From dbccaea24ba68ce2d5acb77e7f1f84561fdf49e3 Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Sun, 8 Dec 2024 19:47:59 +1100 Subject: [PATCH] feat: add crypto_policies (#192) - ensure DEFAULT is used for EL8 - ensure DEFAULT:SHA1 is used for EL9, until issues with crypto are resolved for EL9 Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/192 --- Puppetfile | 1 + hieradata/os/AlmaLinux/AlmaLinux8.yaml | 2 ++ hieradata/os/AlmaLinux/AlmaLinux9.yaml | 1 + hieradata/os/AlmaLinux/all_releases.yaml | 1 + 4 files changed, 5 insertions(+) diff --git a/Puppetfile b/Puppetfile index da7b53a..65c883d 100644 --- a/Puppetfile +++ b/Puppetfile @@ -57,6 +57,7 @@ mod 'stm-file_capability', '6.0.0' mod 'h0tw1r3-gitea', '3.2.0' mod 'rehan-mkdir', '2.0.0' mod 'tailoredautomation-patroni', '2.0.0' +mod 'ssm-crypto_policies', '0.3.3' mod 'bind', :git => 'https://git.service.au-syd1.consul/unkinben/puppet-bind.git', diff --git a/hieradata/os/AlmaLinux/AlmaLinux8.yaml b/hieradata/os/AlmaLinux/AlmaLinux8.yaml index 4dccf5e..e9d852d 100644 --- a/hieradata/os/AlmaLinux/AlmaLinux8.yaml +++ b/hieradata/os/AlmaLinux/AlmaLinux8.yaml @@ -1,5 +1,7 @@ # hieradata/os/AlmaLinux/AlmaLinux8.yaml --- +crypto_policies::policy: 'DEFAULT:SHA1' + profiles::packages::include: network-scripts: {} diff --git a/hieradata/os/AlmaLinux/AlmaLinux9.yaml b/hieradata/os/AlmaLinux/AlmaLinux9.yaml index c13fd32..f275d86 100644 --- a/hieradata/os/AlmaLinux/AlmaLinux9.yaml +++ b/hieradata/os/AlmaLinux/AlmaLinux9.yaml @@ -1,5 +1,6 @@ # hieradata/os/AlmaLinux/AlmaLinux9.yaml --- +crypto_policies::policy: 'DEFAULT:SHA1' profiles::yum::global::repos: crb: diff --git a/hieradata/os/AlmaLinux/all_releases.yaml b/hieradata/os/AlmaLinux/all_releases.yaml index db5a2e1..011b283 100644 --- a/hieradata/os/AlmaLinux/all_releases.yaml +++ b/hieradata/os/AlmaLinux/all_releases.yaml @@ -7,6 +7,7 @@ profiles::puppet::agent::puppet_version: '7.34.0' hiera_include: - profiles::almalinux::base + - crypto_policies profiles::packages::include: lzo: {}