Revision 8b9a9f38
Added by Ewoud Kohl van Wijngaarden about 4 years ago
manifests/agent/config.pp | ||
---|---|---|
# @api private
|
||
class puppet::agent::config inherits puppet::config {
|
||
puppet::config::agent{
|
||
'classfile': value => $::puppet::classfile;
|
||
'classfile': value => $puppet::classfile;
|
||
'localconfig': value => '$vardir/localconfig';
|
||
'default_schedules': value => false;
|
||
'report': value => $::puppet::report;
|
||
'masterport': value => $::puppet::port;
|
||
'environment': value => $::puppet::environment;
|
||
'splay': value => $::puppet::splay;
|
||
'splaylimit': value => $::puppet::splaylimit;
|
||
'runinterval': value => $::puppet::runinterval;
|
||
'noop': value => $::puppet::agent_noop;
|
||
'usecacheonfailure': value => $::puppet::usecacheonfailure;
|
||
'report': value => $puppet::report;
|
||
'masterport': value => $puppet::port;
|
||
'environment': value => $puppet::environment;
|
||
'splay': value => $puppet::splay;
|
||
'splaylimit': value => $puppet::splaylimit;
|
||
'runinterval': value => $puppet::runinterval;
|
||
'noop': value => $puppet::agent_noop;
|
||
'usecacheonfailure': value => $puppet::usecacheonfailure;
|
||
}
|
||
if $::puppet::http_connect_timeout != undef {
|
||
if $puppet::http_connect_timeout != undef {
|
||
puppet::config::agent {
|
||
'http_connect_timeout': value => $::puppet::http_connect_timeout;
|
||
'http_connect_timeout': value => $puppet::http_connect_timeout;
|
||
}
|
||
}
|
||
if $::puppet::http_read_timeout != undef {
|
||
if $puppet::http_read_timeout != undef {
|
||
puppet::config::agent {
|
||
'http_read_timeout': value => $::puppet::http_read_timeout;
|
||
'http_read_timeout': value => $puppet::http_read_timeout;
|
||
}
|
||
}
|
||
if $::puppet::prerun_command {
|
||
if $puppet::prerun_command {
|
||
puppet::config::agent {
|
||
'prerun_command': value => $::puppet::prerun_command;
|
||
'prerun_command': value => $puppet::prerun_command;
|
||
}
|
||
}
|
||
if $::puppet::postrun_command {
|
||
if $puppet::postrun_command {
|
||
puppet::config::agent {
|
||
'postrun_command': value => $::puppet::postrun_command;
|
||
'postrun_command': value => $puppet::postrun_command;
|
||
}
|
||
}
|
||
|
||
unless $::puppet::pluginsync {
|
||
unless $puppet::pluginsync {
|
||
if versioncmp($facts['puppetserver'], '6.0.0') >= 0 {
|
||
fail('pluginsync is no longer a setting in Puppet 6')
|
||
} else {
|
||
puppet::config::agent { 'pluginsync':
|
||
value => $::puppet::pluginsync,
|
||
value => $puppet::pluginsync,
|
||
}
|
||
}
|
||
}
|
||
|
||
$::puppet::agent_additional_settings.each |$key,$value| {
|
||
$puppet::agent_additional_settings.each |$key,$value| {
|
||
puppet::config::agent { $key: value => $value }
|
||
}
|
||
|
||
if $::puppet::runmode == 'service' {
|
||
if $puppet::runmode == 'service' {
|
||
$should_start = 'yes'
|
||
} else {
|
||
$should_start = 'no'
|
||
}
|
||
|
||
if $::osfamily == 'Debian' {
|
||
if $facts['os']['family'] == 'Debian' {
|
||
augeas {'puppet::set_start':
|
||
context => '/files/etc/default/puppet',
|
||
changes => "set START ${should_start}",
|
||
incl => '/etc/default/puppet',
|
||
lens => 'Shellvars.lns',
|
||
}
|
||
if $::puppet::remove_lock {
|
||
if $puppet::remove_lock {
|
||
file {'/var/lib/puppet/state/agent_disabled.lock':
|
||
ensure => absent,
|
||
}
|
manifests/agent/install.pp | ||
---|---|---|
# Install the puppet agent package
|
||
# @api private
|
||
class puppet::agent::install(
|
||
$manage_packages = $::puppet::manage_packages,
|
||
$package_name = $::puppet::client_package,
|
||
$package_version = $::puppet::version,
|
||
$package_provider = $::puppet::package_provider,
|
||
$package_source = $::puppet::package_source,
|
||
$manage_packages = $puppet::manage_packages,
|
||
$package_name = $puppet::client_package,
|
||
$package_version = $puppet::version,
|
||
$package_provider = $puppet::package_provider,
|
||
$package_source = $puppet::package_source,
|
||
) {
|
||
if $manage_packages == true or $manage_packages == 'agent' {
|
||
package { $package_name:
|
manifests/agent/service.pp | ||
---|---|---|
# @api private
|
||
class puppet::agent::service {
|
||
|
||
case $::puppet::runmode {
|
||
case $puppet::runmode {
|
||
'service': {
|
||
$service_enabled = true
|
||
$cron_enabled = false
|
||
... | ... | |
}
|
||
}
|
||
|
||
if $::puppet::runmode in $::puppet::unavailable_runmodes {
|
||
if $puppet::runmode in $puppet::unavailable_runmodes {
|
||
fail("Runmode of ${puppet::runmode} not supported on ${::kernel} operating systems!")
|
||
}
|
||
|
||
... | ... | |
|
||
class { 'puppet::agent::service::systemd':
|
||
enabled => $systemd_enabled,
|
||
hour => $::puppet::run_hour,
|
||
minute => $::puppet::run_minute,
|
||
hour => $puppet::run_hour,
|
||
minute => $puppet::run_minute,
|
||
}
|
||
contain puppet::agent::service::systemd
|
||
|
||
class { 'puppet::agent::service::cron':
|
||
enabled => $cron_enabled,
|
||
hour => $::puppet::run_hour,
|
||
minute => $::puppet::run_minute,
|
||
hour => $puppet::run_hour,
|
||
minute => $puppet::run_minute,
|
||
}
|
||
contain puppet::agent::service::cron
|
||
}
|
manifests/agent/service/cron.pp | ||
---|---|---|
Optional[Integer[0,23]] $hour = undef,
|
||
Optional[Integer[0,59]] $minute = undef,
|
||
) {
|
||
unless $::puppet::runmode == 'unmanaged' or 'cron' in $::puppet::unavailable_runmodes {
|
||
unless $puppet::runmode == 'unmanaged' or 'cron' in $puppet::unavailable_runmodes {
|
||
if $enabled {
|
||
$command = pick($::puppet::cron_cmd, "${::puppet::puppet_cmd} agent --config ${::puppet::dir}/puppet.conf --onetime --no-daemonize")
|
||
$times = extlib::ip_to_cron($::puppet::runinterval)
|
||
$command = pick($puppet::cron_cmd, "${puppet::puppet_cmd} agent --config ${puppet::dir}/puppet.conf --onetime --no-daemonize")
|
||
$times = extlib::ip_to_cron($puppet::runinterval)
|
||
|
||
$_hour = pick($hour, $times[0])
|
||
$_minute = pick($minute, $times[1])
|
manifests/agent/service/daemon.pp | ||
---|---|---|
class puppet::agent::service::daemon (
|
||
Boolean $enabled = false,
|
||
) {
|
||
unless $::puppet::runmode == 'unmanaged' or 'service' in $::puppet::unavailable_runmodes {
|
||
unless $puppet::runmode == 'unmanaged' or 'service' in $puppet::unavailable_runmodes {
|
||
if $enabled {
|
||
service {'puppet':
|
||
ensure => running,
|
manifests/config.pp | ||
---|---|---|
# Set up the puppet config
|
||
# @api private
|
||
class puppet::config(
|
||
$allow_any_crl_auth = $::puppet::allow_any_crl_auth,
|
||
$auth_allowed = $::puppet::auth_allowed,
|
||
$auth_template = $::puppet::auth_template,
|
||
$ca_server = $::puppet::ca_server,
|
||
$ca_port = $::puppet::ca_port,
|
||
$dns_alt_names = $::puppet::dns_alt_names,
|
||
$module_repository = $::puppet::module_repository,
|
||
$pluginsource = $::puppet::pluginsource,
|
||
$pluginfactsource = $::puppet::pluginfactsource,
|
||
$puppet_dir = $::puppet::dir,
|
||
$puppetmaster = $::puppet::puppetmaster,
|
||
$syslogfacility = $::puppet::syslogfacility,
|
||
$srv_domain = $::puppet::srv_domain,
|
||
$use_srv_records = $::puppet::use_srv_records,
|
||
$additional_settings = $::puppet::additional_settings,
|
||
$client_certname = $::puppet::client_certname,
|
||
$allow_any_crl_auth = $puppet::allow_any_crl_auth,
|
||
$auth_allowed = $puppet::auth_allowed,
|
||
$auth_template = $puppet::auth_template,
|
||
$ca_server = $puppet::ca_server,
|
||
$ca_port = $puppet::ca_port,
|
||
$dns_alt_names = $puppet::dns_alt_names,
|
||
$module_repository = $puppet::module_repository,
|
||
$pluginsource = $puppet::pluginsource,
|
||
$pluginfactsource = $puppet::pluginfactsource,
|
||
$puppet_dir = $puppet::dir,
|
||
$puppetmaster = $puppet::puppetmaster,
|
||
$syslogfacility = $puppet::syslogfacility,
|
||
$srv_domain = $puppet::srv_domain,
|
||
$use_srv_records = $puppet::use_srv_records,
|
||
$additional_settings = $puppet::additional_settings,
|
||
$client_certname = $puppet::client_certname,
|
||
) {
|
||
puppet::config::main{
|
||
'vardir': value => $::puppet::vardir;
|
||
'logdir': value => $::puppet::logdir;
|
||
'rundir': value => $::puppet::rundir;
|
||
'ssldir': value => $::puppet::ssldir;
|
||
'vardir': value => $puppet::vardir;
|
||
'logdir': value => $puppet::logdir;
|
||
'rundir': value => $puppet::rundir;
|
||
'ssldir': value => $puppet::ssldir;
|
||
'privatekeydir': value => '$ssldir/private_keys { group = service }';
|
||
'hostprivkey': value => '$privatekeydir/$certname.pem { mode = 640 }';
|
||
'show_diff': value => $::puppet::show_diff;
|
||
'codedir': value => $::puppet::codedir;
|
||
'show_diff': value => $puppet::show_diff;
|
||
'codedir': value => $puppet::codedir;
|
||
}
|
||
|
||
if $module_repository and !empty($module_repository) {
|
||
... | ... | |
}
|
||
} else {
|
||
puppet::config::main {
|
||
'server': value => pick($puppetmaster, $::fqdn);
|
||
'server': value => pick($puppetmaster, $facts['networking']['fqdn']);
|
||
}
|
||
}
|
||
if $pluginsource {
|
||
... | ... | |
|
||
file { $puppet_dir:
|
||
ensure => directory,
|
||
owner => $::puppet::dir_owner,
|
||
group => $::puppet::dir_group,
|
||
owner => $puppet::dir_owner,
|
||
group => $puppet::dir_group,
|
||
}
|
||
-> case $::osfamily {
|
||
-> case $facts['os']['family'] {
|
||
'Windows': {
|
||
concat { "${puppet_dir}/puppet.conf":
|
||
mode => '0674',
|
||
... | ... | |
default: {
|
||
concat { "${puppet_dir}/puppet.conf":
|
||
owner => 'root',
|
||
group => $::puppet::params::root_group,
|
||
group => $puppet::params::root_group,
|
||
mode => '0644',
|
||
ensure_newline => true,
|
||
}
|
manifests/config/entry.pp | ||
---|---|---|
# note the spaces at he end of the 'order' parameters,
|
||
# they make sure that '1_main ' is ordered before '1_main_*'
|
||
ensure_resource('concat::fragment', "puppet.conf_${section}", {
|
||
target => "${::puppet::dir}/puppet.conf",
|
||
target => "${puppet::dir}/puppet.conf",
|
||
content => "\n[${section}]",
|
||
order => "${sectionorder}_${section} ",
|
||
})
