support multiple puppetdb servers

per documentation at https://puppet.com/docs/puppetdb/7/puppetdb_connection.html#server_urls
puppetlabs · Mar 30, 2022 · 1a57748 · 1a57748
1 parent 0a934de
commit 1a57748
Show file tree

Hide file tree

Showing 4 changed files with 38 additions and 22 deletions.
diff --git a/lib/puppet/util/puppetdb_validator.rb b/lib/puppet/util/puppetdb_validator.rb
@@ -24,8 +24,9 @@ def log_error(cause, code = nil)
     end
   end
 
-  def valid_connection_new_client?
-    test_uri = URI("#{use_ssl ? 'https' : 'http'}://#{puppetdb_server}:#{puppetdb_port}#{test_path}")
+
+  def valid_connection_new_client?(server)
+    test_uri = URI("#{use_ssl ? 'https' : 'http'}://#{server}:#{puppetdb_port}#{test_path}")
     begin
       conn = Puppet.runtime[:http]
       _response = conn.get(test_uri, headers: test_headers)
@@ -36,14 +37,15 @@ def valid_connection_new_client?
     end
   end
 
-  def valid_connection_old_client?
-    conn = Puppet::Network::HttpPool.http_instance(puppetdb_server, puppetdb_port, use_ssl)
+  def valid_connection_old_client?(server)
+    conn = Puppet::Network::HttpPool.http_instance(server, puppetdb_port, use_ssl)
     response = conn.get(test_path, test_headers)
     unless response.is_a?(Net::HTTPSuccess)
       log_error(response.msg, response.code)
       return false
     end
     true
+
   end
 
   # Utility method; attempts to make an http/https connection to the puppetdb server.
@@ -56,11 +58,19 @@ def attempt_connection
     # http(s), so here we're simpling hitting a somewhat arbitrary low-impact URL
     # on the puppetdb server.
 
-    if Gem::Version.new(Puppet.version) >= Gem::Version.new('7.0.0')
-      valid_connection_new_client?
+  if Gem::Version.new(Puppet.version) >= Gem::Version.new('7.0.0')
+    if puppetdb_server.kind_of?(Array)
+      puppetdb_server.each { | server | valid_connection_new_client?(server) }
     else
-      valid_connection_old_client?
+      valid_connection_new_client?(puppetdb_server)
     end
+  else
+    if puppetdb_server.kind_of?(Array)
+      puppetdb_server.each { | server | valid_connection_old_client?(server) }
+    else
+      valid_connection_old_client?(puppetdb_server)
+    end
+  end
   rescue StandardError => e
     log_error(e.message)
     false

diff --git a/manifests/database/ssl_configuration.pp b/manifests/database/ssl_configuration.pp
@@ -6,7 +6,7 @@
   $database_username           = $puppetdb::params::database_username,
   $read_database_username      = $puppetdb::params::read_database_username,
   $read_database_host          = $puppetdb::params::read_database_host,
-  $puppetdb_server             = $puppetdb::params::puppetdb_server,
+  Variant[String,Array[String, 1]] $puppetdb_server = $puppetdb::params::puppetdb_server,
   $postgresql_ssl_key_path     = $puppetdb::params::postgresql_ssl_key_path,
   $postgresql_ssl_cert_path    = $puppetdb::params::postgresql_ssl_cert_path,
   $postgresql_ssl_ca_cert_path = $puppetdb::params::postgresql_ssl_ca_cert_path,
@@ -54,19 +54,19 @@
     require => [File['postgres private key'], File['postgres public key']],
   }
 
-  puppetdb::database::postgresql_ssl_rules { "Configure postgresql ssl rules for ${database_username}":
-    database_name     => $database_name,
-    database_username => $database_username,
-    postgres_version  => $postgres_version,
-    puppetdb_server   => $puppetdb_server,
-  }
-
-  if $create_read_user_rule {
-    puppetdb::database::postgresql_ssl_rules { "Configure postgresql ssl rules for ${read_database_username}":
+  flatten($puppetdb_server).each | $server | {
+    puppetdb::database::postgresql_ssl_rules { "Configure postgresql ssl rules for ${database_username} from ${server}":
       database_name     => $database_name,
-      database_username => $read_database_username,
+      database_username => $database_username,
       postgres_version  => $postgres_version,
-      puppetdb_server   => $puppetdb_server,
+      puppetdb_server   => $server,
+    }
+    if $create_read_user_rule {
+      puppetdb::database::postgresql_ssl_rules { "Configure postgresql ssl rules for ${read_database_username} from ${server}":
+        database_name     => $database_name,
+        database_username => $read_database_username,
+        puppetdb_server   => $server,
+      }
     }
   }
 }
diff --git a/manifests/master/config.pp b/manifests/master/config.pp
@@ -1,8 +1,8 @@
 # @summary manage the puppet configuration on the primary
 #
 # @param puppetdb_server
-#   The dns name or ip of the PuppetDB server. Defaults to the hostname of the
-#   current node, i.e. `$::fqdn`.
+#   The dns name or ip of the PuppetDB server, or an Array of the same.
+#   Defaults to the hostname of the current node, i.e. `$::fqdn`.
 #
 # @param puppetdb_port
 #   The port that the PuppetDB server is running on. Defaults to `8081`.

diff --git a/manifests/master/puppetdb_conf.pp b/manifests/master/puppetdb_conf.pp
@@ -30,9 +30,15 @@
       value   => $port,
     }
   } else {
+    if is_array($server) {
+      $servers_url_string = $server.map | $value | { "https://${value}:${port}"}.join(',') }
+    } else {
+      $servers_url_string = "https://${server}:${port}/"
+    }
+
     ini_setting { 'puppetdbserver_urls':
       setting => 'server_urls',
-      value   => "https://${server}:${port}/",
+      value   => $servers_url_string,
     }
   }