feat: use custom cert for puppetdb access (#271)
- manually generated certificate using sudo puppetserver ca generate --certname puppetdbapi.query.consul - saved certificate and private_key in eyaml Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/271
This commit was merged in pull request #271.
This commit is contained in:
@@ -1,5 +1,7 @@
|
||||
# configure the puppetdb api service
|
||||
class profiles::puppet::puppetdb_api (
|
||||
String $private_cert,
|
||||
String $public_cert,
|
||||
String $postgres_host = lookup('puppetdbsql'),
|
||||
String $listen_address = $facts['networking']['ip'],
|
||||
Stdlib::Absolutepath $java_bin = '/usr/bin/java',
|
||||
@@ -24,6 +26,24 @@ class profiles::puppet::puppetdb_api (
|
||||
|
||||
contain ::puppetdb::server
|
||||
|
||||
file { '/etc/puppetlabs/puppetdb/ssl/private.pem':
|
||||
ensure => 'file',
|
||||
content => Sensitive($private_cert),
|
||||
owner => 'puppetdb',
|
||||
group => 'puppetdb',
|
||||
mode => '0600',
|
||||
notify => Service['puppetdb'],
|
||||
}
|
||||
|
||||
file { '/etc/puppetlabs/puppetdb/ssl/public.pem':
|
||||
ensure => 'file',
|
||||
content => $public_cert,
|
||||
owner => 'puppetdb',
|
||||
group => 'puppetdb',
|
||||
mode => '0600',
|
||||
notify => Service['puppetdb'],
|
||||
}
|
||||
|
||||
# generate the minute for the cron job using fqdn_rand
|
||||
$random_minute = fqdn_rand(60)
|
||||
|
||||
|
||||
Reference in New Issue
Block a user