Ben Vincent
b468f67103
- manage python script/venv to sign ssh host certificates - add approle_id to puppetmaster eyaml files - add class to sign ssh-rsa host keys - add facts to check if the current principals match the desired principals
40 lines
1.3 KiB
Puppet
40 lines
1.3 KiB
Puppet
# Class: profiles::puppet::puppetmaster
|
|
#
|
|
# This class manages the puppetmaster using the ghoneycutt-puppet module.
|
|
# It manages the server settings in the puppet.conf file.
|
|
class profiles::puppet::puppetmaster (
|
|
Optional[Stdlib::Fqdn] $puppetdb_host = lookup('puppetdbapi', Optional[Stdlib::Fqdn], 'first', undef),
|
|
) {
|
|
|
|
if $facts['enc_role'] == 'roles::infra::puppet::master' {
|
|
|
|
include profiles::puppet::r10k
|
|
include profiles::puppet::g10k
|
|
include profiles::puppet::enc
|
|
include profiles::puppet::cobbler_enc
|
|
include profiles::puppet::autosign
|
|
include profiles::puppet::gems
|
|
include profiles::helpers::certmanager
|
|
include profiles::helpers::sshsignhost
|
|
include profiles::puppet::server
|
|
include profiles::puppet::puppetca
|
|
include profiles::puppet::eyaml
|
|
|
|
class { 'puppetdb::master::config':
|
|
puppetdb_server => $puppetdb_host,
|
|
manage_storeconfigs => false,
|
|
}
|
|
|
|
Package['puppetserver']
|
|
-> Class['profiles::puppet::gems']
|
|
-> Class['profiles::puppet::r10k']
|
|
-> Class['profiles::puppet::g10k']
|
|
-> Class['profiles::puppet::enc']
|
|
-> Class['profiles::puppet::cobbler_enc']
|
|
-> Class['profiles::puppet::autosign']
|
|
-> Class['puppetdb::master::config']
|
|
-> Class['profiles::puppet::server']
|
|
}
|
|
|
|
}
|