Puppet Class: puppetdb

Inherits:
puppetdb::params
Defined in:
manifests/init.pp

Summary

manage PuppetDB

Overview

Parameters:

  • listen_address (Any) (defaults to: $puppetdb::params::listen_address)

    The address that the web server should bind to for HTTP requests. Defaults to ‘localhost`. Set to `0.0.0.0` to listen on all addresses.

  • listen_port (Any) (defaults to: $puppetdb::params::listen_port)

    The port on which the puppetdb web server should accept HTTP requests. Defaults to ‘8080`.

  • disable_cleartext (Any) (defaults to: $puppetdb::params::disable_cleartext)

    If ‘true`, the puppetdb web server will only serve HTTPS and not HTTP requests (defaults to false).

  • open_listen_port (Any) (defaults to: $puppetdb::params::open_listen_port)

    If ‘true`, open the `http_listen_port` on the firewall. Defaults to `false`.

  • ssl_listen_address (Any) (defaults to: $puppetdb::params::ssl_listen_address)

    The address that the web server should bind to for HTTPS requests. Defaults to ‘0.0.0.0` to listen on all addresses.

  • ssl_listen_port (Any) (defaults to: $puppetdb::params::ssl_listen_port)

    The port on which the puppetdb web server should accept HTTPS requests. Defaults to ‘8081`.

  • disable_ssl (Any) (defaults to: $puppetdb::params::disable_ssl)

    If ‘true`, the puppetdb web server will only serve HTTP and not HTTPS requests. Defaults to `false`.

  • open_ssl_listen_port (Any) (defaults to: $puppetdb::params::open_ssl_listen_port)

    If true, open the ‘ssl_listen_port` on the firewall. Defaults to `undef`.

  • ssl_protocols (Any) (defaults to: $puppetdb::params::ssl_protocols)

    Specify the supported SSL protocols for PuppetDB (e.g. TLSv1, TLSv1.1, TLSv1.2.)

  • postgresql_ssl_on (Any) (defaults to: $puppetdb::params::postgresql_ssl_on)

    If ‘true`, it configures SSL connections between PuppetDB and the PostgreSQL database. Defaults to `false`.

  • postgresql_ssl_folder (Any) (defaults to: $puppetdb::params::postgresql_ssl_folder)

    Path to the Postgresql SSL folder.

  • postgresql_ssl_cert_path (Any) (defaults to: $puppetdb::params::postgresql_ssl_cert_path)

    Path to the Postgresql SSL certificate.

  • postgresql_ssl_key_path (Any) (defaults to: $puppetdb::params::postgresql_ssl_key_path)

    Path to the Postgresql SSL key.

  • postgresql_ssl_ca_cert_path (Any) (defaults to: $puppetdb::params::postgresql_ssl_ca_cert_path)

    Path to the Postgresql SSL CA.

  • cipher_suites (Any) (defaults to: $puppetdb::params::cipher_suites)

    Configure jetty’s supported ‘cipher-suites` (e.g. `SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384`). Defaults to `undef`.

  • migrate (Any) (defaults to: $puppetdb::params::migrate)

    If ‘true`, puppetdb will automatically migrate to the latest database format at startup. If `false`, if the database format supplied by this version of PuppetDB doesn’t match the version expected (whether newer or older), PuppetDB will exit with an error status. Defaults to ‘true`.

  • manage_dbserver (Any) (defaults to: $puppetdb::params::manage_dbserver)

    If true, the PostgreSQL server will be managed by this module. Defaults to ‘true`.

  • manage_database (Any) (defaults to: $puppetdb::params::manage_database)

    If true, the PostgreSQL database will be managed by this module. Defaults to ‘true`.

  • manage_package_repo (Any) (defaults to: $puppetdb::params::manage_pg_repo)

    If ‘true`, the official postgresql.org repo will be added and postgres won’t be installed from the regular repository. Defaults to ‘true`.

  • postgres_version (Any) (defaults to: $puppetdb::params::postgres_version)

    If the postgresql.org repo is installed, you can install several versions of postgres. Defaults to ‘11` with PuppetDB version 7.0.0 or newer, and `9.6` in older versions.

  • database_host (Any) (defaults to: $puppetdb::params::database_host)

    Hostname to use for the database connection. For single case installations this should be left as the default. Defaults to ‘localhost`.

  • database_port (Any) (defaults to: $puppetdb::params::database_port)

    The port that the database server listens on. Defaults to ‘5432`.

