configuring hieradata for puppet server role

2020-02-04 10:30:19 +00:00 · 2020-02-04 10:30:19 +00:00 · b134faf785
commit b134faf785
parent 1641236af1
8 changed files with 41 additions and 19 deletions
--- a/data/common.yaml
+++ b/data/common.yaml
@ -1,2 +1,3 @@
 ---
 message: "This node is using common data"
+profiles::base::dns::nameservers: 8.8.8.8
--- a/data/nodes/puppet.home.yaml
+++ b/data/nodes/puppet.home.yaml
@ -0,0 +1,4 @@
+---
+profile::puppetserver::authority: true
+profile::puppetserver::authority::jwt_secret: "koHc5pzVSVpJhijthem3zT8WXN8="
+profile::puppetserver::authority::validity: 7200
--- a/hiera.yaml
+++ b/hiera.yaml
@ -5,8 +5,18 @@ defaults:
  datadir: "data"

 hierarchy:
-  - name: "Yaml backend"
+  - name: "Secret data: per-node, common"
+    lookup_key: eyaml_lookup_key # eyaml backend
+    paths:
+      - "secrets/node/%{trusted.certname}.eyaml"
+      - "secrets/role/%{trusted.extensions.pp_role}.eyaml"
+      - "common.eyaml"
+    options:
+      pkcs7_private_key: /etc/puppetlabs/puppet/eyaml/private_key.pkcs7.pem
+      pkcs7_public_key:  /etc/puppetlabs/puppet/eyaml/public_key.pkcs7.pem
+  - name: "Yaml backend Data"
    data_hash: yaml_data
    paths:
      - "nodes/%{trusted.certname}.yaml"
+      - "role/%{trusted.extensions.pp_role}.yaml"
      - "common.yaml"
--- a/site-modules/profile/manifests/puppet.pp
+++ b/site-modules/profile/manifests/puppet.pp
@ -1,11 +0,0 @@
-class profile::puppet (
-  Boolean $puppetserver = true,
-  Boolean $authority    = true,
-) {
-  if $puppetserver {
-    class { '::profile::puppet::puppetserver': }
-  }
-  if $authority {
-    class { '::profile::puppet::authority': }
-  }
-}
--- a/site-modules/profile/manifests/puppetserver.pp
+++ b/site-modules/profile/manifests/puppetserver.pp
@ -0,0 +1,11 @@
+class profile::puppetserver (
+  Boolean $puppetserver = true,
+  Boolean $authority    = false,
+) {
+  if $puppetserver {
+    class { '::profile::puppetserver::bootstrap': }
+  }
+  if $authority {
+    class { '::profile::puppetserver::authority': }
+  }
+}
--- a/site-modules/profile/manifests/puppetserver/authority.pp
+++ b/site-modules/profile/manifests/puppetserver/authority.pp
@ -1,5 +1,12 @@
-class profile::puppet::authority {
+class profile::puppetserver::authority (

+  String $jwt_secret = 'undef',
+  String $loglevel   = 'info',
+  Integer $validity  = '0',
+  String $ensure     = 'latest',
+  Hash $config       = {},
+  Hash $jwt_token    = {},
+) {
  ini_setting { 'policy-based autosigning':
    setting => 'autosign',
    path    => "${settings::confdir}/puppet.conf",
@ -9,14 +16,14 @@ class profile::puppet::authority {
  }

  class { ::autosign:
-    ensure => 'latest',
+    ensure => "$ensure",
    config => {
      'general' => {
-        'loglevel' => 'INFO',
+        'loglevel' => "$loglevel",
      },
      'jwt_token' => {
-        'secret'   => 'koHc5pzVSVpJhijthem3zT8WXN8=',
-        'validity' => '0',
+        'secret'   => "$jwt_secret",
+        'validity' => "$validity",
      }
    },
  }
--- a/site-modules/profile/manifests/puppetserver/bootstrap.pp
+++ b/site-modules/profile/manifests/puppetserver/bootstrap.pp
@ -1,4 +1,4 @@
-class profile::puppet::puppetserver {
+class profile::puppetserver::bootstrap {

  ini_setting { 'hiera_config':
    ensure => present,
--- a/site-modules/role/manifests/puppetserver.pp
+++ b/site-modules/role/manifests/puppetserver.pp
@ -1,6 +1,6 @@
 class role::puppetserver {

  include profile::base
-  include profile::puppet
+  include profile::puppetserver

 }