diff --git a/manifests/site.pp b/manifests/site.pp index e0f0d4fea1..f21c2c38de 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -160,11 +160,12 @@ node 'ci-puppetmaster.openstack.org' { node 'puppetmaster.openstack.org' { class { 'openstack_project::puppetmaster': - root_rsa_key => hiera('puppetmaster_root_rsa_key'), - salt => false, - update_slave => false, - sysadmins => hiera('sysadmins'), - version => '3.4.', + root_rsa_key => hiera('puppetmaster_root_rsa_key'), + salt => false, + update_slave => false, + sysadmins => hiera('sysadmins'), + version => '3.4.', + ca_server => 'ci-puppetmaster.openstack.org', } } diff --git a/modules/openstack_project/manifests/base.pp b/modules/openstack_project/manifests/base.pp index ff1651e276..0557707088 100644 --- a/modules/openstack_project/manifests/base.pp +++ b/modules/openstack_project/manifests/base.pp @@ -5,6 +5,7 @@ class openstack_project::base( $install_users = true, $pin_puppet = '2.7.', $pin_facter = '1.', + $ca_server = undef, ) { if ($::osfamily == 'Debian') { include apt diff --git a/modules/openstack_project/manifests/puppetmaster.pp b/modules/openstack_project/manifests/puppetmaster.pp index 178053c602..8f9ea35133 100644 --- a/modules/openstack_project/manifests/puppetmaster.pp +++ b/modules/openstack_project/manifests/puppetmaster.pp @@ -7,6 +7,7 @@ class openstack_project::puppetmaster ( $update_slave = true, $sysadmins = [], $version = '2.7.', + $ca_server = undef, ) { include logrotate include openstack_project::params @@ -15,6 +16,7 @@ class openstack_project::puppetmaster ( iptables_public_tcp_ports => [4505, 4506, 8140], sysadmins => $sysadmins, pin_puppet => $version, + ca_server => $ca_server, } if ($salt) { diff --git a/modules/openstack_project/manifests/server.pp b/modules/openstack_project/manifests/server.pp index f48f45604a..fb0c09e612 100644 --- a/modules/openstack_project/manifests/server.pp +++ b/modules/openstack_project/manifests/server.pp @@ -9,6 +9,7 @@ class openstack_project::server ( $sysadmins = [], $certname = $::fqdn, $pin_puppet = '2.7.', + $ca_server = undef, ) { class { 'openstack_project::template': iptables_public_tcp_ports => $iptables_public_tcp_ports, @@ -17,6 +18,7 @@ class openstack_project::server ( iptables_rules6 => $iptables_rules6, certname => $certname, pin_puppet => $pin_puppet, + ca_server => $ca_server, } class { 'exim': sysadmin => $sysadmins, diff --git a/modules/openstack_project/manifests/template.pp b/modules/openstack_project/manifests/template.pp index 507d687120..e51b27ad7f 100644 --- a/modules/openstack_project/manifests/template.pp +++ b/modules/openstack_project/manifests/template.pp @@ -8,10 +8,11 @@ class openstack_project::template ( $iptables_rules4 = [], $iptables_rules6 = [], $pin_puppet = '2.7.', - $install_users = true, - $install_resolv_conf = true, - $automatic_upgrades = true, - $certname = $::fqdn + $install_users = true, + $install_resolv_conf = true, + $automatic_upgrades = true, + $certname = $::fqdn, + $ca_server = undef, ) { include ssh include snmpd @@ -32,6 +33,7 @@ class openstack_project::template ( install_users => $install_users, certname => $certname, pin_puppet => $pin_puppet, + ca_server => $ca_server, } package { 'lvm2': diff --git a/modules/openstack_project/templates/puppet.conf.erb b/modules/openstack_project/templates/puppet.conf.erb index 51ee09500d..c1c3379069 100644 --- a/modules/openstack_project/templates/puppet.conf.erb +++ b/modules/openstack_project/templates/puppet.conf.erb @@ -18,6 +18,10 @@ manifestdir=/opt/config/$environment/manifests modulepath=/opt/config/$environment/modules:/etc/puppet/modules manifest=$manifestdir/site.pp reports=store,puppetdb +<% if @ca_server -%> +ca = false +ca_server = <%= @ca_server %> +<% end -%> [agent] report=true