promote develop to master #6
@ -2,3 +2,6 @@
|
||||
profiles::puppet::server::dns_alt_names:
|
||||
- puppetca.main.unkin.net
|
||||
- puppetca
|
||||
|
||||
profiles::puppet::puppetca::is_puppetca: true
|
||||
profiles::puppet::puppetca::allow_subject_alt_names: true
|
||||
|
||||
35
site/profiles/manifests/puppet/puppetca.pp
Normal file
35
site/profiles/manifests/puppet/puppetca.pp
Normal file
@ -0,0 +1,35 @@
|
||||
# Class: profiles::puppet::puppetca
|
||||
#
|
||||
# This class manages Puppet CA
|
||||
class profiles::puppet::puppetca (
|
||||
Boolean $allow_subject_alt_names = false,
|
||||
Boolean $allow_authorization_extensions = false,
|
||||
Boolean $enable_infra_crl = false,
|
||||
Boolean $is_puppetca = false,
|
||||
) {
|
||||
|
||||
# manage the ca.cfg file
|
||||
file { '/etc/puppetlabs/puppetserver/conf.d/ca.conf':
|
||||
ensure => 'file',
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
content => template('profiles/puppet/puppet_ca.cfg.erb'),
|
||||
notify => Service['puppetserver'],
|
||||
}
|
||||
|
||||
# manage the crl file
|
||||
if $is_puppetca {
|
||||
# export the puppet crl.pem
|
||||
@@file { '/etc/puppetlabs/puppet/ssl/crl.pem':
|
||||
ensure => file,
|
||||
content => file('/etc/puppetlabs/puppet/ssl/crl.pem'),
|
||||
tag => 'crl_pem_export',
|
||||
}
|
||||
}else{
|
||||
# import the puppet crl.pem
|
||||
File <<| tag == 'crl_pem_export' |>> {
|
||||
require => Service['puppetserver'],
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -16,6 +16,7 @@ class profiles::puppet::puppetmaster (
|
||||
include profiles::puppet::gems
|
||||
include profiles::helpers::certmanager
|
||||
include profiles::puppet::server
|
||||
include profiles::puppet::puppetca
|
||||
|
||||
class { 'puppetdb::master::config':
|
||||
puppetdb_server => $puppetdb_host,
|
||||
|
||||
10
site/profiles/templates/puppet/puppet_ca.cfg.erb
Normal file
10
site/profiles/templates/puppet/puppet_ca.cfg.erb
Normal file
@ -0,0 +1,10 @@
|
||||
certificate-authority: {
|
||||
# allow CA to sign certificate requests that have subject alternative names.
|
||||
allow-subject-alt-names: <%= @allow_subject_alt_names %>
|
||||
|
||||
# allow CA to sign certificate requests that have authorization extensions.
|
||||
allow-authorization-extensions: <%= @allow_authorization_extensions %>
|
||||
|
||||
# enable the separate CRL for Puppet infrastructure nodes
|
||||
enable-infra-crl: <%= @enable_infra_crl %>
|
||||
}
|
||||
Loading…
Reference in New Issue
Block a user