diff options
author | Hugo Hörnquist <hugo@lysator.liu.se> | 2023-06-19 01:36:55 +0200 |
---|---|---|
committer | Hugo Hörnquist <hugo@lysator.liu.se> | 2023-06-19 01:46:54 +0200 |
commit | 52460da209690e23f37cde606a68035675177638 (patch) | |
tree | ccbf1d9f2744cfc5da936fe6a448bd6d4bf688cc /manifests/eyaml_master.pp | |
parent | Replace concourse with module. (diff) | |
download | profiles-52460da209690e23f37cde606a68035675177638.tar.gz profiles-52460da209690e23f37cde606a68035675177638.tar.xz |
Move eyaml configuration to own class.
Diffstat (limited to 'manifests/eyaml_master.pp')
-rw-r--r-- | manifests/eyaml_master.pp | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/manifests/eyaml_master.pp b/manifests/eyaml_master.pp new file mode 100644 index 0000000..c7d57d0 --- /dev/null +++ b/manifests/eyaml_master.pp @@ -0,0 +1,55 @@ +# @summary Generates and manages the eyaml keys +# +# @param keypath +# Directory in which the public and private key will be stored. +# This directory will be managed by this module, and (in the future) +# be exported through NFS. +# @param public_key +# Local filename of the public key (no directory components). +# @param private_key +# Local filename of the private key (no directory components). +# @param user +# User which should own the keys. +# @param group +# Group which should own the keys. Currently worthless, since the +# keys mode is set to 0600 (or equivalent). +class profiles::eyaml_master ( + Stdlib::Absolutepath $keypath = '/etc/puppetlabs/puppet/eyaml', + String $public_key = 'public_key.pkcs7.pem', + String $private_key = 'private_key.pkcs7.pem', + String $user = 'puppet', + String $group = 'puppet', +) { + + # Distro version should work fine + ensure_packages(['hiera-eyaml']) + + file { $keypath: + ensure => directory, + mode => '0700', + owner => $user, + group => $group, + } + + # NOTE If eyaml was installed throuh `puppetserver gem install %` + # then it ends up in `/opt/puppetlabs/puppet/bin`. + exec { 'Create eyaml keys': + command => [ + 'eyaml', 'createkeys', + '--pkcs7-public-key', "${keypath}/${public_key}", + '--pkcs7-private-key', "${keypath}/${private_key}", + ], + creates => "${keypath}/${private_key}", + path => ['/bin', '/usr/bin'], + umask => '0600', + user => $user, + group => $group, + } + + # include profiles::nfs_server + + # concat::fragment { 'Export eyaml keys': + # target => $profiles::nfs_server::exports_file, + # content => "${keypath} *(ro,root_squash,no_subtree_check)", + # } +} |