Revision e12a382e
Added by Alex Fisher almost 8 years ago
manifests/params.pp | ||
---|---|---|
$puppet_group = 'puppet'
|
||
$puppetdir = $puppet::params::dir
|
||
|
||
# The puppet-agent package, (puppet 4 AIO) doesn't create a puppet group
|
||
$manage_puppet_group = versioncmp($::puppetversion, '4.0') > 0
|
||
|
||
# puppetrun settings
|
||
$puppet = true
|
||
$puppet_listen_on = 'https'
|
Also available in: Unified diff
Ensure the `puppet` group exists
In puppet 4 AIO packaging, it's the `puppetserver` package that creates
a `puppet` user and group.
The `puppet-agent` package doesn't create the group and unless
`puppetserver` is also installed the ssl keys and certs are owned by
`root:root` and are not readable by the foreman proxy. (It's the
installation of `puppetserver` that chowns the ssldir to
`puppet:puppet`)
With this commit, the module ensures that the `puppet_group` group
exists even on puppet 4. It also makes sure the ssl_key/cert/ca files
and parent directories are group owned by the `puppet_group`
The change is hopefully quite conservative. Only if both `$puppet` and
`$puppetca` are false and `$ssl` is true will it have any effect.
By default, it also only applies to puppet 4 and can be turned off
completely by setting `manage_puppet_group` to `false`.
Users who already manage the creation of the puppet group, (for instance
to workaround https://tickets.puppetlabs.com/browse/SERVER-1381) are
further protected by the `if !defined`.