Allow site.pp to manage ca and ca_sever in puppet.conf

This allows us to set ca = false and ca_server = <fqdn> on the
new puppet 3 master.

Change-Id: Iba189bdc4bfb22fd23052f2570f52133ea184126
This commit is contained in:
Spencer Krum 2014-07-02 14:34:36 -07:00
parent 6adda92be8
commit b65a2d3afc
6 changed files with 21 additions and 9 deletions

View File

@ -160,11 +160,12 @@ node 'ci-puppetmaster.openstack.org' {
node 'puppetmaster.openstack.org' { node 'puppetmaster.openstack.org' {
class { 'openstack_project::puppetmaster': class { 'openstack_project::puppetmaster':
root_rsa_key => hiera('puppetmaster_root_rsa_key'), root_rsa_key => hiera('puppetmaster_root_rsa_key'),
salt => false, salt => false,
update_slave => false, update_slave => false,
sysadmins => hiera('sysadmins'), sysadmins => hiera('sysadmins'),
version => '3.4.', version => '3.4.',
ca_server => 'ci-puppetmaster.openstack.org',
} }
} }

View File

@ -5,6 +5,7 @@ class openstack_project::base(
$install_users = true, $install_users = true,
$pin_puppet = '2.7.', $pin_puppet = '2.7.',
$pin_facter = '1.', $pin_facter = '1.',
$ca_server = undef,
) { ) {
if ($::osfamily == 'Debian') { if ($::osfamily == 'Debian') {
include apt include apt

View File

@ -7,6 +7,7 @@ class openstack_project::puppetmaster (
$update_slave = true, $update_slave = true,
$sysadmins = [], $sysadmins = [],
$version = '2.7.', $version = '2.7.',
$ca_server = undef,
) { ) {
include logrotate include logrotate
include openstack_project::params include openstack_project::params
@ -15,6 +16,7 @@ class openstack_project::puppetmaster (
iptables_public_tcp_ports => [4505, 4506, 8140], iptables_public_tcp_ports => [4505, 4506, 8140],
sysadmins => $sysadmins, sysadmins => $sysadmins,
pin_puppet => $version, pin_puppet => $version,
ca_server => $ca_server,
} }
if ($salt) { if ($salt) {

View File

@ -9,6 +9,7 @@ class openstack_project::server (
$sysadmins = [], $sysadmins = [],
$certname = $::fqdn, $certname = $::fqdn,
$pin_puppet = '2.7.', $pin_puppet = '2.7.',
$ca_server = undef,
) { ) {
class { 'openstack_project::template': class { 'openstack_project::template':
iptables_public_tcp_ports => $iptables_public_tcp_ports, iptables_public_tcp_ports => $iptables_public_tcp_ports,
@ -17,6 +18,7 @@ class openstack_project::server (
iptables_rules6 => $iptables_rules6, iptables_rules6 => $iptables_rules6,
certname => $certname, certname => $certname,
pin_puppet => $pin_puppet, pin_puppet => $pin_puppet,
ca_server => $ca_server,
} }
class { 'exim': class { 'exim':
sysadmin => $sysadmins, sysadmin => $sysadmins,

View File

@ -8,10 +8,11 @@ class openstack_project::template (
$iptables_rules4 = [], $iptables_rules4 = [],
$iptables_rules6 = [], $iptables_rules6 = [],
$pin_puppet = '2.7.', $pin_puppet = '2.7.',
$install_users = true, $install_users = true,
$install_resolv_conf = true, $install_resolv_conf = true,
$automatic_upgrades = true, $automatic_upgrades = true,
$certname = $::fqdn $certname = $::fqdn,
$ca_server = undef,
) { ) {
include ssh include ssh
include snmpd include snmpd
@ -32,6 +33,7 @@ class openstack_project::template (
install_users => $install_users, install_users => $install_users,
certname => $certname, certname => $certname,
pin_puppet => $pin_puppet, pin_puppet => $pin_puppet,
ca_server => $ca_server,
} }
package { 'lvm2': package { 'lvm2':

View File

@ -18,6 +18,10 @@ manifestdir=/opt/config/$environment/manifests
modulepath=/opt/config/$environment/modules:/etc/puppet/modules modulepath=/opt/config/$environment/modules:/etc/puppet/modules
manifest=$manifestdir/site.pp manifest=$manifestdir/site.pp
reports=store,puppetdb reports=store,puppetdb
<% if @ca_server -%>
ca = false
ca_server = <%= @ca_server %>
<% end -%>
[agent] [agent]
report=true report=true