puppet-puppet/manifests/server/config.pp @ d2f1d3d0
| 39bda209 | Ewoud Kohl van Wijngaarden | # Set up the puppet server config
|
|
| 96cab9ae | Ohad Levy | class puppet::server::config inherits puppet::config {
|
|
| 3c158112 | Greg Sutcliffe | if $puppet::server_passenger {
|
|
| 8f07c6dc | Dominic Cleal | # Anchor the passenger config inside this
|
|
class { 'puppet::server::passenger': } -> Class['puppet::server::config']
|
|||
}
|
|||
# Mirror the relationship, as defined() is parse-order dependent
|
|||
| 39bda209 | Ewoud Kohl van Wijngaarden | # Ensures puppetmasters certs are generated before the proxy is needed
|
|
| 8f07c6dc | Dominic Cleal | if defined(Class['foreman_proxy::config']) and $foreman_proxy::ssl {
|
|
Class['puppet::server::config'] -> Class['foreman_proxy::config']
|
|||
}
|
|||
# Open read permissions to private keys to puppet group for foreman, proxy etc.
|
|||
| 3c158112 | Greg Sutcliffe | file { "${puppet::server_ssl_dir}/private_keys":
|
|
group => $puppet::server_group,
|
|||
| 39bda209 | Ewoud Kohl van Wijngaarden | mode => '0750',
|
|
| 8f07c6dc | Dominic Cleal | }
|
|
| 3c158112 | Greg Sutcliffe | file { "${puppet::server_ssl_dir}/private_keys/${::fqdn}.pem":
|
|
group => $puppet::server_group,
|
|||
| 39bda209 | Ewoud Kohl van Wijngaarden | mode => '0640',
|
|
| 8f07c6dc | Dominic Cleal | }
|
|
| 96cab9ae | Ohad Levy | ||
| f345890c | Erik Dalén | # Include foreman components for the puppetmaster
|
|
# ENC script, reporting script etc.
|
|||
| 1e7e607d | Ewoud Kohl van Wijngaarden | class {'foreman::puppetmaster':
|
|
| 827cddee | Greg Sutcliffe | foreman_url => $puppet::server_foreman_url,
|
|
facts => $puppet::server_facts,
|
|||
puppet_home => $puppet::server_puppet_home,
|
|||
puppet_basedir => $puppet::server_puppet_basedir,
|
|||
enc_api => $puppet::server_enc_api,
|
|||
report_api => $puppet::server_report_api,
|
|||
| b547ad7e | Dominic Cleal | ssl_ca => $puppet::server_foreman_ssl_ca,
|
|
ssl_cert => $puppet::server_foreman_ssl_cert,
|
|||
ssl_key => $puppet::server_foreman_ssl_key,
|
|||
| 1e7e607d | Ewoud Kohl van Wijngaarden | }
|
|
| f345890c | Erik Dalén | ||
| 310e8878 | Marek Hulan | $ca_server = $::puppet::ca_server
|
|
$server_storeconfigs_backend = $::puppet::server_storeconfigs_backend
|
|||
$server_external_nodes = $::puppet::server_external_nodes
|
|||
if $server_external_nodes {
|
|||
$server_node_terminus = 'exec'
|
|||
} else {
|
|||
$server_node_terminus = 'plain'
|
|||
}
|
|||
| df2e0bff | Mickaël Canévet | concat_fragment { 'puppet.conf+30-master':
|
|
content => template($puppet::server_template),
|
|||
| 15e686fb | Jan Vansteenkiste | }
|
|
| 96cab9ae | Ohad Levy | ||
| 70b2f8b0 | Jan Vansteenkiste | ## If the ssl dir is not the default dir, it needs to be created before running