|
||
... | ... | |
# otherwise it just appends it with the joiner to separate it from the previous value.
|
||
if (!defined(Concat::Fragment["puppet.conf_${section}_${key}"])){
|
||
concat::fragment{"puppet.conf_${section}_${key}":
|
||
target => "${::puppet::dir}/puppet.conf",
|
||
target => "${puppet::dir}/puppet.conf",
|
||
content => " ${key} = ${_value}",
|
||
order => "${sectionorder}_${section}_${key} ",
|
||
}
|
||
} else {
|
||
concat::fragment{"puppet.conf_${section}_${key}_${name}":
|
||
target => "${::puppet::dir}/puppet.conf",
|
||
target => "${puppet::dir}/puppet.conf",
|
||
content => "${joiner}${_value}",
|
||
order => "${sectionorder}_${section}_${key}_${name} ",
|
||
}
|
manifests/init.pp | ||
---|---|---|
Integer[0] $server_web_idle_timeout = $puppet::params::server_web_idle_timeout,
|
||
Boolean $server_puppetserver_jruby9k = $puppet::params::server_puppetserver_jruby9k,
|
||
Optional[Boolean] $server_puppetserver_metrics = $puppet::params::server_puppetserver_metrics,
|
||
Boolean $server_metrics_jmx_enable = $::puppet::params::server_metrics_jmx_enable,
|
||
Boolean $server_metrics_graphite_enable = $::puppet::params::server_metrics_graphite_enable,
|
||
String $server_metrics_graphite_host = $::puppet::params::server_metrics_graphite_host,
|
||
Integer $server_metrics_graphite_port = $::puppet::params::server_metrics_graphite_port,
|
||
String $server_metrics_server_id = $::puppet::params::server_metrics_server_id,
|
||
Integer $server_metrics_graphite_interval = $::puppet::params::server_metrics_graphite_interval,
|
||
Optional[Array] $server_metrics_allowed = $::puppet::params::server_metrics_allowed,
|
||
Boolean $server_metrics_jmx_enable = $puppet::params::server_metrics_jmx_enable,
|
||
Boolean $server_metrics_graphite_enable = $puppet::params::server_metrics_graphite_enable,
|
||
String $server_metrics_graphite_host = $puppet::params::server_metrics_graphite_host,
|
||
Integer $server_metrics_graphite_port = $puppet::params::server_metrics_graphite_port,
|
||
String $server_metrics_server_id = $puppet::params::server_metrics_server_id,
|
||
Integer $server_metrics_graphite_interval = $puppet::params::server_metrics_graphite_interval,
|
||
Optional[Array] $server_metrics_allowed = $puppet::params::server_metrics_allowed,
|
||
Boolean $server_puppetserver_experimental = $puppet::params::server_puppetserver_experimental,
|
||
Array[String] $server_puppetserver_trusted_agents = $puppet::params::server_puppetserver_trusted_agents,
|
||
Optional[Enum['off', 'jit', 'force']] $server_compile_mode = $puppet::params::server_compile_mode,
|
manifests/params.pp | ||
---|---|---|
$use_srv_records = false
|
||
|
||
if defined('$::domain') {
|
||
$srv_domain = $::domain
|
||
$srv_domain = $facts['networking']['domain']
|
||
} else {
|
||
$srv_domain = undef
|
||
}
|
||
... | ... | |
$syslogfacility = undef
|
||
$environment = $::environment
|
||
|
||
$aio_package = ($::osfamily == 'Windows' or $::rubysitedir =~ /\/opt\/puppetlabs\/puppet/)
|
||
$aio_package = ($facts['os']['family'] == 'Windows' or $facts['ruby']['sitedir'] =~ /\/opt\/puppetlabs\/puppet/)
|
||
|
||
$systemd_randomizeddelaysec = 0
|
||
|
||
case $::osfamily {
|
||
case $facts['os']['family'] {
|
||
'Windows' : {
|
||
# Windows prefixes normal paths with the Data Directory's path and leaves 'puppet' off the end
|
||
$dir_prefix = 'C:/ProgramData/PuppetLabs/puppet'
|
||
... | ... | |
$server_puppetserver_vardir = '/var/puppet/server/data/puppetserver'
|
||
$server_puppetserver_rundir = '/var/run/puppetserver'
|
||
$server_puppetserver_logdir = '/var/log/puppetserver'
|
||
$ruby_gem_dir = regsubst($::rubyversion, '^(\d+\.\d+).*$', '/usr/local/lib/ruby/gems/\1/gems')
|
||
$server_ruby_load_paths = [$::rubysitedir, "${ruby_gem_dir}/facter-${::facterversion}/lib"]
|
||
$ruby_gem_dir = regsubst($facts['ruby']['version'], '^(\d+\.\d+).*$', '/usr/local/lib/ruby/gems/\1/gems')
|
||
$server_ruby_load_paths = [$facts['ruby']['sitedir'], "${ruby_gem_dir}/facter-${::facterversion}/lib"]
|
||
$server_jruby_gem_home = '/var/puppet/server/data/puppetserver/jruby-gems'
|
||
}
|
||
|
||
... | ... | |
$server_jruby_gem_home = '/opt/puppetlabs/server/data/puppetserver/jruby-gems'
|
||
} else {
|
||
$dir = '/etc/puppet'
|
||
$codedir = $::osfamily ? {
|
||
$codedir = $facts['os']['family'] ? {
|
||
'Debian' => '/etc/puppet/code',
|
||
default => '/etc/puppet',
|
||
}
|
||
... | ... | |
|
||
$manage_packages = true
|
||
|
||
if $::osfamily == 'Windows' {
|
||
if $facts['os']['family'] == 'Windows' {
|
||
$dir_owner = undef
|
||
$dir_group = undef
|
||
} elsif $aio_package or $::osfamily == 'Suse' {
|
||
} elsif $aio_package or $facts['os']['family'] == 'Suse' {
|
||
$dir_owner = 'root'
|
||
$dir_group = $root_group
|
||
} else {
|
||
... | ... | |
$dir_group = $group
|
||
}
|
||
|
||
$package_provider = $::osfamily ? {
|
||
$package_provider = $facts['os']['family'] ? {
|
||
'windows' => 'chocolatey',
|
||
default => undef,
|
||
}
|
||
... | ... | |
|
||
$puppet_major = regsubst($::puppetversion, '^(\d+)\..*$', '\1')
|
||
|
||
if ($::osfamily =~ /(FreeBSD|DragonFly)/ and versioncmp($puppet_major, '5') >= 0) {
|
||
if ($facts['os']['family'] =~ /(FreeBSD|DragonFly)/ and versioncmp($puppet_major, '5') >= 0) {
|
||
$server_package = "puppetserver${puppet_major}"
|
||
} else {
|
||
$server_package = undef
|
||
... | ... | |
|
||
if $aio_package {
|
||
$client_package = ['puppet-agent']
|
||
} elsif ($::osfamily =~ /(FreeBSD|DragonFly)/) {
|
||
} elsif ($facts['os']['family'] =~ /(FreeBSD|DragonFly)/) {
|
||
$client_package = ["puppet${puppet_major}"]
|
||
} else {
|
||
$client_package = ['puppet']
|
||
... | ... | |
$systemd_unit_name = 'puppet-run'
|
||
# Mechanisms to manage and reload/restart the agent
|
||
# If supported on the OS, reloading is prefered since it does not kill a currently active puppet run
|
||
case $::osfamily {
|
||
case $facts['os']['family'] {
|
||
'Debian' : {
|
||
$agent_restart_command = "/usr/sbin/service ${service_name} reload"
|
||
$unavailable_runmodes = []
|
||
... | ... | |
# it reports its $osreleasemajor as 2, not 6.
|
||
# thats why we're matching for '2' in both parts
|
||
# Amazon Linux is like RHEL6 but reports its osreleasemajor as 2017 or 2018.
|
||
$osreleasemajor = regsubst($::operatingsystemrelease, '^(\d+)\..*$', '\1') # workaround for the possibly missing operatingsystemmajrelease
|
||
$agent_restart_command = $osreleasemajor ? {
|
||
$agent_restart_command = $facts['os']['release']['major'] ? {
|
||
/^(2|5|6|2017|2018)$/ => "/sbin/service ${service_name} reload",
|
||
'7' => "/usr/bin/systemctl reload-or-restart ${service_name}",
|
||
default => undef,
|
||
}
|
||
$unavailable_runmodes = $osreleasemajor ? {
|
||
$unavailable_runmodes = $facts['os']['release']['major'] ? {
|
||
/^(2|5|6|2017|2018)$/ => ['systemd.timer'],
|
||
default => [],
|
||
}
|
||
... | ... | |
}
|
||
|
||
# Foreman parameters
|
||
$lower_fqdn = downcase($::fqdn)
|
||
$lower_fqdn = downcase($facts['networking']['fqdn'])
|
||
$server_foreman = true
|
||
$server_foreman_facts = true
|
||
$server_puppet_basedir = $aio_package ? {
|
||
... | ... | |
$server_environment_timeout = undef
|
||
|
||
# puppet server configuration file
|
||
$server_jvm_config = $::osfamily ? {
|
||
$server_jvm_config = $facts['os']['family'] ? {
|
||
'RedHat' => '/etc/sysconfig/puppetserver',
|
||
'Debian' => '/etc/default/puppetserver',
|
||
default => '/etc/default/puppetserver',
|
||
... | ... | |
|
||
# This is some very trivial "tuning". See the puppet reference:
|
||
# https://docs.puppet.com/puppetserver/latest/tuning_guide.html
|
||
if ($::memorysize_mb =~ String) {
|
||
$mem_in_mb = scanf($::memorysize_mb, '%i')[0]
|
||
} else {
|
||
$mem_in_mb = 0 + $::memorysize_mb
|
||
}
|
||
$mem_in_mb = $facts['memory']['system']['total_bytes'] / 1024 / 1024
|
||
if $mem_in_mb >= 3072 {
|
||
$server_jvm_min_heap_size = '2G'
|
||
$server_jvm_max_heap_size = '2G'
|
||
$server_max_active_instances = min(abs($::processorcount), 4)
|
||
$server_max_active_instances = min(abs($facts['processors']['count']), 4)
|
||
} elsif $mem_in_mb >= 1024 {
|
||
$server_max_active_instances = 1
|
||
$server_jvm_min_heap_size = '1G'
|
manifests/server.pp | ||
---|---|---|
#
|
||
# $external_nodes:: External nodes classifier executable
|
||
#
|
||
# $server_trusted_external_command:: The external trusted facts script to use.
|
||
# $trusted_external_command:: The external trusted facts script to use.
|
||
# (Puppet >= 6.11 only).
|
||
#
|
||
# $git_repo:: Use git repository as a source of modules
|
||
... | ... | |
# $parser:: Sets the parser to use. Valid options are 'current' or 'future'.
|
||
# Defaults to 'current'.
|
||
#
|
||
# $max_open_files:: Increase the max open files limit for Puppetserver.
|
||
#
|
||
#
|
||
# === Advanced server parameters:
|
||
#
|
||
# $codedir:: Override the puppet code directory.
|
||
... | ... | |
# a static_file_content API request for the contents of a file resource that
|
||
# has a source attribute with a puppet:/// URI value.
|
||
class puppet::server(
|
||
Variant[Boolean, Stdlib::Absolutepath] $autosign = $::puppet::autosign,
|
||
Array[String] $autosign_entries = $::puppet::autosign_entries,
|
||
Pattern[/^[0-9]{3,4}$/] $autosign_mode = $::puppet::autosign_mode,
|
||
Optional[String] $autosign_content = $::puppet::autosign_content,
|
||
Optional[String] $autosign_source = $::puppet::autosign_source,
|
||
String $hiera_config = $::puppet::hiera_config,
|
||
Array[String] $admin_api_whitelist = $::puppet::server_admin_api_whitelist,
|
||
Boolean $manage_user = $::puppet::server_manage_user,
|
||
String $user = $::puppet::server_user,
|
||
String $group = $::puppet::server_group,
|
||
String $dir = $::puppet::server_dir,
|
||
Stdlib::Absolutepath $codedir = $::puppet::codedir,
|
||
Integer $port = $::puppet::server_port,
|
||
String $ip = $::puppet::server_ip,
|
||
Boolean $ca = $::puppet::server_ca,
|
||
Optional[String] $ca_crl_filepath = $::puppet::ca_crl_filepath,
|
||
Boolean $ca_crl_sync = $::puppet::server_ca_crl_sync,
|
||
Optional[Boolean] $crl_enable = $::puppet::server_crl_enable,
|
||
Boolean $ca_auth_required = $::puppet::server_ca_auth_required,
|
||
Boolean $ca_client_self_delete = $::puppet::server_ca_client_self_delete,
|
||
Array[String] $ca_client_whitelist = $::puppet::server_ca_client_whitelist,
|
||
Optional[Puppet::Custom_trusted_oid_mapping] $custom_trusted_oid_mapping = $::puppet::server_custom_trusted_oid_mapping,
|
||
Boolean $http = $::puppet::server_http,
|
||
Integer $http_port = $::puppet::server_http_port,
|
||
String $reports = $::puppet::server_reports,
|
||
Stdlib::Absolutepath $puppetserver_vardir = $::puppet::server_puppetserver_vardir,
|
||
Optional[Stdlib::Absolutepath] $puppetserver_rundir = $::puppet::server_puppetserver_rundir,
|
||
Optional[Stdlib::Absolutepath] $puppetserver_logdir = $::puppet::server_puppetserver_logdir,
|
||
Stdlib::Absolutepath $puppetserver_dir = $::puppet::server_puppetserver_dir,
|
||
Optional[Pattern[/^[\d]\.[\d]+\.[\d]+$/]] $puppetserver_version = $::puppet::server_puppetserver_version,
|
||
Variant[Undef, String[0], Stdlib::Absolutepath] $external_nodes = $::puppet::server_external_nodes,
|
||
Optional[Stdlib::Absolutepath] $trusted_external_command = $::puppet::server_trusted_external_command,
|
||
Array[String] $cipher_suites = $::puppet::server_cipher_suites,
|
||
Optional[String] $config_version = $::puppet::server_config_version,
|
||
Integer[0] $connect_timeout = $::puppet::server_connect_timeout,
|
||
Variant[Boolean, Stdlib::Absolutepath] $autosign = $puppet::autosign,
|
||
Array[String] $autosign_entries = $puppet::autosign_entries,
|
||
Pattern[/^[0-9]{3,4}$/] $autosign_mode = $puppet::autosign_mode,
|
||
Optional[String] $autosign_content = $puppet::autosign_content,
|
||
Optional[String] $autosign_source = $puppet::autosign_source,
|
||
String $hiera_config = $puppet::hiera_config,
|
||
Array[String] $admin_api_whitelist = $puppet::server_admin_api_whitelist,
|
||
Boolean $manage_user = $puppet::server_manage_user,
|
||
String $user = $puppet::server_user,
|
||
String $group = $puppet::server_group,
|
||
String $dir = $puppet::server_dir,
|
||
Stdlib::Absolutepath $codedir = $puppet::codedir,
|
||
Integer $port = $puppet::server_port,
|
||
String $ip = $puppet::server_ip,
|
||
Boolean $ca = $puppet::server_ca,
|
||
Optional[String] $ca_crl_filepath = $puppet::ca_crl_filepath,
|
||
Boolean $ca_crl_sync = $puppet::server_ca_crl_sync,
|
||
Optional[Boolean] $crl_enable = $puppet::server_crl_enable,
|
||
Boolean $ca_auth_required = $puppet::server_ca_auth_required,
|
||
Boolean $ca_client_self_delete = $puppet::server_ca_client_self_delete,
|
||
Array[String] $ca_client_whitelist = $puppet::server_ca_client_whitelist,
|
||
Optional[Puppet::Custom_trusted_oid_mapping] $custom_trusted_oid_mapping = $puppet::server_custom_trusted_oid_mapping,
|
||
Boolean $http = $puppet::server_http,
|
||
Integer $http_port = $puppet::server_http_port,
|
||
String $reports = $puppet::server_reports,
|
||
Stdlib::Absolutepath $puppetserver_vardir = $puppet::server_puppetserver_vardir,
|
||
Optional[Stdlib::Absolutepath] $puppetserver_rundir = $puppet::server_puppetserver_rundir,
|
||
Optional[Stdlib::Absolutepath] $puppetserver_logdir = $puppet::server_puppetserver_logdir,
|
||
Stdlib::Absolutepath $puppetserver_dir = $puppet::server_puppetserver_dir,
|
||
Optional[Pattern[/^[\d]\.[\d]+\.[\d]+$/]] $puppetserver_version = $puppet::server_puppetserver_version,
|
||
Variant[Undef, String[0], Stdlib::Absolutepath] $external_nodes = $puppet::server_external_nodes,
|
||
Optional[Stdlib::Absolutepath] $trusted_external_command = $puppet::server_trusted_external_command,
|
||
Array[String] $cipher_suites = $puppet::server_cipher_suites,
|
||
Optional[String] $config_version = $puppet::server_config_version,
|
||
Integer[0] $connect_timeout = $puppet::server_connect_timeout,
|
||
Integer[0] $web_idle_timeout = $puppet::server_web_idle_timeout,
|
||
Boolean $git_repo = $::puppet::server_git_repo,
|
||
Boolean $default_manifest = $::puppet::server_default_manifest,
|
||
Stdlib::Absolutepath $default_manifest_path = $::puppet::server_default_manifest_path,
|
||
String $default_manifest_content = $::puppet::server_default_manifest_content,
|
||
String $environments_owner = $::puppet::server_environments_owner,
