Puppet Class: puppet::puppetdb

Defined in:
manifests/puppetdb.pp

Summary

PuppetDB server

Overview

PuppetDB server on separate host

puppet.com/docs/puppetdb/latest/install_via_module.html#step-2-assign-classes-to-nodes 1) If you are installing PuppetDB on the same server as your Puppet Server, assign

the `puppetdb` and `puppetdb::master::config` classes to it.

2) If you want to run PuppetDB on its own server with a local PostgreSQL

instance, assign the puppetdb class to it, and assign the puppetdb::master::config
class to your Puppet Server. Make sure to set the class parameters as necessary.

Examples:

include puppet::puppetdb

Parameters:

  • manage_database (Boolean) (defaults to: true)

    Boolean. Default is true. If set then class Puppetdb will use puppetlabs/postgresql for Postgres database server management and PuppetDB database setup

  • manage_firewall (Boolean) (defaults to: false)

    Boolean. Default is false. If set than class Puppetdb::Server will use puppetlabs/firewall for firewall rules setup, iptables/ip6tables services management

  • postgres_database_host (Stdlib::Host) (defaults to: 'localhost')
  • postgres_database_name (String) (defaults to: 'puppetdb')
  • postgres_database_username (String) (defaults to: 'puppetdb')
  • postgres_database_password (String) (defaults to: 'puppetdb')
  • ssl_protocols (Array[String]) (defaults to: ['TLSv1.2', 'TLSv1.3'])
  • cipher_suites (Array[String]) (defaults to: [ 'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256', 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256', 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384', 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', 'TLS_DHE_RSA_WITH_AES_256_GCM_SHA384', 'TLS_DHE_RSA_WITH_AES_128_GCM_SHA256', ]) 


24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
 
# File 'manifests/puppetdb.pp', line 24

class puppet::puppetdb (
  Boolean $manage_database = true,
  Stdlib::Host $postgres_database_host = 'localhost',
  String $postgres_database_name = 'puppetdb',
  String $postgres_database_username = 'puppetdb',
  String $postgres_database_password = 'puppetdb',
  Array[String] $ssl_protocols = ['TLSv1.2', 'TLSv1.3'],
  Array[String] $cipher_suites = [
    'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256',
    'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256',
    'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384',
    'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384',
    'TLS_DHE_RSA_WITH_AES_256_GCM_SHA384',
    'TLS_DHE_RSA_WITH_AES_128_GCM_SHA256',
  ],
  Boolean $manage_firewall = false,
) {
  if $manage_database {
    include lsys_postgresql

    postgresql::server::extension { "${postgres_database_name}-pg_trgm":
      extension => 'pg_trgm',
      database  => $postgres_database_name,
    }

    Class['postgresql::server'] -> Class['puppetdb']
    Postgresql::Server::Extension["${postgres_database_name}-pg_trgm"] -> Class['puppetdb']
  }

  class { 'puppetdb':
    database          => 'postgres',
    manage_dbserver   => false,
    database_host     => $postgres_database_host,
    database_name     => $postgres_database_name,
    database_username => $postgres_database_username,
    database_password => $postgres_database_password,
    manage_firewall   => $manage_firewall,

    manage_database   => $manage_database,

    ssl_protocols     => join($ssl_protocols, ','),
    cipher_suites     => join($cipher_suites, ','),
  }

  contain puppetdb
}