From f0363cfd5e1dcf90b6f57199c43b67d2a75dfe59 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Hugo=20H=C3=B6rnquist?= <hugo@lysator.liu.se>
Date: Wed, 14 Jun 2023 23:03:10 +0200
Subject: Puppetserver: setup eyaml.

---
 manifests/puppetserver.pp | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

(limited to 'manifests')

diff --git a/manifests/puppetserver.pp b/manifests/puppetserver.pp
index e8f5a1a..3d1a32c 100644
--- a/manifests/puppetserver.pp
+++ b/manifests/puppetserver.pp
@@ -17,6 +17,8 @@ class profiles::puppetserver (
       }
     ]
   },
+  Stdlib::Absolutepath $public_key = '/etc/puppetlabs/puppet/eyaml/public_key.pkcs7.pem',
+  Stdlib::Absolutepath $private_key = '/etc/puppetlabs/puppet/eyaml/private_key.pkcs7.pem',
 ) {
 
   if defined(Class['profiles::puppetagent']) {
@@ -82,4 +84,19 @@ class profiles::puppetserver (
       'header' => '# This file is managed by puppet',
     }),
   }
+
+  # Distro version should work fine
+  ensure_packages(['hiera-eyaml'])
+
+  # NOTE If eyaml was installed throuh `puppetserver gem install %`
+  # then it ends up in `/opt/puppetlabs/puppet/bin`.
+  exec { 'Create eyaml keys':
+    command => [
+      'eyaml', 'createkeys',
+      '--pkcs7-public-key', $public_key,
+      '--pkcs7-private-key', $private_key,
+    ],
+    creates => $private_key,
+    path    => ['/bin', '/usr/bin'],
+  }
 }
-- 
cgit v1.2.3