|
||
Optional[String] $environments_group = $::puppet::server_environments_group,
|
||
Pattern[/^[0-9]{3,4}$/] $environments_mode = $::puppet::server_environments_mode,
|
||
Stdlib::Absolutepath $envs_dir = $::puppet::server_envs_dir,
|
||
Optional[Stdlib::Absolutepath] $envs_target = $::puppet::server_envs_target,
|
||
Variant[Undef, String[0], Array[Stdlib::Absolutepath]] $common_modules_path = $::puppet::server_common_modules_path,
|
||
Pattern[/^[0-9]{3,4}$/] $git_repo_mode = $::puppet::server_git_repo_mode,
|
||
Stdlib::Absolutepath $git_repo_path = $::puppet::server_git_repo_path,
|
||
String $git_repo_group = $::puppet::server_git_repo_group,
|
||
String $git_repo_user = $::puppet::server_git_repo_user,
|
||
Hash[String, String] $git_branch_map = $::puppet::server_git_branch_map,
|
||
Integer[0] $idle_timeout = $::puppet::server_idle_timeout,
|
||
String $post_hook_content = $::puppet::server_post_hook_content,
|
||
String $post_hook_name = $::puppet::server_post_hook_name,
|
||
Variant[Undef, Boolean, Enum['active_record', 'puppetdb']] $storeconfigs_backend = $::puppet::server_storeconfigs_backend,
|
||
Array[Stdlib::Absolutepath] $ruby_load_paths = $::puppet::server_ruby_load_paths,
|
||
Stdlib::Absolutepath $ssl_dir = $::puppet::server_ssl_dir,
|
||
Boolean $ssl_dir_manage = $::puppet::server_ssl_dir_manage,
|
||
Boolean $ssl_key_manage = $::puppet::server_ssl_key_manage,
|
||
Array[String] $ssl_protocols = $::puppet::server_ssl_protocols,
|
||
Optional[Stdlib::Absolutepath] $ssl_chain_filepath = $::puppet::server_ssl_chain_filepath,
|
||
Optional[Variant[String, Array[String]]] $package = $::puppet::server_package,
|
||
Optional[String] $version = $::puppet::server_version,
|
||
String $certname = $::puppet::server_certname,
|
||
Enum['v2'] $enc_api = $::puppet::server_enc_api,
|
||
Enum['v2'] $report_api = $::puppet::server_report_api,
|
||
Integer[0] $request_timeout = $::puppet::server_request_timeout,
|
||
Boolean $strict_variables = $::puppet::server_strict_variables,
|
||
Hash[String, Data] $additional_settings = $::puppet::server_additional_settings,
|
||
Boolean $foreman = $::puppet::server_foreman,
|
||
Stdlib::HTTPUrl $foreman_url = $::puppet::server_foreman_url,
|
||
Optional[Stdlib::Absolutepath] $foreman_ssl_ca = $::puppet::server_foreman_ssl_ca,
|
||
Optional[Stdlib::Absolutepath] $foreman_ssl_cert = $::puppet::server_foreman_ssl_cert,
|
||
Optional[Stdlib::Absolutepath] $foreman_ssl_key = $::puppet::server_foreman_ssl_key,
|
||
Boolean $server_foreman_facts = $::puppet::server_foreman_facts,
|
||
Optional[Stdlib::Absolutepath] $puppet_basedir = $::puppet::server_puppet_basedir,
|
||
Optional[String] $puppetdb_host = $::puppet::server_puppetdb_host,
|
||
Integer[0, 65535] $puppetdb_port = $::puppet::server_puppetdb_port,
|
||
Boolean $puppetdb_swf = $::puppet::server_puppetdb_swf,
|
||
Enum['current', 'future'] $parser = $::puppet::server_parser,
|
||
Variant[Undef, Enum['unlimited'], Pattern[/^\d+[smhdy]?$/]] $environment_timeout = $::puppet::server_environment_timeout,
|
||
String $jvm_java_bin = $::puppet::server_jvm_java_bin,
|
||
String $jvm_config = $::puppet::server_jvm_config,
|
||
Pattern[/^[0-9]+[kKmMgG]$/] $jvm_min_heap_size = $::puppet::server_jvm_min_heap_size,
|
||
Pattern[/^[0-9]+[kKmMgG]$/] $jvm_max_heap_size = $::puppet::server_jvm_max_heap_size,
|
||
Optional[Variant[String,Array[String]]] $jvm_extra_args = $::puppet::server_jvm_extra_args,
|
||
Optional[String] $jvm_cli_args = $::puppet::server_jvm_cli_args,
|
||
Optional[Stdlib::Absolutepath] $jruby_gem_home = $::puppet::server_jruby_gem_home,
|
||
Integer[1] $max_active_instances = $::puppet::server_max_active_instances,
|
||
Integer[0] $max_requests_per_instance = $::puppet::server_max_requests_per_instance,
|
||
Boolean $git_repo = $puppet::server_git_repo,
|
||
Boolean $default_manifest = $puppet::server_default_manifest,
|
||
Stdlib::Absolutepath $default_manifest_path = $puppet::server_default_manifest_path,
|
||
String $default_manifest_content = $puppet::server_default_manifest_content,
|
||
String $environments_owner = $puppet::server_environments_owner,
|
||
Optional[String] $environments_group = $puppet::server_environments_group,
|
||
Pattern[/^[0-9]{3,4}$/] $environments_mode = $puppet::server_environments_mode,
|
||
Stdlib::Absolutepath $envs_dir = $puppet::server_envs_dir,
|
||
Optional[Stdlib::Absolutepath] $envs_target = $puppet::server_envs_target,
|
||
Variant[Undef, String[0], Array[Stdlib::Absolutepath]] $common_modules_path = $puppet::server_common_modules_path,
|
||
Pattern[/^[0-9]{3,4}$/] $git_repo_mode = $puppet::server_git_repo_mode,
|
||
Stdlib::Absolutepath $git_repo_path = $puppet::server_git_repo_path,
|
||
String $git_repo_group = $puppet::server_git_repo_group,
|
||
String $git_repo_user = $puppet::server_git_repo_user,
|
||
Hash[String, String] $git_branch_map = $puppet::server_git_branch_map,
|
||
Integer[0] $idle_timeout = $puppet::server_idle_timeout,
|
||
String $post_hook_content = $puppet::server_post_hook_content,
|
||
String $post_hook_name = $puppet::server_post_hook_name,
|
||
Variant[Undef, Boolean, Enum['active_record', 'puppetdb']] $storeconfigs_backend = $puppet::server_storeconfigs_backend,
|
||
Array[Stdlib::Absolutepath] $ruby_load_paths = $puppet::server_ruby_load_paths,
|
||
Stdlib::Absolutepath $ssl_dir = $puppet::server_ssl_dir,
|
||
Boolean $ssl_dir_manage = $puppet::server_ssl_dir_manage,
|
||
Boolean $ssl_key_manage = $puppet::server_ssl_key_manage,
|
||
Array[String] $ssl_protocols = $puppet::server_ssl_protocols,
|
||
Optional[Stdlib::Absolutepath] $ssl_chain_filepath = $puppet::server_ssl_chain_filepath,
|
||
Optional[Variant[String, Array[String]]] $package = $puppet::server_package,
|
||
Optional[String] $version = $puppet::server_version,
|
||
String $certname = $puppet::server_certname,
|
||
Enum['v2'] $enc_api = $puppet::server_enc_api,
|
||
Enum['v2'] $report_api = $puppet::server_report_api,
|
||
Integer[0] $request_timeout = $puppet::server_request_timeout,
|
||
Boolean $strict_variables = $puppet::server_strict_variables,
|
||
Hash[String, Data] $additional_settings = $puppet::server_additional_settings,
|
||
Boolean $foreman = $puppet::server_foreman,
|
||
Stdlib::HTTPUrl $foreman_url = $puppet::server_foreman_url,
|
||
Optional[Stdlib::Absolutepath] $foreman_ssl_ca = $puppet::server_foreman_ssl_ca,
|
||
Optional[Stdlib::Absolutepath] $foreman_ssl_cert = $puppet::server_foreman_ssl_cert,
|
||
Optional[Stdlib::Absolutepath] $foreman_ssl_key = $puppet::server_foreman_ssl_key,
|
||
Boolean $server_foreman_facts = $puppet::server_foreman_facts,
|
||
Optional[Stdlib::Absolutepath] $puppet_basedir = $puppet::server_puppet_basedir,
|
||
Optional[String] $puppetdb_host = $puppet::server_puppetdb_host,
|
||
Integer[0, 65535] $puppetdb_port = $puppet::server_puppetdb_port,
|
||
Boolean $puppetdb_swf = $puppet::server_puppetdb_swf,
|
||
Enum['current', 'future'] $parser = $puppet::server_parser,
|
||
Variant[Undef, Enum['unlimited'], Pattern[/^\d+[smhdy]?$/]] $environment_timeout = $puppet::server_environment_timeout,
|
||
String $jvm_java_bin = $puppet::server_jvm_java_bin,
|
||
String $jvm_config = $puppet::server_jvm_config,
|
||
Pattern[/^[0-9]+[kKmMgG]$/] $jvm_min_heap_size = $puppet::server_jvm_min_heap_size,
|
||
Pattern[/^[0-9]+[kKmMgG]$/] $jvm_max_heap_size = $puppet::server_jvm_max_heap_size,
|
||
Optional[Variant[String,Array[String]]] $jvm_extra_args = $puppet::server_jvm_extra_args,
|
||
Optional[String] $jvm_cli_args = $puppet::server_jvm_cli_args,
|
||
Optional[Stdlib::Absolutepath] $jruby_gem_home = $puppet::server_jruby_gem_home,
|
||
Integer[1] $max_active_instances = $puppet::server_max_active_instances,
|
||
Integer[0] $max_requests_per_instance = $puppet::server_max_requests_per_instance,
|
||
Integer[0] $max_queued_requests = $puppet::server_max_queued_requests,
|
||
Integer[0] $max_retry_delay = $puppet::server_max_retry_delay,
|
||
Boolean $multithreaded = $puppet::server_multithreaded,
|
||
Boolean $use_legacy_auth_conf = $::puppet::server_use_legacy_auth_conf,
|
||
Boolean $check_for_updates = $::puppet::server_check_for_updates,
|
||
Boolean $environment_class_cache_enabled = $::puppet::server_environment_class_cache_enabled,
|
||
