[MediaWiki-commits] [Gerrit] operations/puppet[production]: labs: Setup the standalone puppetmaster to use ENC

2016-09-20 Thread Yuvipanda (Code Review) 
Yuvipanda has submitted this change and it was merged.

Change subject: labs: Setup the standalone puppetmaster to use ENC
..


labs: Setup the standalone puppetmaster to use ENC

Change-Id: I5d843edfdb62e1eb063316dab73836ae7ffed2ec
---
M modules/role/manifests/puppetmaster/standalone.pp
1 file changed, 37 insertions(+), 8 deletions(-)

Approvals:
  Yuvipanda: Verified; Looks good to me, approved



diff --git a/modules/role/manifests/puppetmaster/standalone.pp 
b/modules/role/manifests/puppetmaster/standalone.pp
index 00ee13b..458b497 100644
--- a/modules/role/manifests/puppetmaster/standalone.pp
+++ b/modules/role/manifests/puppetmaster/standalone.pp
@@ -14,20 +14,49 @@
 #  use this, and will have to sign manually.
 class role::puppetmaster::standalone(
 $autosign = false,
+$use_enc = true,
 ) {
 include ldap::role::config::labs
 
 $ldapconfig = $ldap::role::config::labs::ldapconfig
 $basedn = $ldapconfig['basedn']
 
-$encconfig = {
-'ldapserver'=> $ldapconfig['servernames'][0],
-'ldapbase'  => "ou=hosts,${basedn}",
-'ldapstring'=> 
'(&(objectclass=puppetClient)(associatedDomain=%s))',
-'ldapuser'  => $ldapconfig['proxyagent'],
-'ldappassword'  => $ldapconfig['proxypass'],
-'ldaptls'   => true,
-'node_terminus' => 'ldap'
+if $use_enc {
+# Setup ENC
+require_package('python3-yaml', 'python3-ldap3')
+
+include ldap::yamlcreds
+
+file { '/etc/puppet-enc.yaml':
+content => ordered_yaml({
+host => hiera('labs_puppet_master'),
+}),
+mode=> '0444',
+owner   => 'root',
+group   => 'root',
+}
+
+file { '/usr/local/bin/puppet-enc':
+source => 'puppet:///modules/role/labs/puppet-enc.py',
+mode   => '0555',
+owner  => 'root',
+group  => 'root',
+}
+
+$encconfig = {
+'node_terminus'  => 'exec',
+'external_nodes' => '/usr/local/bin/puppet-enc',
+}
+} else {
+$encconfig = {
+'ldapserver'=> $ldapconfig['servernames'][0],
+'ldapbase'  => "ou=hosts,${basedn}",
+'ldapstring'=> 
'(&(objectclass=puppetClient)(associatedDomain=%s))',
+'ldapuser'  => $ldapconfig['proxyagent'],
+'ldappassword'  => $ldapconfig['proxypass'],
+'ldaptls'   => true,
+'node_terminus' => 'ldap'
+}
 }
 
 # Allow access from everywhere! Use certificates to

-- 
To view, visit https://gerrit.wikimedia.org/r/311751
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I5d843edfdb62e1eb063316dab73836ae7ffed2ec
Gerrit-PatchSet: 3
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Yuvipanda 
Gerrit-Reviewer: Yuvipanda 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: labs: Setup the standalone puppetmaster to use ENC

2016-09-20 Thread Yuvipanda (Code Review) 
Yuvipanda has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/311751

Change subject: labs: Setup the standalone puppetmaster to use ENC
..

labs: Setup the standalone puppetmaster to use ENC

Change-Id: I5d843edfdb62e1eb063316dab73836ae7ffed2ec
---
M modules/role/manifests/puppetmaster/standalone.pp
1 file changed, 37 insertions(+), 8 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/51/311751/1

diff --git a/modules/role/manifests/puppetmaster/standalone.pp 
b/modules/role/manifests/puppetmaster/standalone.pp
index 00ee13b..073b689 100644
--- a/modules/role/manifests/puppetmaster/standalone.pp
+++ b/modules/role/manifests/puppetmaster/standalone.pp
@@ -14,20 +14,49 @@
 #  use this, and will have to sign manually.
 class role::puppetmaster::standalone(
 $autosign = false,
+$use_enc = false,
 ) {
 include ldap::role::config::labs
 
 $ldapconfig = $ldap::role::config::labs::ldapconfig
 $basedn = $ldapconfig['basedn']
 
-$encconfig = {
-'ldapserver'=> $ldapconfig['servernames'][0],
-'ldapbase'  => "ou=hosts,${basedn}",
-'ldapstring'=> 
'(&(objectclass=puppetClient)(associatedDomain=%s))',
-'ldapuser'  => $ldapconfig['proxyagent'],
-'ldappassword'  => $ldapconfig['proxypass'],
-'ldaptls'   => true,
-'node_terminus' => 'ldap'
+if $use_enc {
+# Setup ENC
+require_package('python3-yaml', 'python3-ldap3')
+
+include ldap::yamlcreds
+
+file { '/etc/puppet-enc.yaml':
+content => ordered_yaml({
+host => hiera('labs_puppet_master'),
+}),
+mode=> '0444',
+owner   => 'root',
+group   => 'root',
+}
+
+file { '/usr/local/bin/puppet-enc':
+source => 'puppet:///modules/role/labs/puppet-enc.py',
+mode   => '0555',
+owner  => 'root',
+group  => 'root',
+}
+
+$encconfig = {
+'node_terminus'  => 'exec',
+'external_nodes' => '/usr/local/bin/puppet-enc',
+}
+} else {
+$encconfig = {
+'ldapserver'=> $ldapconfig['servernames'][0],
+'ldapbase'  => "ou=hosts,${basedn}",
+'ldapstring'=> 
'(&(objectclass=puppetClient)(associatedDomain=%s))',
+'ldapuser'  => $ldapconfig['proxyagent'],
+'ldappassword'  => $ldapconfig['proxypass'],
+'ldaptls'   => true,
+'node_terminus' => 'ldap'
+}
 }
 
 # Allow access from everywhere! Use certificates to

-- 
To view, visit https://gerrit.wikimedia.org/r/311751
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I5d843edfdb62e1eb063316dab73836ae7ffed2ec
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Yuvipanda 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits