Recommit for updates in build 128

2025-12-08 16:32:19 +01:00
parent 7a789f14b2
commit 27142e5574
5 changed files with 187 additions and 136 deletions
--- a/doc/puppet_classes/puppet_cd_3A_3Aparams.html
+++ b/doc/puppet_classes/puppet_cd_3A_3Aparams.html
@@ -1100,6 +1100,78 @@
        &mdash;
        <div class='inline'>
 <p>IP address to listen on</p>
+</div>
+      
+    </li>
+  
+    <li>
+      
+        <span class='name'>pt_enable_tls</span>
+      
+      
+        <span class='type'>(<tt>Boolean</tt>)</span>
+      
+      
+        <em class="default">(defaults to: <tt>false</tt>)</em>
+      
+      
+        &mdash;
+        <div class='inline'>
+<p>whether to use tls encryption for the backend</p>
+</div>
+      
+    </li>
+  
+    <li>
+      
+        <span class='name'>pt_pptdb_ca_crt</span>
+      
+      
+        <span class='type'>(<tt>String</tt>)</span>
+      
+      
+        <em class="default">(defaults to: <tt>&#39;Changeme&#39;</tt>)</em>
+      
+      
+        &mdash;
+        <div class='inline'>
+<p>placeholder for the ca.crt</p>
+</div>
+      
+    </li>
+  
+    <li>
+      
+        <span class='name'>pt_pptdb_server_crt</span>
+      
+      
+        <span class='type'>(<tt>String</tt>)</span>
+      
+      
+        <em class="default">(defaults to: <tt>&#39;Changeme&#39;</tt>)</em>
+      
+      
+        &mdash;
+        <div class='inline'>
+<p>placeholder for the server.crt</p>
+</div>
+      
+    </li>
+  
+    <li>
+      
+        <span class='name'>pt_pptdb_server_key</span>
+      
+      
+        <span class='type'>(<tt>String</tt>)</span>
+      
+      
+        <em class="default">(defaults to: <tt>&#39;Changeme&#39;</tt>)</em>
+      
+      
+        &mdash;
+        <div class='inline'>
+<p>placeholder for the server.crt</p>
 </div>
      
    </li>
@@ -1115,10 +1187,6 @@
        <pre class="lines">


-64
-65
-66
-67
 68
 69
 70
@@ -1255,10 +1323,26 @@
 201
 202
 203
-204</pre>
+204
+205
+206
+207
+208
+209
+210
+211
+212
+213
+214
+215
+216
+217
+218
+219
+220</pre>
      </td>
      <td>
-        <pre class="code"><span class="info file"># File 'manifests/params.pp', line 64</span>
+        <pre class="code"><span class="info file"># File 'manifests/params.pp', line 68</span>

 class puppet_cd::params (

@@ -1312,6 +1396,11 @@ class puppet_cd::params (
  String $pt_db_username            = &#39;foobar&#39;,
  String $pt_db_password            = &#39;foobar&#39;,
  String $pt_gc_interval            = &#39;60&#39;,
+  Boolean $pt_enable_tls            = false,
+  String $pt_pptdb_ca_crt           = &#39;Changeme&#39;,
+  String $pt_pptdb_server_crt       = &#39;Changeme&#39;,
+  String $pt_pptdb_server_key       = &#39;Changeme&#39;,
+
  ## jetty
  String $pt_http_port              = &#39;8080&#39;,
  String $pt_https_port             = &#39;8081&#39;,
@@ -1354,6 +1443,7 @@ class puppet_cd::params (
 ## puppetdb
  $pt_puppetdb_dir                  = &#39;/etc/puppetlabs/puppetdb&#39;
  $pt_puppetdb_conf_dir             = &quot;${pt_puppetdb_dir}/conf.d&quot;
+  $pt_pptdb_ssldir                  = &quot;${pt_puppetdb_dir}/ssl&quot;

