summaryrefslogtreecommitdiff
path: root/manifests
diff options
context:
space:
mode:
authorkwadronaut <kwadronaut@leap.se>2016-07-25 00:44:22 +0200
committerkwadronaut <kwadronaut@leap.se>2016-07-25 00:44:22 +0200
commit30bc1e889dd0042132c4da21b94780c5a530b67c (patch)
treee430d45f553364c232626961df1647052166169d /manifests
parentc0d2832dff7fb14e056a49b28860087b2f201619 (diff)
parent8c1aac4f23d245cda54994737c72a868d112db87 (diff)
mixed up trocla and puppet_trocla repos, sorryHEADmaster
Diffstat (limited to 'manifests')
-rw-r--r--manifests/ca/params.pp11
-rw-r--r--manifests/config.pp61
-rw-r--r--manifests/master.pp22
-rw-r--r--manifests/master/hiera.pp6
-rw-r--r--manifests/params.pp6
-rw-r--r--manifests/yaml.pp41
6 files changed, 147 insertions, 0 deletions
diff --git a/manifests/ca/params.pp b/manifests/ca/params.pp
new file mode 100644
index 0000000..437e990
--- /dev/null
+++ b/manifests/ca/params.pp
@@ -0,0 +1,11 @@
+# input for a ca from trocla, so that you need only
+#
+# trocla('some_ca','x509',$trocla::ca::params::ca_options)
+class trocla::ca::params(
+ $trocla_options = {
+ 'profiles' => ['sysdomain_nc','x509veryverylong'],
+ 'CN' => "automated-ca ${name} for ${::domain}",
+ },
+) {
+ $ca_options = merge($trocla_options,{ become_ca => true, render => { certonly => true }})
+}
diff --git a/manifests/config.pp b/manifests/config.pp
new file mode 100644
index 0000000..8c52db7
--- /dev/null
+++ b/manifests/config.pp
@@ -0,0 +1,61 @@
+#Installs configuration files for the trocla agent/CLI
+#
+#Options
+# [*options*] Options for trocla. Default: empty hash.
+# [*profiles*] Profiles for trocla. Default: empty hash.
+# [*x509_profile_domain_constraint*]
+# A profile for x509 name constraint that matches
+# the own domain by default.
+# This will add a profile for x509 certs with the
+# option 'name_constraints' set to this array of
+# domains.
+# [*store*] Defines the store to be used for trocla. By default
+# it's not set, meaning trocla's default (moneta) will
+# be used.
+# [*store_options*] This will contain a hash of the options to pass the
+# trocla store configuration.
+# [*encryption*] Defines the encryption method for password stored in
+# the backend. By default it's not set, meaning trocla's
+# default (none) will be used.
+# [*encryption_options*] This will contain a hash of the options for the
+# encryption. Default: empty Hash
+# [*manage_dependencies*] Whether to manage the dependencies or not.
+# Default *true*
+class trocla::config (
+ $options = {},
+ $profiles = {},
+ $x509_profile_domain_constraints = [$::domain],
+ $store = undef,
+ $store_options = {},
+ $encryption = undef,
+ $encryption_options = {},
+ $manage_dependencies = true,
+) {
+ include ::trocla::params
+ if $manage_dependencies {
+ require ::trocla::master
+ }
+
+ if empty($x509_profile_domain_constraints) {
+ $merged_profiles = $profiles
+ } else {
+ $default_profiles = {
+ "${trocla::params::sysdomain_profile_name}" => {
+ name_constraints => $x509_profile_domain_constraints
+ }
+ }
+ $merged_profiles = merge($default_profiles,$profiles)
+ }
+
+ # Deploy default config file and link it for trocla cli lookup
+ file{
+ "${settings::confdir}/troclarc.yaml":
+ content => template('trocla/troclarc.yaml.erb'),
+ owner => root,
+ group => puppet,
+ mode => '0640';
+ '/etc/troclarc.yaml':
+ ensure => link,
+ target => "${settings::confdir}/troclarc.yaml";
+ }
+}
diff --git a/manifests/master.pp b/manifests/master.pp
new file mode 100644
index 0000000..43e203d
--- /dev/null
+++ b/manifests/master.pp
@@ -0,0 +1,22 @@
+# Class: trocla::master
+#
+# This module manages the necessary things for trocla on a master.
+#
+class trocla::master (
+ $provider = 'default',
+) {
+ package {'trocla':
+ ensure => 'installed',
+ }
+
+ if $provider != 'default' {
+ Package['trocla']{
+ provider => $provider,
+ }
+ }
+ if $provider != 'gem' and $::osfamily == 'RedHat' {
+ Package['trocla']{
+ name => 'rubygem-trocla'
+ }
+ }
+}
diff --git a/manifests/master/hiera.pp b/manifests/master/hiera.pp
new file mode 100644
index 0000000..75b8bb3
--- /dev/null
+++ b/manifests/master/hiera.pp
@@ -0,0 +1,6 @@
+# manage trocla/hiera integration
+class trocla::master::hiera {
+ package{'rubygem-hiera-backend-trocla':
+ ensure => present,
+ }
+}
diff --git a/manifests/params.pp b/manifests/params.pp
new file mode 100644
index 0000000..f99aa2a
--- /dev/null
+++ b/manifests/params.pp
@@ -0,0 +1,6 @@
+# a set of default params for various trocla usages
+class trocla::params(
+ $sysdomain_profile_name = 'sysdomain_nc'
+){
+
+}
diff --git a/manifests/yaml.pp b/manifests/yaml.pp
new file mode 100644
index 0000000..7727219
--- /dev/null
+++ b/manifests/yaml.pp
@@ -0,0 +1,41 @@
+# A class for an eady start with trocla.
+# This will install and configure trocla with the
+# default yaml storage.
+#
+# [*data_file*] Where to store the passwords.
+# Default: /var/lib/trocla/trocla_data.yaml
+# This should be managed using the package.
+class trocla::yaml(
+ $manage_data_dir = true,
+ $data_file = '/var/lib/trocla/trocla_data.yaml',
+) {
+
+ class{'trocla::config':
+ store => 'moneta',
+ store_options => {
+ adapter => 'YAML',
+ adapter_options => {
+ file => $data_file,
+ },
+ },
+ }
+
+ if $manage_data_dir {
+ $data_dir = dirname($data_file)
+ file{$data_dir:
+ ensure => directory,
+ owner => puppet,
+ group => 0,
+ mode => '0600',
+ require => Package['trocla'];
+ }
+ }
+ file{
+ $data_file:
+ ensure => file,
+ owner => puppet,
+ group => 0,
+ mode => '0600',
+ require => Package['trocla'];
+ }
+}