feat: puppet::client multiple altnames
- puppet clients can not request multiple dns alt_names - set puppetdbapi hosts to request multiple certificates
This commit is contained in:
parent
6bd66724dc
commit
0901595de9
@ -93,6 +93,9 @@ lookup_options:
|
||||
profiles::puppet::server::dns_alt_names:
|
||||
merge:
|
||||
strategy: deep
|
||||
profiles::puppet::client::dns_alt_names:
|
||||
merge:
|
||||
strategy: deep
|
||||
profiles::base::hosts::additional_hosts:
|
||||
merge:
|
||||
strategy: deep
|
||||
@ -199,6 +202,8 @@ profiles::puppet::client::runinterval: 1800
|
||||
profiles::puppet::client::runtimeout: 3600
|
||||
profiles::puppet::client::show_diff: true
|
||||
profiles::puppet::client::usecacheonfailure: false
|
||||
profiles::puppet::client::dns_alt_names:
|
||||
- "%{trusted.certname}"
|
||||
|
||||
# puppetdb
|
||||
puppetdbapi: prodinf01n04.main.unkin.net
|
||||
|
||||
@ -4,6 +4,11 @@ profiles::puppet::puppetdb_api::java_args:
|
||||
'-Xmx': '2048m'
|
||||
'-Xms': '256m'
|
||||
|
||||
profiles::puppet::client::dns_alt_names:
|
||||
- puppetdbapi.main.unkin.net
|
||||
- puppetdbapi.service.consul
|
||||
- puppetdbapi.query.consul
|
||||
|
||||
# additional altnames
|
||||
profiles::pki::vault::alt_names:
|
||||
- puppetdbapi.main.unkin.net
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
#
|
||||
# site/profile/manifests/puppet/client.pp
|
||||
class profiles::puppet::client (
|
||||
String $dns_alt_names = $trusted['certname'],
|
||||
Array $dns_alt_names = [$trusted['certname']],
|
||||
String $server = 'puppetmaster',
|
||||
String $ca_server = 'puppetca',
|
||||
String $environment = 'develop',
|
||||
@ -17,6 +17,9 @@ class profiles::puppet::client (
|
||||
# dont manage puppet.conf if this is a puppetmaster
|
||||
if $facts['enc_role'] != 'roles::infra::puppet::master' {
|
||||
|
||||
|
||||
$dns_alt_names_string = join(sort($dns_alt_names), ',')
|
||||
|
||||
# Assuming you want to manage puppet.conf with this profile
|
||||
file { '/etc/puppetlabs/puppet/puppet.conf':
|
||||
ensure => 'present',
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
[main]
|
||||
dns_alt_names = <%= @dns_alt_names %>
|
||||
dns_alt_names = <%= @dns_alt_names_string %>
|
||||
|
||||
[agent]
|
||||
server = <%= @server %>
|
||||
|
||||
Loading…
Reference in New Issue
Block a user