[MediaWiki-commits] [Gerrit] Don't clean the puppetcert for the puppetmaster service name. - change (operations/puppet)

2015-05-28 Thread Andrew Bogott (Code Review) 
Andrew Bogott has submitted this change and it was merged.

Change subject: Don't clean the puppetcert for the puppetmaster service name.
..


Don't clean the puppetcert for the puppetmaster service name.

Change-Id: I545bbd1fad879218d89048c65a5c4d69533f5247
---
M modules/puppetmaster/manifests/autosigner.pp
R modules/puppetmaster/templates/puppetsigner.py.erb
2 files changed, 12 insertions(+), 5 deletions(-)

Approvals:
  Andrew Bogott: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/puppetmaster/manifests/autosigner.pp 
b/modules/puppetmaster/manifests/autosigner.pp
index 6ce6a56..f9e2018 100644
--- a/modules/puppetmaster/manifests/autosigner.pp
+++ b/modules/puppetmaster/manifests/autosigner.pp
@@ -1,12 +1,15 @@
 # = Class: puppetmaster::autosigner
 # Automatically signs new puppet & salt certificate requests
 class puppetmaster::autosigner {
+
+$puppetmaster_service_name = hiera('labs_puppet_master')
+
 file { '/usr/local/sbin/puppetsigner.py':
-ensure => present,
-source => 'puppet:///modules/puppetmaster/puppetsigner.py',
-mode   => '0550',
-owner  => 'root',
-group  => 'root'
+ensure  => present,
+content => template('puppetmaster/puppetsigner.py.erb'),
+mode=> '0550',
+owner   => 'root',
+group   => 'root'
 }
 
 cron { 'puppet_certificate_signer':
diff --git a/modules/puppetmaster/files/puppetsigner.py 
b/modules/puppetmaster/templates/puppetsigner.py.erb
similarity index 96%
rename from modules/puppetmaster/files/puppetsigner.py
rename to modules/puppetmaster/templates/puppetsigner.py.erb
index e9b2b2e..8664ffa 100755
--- a/modules/puppetmaster/files/puppetsigner.py
+++ b/modules/puppetmaster/templates/puppetsigner.py.erb
@@ -57,6 +57,10 @@
 # Ourselves!
 continue
 
+if hostname == "<%= @puppetmaster_service_name %>"
+# Ourselves!
+continue
+
 # Skip pathological hostnames -- possible attack vector.
 if not re.match(r'^[\.a-zA-Z0-9_-]+\.eqiad\.wmflabs$', hostname):
 sys.stderr.write('Invalid hostname %s\n' % hostname)

-- 
To view, visit https://gerrit.wikimedia.org/r/214499
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I545bbd1fad879218d89048c65a5c4d69533f5247
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Andrew Bogott 
Gerrit-Reviewer: Andrew Bogott 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Don't clean the puppetcert for the puppetmaster service name. - change (operations/puppet)

2015-05-28 Thread Andrew Bogott (Code Review) 
Andrew Bogott has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/214499

Change subject: Don't clean the puppetcert for the puppetmaster service name.
..

Don't clean the puppetcert for the puppetmaster service name.

Change-Id: I545bbd1fad879218d89048c65a5c4d69533f5247
---
M modules/puppetmaster/manifests/autosigner.pp
R modules/puppetmaster/templates/puppetsigner.py.erb
2 files changed, 12 insertions(+), 5 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/99/214499/1

diff --git a/modules/puppetmaster/manifests/autosigner.pp 
b/modules/puppetmaster/manifests/autosigner.pp
index 6ce6a56..f9e2018 100644
--- a/modules/puppetmaster/manifests/autosigner.pp
+++ b/modules/puppetmaster/manifests/autosigner.pp
@@ -1,12 +1,15 @@
 # = Class: puppetmaster::autosigner
 # Automatically signs new puppet & salt certificate requests
 class puppetmaster::autosigner {
+
+$puppetmaster_service_name = hiera('labs_puppet_master')
+
 file { '/usr/local/sbin/puppetsigner.py':
-ensure => present,
-source => 'puppet:///modules/puppetmaster/puppetsigner.py',
-mode   => '0550',
-owner  => 'root',
-group  => 'root'
+ensure  => present,
+content => template('puppetmaster/puppetsigner.py.erb'),
+mode=> '0550',
+owner   => 'root',
+group   => 'root'
 }
 
 cron { 'puppet_certificate_signer':
diff --git a/modules/puppetmaster/files/puppetsigner.py 
b/modules/puppetmaster/templates/puppetsigner.py.erb
similarity index 96%
rename from modules/puppetmaster/files/puppetsigner.py
rename to modules/puppetmaster/templates/puppetsigner.py.erb
index e9b2b2e..8664ffa 100755
--- a/modules/puppetmaster/files/puppetsigner.py
+++ b/modules/puppetmaster/templates/puppetsigner.py.erb
@@ -57,6 +57,10 @@
 # Ourselves!
 continue
 
+if hostname == "<%= @puppetmaster_service_name %>"
+# Ourselves!
+continue
+
 # Skip pathological hostnames -- possible attack vector.
 if not re.match(r'^[\.a-zA-Z0-9_-]+\.eqiad\.wmflabs$', hostname):
 sys.stderr.write('Invalid hostname %s\n' % hostname)

-- 
To view, visit https://gerrit.wikimedia.org/r/214499
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I545bbd1fad879218d89048c65a5c4d69533f5247
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Andrew Bogott 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits