Puppet Class: puppet::profile::puppetdb

Defined in:
manifests/profile/puppetdb.pp

Summary

A short summary of the purpose of this class

Overview

A description of what this class does

Examples:

include puppet::profile::puppetdb

Parameters:

  • platform_name (Puppet::Platform) (defaults to: 'puppet8')
  • manage_database (Boolean) (defaults to: true)
  • database_host (Stdlib::Host) (defaults to: 'localhost')
  • database_name (String) (defaults to: 'puppetdb')
  • database_username (String) (defaults to: 'puppetdb')
  • database_password (String) (defaults to: 'puppetdb')
  • manage_firewall (Boolean) (defaults to: false)
  • manage_cron (Boolean) (defaults to: true)

    Specifies whether to manage crontab entries. This setting is critical for containerized environments where crontab may not be available.

  • ssl_deploy_certs (Boolean) (defaults to: false)

    This parameter will be passed into the class ‘puppetdb`. The class `puppetdb` expects the parameters `puppetdb::ssl_key`, `puppetdb::ssl_cert`, and `puppetdb::ssl_ca_cert` to be set with the appropriate SSL asset content.

  • server (Optional[String]) (defaults to: undef)
  • ca_server (Optional[String]) (defaults to: $server)
  • certname (Optional[String]) (defaults to: undef)
  • hosts_update (Boolean) (defaults to: false) 


27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
 
# File 'manifests/profile/puppetdb.pp', line 27

class puppet::profile::puppetdb (
  Puppet::Platform $platform_name = 'puppet8',
  Boolean $manage_database = true,
  Stdlib::Host $database_host = 'localhost',
  String $database_name = 'puppetdb',
  String $database_username = 'puppetdb',
  String $database_password = 'puppetdb',
  Boolean $manage_firewall = false,
  Boolean $manage_cron = true,
  Boolean $ssl_deploy_certs = false,
  Optional[String] $server = undef,
  Optional[String] $ca_server = $server,
  Optional[String] $certname = undef,
  Boolean $hosts_update = false,
) {
  # puppet::globals must be declared before puppet::repo include
  class { 'puppet::globals':
    platform_name => $platform_name,
  }

  include puppet

  class { 'puppetdb::globals':
    version => $puppet::puppetdb_version,
  }

  class { 'puppet::agent':
    certname      => $certname,
    server        => $server,
    ca_server     => $ca_server,
    hosts_update  => $hosts_update,
    manage_config => true,
  }

  class { 'puppet::puppetdb':
    manage_database            => $manage_database,
    postgres_database_host     => $database_host,
    postgres_database_name     => $database_name,
    postgres_database_username => $database_username,
    postgres_database_password => $database_password,
    # According to moz://a SSL Configuration Generator for jetty 10.0.20, intermediate config
    ssl_protocols              => ['TLSv1.2', 'TLSv1.3'],
    cipher_suites              => [
      'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256',
      'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256',
      'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384',
      'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384',
      'TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256',
      'TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256',
      'TLS_DHE_RSA_WITH_AES_256_GCM_SHA384',
      'TLS_DHE_RSA_WITH_AES_128_GCM_SHA256',
      'TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256',
    ],
    manage_firewall            => $manage_firewall,
    manage_cron                => $manage_cron,
    ssl_deploy_certs           => $ssl_deploy_certs,
  }

  Class['puppet::agent::install']
  -> Class['puppet::agent::config']
  -> Class['puppet::agent::schedule']
}