[MediaWiki-commits] [Gerrit] operations/puppet[production]: labs: Add a per-project puppetmaster role

Fri, 16 Sep 2016 10:42:07 -0700 

Yuvipanda has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/311163

Change subject: labs: Add a per-project puppetmaster role
......................................................................

labs: Add a per-project puppetmaster role

Uses the puppetmaster module rather than the puppet module.

DEATH TO THE PUPPET MODULE

Change-Id: I5f11761bdd2a1f292d3d061363fa53346d1eb768
---
A modules/role/manifests/labs/project_puppetmaster.pp
1 file changed, 32 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/63/311163/1

diff --git a/modules/role/manifests/labs/project_puppetmaster.pp 
b/modules/role/manifests/labs/project_puppetmaster.pp
new file mode 100644
index 0000000..92f430e
--- /dev/null
+++ b/modules/role/manifests/labs/project_puppetmaster.pp
@@ -0,0 +1,32 @@
+class role::labs::project_puppetmaster(
+    $autosign = false,
+) {
+    include ldap::role::config::labs
+
+    $ldapconfig = $ldap::role::config::labs::ldapconfig
+    $basedn = $ldapconfig['basedn']
+
+    $encconfig = {
+        'ldapserver'    => $ldapconfig['servernames'][0],
+        'ldapbase'      => "ou=hosts,${basedn}",
+        'ldapstring'    => 
'(&(objectclass=puppetClient)(associatedDomain=%s))',
+        'ldapuser'      => $ldapconfig['proxyagent'],
+        'ldappassword'  => $ldapconfig['proxypass'],
+        'ldaptls'       => true,
+        'node_terminus' => 'ldap'
+    }
+
+    # Allow access from everywhere! Use certificates to
+    # control access
+    $allow_from = '10.0.0.0/8'
+
+    class { '::puppetmaster':
+        server_name    => $::fqdn,
+        allow_from     => $allow_from,
+        secure_private => false,
+        config         => merge($encconfig, {
+            'thin_storeconfigs' => false,
+            'autosign'          => $autosign,
+        })
+    }
+}

-- 
To view, visit https://gerrit.wikimedia.org/r/311163
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I5f11761bdd2a1f292d3d061363fa53346d1eb768
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Yuvipanda <yuvipa...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to