Renamed role/profile directories
* renamed role to roles * renamed profile to profiles * cleaned up all profiles/roles/hieradata to match new paths
This commit is contained in:
@@ -0,0 +1,54 @@
|
||||
# Class: profiles::puppet::autosign
|
||||
#
|
||||
# This class manages an autosign script for the Puppet master.
|
||||
# It sets up a Ruby script that automatically signs Puppet node requests
|
||||
# originating from certain IP subnet ranges.
|
||||
#
|
||||
# Parameters:
|
||||
# - `subnet_ranges`: An array of IP subnet ranges for which to automatically
|
||||
# sign certificate requests.
|
||||
#
|
||||
# Actions:
|
||||
# - Ensures the autosign script file is present and has the correct content and permissions.
|
||||
#
|
||||
# Usage:
|
||||
# The class can be declared in a node definition or classified using an ENC or Hiera.
|
||||
# Example:
|
||||
# node 'puppet.example.com' {
|
||||
# class { 'profiles::puppet::autosign':
|
||||
# subnet_ranges => ['198.18.17.0/24', '10.0.0.0/8'],
|
||||
# }
|
||||
# }
|
||||
#
|
||||
# Requirements:
|
||||
# - Puppet master must have access to the /opt/puppetlabs/bin directory.
|
||||
# - The gem 'ipaddr' module must be installed on the Puppet master.
|
||||
# - The puppet 'puppetlabs/stdlib' module must be installed on the Puppet master.
|
||||
#
|
||||
# Limitations:
|
||||
# This is designed to work on Unix-like systems.
|
||||
class profiles::puppet::autosign (
|
||||
Array[Stdlib::IP::Address::V4::CIDR] $subnet_ranges,
|
||||
) {
|
||||
|
||||
$script_content = @(END)
|
||||
#!/usr/bin/env ruby
|
||||
|
||||
require 'yaml'
|
||||
require 'ipaddr'
|
||||
|
||||
csr = YAML.load(STDIN.read)
|
||||
networks = #{subnet_ranges}
|
||||
|
||||
ip = IPAddr.new(csr['facts']['networking']['ip'])
|
||||
|
||||
exit 1 unless networks.any? { |network| IPAddr.new(network).include?(ip) }
|
||||
exit 0
|
||||
END
|
||||
|
||||
file { '/opt/puppetlabs/bin/autosign.rb':
|
||||
ensure => file,
|
||||
content => $script_content,
|
||||
mode => '0755',
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user