Yuvipanda has uploaded a new change for review. https://gerrit.wikimedia.org/r/310952
Change subject: puppet: Add option to use newer ENC ...................................................................... puppet: Add option to use newer ENC I hate this module. Mostly duplicating work from the labs puppetmaster role. Bug: T91990 Change-Id: I154812b3a44badfbc88ac636ce5cb58a0a5a1c8a --- M modules/puppet/manifests/self/config.pp 1 file changed, 32 insertions(+), 11 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/52/310952/1 diff --git a/modules/puppet/manifests/self/config.pp b/modules/puppet/manifests/self/config.pp index 33edbf4..9977d15 100644 --- a/modules/puppet/manifests/self/config.pp +++ b/modules/puppet/manifests/self/config.pp @@ -18,21 +18,42 @@ $puppet_client_subnet = undef, $certname = $::fqdn, $autosign = hiera('puppetmaster::autosigner', false), + $use_enc = false, ) { - include ldap::role::config::labs + if $use_enc { + require_package('python3-yaml', 'python3-ldap3') - $ldapconfig = $ldap::role::config::labs::ldapconfig - $basedn = $ldapconfig['basedn'] + include ldap::yamlcreds + file { '/usr/local/bin/puppet-enc': + source => 'puppet:///modules/role/labs/puppet-enc.py', + mode => '0555', + owner => 'root', + group => 'root', + } - $config = { - 'node_terminus' => 'ldap', - 'ldapserver' => $ldapconfig['servernames'][0], - 'ldapbase' => "ou=hosts,${basedn}", - 'ldapstring' => '(&(objectclass=puppetClient)(associatedDomain=%s))', - 'ldapuser' => $ldapconfig['proxyagent'], - 'ldappassword' => $ldapconfig['proxypass'], - 'ldaptls' => true, + $encconfig = { + 'node_terminus' => 'exec', + 'external_nodes' => '/usr/local/bin/puppet-enc', + } + } else { + include ldap::role::config::labs + + $ldapconfig = $ldap::role::config::labs::ldapconfig + $basedn = $ldapconfig['basedn'] + + $encconfig = { + 'node_terminus' => 'ldap', + 'ldapserver' => $ldapconfig['servernames'][0], + 'ldapbase' => "ou=hosts,${basedn}", + 'ldapstring' => '(&(objectclass=puppetClient)(associatedDomain=%s))', + 'ldapuser' => $ldapconfig['proxyagent'], + 'ldappassword' => $ldapconfig['proxypass'], + 'ldaptls' => true, + } + } + + $config = merge($encconfig, { 'dbadapter' => 'sqlite3', 'autosign' => $autosign } -- To view, visit https://gerrit.wikimedia.org/r/310952 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I154812b3a44badfbc88ac636ce5cb58a0a5a1c8a Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Yuvipanda <yuvipa...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits