_spec: - description: "Run Spec job" - type: boolean - required: false - default: true - run_acceptance: - description: "Run Acceptance job" - type: boolean - required: false - default: false - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true jobs: - Matrix: - uses: ./.github/workflows/matrix.yml - with: - flags: "--exclude-platforms '[\"Ubuntu-18.04\"]'" # TODO: remove after postgres module update Spec: - if: ${{ github.event_name == 'pull_request' || inputs.run_spec == 'true' }} - needs: Matrix - uses: ./.github/workflows/module_spec.yml - secrets: inherit - with: - debug: ${{ github.events.inputs.debug == 'true' || contains(github.event.pull_request.labels.*.name, 'debug') }} - ignore_dependency_check: true # TODO: remove after module updates - matrix: ${{ needs.Matrix.outputs.spec_matrix }} + uses: "puppetlabs/cat-github-actions/.github/workflows/module_ci.yml@main" + secrets: "inherit" + Acceptance: - if: ${{ github.event_name == 'pull_request' || inputs.run_acceptance == 'true' }} - needs: [ Matrix, Spec ] - uses: ./.github/workflows/module_acceptance.yml - secrets: inherit + needs: Spec + uses: "puppetlabs/cat-github-actions/.github/workflows/module_acceptance.yml@main" + secrets: "inherit" with: - debug: ${{ github.events.inputs.debug == 'true' || contains(github.event.pull_request.labels.*.name, 'debug') }} - matrix: ${{ needs.Matrix.outputs.acceptance_matrix }} - runs_on: ubuntu-20.04 # TODO: cgroupv1 containers do not provision on ubuntu-latest + runs_on: "ubuntu-20.04" diff --git a/.github/workflows/labeller.yml b/.github/workflows/labeller.yml new file mode 100644 index 00000000..84b1d881 --- /dev/null +++ b/.github/workflows/labeller.yml @@ -0,0 +1,28 @@ +--- +name: Labeller + +on: + issues: + types: + - opened + - labeled + - unlabeled + pull_request_target: + types: + - opened + - labeled + - unlabeled + +jobs: + label: + runs-on: ubuntu-latest + steps: + + - uses: puppetlabs/community-labeller@v1.0.1 + name: Label issues or pull requests + with: + label_name: community + label_color: '5319e7' + org_membership: puppetlabs + fail_if_member: 'true' + token: ${{ secrets.IAC_COMMUNITY_LABELER }} diff --git a/.github/workflows/matrix.yml b/.github/workflows/matrix.yml deleted file mode 100644 index ee9fdfaf..00000000 --- a/.github/workflows/matrix.yml +++ /dev/null @@ -1,49 +0,0 @@ ---- -on: - workflow_call: - inputs: - runs_on: - description: "The operating system used for the runner." - required: false - default: "ubuntu-latest" - type: "string" - flags: - description: "Additional flags to pass to matrix_from_metadata_v2." - required: false - default: '' - type: "string" - outputs: - spec_matrix: - description: "Spec matrix from metadata" - value: ${{ jobs.generate-json-matrix.outputs.spec_matrix }} - acceptance_matrix: - description: "Acceptance matrix from metadata" - value: ${{ jobs.generate-json-matrix.outputs.acceptance_matrix }} - -jobs: - generate-json-matrix: - name: Generate - runs-on: ${{ inputs.runs_on }} - outputs: - spec_matrix: ${{ steps.get-matrix.outputs.spec_matrix }} - acceptance_matrix: ${{ steps.get-matrix.outputs.matrix }} - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - name: Activate Ruby 2.7 - uses: ruby/setup-ruby@v1 - with: - ruby-version: "2.7" - bundler-cache: true - - name: Setup Test Matrix - id: get-matrix - run: | - bundle exec matrix_from_metadata_v2 ${{ inputs.flags }} - echo ::group::spec matrix - sed -n 's/^spec_matrix=\(.*\)/\1/p' $GITHUB_OUTPUT | jq - echo ::endgroup:: - echo ::group::acceptance matrix - sed -n 's/^matrix=\(.*\)/\1/p' $GITHUB_OUTPUT | jq - echo ::endgroup:: diff --git a/.github/workflows/mend.yml b/.github/workflows/mend.yml new file mode 100644 index 00000000..08ade269 --- /dev/null +++ b/.github/workflows/mend.yml @@ -0,0 +1,16 @@ +--- +name: "mend" + +on: + pull_request_target: + types: + - opened + - synchronize + schedule: + - cron: "0 0 * * *" + workflow_dispatch: + +jobs: + mend: + uses: "puppetlabs/cat-github-actions/.github/workflows/mend_ruby.yml@main" + secrets: "inherit" diff --git a/.github/workflows/module_acceptance.yml b/.github/workflows/module_acceptance.yml deleted file mode 100644 index 4d0a7439..00000000 --- a/.github/workflows/module_acceptance.yml +++ /dev/null @@ -1,125 +0,0 @@ -# This is a generic workflow for Puppet module acceptance operations. -name: "Module Acceptance" - -on: - workflow_call: - inputs: - matrix: - description: "JSON matrix" - type: "string" - required: true - debug: - description: "Run jobs with debug steps and flags enabled" - type: "boolean" - required: false - default: false - puppet_version: - description: "Version of Puppet used to run tests" - type: "string" - required: false - default: "~> 7.24" - ruby_version: - description: "Version of Ruby to install" - type: "string" - required: false - default: "2.7" - runs_on: - description: "The operating system used for the runner" - type: "string" - required: false - default: "ubuntu-latest" - -jobs: - Test: - name: "Test ${{ matrix.platforms.label }} with ${{ matrix.collection }}" - runs-on: ${{ inputs.runs_on }} - strategy: - fail-fast: false - matrix: ${{ fromJson(inputs.matrix) }} - env: - PUPPET_GEM_VERSION: ${{ inputs.puppet_version }} - FACTER_GEM_VERSION: 'https://github.com/puppetlabs/facter#main' - BOLT_GEM: 1 - steps: - - name: Checkout Source - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - - name: Activate Ruby ${{ inputs.ruby_version }} - uses: ruby/setup-ruby@v1 - with: - ruby-version: ${{ inputs.ruby_version }} - bundler-cache: true - - - name: Debug - if: ${{ inputs.debug == true }} - run: | - echo ::group::bundler environment - bundle env - echo ::endgroup:: - echo ::group::docker info - docker info - echo ::endgroup:: - echo "RSPEC_DEBUG=1" >> $GITHUB_ENV - echo "DEBUG=1" >> $GITHUB_ENV - - - name: Cache fixture modules - id: cache-fixtures - uses: actions/cache@v4 - env: - cache-name: cache-fixtures-modules - with: - path: spec/fixtures/modules - key: test-${{ env.cache-name }}-${{ hashFiles('metadata.json', '.fixtures.yml') }} - restore-keys: | - test-${{ env.cache-name }}- - test- - - - name: Provision test environment - run: | - bundle exec rake 'litmus:provision[${{matrix.platforms.provider}},${{ matrix.platforms.image }}]' - FILE='spec/fixtures/litmus_inventory.yaml' - sed -e 's/password: .*/password: "[redacted]"/' < $FILE || true - if [ "${{ inputs.debug }}" == "true" ] ; then - while read CN ; do - echo ::group::docker container $CN - docker inspect "$CN" - echo ::endgroup:: - done < <(docker ps --format '{{.Names}}') - fi - - - name: Install agent - run: | - echo ::group::agent - bundle exec rake 'litmus:install_agent[${{ matrix.collection }}]' - echo ::endgroup:: - - - name: Install module - run: bundle exec rake 'litmus:install_module' - - - name: Run acceptance tests - id: run-acceptance - run: bundle exec rake 'litmus:acceptance' - - - name: Failure Logs - if: ${{ failure() && steps.run-acceptance.conclusion == 'failure' }} - continue-on-error: true - run: | - echo ::group::last 100 lines in runner journal - journalctl -n 100 - echo ::endgroup:: - echo ::group::last 100 lines in container journal - bundle exec bolt command run 'journalctl -n 100' -t all -i spec/fixtures/litmus_inventory.yaml - echo ::endgroup:: - echo ::group::last 50 lines of puppetlabs logs - bundle exec bolt command run 'tail -n 50 /var/log/puppetlabs/*/*.log' -t all -i spec/fixtures/litmus_inventory.yaml - echo ::endgroup:: - - - name: Tear down - if: ${{ always() }} - continue-on-error: true - run: | - if [[ -f spec/fixtures/litmus_inventory.yaml ]]; then - bundle exec rake 'litmus:tear_down' - fi diff --git a/.github/workflows/module_spec.yml b/.github/workflows/module_spec.yml deleted file mode 100644 index ca0ca25f..00000000 --- a/.github/workflows/module_spec.yml +++ /dev/null @@ -1,88 +0,0 @@ -# This is a generic workflow for Puppet module CI operations. -name: "Module Spec Matrix" - -on: - workflow_call: - inputs: - matrix: - description: "JSON matrix" - required: true - type: "string" - ignore_dependency_check: - description: "Ignore dependency check failure" - required: false - type: "boolean" - default: false - debug: - description: "Run jobs with debug steps and flags enabled" - required: false - type: "boolean" - default: false - runs_on: - description: "The operating system used for the runner" - required: false - default: "ubuntu-latest" - type: "string" - -jobs: - Test: - name: "Test Puppet ${{ matrix.puppet_version }} with ruby ${{ matrix.ruby_version }}" - runs-on: ${{ inputs.runs_on }} - strategy: - fail-fast: false - matrix: ${{ fromJson(inputs.matrix) }} - env: - PUPPET_GEM_VERSION: ${{ matrix.puppet_version }} - FACTER_GEM_VERSION: 'https://github.com/puppetlabs/facter#main' # why is this set? - - steps: - - name: "Checkout" - uses: "actions/checkout@v4" - with: - ref: ${{ github.event.pull_request.head.sha }} - fetch-depth: 1 - - - name: "Setup ruby" - uses: "ruby/setup-ruby@v1" - with: - ruby-version: ${{ matrix.ruby_version }} - bundler-cache: true - - - name: Debug - if: ${{ inputs.debug == true }} - run: | - echo ::group::bundler environment - bundle env - echo ::endgroup:: - echo "RSPEC_DEBUG=1" >> $GITHUB_ENV - echo "DEBUG=1" >> $GITHUB_ENV - - - name: "Cache fixture modules" - id: cache-fixtures - uses: actions/cache@v4 - env: - cache-name: cache-fixtures-modules - with: - path: spec/fixtures/modules - key: test-${{ env.cache-name }}-${{ hashFiles('metadata.json', '.fixtures.yml') }} - restore-keys: | - test-${{ env.cache-name }}- - test- - - - name: "Run static & syntax tests" - run: bundle exec rake syntax lint metadata_lint check:symlinks check:git_ignore check:dot_underscore check:test_file strings:validate:reference rubocop - - - name: "Dependency check" - run: | - bundle exec dependency-checker metadata.json && EC=$? || EC=$? - if [ "${{ inputs.ignore_dependency_check }}" == "true" ] ; then - echo '::warning title=::ignoring dependency check failure' - else - exit $EC - fi - - - name: "Install modules" - run: bundle exec rake spec_prep - - - name: "Run tests" - run: bundle exec rake parallel_spec_standalone diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml new file mode 100644 index 00000000..163ce92f --- /dev/null +++ b/.github/workflows/nightly.yml @@ -0,0 +1,19 @@ +--- +name: "nightly" + +on: + schedule: + - cron: "0 0 * * *" + workflow_dispatch: + +jobs: + Spec: + uses: "puppetlabs/cat-github-actions/.github/workflows/module_ci.yml@main" + secrets: "inherit" + + Acceptance: + needs: Spec + uses: "puppetlabs/cat-github-actions/.github/workflows/module_acceptance.yml@main" + secrets: "inherit" + with: + runs_on: "ubuntu-20.04" diff --git a/rakelib/common.rake b/rakelib/common.rake index 37d51254..00673c08 100644 --- a/rakelib/common.rake +++ b/rakelib/common.rake @@ -1,23 +1,18 @@ -require 'dependency_checker' -require 'metadata_json_lint' +begin + require 'metadata_json_lint' -# PDK validate behaviors -MetadataJsonLint.options.fail_on_warnings = true -MetadataJsonLint.options.strict_license = true -MetadataJsonLint.options.strict_puppet_version = true -MetadataJsonLint.options.strict_dependencies = true + # PDK validate behaviors + MetadataJsonLint.options.fail_on_warnings = true + MetadataJsonLint.options.strict_license = true + MetadataJsonLint.options.strict_puppet_version = true + MetadataJsonLint.options.strict_dependencies = true -PuppetLint.configuration.log_forat = '%{path}:%{line}:%{check}:%{KIND}:%{message}' -PuppetLint.configuration.fail_on_warnings = true -PuppetLint.configuration.ignore_paths.reject! { |c| c == 'spec/**/*.pp' } -PuppetLint.configuration.ignore_paths << 'spec/fixtures/**/*.pp' - -desc 'Run dependency-checker' -task :metadata_deps do - dpc = DependencyChecker::Runner.new - dpc.resolve_from_files(['metadata.json']) - dpc.run - raise 'dependency checker failed' unless dpc.problems.zero? + PuppetLint.configuration.log_forat = '%{path}:%{line}:%{check}:%{KIND}:%{message}' + PuppetLint.configuration.fail_on_warnings = true + PuppetLint.configuration.ignore_paths.reject! { |c| c == 'spec/**/*.pp' } + PuppetLint.configuration.ignore_paths << 'spec/fixtures/**/*.pp' +rescue LoadError + # ignore end # output task execution From f722169ea918ee1c0ecd7bf53975a1b83b299fcc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Romain=20Tarti=C3=A8re?= Date: Mon, 15 Apr 2024 10:38:46 -1000 Subject: [PATCH 75/97] Archive CHANGELOG.md When preparing a new release of the module, GCG overrite the whole CHANGELOG.md file, but it used to be crafted by hand and we do not want to loose this information. GCG can append an existing file to the generated changelog, and if this file is properly formatted, can guess which versions are covered by this HISTORY file to not include them again. Move the CHANGELOG.md to HISTORY.md and adjust the release lines so that GCG can properly parse the first one and the following ones are formatted the same way. The resulting CHANGELOG.md which will be generated on the next release preparation will be consistently formatted. --- CHANGELOG.md => HISTORY.md | 152 ++++++++++--------------------------- 1 file changed, 42 insertions(+), 110 deletions(-) rename CHANGELOG.md => HISTORY.md (89%) diff --git a/CHANGELOG.md b/HISTORY.md similarity index 89% rename from CHANGELOG.md rename to HISTORY.md index 48f12f8c..e4eb3b88 100644 --- a/CHANGELOG.md +++ b/HISTORY.md @@ -1,64 +1,55 @@ -## puppetlabs-puppetdb changelog - -Release notes for the puppetlabs-puppetdb module. - -#### Unreleased -* Drop support for Puppet 6 -* Drop support for Ubuntu 16.04 and Scientific Linux 7 -* Remove all code related to embedded database - -#### 7.14.0 - 2023/10/09 +## [7.14.0] (2023/10/09) * Owner of puppetdb config.ini is now root * Remove support for EOL OSes CentOS 6, Debian 8 & 9. -#### 7.13.0 - 2023/04/19 +## [7.13.0] (2023/04/19) * Replace usage of legacy ::osfamily fact with structured form [PDB-5611](https://tickets.puppetlabs.com/browse/PDB-5611) -#### 7.12.0 - 2022/12/13 +## [7.12.0] (2022/12/13) * Grant read role to write user to fix database user permissions issue [PDB-5559](https://tickets.puppetlabs.com/browse/PDB-5559) -#### 7.11.0 - Not Released +## [7.11.0] (Not Released) -#### 7.10.0 - 2021/12/16 +## [7.10.0] (2021/12/16) * Add support for Debian 11 * Allow puppetlabs/stdlib 8.0.0 * Default to PostgreSQL 11 when using PuppetDB 7.0.0 or later * Update minimum version of puppetlabs/postgresql module to 6.5.0 -#### 7.9.0 - 2021/06/23 +## [7.9.0] (2021/06/23) * When `manage_database` is true, it will create a read-only user in postgres and configure PuppetDB to use that user for its read-database connection pool * Update module dependencies for inifile, firewall, and stdlib -#### 7.8.0 - 2021/03/25 +## [7.8.0] (2021/03/25) * Added an option `postgresql_ssl_on` to enable an SSL connection between PostgreSQL and PuppetDB using Puppet agent certificates to verify the connection and authorize PuppetDB to access the puppetdb database. * Update our metadata to allow puppetlabs-postgresql 7 (this fixes an issue on el8) -#### 7.7.1 - 2020/12/15 +## [7.7.1] (2020/12/15) * When using Puppet 7 or newer, the connection validator will use the new HTTP client. This removes a deprecation warning in the agent output. -#### 7.7.0 - 2020/11/05 +## [7.7.0] (2020/11/05) * When applied to a node running puppet `7.0.0` or newer, the `puppetdb::master::config` class will default to the `json` fact cache. See [PUP-10656](https://tickets.puppetlabs.com/browse/PUP-10656) for more information. -#### 7.6.0 - 2020/09/02 +## [7.6.0] (2020/09/02) * Added `migrate` parameter to manage the database.ini config option * Added Ubuntu 20.04 LTS as a supported platform -#### 7.5.0 - 2020/06/10 +## [7.5.0] (2020/06/10) * Added `java_bin` parameter to set the full path to the java bin * Added `node_purge_gc_batch_limit` parameter @@ -67,28 +58,28 @@ Release notes for the puppetlabs-puppetdb module. * Updated functions to use puppet4 functions * Added `enable_storeconfigs` parameter, specifies whether or not the manage the master's storeconfigs (default: `true`) -#### 7.4.0 - 2019/06/14 +## [7.4.0] (2019/06/14) This is a minor feature release. Detailed changes: * Add the `manage_database` parameter to skip database and extension creation -#### 7.3.0 - 2019/06/14 +## [7.3.0] (2019/06/14) This is a minor feature release. Detailed changes: * Update module dependencies for firewall and stdlib -#### 7.2.0 - 2019/05/17 +## [7.2.0] (2019/05/17) This is a minor feature release. Detailed changes: * Update module dependencies for inifile and PostgreSQL -#### 7.1.0 - 2018/10/02 +## [7.1.0] (2018/10/02) This is a minor feature release. @@ -96,18 +87,14 @@ Detailed changes: * Fix issue with DLO path default being hardcoded * Update module dependencies to allow compatibility with Puppet 6 ------------------------------------------- - -#### 7.0.1 - 2018/07/30 +## [7.0.1] (2018/07/30) This is a minor bugfix release. Detailed changes: * Update the upper bound of required puppet version in metadata.json (Thanks @ekohl!) ------------------------------------------- - -#### 7.0.0 - 2018/06/27 +## [7.0.0] (2018/06/27) This is a major release that replaces validate_* methods with data types. The minimum required version of puppetlabs/stdlib has been bummped to 4.13.1 @@ -123,9 +110,7 @@ Detailed changes: * Update list of supported platforms * Retire the previously deprecated `database_ssl` and `read_database_ssl` params in favor of `jdbc_ssl_properties` and `read_database_jdbc_ssl_properties` ------------------------------------------- - -#### 6.0.2 - 2017/11/06 +## [6.0.2] (2017/11/06) This is a minor bugfix release. @@ -134,9 +119,7 @@ Detailed changes: * Update the upper bound of the puppetlabs inifile dependency * Explicitly add database dependency in the PostgreSQL manifest (Thanks @pgassmann!) ------------------------------------------- - -#### 6.0.1 - 2017/06/05 +## [6.0.1] (2017/06/05) This is a minor bugfix release. @@ -144,9 +127,7 @@ Detailed changes: * Update the required puppet version in metadata.json ------------------------------------------- - -#### 6.0.0 - 2017/06/05 +## [6.0.0] (2017/06/05) This is a major release to support PuppetDB 5.0. Note that the default PostgreSQL version is now 9.6, the minimum required by PuppetDB 5.0. If you're @@ -173,10 +154,7 @@ Detailed changes: * Manage the pg_trgm database extension (Thanks @PascalBourdier!) * Default open_ssl_listen_port to undef instead of true (Thanks @mmckinst!) - ------------------------------------------- - -#### 5.1.2 - 2016/03/14 +## [5.1.2] (2016/03/14) This is a minor bugfix release. @@ -185,9 +163,7 @@ Detailed changes: * Support RHEL upgrades from the `puppetdb-terminus` (<= PuppetDB 2) to the `puppetdb-termini` (>= PuppetDB 3). ------------------------------------------- - -#### 5.1.1 - 2016/02/09 +## [5.1.1] (2016/02/09) This is a minor bugfix release. @@ -196,9 +172,7 @@ Detailed changes: * Revert a change to 'puppetdb-terminus' installation process that occurred in the last release. ------------------------------------------- - -#### 5.1.0 - 2016/02/09 +## [5.1.0] (2016/02/09) This is a minor feature release. @@ -215,9 +189,7 @@ Detailed changes: * Allow default java_args to be overridden. * Linting fixes. ------------------------------------------- - -#### 5.0.0 - 2015/07/08 +## [5.0.0] (2015/07/08) This is a major release to provide default support for PuppetDB 3.0.0, so lots of changes have been introduced. Ensure you read the upgrade guide @@ -237,9 +209,7 @@ Detailed changes: option can be disabled if required. * Default ssl-host is now 0.0.0.0 ------------------------------------------- - -#### 4.3.0 - 2015/06/10 +## [4.3.0] (2015/06/10) This is a minor feature release. @@ -251,9 +221,7 @@ Detailed changes: * Bug: Fix ordering issues with read_database_ini * Testing: Fix file_concat dependency and fix rspec warnings ------------------------------------------- - -#### 4.2.1 - 2015/04/07 +## [4.2.1] (2015/04/07) This is a minor bugfix release. @@ -261,9 +229,7 @@ Detailed Changes: * Ignore `._foo` files when building the `.tar.gz` of the module. ------------------------------------------- - -#### 4.2.0 - 2015/04/02 +## [4.2.0] (2015/04/02) This is a minor feature release. @@ -282,9 +248,7 @@ Detailed Changes: * Database validation is now optional via the `database_validate` and `read_database_validate` params. * Documentation updates to the README and metadata.json. ------------------------------------------- - -#### 4.1.0 - 2014/11/13 +## [4.1.0] (2014/11/13) This is a minor feature release. @@ -298,9 +262,7 @@ Detailed Changes: * Corrected PE detection support. * Correct the path for HSQLDB to use /var/lib/puppetdb/db instead of /usr/share/puppetdb/db as is standard in PuppetDB core. ------------------------------------------- - -#### 4.0.0 - 2014/09/16 +## [4.0.0] (2014/09/16) For this release, all dependency versions have been bumped to their latest. @@ -314,9 +276,7 @@ Detailed Changes: * The parameter `manage_firewall` for the class `puppetdb::database::postgresql` has now been removed, since the postgresql module no longer supports this. * The parameter `open_postgres_port` for the class `puppetdb` has also been removed, due to postgresql changes. ------------------------------------------- - -#### 3.0.1 - 2014/02/11 +## [3.0.1] (2014/02/11) This release contains only minor bug fixes. @@ -334,9 +294,7 @@ Detailed Changes: * Convert tests to beaker (Ashley Penney) * Use the /v2 metrics endpoint instead of /metrics (Ken Barber) ------------------------------------------- - -#### 3.0.0 - 2013/10/27 +## [3.0.0] (2013/10/27) This major release changes the main dependency for the postgresql module from version 2.5.x to 3.x. Since the postgresql module is not backwards compatible, @@ -371,9 +329,7 @@ Detailed Changes: * Adjust memory for PuppetDB tests to avoid OOM killer (Ken Barber) * Ensure ntpdate executes early during testing (Ken Barber) ------------------------------------------- - -#### 2.0.0 - 2013/10/04 +## [2.0.0] (2013/10/04) This major release changes the main dependency for the inifile module from the deprecated `cprice404/inifile` to `puppetlabs/inifile` to remove @@ -397,9 +353,7 @@ Detailed Changes: * add archlinux support (Niels Abspoel) * Added puppetdb service control (Akos Hencz) ------------------------------------------- - -#### 1.6.0 - 2013/08/07 +## [1.6.0] (2013/08/07) This minor feature release provides extra parameters for new configuration items available in PuppetDB 1.4, and also provides some older parameters @@ -413,9 +367,7 @@ that were missed previously: Consult the README.md file, or the PuppetDB documentation for more details. ------------------------------------------- - -#### 1.5.0 - 2013/07/18 +## [1.5.0] (2013/07/18) This minor feature release provides the following new functionality: @@ -424,9 +376,7 @@ This minor feature release provides the following new functionality: * The ruby code for validating the PuppetDB connection now supports validating on a non-SSL HTTP port. ------------------------------------------- - -#### 1.4.0 - 2013/05/13 +## [1.4.0] (2013/05/13) This feature release provides support for managing the puppetdb report processor on your master. @@ -441,9 +391,7 @@ To enable the report processor, you can do something like this: This will add the 'puppetdb' report processor to the list of `reports` inside your master's `puppet.conf` file. ------------------------------------------- - -#### 1.3.0 - 2013/05/13 +## [1.3.0] (2013/05/13) This feature release provides us with a few new features for the PuppetDB module. @@ -495,9 +443,7 @@ release possible :-). * Added support for Java VM options (Karel Brezina) * Add initial rspec-system tests and scaffolding (Ken Barber) ------------------------------------------- - -#### 1.2.1 - 2013/04/08 +## [1.2.1] (2013/04/08) This is a minor bugfix that solves the PuppetDB startup exception: @@ -509,9 +455,7 @@ This was due to the default `node-ttl` and `node-purge-ttl` settings not having * (Ken Barber) Add 's' suffix to period settings to avoid exceptions in PuppetDB ------------------------------------------- - -#### 1.2.0 - 2013/04/05 +## [1.2.0] (2013/04/05) This release is primarily about providing full configuration file support in the module for PuppetDB 1.2.0. (The alignment of version is a coincidence I assure you :-). @@ -527,10 +471,7 @@ Consult the README for futher details about these new configurable items. * (Nick Lewis) Add params and ini settings for node/purge/report ttls and document them ------------------------------------------- - -1.1.5 -===== +## [1.1.5] 2013-02-13 - Karel Brezina * Fix database creation so database_username, database_password and @@ -542,10 +483,7 @@ Consult the README for futher details about these new configurable items. 2013-01-17 - Chris Price * Improve documentation in init.pp ------------------------------------------- - -1.1.4 -===== +## [1.1.4] This is a bugfix release, mostly around fixing backward-compatibility for the deprecated `manage_redhat_firewall` parameter. It wasn't actually entirely @@ -557,10 +495,7 @@ backwards-compatible in the 1.1.3 release. 2013-01-16 - Chris Price * Fix deprecation warnings around manage_redhat_firewall (448f8bc) ------------------------------------------- - -1.1.3 -===== +## [1.1.3] This is mostly a maintenance release, to update the module dependencies to newer versions in preparation for some new features. This release does include some nice @@ -584,10 +519,7 @@ submissions! 2012-11-13 - Drew Blessing * 17594 - PuppetDB - Add ability to set standard host listen address and open firewall ------------------------------------------- - -1.1.2 -===== +## [1.1.2] 2012-10-26 - Chris Price (1.1.2) * 1.1.2 release From e3c0f4dcd87ab1702eae049b799b6bb061485861 Mon Sep 17 00:00:00 2001 From: Tomas Barton Date: Thu, 18 Apr 2024 11:06:53 +0200 Subject: [PATCH 76/97] Support changing password_encryption method --- manifests/database/postgresql.pp | 14 ++++++++++++-- manifests/database/read_only_user.pp | 6 +++++- manifests/init.pp | 5 +++++ manifests/params.pp | 1 + metadata.json | 2 +- spec/unit/classes/init_spec.rb | 16 ++++++++++++++++ 6 files changed, 40 insertions(+), 4 deletions(-) diff --git a/manifests/database/postgresql.pp b/manifests/database/postgresql.pp index f9817081..3c6e57ac 100644 --- a/manifests/database/postgresql.pp +++ b/manifests/database/postgresql.pp @@ -65,6 +65,11 @@ # `manage_database` is set to `true`, it will use the value of the `database_host` # parameter. This option is supported in PuppetDB >= 1.6. # +# @param password_sensitive +# Whether password should be of Datatype Sensitive[String] +# @param password_encryption +# PostgreSQL password authentication method, either `md5` or `scram-sha-256` +# class puppetdb::database::postgresql ( $listen_addresses = $puppetdb::params::database_host, $puppetdb_server = $puppetdb::params::puppetdb_server, @@ -82,7 +87,9 @@ $postgresql_ssl_ca_cert_path = $puppetdb::params::postgresql_ssl_ca_cert_path, $read_database_username = $puppetdb::params::read_database_username, $read_database_password = $puppetdb::params::read_database_password, - $read_database_host = $puppetdb::params::read_database_host + $read_database_host = $puppetdb::params::read_database_host, + Boolean $password_sensitive = false, + Postgresql::Pg_password_encryption $password_encryption = $puppetdb::params::password_encryption, ) inherits puppetdb::params { $port = scanf($database_port, '%i')[0] @@ -96,6 +103,7 @@ ip_mask_allow_all_users => '0.0.0.0/0', listen_addresses => $listen_addresses, port => $port, + password_encryption => $password_encryption, } # We need to create the ssl connection for the read user, when @@ -166,9 +174,11 @@ -> puppetdb::database::read_only_user { $read_database_username: read_database_username => $read_database_username, database_name => $database_name, - password_hash => postgresql::postgresql_password($read_database_username, $read_database_password), + password_hash => postgresql::postgresql_password( + $read_database_username, $read_database_password, $password_sensitive, $password_encryption), database_owner => $database_username, database_port => $port, + password_encryption => $password_encryption, } -> postgresql_psql { "grant ${read_database_username} role to ${database_username}": diff --git a/manifests/database/read_only_user.pp b/manifests/database/read_only_user.pp index e4507ca3..f056eb1a 100644 --- a/manifests/database/read_only_user.pp +++ b/manifests/database/read_only_user.pp @@ -13,18 +13,22 @@ # The user which owns the database (i.e. the migration user for the database). # @param password_hash # The value of $_database_password in app_database. +# @param password_encryption +# The hash method for postgresql password, since PostgreSQL 14 default is `scram-sha-256`. # # @api private define puppetdb::database::read_only_user ( String $read_database_username, String $database_name, String $database_owner, - Variant[String, Boolean] $password_hash = false, + Variant[String, Boolean, Sensitive[String]] $password_hash = false, Optional[Stdlib::Port] $database_port = undef, + Optional[Postgresql::Pg_password_encryption] $password_encryption = undef, ) { postgresql::server::role { $read_database_username: password_hash => $password_hash, port => $database_port, + hash => $password_encryption, } -> postgresql::server::database_grant { "${database_name} grant connection permission to ${read_database_username}": diff --git a/manifests/init.pp b/manifests/init.pp index 10d55128..05f16f6f 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -374,6 +374,9 @@ # @param java_bin # java binary path for PuppetDB. If undef, default will be used. # +# @param postgresql_password_encryption +# PostgreSQL password authentication method, either `md5` or `scram-sha-256` +# class puppetdb ( $listen_address = $puppetdb::params::listen_address, $listen_port = $puppetdb::params::listen_port, @@ -460,6 +463,7 @@ Boolean $automatic_dlo_cleanup = $puppetdb::params::automatic_dlo_cleanup, String[1] $cleanup_timer_interval = $puppetdb::params::cleanup_timer_interval, Integer[1] $dlo_max_age = $puppetdb::params::dlo_max_age, + Postgresql::Pg_password_encryption $postgresql_password_encryption = $puppetdb::params::password_encryption, Optional[Stdlib::Absolutepath] $java_bin = $puppetdb::params::java_bin, ) inherits puppetdb::params { class { 'puppetdb::server': @@ -568,6 +572,7 @@ read_database_username => $read_database_username, read_database_password => $read_database_password, read_database_host => $read_database_host, + password_encryption => $postgresql_password_encryption, before => $database_before, } } diff --git a/manifests/params.pp b/manifests/params.pp index 2c45b519..809e65f6 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -42,6 +42,7 @@ $database_validate = true $database_max_pool_size = undef $puppetdb_server = fact('networking.fqdn') + $password_encryption = 'scram-sha-256' # These settings manage the various auto-deactivation and auto-purge settings $node_ttl = '7d' diff --git a/metadata.json b/metadata.json index 8bf65e46..a2db698b 100644 --- a/metadata.json +++ b/metadata.json @@ -14,7 +14,7 @@ }, { "name": "puppetlabs/postgresql", - "version_requirement": ">= 6.5.0 < 11.0.0" + "version_requirement": ">= 9.2.0 < 11.0.0" }, { "name": "puppetlabs/firewall", diff --git a/spec/unit/classes/init_spec.rb b/spec/unit/classes/init_spec.rb index f9532ee7..423b97af 100644 --- a/spec/unit/classes/init_spec.rb +++ b/spec/unit/classes/init_spec.rb @@ -67,6 +67,22 @@ class { 'postgresql::server': end end + context 'with password encryption' do + let :params do + { + postgresql_password_encryption: 'md5', + } + end + + it do + is_expected.to contain_postgresql__server__pg_hba_rule('allow access to all users for instance main') + .with_type('host') + .with_database('all') + .with_user('all') + .with_auth_method('md5') + end + end + context 'when using ssl certificates' do let(:params) do { From 939797a16aaa0ff926193c28220a5df64cbf72e7 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Mon, 15 Apr 2024 20:22:55 +0000 Subject: [PATCH 77/97] Release prep v8.0.0 --- CHANGELOG.md | 509 ++++++++++++++++++++++++++++++++++++++++++++++++++ metadata.json | 2 +- 2 files changed, 510 insertions(+), 1 deletion(-) create mode 100644 CHANGELOG.md diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 00000000..658112b9 --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,509 @@ + +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org). + +## [v8.0.0](https://github.com/puppetlabs/puppetlabs-puppetdb/tree/v8.0.0) - 2024-04-18 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/7.14.0...v8.0.0) + +### Changed +- Drop support for Ubuntu 16 and Scientific Linux 7 [#384](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/384) ([h0tw1r3](https://github.com/h0tw1r3)) +- Drop support for puppet < 7 [#383](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/383) ([h0tw1r3](https://github.com/h0tw1r3)) +- Change default postgres version to 14 [#379](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/379) ([jonathannewman](https://github.com/jonathannewman)) +- Update firewall manifests to use `jump` instead of `action` [#372](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/372) ([david22swan](https://github.com/david22swan)) + +### Added + +- Allow puppetlabs/firewall 8.x [#395](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/395) ([gcoxmoz](https://github.com/gcoxmoz)) +- Make `puppet_confdir` configurable [#376](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/376) ([h0tw1r3](https://github.com/h0tw1r3)) + +### Fixed + +- Fix custom database port support [#392](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/392) ([h0tw1r3](https://github.com/h0tw1r3)) +- Correct clientcert value in pg_hba.conf for Postgresql >= 12 [#380](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/380) ([jhunt-steds](https://github.com/jhunt-steds)) +- Unterminated quoted string when creating read user [#371](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/371) ([waipeng](https://github.com/waipeng)) +- Fix FreeBSD support [#342](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/342) ([smortex](https://github.com/smortex)) + +## [7.14.0](https://github.com/puppetlabs/puppetlabs-puppetdb/tree/7.14.0) - 2023-10-09 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/7.13.0...7.14.0) + +### Changed +- Drop EoL Debian 8/9 [#347](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/347) ([bastelfreak](https://github.com/bastelfreak)) +- Drop EoL CentOS 6 [#346](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/346) ([bastelfreak](https://github.com/bastelfreak)) + +### Added + +- Relax dependency requirements [#367](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/367) ([smortex](https://github.com/smortex)) +- Allow newer dependencies [#364](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/364) ([saz](https://github.com/saz)) +- Set owner of server config.ini to root [#358](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/358) ([ekohl](https://github.com/ekohl)) + +### Fixed + +- Fix "has no parameter named 'puppetdb_user'" [#369](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/369) ([cocker-cc](https://github.com/cocker-cc)) + +## [7.13.0](https://github.com/puppetlabs/puppetlabs-puppetdb/tree/7.13.0) - 2023-04-19 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/7.12.0...7.13.0) + +### Fixed + +- (PDB-5611) Update legacy facts to structured form [#362](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/362) ([austb](https://github.com/austb)) + +## [7.12.0](https://github.com/puppetlabs/puppetlabs-puppetdb/tree/7.12.0) - 2022-12-13 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/7.11.0...7.12.0) + +## [7.11.0](https://github.com/puppetlabs/puppetlabs-puppetdb/tree/7.11.0) - 2022-12-12 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/7.10.0...7.11.0) + +### Added + +- (PDB-5559) Grant read user to write user [#361](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/361) ([austb](https://github.com/austb)) +- Mark as compatible with puppetlabs/postgresql 8.x [#353](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/353) ([ekohl](https://github.com/ekohl)) + +### Fixed + +- Fix legacy fact usage [#355](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/355) ([smortex](https://github.com/smortex)) + +## [7.10.0](https://github.com/puppetlabs/puppetlabs-puppetdb/tree/7.10.0) - 2021-12-16 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/7.9.0...7.10.0) + +### Added + +- (maint) Allow stdlib 8.0.0 [#335](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/335) ([smortex](https://github.com/smortex)) +- (maint) Add support for Debian 11 [#334](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/334) ([smortex](https://github.com/smortex)) +- (PDB-5052) Install PostgreSQL 11 for PDB > 7.0.0 [#333](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/333) ([oanatmaria](https://github.com/oanatmaria)) + +### Fixed + +- Fix minimum version of puppetlabs/postgresql [#332](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/332) ([alexjfisher](https://github.com/alexjfisher)) + +## [7.9.0](https://github.com/puppetlabs/puppetlabs-puppetdb/tree/7.9.0) - 2021-06-24 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/7.8.0...7.9.0) + +### Added + +- (maint) Add read-only user. [#330](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/330) ([Filipovici-Andrei](https://github.com/Filipovici-Andrei)) +- allow current versions of inifile, firewall, stdlib [#327](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/327) ([kenyon](https://github.com/kenyon)) + +## [7.8.0](https://github.com/puppetlabs/puppetlabs-puppetdb/tree/7.8.0) - 2021-03-25 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/7.7.1...7.8.0) + +### Added + +- (SERVER-2500) Allow puppetlabs-postgresql 7.x [#323](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/323) ([Zak-Kent](https://github.com/Zak-Kent)) +- (PDB-4764) Agent SSL certificates are used for communication with PostgreSQL [#322](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/322) ([Filipovici-Andrei](https://github.com/Filipovici-Andrei)) + +## [7.7.1](https://github.com/puppetlabs/puppetlabs-puppetdb/tree/7.7.1) - 2020-12-15 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/7.7.0...7.7.1) + +### Fixed + +- Fix MODULES-10876 - use new client platform [#315](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/315) ([duritong](https://github.com/duritong)) + +## [7.7.0](https://github.com/puppetlabs/puppetlabs-puppetdb/tree/7.7.0) - 2020-11-05 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/7.6.0...7.7.0) + +### Added + +- (PDB-4945) Default to json fact cache [#312](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/312) ([joshcooper](https://github.com/joshcooper)) +- Add options to set the source of the ssl certs [#258](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/258) ([edestecd](https://github.com/edestecd)) + +## [7.6.0](https://github.com/puppetlabs/puppetlabs-puppetdb/tree/7.6.0) - 2020-09-02 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/7.5.0...7.6.0) + +### Added + +- Database migrate option [#311](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/311) ([csmithATsquiz](https://github.com/csmithATsquiz)) + +## [7.5.0](https://github.com/puppetlabs/puppetlabs-puppetdb/tree/7.5.0) - 2020-06-10 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/7.4.0...7.5.0) + +### Added + +- Allow custom JAVA_BIN path [#307](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/307) ([bastelfreak](https://github.com/bastelfreak)) +- (MODULES-10675) enable facts-blacklist parameter in database.ini [#305](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/305) ([maxadamo](https://github.com/maxadamo)) +- Add node-purge-gc-batch-limit as configurable [#303](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/303) ([synical](https://github.com/synical)) +- (PDB-2578) Allow the database password to be unmanaged [#301](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/301) ([natemccurdy](https://github.com/natemccurdy)) +- Support CentOS 8, OracleLinux 8 and Debian 10 & support pl/inifile 4.x [#300](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/300) ([ekohl](https://github.com/ekohl)) +- Create enable_storeconfigs option for puppet::master::config [#298](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/298) ([gcoxmoz](https://github.com/gcoxmoz)) + +## [7.4.0](https://github.com/puppetlabs/puppetlabs-puppetdb/tree/7.4.0) - 2019-08-06 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/7.3.0...7.4.0) + +### Added + +- Add possibilty to skip database creation in the module [#296](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/296) ([jhooyberghs](https://github.com/jhooyberghs)) + +## [7.3.0](https://github.com/puppetlabs/puppetlabs-puppetdb/tree/7.3.0) - 2019-06-14 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/7.2.0...7.3.0) + +### Added + +- allow newer versions of dependencies [#295](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/295) ([mmoll](https://github.com/mmoll)) + +## [7.2.0](https://github.com/puppetlabs/puppetlabs-puppetdb/tree/7.2.0) - 2019-05-17 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/7.1.0...7.2.0) + +### Added + +- Allow inifile 3.x and postgresql 7.x [#290](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/290) ([ekohl](https://github.com/ekohl)) + +## [7.1.0](https://github.com/puppetlabs/puppetlabs-puppetdb/tree/7.1.0) - 2018-10-02 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/7.0.1...7.1.0) + +### Added + +- (PDB-4092) Use vardir prefix for DLO path [#285](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/285) ([austb](https://github.com/austb)) + +## [7.0.1](https://github.com/puppetlabs/puppetlabs-puppetdb/tree/7.0.1) - 2018-07-30 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/7.0.0...7.0.1) + +## [7.0.0](https://github.com/puppetlabs/puppetlabs-puppetdb/tree/7.0.0) - 2018-07-26 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/6.0.2...7.0.0) + +### Changed +- Setup for 7.0.0 release [#279](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/279) ([Zak-Kent](https://github.com/Zak-Kent)) + +### Added + +- Add support for DLO automatic cleanup [#278](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/278) ([bastelfreak](https://github.com/bastelfreak)) + +### Fixed + +- (FIX) Switch DLO to Puppet cron from cron::job [#281](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/281) ([austb](https://github.com/austb)) + +## [6.0.2](https://github.com/puppetlabs/puppetlabs-puppetdb/tree/6.0.2) - 2017-11-06 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/6.0.1...6.0.2) + +### Added + +- (PDB-3654) bump version and ini file dep [#274](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/274) ([Zak-Kent](https://github.com/Zak-Kent)) +- add explicit dependency db -> extension. [#272](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/272) ([pgassmann](https://github.com/pgassmann)) +- (maint) bump inifile dependency [#268](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/268) ([eputnam](https://github.com/eputnam)) + +## [6.0.1](https://github.com/puppetlabs/puppetlabs-puppetdb/tree/6.0.1) - 2017-07-05 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/6.0.0...6.0.1) + +## [6.0.0](https://github.com/puppetlabs/puppetlabs-puppetdb/tree/6.0.0) - 2017-07-05 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/5.1.2...6.0.0) + +### Changed +- Default to postgres 9.6 [#265](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/265) ([mullr](https://github.com/mullr)) + +### Added + +- (PDB-3587) Add puppetlabs-postgresql 5.x support and integrate rspec-puppetfacts [#260](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/260) ([dhollinger](https://github.com/dhollinger)) +- Add disable-update-checking parameter [#257](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/257) ([baurmatt](https://github.com/baurmatt)) +- (PDB-3318) Better defaults for node-ttl, node-purge-ttl [#254](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/254) ([mullr](https://github.com/mullr)) +- enable the master service when it is not defined [#253](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/253) ([tampakrap](https://github.com/tampakrap)) +- add option to customize cipher suites in jetty [#247](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/247) ([selyx](https://github.com/selyx)) +- Add support for Ruby 2.3.1 [#246](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/246) ([ghoneycutt](https://github.com/ghoneycutt)) +- (PDB-3060) Add concurrent-writes parameter. [#244](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/244) ([aperiodic](https://github.com/aperiodic)) +- set mode 0644 for routes.yaml [#238](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/238) ([tampakrap](https://github.com/tampakrap)) +- (PDB-2660) Restart Puppet master after enabling reporting [#234](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/234) ([ajroetker](https://github.com/ajroetker)) +- Manage the pool size configuration parameters in database.ini [#232](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/232) ([kpaulisse](https://github.com/kpaulisse)) +- (PDB-2571) Ensure puppetdb.ini file has correct permissions [#228](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/228) ([kbarber](https://github.com/kbarber)) +- Update postgresql.pp with postgresql contrib package [#225](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/225) ([PascalBourdier](https://github.com/PascalBourdier)) + +### Fixed + +- Fix duplicate resource errors for puppet service due to parse order [#250](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/250) ([kpaulisse](https://github.com/kpaulisse)) +- FIX: Unbreak on OpenBSD [#233](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/233) ([buzzdeee](https://github.com/buzzdeee)) +- (PDB-2696) Remove the dependency cycle cause by typo [#231](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/231) ([ajroetker](https://github.com/ajroetker)) + +## [5.1.2](https://github.com/puppetlabs/puppetlabs-puppetdb/tree/5.1.2) - 2016-03-14 