Add puppetserver configs #343
Conversation
|
@jyaworski Need any help finishing this? |
| notify => Class['puppet::server::service'], | ||
| } | ||
|
|
||
| $puppetserver_config_dir = versioncmp($::puppetversion, '4.0.0') >= 0 ? { |
There was a problem hiding this comment.
This line is causing the tests to fail, possibly because the fact is not defined in our tests and is causing the tests to fail.
There was a problem hiding this comment.
Any ideas for a solution?
There was a problem hiding this comment.
$puppetserver_config_dir = num2bool(versioncmp($::puppetversion, '4.0.0') >= 0) ? {
That fixed the test for me.
There was a problem hiding this comment.
@brandonweeks that reads like it shouldn't work. I think it's not needed in params.pp because there it's an if statement and not a selector. In any case, I think we should move this to params.pp and possibly reuse $aio_package.
|
@ekohl reviews would be good. I'm still progressing on this but it has been on the backburner to some other PRs I'm working on. I still very much need to do this, though. |
|
@jyaworski this was on my todo list as well, so I'm very ready to test it. :) |
|
I was poked by @zipkid at a meeting between puppet users, puppetlabs and foreman devs about puppet 4 that this is on his wishlist as well, so this is in demand. |
|
I'll see if I can work on this by the end of this week. I'll ping when it's comment-ready again. |
|
@jyaworski awesome! |
|
Hi @ekohl, @jyaworski, Thanks for poking me on this.
Also, in bootstrap.cfg, when '::puppet::server_ca' evaluates to false the following line should be added. Regards, Stefan. |
|
@zipkid thanks for the feedback. I'll make those changes. @ekohl and @brandonweeks I've already addressed some of your comments. |
|
@zipkid made a few changes. How's it look? |
|
That is indeed what i meant. |
|
Great. I believe this PR is mostly done, except that I have to make the gem-home configurable: https://github.com/theforeman/puppet-puppet/pull/343/files#diff-133e2a0f1f52427763456aee8fba2a7aR5 I'm unaware of a way to get the puppetserver gem home without shelling out (is it worth a puppetserver_gem_home fact? I seriously hope not). If anyone has any ideas while I'm thinking on it, that would be great. |
| # configuration section. This is necessary to | ||
| # disable in case CA is delegated to a separate instance | ||
| # type:boolean | ||
| # $server_ca_authorization_required:: Should the puppetserver ruby profiler be enabled? |
There was a problem hiding this comment.
This is missing from puppet::params and the description is wrong.
There was a problem hiding this comment.
Good find. I did way too much copy-pasting during that part.
|
@jyaworski thanks for working on this, that's awesome 🌟 |
| @@ -0,0 +1,15 @@ | |||
| webserver: { | |||
| access-log-config = /etc/puppetlabs/puppetserver/request-logging.xml | |||
There was a problem hiding this comment.
This shouldn't be hardcoded.
There was a problem hiding this comment.
access-log-config = <%= scope.lookupvar('puppet::server_puppetserver_dir') %>/request-logging.xml
|
On Ubuntu 14.04 I'm getting |
|
Do you have an idea? I don't have the facility to test Ubuntu at the moment? |
| puppet-admin: { | ||
| client-whitelist: [ | ||
| <%- scope.lookupvar('::puppet::server_admin_api_whitelist').each do |certname| -%> | ||
| <%= certname %>, |
There was a problem hiding this comment.
Exception in thread "main" com.typesafe.config.ConfigException$Parse: /etc/puppetserver/conf.d/puppetserver.conf: 58: in value for key 'client-whitelist': List should have had new element after a comma, instead had token: ':' (if you want the comma or ':' to be part of a string value, then double-quote it)
I get this error when ::1 is in the list with puppetserver 1.1.3.
There was a problem hiding this comment.
9af8dae fixed it for me, puppetserver 1.x expects quotes in the conf file itself.
|
@jyaworski I confirmed it with a clean install of Ubuntu, I don't think you'll be able to rely on |
| @@ -0,0 +1,10 @@ | |||
| web-router-service: { | |||
There was a problem hiding this comment.
