subject:"\[MediaWiki\-commits\] \[Gerrit\] operations\/puppet\[production\]\: puppet\: Add option to use newer ENC"

[MediaWiki-commits] [Gerrit] operations/puppet[production]: puppet: Add option to use newer ENC

2016-09-20 Thread Yuvipanda (Code Review)

Yuvipanda has submitted this change and it was merged.

Change subject: puppet: Add option to use newer ENC
..


puppet: Add option to use newer ENC

I hate this module. Mostly duplicating work from the labs
puppetmaster role.

Bug: T91990
Change-Id: I154812b3a44badfbc88ac636ce5cb58a0a5a1c8a
---
M modules/puppet/manifests/self/config.pp
1 file changed, 33 insertions(+), 12 deletions(-)

Approvals:
  Yuvipanda: Verified; Looks good to me, approved



diff --git a/modules/puppet/manifests/self/config.pp 
b/modules/puppet/manifests/self/config.pp
index 33edbf4..7c75fe0 100644
--- a/modules/puppet/manifests/self/config.pp
+++ b/modules/puppet/manifests/self/config.pp
@@ -18,24 +18,45 @@
 $puppet_client_subnet = undef,
 $certname = $::fqdn,
 $autosign = hiera('puppetmaster::autosigner', false),
+$use_enc  = false,
 ) {
-include ldap::role::config::labs
+if $use_enc {
+require_package('python3-yaml', 'python3-ldap3')
 
-$ldapconfig = $ldap::role::config::labs::ldapconfig
-$basedn = $ldapconfig['basedn']
+include ldap::yamlcreds
 
+file { '/usr/local/bin/puppet-enc':
+source => 'puppet:///modules/role/labs/puppet-enc.py',
+mode   => '0555',
+owner  => 'root',
+group  => 'root',
+}
 
-$config = {
-'node_terminus' => 'ldap',
-'ldapserver'=> $ldapconfig['servernames'][0],
-'ldapbase'  => "ou=hosts,${basedn}",
-'ldapstring'=> 
'(&(objectclass=puppetClient)(associatedDomain=%s))',
-'ldapuser'  => $ldapconfig['proxyagent'],
-'ldappassword'  => $ldapconfig['proxypass'],
-'ldaptls'   => true,
+$encconfig = {
+'node_terminus'  => 'exec',
+'external_nodes' => '/usr/local/bin/puppet-enc',
+}
+} else {
+include ldap::role::config::labs
+
+$ldapconfig = $ldap::role::config::labs::ldapconfig
+$basedn = $ldapconfig['basedn']
+
+$encconfig = {
+'node_terminus' => 'ldap',
+'ldapserver'=> $ldapconfig['servernames'][0],
+'ldapbase'  => "ou=hosts,${basedn}",
+'ldapstring'=> 
'(&(objectclass=puppetClient)(associatedDomain=%s))',
+'ldapuser'  => $ldapconfig['proxyagent'],
+'ldappassword'  => $ldapconfig['proxypass'],
+'ldaptls'   => true,
+}
+}
+
+$config = merge($encconfig, {
 'dbadapter' => 'sqlite3',
 'autosign'  => $autosign
-}
+})
 
 
 # This is set to something different than the default

-- 
To view, visit https://gerrit.wikimedia.org/r/310952
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I154812b3a44badfbc88ac636ce5cb58a0a5a1c8a
Gerrit-PatchSet: 5
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Yuvipanda 
Gerrit-Reviewer: Yuvipanda 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: puppet: Add option to use newer ENC

2016-09-15 Thread Yuvipanda (Code Review)

Yuvipanda has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/310952

Change subject: puppet: Add option to use newer ENC
..

puppet: Add option to use newer ENC

I hate this module. Mostly duplicating work from the labs
puppetmaster role.

Bug: T91990
Change-Id: I154812b3a44badfbc88ac636ce5cb58a0a5a1c8a
---
M modules/puppet/manifests/self/config.pp
1 file changed, 32 insertions(+), 11 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/52/310952/1

diff --git a/modules/puppet/manifests/self/config.pp 
b/modules/puppet/manifests/self/config.pp
index 33edbf4..9977d15 100644
--- a/modules/puppet/manifests/self/config.pp
+++ b/modules/puppet/manifests/self/config.pp
@@ -18,21 +18,42 @@
 $puppet_client_subnet = undef,
 $certname = $::fqdn,
 $autosign = hiera('puppetmaster::autosigner', false),
+$use_enc  = false,
 ) {
-include ldap::role::config::labs
+if $use_enc {
+require_package('python3-yaml', 'python3-ldap3')
 
-$ldapconfig = $ldap::role::config::labs::ldapconfig
-$basedn = $ldapconfig['basedn']
+include ldap::yamlcreds
 
+file { '/usr/local/bin/puppet-enc':
+source => 'puppet:///modules/role/labs/puppet-enc.py',
+mode   => '0555',
+owner  => 'root',
+group  => 'root',
+}
 
-$config = {
-'node_terminus' => 'ldap',
-'ldapserver'=> $ldapconfig['servernames'][0],
-'ldapbase'  => "ou=hosts,${basedn}",
-'ldapstring'=> 
'(&(objectclass=puppetClient)(associatedDomain=%s))',
-'ldapuser'  => $ldapconfig['proxyagent'],
-'ldappassword'  => $ldapconfig['proxypass'],
-'ldaptls'   => true,
+$encconfig = {
+'node_terminus'  => 'exec',
+'external_nodes' => '/usr/local/bin/puppet-enc',
+}
+} else {
+include ldap::role::config::labs
+
+$ldapconfig = $ldap::role::config::labs::ldapconfig
+$basedn = $ldapconfig['basedn']
+
+$encconfig = {
+'node_terminus' => 'ldap',
+'ldapserver'=> $ldapconfig['servernames'][0],
+'ldapbase'  => "ou=hosts,${basedn}",
+'ldapstring'=> 
'(&(objectclass=puppetClient)(associatedDomain=%s))',
+'ldapuser'  => $ldapconfig['proxyagent'],
+'ldappassword'  => $ldapconfig['proxypass'],
+'ldaptls'   => true,
+}
+}
+
+$config = merge($encconfig, {
 'dbadapter' => 'sqlite3',
 'autosign'  => $autosign
 }

-- 
To view, visit https://gerrit.wikimedia.org/r/310952
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I154812b3a44badfbc88ac636ce5cb58a0a5a1c8a
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Yuvipanda 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: puppet: Add option to use newer ENC

[MediaWiki-commits] [Gerrit] operations/puppet[production]: puppet: Add option to use newer ENC

2 matches

Site Navigation

Mail list logo

Footer information