feat: prepare puppet for debian

- set yum::versionlock to be only for redhat family
- set puppet-agent require statement to use apt or yum
- remove requirement of downloading puppet7-release-$dist.deb
- create all paths in $base_path for vault certificate
- set correct $PATH for update-ca-certificates
- dynamically set debian release name
- split packages to install from common.yaml to os-specific
- create groups profile to manage local groups
- change sysadmin to be a member of admins group
- setup admins sudo rules
This commit is contained in:
2024-04-13 21:04:08 +10:00
parent 5f8b0ba102
commit d0d67e316a
10 changed files with 86 additions and 28 deletions
+16 -1
View File
@@ -23,12 +23,26 @@ class profiles::pki::vault (
$alt_names_file = "${base_path}/alt_names"
# ensure the base directory exists
file { $base_path:
file { '/etc/pki':
ensure => directory,
owner => 'root',
group => 'root',
mode => '0755',
}
file { '/etc/pki/tls':
ensure => directory,
owner => 'root',
group => 'root',
mode => '0755',
require => File['/etc/pki']
}
file { $base_path:
ensure => directory,
owner => 'root',
group => 'root',
mode => '0755',
require => File['/etc/pki/tls']
}
# alt_names_file contents
$alt_names_content = concat($effective_alt_names, $effective_ip_sans)
@@ -40,6 +54,7 @@ class profiles::pki::vault (
group => 'root',
mode => '0644',
content => join($alt_names_content, "\n"),
require => File[$base_path]
}
# compare the sorted arrays of altnames from disk (fact) vs what is intended (this run)
+1 -1
View File
@@ -30,7 +30,7 @@ class profiles::pki::vaultca {
# Execute the system command to update the CA trust store
exec { 'update_ca_trust_store':
command => $update_ca_cert_command,
path => ['/bin', '/usr/bin'],
path => ['/bin', '/usr/bin', 'sbin', '/usr/sbin'],
refreshonly => true,
require => File[$ca_cert_target_path],
}