unkin/puppet-prod
2
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity

promote develop to master #6

Merged
unkinben merged 449 commits from develop into master 2024-06-01 14:48:48 +10:00
Conversation 0 Commits 449 Files Changed 291 +20 -3
3 changed files with 20 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit c96676e143 - Show all commits

3
hieradata/common.yaml
View File

@ -27,5 +27,8 @@ profiles::puppet::autosign::subnet_ranges:
profiles::puppet::autosign::domains: profiles::puppet::autosign::domains:
- '*.main.unkin.net' - '*.main.unkin.net'
# profiles::puppet::autosign::nodes:
# - 'somenode.main.unkin.net'
profiles::puppet::enc::enc_repo: https://git.unkin.net/unkinben/puppet-enc.git profiles::puppet::enc::enc_repo: https://git.unkin.net/unkinben/puppet-enc.git
profiles::puppet::r10k::r10k_repo: https://git.unkin.net/unkinben/puppet-r10k.git profiles::puppet::r10k::r10k_repo: https://git.unkin.net/unkinben/puppet-r10k.git

14
site/profiles/manifests/puppet/autosign.pp
View File

@ -9,26 +9,34 @@
# - `subnet_ranges`: An array of IP subnet ranges in CIDR notation. # - `subnet_ranges`: An array of IP subnet ranges in CIDR notation.
# Nodes with IP addresses within these ranges will have their # Nodes with IP addresses within these ranges will have their
# certificates autosigned. # certificates autosigned.
# Default: []
# Example: ['198.18.17.0/24'] # Example: ['198.18.17.0/24']
# #
# - `domains`: An array of domain patterns. # - `domains`: An array of domain patterns.
# Nodes with hostnames matching these patterns will have their # Nodes with hostnames matching these patterns will have their
# certificates autosigned. # certificates autosigned.
# Default: ['*.main.unkin.net'] # Default: []
# Example: ['*.main.unkin.net', '*.secondary.unkin.net'] # Example: ['*.main.unkin.net', '*.secondary.unkin.net']
# #
# - `nodes`: An array of specific node names.
# Nodes with hostnames matching these will have their
# certificates autosigned.
# Default: []
# Example: ['somenode.main.unkin.net', 'othernode.secondary.unkin.net']
# Usage: # Usage:
# #
# To include this class with custom parameters: # To include this class with custom parameters:
# class { 'profiles::puppet::autosign': # class { 'profiles::puppet::autosign':
# subnet_ranges => ['198.18.17.0/24', '198.18.18.0/24'], # subnet_ranges => ['198.18.17.0/24', '198.18.18.0/24'],
# domains => ['*.main.unkin.net', '*.dev.unkin.net'], # domains => ['*.main.unkin.net', '*.dev.unkin.net'],
# nodes => ['somenode.main.unkin.net', 'othernode.dev.unkin.net'],
# } # }
# #
# Alternatively, configure subnet ranges and domains through Hiera. # Alternatively, configure subnet ranges and domains through Hiera.
class profiles::puppet::autosign ( class profiles::puppet::autosign (
Array[Stdlib::IP::Address::V4::CIDR] $subnet_ranges, Array[Stdlib::IP::Address::V4::CIDR] $subnet_ranges = [],
Array[String[1]] $domains, Array[String[1]] $domains = [],
Array[String[1]] $nodes = [],
) { ) {
# Manage the autosign.conf file using the template # Manage the autosign.conf file using the template

6
site/profiles/templates/puppet/autosign/autosign.conf.erb
View File

@ -1,6 +1,12 @@
# Autosign all nodes from these subnets
<% @subnet_ranges.each do |subnet| -%> <% @subnet_ranges.each do |subnet| -%>
<%= subnet %> <%= subnet %>
<% end -%> <% end -%>
# Autosign all nodes from these domains
<% @domains.each do |domain| -%> <% @domains.each do |domain| -%>
<%= domain %> <%= domain %>
<% end -%> <% end -%>
# Autosign these specific nodes
<% @nodes.each do |node| -%>
<%= node %>
<% end -%>