  • database_username (Any) (defaults to: $puppetdb::params::database_username)

    The name of the database user to connect as. Defaults to ‘puppetdb`.

  • database_password (Any) (defaults to: $puppetdb::params::database_password)

    The password for the database user. Defaults to ‘puppetdb`.

  • manage_db_password (Any) (defaults to: $puppetdb::params::manage_db_password)

    Whether or not the database password in database.ini will be managed by this module. Set this to ‘false` if you want to set the password some other way. Defaults to `true`

  • database_name (Any) (defaults to: $puppetdb::params::database_name)

    The name of the database instance to connect to. Defaults to ‘puppetdb`.

  • jdbc_ssl_properties (Any) (defaults to: $puppetdb::params::jdbc_ssl_properties)

    The text to append to the JDBC connection URI. This should begin with a ‘?’ character. For example, to use SSL for the PostgreSQL connection, set this parameter’s value to ‘?ssl=true`.

  • database_listen_address (Any) (defaults to: $puppetdb::params::postgres_listen_addresses)

    A comma-separated list of hostnames or IP addresses on which the postgres server should listen for incoming connections. This defaults to ‘localhost`. This parameter maps directly to PostgreSQL’s ‘listen_addresses` config option. Use a `*` to allow connections on any accessible address.

  • database_validate (Any) (defaults to: $puppetdb::params::database_validate)

    If true, the module will attempt to connect to the database using the specified settings and fail if it is not able to do so. Defaults to ‘true`.

  • node_ttl (Any) (defaults to: $puppetdb::params::node_ttl)

    The length of time a node can go without receiving any new data before it’s automatically deactivated. (defaults to ‘7d’, which is a 7-day period. Set to ‘0d’ to disable auto-deactivation). This option is supported in PuppetDB >= 1.1.0.

  • node_purge_ttl (Any) (defaults to: $puppetdb::params::node_purge_ttl)

    The length of time a node can be deactivated before it’s deleted from the database. (defaults to ‘14d’, which is a 14-day period. Set to ‘0d’ to disable purging). This option is supported in PuppetDB >= 1.2.0.

  • report_ttl (Any) (defaults to: $puppetdb::params::report_ttl)

    The length of time reports should be stored before being deleted. (defaults to ‘14d`, which is a 14-day period). This option is supported in PuppetDB >= 1.1.0.

  • facts_blacklist (Optional[Array]) (defaults to: $puppetdb::params::facts_blacklist)

    A list of fact names to be ignored whenever submitted.

  • gc_interval (Any) (defaults to: $puppetdb::params::gc_interval)

    This controls how often (in minutes) to compact the database. The compaction process reclaims space and deletes unnecessary rows. If not supplied, the default is every 60 minutes. This option is supported in PuppetDB >= 0.9.

  • node_purge_gc_batch_limit (Any) (defaults to: $puppetdb::params::node_purge_gc_batch_limit)

    Nodes will be purged in batches of this size, one batch per gc-interval.

  • conn_max_age (Any) (defaults to: $puppetdb::params::conn_max_age)

    The maximum time (in minutes) for a pooled connection to remain unused before it is closed off.

    If not supplied, we default to ‘60` minutes. This option is supported in PuppetDB >= 1.1.

  • conn_lifetime (Any) (defaults to: $puppetdb::params::conn_lifetime)

    The maximum time (in minutes) a pooled connection should remain open. Any connections older than this setting will be closed off. Connections currently in use will not be affected until they are returned to the pool.

    If not supplied, we won’t terminate connections based on their age alone. This option is supported in PuppetDB >= 1.4.

  • puppetdb_package (Any) (defaults to: $puppetdb::params::puppetdb_package)

    The PuppetDB package name in the package manager. Defaults to ‘present`.

  • puppetdb_service (Any) (defaults to: $puppetdb::params::puppetdb_service)

    The name of the PuppetDB service. Defaults to ‘puppetdb`.

  • puppetdb_service_status (Any) (defaults to: $puppetdb::params::puppetdb_service_status)

    Sets whether the service should be ‘running ` or `stopped`. When set to `stopped` the service doesn’t start on boot either. Valid values are ‘true`, `running`, `false`, and `stopped`.

  • puppetdb_user (Any) (defaults to: $puppetdb::params::puppetdb_user)

    Puppetdb service user

  • puppetdb_group (Any) (defaults to: $puppetdb::params::puppetdb_group)

    Puppetdb service group

  • puppetdb_server (Any) (defaults to: $puppetdb::params::puppetdb_server)

    Puppetdb server hostname or IP address.

