puppetlabs · bassonj · Mar 16, 2022 · Mar 30, 2022 · Mar 30, 2022
@@ -24,8 +24,9 @@ def log_error(cause, code = nil)
     end
   end
 
-  def valid_connection_new_client?
-    test_uri = URI("#{use_ssl ? 'https' : 'http'}://#{puppetdb_server}:#{puppetdb_port}#{test_path}")
+
+  def valid_connection_new_client?(server)
+    test_uri = URI("#{use_ssl ? 'https' : 'http'}://#{server}:#{puppetdb_port}#{test_path}")
     begin
       conn = Puppet.runtime[:http]
       _response = conn.get(test_uri, headers: test_headers)
@@ -36,14 +37,15 @@ def valid_connection_new_client?
     end
   end
 
-  def valid_connection_old_client?
-    conn = Puppet::Network::HttpPool.http_instance(puppetdb_server, puppetdb_port, use_ssl)
+  def valid_connection_old_client?(server)
+    conn = Puppet::Network::HttpPool.http_instance(server, puppetdb_port, use_ssl)
     response = conn.get(test_path, test_headers)
     unless response.is_a?(Net::HTTPSuccess)
       log_error(response.msg, response.code)
       return false
     end
     true
+
   end
 
   # Utility method; attempts to make an http/https connection to the puppetdb server.
@@ -56,11 +58,19 @@ def attempt_connection
     # http(s), so here we're simpling hitting a somewhat arbitrary low-impact URL
     # on the puppetdb server.
 
-    if Gem::Version.new(Puppet.version) >= Gem::Version.new('7.0.0')
-      valid_connection_new_client?
+  if Gem::Version.new(Puppet.version) >= Gem::Version.new('7.0.0')
+    if puppetdb_server.kind_of?(Array)
+      puppetdb_server.each { | server | valid_connection_new_client?(server) }
     else
-      valid_connection_old_client?
+      valid_connection_new_client?(puppetdb_server)
     end
+  else
+    if puppetdb_server.kind_of?(Array)
+      puppetdb_server.each { | server | valid_connection_old_client?(server) }
+    else
+      valid_connection_old_client?(puppetdb_server)
+    end
+  end
   rescue StandardError => e
     log_error(e.message)
     return false

@@ -1,15 +1,15 @@
 # Class for configuring SSL connection for the PuppetDB postgresql database. See README.md for more
 # information.
 class puppetdb::database::ssl_configuration (
-  $database_name               = $puppetdb::params::database_name,
-  $database_username           = $puppetdb::params::database_username,
-  $read_database_username      = $puppetdb::params::read_database_username,
-  $read_database_host          = $puppetdb::params::read_database_host,
-  $puppetdb_server             = $puppetdb::params::puppetdb_server,
-  $postgresql_ssl_key_path     = $puppetdb::params::postgresql_ssl_key_path,
-  $postgresql_ssl_cert_path    = $puppetdb::params::postgresql_ssl_cert_path,
-  $postgresql_ssl_ca_cert_path = $puppetdb::params::postgresql_ssl_ca_cert_path,
-  $create_read_user_rule       = false,
+  $database_name                                    = $puppetdb::params::database_name,
+  $database_username                                = $puppetdb::params::database_username,
+  $read_database_username                           = $puppetdb::params::read_database_username,
+  $read_database_host                               = $puppetdb::params::read_database_host,
+  Variant[String,Array[String, 1]] $puppetdb_server = $puppetdb::params::puppetdb_server,
+  $postgresql_ssl_key_path                          = $puppetdb::params::postgresql_ssl_key_path,
+  $postgresql_ssl_cert_path                         = $puppetdb::params::postgresql_ssl_cert_path,
+  $postgresql_ssl_ca_cert_path                      = $puppetdb::params::postgresql_ssl_ca_cert_path,
+  $create_read_user_rule                            = false,
 ) inherits puppetdb::params {
   File {
     ensure  => present,
@@ -52,17 +52,20 @@
     require => [File['postgres private key'], File['postgres public key']]
   }
 
-  puppetdb::database::postgresql_ssl_rules { "Configure postgresql ssl rules for ${database_username}":
-    database_name     => $database_name,
-    database_username => $database_username,
-    puppetdb_server   => $puppetdb_server,
-  }
+  $_puppetdb_servers = flatten($puppetdb_server)
 
-  if $create_read_user_rule {
-    puppetdb::database::postgresql_ssl_rules { "Configure postgresql ssl rules for ${read_database_username}":
+  $_puppetdb_servers.each | $server | {
+    puppetdb::database::postgresql_ssl_rules { "Configure postgresql ssl rules for ${database_username} from ${server}":
       database_name     => $database_name,
-      database_username => $read_database_username,
-      puppetdb_server   => $puppetdb_server,
+      database_username => $database_username,
+      puppetdb_server   => $server,
+    }
+    if $create_read_user_rule {
+      puppetdb::database::postgresql_ssl_rules { "Configure postgresql ssl rules for ${read_database_username} from ${server}":
+        database_name     => $database_name,
+        database_username => $read_database_username,
+        puppetdb_server   => $server,
+      }
     }
   }
 }
@@ -1,6 +1,6 @@
 # Manage puppet configuration. See README.md for more details.
 class puppetdb::master::config (
-  $puppetdb_server             = $::fqdn,
+  $puppetdb_servers            = $::fqdn,
   $puppetdb_port               = defined(Class['puppetdb']) ? {
     true    => $::puppetdb::disable_ssl ? {
       true => 8080,
@@ -71,7 +71,7 @@
     # *must* not perform the other configuration steps, or else
 
     $conn_puppetdb_server = $manage_config ? {
-      true    => $puppetdb_server,
+      true    => $puppetdb_servers,
       default => undef,
     }
     $conn_puppetdb_port = $manage_config ? {
@@ -157,7 +157,7 @@
     }
 
     class { 'puppetdb::master::puppetdb_conf':
-      server             => $puppetdb_server,
+      servers            => $puppetdb_servers,
       port               => $puppetdb_port,
       soft_write_failure => $puppetdb_soft_write_failure,
       puppet_confdir     => $puppet_confdir,

@@ -1,7 +1,7 @@
 # Manage the puppetdb.conf file on the puppeet master. See README.md for more
 # details.
 class puppetdb::master::puppetdb_conf (
-  $server             = 'localhost',
+  $servers            = 'localhost',
   $port               = '8081',
   $soft_write_failure = $puppetdb::disable_ssl ? {
     true => true,
@@ -30,9 +30,16 @@
       value   => $port,
     }
   } else {
+
+    if is_array($puppetdb_server) {
+      $servers_url_string = $servers.map | $server | { "https://${server}:${port}"}.join(',')
+    } else {
+      $servers_url_string = "https://${server}:${port}/"
+    }
+
     ini_setting { 'puppetdbserver_urls':
       setting => 'server_urls',
-      value   => "https://${server}:${port}/",
+      value   => $servers_url_string,
     }
   }