https://gist.github.com/brandonweeks/bc72082ab65c17b11396
Replacement template with puppetserver 1.x and 2.x support :)
|
@brandonweeks no idea, but since facter 2.x is probably unmaintained now, this won't get resolved. |
|
@mmoll facter 2.4.x is in maintenance mode, just like 3.8.x is for puppet. If there's no fact we can rely on, that's unfortunate. If we add a dependency on puppetlabs-ruby, we can get access to the [root@dagon ~]# facter -p gemhome rubysitedir
gemhome => /usr/lib/ruby/gems/1.8
rubysitedir => /usr/lib/ruby/site_ruby/1.8We could always do directory magic or gsub... |
|
Actually, looking into it, os-settings should essentially never be changed. I'm suggesting we just let whatever the packager puts in there exist, and we don't manage the file. I've removed that part of the code. I can't find references to it in the docs for newer versions. https://docs.puppetlabs.com/puppetserver/2.2/configuration.html |
|
Oh, sorry for the spam.... but it looks like I spoke too soon: jruby-puppet: {
# Where the puppet-agent dependency places puppet, facter, etc...
# Puppet server expects to load Puppet from this location
ruby-load-path: [/opt/puppetlabs/puppet/lib/ruby/vendor_ruby]
# This setting determines where JRuby will look for gems. It is also
# used by the `puppetserver gem` command line tool.
gem-home: /opt/puppetlabs/server/data/puppetserver/jruby-gemsIn 2.x they moved it into puppetserver.conf. I think we can let that value stand (if we can get a puppetserver_version working), and leave os-settings.conf alone. I'm also willing to set gem-home on the same principle. |
|
OK, I think I have a working solution now (without rspec tests). I'll add the tests once I get confirmation this works on a wide variety of setups. As an aside, I saw puppetlabs-hocon if we ever decide to move away from templates for this kind of thing. |
| $server_connect_timeout_milliseconds = 120000 | ||
| $server_enable_ruby_profiler = false | ||
| $server_ca_authorization_required = true | ||
| $server_admin_api_whitelist = [ "127.0.0.1", "::1", $::ipaddress ] # lint:ignore:double_quoted_strings |
There was a problem hiding this comment.
Why not simply switch to single quotes and remove the lint exception?
|
in the spec tests, it's still 4G ;) |
|
BTW, also puppetserver 1.1.3 has |
|
I ran into the two things you already found, looks good otherwise so far. |
| # | ||
| # $manage_packages:: Should this module install packages or not. | ||
| # Can also install only server packages with value | ||
| # of 'server' or only agent packages with 'agent'. | ||
| # Defaults to true | ||
| # type:boolean |
There was a problem hiding this comment.
this is a "stroolean", so it has to be string
|
Implemented all recommendations. |
|
@jyaworski thanks, please feel free to squash in mmoll/puppet-puppet@d6c921f to get the tests green by setting the JAVA options back to 2G also in the tests. Furthermore I couldn't get this to work on a fresh system with However, I think now that it's probably better to have the addition of the trapperkeeper lens in a seperate PR, because this is getting a bit too big here. 💣 So the way to go would be:
Opinions on this? |
|
@mmoll the augeas lens should work if pluginsync is enabled. http://docs.puppetlabs.com/guides/plugins_in_modules.html#module-structure Are you seeing something else? |
|
@jyaworski did you test this with |
|
My mistake; you're talking about running locally with an apply, and I was testing in a client/server setup so pluginsync was working for me. If that's the case, we'll have to ship this the way that @raphink originally did it (and yell at Puppetlabs to do this better)? |
|
Yes, the thing is for foreman-installer this needs to work locally. Even if PL would change the behaviour, we would need to wait for a new Puppet version and depend on specific versions, that wouldn't end well. :) For my POC I took the original cryptocamp code and transformed it back to a way that IMHO works without requiring cryptocamp-augeas. |
|
Proposed solution: since we're just managing one file with augeas and not the entirety of trapperkeeper, we can bypass voxpupuli/puppet-puppetserver#25 until we figure out a way to somehow get them to talk. For now, we only care about its behavior with bootstrap.cfg. I've incorporated your changes. |
|
My changes were unpolished, at least mmoll/puppet-puppet@645c8e5 is needed, also the added lines in manifests/params.pp should be better aligned. The lens test is not needed for now, as we don't test anything, which is not desirable, that's what I meant with "depending on how much is to do regarding testing in addition to just copying it in". I think this PR is fine for now and we need to wait for other people to have a look onto the lens topic. 🔍. |
|
Sure. This is good to merge minus looking at the lens later. |
|
https://gist.github.com/brandonweeks/6ca65417399650c4f8b8 Running into this. |
|
@brandonweeks what's your environment? I'm not running into that. |
|
Oh, I'm an idiot. 😅 This is working perfectly for me with puppetserver 1.x. 👍 |
I'd prefer to keep the lens test in the tree because it's customised from the camptocamp version. It's very important with Augeas lenses to typecheck them to prevent bizarre runtime behaviour, and this lets us do it (manually with augparse, if nothing else). Perhaps just remove/comment the broken test for now so the file passes. |
|
@domcleal the failing test is the one that says that '/' can be a part of keys. I commented that out; the last few lines in the test. |
|
Regarding the lens see voxpupuli/puppet-puppetserver#25 (comment), we'll just pull that in as-is now. |
|
Merged, dziękujemy bardzo @jyaworski! |
|
@mmoll proszę bardzo! |
No description provided.