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/5.1.1...5.1.2) + +## [5.1.1](https://github.com/puppetlabs/puppetlabs-puppetdb/tree/5.1.1) - 2016-02-09 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/5.1.0...5.1.1) + +## [5.1.0](https://github.com/puppetlabs/puppetlabs-puppetdb/tree/5.1.0) - 2016-02-09 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/5.0.0...5.1.0) + +### Added + +- Restrict access to the Puppet master by default [#215](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/215) ([michaelweiser](https://github.com/michaelweiser)) +- Add option to disable cleartext HTTP port [#214](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/214) ([michaelweiser](https://github.com/michaelweiser)) +- (PDB-1430) overwritable java_args [#210](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/210) ([wkalt](https://github.com/wkalt)) +- (PDB-1913) manage vardir [#209](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/209) ([wkalt](https://github.com/wkalt)) +- (PDB-1415) Add jdbc_ssl_properties parameter [#206](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/206) ([mullr](https://github.com/mullr)) + +### Fixed + +- MODULES-2488 Use dport instead of the now deprecated port parameter [#205](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/205) ([roman-mueller](https://github.com/roman-mueller)) +- Fix unmanaged postgresql database port [#204](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/204) ([earsdown](https://github.com/earsdown)) + +## [5.0.0](https://github.com/puppetlabs/puppetlabs-puppetdb/tree/5.0.0) - 2015-07-08 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/4.3.0...5.0.0) + +## [4.3.0](https://github.com/puppetlabs/puppetlabs-puppetdb/tree/4.3.0) - 2015-06-26 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/4.2.1...4.3.0) + +### Changed +- (PDB-1657) Manage Postgres repos by default [#197](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/197) ([ajroetker](https://github.com/ajroetker)) +- (PDB-1035) Add default PuppetDB root context [#181](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/181) ([ajroetker](https://github.com/ajroetker)) + +### Added + +- (PDB-1455) Provide mechanism for modifying default HSQLDB path [#185](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/185) ([kbarber](https://github.com/kbarber)) +- Enable the module to manage entries in $confdir/config.ini [#176](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/176) ([buzzdeee](https://github.com/buzzdeee)) + +### Fixed + +- (PDB-1467) Ordering problem with read_database_ini [#180](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/180) ([kbarber](https://github.com/kbarber)) + +## [4.2.1](https://github.com/puppetlabs/puppetlabs-puppetdb/tree/4.2.1) - 2015-04-08 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/4.2.0...4.2.1) + +## [4.2.0](https://github.com/puppetlabs/puppetlabs-puppetdb/tree/4.2.0) - 2015-04-02 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/4.1.0...4.2.0) + +### Added + +- (PDB-1353) Use settings::confdir for puppet_confdir [#172](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/172) ([johnduarte](https://github.com/johnduarte)) +- add FreeBSD support [#171](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/171) ([mmoll](https://github.com/mmoll)) +- Allow puppetdb to be configure for masterless conf [#163](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/163) ([Spredzy](https://github.com/Spredzy)) +- add ability to manage postgres repo [#162](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/162) ([bastelfreak](https://github.com/bastelfreak)) +- Restart the service if certificates change [#158](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/158) ([dalen](https://github.com/dalen)) +- Make database validation optional [#157](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/157) ([robinbowes](https://github.com/robinbowes)) +- Show scheme (http/https) in puppetdb connection errors [#155](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/155) ([sathieu](https://github.com/sathieu)) + +### Fixed + +- (bugfix) Use test_url in connection validator for puppetdb [#169](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/169) ([ajroetker](https://github.com/ajroetker)) +- Fix separator in module name in metadata.json [#164](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/164) ([njm506](https://github.com/njm506)) +- Remove unused parameters [#161](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/161) ([ekohl](https://github.com/ekohl)) +- add missing param manage_firewall [#160](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/160) ([bastelfreak](https://github.com/bastelfreak)) + +## [4.1.0](https://github.com/puppetlabs/puppetlabs-puppetdb/tree/4.1.0) - 2014-11-17 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/4.0.0...4.1.0) + +### Added + +- Allow only TLS - Fixes POODLE CVE-2014-3566 [#150](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/150) ([ghoneycutt](https://github.com/ghoneycutt)) + +### Fixed + +- Remove invisible unicode character to prevent "invalid byte sequence in ... [#149](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/149) ([stefanandres](https://github.com/stefanandres)) +- Fix detection of a PE-based PuppetDB [#146](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/146) ([seanmil](https://github.com/seanmil)) + +## [4.0.0](https://github.com/puppetlabs/puppetlabs-puppetdb/tree/4.0.0) - 2014-09-16 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/3.0.1...4.0.0) + +### Changed +- do not manage firewall for postgres, puppetlabs/postgres module from [#135](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/135) ([buzzdeee](https://github.com/buzzdeee)) + +### Added + +- OpenBSD support [#136](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/136) ([buzzdeee](https://github.com/buzzdeee)) +- Add read-database support [#132](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/132) ([tdevelioglu](https://github.com/tdevelioglu)) +- Allow set manage_server in init class [#131](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/131) ([baurmatt](https://github.com/baurmatt)) +- implement max_threads option for jetty [#130](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/130) ([stefanandres](https://github.com/stefanandres)) +- Allow more flexible routes configuration [#127](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/127) ([dalen](https://github.com/dalen)) +- Add strict_variables support when puppetdb is not on puppetmaster [#126](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/126) ([mcanevet](https://github.com/mcanevet)) +- Use $is_pe for PE determination [#122](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/122) ([reidmv](https://github.com/reidmv)) +- Parameter to not manage postgresql server [#121](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/121) ([jantman](https://github.com/jantman)) +- Adding option to disable management of the firewall [#119](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/119) ([nibalizer](https://github.com/nibalizer)) + +### Fixed + +- Fixed read-database parameters in class puppetdb [#134](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/134) ([tdevelioglu](https://github.com/tdevelioglu)) +- Ensure db and db users created before validation [#125](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/125) ([rickerc](https://github.com/rickerc)) +- Fix is_pe declaration so it works without is_pe [#123](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/123) ([kbarber](https://github.com/kbarber)) + +## [3.0.1](https://github.com/puppetlabs/puppetlabs-puppetdb/tree/3.0.1) - 2014-02-11 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/3.0.0...3.0.1) + +### Changed +- Use the /v2 metrics endpoint instead of /metrics [#116](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/116) ([kbarber](https://github.com/kbarber)) + +### Added + +- Define parameter in puppetdb class to define postgres listen address [#112](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/112) ([adrianlzt](https://github.com/adrianlzt)) +- Concat update [#101](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/101) ([jhoblitt](https://github.com/jhoblitt)) + +### Fixed + +- Fix puppetlabs#106 and one other bug when disable_ssl = true [#107](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/107) ([ebarrere](https://github.com/ebarrere)) +- fix validation regular expressions [#100](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/100) ([ScottDuckworth](https://github.com/ScottDuckworth)) + +## [3.0.0](https://github.com/puppetlabs/puppetlabs-puppetdb/tree/3.0.0) - 2013-10-28 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/2.0.0...3.0.0) + +### Added + +- (GH-93) Switch to using puppetlabs-postgresql 3.x [#94](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/94) ([kbarber](https://github.com/kbarber)) +- (GH-91) Update to use rspec-system-puppet 2.x [#92](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/92) ([kbarber](https://github.com/kbarber)) +- Add soft_write_failure to puppetdb.conf [#89](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/89) ([ghoneycutt](https://github.com/ghoneycutt)) +- Add switch to configure database SSL connection [#80](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/80) ([stdietrich](https://github.com/stdietrich)) + +## [2.0.0](https://github.com/puppetlabs/puppetlabs-puppetdb/tree/2.0.0) - 2013-10-18 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/1.5.1...2.0.0) + +### Added + +- Enable service control for puppetdb [#81](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/81) ([ak0ska](https://github.com/ak0ska)) +- add archlinux support [#79](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/79) ([aboe76](https://github.com/aboe76)) +- Make database_password an optional parameter [#78](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/78) ([nicklewis](https://github.com/nicklewis)) + +### Fixed + +- (GH-73) Switch to puppetlabs/inifile from cprice/inifile [#74](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/74) ([kbarber](https://github.com/kbarber)) + +## [1.5.1](https://github.com/puppetlabs/puppetlabs-puppetdb/tree/1.5.1) - 2013-08-12 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/1.6.0...1.5.1) + +## [1.6.0](https://github.com/puppetlabs/puppetlabs-puppetdb/tree/1.6.0) - 2013-08-09 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/1.5.0...1.6.0) + +### Added + +- Add missing parameters for 1.4.0 release [#76](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/76) ([kbarber](https://github.com/kbarber)) + +## [1.5.0](https://github.com/puppetlabs/puppetlabs-puppetdb/tree/1.5.0) - 2013-07-18 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/1.4.0...1.5.0) + +### Changed +- Fix dependency for stdlib for 'downcase' [#70](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/70) ([kbarber](https://github.com/kbarber)) + +### Added + +- Minor tweaks to make the module support SUSE [#71](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/71) ([cprice404](https://github.com/cprice404)) +- Allow puppetdb conn validation when ssl is disabled [#68](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/68) ([bodepd](https://github.com/bodepd)) +- Add support for enabling puppetdb report processor [#64](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/64) ([cprice404](https://github.com/cprice404)) + +## [1.4.0](https://github.com/puppetlabs/puppetlabs-puppetdb/tree/1.4.0) - 2013-05-28 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/1.2.1...1.4.0) + +### Changed +- Use fqdn for ssl listen address instead of clientcert [#63](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/63) ([cprice404](https://github.com/cprice404)) +- Increase default report-ttl to 14d [#60](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/60) ([cprice404](https://github.com/cprice404)) + +### Added + +- Add support for enabling puppetdb report processor [#64](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/64) ([cprice404](https://github.com/cprice404)) +- Separate DB instance and DB user creation [#61](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/61) ([dalen](https://github.com/dalen)) +- Add option to disable SSL in Jetty [#52](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/52) ([christianberg](https://github.com/christianberg)) +- allows for 0 _ttl's without time signifier and enables tests [#50](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/50) ([ghoneycutt](https://github.com/ghoneycutt)) +- Support for remote puppetdb [#41](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/41) ([fhrbek](https://github.com/fhrbek)) +- Added support for Java VM options [#37](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/37) ([kbrezina](https://github.com/kbrezina)) + +## [1.2.1](https://github.com/puppetlabs/puppetlabs-puppetdb/tree/1.2.1) - 2013-04-08 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/1.2.0...1.2.1) + +### Added + +- Add unit suffix to TTL settings to avoid issue #20099 [#45](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/45) ([domcleal](https://github.com/domcleal)) + +## [1.2.0](https://github.com/puppetlabs/puppetlabs-puppetdb/tree/1.2.0) - 2013-04-07 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/1.1.5...1.2.0) + +### Added + +- Add params and ini_settings for node/report/purge ttls [#35](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/35) ([nicklewis](https://github.com/nicklewis)) + +## [1.1.5](https://github.com/puppetlabs/puppetlabs-puppetdb/tree/1.1.5) - 2013-04-04 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/1.1.4...1.1.5) + +### Added + +- Configuration improvements [#36](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/36) ([kbrezina](https://github.com/kbrezina)) +- Bug/master/manage redhat firewall [#30](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/30) ([cprice404](https://github.com/cprice404)) + +## [1.1.4](https://github.com/puppetlabs/puppetlabs-puppetdb/tree/1.1.4) - 2013-01-17 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/1.1.3...1.1.4) + +## [1.1.3](https://github.com/puppetlabs/puppetlabs-puppetdb/tree/1.1.3) - 2013-01-15 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/1.1.2...1.1.3) + +### Added + +- 17594 - PuppetDB - Add ability to set standard host listen address and open firewall to standard port [#22](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/22) ([dblessing](https://github.com/dblessing)) + +## [1.1.2](https://github.com/puppetlabs/puppetlabs-puppetdb/tree/1.1.2) - 2012-10-26 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/1.1.1...1.1.2) + +## [1.1.1](https://github.com/puppetlabs/puppetlabs-puppetdb/tree/1.1.1) - 2012-10-26 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/1.1.0...1.1.1) + +## [1.1.0](https://github.com/puppetlabs/puppetlabs-puppetdb/tree/1.1.0) - 2012-10-24 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/1.0.3...1.1.0) + +### Added + +- Fix embedded db setup in Puppet Enterprise [#19](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/19) ([reidmv](https://github.com/reidmv)) +- Make puppetdb startup timeout configurable [#18](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/18) ([cprice404](https://github.com/cprice404)) +- Add condition to detect PE installations and provide different parameters [#15](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/15) ([hunner](https://github.com/hunner)) +- Add parameters to enable usage of enterprise versions of PuppetDB [#11](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/11) ([cprice404](https://github.com/cprice404)) +- Add a parameter for restarting puppet master [#9](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/9) ([cprice404](https://github.com/cprice404)) + +## [1.0.3](https://github.com/puppetlabs/puppetlabs-puppetdb/tree/1.0.3) - 2012-09-23 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/1.0.2...1.0.3) + +### Added + +- Add a parameter for restarting puppet master [#9](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/9) ([cprice404](https://github.com/cprice404)) + +## [1.0.2](https://github.com/puppetlabs/puppetlabs-puppetdb/tree/1.0.2) - 2012-09-21 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/1.0.1...1.0.2) + +## [1.0.1](https://github.com/puppetlabs/puppetlabs-puppetdb/tree/1.0.1) - 2012-09-20 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/1.0...1.0.1) + +### Fixed + +- Fix duplicate stanza in database_ini.pp [#8](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/8) ([cprice404](https://github.com/cprice404)) +- Bug/master/db ini wrong db name [#6](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/6) ([cprice404](https://github.com/cprice404)) + +## [1.0](https://github.com/puppetlabs/puppetlabs-puppetdb/tree/1.0) - 2012-09-19 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/84a2c66542172f7f033bf39798c8fe866c07b449...1.0) diff --git a/metadata.json b/metadata.json index 8bf65e46..efe5ef8d 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "puppetlabs-puppetdb", - "version": "7.14.0", + "version": "8.0.0", "author": "puppetlabs", "summary": "Installs PostgreSQL and PuppetDB, sets up the connection to Puppet master.", "license": "Apache-2.0", From 3051b656df3f2f65203d80b69f1355c3d885a71e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Romain=20Tarti=C3=A8re?