Yuvipanda has submitted this change and it was merged.

Change subject: puppet: Add option to use newer ENC
......................................................................


puppet: Add option to use newer ENC

I hate this module. Mostly duplicating work from the labs
puppetmaster role.

Bug: T91990
Change-Id: I154812b3a44badfbc88ac636ce5cb58a0a5a1c8a
---
M modules/puppet/manifests/self/config.pp
1 file changed, 33 insertions(+), 12 deletions(-)

Approvals:
  Yuvipanda: Verified; Looks good to me, approved



diff --git a/modules/puppet/manifests/self/config.pp 
b/modules/puppet/manifests/self/config.pp
index 33edbf4..7c75fe0 100644
--- a/modules/puppet/manifests/self/config.pp
+++ b/modules/puppet/manifests/self/config.pp
@@ -18,24 +18,45 @@
     $puppet_client_subnet = undef,
     $certname             = $::fqdn,
     $autosign             = hiera('puppetmaster::autosigner', false),
+    $use_enc              = false,
 ) {
-    include ldap::role::config::labs
+    if $use_enc {
+        require_package('python3-yaml', 'python3-ldap3')
 
-    $ldapconfig = $ldap::role::config::labs::ldapconfig
-    $basedn = $ldapconfig['basedn']
+        include ldap::yamlcreds
 
+        file { '/usr/local/bin/puppet-enc':
+            source => 'puppet:///modules/role/labs/puppet-enc.py',
+            mode   => '0555',
+            owner  => 'root',
+            group  => 'root',
+        }
 
-    $config = {
-        'node_terminus' => 'ldap',
-        'ldapserver'    => $ldapconfig['servernames'][0],
-        'ldapbase'      => "ou=hosts,${basedn}",
-        'ldapstring'    => 
'(&(objectclass=puppetClient)(associatedDomain=%s))',
-        'ldapuser'      => $ldapconfig['proxyagent'],
-        'ldappassword'  => $ldapconfig['proxypass'],
-        'ldaptls'       => true,
+        $encconfig = {
+            'node_terminus'  => 'exec',
+            'external_nodes' => '/usr/local/bin/puppet-enc',
+        }
+    } else {
+        include ldap::role::config::labs
+
+        $ldapconfig = $ldap::role::config::labs::ldapconfig
+        $basedn = $ldapconfig['basedn']
+
+        $encconfig = {
+            'node_terminus' => 'ldap',
+            'ldapserver'    => $ldapconfig['servernames'][0],
+            'ldapbase'      => "ou=hosts,${basedn}",
+            'ldapstring'    => 
'(&(objectclass=puppetClient)(associatedDomain=%s))',
+            'ldapuser'      => $ldapconfig['proxyagent'],
+            'ldappassword'  => $ldapconfig['proxypass'],
+            'ldaptls'       => true,
+        }
+    }
+
+    $config = merge($encconfig, {
         'dbadapter'     => 'sqlite3',
         'autosign'      => $autosign
-    }
+    })
 
 
     # This is set to something different than the default

-- 
To view, visit https://gerrit.wikimedia.org/r/310952
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I154812b3a44badfbc88ac636ce5cb58a0a5a1c8a
Gerrit-PatchSet: 5
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Yuvipanda <yuvipa...@wikimedia.org>
Gerrit-Reviewer: Yuvipanda <yuvipa...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to