  • confdir (Any) (defaults to: $puppetdb::params::confdir)

    The PuppetDB configuration directory. Defaults to ‘/etc/puppetdb/conf.d`.

  • vardir (Any) (defaults to: $puppetdb::params::vardir)

    The parent directory for the MQ’s data directory.

  • java_args (Any) (defaults to: $puppetdb::params::java_args)

    Java VM options used for overriding default Java VM options specified in PuppetDB package. Defaults to ‘{}`. See [PuppetDB Configuration](puppet.com/docs/puppetdb/latest/configure.html) to get more details about the current defaults.

    For example, to set ‘-Xmx512m -Xms256m` options use:

    {
    '-Xmx' => '512m',
    '-Xms' => '256m',
}
  • merge_default_java_args (Any) (defaults to: $puppetdb::params::merge_default_java_args)

    Sets whether the provided java args should be merged with the defaults, or should override the defaults. This setting is necessary if any of the defaults are to be removed. Defaults to true. If ‘false`, the `java_args` in the PuppetDB init config file will reflect only what is passed via the `java_args` param.

  • max_threads (Any) (defaults to: $puppetdb::params::max_threads)

    Jetty option to explicitly set ‘max-threads`. Defaults to `undef`, so the PuppetDB-Jetty default is used.

  • read_database_host (Any) (defaults to: $puppetdb::params::read_database_host)

    *This parameter must be set to use another PuppetDB instance for queries.*

    The hostname or IP address of the read database server. If set to ‘undef`, and `manage_database` is set to `true`, it will use the value of the `database_host` parameter. This option is supported in PuppetDB >= 1.6.

  • read_database_port (Any) (defaults to: $puppetdb::params::read_database_port)

    The port that the read database server listens on. If ‘read_database_host` is set to `undef`, and `manage_database` is set to `true`, it will use the value of the `database_port` parameter. This option is supported in PuppetDB >= 1.6.

  • read_database_username (Any) (defaults to: $puppetdb::params::read_database_username)

    The name of the read database user to connect as. Defaults to ‘puppetdb-read`. This option is supported in PuppetDB >= 1.6.

  • read_database_password (Any) (defaults to: $puppetdb::params::read_database_password)

    The password for the read database user. Defaults to ‘puppetdb-read`. This option is supported in PuppetDB >= 1.6.

  • manage_read_db_password (Any) (defaults to: $puppetdb::params::manage_read_db_password)

    Whether or not the database password in read-database.ini will be managed by this module. Set this to ‘false` if you want to set the password some other way. Defaults to `true`

  • read_database_jdbc_ssl_properties (Any) (defaults to: $puppetdb::params::read_database_jdbc_ssl_properties)

    The text to append to the JDBC connection URI. This should begin with a ‘?’ character. For example, to use SSL for the PostgreSQL connection, set this parameter’s value to ‘?ssl=true`.

  • read_database_validate (Any) (defaults to: $puppetdb::params::read_database_validate)

    If true, the module will attempt to connect to the database using the specified settings and fail if it is not able to do so. Defaults to ‘true`.

  • read_database_name (Any) (defaults to: $puppetdb::params::read_database_name)

    The name of the read database instance to connect to. If ‘read_database_host` is set to `undef`, and `manage_database` is set to `true`, it will use the value of the `database_name` parameter. This option is supported in PuppetDB >= 1.6.

  • read_conn_max_age (Any) (defaults to: $puppetdb::params::read_conn_max_age)

    The maximum time (in minutes) for a pooled read database connection to remain unused before it is closed off.

    If not supplied, we default to 60 minutes. This option is supported in PuppetDB >= 1.6.

  • read_conn_lifetime (Any) (defaults to: $puppetdb::params::read_conn_lifetime)

    The maximum time (in minutes) a pooled read database connection should remain open. Any connections older than this setting will be closed off. Connections currently in use will not be affected until they are returned to the pool.

    If not supplied, we won’t terminate connections based on their age alone. This option is supported in PuppetDB >= 1.6.

  • ssl_dir (Any) (defaults to: $puppetdb::params::ssl_dir)

    Base directory for PuppetDB SSL configuration. Defaults to ‘/etc/puppetdb/ssl` or `/etc/puppetlabs/puppetdb/ssl` for FOSS and PE respectively.