Boolean $allow_header_cert_info = $::puppet::server_allow_header_cert_info,
|
||
Boolean $puppetserver_jruby9k = $::puppet::server_puppetserver_jruby9k,
|
||
Optional[Boolean] $puppetserver_metrics = $::puppet::server_puppetserver_metrics,
|
||
Boolean $metrics_jmx_enable = $::puppet::server_metrics_jmx_enable,
|
||
Boolean $metrics_graphite_enable = $::puppet::server_metrics_graphite_enable,
|
||
String $metrics_graphite_host = $::puppet::server_metrics_graphite_host,
|
||
Integer $metrics_graphite_port = $::puppet::server_metrics_graphite_port,
|
||
String $metrics_server_id = $::puppet::server_metrics_server_id,
|
||
Integer $metrics_graphite_interval = $::puppet::server_metrics_graphite_interval,
|
||
Variant[Undef, Array] $metrics_allowed = $::puppet::server_metrics_allowed,
|
||
Boolean $puppetserver_experimental = $::puppet::server_puppetserver_experimental,
|
||
Array[String] $puppetserver_trusted_agents = $::puppet::server_puppetserver_trusted_agents,
|
||
Optional[Enum['off', 'jit', 'force']] $compile_mode = $::puppet::server_compile_mode,
|
||
Optional[Integer[1]] $selector_threads = $::puppet::server_selector_threads,
|
||
Optional[Integer[1]] $acceptor_threads = $::puppet::server_acceptor_threads,
|
||
Optional[Integer[1]] $ssl_selector_threads = $::puppet::server_ssl_selector_threads,
|
||
Optional[Integer[1]] $ssl_acceptor_threads = $::puppet::server_ssl_acceptor_threads,
|
||
Optional[Integer[1]] $max_threads = $::puppet::server_max_threads,
|
||
Boolean $ca_allow_sans = $::puppet::server_ca_allow_sans,
|
||
Boolean $ca_allow_auth_extensions = $::puppet::server_ca_allow_auth_extensions,
|
||
Boolean $ca_enable_infra_crl = $::puppet::server_ca_enable_infra_crl,
|
||
Optional[Integer[1]] $max_open_files = $::puppet::server_max_open_files,
|
||
Optional[Stdlib::Absolutepath] $versioned_code_id = $::puppet::server_versioned_code_id,
|
||
Optional[Stdlib::Absolutepath] $versioned_code_content = $::puppet::server_versioned_code_content,
|
||
Boolean $use_legacy_auth_conf = $puppet::server_use_legacy_auth_conf,
|
||
Boolean $check_for_updates = $puppet::server_check_for_updates,
|
||
Boolean $environment_class_cache_enabled = $puppet::server_environment_class_cache_enabled,
|
||
Boolean $allow_header_cert_info = $puppet::server_allow_header_cert_info,
|
||
Boolean $puppetserver_jruby9k = $puppet::server_puppetserver_jruby9k,
|
||
Optional[Boolean] $puppetserver_metrics = $puppet::server_puppetserver_metrics,
|
||
Boolean $metrics_jmx_enable = $puppet::server_metrics_jmx_enable,
|
||
Boolean $metrics_graphite_enable = $puppet::server_metrics_graphite_enable,
|
||
String $metrics_graphite_host = $puppet::server_metrics_graphite_host,
|
||
Integer $metrics_graphite_port = $puppet::server_metrics_graphite_port,
|
||
String $metrics_server_id = $puppet::server_metrics_server_id,
|
||
Integer $metrics_graphite_interval = $puppet::server_metrics_graphite_interval,
|
||
Variant[Undef, Array] $metrics_allowed = $puppet::server_metrics_allowed,
|
||
Boolean $puppetserver_experimental = $puppet::server_puppetserver_experimental,
|
||
Array[String] $puppetserver_trusted_agents = $puppet::server_puppetserver_trusted_agents,
|
||
Optional[Enum['off', 'jit', 'force']] $compile_mode = $puppet::server_compile_mode,
|
||
Optional[Integer[1]] $selector_threads = $puppet::server_selector_threads,
|
||
Optional[Integer[1]] $acceptor_threads = $puppet::server_acceptor_threads,
|
||
Optional[Integer[1]] $ssl_selector_threads = $puppet::server_ssl_selector_threads,
|
||
Optional[Integer[1]] $ssl_acceptor_threads = $puppet::server_ssl_acceptor_threads,
|
||
Optional[Integer[1]] $max_threads = $puppet::server_max_threads,
|
||
Boolean $ca_allow_sans = $puppet::server_ca_allow_sans,
|
||
Boolean $ca_allow_auth_extensions = $puppet::server_ca_allow_auth_extensions,
|
||
Boolean $ca_enable_infra_crl = $puppet::server_ca_enable_infra_crl,
|
||
Optional[Integer[1]] $max_open_files = $puppet::server_max_open_files,
|
||
Optional[Stdlib::Absolutepath] $versioned_code_id = $puppet::server_versioned_code_id,
|
||
Optional[Stdlib::Absolutepath] $versioned_code_content = $puppet::server_versioned_code_content,
|
||
) {
|
||
if $ca {
|
||
$ssl_ca_cert = "${ssl_dir}/ca/ca_crt.pem"
|
manifests/server/config.pp | ||
---|---|---|
# @api private
|
||
class puppet::server::config inherits puppet::config {
|
||
contain 'puppet::server::puppetserver'
|
||
unless empty($::puppet::server::puppetserver_vardir) {
|
||
unless empty($puppet::server::puppetserver_vardir) {
|
||
puppet::config::master {
|
||
'vardir': value => $::puppet::server::puppetserver_vardir;
|
||
'vardir': value => $puppet::server::puppetserver_vardir;
|
||
}
|
||
}
|
||
unless empty($::puppet::server::puppetserver_rundir) {
|
||
unless empty($puppet::server::puppetserver_rundir) {
|
||
puppet::config::master {
|
||
'rundir': value => $::puppet::server::puppetserver_rundir;
|
||
'rundir': value => $puppet::server::puppetserver_rundir;
|
||
}
|
||
}
|
||
unless empty($::puppet::server::puppetserver_logdir) {
|
||
unless empty($puppet::server::puppetserver_logdir) {
|
||
puppet::config::master {
|
||
'logdir': value => $::puppet::server::puppetserver_logdir;
|
||
'logdir': value => $puppet::server::puppetserver_logdir;
|
||
}
|
||
}
|
||
|
||
... | ... | |
}
|
||
|
||
## General configuration
|
||
$ca_server = $::puppet::ca_server
|
||
$ca_port = $::puppet::ca_port
|
||
$server_storeconfigs_backend = $::puppet::server::storeconfigs_backend
|
||
$server_external_nodes = $::puppet::server::external_nodes
|
||
$server_environment_timeout = $::puppet::server::environment_timeout
|
||
$trusted_external_command = $::puppet::server::trusted_external_command
|
||
$ca_server = $puppet::ca_server
|
||
$ca_port = $puppet::ca_port
|
||
$server_storeconfigs_backend = $puppet::server::storeconfigs_backend
|
||
$server_external_nodes = $puppet::server::external_nodes
|
||
$server_environment_timeout = $puppet::server::environment_timeout
|
||
$trusted_external_command = $puppet::server::trusted_external_command
|
||
|
||
if $server_external_nodes and $server_external_nodes != '' {
|
||
class{ '::puppet::server::enc':
|
||
class{ 'puppet::server::enc':
|
||
enc_path => $server_external_nodes,
|
||
}
|
||
}
|
||
... | ... | |
}
|
||
}
|
||
|
||
$autosign = ($::puppet::server::autosign =~ Boolean)? {
|
||
true => $::puppet::server::autosign,
|
||
false => "${::puppet::server::autosign} { mode = ${::puppet::server::autosign_mode} }"
|
||
$autosign = ($puppet::server::autosign =~ Boolean)? {
|
||
true => $puppet::server::autosign,
|
||
false => "${puppet::server::autosign} { mode = ${puppet::server::autosign_mode} }"
|
||
}
|
||
|
||
puppet::config::main {
|
||
'reports': value => $::puppet::server::reports;
|
||
'reports': value => $puppet::server::reports;
|
||
'environmentpath': value => $puppet::server::envs_dir;
|
||
}
|
||
if $::puppet::server::hiera_config and !empty($::puppet::server::hiera_config){
|
||
if $puppet::server::hiera_config and !empty($puppet::server::hiera_config){
|
||
puppet::config::main {
|
||
'hiera_config': value => $::puppet::server::hiera_config;
|
||
'hiera_config': value => $puppet::server::hiera_config;
|
||
}
|
||
}
|
||
if $puppet::server::common_modules_path and !empty($puppet::server::common_modules_path) {
|
||
... | ... | |
|
||
puppet::config::master {
|
||
'autosign': value => $autosign;
|
||
'ca': value => $::puppet::server::ca;
|
||
'certname': value => $::puppet::server::certname;
|
||
'parser': value => $::puppet::server::parser;
|
||
'strict_variables': value => $::puppet::server::strict_variables;
|
||
'ca': value => $puppet::server::ca;
|
||
'certname': value => $puppet::server::certname;
|
||
'parser': value => $puppet::server::parser;
|
||
'strict_variables': value => $puppet::server::strict_variables;
|
||
}
|
||
|
||
if $::puppet::server::ssl_dir_manage {
|
||
if $puppet::server::ssl_dir_manage {
|
||
puppet::config::master {
|
||
'ssldir': value => $::puppet::server::ssl_dir;
|
||
'ssldir': value => $puppet::server::ssl_dir;
|
||
}
|
||
}
|
||
if $server_environment_timeout {
|
||
... | ... | |
}
|
||
}
|
||
|
||
$::puppet::server_additional_settings.each |$key,$value| {
|
||
$puppet::server_additional_settings.each |$key,$value| {
|
||
puppet::config::master { $key: value => $value }
|
||
}
|
||
|
||
file { "${puppet::vardir}/reports":
