[MediaWiki-commits] [Gerrit] base::certificates: add puppet's CA to the trusted store - change (operations/puppet)

Giuseppe Lavagetto (Code Review) Thu, 12 Nov 2015 05:16:30 -0800

Giuseppe Lavagetto has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/252681


Change subject: base::certificates: add puppet's CA to the trusted store
......................................................................

base::certificates: add puppet's CA to the trusted store

Bug: T114638
Change-Id: I9e3fafb486c89a291395928f65531ace44c4caa0
---
M modules/base/manifests/certificates.pp
A modules/wmflib/lib/puppet/parser/functions/puppet_ssldir.rb
2 files changed, 22 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/81/252681/1

diff --git a/modules/base/manifests/certificates.pp 
b/modules/base/manifests/certificates.pp
index 83baa07..95df071 100644
--- a/modules/base/manifests/certificates.pp
+++ b/modules/base/manifests/certificates.pp
@@ -20,6 +20,13 @@
         source  => 
'puppet:///modules/base/ca/GlobalSign_Organization_Validation_CA_-_SHA256_-_G2.crt',
     }
 
+    $self_puppetmaster = hiera('role::puppet::self::master', $::puppetmaster)
+    $puppet_ssl_dir = ssldir($self_puppetmaster)
+
+    sslcert::ca { 'Puppet_Internal_CA':
+        source => "${puppet_ssl_dir}/certs/ca.pem"
+    }
+
     # install all CAs before generating certificates
     Sslcert::Ca <| |> -> Sslcert::Certificate<| |>
 }
diff --git a/modules/wmflib/lib/puppet/parser/functions/puppet_ssldir.rb 
b/modules/wmflib/lib/puppet/parser/functions/puppet_ssldir.rb
new file mode 100644
index 0000000..76327e8
--- /dev/null
+++ b/modules/wmflib/lib/puppet/parser/functions/puppet_ssldir.rb
@@ -0,0 +1,15 @@
+module Pupppet::Parser::Function
+  newfunction(:puppet_ssldir, :type => :rvalue, :arity => 1) do |args|
+    puppetmaster = args[0]
+
+    if puppetmaster
+      if lookup('fqdn') == puppetmaster or puppetmaster == 'localhost'
+        return '/var/lib/puppet/server/ssl'
+      else
+        return '/var/lib/puppet/client/ssl'
+      end
+    else
+      return '/var/lib/puppet/ssl'
+    end
+  end
+end

-- 
To view, visit https://gerrit.wikimedia.org/r/252681
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I9e3fafb486c89a291395928f65531ace44c4caa0
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Giuseppe Lavagetto <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] base::certificates: add puppet's CA to the trusted store - change (operations/puppet)

Reply via email to