postgresql_ssl_on causes install to fail

[d1nuc0m]

Describe the Bug

Setting postgresql_ssl_on => true fails to install PuppetDB

Expected Behavior

It works and allow to install PuppetDB with SSL PostgreSQL

Steps to Reproduce

Example code

class { 'puppetdb':
  postgres_version        => '17',
  listen_address          => '0.0.0.0',
  disable_cleartext       => true,
  postgresql_ssl_on       => true,
  database_host           => $networking['fqdn'],
  database_listen_address => '0.0.0.0',
  database_password       => stdlib::fqdn_rand_string(36),
}

Environment

• Version 8.1.0
• Platform EL 9.5

Additional Context

Log

Notice: /Stage[main]/Puppetdb::Database::Ssl_configuration/File[postgres private key]/ensure: defined content as '{sha256}df4d396b21ed6c6d2e50a4883b1abf914a327b0a69296947cad1fc73303c7fcb'
Notice: /Stage[main]/Puppetdb::Database::Ssl_configuration/File[postgres public key]/ensure: defined content as '{sha256}f83fed1d2dc3ade6549f010f96e1f1a4a1d9d42685aa961f07b6bc13cfdb0015'
Notice: /Stage[main]/Postgresql::Server::Initdb/Postgresql::Server::Instance::Initdb[main]/Exec[postgresql_initdb_instance_main]/returns: The files belonging to this database system will be owned by user "postgres".
Notice: /Stage[main]/Postgresql::Server::Initdb/Postgresql::Server::Instance::Initdb[main]/Exec[postgresql_initdb_instance_main]/returns: This user must also own the server process.
Notice: /Stage[main]/Postgresql::Server::Initdb/Postgresql::Server::Instance::Initdb[main]/Exec[postgresql_initdb_instance_main]/returns: 
Notice: /Stage[main]/Postgresql::Server::Initdb/Postgresql::Server::Instance::Initdb[main]/Exec[postgresql_initdb_instance_main]/returns: The database cluster will be initialized with locale "C.UTF-8".
Notice: /Stage[main]/Postgresql::Server::Initdb/Postgresql::Server::Instance::Initdb[main]/Exec[postgresql_initdb_instance_main]/returns: The default database encoding has accordingly been set to "UTF8".
Notice: /Stage[main]/Postgresql::Server::Initdb/Postgresql::Server::Instance::Initdb[main]/Exec[postgresql_initdb_instance_main]/returns: The default text search configuration will be set to "english".
Notice: /Stage[main]/Postgresql::Server::Initdb/Postgresql::Server::Instance::Initdb[main]/Exec[postgresql_initdb_instance_main]/returns: 
Notice: /Stage[main]/Postgresql::Server::Initdb/Postgresql::Server::Instance::Initdb[main]/Exec[postgresql_initdb_instance_main]/returns: Data page checksums are disabled.
Notice: /Stage[main]/Postgresql::Server::Initdb/Postgresql::Server::Instance::Initdb[main]/Exec[postgresql_initdb_instance_main]/returns: 
Notice: /Stage[main]/Postgresql::Server::Initdb/Postgresql::Server::Instance::Initdb[main]/Exec[postgresql_initdb_instance_main]/returns: initdb: error: directory "/var/lib/pgsql/17/data" exists but is not empty
Notice: /Stage[main]/Postgresql::Server::Initdb/Postgresql::Server::Instance::Initdb[main]/Exec[postgresql_initdb_instance_main]/returns: initdb: hint: If you want to create a new database system, either remove or empty the directory "/var/lib/pgsql/17/data" or run initdb with an argument other than "/var/lib/pgsql/17/data".
Error: '/usr/pgsql-17/bin/initdb --pgdata '/var/lib/pgsql/17/data' --username 'postgres' ' returned 1 instead of one of [0]
Error: /Stage[main]/Postgresql::Server::Initdb/Postgresql::Server::Instance::Initdb[main]/Exec[postgresql_initdb_instance_main]/returns: change from 'notrun' to ['0'] failed: '/usr/pgsql-17/bin/initdb --pgdata '/var/lib/pgsql/17/data' --username 'postgres' ' returned 1 instead of one of [0]

It shows the issues: certificate/key are created before the DB is initialized, so initdb fails - a Require relationship might be enough

[d1nuc0m]

Additional information
Editing manifests/database/ssl_configuration.pp is enough to permit install

File {
    ensure  => present,
    owner   => 'postgres',
    mode    => '0600',
    require => [Package['postgresql-server'],Class['puppetdb::server::database']],
}

but PuppetDB still does not work as of #412, even after switching to 8.0.1 and changing auth method as of #394