|
||
ensure => directory,
|
||
owner => $::puppet::server::user,
|
||
group => $::puppet::server::group,
|
||
owner => $puppet::server::user,
|
||
group => $puppet::server::group,
|
||
mode => '0750',
|
||
}
|
||
|
||
... | ... | |
|
||
## SSL and CA configuration
|
||
# Open read permissions to private keys to puppet group for foreman, proxy etc.
|
||
file { "${::puppet::server::ssl_dir}/private_keys":
|
||
file { "${puppet::server::ssl_dir}/private_keys":
|
||
ensure => directory,
|
||
owner => $::puppet::server::user,
|
||
group => $::puppet::server::group,
|
||
owner => $puppet::server::user,
|
||
group => $puppet::server::group,
|
||
mode => '0750',
|
||
require => Exec['puppet_server_config-create_ssl_dir'],
|
||
}
|
||
|
||
if $puppet::server::ssl_key_manage {
|
||
file { "${::puppet::server::ssl_dir}/private_keys/${::puppet::server::certname}.pem":
|
||
owner => $::puppet::server::user,
|
||
group => $::puppet::server::group,
|
||
file { "${puppet::server::ssl_dir}/private_keys/${puppet::server::certname}.pem":
|
||
owner => $puppet::server::user,
|
||
group => $puppet::server::group,
|
||
mode => '0640',
|
||
}
|
||
}
|
||
... | ... | |
$_custom_trusted_oid_mapping = {
|
||
oid_mapping => $puppet::server::custom_trusted_oid_mapping,
|
||
}
|
||
file { "${::puppet::dir}/custom_trusted_oid_mapping.yaml":
|
||
file { "${puppet::dir}/custom_trusted_oid_mapping.yaml":
|
||
ensure => file,
|
||
owner => 'root',
|
||
group => $::puppet::params::root_group,
|
||
group => $puppet::params::root_group,
|
||
mode => '0644',
|
||
content => to_yaml($_custom_trusted_oid_mapping),
|
||
}
|
||
... | ... | |
# If the ssl dir is not the default dir, it needs to be created before running
|
||
# the generate ca cert or it will fail.
|
||
exec {'puppet_server_config-create_ssl_dir':
|
||
creates => $::puppet::server::ssl_dir,
|
||
command => "/bin/mkdir -p ${::puppet::server::ssl_dir}",
|
||
creates => $puppet::server::ssl_dir,
|
||
command => "/bin/mkdir -p ${puppet::server::ssl_dir}",
|
||
umask => '0022',
|
||
}
|
||
|
||
# Generate a new CA and host cert if our host cert doesn't exist
|
||
if $::puppet::server::ca {
|
||
if $puppet::server::ca {
|
||
if versioncmp($::puppetversion, '6.0') > 0 {
|
||
$command = "${::puppet::puppetserver_cmd} ca setup"
|
||
$command = "${puppet::puppetserver_cmd} ca setup"
|
||
} else {
|
||
$command = "${::puppet::puppet_cmd} cert --generate ${::puppet::server::certname} --allow-dns-alt-names"
|
||
$command = "${puppet::puppet_cmd} cert --generate ${puppet::server::certname} --allow-dns-alt-names"
|
||
}
|
||
|
||
exec {'puppet_server_config-generate_ca_cert':
|
||
creates => $::puppet::server::ssl_cert,
|
||
creates => $puppet::server::ssl_cert,
|
||
command => $command,
|
||
umask => '0022',
|
||
require => [
|
||
Concat["${::puppet::server::dir}/puppet.conf"],
|
||
Concat["${puppet::server::dir}/puppet.conf"],
|
||
Exec['puppet_server_config-create_ssl_dir'],
|
||
],
|
||
}
|
||
} elsif $::puppet::server::ca_crl_sync {
|
||
} elsif $puppet::server::ca_crl_sync {
|
||
# If not a ca AND sync the crl from the ca master
|
||
if defined('$::servername') {
|
||
file { $::puppet::server::ssl_ca_crl:
|
||
file { $puppet::server::ssl_ca_crl:
|
||
ensure => file,
|
||
owner => $::puppet::server::user,
|
||
group => $::puppet::server::group,
|
||
owner => $puppet::server::user,
|
||
group => $puppet::server::group,
|
||
mode => '0644',
|
||
content => file($::settings::cacrl, $::settings::hostcrl, '/dev/null'),
|
||
}
|
||
... | ... | |
}
|
||
|
||
# autosign file
|
||
if $::puppet::server_ca and !($puppet::server::autosign =~ Boolean) {
|
||
if $::puppet::server::autosign_content or $::puppet::server::autosign_source {
|
||
if !empty($::puppet::server::autosign_entries) {
|
||
if $puppet::server_ca and !($puppet::server::autosign =~ Boolean) {
|
||
if $puppet::server::autosign_content or $puppet::server::autosign_source {
|
||
if !empty($puppet::server::autosign_entries) {
|
||
fail('Cannot set both autosign_content/autosign_source and autosign_entries')
|
||
}
|
||
$autosign_content = $::puppet::server::autosign_content
|
||
} elsif !empty($::puppet::server::autosign_entries) {
|
||
$autosign_content = $puppet::server::autosign_content
|
||
} elsif !empty($puppet::server::autosign_entries) {
|
||
$autosign_content = template('puppet/server/autosign.conf.erb')
|
||
} else {
|
||
$autosign_content = undef
|
||
}
|
||
file { $::puppet::server::autosign:
|
||
file { $puppet::server::autosign:
|
||
ensure => file,
|
||
owner => $::puppet::server::user,
|
||
group => $::puppet::server::group,
|
||
mode => $::puppet::server::autosign_mode,
|
||
owner => $puppet::server::user,
|
||
group => $puppet::server::group,
|
||
mode => $puppet::server::autosign_mode,
|
||
content => $autosign_content,
|
||
source => $::puppet::server::autosign_source,
|
||
source => $puppet::server::autosign_source,
|
||
}
|
||
}
|
||
|
||
# only manage this file if we provide content
|
||
if $::puppet::server::default_manifest and $::puppet::server::default_manifest_content != '' {
|
||
file { $::puppet::server::default_manifest_path:
|
||
if $puppet::server::default_manifest and $puppet::server::default_manifest_content != '' {
|
||
file { $puppet::server::default_manifest_path:
|
||
ensure => file,
|
||
owner => $puppet::user,
|
||
group => $puppet::group,
|
||
mode => '0644',
|
||
content => $::puppet::server::default_manifest_content,
|
||
content => $puppet::server::default_manifest_content,
|
||
}
|
||
}
|
||
|
||
## Environments
|
||
# location where our puppet environments are located
|
||
if $::puppet::server::envs_target and $::puppet::server::envs_target != '' {
|
||
if $puppet::server::envs_target and $puppet::server::envs_target != '' {
|
||
$ensure = 'link'
|
||
} else {
|
||
$ensure = 'directory'
|
||
}
|
||
|
||
file { $::puppet::server::envs_dir:
|
||
file { $puppet::server::envs_dir:
|
||
ensure => $ensure,
|
||
owner => $::puppet::server::environments_owner,
|
||
group => $::puppet::server::environments_group,
|
||
mode => $::puppet::server::environments_mode,
|
||
target => $::puppet::server::envs_target,
|
||
owner => $puppet::server::environments_owner,
|
||
group => $puppet::server::environments_group,
|
||
mode => $puppet::server::environments_mode,
|
||
target => $puppet::server::envs_target,
|
||
force => true,
|
||
}
|
||
|
||
if $::puppet::server::git_repo {
|
||
include ::git
|
||
if $puppet::server::git_repo {
|
||
include git
|
||
|
||
if $::puppet::server::manage_user {
|
||
Class['git'] -> User[$::puppet::server::user]
|
||
if $puppet::server::manage_user {
|
||
Class['git'] -> User[$puppet::server::user]
|
||
}
|
||
|
||
file { $::puppet::vardir:
|
||
file { $puppet::vardir:
|
||
ensure => directory,
|
||
owner => 'root',
|
||
group => 'root',
|
||
... | ... | |
|
||
git::repo { 'puppet_repo':
|
||
bare => true,
|
||
target => $::puppet::server::git_repo_path,
|
||
mode => $::puppet::server::git_repo_mode,
|
||
user => $::puppet::server::git_repo_user,
|
||
group => $::puppet::server::git_repo_group,
|
||
require => File[$::puppet::vardir, $::puppet::server::envs_dir],
|
||
target => $puppet::server::git_repo_path,
|
||
mode => $puppet::server::git_repo_mode,
|
||
user => $puppet::server::git_repo_user,
|
||
group => $puppet::server::git_repo_group,
|
||
require => File[$puppet::vardir, $puppet::server::envs_dir],
|
||
}
|
||
|
||
$git_branch_map = $::puppet::server::git_branch_map
|
||
$git_branch_map = $puppet::server::git_branch_map
|
||
# git post hook to auto generate an environment per branch
|
||
file { "${::puppet::server::git_repo_path}/hooks/${::puppet::server::post_hook_name}":
|
||
content => template($::puppet::server::post_hook_content),
|
||
owner => $::puppet::server::git_repo_user,
|
||
group => $::puppet::server::git_repo_group,
|
||
mode => $::puppet::server::git_repo_mode,
|
||
file { "${puppet::server::git_repo_path}/hooks/${puppet::server::post_hook_name}":
|
||
content => template($puppet::server::post_hook_content),
|
||
owner => $puppet::server::git_repo_user,
|
||
group => $puppet::server::git_repo_group,
|
||
mode => $puppet::server::git_repo_mode,
|
||
require => Git::Repo['puppet_repo'],
|
||
}
|
||
}
|
||
... | ... | |
ensure => directory,
|
||
}
|
||
|
||
if $::puppet::server::common_modules_path and !empty($::puppet::server::common_modules_path) {
|
||
file { $::puppet::server::common_modules_path:
|
||
if $puppet::server::common_modules_path and !empty($puppet::server::common_modules_path) {
|
||
file { $puppet::server::common_modules_path:
