diff options
| author | Hugo Hörnquist <hugo@lysator.liu.se> | 2023-06-19 01:36:55 +0200 |
|---|---|---|
| committer | Hugo Hörnquist <hugo@lysator.liu.se> | 2023-06-19 01:46:54 +0200 |
| commit | 52460da209690e23f37cde606a68035675177638 (patch) | |
| tree | ccbf1d9f2744cfc5da936fe6a448bd6d4bf688cc | |
| parent | Replace concourse with module. (diff) | |
| download | profiles-52460da209690e23f37cde606a68035675177638.tar.gz profiles-52460da209690e23f37cde606a68035675177638.tar.xz | |
Move eyaml configuration to own class.
| -rw-r--r-- | manifests/eyaml_master.pp | 55 | ||||
| -rw-r--r-- | manifests/puppetserver.pp | 27 |
2 files changed, 66 insertions, 16 deletions
diff --git a/manifests/eyaml_master.pp b/manifests/eyaml_master.pp new file mode 100644 index 0000000..c7d57d0 --- /dev/null +++ b/manifests/eyaml_master.pp @@ -0,0 +1,55 @@ +# @summary Generates and manages the eyaml keys +# +# @param keypath +# Directory in which the public and private key will be stored. +# This directory will be managed by this module, and (in the future) +# be exported through NFS. +# @param public_key +# Local filename of the public key (no directory components). +# @param private_key +# Local filename of the private key (no directory components). +# @param user +# User which should own the keys. +# @param group +# Group which should own the keys. Currently worthless, since the +# keys mode is set to 0600 (or equivalent). +class profiles::eyaml_master ( + Stdlib::Absolutepath $keypath = '/etc/puppetlabs/puppet/eyaml', + String $public_key = 'public_key.pkcs7.pem', + String $private_key = 'private_key.pkcs7.pem', + String $user = 'puppet', + String $group = 'puppet', +) { + + # Distro version should work fine + ensure_packages(['hiera-eyaml']) + + file { $keypath: + ensure => directory, + mode => '0700', + owner => $user, + group => $group, + } + + # NOTE If eyaml was installed throuh `puppetserver gem install %` + # then it ends up in `/opt/puppetlabs/puppet/bin`. + exec { 'Create eyaml keys': + command => [ + 'eyaml', 'createkeys', + '--pkcs7-public-key', "${keypath}/${public_key}", + '--pkcs7-private-key', "${keypath}/${private_key}", + ], + creates => "${keypath}/${private_key}", + path => ['/bin', '/usr/bin'], + umask => '0600', + user => $user, + group => $group, + } + + # include profiles::nfs_server + + # concat::fragment { 'Export eyaml keys': + # target => $profiles::nfs_server::exports_file, + # content => "${keypath} *(ro,root_squash,no_subtree_check)", + # } +} diff --git a/manifests/puppetserver.pp b/manifests/puppetserver.pp index 3d1a32c..02a04c9 100644 --- a/manifests/puppetserver.pp +++ b/manifests/puppetserver.pp @@ -1,3 +1,13 @@ +# @summary Set up puppet server. +# +# Configures the puppet server, along with default hiera syst.m +# +# @param hiera +# Global hiera configuration for the server. The default is something +# sensible, mostly here so we can populate our classes through hiera +# before this module is set up, handling bootstrap problems. +# @param public_key +# @param private_key class profiles::puppetserver ( Hash $hiera = { 'version' => 5, @@ -17,8 +27,6 @@ class profiles::puppetserver ( } ] }, - Stdlib::Absolutepath $public_key = '/etc/puppetlabs/puppet/eyaml/public_key.pkcs7.pem', - Stdlib::Absolutepath $private_key = '/etc/puppetlabs/puppet/eyaml/private_key.pkcs7.pem', ) { if defined(Class['profiles::puppetagent']) { @@ -85,18 +93,5 @@ class profiles::puppetserver ( }), } - # Distro version should work fine - ensure_packages(['hiera-eyaml']) - - # NOTE If eyaml was installed throuh `puppetserver gem install %` - # then it ends up in `/opt/puppetlabs/puppet/bin`. - exec { 'Create eyaml keys': - command => [ - 'eyaml', 'createkeys', - '--pkcs7-public-key', $public_key, - '--pkcs7-private-key', $private_key, - ], - creates => $private_key, - path => ['/bin', '/usr/bin'], - } + include profiles::eyaml_master } |