puppet-prod/site/profiles/manifests/puppet/autosign.pp

# profiles::puppet::autosign
#
# This Puppet class provides automation for autosigning node certificates 
# based on specified subnet ranges and domain patterns. 
# It is useful in environments where nodes are dynamically provisioned and 
# require automatic certificate signing without manual intervention.
#
# Parameters:
#   - `subnet_ranges`: An array of IP subnet ranges in CIDR notation.
#       Nodes with IP addresses within these ranges will have their 
#       certificates autosigned. 
#       Default: []
#       Example: ['198.18.17.0/24']
#
#   - `domains`: An array of domain patterns.
#       Nodes with hostnames matching these patterns will have their
#       certificates autosigned.
#       Default: []
#       Example: ['*.main.unkin.net', '*.secondary.unkin.net']
#
#   - `nodes`: An array of specific node names.
#       Nodes with hostnames matching these will have their
#       certificates autosigned.
#       Default: []
#       Example: ['somenode.main.unkin.net', 'othernode.secondary.unkin.net']
# Usage:
# 
# To include this class with custom parameters:
#   class { 'profiles::puppet::autosign':
#     subnet_ranges => ['198.18.17.0/24', '198.18.18.0/24'],
#     domains       => ['*.main.unkin.net', '*.dev.unkin.net'],
#     nodes         => ['somenode.main.unkin.net', 'othernode.dev.unkin.net'],
#   }
#
# Alternatively, configure subnet ranges and domains through Hiera.
class profiles::puppet::autosign (
  Array[Stdlib::IP::Address::V4::CIDR] $subnet_ranges = [],
  Array[String[1]] $domains = [],
  Array[String[1]] $nodes = [],
) {

  # Manage the autosign.conf file using the template
  file { '/etc/puppetlabs/puppet/autosign.conf':
    ensure  => 'file',
    content => template('profiles/puppet/autosign/autosign.conf.erb'),
    owner   => 'puppet',
    group   => 'puppet',
    mode    => '0644',
  }

}