|
||
ensure => directory,
|
||
owner => $::puppet::server_environments_owner,
|
||
group => $::puppet::server_environments_group,
|
||
mode => $::puppet::server_environments_mode,
|
||
owner => $puppet::server_environments_owner,
|
||
group => $puppet::server_environments_group,
|
||
mode => $puppet::server_environments_mode,
|
||
}
|
||
}
|
||
|
||
## Foreman
|
||
if $::puppet::server::foreman {
|
||
if $puppet::server::foreman {
|
||
# Include foreman components for the puppetmaster
|
||
# ENC script, reporting script etc.
|
||
class { 'foreman::puppetmaster':
|
||
foreman_url => $::puppet::server::foreman_url,
|
||
receive_facts => $::puppet::server::server_foreman_facts,
|
||
puppet_home => $::puppet::server::puppetserver_vardir,
|
||
puppet_basedir => $::puppet::server::puppet_basedir,
|
||
foreman_url => $puppet::server::foreman_url,
|
||
receive_facts => $puppet::server::server_foreman_facts,
|
||
puppet_home => $puppet::server::puppetserver_vardir,
|
||
puppet_basedir => $puppet::server::puppet_basedir,
|
||
puppet_etcdir => $puppet::dir,
|
||
enc_api => $::puppet::server::enc_api,
|
||
report_api => $::puppet::server::report_api,
|
||
timeout => $::puppet::server::request_timeout,
|
||
ssl_ca => pick($::puppet::server::foreman_ssl_ca, $::puppet::server::ssl_ca_cert),
|
||
ssl_cert => pick($::puppet::server::foreman_ssl_cert, $::puppet::server::ssl_cert),
|
||
ssl_key => pick($::puppet::server::foreman_ssl_key, $::puppet::server::ssl_cert_key),
|
||
enc_api => $puppet::server::enc_api,
|
||
report_api => $puppet::server::report_api,
|
||
timeout => $puppet::server::request_timeout,
|
||
ssl_ca => pick($puppet::server::foreman_ssl_ca, $puppet::server::ssl_ca_cert),
|
||
ssl_cert => pick($puppet::server::foreman_ssl_cert, $puppet::server::ssl_cert),
|
||
ssl_key => pick($puppet::server::foreman_ssl_key, $puppet::server::ssl_cert_key),
|
||
}
|
||
contain foreman::puppetmaster
|
||
}
|
||
|
||
## PuppetDB
|
||
if $::puppet::server::puppetdb_host {
|
||
class { '::puppetdb::master::config':
|
||
puppetdb_server => $::puppet::server::puppetdb_host,
|
||
puppetdb_port => $::puppet::server::puppetdb_port,
|
||
puppetdb_soft_write_failure => $::puppet::server::puppetdb_swf,
|
||
if $puppet::server::puppetdb_host {
|
||
class { 'puppetdb::master::config':
|
||
puppetdb_server => $puppet::server::puppetdb_host,
|
||
puppetdb_port => $puppet::server::puppetdb_port,
|
||
puppetdb_soft_write_failure => $puppet::server::puppetdb_swf,
|
||
manage_storeconfigs => false,
|
||
restart_puppet => false,
|
||
}
|
manifests/server/enc.pp | ||
---|---|---|
# Set up the ENC config
|
||
# @api private
|
||
class puppet::server::enc(
|
||
$enc_path = $::puppet::server::external_nodes
|
||
$enc_path = $puppet::server::external_nodes
|
||
) {
|
||
puppet::config::master {
|
||
'external_nodes': value => $enc_path;
|
manifests/server/install.pp | ||
---|---|---|
Class['puppet::server::install'] -> Class['foreman::config']
|
||
}
|
||
|
||
if $::puppet::server::manage_user {
|
||
$shell = $::puppet::server::git_repo ? {
|
||
true => $::osfamily ? {
|
||
if $puppet::server::manage_user {
|
||
$shell = $puppet::server::git_repo ? {
|
||
true => $facts['os']['family'] ? {
|
||
/^(FreeBSD|DragonFly)$/ => '/usr/local/bin/git-shell',
|
||
default => '/usr/bin/git-shell'
|
||
},
|
||
default => undef,
|
||
}
|
||
|
||
user { $::puppet::server::user:
|
||
user { $puppet::server::user:
|
||
shell => $shell,
|
||
}
|
||
}
|
||
|
||
if $::puppet::manage_packages == true or $::puppet::manage_packages == 'server' {
|
||
$server_package = pick($::puppet::server::package, 'puppetserver')
|
||
$server_version = pick($::puppet::server::version, $::puppet::version)
|
||
if $puppet::manage_packages == true or $puppet::manage_packages == 'server' {
|
||
$server_package = pick($puppet::server::package, 'puppetserver')
|
||
$server_version = pick($puppet::server::version, $puppet::version)
|
||
|
||
package { $server_package:
|
||
ensure => $server_version,
|
||
}
|
||
|
||
if $::puppet::server::manage_user {
|
||
Package[$server_package] -> User[$::puppet::server::user]
|
||
if $puppet::server::manage_user {
|
||
Package[$server_package] -> User[$puppet::server::user]
|
||
}
|
||
}
|
||
}
|
manifests/server/puppetserver.pp | ||
---|---|---|
# }
|
||
#
|
||
class puppet::server::puppetserver (
|
||
$config = $::puppet::server::jvm_config,
|
||
$java_bin = $::puppet::server::jvm_java_bin,
|
||
$jvm_extra_args = $::puppet::server::real_jvm_extra_args,
|
||
$jvm_cli_args = $::puppet::server::jvm_cli_args,
|
||
$jvm_min_heap_size = $::puppet::server::jvm_min_heap_size,
|
||
$jvm_max_heap_size = $::puppet::server::jvm_max_heap_size,
|
||
$server_puppetserver_dir = $::puppet::server::puppetserver_dir,
|
||
$server_puppetserver_vardir = $::puppet::server::puppetserver_vardir,
|
||
$server_puppetserver_rundir = $::puppet::server::puppetserver_rundir,
|
||
$server_puppetserver_logdir = $::puppet::server::puppetserver_logdir,
|
||
$server_jruby_gem_home = $::puppet::server::jruby_gem_home,
|
||
$server_ruby_load_paths = $::puppet::server::ruby_load_paths,
|
||
$server_cipher_suites = $::puppet::server::cipher_suites,
|
||
$server_max_active_instances = $::puppet::server::max_active_instances,
|
||
$server_max_requests_per_instance = $::puppet::server::max_requests_per_instance,
|
||
$server_max_queued_requests = $::puppet::server::max_queued_requests,
|
||
$server_max_retry_delay = $::puppet::server::max_retry_delay,
|
||
$server_multithreaded = $::puppet::server::multithreaded,
|
||
$server_ssl_protocols = $::puppet::server::ssl_protocols,
|
||
$server_ssl_ca_crl = $::puppet::server::ssl_ca_crl,
|
||
$server_ssl_ca_cert = $::puppet::server::ssl_ca_cert,
|
||
$server_ssl_cert = $::puppet::server::ssl_cert,
|
||
$server_ssl_cert_key = $::puppet::server::ssl_cert_key,
|
||
$server_ssl_chain = $::puppet::server::ssl_chain,
|
||
$server_crl_enable = $::puppet::server::crl_enable_real,
|
||
$server_ip = $::puppet::server::ip,
|
||
$server_port = $::puppet::server::port,
|
||
$server_http = $::puppet::server::http,
|
||
$server_http_port = $::puppet::server::http_port,
|
||
$server_ca = $::puppet::server::ca,
|
||
$server_dir = $::puppet::server::dir,
|
||
$codedir = $::puppet::server::codedir,
|
||
$server_idle_timeout = $::puppet::server::idle_timeout,
|
||
$server_web_idle_timeout = $::puppet::server::web_idle_timeout,
|
||
$server_connect_timeout = $::puppet::server::connect_timeout,
|
||
$server_ca_auth_required = $::puppet::server::ca_auth_required,
|
||
$server_ca_client_self_delete = $::puppet::server::ca_client_self_delete,
|
||
$server_ca_client_whitelist = $::puppet::server::ca_client_whitelist,
|
||
$server_admin_api_whitelist = $::puppet::server::admin_api_whitelist,
|
||
$server_puppetserver_version = $::puppet::server::real_puppetserver_version,
|
||
$server_use_legacy_auth_conf = $::puppet::server::use_legacy_auth_conf,
|
||
$server_check_for_updates = $::puppet::server::check_for_updates,
|
||
$server_environment_class_cache_enabled = $::puppet::server::environment_class_cache_enabled,
