From 6b95a6ae53e7c4fc74ae830fe4123e3fdf7cb15b Mon Sep 17 00:00:00 2001 From: Mike Kinney Date: Fri, 23 Oct 2015 11:30:39 -0700 Subject: [PATCH] update documentation to reflect puppetdb_ssl is supposed to be a boolean and not a string --- README.md | 26 +++++++++++++------------- manifests/init.pp | 5 +++-- 2 files changed, 16 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index 4959bf33..b8652bbc 100644 --- a/README.md +++ b/README.md @@ -194,12 +194,12 @@ Here's an example, using new certificates: $ssl_dir = '/var/lib/puppetboard/ssl' $puppetboard_certname = 'puppetboard.example.com' class { 'puppetboard': - manage_virtualenv => true, - puppetdb_host => 'puppetdb.example.com', - puppetdb_port => '8081', - puppetdb_key => "${ssl_dir}/private_keys/${puppetboard_certname}.pem", - puppetdb_ssl => 'True', - puppetdb_cert => "${ssl_dir}/certs/${puppetboard_certname}.pem", + manage_virtualenv => true, + puppetdb_host => 'puppetdb.example.com', + puppetdb_port => '8081', + puppetdb_key => "${ssl_dir}/private_keys/${puppetboard_certname}.pem", + puppetdb_ssl_verify => true, + puppetdb_cert => "${ssl_dir}/certs/${puppetboard_certname}.pem", } ``` If you are re-using the existing puppet client certificates, they will already exist on the node (assuming puppet has been run and the client cert signed by the puppet master). However, the puppetboaard user will not have permission to read the private key unless you add it to the puppet group. @@ -210,13 +210,13 @@ Here's a complete example, re-using the puppet client certs: $ssl_dir = $::settings::ssldir $puppetboard_certname = $::certname class { 'puppetboard': - groups => 'puppet', - manage_virtualenv => true, - puppetdb_host => 'puppetdb.example.com', - puppetdb_port => '8081', - puppetdb_key => "${ssl_dir}/private_keys/${puppetboard_certname}.pem", - puppetdb_ssl => 'True', - puppetdb_cert => "${ssl_dir}/certs/${puppetboard_certname}.pem", + groups => 'puppet', + manage_virtualenv => true, + puppetdb_host => 'puppetdb.example.com', + puppetdb_port => '8081', + puppetdb_key => "${ssl_dir}/private_keys/${puppetboard_certname}.pem", + puppetdb_ssl_verify => true, + puppetdb_cert => "${ssl_dir}/certs/${puppetboard_certname}.pem", } ``` Note that both the above approaches only work if you have the Puppet CA root certificate added to the root certificate authority file used by your operating system. If you want to specify the location to the Puppet CA file ( you probably do) you have to use the syntax below. Currently this is a bit of a gross hack, but it's an open issue to resolve it in the Puppet module: diff --git a/manifests/init.pp b/manifests/init.pp index 7fa3ecdd..af6696cd 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -44,8 +44,8 @@ # Defaults to 'None' ($::puppetboard::params::puppetdb_key) # # [*puppetdb_ssl_verify*] -# (string) whether PuppetDB uses SSL or not, 'True' or 'False', or the path to the puppet CA -# Defaults to 'False' ($::puppetboard::params::puppetdb_ssl_verify) +# (string) whether PuppetDB uses SSL or not (true or false) +# Defaults to false ($::puppetboard::params::puppetdb_ssl_verify) # # [*puppetdb_cert*] # (string, absolute path) path to PuppetMaster/CA signed client SSL cert @@ -170,6 +170,7 @@ validate_bool($experimental) validate_bool($localise_timestamp) validate_hash($extra_settings) + validate_bool($puppetdb_ssl_verify) if $manage_group { group { $group: