feat: distribute eyaml pub/priv key
- distribute the private/public pem for eyaml via eyaml
This commit is contained in:
@@ -0,0 +1,41 @@
|
||||
# profiles::puppet::eyaml
|
||||
class profiles::puppet::eyaml (
|
||||
String $privatekey = '',
|
||||
String $publickey = '',
|
||||
) {
|
||||
|
||||
# create the /var/lib/puppet/keys directory
|
||||
file { '/var/lib/puppet':
|
||||
ensure => 'directory',
|
||||
owner => 'puppet',
|
||||
group => 'root',
|
||||
mode => '0755',
|
||||
}
|
||||
file { '/var/lib/puppet/keys':
|
||||
ensure => 'directory',
|
||||
owner => 'puppet',
|
||||
group => 'root',
|
||||
mode => '0755',
|
||||
require => File['/var/lib/puppet']
|
||||
}
|
||||
# manage the eyaml private key
|
||||
file { '/var/lib/puppet/keys/private_key.pkcs7.pem':
|
||||
ensure => 'file',
|
||||
owner => 'puppet',
|
||||
group => 'root',
|
||||
mode => '0400',
|
||||
content => Sensitive($privatekey),
|
||||
before => Service['puppetserver'],
|
||||
require => File['/var/lib/puppet/keys'],
|
||||
}
|
||||
# manage the eyaml private key
|
||||
file { '/var/lib/puppet/keys/public_key.pkcs7.pem':
|
||||
ensure => 'file',
|
||||
owner => 'puppet',
|
||||
group => 'root',
|
||||
mode => '0400',
|
||||
content => Sensitive($publickey),
|
||||
before => Service['puppetserver'],
|
||||
require => File['/var/lib/puppet/keys'],
|
||||
}
|
||||
}
|
||||
@@ -17,6 +17,7 @@ class profiles::puppet::puppetmaster (
|
||||
include profiles::helpers::certmanager
|
||||
include profiles::puppet::server
|
||||
include profiles::puppet::puppetca
|
||||
include profiles::puppet::eyaml
|
||||
|
||||
class { 'puppetdb::master::config':
|
||||
puppetdb_server => $puppetdb_host,
|
||||
|
||||
Reference in New Issue
Block a user