= Date: Thu, 2 May 2024 09:35:25 -1000 Subject: [PATCH 78/97] Fix lower bound the of puppetlabs-postgresql dependency The changes introduced in #392 require changes that where introduced in version 10.0.0 of the puppetlabs-postgresql module, but the lower version of the module was not properly updated in this PR. Fix the lower bound of the dependency to indicate that version 10 of the puppetlabs-postgresql module is required for proper operation. Fixes #401 --- metadata.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/metadata.json b/metadata.json index a8d6ac98..348a7b9d 100644 --- a/metadata.json +++ b/metadata.json @@ -14,7 +14,7 @@ }, { "name": "puppetlabs/postgresql", - "version_requirement": ">= 9.2.0 < 11.0.0" + "version_requirement": ">= 10.0.0 < 11.0.0" }, { "name": "puppetlabs/firewall", From 6fcd9cb9a8543bb2a7c876acf5d7d3204db68945 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Thu, 2 May 2024 19:58:51 +0000 Subject: [PATCH 79/97] Release prep v8.0.1 --- CHANGELOG.md | 12 +++++++++++- REFERENCE.md | 27 +++++++++++++++++++++++++++ metadata.json | 2 +- 3 files changed, 39 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 658112b9..56133206 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,7 +5,15 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org). -## [v8.0.0](https://github.com/puppetlabs/puppetlabs-puppetdb/tree/v8.0.0) - 2024-04-18 +## [v8.0.1](https://github.com/puppetlabs/puppetlabs-puppetdb/tree/v8.0.1) - 2024-05-02 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/v8.0.0...v8.0.1) + +### Fixed + +- Fix lower bound the of puppetlabs-postgresql dependency [#402](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/402) ([smortex](https://github.com/smortex)) + +## [v8.0.0](https://github.com/puppetlabs/puppetlabs-puppetdb/tree/v8.0.0) - 2024-04-30 [Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/7.14.0...v8.0.0) @@ -14,6 +22,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a - Drop support for puppet < 7 [#383](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/383) ([h0tw1r3](https://github.com/h0tw1r3)) - Change default postgres version to 14 [#379](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/379) ([jonathannewman](https://github.com/jonathannewman)) - Update firewall manifests to use `jump` instead of `action` [#372](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/372) ([david22swan](https://github.com/david22swan)) +- Remove obsolete database config options [#357](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/357) ([smokris](https://github.com/smokris)) ### Added @@ -22,6 +31,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a ### Fixed +- Support scram-sha-256 password_encryption method [#400](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/400) ([deric](https://github.com/deric)) - Fix custom database port support [#392](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/392) ([h0tw1r3](https://github.com/h0tw1r3)) - Correct clientcert value in pg_hba.conf for Postgresql >= 12 [#380](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/380) ([jhunt-steds](https://github.com/jhunt-steds)) - Unterminated quoted string when creating read user [#371](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/371) ([waipeng](https://github.com/waipeng)) diff --git a/REFERENCE.md b/REFERENCE.md index 044d7047..342a1207 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -146,6 +146,7 @@ The following parameters are available in the `puppetdb` class: * [`cleanup_timer_interval`](#-puppetdb--cleanup_timer_interval) * [`dlo_max_age`](#-puppetdb--dlo_max_age) * [`java_bin`](#-puppetdb--java_bin) +* [`postgresql_password_encryption`](#-puppetdb--postgresql_password_encryption) ##### `listen_address` @@ -899,6 +900,14 @@ java binary path for PuppetDB. If undef, default will be used. Default value: `$puppetdb::params::java_bin` +##### `postgresql_password_encryption` + +Data type: `Postgresql::Pg_password_encryption` + +PostgreSQL password authentication method, either `md5` or `scram-sha-256` + +Default value: `$puppetdb::params::password_encryption` + ### `puppetdb::database::postgresql` create the PuppetDB postgresql database @@ -924,6 +933,8 @@ The following parameters are available in the `puppetdb::database::postgresql` c * [`read_database_username`](#-puppetdb--database--postgresql--read_database_username) * [`read_database_password`](#-puppetdb--database--postgresql--read_database_password) * [`read_database_host`](#-puppetdb--database--postgresql--read_database_host) +* [`password_sensitive`](#-puppetdb--database--postgresql--password_sensitive) +* [`password_encryption`](#-puppetdb--database--postgresql--password_encryption) ##### `listen_addresses` @@ -1075,6 +1086,22 @@ parameter. This option is supported in PuppetDB >= 1.6. Default value: `$puppetdb::params::read_database_host` +##### `password_sensitive` + +Data type: `Boolean` + +Whether password should be of Datatype Sensitive[String] + +Default value: `false` + +##### `password_encryption` + +Data type: `Postgresql::Pg_password_encryption` + +PostgreSQL password authentication method, either `md5` or `scram-sha-256` + +Default value: `$puppetdb::params::password_encryption` + ### `puppetdb::globals` global configuration class for PuppetDB diff --git a/metadata.json b/metadata.json index 348a7b9d..d50ff948 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "puppetlabs-puppetdb", - "version": "8.0.0", + "version": "8.0.1", "author": "puppetlabs", "summary": "Installs PostgreSQL and PuppetDB, sets up the connection to Puppet master.", "license": "Apache-2.0", From 31e2d20bc08b9f5ece2554eac197c8ea510b652d Mon Sep 17 00:00:00 2001 From: Robert Waffen Date: Fri, 3 May 2024 15:57:06 +0200 Subject: [PATCH 80/97] feat: Add Facter fact for PuppetDB version The code changes add a new Facter fact called `puppetdb_version` that retrieves the version of PuppetDB installed on the system. It uses the `puppetdb --version` command to fetch the version and returns it as a fact value. --- lib/facter/puppetdb_version.rb | 13 +++++++++ spec/unit/facter/puppetdb_version_spec.rb | 32 +++++++++++++++++++++++ 2 files changed, 45 insertions(+) create mode 100644 lib/facter/puppetdb_version.rb create mode 100644 spec/unit/facter/puppetdb_version_spec.rb diff --git a/lib/facter/puppetdb_version.rb b/lib/facter/puppetdb_version.rb new file mode 100644 index 00000000..04da0504 --- /dev/null +++ b/lib/facter/puppetdb_version.rb @@ -0,0 +1,13 @@ +Facter.add(:puppetdb_version) do + confine { Facter::Util::Resolution.which('puppetdb') } + + setcode do + output = Facter::Core::Execution.execute('puppetdb --version') + + if output.nil? + nil + else + output.split(':').last.strip + end + end +end diff --git a/spec/unit/facter/puppetdb_version_spec.rb b/spec/unit/facter/puppetdb_version_spec.rb new file mode 100644 index 00000000..bbe7c846 --- /dev/null +++ b/spec/unit/facter/puppetdb_version_spec.rb @@ -0,0 +1,32 @@ +# frozen_string_literal: true + +require 'spec_helper' +require 'facter' + +describe 'puppetdb_version' do + subject(:fact) { Facter.fact(:puppetdb_version) } + + before(:each) do + Facter.clear + end + + it 'should return the correct puppetdb version' do + allow(Facter::Util::Resolution).to receive(:which).with('puppetdb').and_return('/usr/bin/puppetdb') + allow(Facter::Core::Execution).to receive(:execute).with('puppetdb --version').and_return("puppetdb version: 7.18.0\n") + + expect(Facter.fact(:puppetdb_version).value).to eq('7.18.0') + end + + it 'should return nil if puppetdb command is not available' do + allow(Facter::Util::Resolution).to receive(:which).with('puppetdb').and_return(nil) + + expect(Facter.fact(:puppetdb_version).value).to be_nil + end + + it 'should return nil if puppetdb version output is nil' do + allow(Facter::Util::Resolution).to receive(:which).with('puppetdb').and_return('/usr/bin/puppetdb') + allow(Facter::Core::Execution).to receive(:execute).with('puppetdb --version').and_return(nil) + + expect(Facter.fact(:puppetdb_version).value).to be_nil + end +end From 9b2a86417b65a1b622cc6fcd61d13c36e305e0ce Mon Sep 17 00:00:00 2001 From: Robert Waffen Date: Fri, 3 May 2024 16:04:42 +0200 Subject: [PATCH 81/97] fix: use correct wording in unit test --- spec/unit/facter/puppetdb_version_spec.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/spec/unit/facter/puppetdb_version_spec.rb b/spec/unit/facter/puppetdb_version_spec.rb index bbe7c846..b68e1ae1 100644 --- a/spec/unit/facter/puppetdb_version_spec.rb +++ b/spec/unit/facter/puppetdb_version_spec.rb @@ -10,20 +10,20 @@ Facter.clear end - it 'should return the correct puppetdb version' do + it 'returns the correct puppetdb version' do allow(Facter::Util::Resolution).to receive(:which).with('puppetdb').and_return('/usr/bin/puppetdb') allow(Facter::Core::Execution).to receive(:execute).with('puppetdb --version').and_return("puppetdb version: 7.18.0\n") expect(Facter.fact(:puppetdb_version).value).to eq('7.18.0') end - it 'should return nil if puppetdb command is not available' do + it 'returns nil if puppetdb command is not available' do allow(Facter::Util::Resolution).to receive(:which).with('puppetdb').and_return(nil) expect(Facter.fact(:puppetdb_version).value).to be_nil end - it 'should return nil if puppetdb version output is nil' do + it 'returns nil if puppetdb version output is nil' do allow(Facter::Util::Resolution).to receive(:which).with('puppetdb').and_return('/usr/bin/puppetdb') allow(Facter::Core::Execution).to receive(:execute).with('puppetdb --version').and_return(nil) From d2db65469ecf7f5f72505330004b6c80f7263d97 Mon Sep 17 00:00:00 2001 From: Robert Waffen Date: Fri, 3 May 2024 16:07:41 +0200 Subject: [PATCH 82/97] fix: remove unnecessary check on output --- lib/facter/puppetdb_version.rb | 7 +------ spec/unit/facter/puppetdb_version_spec.rb | 7 ------- 2 files changed, 1 insertion(+), 13 deletions(-) diff --git a/lib/facter/puppetdb_version.rb b/lib/facter/puppetdb_version.rb index 04da0504..b04fb26c 100644 --- a/lib/facter/puppetdb_version.rb +++ b/lib/facter/puppetdb_version.rb @@ -3,11 +3,6 @@ setcode do output = Facter::Core::Execution.execute('puppetdb --version') - - if output.nil? - nil - else - output.split(':').last.strip - end + output.split(':').last.strip end end diff --git a/spec/unit/facter/puppetdb_version_spec.rb b/spec/unit/facter/puppetdb_version_spec.rb index b68e1ae1..3c2783fe 100644 --- a/spec/unit/facter/puppetdb_version_spec.rb +++ b/spec/unit/facter/puppetdb_version_spec.rb @@ -22,11 +22,4 @@ expect(Facter.fact(:puppetdb_version).value).to be_nil end - - it 'returns nil if puppetdb version output is nil' do - allow(Facter::Util::Resolution).to receive(:which).with('puppetdb').and_return('/usr/bin/puppetdb') - allow(Facter::Core::Execution).to receive(:execute).with('puppetdb --version').and_return(nil) - - expect(Facter.fact(:puppetdb_version).value).to be_nil - end end From 959278824c380ef8e9edf8ae165ad4b5f92aa8dd Mon Sep 17 00:00:00 2001 From: Jeffrey Clark Date: Sun, 5 May 2024 11:10:29 -0500 Subject: [PATCH 83/97] add new parameter to tests --- spec/unit/classes/server/database_ini_spec.rb | 11 ++++++----- spec/unit/classes/server/read_database_ini_spec.rb | 11 ++++++----- 2 files changed, 12 insertions(+), 10 deletions(-) diff --git a/spec/unit/classes/server/database_ini_spec.rb b/spec/unit/classes/server/database_ini_spec.rb index 4d6a5810..94d1b86f 100644 --- a/spec/unit/classes/server/database_ini_spec.rb +++ b/spec/unit/classes/server/database_ini_spec.rb @@ -38,11 +38,12 @@ it { is_expected.to contain_ini_setting('puppetdb_psdatabase_password') .with( - 'ensure' => 'present', - 'path' => "#{pdbconfdir}/database.ini", - 'section' => 'database', - 'setting' => 'password', - 'value' => 'puppetdb', + 'ensure' => 'present', + 'path' => "#{pdbconfdir}/database.ini", + 'section' => 'database', + 'setting' => 'password', + 'value' => 'puppetdb', + 'show_diff' => false, ) } it { diff --git a/spec/unit/classes/server/read_database_ini_spec.rb b/spec/unit/classes/server/read_database_ini_spec.rb index a5f189f0..db48096c 100644 --- a/spec/unit/classes/server/read_database_ini_spec.rb +++ b/spec/unit/classes/server/read_database_ini_spec.rb @@ -38,11 +38,12 @@ it { is_expected.to contain_ini_setting('puppetdb_read_database_password') .with( - 'ensure' => 'present', - 'path' => '/etc/puppetlabs/puppetdb/conf.d/read_database.ini', - 'section' => 'read-database', - 'setting' => 'password', - 'value' => 'puppetdb-read', + 'ensure' => 'present', + 'path' => '/etc/puppetlabs/puppetdb/conf.d/read_database.ini', + 'section' => 'read-database', + 'setting' => 'password', + 'value' => 'puppetdb-read', + 'show_diff' => false, ) } it { From 0c5c2708f4683a6056ab8bb9e9cae092f09786d1 Mon Sep 17 00:00:00 2001 From: Elfranne Date: Mon, 17 Oct 2022 13:24:40 +0200 Subject: [PATCH 84/97] Set UTF8 encoding and locale when creating the DB --- manifests/database/postgresql.pp | 2 ++ spec/unit/classes/database/postgresql_spec.rb | 2 ++ 2 files changed, 4 insertions(+) diff --git a/manifests/database/postgresql.pp b/manifests/database/postgresql.pp index 3c6e57ac..281525f0 100644 --- a/manifests/database/postgresql.pp +++ b/manifests/database/postgresql.pp @@ -149,6 +149,8 @@ postgresql::server::db { $database_name: user => $database_username, password => $database_password, + encoding => 'UTF8', + locale => 'en_US.UTF-8', grant => 'all', port => $port, } diff --git a/spec/unit/classes/database/postgresql_spec.rb b/spec/unit/classes/database/postgresql_spec.rb index b5b80030..74fd63b9 100644 --- a/spec/unit/classes/database/postgresql_spec.rb +++ b/spec/unit/classes/database/postgresql_spec.rb @@ -62,6 +62,8 @@ password: params[:database_password], grant: 'all', port: params[:database_port].to_i, + encoding: 'UTF8', + locale: 'en_US.UTF-8', ) } From 23b671d34237ba5f5c0b0424a150a71e54ae44b0 Mon Sep 17 00:00:00 2001 From: Jeffrey Clark Date: Sun, 5 May 2024 17:43:44 -0500 Subject: [PATCH 85/97] (maint) target release-any-tag cat workflows --- .github/workflows/ci.yml | 8 ++++++-- .github/workflows/labeller.yml | 25 +++++------------------- .github/workflows/mend.yml | 4 ++-- .github/workflows/nightly.yml | 4 ++-- .github/workflows/release.yml | 28 ++++++++++++++++++++++++++- .github/workflows/release_prep.yml | 2 +- .github/workflows/release_without.yml | 9 +++++++++ 7 files changed, 52 insertions(+), 28 deletions(-) create mode 100644 .github/workflows/release_without.