Puppet Class: puppet::puppetdb

Defined in:
manifests/puppetdb.pp

Summary

PuppetDB server

Overview

PuppetDB server on separate host

puppet.com/docs/puppetdb/latest/install_via_module.html#step-2-assign-classes-to-nodes 1) If you are installing PuppetDB on the same server as your Puppet Server, assign

the `puppetdb` and `puppetdb::master::config` classes to it.

2) If you want to run PuppetDB on its own server with a local PostgreSQL

instance, assign the puppetdb class to it, and assign the puppetdb::master::config
class to your Puppet Server. Make sure to set the class parameters as necessary.

Examples:

include puppet::puppetdb

Parameters:

  • manage_database (Boolean) (defaults to: true)

    Boolean. Default is true. If set then class Puppetdb will use puppetlabs/postgresql for Postgres database server management and PuppetDB database setup

  • manage_firewall (Boolean) (defaults to: false)

    Boolean. Default is false. If set than class Puppetdb::Server will use puppetlabs/firewall for firewall rules setup, iptables/ip6tables services management

  • manage_cron (Boolean) (defaults to: true)

    Specifies whether to manage crontab entries. This setting is critical for containerized environments where crontab may not be available.

  • postgres_database_host (Stdlib::Host) (defaults to: 'localhost')

    PostgreSQL database hostname

  • postgres_database_name (String) (defaults to: 'puppetdb')

    PostgreSQL database name for PuppetDB

  • postgres_database_username (String) (defaults to: 'puppetdb')

    PostgreSQL database username for PuppetDB

  • postgres_database_password (String) (defaults to: 'puppetdb')

    PostgreSQL database password for PuppetDB

  • ssl_protocols (Array[String]) (defaults to: ['TLSv1.2', 'TLSv1.3'])

    Array of SSL/TLS protocol versions to enable

  • cipher_suites (Array[String]) (defaults to: [ 'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256', 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256', 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384', 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', 'TLS_DHE_RSA_WITH_AES_256_GCM_SHA384', 'TLS_DHE_RSA_WITH_AES_128_GCM_SHA256', ])

    Array of SSL/TLS cipher suites to enable

  • ssl_deploy_certs (Boolean) (defaults to: false)

    This parameter will be passed into the class ‘puppetdb`. The class `puppetdb` expects the parameters `puppetdb::ssl_key`, `puppetdb::ssl_cert`, and `puppetdb::ssl_ca_cert` to be set with the appropriate SSL asset content.



51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
 
# File 'manifests/puppetdb.pp', line 51

class puppet::puppetdb (
  Boolean $manage_database = true,
  Stdlib::Host $postgres_database_host = 'localhost',
  String $postgres_database_name = 'puppetdb',
  String $postgres_database_username = 'puppetdb',
  String $postgres_database_password = 'puppetdb',
  Array[String] $ssl_protocols = ['TLSv1.2', 'TLSv1.3'],
  Array[String] $cipher_suites = [
    'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256',
    'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256',
    'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384',
    'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384',
    'TLS_DHE_RSA_WITH_AES_256_GCM_SHA384',
    'TLS_DHE_RSA_WITH_AES_128_GCM_SHA256',
  ],
  Boolean $manage_firewall = false,
  Boolean $manage_cron = true,
  Boolean $ssl_deploy_certs = false,
) {
  include puppet::puppetdb::globals

  if $manage_database {
    include lsys_postgresql

    postgresql::server::extension { "${postgres_database_name}-pg_trgm":
      extension => 'pg_trgm',
      database  => $postgres_database_name,
    }

    # Class['puppetdb::database::postgresql'] is declared inside Class['puppetdb']
    Class['lsys_postgresql'] -> Class['puppetdb::database::postgresql']
  }

  if $manage_cron {
    include puppetdb::params
    $automatic_dlo_cleanup = $puppetdb::params::automatic_dlo_cleanup
  }
  else {
    $automatic_dlo_cleanup = false
  }

  $ssl_dir = assert_type(Stdlib::Unixpath, $puppet::puppetdb::globals::ssl_dir)

  class { 'puppetdb':
    manage_dbserver       => false,
    database_host         => $postgres_database_host,
    database_name         => $postgres_database_name,
    database_username     => $postgres_database_username,
    database_password     => $postgres_database_password,
    manage_firewall       => $manage_firewall,

    manage_database       => $manage_database,

    puppetdb_package      => $puppet::puppetdb::globals::puppetdb_package,

    ssl_deploy_certs      => $ssl_deploy_certs,
    ssl_set_cert_paths    => true,

    ssl_protocols         => join($ssl_protocols, ','),
    cipher_suites         => join($cipher_suites, ','),

    automatic_dlo_cleanup => $automatic_dlo_cleanup,
    confdir               => $puppet::puppetdb::globals::confdir,
    ssl_dir               => $puppet::puppetdb::globals::ssl_dir,
    vardir                => $puppet::puppetdb::globals::vardir,
    ssl_key_path          => "${ssl_dir}/private.pem",
    ssl_cert_path         => "${ssl_dir}/public.pem",
    ssl_ca_cert_path      => "${ssl_dir}/ca.pem",
  }
  contain puppetdb

  include puppet::puppetdb::compat

  unless $ssl_deploy_certs {
    include puppet::puppetdb::https_config
  }
}