|
|
# the generate ca cert or it will fail.
|
|||
exec {'puppet_server_config-create_ssl_dir':
|
|||
| 3c158112 | Greg Sutcliffe | creates => $::puppet::server_ssl_dir,
|
|
command => "/bin/mkdir -p ${::puppet::server_ssl_dir}",
|
|||
| 70b2f8b0 | Jan Vansteenkiste | before => Exec['puppet_server_config-generate_ca_cert'],
|
|
}
|
|||
exec {'puppet_server_config-generate_ca_cert':
|
|||
| 23449a65 | Jan Vansteenkiste | creates => $::puppet::server::ssl_cert,
|
|
| 5615e256 | Jan Vansteenkiste | command => "${puppet::params::puppetca_path}/${puppet::params::puppetca_bin} --generate ${::fqdn}",
|
|
| 3c158112 | Greg Sutcliffe | require => File["${puppet::server_dir}/puppet.conf"],
|
|
notify => Service[$puppet::server_httpd_service],
|
|||
| 5615e256 | Jan Vansteenkiste | }
|
|
| 3c158112 | Greg Sutcliffe | file { "${puppet::server_vardir}/reports":
|
|
| f36d4510 | Greg Sutcliffe | ensure => directory,
|
|
| 3c158112 | Greg Sutcliffe | owner => $puppet::server_user,
|
|
| f36d4510 | Greg Sutcliffe | }
|
|
| de8444ee | Ivan Necas | # location where our puppet environments are located
|
|
file { $puppet::server_envs_dir:
|
|||
ensure => directory,
|
|||
owner => $puppet::server_environments_owner,
|
|||
}
|
|||
| 076d79da | Ohad Levy | ||
| de8444ee | Ivan Necas | if $puppet::server_git_repo {
|
|
| 09661d61 | Ohad Levy | ||
| 2a851d8c | Greg Sutcliffe | # need to chown the $vardir before puppet does it, or else
|
|
# we can't write puppet.git/ on the first run
|
|||
| 076d79da | Ohad Levy | include git
|
|
git::repo { 'puppet_repo':
|
|||
bare => true,
|
|||
| 3c158112 | Greg Sutcliffe | target => $puppet::server_git_repo_path,
|
|
user => $puppet::server_user,
|
|||
require => File[$puppet::server_envs_dir],
|
|||
| 076d79da | Ohad Levy | }
|
|
| cbe2b829 | Guido Günther | $git_branch_map = $puppet::server_git_branch_map
|
|
| 076d79da | Ohad Levy | # git post hook to auto generate an environment per branch
|
|
| 3c158112 | Greg Sutcliffe | file { "${puppet::server_git_repo_path}/hooks/${puppet::server_post_hook_name}":
|
|
content => template($puppet::server_post_hook_content),
|
|||
owner => $puppet::server_user,
|
|||
| af4efdd2 | Greg Sutcliffe | mode => '0755',
|
|
| 076d79da | Ohad Levy | require => Git::Repo['puppet_repo'],
|
|
}
|
|||
}
|
|||
| de8444ee | Ivan Necas | elsif ! $puppet::server_dynamic_environments {
|
|
file { ['/usr/share/puppet', $puppet::server_common_modules_path]:
|
|||
| 09661d61 | Ohad Levy | ensure => directory,
|
|
}
|
|||
| 6a34f1bc | sgzijl | # make sure your site.pp exists (puppet #15106, foreman #1708)
|
|
| 3c158112 | Greg Sutcliffe | file { "${puppet::server_manifest_path}/site.pp":
|
|
| 6a34f1bc | sgzijl | ensure => present,
|
|
| 91a59f77 | sgzijl | replace => false,
|
|
content => "# Empty site.pp required (puppet #15106, foreman #1708)\n",
|
|||
| d2f1d3d0 | Dominic Cleal | mode => '0644',
|
|
| 6a34f1bc | sgzijl | }
|
|
| 09661d61 | Ohad Levy | # setup empty directories for our environments
|
|
| 3c158112 | Greg Sutcliffe | puppet::server::env {$puppet::server_environments: }
|
|
| 09661d61 | Ohad Levy | }
|
|
| 96cab9ae | Ohad Levy | }
|