blob: 7f6cc89438841e1fb711ef6eae49f40c2c691e14 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
class profiles::puppetdb {
exec { '/opt/puppetlabs/bin/puppetdb ssl-setup':
creates => '/etc/puppetlabs/puppetdb/ssl/ca.pem'
}
class { 'puppetdb':
listen_address => '::', # Just accept insecure connections
disable_ssl => false,
# This sohuld in theory allow full access to the database, but it
# doesn't seem to do that. See [AUTH]
certificate_whitelist => [ $::servername, ],
}
# [AUTH] Innstead, in /etc/puppetlabs/puppetdb/conf.d/auth.conf
# i changed the rule
# match-request: /metrics
# to allow anything:
# - allow: "*"
# + allow-unauthenticated: true
# This is "requried", and is recommended to be included in this way
# (presumably to later allow setting parameters)
class { 'puppetdb::master::config':
# Puppetdb sets up the puppetserver resource, to be able to
# trigger a refresh, and contains a defined(Service[$puppet_service_name])
# check beforehand, but for some reason it just doesn't work. So
# we just disable it expliticly, and assume that
# profiles::puppetserver is also pulled in.
create_puppet_service_resource => false,
}
}
|