Feature/sync fork #4
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Fixes the following error Error: /Stage[main]/Puppetdb::Server/Cron[puppetdb-dlo-cleanup]: Could not evaluate: Cannot write the puppetdb user's crontab: The user does not exist
Missed this doc update with puppetlabs#333.
PuppetDB runs as the puppetdb user. This user must have read access to the various configuration files but does not need write access to them. This ensure the service configuration cannot be unexpectedly changed by PuppetDB itself if some vulnerability allow random code execution, limiting the possibilities of exploitation and pivoting if such a vulnerability is found.
- Add release notes - The module should now be compatible with puppet agent 8.0.0 which removes legacy facts
Adding Trusted Contributors to the CODEOWNERS will allow them to meet our branch protection rules and merge pull requests. If you would rather keep that privilege for your own team, then you can decline this PR.
Reconciling trusted contributors list.
Update CODEOWNERS
Allow newer dependencies
cleanup .fixtures.yml
…quirements Relax dependency requirements
Drop EoL CentOS 6
Drop EoL Debian 8/9
README: correct postgres_version docs
The puppetdb user doesn't need to write to the config (it's managed by Puppet after all) so setting the owner to root and using the group to only read is safer. It is also closer to packaging, which ensures the owner is root after a package update. Ideally packaging would use the same group and mode as well so there isn't an event after a package update, but this change at least trims it down from 3 changes to 2.
Set owner of server config.ini to root
Fix "has no parameter named 'puppetdb_user'"
$settings::<> vars should generally be configurable because they hold the compilers value. This can be a problem if for example you're trying to use this module with Bolt, which returns a temp directory.
…nfdir make puppet_confdir configurable
* Fix acceptance tests to work with Litmus * Fix acceptance test installation path of puppet modules * update/add dependencies to fixtures * Fix CI failures related to legacy facts * More CI fixes with latest posgresql module * Remove local facts overrides They break adding facts from a context. * Match the ensure value of the manifest This was changed in 68d8c64 to fix puppet lint issues, but as the test suite was not run it passed through. * Match owner / mode of the manifest This was changed in 010bf13 to match best practice, but as the test suite was not run it passed through. * Add path to the custom facts The systemd module use this to run `systemctl daemon-reload`. Set an arbitrary value to avoid: > Validation of Exec[systemd-postgresql.service-systemctl-daemon-reload] failed: 'systemctl' is not qualified and no path was specified. Please qualify the command or specify a path.
Postgres 11 is no longer supported as an installation method from Postgres.org.
As a result, installations will fail using `puppetlabs-postgresql` with
failures like:
```
Error: /Stage[main]/Postgresql::Server::Install/Package[postgresql-server]/ensure: change from 'purged' to 'present' failed: Execution of '/usr/bin/yum -d 0 -e 0 -y install postgresql11-server' returned 1: One of the configured repositories failed (PostgreSQL 11 7 - x86_64),
and yum doesn't have enough cached data to continue. At this point the only
safe thing yum can do is fail. There are a few ways to work "fix" this:
1. Contact the upstream for the repository and get them to fix the problem.
2. Reconfigure the baseurl/etc. for the repository, to point to a working
upstream. This is most often useful if you are using a newer
distribution release than is supported by the repository (and the
packages for the previous distribution release still work).
3. Disable the repository, so yum won't use it by default. Yum will then
just ignore the repository until you permanently enable it again or use
--enablerepo for temporary usage:
yum-config-manager --disable yum.postgresql.org
4. Configure the failing repository to be skipped, if it is unavailable.
Note that yum will try to contact the repo. when it runs most commands,
so will have to try and fail each time (and thus. yum will be be much
slower). If it is a very temporary problem though, this is often a nice
compromise:
yum-config-manager --save --setopt=yum.postgresql.org.skip_if_unavailable=true
failure: repodata/repomd.xml from yum.postgresql.org: [Errno 256] No more mirrors to try.
https://download.postgresql.org/pub/repos/yum/11/redhat/rhel-7-x86_64/repodata/repomd.xml: [Errno 14] HTTPS Error 404 - Not Found
```
To make matters more complicated, `puppetlabs-postgresql` is impacted by
https://yum.postgresql.org/news/pgdg-rpm-repo-gpg-key-update/
see puppetlabs/puppetlabs-postgresql#1565
so too will not work until a new version of that is released with a fix.
cron puppetdb-dlo-cleanup requires package
set encoding when creating the DB
…itive Hide passwords from output
not used or working right now
Target release-any-tag workflows
Release prep v8.1.0
Allow `Sensitive` data type for secrets
release-any-tag workflow merged into main
(maint) update cat workflows
Correct spelling of certificates in manifest comments
Signed-off-by: Robert Waffen <[email protected]>
Signed-off-by: Robert Waffen <[email protected]>
Co-authored-by: Tim Meusel <[email protected]>
remove code owner that no longer has access
- use Facter-functions Signed-off-by: Robert Waffen <[email protected]>
- just report nil if command fails Signed-off-by: Robert Waffen <[email protected]>
Extend fact to not fail on debian packages
Update CODEOWNERS
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Sync upstream main to ours.