Yuvipanda has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/311767

Change subject: puppet: Use newer ENC
......................................................................

puppet: Use newer ENC

I hate this module. Mostly duplicating work from the labs
puppetmaster role.

Enabled by default only on Jessie

Bug: T91990
Change-Id: Iebcc4e2b6c3c1a8b08580cee7168c0b102d14e7a
---
M modules/puppet/manifests/self/config.pp
1 file changed, 50 insertions(+), 12 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/67/311767/1

diff --git a/modules/puppet/manifests/self/config.pp 
b/modules/puppet/manifests/self/config.pp
index 33edbf4..4494c55 100644
--- a/modules/puppet/manifests/self/config.pp
+++ b/modules/puppet/manifests/self/config.pp
@@ -18,24 +18,62 @@
     $puppet_client_subnet = undef,
     $certname             = $::fqdn,
     $autosign             = hiera('puppetmaster::autosigner', false),
+    $use_enc              = undef,
 ) {
-    include ldap::role::config::labs
+    if $use_enc == undef {
+        # We don't want this in precise, since
+        # precise is deprecated and we can't use the
+        # same libraries there
+        $use_enc_real = os_version('debian >= jessie')
+    } else {
+        $use_enc_real = $use_enc
+    }
+    if $use_enc_real {
+        require_package('python3-yaml', 'python3-ldap3')
 
-    $ldapconfig = $ldap::role::config::labs::ldapconfig
-    $basedn = $ldapconfig['basedn']
+        include ldap::yamlcreds
 
+        file { '/etc/puppet-enc.yaml':
+            content => ordered_yaml({
+                host => hiera('labs_puppet_master'),
+                }),
+            mode    => '0444',
+            owner   => 'root',
+            group   => 'root',
+        }
 
-    $config = {
-        'node_terminus' => 'ldap',
-        'ldapserver'    => $ldapconfig['servernames'][0],
-        'ldapbase'      => "ou=hosts,${basedn}",
-        'ldapstring'    => 
'(&(objectclass=puppetClient)(associatedDomain=%s))',
-        'ldapuser'      => $ldapconfig['proxyagent'],
-        'ldappassword'  => $ldapconfig['proxypass'],
-        'ldaptls'       => true,
+        file { '/usr/local/bin/puppet-enc':
+            source => 'puppet:///modules/role/labs/puppet-enc.py',
+            mode   => '0555',
+            owner  => 'root',
+            group  => 'root',
+        }
+
+        $encconfig = {
+            'node_terminus'  => 'exec',
+            'external_nodes' => '/usr/local/bin/puppet-enc',
+        }
+    } else {
+        include ldap::role::config::labs
+
+        $ldapconfig = $ldap::role::config::labs::ldapconfig
+        $basedn = $ldapconfig['basedn']
+
+        $encconfig = {
+            'node_terminus' => 'ldap',
+            'ldapserver'    => $ldapconfig['servernames'][0],
+            'ldapbase'      => "ou=hosts,${basedn}",
+            'ldapstring'    => 
'(&(objectclass=puppetClient)(associatedDomain=%s))',
+            'ldapuser'      => $ldapconfig['proxyagent'],
+            'ldappassword'  => $ldapconfig['proxypass'],
+            'ldaptls'       => true,
+        }
+    }
+
+    $config = merge($encconfig, {
         'dbadapter'     => 'sqlite3',
         'autosign'      => $autosign
-    }
+    })
 
 
     # This is set to something different than the default

-- 
To view, visit https://gerrit.wikimedia.org/r/311767
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Iebcc4e2b6c3c1a8b08580cee7168c0b102d14e7a
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Yuvipanda <yuvipa...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to