Port installer to Puppet 7

Puppetserver, PuppetDB and Puppetboard work Signed-off-by: Samuli Seppänen <samuli@openvpn.net>
Puppet-Finland · Apr 6, 2021 · 000f770 · 000f770
1 parent c025635
commit 000f770
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 15 deletions.
diff --git a/Puppetfile b/Puppetfile
@@ -36,9 +36,6 @@ mod 'puppetlabs/postgresql', '7.0.2'
 mod 'theforeman/puppet',
   :git => 'https://github.com/Puppet-Finland/puppet-puppet.git',
   :ref => 'puppet-7'
-mod 'puppetlabs-puppet_authorization',
-  :git => 'https://github.com/Puppet-Finland/puppetlabs-puppet_authorization.git',
-  :ref => 'puppet7'
 mod 'puppet-puppetboard',
   :git => 'https://github.com/Puppet-Finland/puppet-module-puppetboard.git',
   :ref => 'latest_python_module'

diff --git a/manifests/puppetboard.pp b/manifests/puppetboard.pp
@@ -111,6 +111,21 @@
     before                     => Class['::puppetboard'],
   }
 
+  # On Ubuntu 20.04 and CentOS 8 there's an issue with PuppetDB <-> Puppetboard
+  # interaction:
+  #
+  # <https://github.com/voxpupuli/puppetboard/issues/535>
+  #
+  ini_setting { 'puppetdb-cipher-suites':
+    ensure  => present,
+    path    => '/etc/puppetlabs/puppetdb/conf.d/jetty.ini',
+    section => 'jetty',
+    setting => 'cipher-suites',
+    value   => '”TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA"',
+    require => File['/etc/puppetlabs/puppetdb/conf.d/jetty.ini'],
+    notify  => Service['puppetdb'],
+  }
+
   file { [ $puppetboard_config_dir, $puppetboard_ssl_dir ]:
     ensure  => directory,
     owner   => 'root',
@@ -160,7 +175,7 @@
 
   class { '::puppetboard':
     # puppet-puppetboard clones puppetboard from Git, so we need to specify a known-good version
-    revision            => '7e19ee73aca2d887459156f003f71e8f98289ee8',
+    revision            => '18120d520b7ea15bfc734b57742530c3d2b769ff',
     groups              => $puppetboard_groups,
     puppetdb_host       => $puppetboard_puppetdb_host,
     puppetdb_port       => $puppetboard_puppetdb_port,

diff --git a/manifests/puppetserver.pp b/manifests/puppetserver.pp
@@ -128,16 +128,6 @@
     *       => $ini_setting_defaults,
   }
 
-  puppet_authorization::rule { 'files':
-    match_request_path => '^/puppet/v3/file_(content|metadata)s?/files/',
-    match_request_type => 'regex',
-    allow              => '*',
-    sort_order         => 400,
-    path               => '/etc/puppetlabs/puppetserver/conf.d/auth.conf',
-    require            => Class['::puppet'],
-  }
-
-
   if $manage_packetfilter {
     include ::packetfilter::endpoint
 

diff --git a/vagrant/kafo.pp b/vagrant/kafo.pp
@@ -5,7 +5,7 @@
 }
 
 package { 'kafo':
-  ensure   => '4.1.0',
+  ensure   => '6.3.0',
   provider => 'puppet_gem',
 }