  • ssl_set_cert_paths (Any) (defaults to: $puppetdb::params::ssl_set_cert_paths)

    A switch to enable or disable the management of SSL certificates in your ‘jetty.ini` configuration file.

  • ssl_cert_path (Any) (defaults to: $puppetdb::params::ssl_cert_path)

    Path to your SSL certificate for populating ‘jetty.ini`.

  • ssl_key_pk8_path (Any) (defaults to: $puppetdb::params::ssl_key_pk8_path)

    Path to the SSL pk8 key for populating ‘jetty.ini`, will be generated from the SSL key as needed automatically.

  • ssl_key_path (Any) (defaults to: $puppetdb::params::ssl_key_path)

    Path to your SSL key for populating ‘jetty.ini`.

  • ssl_ca_cert_path (Any) (defaults to: $puppetdb::params::ssl_ca_cert_path)

    Path to your SSL CA for populating ‘jetty.ini`.

  • ssl_deploy_certs (Any) (defaults to: $puppetdb::params::ssl_deploy_certs)

    A boolean switch to enable or disable the management of SSL keys in your ‘ssl_dir`. Default is `false`.

  • ssl_key (Any) (defaults to: $puppetdb::params::ssl_key)

    Contents of your SSL key, as a string.

  • ssl_cert (Any) (defaults to: $puppetdb::params::ssl_cert)

    Contents of your SSL certificate, as a string.

  • ssl_ca_cert (Any) (defaults to: $puppetdb::params::ssl_ca_cert)

    Contents of your SSL CA certificate, as a string.

  • manage_firewall (Any) (defaults to: $puppetdb::params::manage_firewall)

    If ‘true`, puppet will manage your iptables rules for PuppetDB via the [puppetlabs-firewall](forge.puppetlabs.com/puppetlabs/firewall) class.

  • command_threads (Any) (defaults to: $puppetdb::params::command_threads)

    The number of command processing threads to use. Defaults to ‘undef`, using the PuppetDB built-in default.

  • concurrent_writes (Any) (defaults to: $puppetdb::params::concurrent_writes)

    The number of threads allowed to write to disk at any one time. Defaults to ‘undef`, which uses the PuppetDB built-in default.

  • store_usage (Any) (defaults to: $puppetdb::params::store_usage)

    The amount of disk space (in MB) to allow for persistent message storage. Defaults to ‘undef`, using the PuppetDB built-in default.

  • temp_usage (Any) (defaults to: $puppetdb::params::temp_usage)

    The amount of disk space (in MB) to allow for temporary message storage. Defaults to ‘undef`, using the PuppetDB built-in default.

  • disable_update_checking (Any) (defaults to: $puppetdb::params::disable_update_checking)

    Setting this to true disables checking for updated versions of PuppetDB and sending basic analytics data to Puppet. Defaults to ‘undef`, using the PuppetDB built-in default.

  • certificate_whitelist_file (Any) (defaults to: $puppetdb::params::certificate_whitelist_file)

    The name of the certificate whitelist file to set up and configure in PuppetDB. Defaults to ‘/etc/puppetdb/certificate-whitelist` or `/etc/puppetlabs/puppetdb/certificate-whitelist` for FOSS and PE respectively.

  • certificate_whitelist (Any) (defaults to: $puppetdb::params::certificate_whitelist)

    Array of the X.509 certificate Common Names of clients allowed to connect to PuppetDB. Defaults to empty. Be aware that this permits full access to all Puppet clients to download anything contained in PuppetDB, including the full catalogs of all nodes, which possibly contain sensitive information. Set to ‘[ $::servername ]` to allow access only from your (single) Puppet master, which is enough for normal operation. Set to a list of Puppet masters if you have multiple.

  • database_max_pool_size (Any) (defaults to: $puppetdb::params::database_max_pool_size)

    When the pool reaches this size, and no idle connections are available, attempts to get a connection will wait for connection-timeout milliseconds before timing out. Note that PuppetDB will use one pool for writes and another for reads, so the total number of connections used will be twice this setting.

  • read_database_max_pool_size (Any) (defaults to: $puppetdb::params::read_database_max_pool_size)

    When the pool reaches this size, and no idle connections are available, attempts to get a connection will wait for connection-timeout milliseconds before timing out. Note that PuppetDB will use one pool for writes and another for reads, so the total number of connections used will be twice this setting.

  • automatic_dlo_cleanup (Boolean) (defaults to: $puppetdb::params::automatic_dlo_cleanup)

    PuppetDB creates [Dead Letter Office](puppet.com/docs/puppetdb/5.2/maintain_and_tune.html#clean-up-the-dead-letter-office). Those are reports of failed requests. They spill up the disk. This parameter is a boolean and defaults to false. You can enable automatic cleanup of DLO reports by setting this to true.

  • cleanup_timer_interval (String[1]) (defaults to: $puppetdb::params::cleanup_timer_interval)

    The DLO cleanup is a systemd timer if systemd is available, otherwise a cronjob. The variable configures the systemd.timer option [onCalender](www.freedesktop.org/software/systemd/man/systemd.timer.html#OnCalendar=). It defaults to ‘--* $fqdn_rand(24):$fqdn_rand(60):00`. This will start the cleanup service on a daily basis. The exact minute and hour is random per node based on the [fqdn_rand](puppet.com/docs/puppet/5.5/function.html#fqdnrand) method. On non-systemd systems, the cron runs daily and the `$puppetdb_user` needs to be able to run cron jobs. On systemd systems you need the [camptocamp/systemd](forge.puppet.com/camptocamp/systemd) module, which is an optional dependency and not automatically installed!

  • dlo_max_age (Integer[1]) (defaults to: $puppetdb::params::dlo_max_age)

    This is a positive integer. It describes the amount of days you want to keep the DLO reports. The default value is 90 days.

  • java_bin (Optional[Stdlib::Absolutepath]) (defaults to: $puppetdb::params::java_bin)

    java binary path for PuppetDB. If undef, default will be used.

  • postgresql_password_encryption (Postgresql::Pg_password_encryption) (defaults to: $puppetdb::params::password_encryption)

    PostgreSQL password authentication method, either ‘md5` or `scram-sha-256`



348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
 
# File 'manifests/init.pp', line 348

class puppetdb (
  $listen_address                          = $puppetdb::params::listen_address,
  $listen_port                             = $puppetdb::params::listen_port,
  $disable_cleartext                       = $puppetdb::params::disable_cleartext,
  $open_listen_port                        = $puppetdb::params::open_listen_port,
  $ssl_listen_address                      = $puppetdb::params::ssl_listen_address,
  $ssl_listen_port                         = $puppetdb::params::ssl_listen_port,
  $disable_ssl                             = $puppetdb::params::disable_ssl,
  $open_ssl_listen_port                    = $puppetdb::params::open_ssl_listen_port,
  $ssl_dir                                 = $puppetdb::params::ssl_dir,
  $ssl_set_cert_paths                      = $puppetdb::params::ssl_set_cert_paths,
  $ssl_cert_path                           = $puppetdb::params::ssl_cert_path,
  $ssl_key_path                            = $puppetdb::params::ssl_key_path,
  $ssl_key_pk8_path                        = $puppetdb::params::ssl_key_pk8_path,
  $ssl_ca_cert_path                        = $puppetdb::params::ssl_ca_cert_path,
  $ssl_deploy_certs                        = $puppetdb::params::ssl_deploy_certs,
  $ssl_key                                 = $puppetdb::params::ssl_key,
  $ssl_cert                                = $puppetdb::params::ssl_cert,
  $ssl_ca_cert                             = $puppetdb::params::ssl_ca_cert,
  $ssl_protocols                           = $puppetdb::params::ssl_protocols,
  $postgresql_ssl_on                       = $puppetdb::params::postgresql_ssl_on,
  $postgresql_ssl_folder                   = $puppetdb::params::postgresql_ssl_folder,
  $postgresql_ssl_cert_path                = $puppetdb::params::postgresql_ssl_cert_path,
  $postgresql_ssl_key_path                 = $puppetdb::params::postgresql_ssl_key_path,
  $postgresql_ssl_ca_cert_path             = $puppetdb::params::postgresql_ssl_ca_cert_path,
  $cipher_suites                           = $puppetdb::params::cipher_suites,
  $migrate                                 = $puppetdb::params::migrate,
  $manage_dbserver                         = $puppetdb::params::manage_dbserver,
  $manage_database                         = $puppetdb::params::manage_database,
  $manage_package_repo                     = $puppetdb::params::manage_pg_repo,
  $postgres_version                        = $puppetdb::params::postgres_version,
  $database_host                           = $puppetdb::params::database_host,
  $database_port                           = $puppetdb::params::database_port,
  $database_username                       = $puppetdb::params::database_username,
  $database_password                       = $puppetdb::params::database_password,
  $database_name                           = $puppetdb::params::database_name,
  $manage_db_password                      = $puppetdb::params::manage_db_password,
  $jdbc_ssl_properties                     = $puppetdb::params::jdbc_ssl_properties,
  $database_listen_address                 = $puppetdb::params::postgres_listen_addresses,
  $database_validate                       = $puppetdb::params::database_validate,
  $node_ttl                                = $puppetdb::params::node_ttl,
  $node_purge_ttl                          = $puppetdb::params::node_purge_ttl,
  $report_ttl                              = $puppetdb::params::report_ttl,
  Optional[Array] $facts_blacklist         = $puppetdb::params::facts_blacklist,
  $gc_interval                             = $puppetdb::params::gc_interval,
  $node_purge_gc_batch_limit               = $puppetdb::params::node_purge_gc_batch_limit,
  $conn_max_age                            = $puppetdb::params::conn_max_age,
  $conn_lifetime                           = $puppetdb::params::conn_lifetime,
  $puppetdb_package                        = $puppetdb::params::puppetdb_package,
  $puppetdb_service                        = $puppetdb::params::puppetdb_service,
  $puppetdb_service_status                 = $puppetdb::params::puppetdb_service_status,
  $puppetdb_user                           = $puppetdb::params::puppetdb_user,
  $puppetdb_group                          = $puppetdb::params::puppetdb_group,
  $puppetdb_server                         = $puppetdb::params::puppetdb_server,
  $read_database_host                      = $puppetdb::params::read_database_host,
  $read_database_port                      = $puppetdb::params::read_database_port,
  $read_database_username                  = $puppetdb::params::read_database_username,
  $read_database_password                  = $puppetdb::params::read_database_password,
  $read_database_name                      = $puppetdb::params::read_database_name,
  $manage_read_db_password                 = $puppetdb::params::manage_read_db_password,
  $read_database_jdbc_ssl_properties       = $puppetdb::params::read_database_jdbc_ssl_properties,
  $read_database_validate                  = $puppetdb::params::read_database_validate,
  $read_conn_max_age                       = $puppetdb::params::read_conn_max_age,
  $read_conn_lifetime                      = $puppetdb::params::read_conn_lifetime,
  $confdir                                 = $puppetdb::params::confdir,
  $vardir                                  = $puppetdb::params::vardir,
  $manage_firewall                         = $puppetdb::params::manage_firewall,
  $java_args                               = $puppetdb::params::java_args,
  $merge_default_java_args                 = $puppetdb::params::merge_default_java_args,
  $max_threads                             = $puppetdb::params::max_threads,
  $command_threads                         = $puppetdb::params::command_threads,
  $concurrent_writes                       = $puppetdb::params::concurrent_writes,
  $store_usage                             = $puppetdb::params::store_usage,
  $temp_usage                              = $puppetdb::params::temp_usage,
  $disable_update_checking                 = $puppetdb::params::disable_update_checking,
  $certificate_whitelist_file              = $puppetdb::params::certificate_whitelist_file,
  $certificate_whitelist                   = $puppetdb::params::certificate_whitelist,