|
||
$server_jruby9k = $::puppet::server::puppetserver_jruby9k,
|
||
$server_metrics = $::puppet::server::real_puppetserver_metrics,
|
||
$metrics_jmx_enable = $::puppet::server::metrics_jmx_enable,
|
||
$metrics_graphite_enable = $::puppet::server::metrics_graphite_enable,
|
||
$metrics_graphite_host = $::puppet::server::metrics_graphite_host,
|
||
$metrics_graphite_port = $::puppet::server::metrics_graphite_port,
|
||
$metrics_server_id = $::puppet::server::metrics_server_id,
|
||
$metrics_graphite_interval = $::puppet::server::metrics_graphite_interval,
|
||
$metrics_allowed = $::puppet::server::metrics_allowed,
|
||
$server_experimental = $::puppet::server::puppetserver_experimental,
|
||
$server_trusted_agents = $::puppet::server::puppetserver_trusted_agents,
|
||
$allow_header_cert_info = $::puppet::server::allow_header_cert_info,
|
||
$compile_mode = $::puppet::server::compile_mode,
|
||
$acceptor_threads = $::puppet::server::acceptor_threads,
|
||
$selector_threads = $::puppet::server::selector_threads,
|
||
$ssl_acceptor_threads = $::puppet::server::ssl_acceptor_threads,
|
||
$ssl_selector_threads = $::puppet::server::ssl_selector_threads,
|
||
$max_threads = $::puppet::server::max_threads,
|
||
$ca_allow_sans = $::puppet::server::ca_allow_sans,
|
||
$ca_allow_auth_extensions = $::puppet::server::ca_allow_auth_extensions,
|
||
$ca_enable_infra_crl = $::puppet::server::ca_enable_infra_crl,
|
||
$max_open_files = $::puppet::server::max_open_files,
|
||
$versioned_code_id = $::puppet::server::versioned_code_id,
|
||
$versioned_code_content = $::puppet::server::versioned_code_content,
|
||
$config = $puppet::server::jvm_config,
|
||
$java_bin = $puppet::server::jvm_java_bin,
|
||
$jvm_extra_args = $puppet::server::real_jvm_extra_args,
|
||
$jvm_cli_args = $puppet::server::jvm_cli_args,
|
||
$jvm_min_heap_size = $puppet::server::jvm_min_heap_size,
|
||
$jvm_max_heap_size = $puppet::server::jvm_max_heap_size,
|
||
$server_puppetserver_dir = $puppet::server::puppetserver_dir,
|
||
$server_puppetserver_vardir = $puppet::server::puppetserver_vardir,
|
||
$server_puppetserver_rundir = $puppet::server::puppetserver_rundir,
|
||
$server_puppetserver_logdir = $puppet::server::puppetserver_logdir,
|
||
$server_jruby_gem_home = $puppet::server::jruby_gem_home,
|
||
$server_ruby_load_paths = $puppet::server::ruby_load_paths,
|
||
$server_cipher_suites = $puppet::server::cipher_suites,
|
||
$server_max_active_instances = $puppet::server::max_active_instances,
|
||
$server_max_requests_per_instance = $puppet::server::max_requests_per_instance,
|
||
$server_max_queued_requests = $puppet::server::max_queued_requests,
|
||
$server_max_retry_delay = $puppet::server::max_retry_delay,
|
||
$server_multithreaded = $puppet::server::multithreaded,
|
||
$server_ssl_protocols = $puppet::server::ssl_protocols,
|
||
$server_ssl_ca_crl = $puppet::server::ssl_ca_crl,
|
||
$server_ssl_ca_cert = $puppet::server::ssl_ca_cert,
|
||
$server_ssl_cert = $puppet::server::ssl_cert,
|
||
$server_ssl_cert_key = $puppet::server::ssl_cert_key,
|
||
$server_ssl_chain = $puppet::server::ssl_chain,
|
||
$server_crl_enable = $puppet::server::crl_enable_real,
|
||
$server_ip = $puppet::server::ip,
|
||
$server_port = $puppet::server::port,
|
||
$server_http = $puppet::server::http,
|
||
$server_http_port = $puppet::server::http_port,
|
||
$server_ca = $puppet::server::ca,
|
||
$server_dir = $puppet::server::dir,
|
||
$codedir = $puppet::server::codedir,
|
||
$server_idle_timeout = $puppet::server::idle_timeout,
|
||
$server_web_idle_timeout = $puppet::server::web_idle_timeout,
|
||
$server_connect_timeout = $puppet::server::connect_timeout,
|
||
$server_ca_auth_required = $puppet::server::ca_auth_required,
|
||
$server_ca_client_self_delete = $puppet::server::ca_client_self_delete,
|
||
$server_ca_client_whitelist = $puppet::server::ca_client_whitelist,
|
||
$server_admin_api_whitelist = $puppet::server::admin_api_whitelist,
|
||
$server_puppetserver_version = $puppet::server::real_puppetserver_version,
|
||
$server_use_legacy_auth_conf = $puppet::server::use_legacy_auth_conf,
|
||
$server_check_for_updates = $puppet::server::check_for_updates,
|
||
$server_environment_class_cache_enabled = $puppet::server::environment_class_cache_enabled,
|
||
$server_jruby9k = $puppet::server::puppetserver_jruby9k,
|
||
$server_metrics = $puppet::server::real_puppetserver_metrics,
|
||
$metrics_jmx_enable = $puppet::server::metrics_jmx_enable,
|
||
$metrics_graphite_enable = $puppet::server::metrics_graphite_enable,
|
||
$metrics_graphite_host = $puppet::server::metrics_graphite_host,
|
||
$metrics_graphite_port = $puppet::server::metrics_graphite_port,
|
||
$metrics_server_id = $puppet::server::metrics_server_id,
|
||
$metrics_graphite_interval = $puppet::server::metrics_graphite_interval,
|
||
$metrics_allowed = $puppet::server::metrics_allowed,
|
||
$server_experimental = $puppet::server::puppetserver_experimental,
|
||
$server_trusted_agents = $puppet::server::puppetserver_trusted_agents,
|
||
$allow_header_cert_info = $puppet::server::allow_header_cert_info,
|
||
$compile_mode = $puppet::server::compile_mode,
|
||
$acceptor_threads = $puppet::server::acceptor_threads,
|
||
$selector_threads = $puppet::server::selector_threads,
|
||
$ssl_acceptor_threads = $puppet::server::ssl_acceptor_threads,
|
||
$ssl_selector_threads = $puppet::server::ssl_selector_threads,
|
||
$max_threads = $puppet::server::max_threads,
|
||
$ca_allow_sans = $puppet::server::ca_allow_sans,
|
||
$ca_allow_auth_extensions = $puppet::server::ca_allow_auth_extensions,
|
||
$ca_enable_infra_crl = $puppet::server::ca_enable_infra_crl,
|
||
$max_open_files = $puppet::server::max_open_files,
|
||
$versioned_code_id = $puppet::server::versioned_code_id,
|
||
$versioned_code_content = $puppet::server::versioned_code_content,
|
||
) {
|
||
include ::puppet::server
|
||
include puppet::server
|
||
|
||
if versioncmp($server_puppetserver_version, '5.3.6') < 0 {
|
||
fail('puppetserver <5.3.6 is not supported by this module version')
|
||
}
|
||
|
||
$puppetserver_package = pick($::puppet::server::package, 'puppetserver')
|
||
$puppetserver_package = pick($puppet::server::package, 'puppetserver')
|
||
|
||
$jvm_cmd_arr = ["-Xms${jvm_min_heap_size}", "-Xmx${jvm_max_heap_size}", $jvm_extra_args]
|
||
$jvm_cmd = strip(join(flatten($jvm_cmd_arr), ' '))
|
||
|
||
if $::osfamily == 'FreeBSD' {
|
||
if $facts['os']['family'] == 'FreeBSD' {
|
||
$server_gem_paths = [ '${jruby-puppet.gem-home}', "\"${server_puppetserver_vardir}/vendored-jruby-gems\"", ] # lint:ignore:single_quote_string_with_variables
|
||
augeas { 'puppet::server::puppetserver::jvm':
|
||
context => '/files/etc/rc.conf',
|
||
... | ... | |
content => template('puppet/server/puppetserver/services.d/ca.cfg.erb'),
|
||
}
|
||
|
||
unless $::osfamily == 'FreeBSD' {
|
||
unless $facts['os']['family'] == 'FreeBSD' {
|
||
file { '/opt/puppetlabs/server/apps/puppetserver/config':
|
||
ensure => directory,
|
||
}
|
Also available in: Unified diff
Puppet lint fix