4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
# File 'manifests/server/puppetdb.pp', line 4
class puppetdb::server::puppetdb (
$certificate_whitelist_file = $puppetdb::params::certificate_whitelist_file,
$certificate_whitelist = $puppetdb::params::certificate_whitelist,
$disable_update_checking = $puppetdb::params::disable_update_checking,
$confdir = $puppetdb::params::confdir,
$puppetdb_user = $puppetdb::params::puppetdb_user,
$puppetdb_group = $puppetdb::params::puppetdb_group,
) inherits puppetdb::params {
$puppetdb_ini = "${confdir}/puppetdb.ini"
file { $puppetdb_ini:
ensure => file,
owner => $puppetdb_user,
group => $puppetdb_group,
mode => '0600',
}
# Set the defaults
Ini_setting {
path => $puppetdb_ini,
ensure => present,
section => 'puppetdb',
require => File[$puppetdb_ini],
}
$certificate_whitelist_setting_ensure = empty($certificate_whitelist) ? {
true => 'absent',
default => 'present',
}
# accept connections only from puppet master
ini_setting { 'puppetdb-connections-from-master-only':
ensure => $certificate_whitelist_setting_ensure,
section => 'puppetdb',
setting => 'certificate-whitelist',
value => $certificate_whitelist_file,
}
file { $certificate_whitelist_file:
ensure => $certificate_whitelist_setting_ensure,
content => template('puppetdb/certificate-whitelist.erb'),
mode => '0644',
owner => 0,
group => 0,
}
if $disable_update_checking {
ini_setting { 'puppetdb_disable_update_checking':
setting => 'disable-update-checking',
value => $disable_update_checking,
}
} else {
ini_setting { 'puppetdb_disable_update_checking':
ensure => 'absent',
setting => 'disable-update-checking',
}
}
}
|