diff --git a/manifests/server.pp b/manifests/server.pp index 6cae51d5..c04fd982 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -478,7 +478,6 @@ conn_max_age => $conn_max_age, conn_lifetime => $conn_lifetime, confdir => $confdir, - puppetdb_user => $puppetdb_user, puppetdb_group => $puppetdb_group, migrate => $migrate, notify => Service[$puppetdb_service], @@ -510,7 +509,6 @@ conn_max_age => $read_conn_max_age, conn_lifetime => $read_conn_lifetime, confdir => $confdir, - puppetdb_user => $puppetdb_user, puppetdb_group => $puppetdb_group, notify => Service[$puppetdb_service], database_max_pool_size => $read_database_max_pool_size, @@ -520,29 +518,29 @@ file { $ssl_dir: ensure => directory, - owner => $puppetdb_user, + owner => 'root', group => $puppetdb_group, - mode => '0700'; + mode => '0755'; $ssl_key_path: ensure => file, content => $ssl_key, - owner => $puppetdb_user, + owner => 'root', group => $puppetdb_group, - mode => '0600', + mode => '0640', notify => Service[$puppetdb_service]; $ssl_cert_path: ensure => file, content => $ssl_cert, - owner => $puppetdb_user, + owner => 'root', group => $puppetdb_group, - mode => '0600', + mode => '0644', notify => Service[$puppetdb_service]; $ssl_ca_cert_path: ensure => file, content => $ssl_ca_cert, - owner => $puppetdb_user, + owner => 'root', group => $puppetdb_group, - mode => '0600', + mode => '0644', notify => Service[$puppetdb_service]; } } @@ -560,9 +558,9 @@ file { $ssl_key_pk8_path: ensure => file, - owner => $puppetdb_user, + owner => 'root', group => $puppetdb_group, - mode => '0600', + mode => '0640', notify => Service[$puppetdb_service], } } @@ -583,7 +581,6 @@ confdir => $confdir, max_threads => $max_threads, notify => Service[$puppetdb_service], - puppetdb_user => $puppetdb_user, puppetdb_group => $puppetdb_group, } @@ -592,7 +589,6 @@ certificate_whitelist => $certificate_whitelist, disable_update_checking => $disable_update_checking, confdir => $confdir, - puppetdb_user => $puppetdb_user, puppetdb_group => $puppetdb_group, notify => Service[$puppetdb_service], } diff --git a/manifests/server/database.pp b/manifests/server/database.pp index 087f07b7..2e835e02 100644 --- a/manifests/server/database.pp +++ b/manifests/server/database.pp @@ -19,7 +19,6 @@ $conn_max_age = $puppetdb::params::conn_max_age, $conn_lifetime = $puppetdb::params::conn_lifetime, $confdir = $puppetdb::params::confdir, - $puppetdb_user = $puppetdb::params::puppetdb_user, $puppetdb_group = $puppetdb::params::puppetdb_group, $database_max_pool_size = $puppetdb::params::database_max_pool_size, $migrate = $puppetdb::params::migrate, @@ -50,9 +49,9 @@ file { $database_ini: ensure => file, - owner => $puppetdb_user, + owner => 'root', group => $puppetdb_group, - mode => '0600', + mode => '0640', } $file_require = File[$database_ini] diff --git a/manifests/server/jetty.pp b/manifests/server/jetty.pp index 1dca0670..9a4bbb47 100644 --- a/manifests/server/jetty.pp +++ b/manifests/server/jetty.pp @@ -16,16 +16,15 @@ Optional[String] $cipher_suites = $puppetdb::params::cipher_suites, $confdir = $puppetdb::params::confdir, $max_threads = $puppetdb::params::max_threads, - $puppetdb_user = $puppetdb::params::puppetdb_user, $puppetdb_group = $puppetdb::params::puppetdb_group, ) inherits puppetdb::params { $jetty_ini = "${confdir}/jetty.ini" file { $jetty_ini: ensure => file, - owner => $puppetdb_user, + owner => 'root', group => $puppetdb_group, - mode => '0600', + mode => '0640', } # Set the defaults diff --git a/manifests/server/puppetdb.pp b/manifests/server/puppetdb.pp index 1057be19..001547df 100644 --- a/manifests/server/puppetdb.pp +++ b/manifests/server/puppetdb.pp @@ -6,16 +6,15 @@ $certificate_whitelist = $puppetdb::params::certificate_whitelist, $disable_update_checking = $puppetdb::params::disable_update_checking, $confdir = $puppetdb::params::confdir, - $puppetdb_user = $puppetdb::params::puppetdb_user, $puppetdb_group = $puppetdb::params::puppetdb_group, ) inherits puppetdb::params { $puppetdb_ini = "${confdir}/puppetdb.ini" file { $puppetdb_ini: ensure => file, - owner => $puppetdb_user, + owner => 'root', group => $puppetdb_group, - mode => '0600', + mode => '0640', } # Set the defaults diff --git a/manifests/server/read_database.pp b/manifests/server/read_database.pp index b6155162..15aa2e7a 100644 --- a/manifests/server/read_database.pp +++ b/manifests/server/read_database.pp @@ -13,7 +13,6 @@ $conn_max_age = $puppetdb::params::read_conn_max_age, $conn_lifetime = $puppetdb::params::read_conn_lifetime, $confdir = $puppetdb::params::confdir, - $puppetdb_user = $puppetdb::params::puppetdb_user, $puppetdb_group = $puppetdb::params::puppetdb_group, $database_max_pool_size = $puppetdb::params::read_database_max_pool_size, $postgresql_ssl_on = $puppetdb::params::postgresql_ssl_on, @@ -44,9 +43,9 @@ file { $read_database_ini: ensure => file, - owner => $puppetdb_user, + owner => 'root', group => $puppetdb_group, - mode => '0600', + mode => '0640', } $file_require = File[$read_database_ini] diff --git a/spec/unit/classes/server/database_ini_spec.rb b/spec/unit/classes/server/database_ini_spec.rb index 4d6a5810..4d9d7fa5 100644 --- a/spec/unit/classes/server/database_ini_spec.rb +++ b/spec/unit/classes/server/database_ini_spec.rb @@ -20,9 +20,9 @@ is_expected.to contain_file("#{pdbconfdir}/database.ini") .with( 'ensure' => 'file', - 'owner' => 'puppetdb', + 'owner' => 'root', 'group' => 'puppetdb', - 'mode' => '0600', + 'mode' => '0640', ) } it { diff --git a/spec/unit/classes/server/jetty_ini_spec.rb b/spec/unit/classes/server/jetty_ini_spec.rb index ce322bc6..1baf749b 100644 --- a/spec/unit/classes/server/jetty_ini_spec.rb +++ b/spec/unit/classes/server/jetty_ini_spec.rb @@ -20,9 +20,9 @@ is_expected.to contain_file("#{pdbconfdir}/jetty.ini") .with( 'ensure' => 'file', - 'owner' => 'puppetdb', + 'owner' => 'root', 'group' => 'puppetdb', - 'mode' => '0600', + 'mode' => '0640', ) } it { diff --git a/spec/unit/classes/server/puppetdb_ini_spec.rb b/spec/unit/classes/server/puppetdb_ini_spec.rb index 14d8907e..8ccb1bc3 100644 --- a/spec/unit/classes/server/puppetdb_ini_spec.rb +++ b/spec/unit/classes/server/puppetdb_ini_spec.rb @@ -30,9 +30,9 @@ is_expected.to contain_file('/etc/puppetlabs/puppetdb/conf.d/puppetdb.ini') .with( 'ensure' => 'file', - 'owner' => 'puppetdb', + 'owner' => 'root', 'group' => 'puppetdb', - 'mode' => '0600', + 'mode' => '0640', ) } it { diff --git a/spec/unit/classes/server/read_database_ini_spec.rb b/spec/unit/classes/server/read_database_ini_spec.rb index a5f189f0..277104a3 100644 --- a/spec/unit/classes/server/read_database_ini_spec.rb +++ b/spec/unit/classes/server/read_database_ini_spec.rb @@ -20,9 +20,9 @@ is_expected.to contain_file('/etc/puppetlabs/puppetdb/conf.d/read_database.ini') .with( 'ensure' => 'file', - 'owner' => 'puppetdb', + 'owner' => 'root', 'group' => 'puppetdb', - 'mode' => '0600', + 'mode' => '0640', ) } it { diff --git a/spec/unit/classes/server_spec.rb b/spec/unit/classes/server_spec.rb index 78cd4f49..7b9a3e11 100644 --- a/spec/unit/classes/server_spec.rb +++ b/spec/unit/classes/server_spec.rb @@ -210,9 +210,9 @@ is_expected.to contain_file('/etc/puppetlabs/puppetdb/ssl/private.pk8') .with( ensure: 'file', - owner: 'puppetdb', + owner: 'root', group: 'puppetdb', - mode: '0600', + mode: '0640', ) end end