Yuvipanda has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/311751

Change subject: labs: Setup the standalone puppetmaster to use ENC
......................................................................

labs: Setup the standalone puppetmaster to use ENC

Change-Id: I5d843edfdb62e1eb063316dab73836ae7ffed2ec
---
M modules/role/manifests/puppetmaster/standalone.pp
1 file changed, 37 insertions(+), 8 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/51/311751/1

diff --git a/modules/role/manifests/puppetmaster/standalone.pp 
b/modules/role/manifests/puppetmaster/standalone.pp
index 00ee13b..073b689 100644
--- a/modules/role/manifests/puppetmaster/standalone.pp
+++ b/modules/role/manifests/puppetmaster/standalone.pp
@@ -14,20 +14,49 @@
 #  use this, and will have to sign manually.
 class role::puppetmaster::standalone(
     $autosign = false,
+    $use_enc = false,
 ) {
     include ldap::role::config::labs
 
     $ldapconfig = $ldap::role::config::labs::ldapconfig
     $basedn = $ldapconfig['basedn']
 
-    $encconfig = {
-        'ldapserver'    => $ldapconfig['servernames'][0],
-        'ldapbase'      => "ou=hosts,${basedn}",
-        'ldapstring'    => 
'(&(objectclass=puppetClient)(associatedDomain=%s))',
-        'ldapuser'      => $ldapconfig['proxyagent'],
-        'ldappassword'  => $ldapconfig['proxypass'],
-        'ldaptls'       => true,
-        'node_terminus' => 'ldap'
+    if $use_enc {
+        # Setup ENC
+        require_package('python3-yaml', 'python3-ldap3')
+
+        include ldap::yamlcreds
+
+        file { '/etc/puppet-enc.yaml':
+            content => ordered_yaml({
+                host => hiera('labs_puppet_master'),
+            }),
+            mode    => '0444',
+            owner   => 'root',
+            group   => 'root',
+        }
+
+        file { '/usr/local/bin/puppet-enc':
+            source => 'puppet:///modules/role/labs/puppet-enc.py',
+            mode   => '0555',
+            owner  => 'root',
+            group  => 'root',
+        }
+
+        $encconfig = {
+            'node_terminus'  => 'exec',
+            'external_nodes' => '/usr/local/bin/puppet-enc',
+        }
+    } else {
+        $encconfig = {
+            'ldapserver'    => $ldapconfig['servernames'][0],
+            'ldapbase'      => "ou=hosts,${basedn}",
+            'ldapstring'    => 
'(&(objectclass=puppetClient)(associatedDomain=%s))',
+            'ldapuser'      => $ldapconfig['proxyagent'],
+            'ldappassword'  => $ldapconfig['proxypass'],
+            'ldaptls'       => true,
+            'node_terminus' => 'ldap'
+        }
     }
 
     # Allow access from everywhere! Use certificates to

-- 
To view, visit https://gerrit.wikimedia.org/r/311751
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I5d843edfdb62e1eb063316dab73836ae7ffed2ec
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Yuvipanda <yuvipa...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to