feat: prepare puppet for debian
- set yum::versionlock to be only for redhat family - set puppet-agent require statement to use apt or yum - remove requirement of downloading puppet7-release-$dist.deb - create all paths in $base_path for vault certificate - set correct $PATH for update-ca-certificates - dynamically set debian release name - split packages to install from common.yaml to os-specific - create groups profile to manage local groups - change sysadmin to be a member of admins group - setup admins sudo rules
This commit is contained in:
@@ -23,12 +23,26 @@ class profiles::pki::vault (
|
||||
$alt_names_file = "${base_path}/alt_names"
|
||||
|
||||
# ensure the base directory exists
|
||||
file { $base_path:
|
||||
file { '/etc/pki':
|
||||
ensure => directory,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0755',
|
||||
}
|
||||
file { '/etc/pki/tls':
|
||||
ensure => directory,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0755',
|
||||
require => File['/etc/pki']
|
||||
}
|
||||
file { $base_path:
|
||||
ensure => directory,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0755',
|
||||
require => File['/etc/pki/tls']
|
||||
}
|
||||
|
||||
# alt_names_file contents
|
||||
$alt_names_content = concat($effective_alt_names, $effective_ip_sans)
|
||||
@@ -40,6 +54,7 @@ class profiles::pki::vault (
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
content => join($alt_names_content, "\n"),
|
||||
require => File[$base_path]
|
||||
}
|
||||
|
||||
# compare the sorted arrays of altnames from disk (fact) vs what is intended (this run)
|
||||
|
||||
Reference in New Issue
Block a user