1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
# @summary Generates and manages the eyaml keys
#
# @param keypath
# Directory in which the public and private key will be stored.
# This directory will be managed by this module, and (in the future)
# be exported through NFS.
# @param public_key
# Local filename of the public key (no directory components).
# @param private_key
# Local filename of the private key (no directory components).
# @param user
# User which should own the keys.
# @param group
# Group which should own the keys. Currently worthless, since the
# keys mode is set to 0600 (or equivalent).
class profiles::eyaml_master (
Stdlib::Absolutepath $keypath = '/etc/puppetlabs/puppet/eyaml',
String $public_key = 'public_key.pkcs7.pem',
String $private_key = 'private_key.pkcs7.pem',
String $user = 'puppet',
String $group = 'puppet',
) {
# Distro version should work fine
ensure_packages(['hiera-eyaml'])
file { $keypath:
ensure => directory,
mode => '0700',
owner => $user,
group => $group,
}
# NOTE If eyaml was installed throuh `puppetserver gem install %`
# then it ends up in `/opt/puppetlabs/puppet/bin`.
exec { 'Create eyaml keys':
command => [
'eyaml', 'createkeys',
'--pkcs7-public-key', "${keypath}/${public_key}",
'--pkcs7-private-key', "${keypath}/${private_key}",
],
creates => "${keypath}/${private_key}",
path => ['/bin', '/usr/bin'],
umask => '0600',
user => $user,
group => $group,
}
# include profiles::nfs_server
# concat::fragment { 'Export eyaml keys':
# target => $profiles::nfs_server::exports_file,
# content => "${keypath} *(ro,root_squash,no_subtree_check)",
# }
}
|