Puppet Class: puppet::puppetdb

Defined in:
manifests/puppetdb.pp

Summary

PuppetDB server

Overview

PuppetDB server on separate host

puppet.com/docs/puppetdb/latest/install_via_module.html#step-2-assign-classes-to-nodes 1) If you are installing PuppetDB on the same server as your Puppet Server, assign

the `puppetdb` and `puppetdb::master::config` classes to it.

2) If you want to run PuppetDB on its own server with a local PostgreSQL

instance, assign the puppetdb class to it, and assign the puppetdb::master::config
class to your Puppet Server. Make sure to set the class parameters as necessary.

Examples:

include puppet::puppetdb

Parameters:

  • manage_database (Boolean) (defaults to: true)

    Boolean. Default is true. If set then class Puppetdb will use puppetlabs/postgresql for Postgres database server management and PuppetDB database setup

  • manage_firewall (Boolean) (defaults to: false)

    Boolean. Default is false. If set than class Puppetdb::Server will use puppetlabs/firewall for firewall rules setup, iptables/ip6tables services management

  • manage_cron (Boolean) (defaults to: true)

    Specifies whether to manage crontab entries. This setting is critical for containerized environments where crontab may not be available.

  • ssl_deploy_certs (Boolean) (defaults to: false)

    This parameter will be passed into the class ‘puppetdb`. The class `puppetdb` expects the parameters `puppetdb::ssl_key`, `puppetdb::ssl_cert`, and `puppetdb::ssl_ca_cert` to be set with the appropriate SSL asset content.

  • postgres_database_host (Stdlib::Host) (defaults to: 'localhost')
  • postgres_database_name (String) (defaults to: 'puppetdb')
  • postgres_database_username (String) (defaults to: 'puppetdb')
  • postgres_database_password (String) (defaults to: 'puppetdb')
  • ssl_protocols (Array[String]) (defaults to: ['TLSv1.2', 'TLSv1.3'])
  • cipher_suites (Array[String]) (defaults to: [ 'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256', 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256', 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384', 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', 'TLS_DHE_RSA_WITH_AES_256_GCM_SHA384', 'TLS_DHE_RSA_WITH_AES_128_GCM_SHA256', ]) 


33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
 
# File 'manifests/puppetdb.pp', line 33

class puppet::puppetdb (
  Boolean $manage_database = true,
  Stdlib::Host $postgres_database_host = 'localhost',
  String $postgres_database_name = 'puppetdb',
  String $postgres_database_username = 'puppetdb',
  String $postgres_database_password = 'puppetdb',
  Array[String] $ssl_protocols = ['TLSv1.2', 'TLSv1.3'],
  Array[String] $cipher_suites = [
    'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256',
    'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256',
    'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384',
    'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384',
    'TLS_DHE_RSA_WITH_AES_256_GCM_SHA384',
    'TLS_DHE_RSA_WITH_AES_128_GCM_SHA256',
  ],
  Boolean $manage_firewall = false,
  Boolean $manage_cron = true,
  Boolean $ssl_deploy_certs = false,
) {
  if $manage_database {
    include lsys_postgresql

    postgresql::server::extension { "${postgres_database_name}-pg_trgm":
      extension => 'pg_trgm',
      database  => $postgres_database_name,
    }

    Class['postgresql::server'] -> Class['puppetdb']
    Postgresql::Server::Extension["${postgres_database_name}-pg_trgm"] -> Class['puppetdb']
  }

  if $manage_cron {
    include puppetdb::params
    $automatic_dlo_cleanup = $puppetdb::params::automatic_dlo_cleanup
  }
  else {
    $automatic_dlo_cleanup = false
  }

  class { 'puppetdb':
    manage_dbserver       => false,
    database_host         => $postgres_database_host,
    database_name         => $postgres_database_name,
    database_username     => $postgres_database_username,
    database_password     => $postgres_database_password,
    manage_firewall       => $manage_firewall,

    manage_database       => $manage_database,

    ssl_deploy_certs      => $ssl_deploy_certs,
    ssl_set_cert_paths    => true,

    ssl_protocols         => join($ssl_protocols, ','),
    cipher_suites         => join($cipher_suites, ','),

    automatic_dlo_cleanup => $automatic_dlo_cleanup,
  }

  contain puppetdb

  unless $ssl_deploy_certs {
    include puppet::puppetdb::https_config
  }
}