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 65c1a9fc..61141e71 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -7,14 +7,18 @@ on: - "main" workflow_dispatch: +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + jobs: Spec: - uses: "puppetlabs/cat-github-actions/.github/workflows/module_ci.yml@main" + uses: "puppetlabs/cat-github-actions/.github/workflows/module_ci.yml@release-any-tag" secrets: "inherit" Acceptance: needs: Spec - uses: "puppetlabs/cat-github-actions/.github/workflows/module_acceptance.yml@main" + uses: "puppetlabs/cat-github-actions/.github/workflows/module_acceptance.yml@release-any-tag" secrets: "inherit" with: runs_on: "ubuntu-20.04" diff --git a/.github/workflows/labeller.yml b/.github/workflows/labeller.yml index 84b1d881..5dcbfa3e 100644 --- a/.github/workflows/labeller.yml +++ b/.github/workflows/labeller.yml @@ -1,28 +1,13 @@ ---- name: Labeller on: issues: - types: - - opened - - labeled - - unlabeled + types: [ opened, reopened, labeled, unlabeled ] pull_request_target: - types: - - opened - - labeled - - unlabeled + types: [ opened, reopened, labeled, unlabeled ] jobs: label: - runs-on: ubuntu-latest - steps: - - - uses: puppetlabs/community-labeller@v1.0.1 - name: Label issues or pull requests - with: - label_name: community - label_color: '5319e7' - org_membership: puppetlabs - fail_if_member: 'true' - token: ${{ secrets.IAC_COMMUNITY_LABELER }} + if: contains(fromJson('["puppetlabs","puppet-toy-chest"]'), github.repository_owner) + uses: "puppetlabs/cat-github-actions/.github/workflows/labeller.yml@release-any-tag" + secrets: inherit diff --git a/.github/workflows/mend.yml b/.github/workflows/mend.yml index 08ade269..22a1fde4 100644 --- a/.github/workflows/mend.yml +++ b/.github/workflows/mend.yml @@ -1,4 +1,3 @@ ---- name: "mend" on: @@ -11,6 +10,7 @@ on: workflow_dispatch: jobs: + mend: - uses: "puppetlabs/cat-github-actions/.github/workflows/mend_ruby.yml@main" + uses: "puppetlabs/cat-github-actions/.github/workflows/mend_ruby.yml@release-any-tag" secrets: "inherit" diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index 163ce92f..f1a5d77c 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -8,12 +8,12 @@ on: jobs: Spec: - uses: "puppetlabs/cat-github-actions/.github/workflows/module_ci.yml@main" + uses: "puppetlabs/cat-github-actions/.github/workflows/module_ci.yml@release-any-tag" secrets: "inherit" Acceptance: needs: Spec - uses: "puppetlabs/cat-github-actions/.github/workflows/module_acceptance.yml@main" + uses: "puppetlabs/cat-github-actions/.github/workflows/module_acceptance.yml@release-any-tag" secrets: "inherit" with: runs_on: "ubuntu-20.04" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 5a45aa01..27c86602 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,9 +1,35 @@ name: "Publish module" +run-name: > + ${{ format('tag={0}', inputs.tag) }} + ${{ format('release={0}', inputs.release) }} + ${{ format('publish={0}', inputs.publish) }} + ${{ format('edit={0}', inputs.edit) }} on: workflow_dispatch: + inputs: + tag: + description: "Enter an old tag, or blank to tag HEAD of branch" + type: string + release: + description: "Create a Github release" + type: boolean + default: true + publish: + description: "Publish to the Forge" + type: boolean + default: true + edit: + description: "Re-tag and regenerate release notes" + type: boolean + default: false jobs: release: - uses: "puppetlabs/cat-github-actions/.github/workflows/module_release.yml@main" + uses: "puppetlabs/cat-github-actions/.github/workflows/module_release.yml@release-any-tag" secrets: "inherit" + with: + tag: ${{ inputs.tag }} + release: ${{ inputs.release }} + publish: ${{ inputs.publish }} + edit: ${{ inputs.edit }} diff --git a/.github/workflows/release_prep.yml b/.github/workflows/release_prep.yml index bb0b7acc..5a049914 100644 --- a/.github/workflows/release_prep.yml +++ b/.github/workflows/release_prep.yml @@ -9,7 +9,7 @@ on: jobs: release_prep: - uses: "puppetlabs/cat-github-actions/.github/workflows/module_release_prep.yml@main" + uses: "puppetlabs/cat-github-actions/.github/workflows/module_release_prep.yml@release-any-tag" with: version: "${{ github.event.inputs.version }}" secrets: "inherit" diff --git a/.github/workflows/release_without.yml b/.github/workflows/release_without.yml new file mode 100644 index 00000000..7d6f1f74 --- /dev/null +++ b/.github/workflows/release_without.yml @@ -0,0 +1,9 @@ +name: "Publish module without" + +on: + workflow_dispatch: + +jobs: + release: + uses: "puppetlabs/cat-github-actions/.github/workflows/module_release.yml@release-any-tag" + secrets: "inherit" From 15314e0f256a21c4843040a2b4be0f207ef411a9 Mon Sep 17 00:00:00 2001 From: Jeffrey Clark Date: Mon, 6 May 2024 21:30:13 -0500 Subject: [PATCH 86/97] (maint) remove labeller workflow not used or working right now --- .github/workflows/labeller.yml | 13 ------------- 1 file changed, 13 deletions(-) delete mode 100644 .github/workflows/labeller.yml diff --git a/.github/workflows/labeller.yml b/.github/workflows/labeller.yml deleted file mode 100644 index 5dcbfa3e..00000000 --- a/.github/workflows/labeller.yml +++ /dev/null @@ -1,13 +0,0 @@ -name: Labeller - -on: - issues: - types: [ opened, reopened, labeled, unlabeled ] - pull_request_target: - types: [ opened, reopened, labeled, unlabeled ] - -jobs: - label: - if: contains(fromJson('["puppetlabs","puppet-toy-chest"]'), github.repository_owner) - uses: "puppetlabs/cat-github-actions/.github/workflows/labeller.yml@release-any-tag" - secrets: inherit From c24e65c324ffafe01d2c5f4cc54e6c9012901217 Mon Sep 17 00:00:00 2001 From: Jeffrey Clark Date: Tue, 7 May 2024 09:03:53 -0500 Subject: [PATCH 87/97] (maint) add h0tw1r3 to codeowners --- CODEOWNERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CODEOWNERS b/CODEOWNERS index 93cbbac6..9988e2b3 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -1 +1 @@ -* @puppetlabs/puppetdb @bastelfreak @smortex +* @puppetlabs/puppetdb @bastelfreak @smortex @h0tw1r3 From 335284c7ba6698904319cd2d9f7b875acde2b830 Mon Sep 17 00:00:00 2001 From: GitHub Actions Date: Tue, 7 May 2024 14:16:19 +0000 Subject: [PATCH 88/97] Release prep v8.1.0 --- CHANGELOG.md | 61 +++++++++++++++++++-------------------------------- metadata.json | 2 +- 2 files changed, 24 insertions(+), 39 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 56133206..b6daa959 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,21 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org). +## [v8.1.0](https://github.com/puppetlabs/puppetlabs-puppetdb/tree/v8.1.0) - 2024-05-07 + +[Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/v8.0.1...v8.1.0) + +### Added + +- Add a `puppetdb_version` fact with PuppetDB version [#404](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/404) ([rwaffen](https://github.com/rwaffen)) +- Restrict configuration file permissions [#343](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/343) ([smortex](https://github.com/smortex)) +- Hide passwords from output [#320](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/320) ([gfa](https://github.com/gfa)) + +### Fixed + +- set encoding when creating the DB [#359](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/359) ([elfranne](https://github.com/elfranne)) +- cron puppetdb-dlo-cleanup requires package [#321](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/321) ([glennaaldering](https://github.com/glennaaldering)) + ## [v8.0.1](https://github.com/puppetlabs/puppetlabs-puppetdb/tree/v8.0.1) - 2024-05-02 [Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/v8.0.0...v8.0.1) @@ -17,31 +32,12 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a [Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/7.14.0...v8.0.0) -### Changed -- Drop support for Ubuntu 16 and Scientific Linux 7 [#384](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/384) ([h0tw1r3](https://github.com/h0tw1r3)) -- Drop support for puppet < 7 [#383](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/383) ([h0tw1r3](https://github.com/h0tw1r3)) -- Change default postgres version to 14 [#379](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/379) ([jonathannewman](https://github.com/jonathannewman)) -- Update firewall manifests to use `jump` instead of `action` [#372](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/372) ([david22swan](https://github.com/david22swan)) -- Remove obsolete database config options [#357](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/357) ([smokris](https://github.com/smokris)) - -### Added - -- Allow puppetlabs/firewall 8.x [#395](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/395) ([gcoxmoz](https://github.com/gcoxmoz)) -- Make `puppet_confdir` configurable [#376](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/376) ([h0tw1r3](https://github.com/h0tw1r3)) - -### Fixed - -- Support scram-sha-256 password_encryption method [#400](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/400) ([deric](https://github.com/deric)) -- Fix custom database port support [#392](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/392) ([h0tw1r3](https://github.com/h0tw1r3)) -- Correct clientcert value in pg_hba.conf for Postgresql >= 12 [#380](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/380) ([jhunt-steds](https://github.com/jhunt-steds)) -- Unterminated quoted string when creating read user [#371](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/371) ([waipeng](https://github.com/waipeng)) -- Fix FreeBSD support [#342](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/342) ([smortex](https://github.com/smortex)) - ## [7.14.0](https://github.com/puppetlabs/puppetlabs-puppetdb/tree/7.14.0) - 2023-10-09 [Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/7.13.0...7.14.0) ### Changed + - Drop EoL Debian 8/9 [#347](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/347) ([bastelfreak](https://github.com/bastelfreak)) - Drop EoL CentOS 6 [#346](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/346) ([bastelfreak](https://github.com/bastelfreak)) @@ -71,15 +67,6 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a [Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/7.10.0...7.11.0) -### Added - -- (PDB-5559) Grant read user to write user [#361](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/361) ([austb](https://github.com/austb)) -- Mark as compatible with puppetlabs/postgresql 8.x [#353](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/353) ([ekohl](https://github.com/ekohl)) - -### Fixed - -- Fix legacy fact usage [#355](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/355) ([smortex](https://github.com/smortex)) - ## [7.10.0](https://github.com/puppetlabs/puppetlabs-puppetdb/tree/7.10.0) - 2021-12-16 [Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/7.9.0...7.10.0) @@ -154,10 +141,6 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a [Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/7.3.0...7.4.0) -### Added - -- Add possibilty to skip database creation in the module [#296](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/296) ([jhooyberghs](https://github.com/jhooyberghs)) - ## [7.3.0](https://github.com/puppetlabs/puppetlabs-puppetdb/tree/7.3.0) - 2019-06-14 [Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/7.2.0...7.3.0) @@ -191,6 +174,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a [Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/6.0.2...7.0.0) ### Changed + - Setup for 7.0.0 release [#279](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/279) ([Zak-Kent](https://github.com/Zak-Kent)) ### Added @@ -220,6 +204,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a [Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/5.1.2...6.0.0) ### Changed + - Default to postgres 9.6 [#265](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/265) ([mullr](https://github.com/mullr)) ### Added @@ -277,6 +262,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a [Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/4.2.1...4.3.0) ### Changed + - (PDB-1657) Manage Postgres repos by default [#197](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/197) ([ajroetker](https://github.com/ajroetker)) - (PDB-1035) Add default PuppetDB root context [#181](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/181) ([ajroetker](https://github.com/ajroetker)) @@ -332,6 +318,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a [Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/3.0.1...4.0.0) ### Changed + - do not manage firewall for postgres, puppetlabs/postgres module from [#135](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/135) ([buzzdeee](https://github.com/buzzdeee)) ### Added @@ -357,6 +344,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a [Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/3.0.0...3.0.1) ### Changed + - Use the /v2 metrics endpoint instead of /metrics [#116](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/116) ([kbarber](https://github.com/kbarber)) ### Added @@ -411,6 +399,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a [Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/1.4.0...1.5.0) ### Changed + - Fix dependency for stdlib for 'downcase' [#70](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/70) ([kbarber](https://github.com/kbarber)) ### Added @@ -424,6 +413,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a [Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/1.2.1...1.4.0) ### Changed + - Use fqdn for ssl listen address instead of clientcert [#63](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/63) ([cprice404](https://github.com/cprice404)) - Increase default report-ttl to 14d [#60](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/60) ([cprice404](https://github.com/cprice404)) @@ -456,11 +446,6 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a [Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/1.1.4...1.1.5) -### Added - -- Configuration improvements [#36](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/36) ([kbrezina](https://github.com/kbrezina)) -- Bug/master/manage redhat firewall [#30](https://github.com/puppetlabs/puppetlabs-puppetdb/pull/30) ([cprice404](https://github.com/cprice404)) - ## [1.1.4](https://github.com/puppetlabs/puppetlabs-puppetdb/tree/1.1.4) - 2013-01-17 [Full Changelog](https://github.com/puppetlabs/puppetlabs-puppetdb/compare/1.1.3...1.1.4) diff --git a/metadata.json b/metadata.json index d50ff948..d925cc19 