setting up the wonderful cisbench and facter cache modules for securing my platforms in a lovely way

2020-03-06 10:29:43 +00:00 · 2020-03-06 10:29:43 +00:00 · 5985bd1450
commit 5985bd1450
parent a9aa405a51
5 changed files with 6 additions and 7 deletions
--- a/1
+++ b/1
@ -36,7 +36,6 @@ mod 'fervid-secure_linux_cis', '2.1.10'
 mod 'puppetlabs-puppet_metrics_collector', '5.3.0'
 mod 'puppetlabs-puppet_metrics_dashboard', '2.0.1'
 mod 'dylanratcliffe-facter_cache', '1.2.0'
-mod 'fervid-secure_linux_cis', '2.1.10'

 # Modules from Git
 # Examples: https://github.com/puppetlabs/r10k/blob/master/doc/puppetfile.mkd#examples
--- a/data/nodes/peadm-01.pe.yaml
+++ b/data/nodes/peadm-01.pe.yaml
@ -1,3 +1,3 @@
 ---
-profile::puppetserver::authority: true
-profile::puppetserver::authority::validity: 7200
+profile::puppetserver::authority: false
+profile::puppetserver::authority::validity: '7200'
--- a/data/secrets/node/peadm-01.pe.eyaml
+++ b/data/secrets/node/peadm-01.pe.eyaml
@ -0,0 +1,2 @@
+---
+profile::puppetserver::authority::jwt_secret: ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAEca4yGi5jZP7UAvhiEFDuAXXRHWwbwNz3Dj+/4nRYtZ0jbNWPh3VTT+XBZKCgeQcV3oTy3j3n0Ed4XzEYHZ8zM+ZPQ2m2En9qTzOJ8Fn4Kq2FxgTimjdqCKSLcQMcgzDDT45Gk4JjS/u6G4Vi1LrEdMf80TFcOCwvCq/ZZyzimmbCziW81kQ3tcdbY9yxkqJg8AGfRK5abF88M3R9DqsRcmKbnzwsYFfEUXUbuMdYSvQxAe4UyXYrM9GHNxjts+2WM431WXdX89DoMKsqJ4PulMub8TaXXQkxCvLmducz8mXh0s9AsSlx/DMOImIZTUdGdwS67xeCcc9Fq/omWO2bjBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBDx6u7YJTvRc0DlRtxtNoBAgCAqanEu5repqqcLyk+iuRi2Dw+4+/+7FCRKo6GT5SlB1A==]
--- a/data/secrets/node/peadm-01.pe.yaml
+++ b/data/secrets/node/peadm-01.pe.yaml
@ -1,2 +0,0 @@
---
-profile::puppetserver::authority::jwt_secret: "ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAnLKlgSOslWvpo+tVP2Fd/ITPkWLc7GM2cXd3bI8tB2PqsnEDOfWYFh8Pp58nzOZTPomTVxtQ0ptud6A+VhGbQ55P5ha9GzW9Pra5q0pQEsoGjJQhLKVsbLlivYN5j+W0pfR3hAr6NgKVBX0qwESOAKKIrYth34qH7Fsrk19VDKLOUJPSbVCajwwbUdj3s0j+8k3CCkey8+FmzTDeqjNGDDMmSxcWAySfX0LfZI3GGgJDfHgo3HDia3MiN0PLfNIOpeIFWRgWnzNrzHbt3RnEV7HIp1R+W2lyr/OWCGgBPco6t7oddqk9n3i35/0pxTsKmZEjasZyNvf51/PNwKK2VjBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBAaFxUesvj7c9N47ru3WWyugCDAjwhS8BqA1n37yWGIGNCrdfQDUDr/dBMZTbmaoLAKLg==]"
--- a/site-modules/profile/manifests/puppetserver/authority.pp
+++ b/site-modules/profile/manifests/puppetserver/authority.pp
@ -2,7 +2,7 @@ class profile::puppetserver::authority (

  String $jwt_secret = 'undef',
  String $loglevel   = 'info',
-  Integer $validity  = '0',
+  String $validity   = '0',
  String $ensure     = 'latest',
  Hash $config       = {},
  Hash $jwt_token    = {},
@ -22,7 +22,7 @@ class profile::puppetserver::authority (
        loglevel => $loglevel,
      },
      jwt_token => {
-        secret   => \"$jwt_secret\",
+        secret   => $jwt_secret,
        validity => $validity,
      }
    },