Allow site.pp to manage ca and ca_sever in puppet.conf

This allows us to set ca = false and ca_server = <fqdn> on the new puppet 3 master. Change-Id: Iba189bdc4bfb22fd23052f2570f52133ea184126
2014-07-02 14:34:36 -07:00 · 2014-07-02 14:34:36 -07:00 · b65a2d3afc
commit b65a2d3afc
parent 6adda92be8
6 changed files with 21 additions and 9 deletions
--- a/manifests/site.pp
+++ b/manifests/site.pp
@ -160,11 +160,12 @@ node 'ci-puppetmaster.openstack.org' {

 node 'puppetmaster.openstack.org' {
  class { 'openstack_project::puppetmaster':
-    root_rsa_key    => hiera('puppetmaster_root_rsa_key'),
-    salt            => false,
-    update_slave    => false,
-    sysadmins       => hiera('sysadmins'),
-    version         => '3.4.',
+    root_rsa_key => hiera('puppetmaster_root_rsa_key'),
+    salt         => false,
+    update_slave => false,
+    sysadmins    => hiera('sysadmins'),
+    version      => '3.4.',
+    ca_server    => 'ci-puppetmaster.openstack.org',
  }
 }

--- a/modules/openstack_project/manifests/base.pp
+++ b/modules/openstack_project/manifests/base.pp
@ -5,6 +5,7 @@ class openstack_project::base(
  $install_users = true,
  $pin_puppet    = '2.7.',
  $pin_facter    = '1.',
+  $ca_server     = undef,
 ) {
  if ($::osfamily == 'Debian') {
    include apt
--- a/modules/openstack_project/manifests/puppetmaster.pp
+++ b/modules/openstack_project/manifests/puppetmaster.pp
@ -7,6 +7,7 @@ class openstack_project::puppetmaster (
  $update_slave = true,
  $sysadmins = [],
  $version   = '2.7.',
+  $ca_server = undef,
 ) {
  include logrotate
  include openstack_project::params
@ -15,6 +16,7 @@ class openstack_project::puppetmaster (
    iptables_public_tcp_ports => [4505, 4506, 8140],
    sysadmins                 => $sysadmins,
    pin_puppet                => $version,
+    ca_server                 => $ca_server,
  }

  if ($salt) {
--- a/modules/openstack_project/manifests/server.pp
+++ b/modules/openstack_project/manifests/server.pp
@ -9,6 +9,7 @@ class openstack_project::server (
  $sysadmins                 = [],
  $certname                  = $::fqdn,
  $pin_puppet                = '2.7.',
+  $ca_server                 = undef,
 ) {
  class { 'openstack_project::template':
    iptables_public_tcp_ports => $iptables_public_tcp_ports,
@ -17,6 +18,7 @@ class openstack_project::server (
    iptables_rules6           => $iptables_rules6,
    certname                  => $certname,
    pin_puppet                => $pin_puppet,
+    ca_server                 => $ca_server,
  }
  class { 'exim':
    sysadmin => $sysadmins,
--- a/modules/openstack_project/manifests/template.pp
+++ b/modules/openstack_project/manifests/template.pp
@ -8,10 +8,11 @@ class openstack_project::template (
  $iptables_rules4           = [],
  $iptables_rules6           = [],
  $pin_puppet                = '2.7.',
-  $install_users = true,
-  $install_resolv_conf = true,
-  $automatic_upgrades = true,
-  $certname = $::fqdn
+  $install_users             = true,
+  $install_resolv_conf       = true,
+  $automatic_upgrades        = true,
+  $certname                  = $::fqdn,
+  $ca_server                 = undef,
 ) {
  include ssh
  include snmpd
@ -32,6 +33,7 @@ class openstack_project::template (
    install_users => $install_users,
    certname      => $certname,
    pin_puppet    => $pin_puppet,
+    ca_server     => $ca_server,
  }

  package { 'lvm2':
--- a/modules/openstack_project/templates/puppet.conf.erb
+++ b/modules/openstack_project/templates/puppet.conf.erb
@ -18,6 +18,10 @@ manifestdir=/opt/config/$environment/manifests
 modulepath=/opt/config/$environment/modules:/etc/puppet/modules
 manifest=$manifestdir/site.pp
 reports=store,puppetdb
+<% if @ca_server -%>
+ca = false
+ca_server = <%= @ca_server %>
+<% end -%>

 [agent]
 report=true