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "puppetlabs-puppetdb", - "version": "8.0.1", + "version": "8.1.0", "author": "puppetlabs", "summary": "Installs PostgreSQL and PuppetDB, sets up the connection to Puppet master.", "license": "Apache-2.0", From 3eb3849a2387a6f35f32acdd595f8f30c8f9af69 Mon Sep 17 00:00:00 2001 From: cocker-cc Date: Tue, 29 Jun 2021 21:22:49 +0200 Subject: [PATCH 89/97] Use Datatype Sensitive for Secrets --- REFERENCE.md | 12 ++++++------ manifests/database/postgresql.pp | 4 ++-- manifests/database/read_only_user.pp | 2 +- manifests/init.pp | 4 ++-- manifests/server.pp | 4 ++-- manifests/server/database.pp | 2 +- manifests/server/read_database.pp | 2 +- manifests/server/validate_db.pp | 2 +- manifests/server/validate_read_db.pp | 2 +- 9 files changed, 17 insertions(+), 17 deletions(-) diff --git a/REFERENCE.md b/REFERENCE.md index 342a1207..4b6e50a8 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -344,7 +344,7 @@ Default value: `$puppetdb::params::database_username` ##### `database_password` -Data type: `Any` +Data type: `Variant[String[1], Sensitive[String[1]]]` The password for the database user. Defaults to `puppetdb`. @@ -615,7 +615,7 @@ Default value: `$puppetdb::params::read_database_username` ##### `read_database_password` -Data type: `Any` +Data type: `Variant[String[1], Sensitive[String[1]]]` The password for the read database user. Defaults to `puppetdb-read`. This option is supported in PuppetDB >= 1.6. @@ -973,7 +973,7 @@ Default value: `$puppetdb::params::database_username` ##### `database_password` -Data type: `Any` +Data type: `Variant[String[1], Sensitive[String[1]]]` Sets the password for the database user above. Defaults to `puppetdb`. @@ -1067,7 +1067,7 @@ Default value: `$puppetdb::params::read_database_username` ##### `read_database_password` -Data type: `Any` +Data type: `Variant[String[1], Sensitive[String[1]]]` The password for the read database user. Defaults to `puppetdb-read`. This option is supported in PuppetDB >= 1.6. @@ -1583,7 +1583,7 @@ Default value: `$puppetdb::params::database_username` ##### `database_password` -Data type: `Any` +Data type: `Variant[String[1], Sensitive[String[1]]]` The password for the database user. Defaults to `puppetdb`. @@ -1835,7 +1835,7 @@ Default value: `$puppetdb::params::read_database_username` ##### `read_database_password` -Data type: `Any` +Data type: `Variant[String[1], Sensitive[String[1]]]` The password for the read database user. Defaults to `puppetdb-read`. This option is supported in PuppetDB >= 1.6. diff --git a/manifests/database/postgresql.pp b/manifests/database/postgresql.pp index 281525f0..825b3fe7 100644 --- a/manifests/database/postgresql.pp +++ b/manifests/database/postgresql.pp @@ -75,7 +75,7 @@ $puppetdb_server = $puppetdb::params::puppetdb_server, $database_name = $puppetdb::params::database_name, $database_username = $puppetdb::params::database_username, - $database_password = $puppetdb::params::database_password, + Variant[String[1], Sensitive[String[1]]] $database_password = $puppetdb::params::database_password, $database_port = $puppetdb::params::database_port, $manage_database = $puppetdb::params::manage_database, $manage_server = $puppetdb::params::manage_dbserver, @@ -86,7 +86,7 @@ $postgresql_ssl_cert_path = $puppetdb::params::postgresql_ssl_cert_path, $postgresql_ssl_ca_cert_path = $puppetdb::params::postgresql_ssl_ca_cert_path, $read_database_username = $puppetdb::params::read_database_username, - $read_database_password = $puppetdb::params::read_database_password, + Variant[String[1], Sensitive[String[1]]] $read_database_password = $puppetdb::params::read_database_password, $read_database_host = $puppetdb::params::read_database_host, Boolean $password_sensitive = false, Postgresql::Pg_password_encryption $password_encryption = $puppetdb::params::password_encryption, diff --git a/manifests/database/read_only_user.pp b/manifests/database/read_only_user.pp index f056eb1a..9b73ea31 100644 --- a/manifests/database/read_only_user.pp +++ b/manifests/database/read_only_user.pp @@ -21,7 +21,7 @@ String $read_database_username, String $database_name, String $database_owner, - Variant[String, Boolean, Sensitive[String]] $password_hash = false, + Variant[String[1], Boolean, Sensitive[String[1]]] $password_hash = false, Optional[Stdlib::Port] $database_port = undef, Optional[Postgresql::Pg_password_encryption] $password_encryption = undef, ) { diff --git a/manifests/init.pp b/manifests/init.pp index 05010a97..af32b4ed 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -379,7 +379,7 @@ $database_host = $puppetdb::params::database_host, $database_port = $puppetdb::params::database_port, $database_username = $puppetdb::params::database_username, - $database_password = $puppetdb::params::database_password, + Variant[String[1], Sensitive[String[1]]] $database_password = $puppetdb::params::database_password, $database_name = $puppetdb::params::database_name, $manage_db_password = $puppetdb::params::manage_db_password, $jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties, @@ -402,7 +402,7 @@ $read_database_host = $puppetdb::params::read_database_host, $read_database_port = $puppetdb::params::read_database_port, $read_database_username = $puppetdb::params::read_database_username, - $read_database_password = $puppetdb::params::read_database_password, + Variant[String[1], Sensitive[String[1]]] $read_database_password = $puppetdb::params::read_database_password, $read_database_name = $puppetdb::params::read_database_name, $manage_read_db_password = $puppetdb::params::manage_read_db_password, $read_database_jdbc_ssl_properties = $puppetdb::params::read_database_jdbc_ssl_properties, diff --git a/manifests/server.pp b/manifests/server.pp index 21ec6341..e6a708d3 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -336,7 +336,7 @@ $database_host = $puppetdb::params::database_host, $database_port = $puppetdb::params::database_port, $database_username = $puppetdb::params::database_username, - $database_password = $puppetdb::params::database_password, + Variant[String[1], Sensitive[String[1]]] $database_password = $puppetdb::params::database_password, $database_name = $puppetdb::params::database_name, $manage_db_password = $puppetdb::params::manage_db_password, $jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties, @@ -357,7 +357,7 @@ $read_database_host = $puppetdb::params::read_database_host, $read_database_port = $puppetdb::params::read_database_port, $read_database_username = $puppetdb::params::read_database_username, - $read_database_password = $puppetdb::params::read_database_password, + Variant[String[1], Sensitive[String[1]]] $read_database_password = $puppetdb::params::read_database_password, $read_database_name = $puppetdb::params::read_database_name, $manage_read_db_password = $puppetdb::params::manage_read_db_password, $read_database_jdbc_ssl_properties = $puppetdb::params::read_database_jdbc_ssl_properties, diff --git a/manifests/server/database.pp b/manifests/server/database.pp index 1de6411f..2b8e19ef 100644 --- a/manifests/server/database.pp +++ b/manifests/server/database.pp @@ -5,7 +5,7 @@ $database_host = $puppetdb::params::database_host, $database_port = $puppetdb::params::database_port, $database_username = $puppetdb::params::database_username, - $database_password = $puppetdb::params::database_password, + Variant[String[1], Sensitive[String[1]]] $database_password = $puppetdb::params::database_password, $database_name = $puppetdb::params::database_name, $manage_db_password = $puppetdb::params::manage_db_password, $jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties, diff --git a/manifests/server/read_database.pp b/manifests/server/read_database.pp index 18b8f2c3..24a4cb8f 100644 --- a/manifests/server/read_database.pp +++ b/manifests/server/read_database.pp @@ -5,7 +5,7 @@ $read_database_host = $puppetdb::params::read_database_host, $read_database_port = $puppetdb::params::read_database_port, $read_database_username = $puppetdb::params::read_database_username, - $read_database_password = $puppetdb::params::read_database_password, + Variant[String[1], Sensitive[String[1]]] $read_database_password = $puppetdb::params::read_database_password, $read_database_name = $puppetdb::params::read_database_name, $manage_db_password = $puppetdb::params::manage_read_db_password, $jdbc_ssl_properties = $puppetdb::params::read_database_jdbc_ssl_properties, diff --git a/manifests/server/validate_db.pp b/manifests/server/validate_db.pp index b198d6ad..62cda9dc 100644 --- a/manifests/server/validate_db.pp +++ b/manifests/server/validate_db.pp @@ -5,7 +5,7 @@ $database_host = $puppetdb::params::database_host, $database_port = $puppetdb::params::database_port, $database_username = $puppetdb::params::database_username, - $database_password = $puppetdb::params::database_password, + Variant[String[1], Sensitive[String[1]]] $database_password = $puppetdb::params::database_password, $database_name = $puppetdb::params::database_name, $jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties, ) inherits puppetdb::params { diff --git a/manifests/server/validate_read_db.pp b/manifests/server/validate_read_db.pp index 99f79898..ef319e90 100644 --- a/manifests/server/validate_read_db.pp +++ b/manifests/server/validate_read_db.pp @@ -5,7 +5,7 @@ $database_host = $puppetdb::params::database_host, $database_port = $puppetdb::params::database_port, $database_username = $puppetdb::params::database_username, - $database_password = $puppetdb::params::database_password, + Variant[String[1], Sensitive[String[1]]] $database_password = $puppetdb::params::database_password, $database_name = $puppetdb::params::database_name, $jdbc_ssl_properties = $puppetdb::params::jdbc_ssl_properties, ) inherits puppetdb::params { From 5c0b4a74481715d4a69a4bfaf0365920498341c9 Mon Sep 17 00:00:00 2001 From: Jeffrey Clark Date: Thu, 23 May 2024 04:21:45 -0500 Subject: [PATCH 90/97] (maint) update cat workflows release-any-tag workflow merged into main --- .github/workflows/ci.yml | 4 ++-- .github/workflows/mend.yml | 9 ++++----- .github/workflows/nightly.yml | 4 ++-- .github/workflows/release.yml | 2 +- .github/workflows/release_prep.yml | 2 +- .github/workflows/release_without.yml | 2 +- 6 files changed, 11 insertions(+), 12 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 61141e71..b45fce3e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -13,12 +13,12 @@ concurrency: jobs: Spec: - uses: "puppetlabs/cat-github-actions/.github/workflows/module_ci.yml@release-any-tag" + uses: "puppetlabs/cat-github-actions/.github/workflows/module_ci.yml@main" secrets: "inherit" Acceptance: needs: Spec - uses: "puppetlabs/cat-github-actions/.github/workflows/module_acceptance.yml@release-any-tag" + uses: "puppetlabs/cat-github-actions/.github/workflows/module_acceptance.yml@main" secrets: "inherit" with: runs_on: "ubuntu-20.04" diff --git a/.github/workflows/mend.yml b/.github/workflows/mend.yml index 22a1fde4..b4100a5a 100644 --- a/.github/workflows/mend.yml +++ b/.github/workflows/mend.yml @@ -1,10 +1,9 @@ name: "mend" on: - pull_request_target: - types: - - opened - - synchronize + pull_request: + branches: + - "main" schedule: - cron: "0 0 * * *" workflow_dispatch: @@ -12,5 +11,5 @@ on: jobs: mend: - uses: "puppetlabs/cat-github-actions/.github/workflows/mend_ruby.yml@release-any-tag" + uses: "puppetlabs/cat-github-actions/.github/workflows/mend_ruby.yml@main" secrets: "inherit" diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index f1a5d77c..163ce92f 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -8,12 +8,12 @@ on: jobs: Spec: - uses: "puppetlabs/cat-github-actions/.github/workflows/module_ci.yml@release-any-tag" + uses: "puppetlabs/cat-github-actions/.github/workflows/module_ci.yml@main" secrets: "inherit" Acceptance: needs: Spec - uses: "puppetlabs/cat-github-actions/.github/workflows/module_acceptance.yml@release-any-tag" + uses: "puppetlabs/cat-github-actions/.github/workflows/module_acceptance.yml@main" secrets: "inherit" with: runs_on: "ubuntu-20.04" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 27c86602..e4504404 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -26,7 +26,7 @@ on: jobs: release: - uses: "puppetlabs/cat-github-actions/.github/workflows/module_release.yml@release-any-tag" + uses: "puppetlabs/cat-github-actions/.github/workflows/module_release.yml@main" secrets: "inherit" with: tag: ${{ inputs.tag }} diff --git a/.github/workflows/release_prep.yml b/.github/workflows/release_prep.yml index 5a049914..bb0b7acc 100644 --- a/.github/workflows/release_prep.yml +++ b/.github/workflows/release_prep.yml @@ -9,7 +9,7 @@ on: jobs: release_prep: - uses: "puppetlabs/cat-github-actions/.github/workflows/module_release_prep.yml@release-any-tag" + uses: "puppetlabs/cat-github-actions/.github/workflows/module_release_prep.yml@main" with: version: "${{ github.event.inputs.version }}" secrets: "inherit" diff --git a/.github/workflows/release_without.yml b/.github/workflows/release_without.yml index 7d6f1f74..2224e6d8 100644 --- a/.github/workflows/release_without.yml +++ b/.github/workflows/release_without.yml @@ -5,5 +5,5 @@ on: jobs: release: - uses: "puppetlabs/cat-github-actions/.github/workflows/module_release.yml@release-any-tag" + uses: "puppetlabs/cat-github-actions/.github/workflows/module_release.yml@main" secrets: "inherit" From f5b303bee6dd09f684d4e20adac6d13a1e7066a9 Mon Sep 17 00:00:00 2001 From: Andrew Faulkner Date: Thu, 6 Jun 2024 22:52:01 +0100 Subject: [PATCH 91/97] Correct spelling of certificates --- manifests/params.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/params.pp b/manifests/params.pp index 5f19dfd0..382c342d 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -189,14 +189,14 @@ $cleanup_timer_interval = "*-*-* ${fqdn_rand(24)}:${fqdn_rand(60)}:00" $dlo_max_age = 90 - # certificats used for PostgreSQL SSL configuration. Puppet certificates are used + # certificates used for PostgreSQL SSL configuration. Puppet certificates are used $postgresql_ssl_on = false $postgresql_ssl_folder = "${puppet_confdir}/ssl" $postgresql_ssl_cert_path = "${postgresql_ssl_folder}/certs/${trusted['certname']}.pem" $postgresql_ssl_key_path = "${postgresql_ssl_folder}/private_keys/${trusted['certname']}.pem" $postgresql_ssl_ca_cert_path = "${postgresql_ssl_folder}/certs/ca.pem" - # certificats used for Jetty configuration + # certificates used for Jetty configuration $ssl_set_cert_paths = false $ssl_cert_path = "${ssl_dir}/public.pem" $ssl_key_path = "${ssl_dir}/private.pem" From bac44f7936b1868f52057368be24363c97dd6815 Mon Sep 17 00:00:00 2001 From: Robert Waffen Date: Fri, 14 Jun 2024 15:33:16 +0200 Subject: [PATCH 92/97] Extend fact to handle debian packages too Signed-off-by: Robert Waffen --- lib/facter/puppetdb_version.rb | 23 +++++++++++++++++++++-- spec/unit/facter/puppetdb_version_spec.rb | 22 ++++++++++++++++++++-- 2 files changed, 41 insertions(+), 4 deletions(-) diff --git a/lib/facter/puppetdb_version.rb b/lib/facter/puppetdb_version.rb index b04fb26c..0e7014eb 100644 --- a/lib/facter/puppetdb_version.rb +++ b/lib/facter/puppetdb_version.rb @@ -2,7 +2,26 @@ confine { Facter::Util::Resolution.which('puppetdb') } setcode do - output = Facter::Core::Execution.execute('puppetdb --version') - output.split(':').last.strip + require 'open3' + + # check if os is debian/ubuntu and the package is not from puppetlabs + if Facter.value(:osfamily) == 'Debian' + package_maintainer = Facter::Core::Execution.execute('apt-cache show puppetdb | grep "Maintainer:" | head -1') + unless package_maintainer.include? 