Uploaded image for project: 'PuppetDB'
  1. PuppetDB
  2. PDB-2151

Update PE Modules for PuppetDB HA

    Details

    • Type: Task
    • Status: Closed
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: PDB 4.0.0
    • Component/s: None
    • Labels:
      None
    • Template:
    • Story Points:
      3
    • Sprint:
      PuppetDB 2016-01-27, PuppetDB 2016-02-10

      Description

      • make a converted (.pk8) cert in puppetdb.pp
        openssl pkcs8 -topk8 -inform PEM -outform DER -in primary.dev.private_key.pem -out primary.dev.private_key.pk8 -nocrypt
      • add certs to the db connection string
        subname = //primary.dev:5432/pe-puppetdb?ssl=true&sslfactory=org.postgresql.ssl.jdbc4.LibPQFactory&sslmode=verify-full&sslrootcert=/etc/puppetlabs/puppet/ssl/certs/ca.pem&sslkey=/etc/puppetlabs/puppetdb/ssl/primary.dev.private_key.pk8&sslcert=/etc/puppetlabs/puppetdb/ssl/primary.dev.cert.pem
      • add entry to pg_hba.conf
        (also for ipv6)
        hostssl all pe-puppetdb 0.0.0.0/0 cert map=pe-puppetdb-map
      • add entry to pg_ident.conf
        pe-puppetdb-map primary.dev pe-puppetdb
        • one entry like this for each configured pdb; use exported resources for this
      • automatically configure puppetdb sync using exported resources

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                andrew.roetker AJ Roetker
                Reporter:
                russell.mull Russell Mull
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Zendesk Support