diff --git a/README.md b/README.md index da312195..24e0d045 100644 --- a/README.md +++ b/README.md @@ -157,6 +157,42 @@ class { 'puppetboard::apache::vhost': } ``` +### Using SSL to the PuppetDB host + + +If you would like to use certificate auth into the PuppetDB service, use any of the configurations from above and set the following parameters to your puppetboard class. + +```puppet + +class { 'puppetboard': + manage_virtualenv => true, + puppetdb_host => 'puppet.example.com', + puppetdb_port => '8081', + puppetdb_key => "/var/lib/puppet/ssl/private_keys/${::certname}.pem", + puppetdb_ssl => 'True', + puppetdb_cert => "/var/lib/puppet/ssl/certs/${::certname}.pem", +} + +``` + +Note that the above only works if you have the Puppet CA root certificate added to the root certificate authority file used by your operating system. If you want to specify the location to the Puppet CA file ( you probably do) you have to use the syntax below. Currently this is a bit of a gross hack, but it's an open issue to resolve it in the Puppet module: + + +```puppet + +class { 'puppetboard': + manage_virtualenv => true, + puppetdb_host => 'puppet.example.com', + puppetdb_port => '8081', + puppetdb_key => "/var/lib/puppet/ssl/private_keys/${::certname}.pem", + puppetdb_ssl => "'/var/lib/puppet/ssl/certs/ca.pem'", + puppetdb_cert => "/var/lib/puppet/ssl/certs/${::certname}.pem", +} + +``` + + + License diff --git a/spec/acceptance/class_spec.rb b/spec/acceptance/class_spec.rb index 628b7909..1f488796 100644 --- a/spec/acceptance/class_spec.rb +++ b/spec/acceptance/class_spec.rb @@ -80,4 +80,48 @@ class { 'puppetboard::apache::vhost': end end end + + context 'default parameters' do + hosts.each do |host| + if fact('osfamily') == 'RedHat' + if fact('architecture') == 'amd64' + on host, "wget http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm; rpm -ivh epel-release-6-8.noarch.rpm" + else + on host, "wget http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm; rpm -ivh epel-release-6-8.noarch.rpm" + end + end + on host, "puppet module install puppetlabs/apache" + install_package host, 'python-virtualenv' + install_package host, 'git' + end + + it 'should work with no errors' do + pp= <<-EOS + class { 'puppetboard': + manage_virtualenv => true, + puppetdb_host => 'puppet.example.com', + puppetdb_port => '8081', + puppetdb_key => "/var/lib/puppet/ssl/private_keys/test.networkninjas.net.pem", + puppetdb_ssl => 'True', + puppetdb_cert => "/var/lib/puppet/ssl/certs/test.networkninjas.net.pem", + } + EOS + + + # Run it twice and test for idempotency + apply_manifest(pp, :catch_failures => true) + apply_manifest(pp, :catch_failures => true) + end + + #binding.pry + + describe file("/srv/puppetboard/puppetboard/puppetboard/default_settings.py") do + it { should contain "PUPPETDB_KEY = '/var/lib/puppet/ssl/private_keys/test.networkninjas.net.pem'" } + it { should contain "PUPPETDB_CERT = '/var/lib/puppet/ssl/certs/test.networkninjas.net.pem'" } + end + + end end + + + diff --git a/templates/default_settings.py.erb b/templates/default_settings.py.erb index afa63211..d48642f0 100644 --- a/templates/default_settings.py.erb +++ b/templates/default_settings.py.erb @@ -1,8 +1,8 @@ PUPPETDB_HOST = '<%= @puppetdb_host %>' PUPPETDB_PORT = <%= @puppetdb_port %> PUPPETDB_SSL_VERIFY = <%= @puppetdb_ssl %> -PUPPETDB_KEY = <%= @puppetdb_key %> -PUPPETDB_CERT = <%= @puppetdb_cert %> +PUPPETDB_KEY = '<%= @puppetdb_key %>' +PUPPETDB_CERT = '<%= @puppetdb_cert %>' PUPPETDB_TIMEOUT = <%= @puppetdb_timeout %> DEV_LISTEN_HOST = '<%= @dev_listen_host %>' DEV_LISTEN_PORT = <%= @dev_listen_port %>