'Puppet Labs' + output, status = Open3.capture2('dpkg-query --showformat=\'${Version}\' --show puppetdb') + if status.success? + output.strip.split('-').first + else + nil + end + end + else + output, status = Open3.capture2('puppetdb --version') + if status.success? + output.split(':').last.strip + else + nil + end + end end end diff --git a/spec/unit/facter/puppetdb_version_spec.rb b/spec/unit/facter/puppetdb_version_spec.rb index 3c2783fe..53cc63b8 100644 --- a/spec/unit/facter/puppetdb_version_spec.rb +++ b/spec/unit/facter/puppetdb_version_spec.rb @@ -10,13 +10,31 @@ Facter.clear end - it 'returns the correct puppetdb version' do + it 'returns a version on non-Debian family with puppetlabs package' do allow(Facter::Util::Resolution).to receive(:which).with('puppetdb').and_return('/usr/bin/puppetdb') - allow(Facter::Core::Execution).to receive(:execute).with('puppetdb --version').and_return("puppetdb version: 7.18.0\n") + allow(Open3).to receive(:capture2).with('puppetdb --version').and_return("puppetdb version: 7.18.0\n") expect(Facter.fact(:puppetdb_version).value).to eq('7.18.0') end + it 'returns a version on Debian family with non-puppetlabs package' do + allow(Facter::Util::Resolution).to receive(:which).with('puppetdb').and_return('/usr/sbin/puppetdb') + allow(Facter).to receive(:value).with(:osfamily).and_return('Debian') + allow(Facter::Core::Execution).to receive(:execute).with('apt-cache show puppetdb | grep "Maintainer:" | head -1').and_return('Maintainer: Ubuntu Developers') + allow(Open3).to receive(:capture2).with('dpkg-query --showformat=\'${Version}\' --show puppetdb').and_return("6.2.0-5") + + expect(Facter.fact(:puppetdb_version).value).to eq('6.2.0') + end + + it 'returns a version on Debian family with puppetlabs package' do + allow(Facter::Util::Resolution).to receive(:which).with('puppetdb').and_return('/usr/sbin/puppetdb') + allow(Facter).to receive(:value).with(:osfamily).and_return('Debian') + allow(Facter::Core::Execution).to receive(:execute).with('apt-cache show puppetdb | grep "Maintainer:" | head -1').and_return('Maintainer: Puppet Labs') + allow(Open3).to receive(:capture2).with('dpkg-query --showformat=\'${Version}\' --show puppetdb').and_return("7.19.0-1jammy") + + expect(Facter.fact(:puppetdb_version).value).to eq('7.19.0') + end + it 'returns nil if puppetdb command is not available' do allow(Facter::Util::Resolution).to receive(:which).with('puppetdb').and_return(nil) From 1a5ee16fabee64dd2c413d6f3b369fc4b129deed Mon Sep 17 00:00:00 2001 From: Robert Waffen Date: Fri, 14 Jun 2024 15:38:14 +0200 Subject: [PATCH 93/97] add open3 require to spec Signed-off-by: Robert Waffen --- spec/unit/facter/puppetdb_version_spec.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/spec/unit/facter/puppetdb_version_spec.rb b/spec/unit/facter/puppetdb_version_spec.rb index 53cc63b8..55da2c61 100644 --- a/spec/unit/facter/puppetdb_version_spec.rb +++ b/spec/unit/facter/puppetdb_version_spec.rb @@ -2,6 +2,7 @@ require 'spec_helper' require 'facter' +require 'open3' describe 'puppetdb_version' do subject(:fact) { Facter.fact(:puppetdb_version) } From 0faf2ce971ad2a87caf458659532f878616b0692 Mon Sep 17 00:00:00 2001 From: Robert Waffen Date: Fri, 14 Jun 2024 15:47:04 +0200 Subject: [PATCH 94/97] Update lib/facter/puppetdb_version.rb Co-authored-by: Tim Meusel --- lib/facter/puppetdb_version.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/facter/puppetdb_version.rb b/lib/facter/puppetdb_version.rb index 0e7014eb..3e367f12 100644 --- a/lib/facter/puppetdb_version.rb +++ b/lib/facter/puppetdb_version.rb @@ -5,7 +5,7 @@ require 'open3' # check if os is debian/ubuntu and the package is not from puppetlabs - if Facter.value(:osfamily) == 'Debian' + if Facter.value(:os)('family') == 'Debian' package_maintainer = Facter::Core::Execution.execute('apt-cache show puppetdb | grep "Maintainer:" | head -1') unless package_maintainer.include? 'Puppet Labs' output, status = Open3.capture2('dpkg-query --showformat=\'${Version}\' --show puppetdb') From d22a3d98562fcbc89aba002838c4f98ad03c491c Mon Sep 17 00:00:00 2001 From: chambersmp <93365267+chambersmp@users.noreply.github.com> Date: Mon, 17 Jun 2024 12:20:40 +1000 Subject: [PATCH 95/97] Update CODEOWNERS remove code owner that no longer has access --- CODEOWNERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CODEOWNERS b/CODEOWNERS index 9988e2b3..93cbbac6 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -1 +1 @@ -* @puppetlabs/puppetdb @bastelfreak @smortex @h0tw1r3 +* @puppetlabs/puppetdb @bastelfreak @smortex From 17ff4e28518755a14e730abc2dc9de2798890626 Mon Sep 17 00:00:00 2001 From: Robert Waffen Date: Mon, 17 Jun 2024 09:11:21 +0200 Subject: [PATCH 96/97] Refactor code again: - use Facter-functions Signed-off-by: Robert Waffen --- lib/facter/puppetdb_version.rb | 31 ++++--- spec/unit/facter/puppetdb_version_spec.rb | 103 ++++++++++++++++------ 2 files changed, 91 insertions(+), 43 deletions(-) diff --git a/lib/facter/puppetdb_version.rb b/lib/facter/puppetdb_version.rb index 3e367f12..69aecea9 100644 --- a/lib/facter/puppetdb_version.rb +++ b/lib/facter/puppetdb_version.rb @@ -2,26 +2,25 @@ confine { Facter::Util::Resolution.which('puppetdb') } setcode do - require 'open3' + command = 'puppetdb --version' + splitter = ':' + postion = 'last' - # check if os is debian/ubuntu and the package is not from puppetlabs - if Facter.value(:os)('family') == 'Debian' + if Facter.value(:os)['family'] == 'Debian' package_maintainer = Facter::Core::Execution.execute('apt-cache show puppetdb | grep "Maintainer:" | head -1') + unless package_maintainer.include? 'Puppet Labs' - output, status = Open3.capture2('dpkg-query --showformat=\'${Version}\' --show puppetdb') - if status.success? - output.strip.split('-').first - else - nil - end - end - else - output, status = Open3.capture2('puppetdb --version') - if status.success? - output.split(':').last.strip - else - nil + command = 'dpkg-query --showformat=\'${Version}\' --show puppetdb' + splitter = '-' + postion = 'first' end end + + begin + output = Facter::Core::Execution.execute(command) + output.split(splitter).send(postion).strip + rescue Facter::Core::Execution::ExecutionFailure + nil + end end end diff --git a/spec/unit/facter/puppetdb_version_spec.rb b/spec/unit/facter/puppetdb_version_spec.rb index 55da2c61..e63e258a 100644 --- a/spec/unit/facter/puppetdb_version_spec.rb +++ b/spec/unit/facter/puppetdb_version_spec.rb @@ -1,44 +1,93 @@ -# frozen_string_literal: true - -require 'spec_helper' require 'facter' -require 'open3' describe 'puppetdb_version' do - subject(:fact) { Facter.fact(:puppetdb_version) } - before(:each) do Facter.clear end - it 'returns a version on non-Debian family with puppetlabs package' do - allow(Facter::Util::Resolution).to receive(:which).with('puppetdb').and_return('/usr/bin/puppetdb') - allow(Open3).to receive(:capture2).with('puppetdb --version').and_return("puppetdb version: 7.18.0\n") + context 'when puppetdb is available' do + before do + allow(Facter::Util::Resolution).to receive(:which).with('puppetdb').and_return('/usr/bin/puppetdb') + end - expect(Facter.fact(:puppetdb_version).value).to eq('7.18.0') - end + context 'on a Debian-based system' do + before do + allow(Facter).to receive(:value).with(:os).and_return({ 'family' => 'Debian' }) + end - it 'returns a version on Debian family with non-puppetlabs package' do - allow(Facter::Util::Resolution).to receive(:which).with('puppetdb').and_return('/usr/sbin/puppetdb') - allow(Facter).to receive(:value).with(:osfamily).and_return('Debian') - allow(Facter::Core::Execution).to receive(:execute).with('apt-cache show puppetdb | grep "Maintainer:" | head -1').and_return('Maintainer: Ubuntu Developers') - allow(Open3).to receive(:capture2).with('dpkg-query --showformat=\'${Version}\' --show puppetdb').and_return("6.2.0-5") + context 'when Puppet Labs is the maintainer' do + before do + allow(Facter::Core::Execution).to receive(:execute) + .with('apt-cache show puppetdb | grep "Maintainer:" | head -1') + .and_return('Maintainer: Puppet Labs') + end - expect(Facter.fact(:puppetdb_version).value).to eq('6.2.0') - end + it 'returns the correct version from puppetdb --version' do + expect(Facter::Core::Execution).to receive(:execute) + .with('puppetdb --version') + .and_return('puppetdb version: 7.19.0') + + expect(Facter.fact(:puppetdb_version).value).to eq('7.19.0') + end + + it 'returns nil if the command execution fails' do + allow(Facter::Core::Execution).to receive(:execute).with('puppetdb --version').and_raise(Facter::Core::Execution::ExecutionFailure) + + expect(Facter.fact(:puppetdb_version).value).to be_nil + end + end + + context 'when Puppet Labs is not the maintainer' do + before do + allow(Facter::Core::Execution).to receive(:execute) + .with('apt-cache show puppetdb | grep "Maintainer:" | head -1') + .and_return('Maintainer: Other Maintainer') + end + + it 'returns the correct version from dpkg-query' do + expect(Facter::Core::Execution).to receive(:execute) + .with("dpkg-query --showformat='${Version}' --show puppetdb") + .and_return('7.9.0-1ubuntu1') + + expect(Facter.fact(:puppetdb_version).value).to eq('7.9.0') + end + + it 'returns nil if the command execution fails' do + allow(Facter::Core::Execution).to receive(:execute).with("dpkg-query --showformat='${Version}' --show puppetdb").and_raise(Facter::Core::Execution::ExecutionFailure) + + expect(Facter.fact(:puppetdb_version).value).to be_nil + end + end + end + + context 'on a non-Debian-based system' do + before do + allow(Facter).to receive(:value).with(:os).and_return({ 'family' => 'RedHat' }) + end + + it 'returns the correct version from puppetdb --version' do + expect(Facter::Core::Execution).to receive(:execute) + .with('puppetdb --version') + .and_return('puppetdb version: 7.19.0') + + expect(Facter.fact(:puppetdb_version).value).to eq('7.19.0') + end - it 'returns a version on Debian family with puppetlabs package' do - allow(Facter::Util::Resolution).to receive(:which).with('puppetdb').and_return('/usr/sbin/puppetdb') - allow(Facter).to receive(:value).with(:osfamily).and_return('Debian') - allow(Facter::Core::Execution).to receive(:execute).with('apt-cache show puppetdb | grep "Maintainer:" | head -1').and_return('Maintainer: Puppet Labs') - allow(Open3).to receive(:capture2).with('dpkg-query --showformat=\'${Version}\' --show puppetdb').and_return("7.19.0-1jammy") + it 'returns nil if the command execution fails' do + allow(Facter::Core::Execution).to receive(:execute).with('puppetdb --version').and_raise(Facter::Core::Execution::ExecutionFailure) - expect(Facter.fact(:puppetdb_version).value).to eq('7.19.0') + expect(Facter.fact(:puppetdb_version).value).to be_nil + end + end end - it 'returns nil if puppetdb command is not available' do - allow(Facter::Util::Resolution).to receive(:which).with('puppetdb').and_return(nil) + context 'when puppetdb is not available' do + before do + allow(Facter::Util::Resolution).to receive(:which).with('puppetdb').and_return(nil) + end - expect(Facter.fact(:puppetdb_version).value).to be_nil + it 'returns nil' do + expect(Facter.fact(:puppetdb_version).value).to be_nil + end end end From a535c4d8996aba86db98de458394d2fd60e16b64 Mon Sep 17 00:00:00 2001 From: Robert Waffen Date: Fri, 28 Jun 2024 10:34:55 +0200 Subject: [PATCH 97/97] Drop work on also handling debian package. - just report nil if command fails Signed-off-by: Robert Waffen --- lib/facter/puppetdb_version.rb | 24 ++------- spec/unit/facter/puppetdb_version_spec.rb | 60 ++--------------------- 2 files changed, 7 insertions(+), 77 deletions(-) diff --git a/lib/facter/puppetdb_version.rb b/lib/facter/puppetdb_version.rb index 69aecea9..097f4cc8 100644 --- a/lib/facter/puppetdb_version.rb +++ b/lib/facter/puppetdb_version.rb @@ -2,25 +2,9 @@ confine { Facter::Util::Resolution.which('puppetdb') } setcode do - command = 'puppetdb --version' - splitter = ':' - postion = 'last' - - if Facter.value(:os)['family'] == 'Debian' - package_maintainer = Facter::Core::Execution.execute('apt-cache show puppetdb | grep "Maintainer:" | head -1') - - unless package_maintainer.include? 'Puppet Labs' - command = 'dpkg-query --showformat=\'${Version}\' --show puppetdb' - splitter = '-' - postion = 'first' - end - end - - begin - output = Facter::Core::Execution.execute(command) - output.split(splitter).send(postion).strip - rescue Facter::Core::Execution::ExecutionFailure - nil - end + output = Facter::Core::Execution.execute('puppetdb --version') + output.split(':').last.strip + rescue Facter::Core::Execution::ExecutionFailure + nil end end diff --git a/spec/unit/facter/puppetdb_version_spec.rb b/spec/unit/facter/puppetdb_version_spec.rb index e63e258a..587c9a08 100644 --- a/spec/unit/facter/puppetdb_version_spec.rb +++ b/spec/unit/facter/puppetdb_version_spec.rb @@ -6,65 +6,11 @@ end context 'when puppetdb is available' do - before do + before(:each) do allow(Facter::Util::Resolution).to receive(:which).with('puppetdb').and_return('/usr/bin/puppetdb') end - context 'on a Debian-based system' do - before do - allow(Facter).to receive(:value).with(:os).and_return({ 'family' => 'Debian' }) - end - - context 'when Puppet Labs is the maintainer' do - before do - allow(Facter::Core::Execution).to receive(:execute) - .with('apt-cache show puppetdb | grep "Maintainer:" | head -1') - .and_return('Maintainer: Puppet Labs') - end - - it 'returns the correct version from puppetdb --version' do - expect(Facter::Core::Execution).to receive(:execute) - .with('puppetdb --version') - .and_return('puppetdb version: 7.19.0') - - expect(Facter.fact(:puppetdb_version).value).to eq('7.19.0') - end - - it 'returns nil if the command execution fails' do - allow(Facter::Core::Execution).to receive(:execute).with('puppetdb --version').and_raise(Facter::Core::Execution::ExecutionFailure) - - expect(Facter.fact(:puppetdb_version).value).to be_nil - end - end - - context 'when Puppet Labs is not the maintainer' do - before do - allow(Facter::Core::Execution).to receive(:execute) - .with('apt-cache show puppetdb | grep "Maintainer:" | head -1') - .and_return('Maintainer: Other Maintainer') - end - - it 'returns the correct version from dpkg-query' do - expect(Facter::Core::Execution).to receive(:execute) - .with("dpkg-query --showformat='${Version}' --show puppetdb") - .and_return('7.9.0-1ubuntu1') - - expect(Facter.fact(:puppetdb_version).value).to eq('7.9.0') - end - - it 'returns nil if the command execution fails' do - allow(Facter::Core::Execution).to receive(:execute).with("dpkg-query --showformat='${Version}' --show puppetdb").and_raise(Facter::Core::Execution::ExecutionFailure) - - expect(Facter.fact(:puppetdb_version).value).to be_nil - end - end - end - - context 'on a non-Debian-based system' do - before do - allow(Facter).to receive(:value).with(:os).and_return({ 'family' => 'RedHat' }) - end - + context 'on a default system' do it 'returns the correct version from puppetdb --version' do expect(Facter::Core::Execution).to receive(:execute) .with('puppetdb --version') @@ -82,7 +28,7 @@ end context 'when puppetdb is not available' do - before do + before(:each) do allow(Facter::Util::Resolution).to receive(:which).with('puppetdb').and_return(nil) end