4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
|
# File 'manifests/server/jetty.pp', line 4
class puppetdb::server::jetty (
$listen_address = $puppetdb::params::listen_address,
$listen_port = $puppetdb::params::listen_port,
$disable_cleartext = $puppetdb::params::disable_cleartext,
$ssl_listen_address = $puppetdb::params::ssl_listen_address,
$ssl_listen_port = $puppetdb::params::ssl_listen_port,
$disable_ssl = $puppetdb::params::disable_ssl,
Boolean $ssl_set_cert_paths = $puppetdb::params::ssl_set_cert_paths,
$ssl_cert_path = $puppetdb::params::ssl_cert_path,
$ssl_key_path = $puppetdb::params::ssl_key_path,
$ssl_ca_cert_path = $puppetdb::params::ssl_ca_cert_path,
Optional[String] $ssl_protocols = $puppetdb::params::ssl_protocols,
Optional[String] $cipher_suites = $puppetdb::params::cipher_suites,
$confdir = $puppetdb::params::confdir,
$max_threads = $puppetdb::params::max_threads,
$puppetdb_user = $puppetdb::params::puppetdb_user,
$puppetdb_group = $puppetdb::params::puppetdb_group,
) inherits puppetdb::params {
$jetty_ini = "${confdir}/jetty.ini"
file { $jetty_ini:
ensure => file,
owner => $puppetdb_user,
group => $puppetdb_group,
mode => '0600',
}
# Set the defaults
Ini_setting {
path => $jetty_ini,
ensure => present,
section => 'jetty',
require => File[$jetty_ini],
}
$cleartext_setting_ensure = $disable_cleartext ? {
true => 'absent',
default => 'present',
}
ini_setting { 'puppetdb_host':
ensure => $cleartext_setting_ensure,
setting => 'host',
value => $listen_address,
}
ini_setting { 'puppetdb_port':
ensure => $cleartext_setting_ensure,
setting => 'port',
value => $listen_port,
}
$ssl_setting_ensure = $disable_ssl ? {
true => 'absent',
default => 'present',
}
ini_setting { 'puppetdb_sslhost':
ensure => $ssl_setting_ensure,
setting => 'ssl-host',
value => $ssl_listen_address,
}
ini_setting { 'puppetdb_sslport':
ensure => $ssl_setting_ensure,
setting => 'ssl-port',
value => $ssl_listen_port,
}
if $ssl_protocols {
ini_setting { 'puppetdb_sslprotocols':
ensure => $ssl_setting_ensure,
setting => 'ssl-protocols',
value => $ssl_protocols,
}
}
if $cipher_suites {
ini_setting { 'puppetdb_cipher-suites':
ensure => $ssl_setting_ensure,
setting => 'cipher-suites',
value => $cipher_suites,
}
}
if $ssl_set_cert_paths {
# assume paths have been validated in calling class
ini_setting { 'puppetdb_ssl_key':
ensure => present,
setting => 'ssl-key',
value => $ssl_key_path,
}
ini_setting { 'puppetdb_ssl_cert':
ensure => present,
setting => 'ssl-cert',
value => $ssl_cert_path,
}
ini_setting { 'puppetdb_ssl_ca_cert':
ensure => present,
setting => 'ssl-ca-cert',
value => $ssl_ca_cert_path,
}
}
if ($max_threads) {
ini_setting { 'puppetdb_max_threads':
setting => 'max-threads',
value => $max_threads,
}
} else {
ini_setting { 'puppetdb_max_threads':
ensure => absent,
setting => 'max-threads',
}
}
}
|