  $database_max_pool_size                  = $puppetdb::params::database_max_pool_size,
  $read_database_max_pool_size             = $puppetdb::params::read_database_max_pool_size,
  Boolean $automatic_dlo_cleanup           = $puppetdb::params::automatic_dlo_cleanup,
  String[1] $cleanup_timer_interval        = $puppetdb::params::cleanup_timer_interval,
  Integer[1] $dlo_max_age                  = $puppetdb::params::dlo_max_age,
  Postgresql::Pg_password_encryption $postgresql_password_encryption = $puppetdb::params::password_encryption,
  Optional[Stdlib::Absolutepath] $java_bin = $puppetdb::params::java_bin,
) inherits puppetdb::params {
  class { 'puppetdb::server':
    listen_address                    => $listen_address,
    listen_port                       => $listen_port,
    disable_cleartext                 => $disable_cleartext,
    open_listen_port                  => $open_listen_port,
    ssl_listen_address                => $ssl_listen_address,
    ssl_listen_port                   => $ssl_listen_port,
    disable_ssl                       => $disable_ssl,
    open_ssl_listen_port              => $open_ssl_listen_port,
    ssl_dir                           => $ssl_dir,
    ssl_set_cert_paths                => $ssl_set_cert_paths,
    ssl_cert_path                     => $ssl_cert_path,
    ssl_key_path                      => $ssl_key_path,
    ssl_key_pk8_path                  => $ssl_key_pk8_path,
    ssl_ca_cert_path                  => $ssl_ca_cert_path,
    ssl_deploy_certs                  => $ssl_deploy_certs,
    ssl_key                           => $ssl_key,
    ssl_cert                          => $ssl_cert,
    ssl_ca_cert                       => $ssl_ca_cert,
    ssl_protocols                     => $ssl_protocols,
    postgresql_ssl_on                 => $postgresql_ssl_on,
    cipher_suites                     => $cipher_suites,
    migrate                           => $migrate,
    database_host                     => $database_host,
    database_port                     => $database_port,
    database_username                 => $database_username,
    database_password                 => $database_password,
    database_name                     => $database_name,
    manage_db_password                => $manage_db_password,
    jdbc_ssl_properties               => $jdbc_ssl_properties,
    database_validate                 => $database_validate,
    node_ttl                          => $node_ttl,
    node_purge_ttl                    => $node_purge_ttl,
    report_ttl                        => $report_ttl,
    facts_blacklist                   => $facts_blacklist,
    gc_interval                       => $gc_interval,
    node_purge_gc_batch_limit         => $node_purge_gc_batch_limit,
    conn_max_age                      => $conn_max_age,
    conn_lifetime                     => $conn_lifetime,
    puppetdb_package                  => $puppetdb_package,
    puppetdb_service                  => $puppetdb_service,
    puppetdb_service_status           => $puppetdb_service_status,
    confdir                           => $confdir,
    vardir                            => $vardir,
    java_args                         => $java_args,
    merge_default_java_args           => $merge_default_java_args,
    max_threads                       => $max_threads,
    read_database_host                => $read_database_host,
    read_database_port                => $read_database_port,
    read_database_username            => $read_database_username,
    read_database_password            => $read_database_password,
    read_database_name                => $read_database_name,
    manage_read_db_password           => $manage_read_db_password,
    read_database_jdbc_ssl_properties => $read_database_jdbc_ssl_properties,
    read_database_validate            => $read_database_validate,
    read_conn_max_age                 => $read_conn_max_age,
    read_conn_lifetime                => $read_conn_lifetime,
    puppetdb_user                     => $puppetdb_user,
    puppetdb_group                    => $puppetdb_group,
    manage_firewall                   => $manage_firewall,
    manage_database                   => $manage_database,
    command_threads                   => $command_threads,
    concurrent_writes                 => $concurrent_writes,
    store_usage                       => $store_usage,
    temp_usage                        => $temp_usage,
    disable_update_checking           => $disable_update_checking,
    certificate_whitelist_file        => $certificate_whitelist_file,
    certificate_whitelist             => $certificate_whitelist,
    database_max_pool_size            => $database_max_pool_size,
    read_database_max_pool_size       => $read_database_max_pool_size,
    automatic_dlo_cleanup             => $automatic_dlo_cleanup,
    cleanup_timer_interval            => $cleanup_timer_interval,
    dlo_max_age                       => $dlo_max_age,
    java_bin                          => $java_bin,
  }

  $database_before = str2bool($database_validate) ? {
    false => Class['puppetdb::server'],
    default => [
      Class['puppetdb::server'],
      Class['puppetdb::server::validate_db']
    ],
  }

  class { 'puppetdb::database::postgresql':
    listen_addresses            => $database_listen_address,
    database_name               => $database_name,
    puppetdb_server             => $puppetdb_server,
    database_username           => $database_username,
    database_password           => $database_password,
    database_port               => $database_port,
    manage_server               => $manage_dbserver,
    manage_database             => $manage_database,
    manage_package_repo         => $manage_package_repo,
    postgres_version            => $postgres_version,
    postgresql_ssl_on           => $postgresql_ssl_on,
    postgresql_ssl_key_path     => $postgresql_ssl_key_path,
    postgresql_ssl_cert_path    => $postgresql_ssl_cert_path,
    postgresql_ssl_ca_cert_path => $postgresql_ssl_ca_cert_path,
    read_database_username      => $read_database_username,
    read_database_password      => $read_database_password,
    read_database_host          => $read_database_host,
    password_encryption         => $postgresql_password_encryption,
    before                      => $database_before,
  }
}