(PE-36193) PDB benchmark can use ssl #3835
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This look to have disappeared from use years ago when the cli tooling changed.
Replaces use of clj-http.client with our puppetlabs.hhtp.client that provides for https communication when provided certs. Specifically, this is to allow benchmark to use https for it's pdb commands. Threads pdb jetty ssl opts to through to the new http client from benchmark invocation.
* Adds documentation for using benchmark over https. * Marks https as the preferred configuration if you are going to run benchmark off the primary. * The http configuration docs incorrectly specified that you could lock down http access to a single agent by setting puppetdb's jetty.host to the agent ip. The host setting tells puppetdb which interfaces to listen on on the primary, not which ip's to allow requests from. * Emphasized that opening http is not recommended as this is insecure and allows http access from any source.
|
I didn't find a great spot for adding tests for this. Setting up a full pdb stack with certs looked pretty fiddly as the helpers are just testing plain http I think. Open to suggestions. |
|
Jenkins tests are sometimes failing because of a transient issue getting gems from artifactory. |
...to account for some slower test runs on macos. It's also possibly that the puppetlabs client is a bit slower? But I think I've seen this transient before.
austb
approved these changes
Jul 19, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This look to have disappeared from use years ago when the cli tooling
changed.
Replaces use of clj-http.client with our puppetlabs.hhtp.client that
provides for https communication when provided certs. Specifically,
this is to allow benchmark to use https for it's pdb commands. Threads
pdb jetty ssl opts to through to the new http client from benchmark
invocation.
benchmark off the primary.
down http access to a single agent by setting puppetdb's jetty.host to
the agent ip. The host setting tells puppetdb which interfaces to listen
on on the primary, not which ip's to allow requests from.
allows http access from any source.