 # files
 ## puppet
@@ -1391,6 +1481,12 @@ class puppet_cd::params (
  $pt_repl_ini_erb          = &#39;puppet_cd/puppetdb/repl.ini.erb&#39;
  $pt_service_conf_file     = &#39;/usr/lib/systemd/system/puppetdb.service&#39;
  $pt_service_conf_erb      = &#39;puppet_cd/puppetdb/service.conf.erb&#39;
+  $pt_ca_crt_file           = &quot;${pt_pptdb_ssldir}/ca.crt&quot;
+  $pt_ca_crt_erb            = &#39;puppet_cd/puppetdb/ca.crt.erb&#39;
+  $pt_server_crt_file       = &quot;${pt_pptdb_ssldir}/server.crt&quot;
+  $pt_server_crt_erb        = &#39;puppet_cd/puppetdb/server.crt.erb&#39;
+  $pt_server_key_file       = &quot;${pt_pptdb_ssldir}/server.key&quot;
+  $pt_server_key_erb        = &#39;puppet_cd/puppetdb/server.key.erb&#39;

 # service
  $pt_server_service                = &#39;puppetserver&#39;
--- a/doc/puppet_classes/puppet_cd_3A_3Apuppetdb_3A_3Afiles.html
+++ b/doc/puppet_classes/puppet_cd_3A_3Apuppetdb_3A_3Afiles.html
@@ -226,7 +226,49 @@
 128
 129
 130
-131</pre>
+131
+132
+133
+134
+135
+136
+137
+138
+139
+140
+141
+142
+143
+144
+145
+146
+147
+148
+149
+150
+151
+152
+153
+154
+155
+156
+157
+158
+159
+160
+161
+162
+163
+164
+165
+166
+167
+168
+169
+170
+171
+172
+173</pre>
      </td>
      <td>
        <pre class="code"><span class="info file"># File 'manifests/puppetdb/files.pp', line 6</span>
@@ -355,6 +397,48 @@ class puppet_cd::puppetdb::files (
      content  =&gt; template($pt_repl_ini_erb),
      notify   =&gt; Service[$pt_db_service],
    }
+    if $pt_enable_tls == true {
+      # create tls certs
+      ## ca.crt
+      file { $pt_ca_crt_file:
+        ensure   =&gt; file,
+        owner    =&gt; &#39;puppetdb&#39;,
+        group    =&gt; &#39;puppetdb&#39;,
+        mode     =&gt; &#39;0440&#39;,
+        selrange =&gt; s0,
+        selrole  =&gt; object_r,
+        seltype  =&gt; puppet_etc_t,
+        seluser  =&gt; system_u,
+        content  =&gt; template($pt_ca_crt_erb),
+        notify   =&gt; Service[$pt_db_service],
+      }
+      ## server.crt
+      file { $pt_server_crt_file:
+        ensure   =&gt; file,
+        owner    =&gt; &#39;puppetdb&#39;,
+        group    =&gt; &#39;puppetdb&#39;,
+        mode     =&gt; &#39;0440&#39;,
+        selrange =&gt; s0,
+        selrole  =&gt; object_r,
+        seltype  =&gt; puppet_etc_t,
+        seluser  =&gt; system_u,
+        content  =&gt; template($pt_server_crt_erb),
+        notify   =&gt; Service[$pt_db_service],
+      }
+      ## server.key
+      file { $pt_server_key_file:
+        ensure   =&gt; file,
+        owner    =&gt; &#39;puppetdb&#39;,
+        group    =&gt; &#39;puppetdb&#39;,
+        mode     =&gt; &#39;0440&#39;,
+        selrange =&gt; s0,
+        selrole  =&gt; object_r,
+        seltype  =&gt; puppet_etc_t,
+        seluser  =&gt; system_u,
+        content  =&gt; template($pt_server_key_erb),
+        notify   =&gt; Service[$pt_db_service],
+      }
+    }
  }
 }</pre>
      </td>