From 8ca75f6d074b83ee48d9ce713cdb3e28e57d2cf8 Mon Sep 17 00:00:00 2001 From: mh Date: Thu, 28 Jan 2016 00:55:26 +0100 Subject: update module to make it work with all the new features of trocla 0.2.2 --- manifests/ca/params.pp | 11 +++++++++ manifests/config.pp | 63 ++++++++++++++++++++++++++++++----------------- manifests/master.pp | 13 ++++++---- manifests/master/hiera.pp | 6 +++++ manifests/master/ree.pp | 13 ---------- manifests/params.pp | 6 +++++ manifests/yaml.pp | 22 +++++++---------- 7 files changed, 81 insertions(+), 53 deletions(-) create mode 100644 manifests/ca/params.pp create mode 100644 manifests/master/hiera.pp delete mode 100644 manifests/master/ree.pp create mode 100644 manifests/params.pp (limited to 'manifests') diff --git a/manifests/ca/params.pp b/manifests/ca/params.pp new file mode 100644 index 0000000..bb61248 --- /dev/null +++ b/manifests/ca/params.pp @@ -0,0 +1,11 @@ +# input for a ca from trocla, so that you need only +# +# trocla('some_ca','x509',$trocla::ca::params::ca_options) +class trocla::ca::params( + $trocla_options = { + 'profiles' => ['sysdomain_nc','x509long'], + 'CN' => "automated-ca ${name} for ${::domain}", + }, +) { + $ca_options = merge($trocla_options,{ become_ca => true, render => { certonly => true }}) +} diff --git a/manifests/config.pp b/manifests/config.pp index 7b23a3e..8c52db7 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -1,35 +1,55 @@ #Installs configuration files for the trocla agent/CLI # #Options -# [*adapter*] Defines the adapter type to use for trocla agent. -# By default it's YAML -# [*adapter_options*] This will contain a hash of the adapter options to pass the -# trocla configuration. -# [*encryption*] Defines the encryption method for password stored in the backend. -# By default no encryption is used. -# [*ssl_options*] This will contain a hash of the ssl options to pass the -# trocla configuration. -# [*password_length*] Define the length of default passwords to create. 16 by default -# [*random_passwords*] Should trocla generate random passwords -# if none can be found. *true* by default. -# [*manage_dependencies*] Whether to manage the dependencies or not. Default *true* +# [*options*] Options for trocla. Default: empty hash. +# [*profiles*] Profiles for trocla. Default: empty hash. +# [*x509_profile_domain_constraint*] +# A profile for x509 name constraint that matches +# the own domain by default. +# This will add a profile for x509 certs with the +# option 'name_constraints' set to this array of +# domains. +# [*store*] Defines the store to be used for trocla. By default +# it's not set, meaning trocla's default (moneta) will +# be used. +# [*store_options*] This will contain a hash of the options to pass the +# trocla store configuration. +# [*encryption*] Defines the encryption method for password stored in +# the backend. By default it's not set, meaning trocla's +# default (none) will be used. +# [*encryption_options*] This will contain a hash of the options for the +# encryption. Default: empty Hash +# [*manage_dependencies*] Whether to manage the dependencies or not. +# Default *true* class trocla::config ( - $adapter = 'YAML', - $password_length = 16, - $random_passwords = true, - $adapter_options = {}, - $encryption = undef, - $ssl_options = {}, - $manage_dependencies = true, + $options = {}, + $profiles = {}, + $x509_profile_domain_constraints = [$::domain], + $store = undef, + $store_options = {}, + $encryption = undef, + $encryption_options = {}, + $manage_dependencies = true, ) { + include ::trocla::params if $manage_dependencies { - require trocla::master + require ::trocla::master + } + + if empty($x509_profile_domain_constraints) { + $merged_profiles = $profiles + } else { + $default_profiles = { + "${trocla::params::sysdomain_profile_name}" => { + name_constraints => $x509_profile_domain_constraints + } + } + $merged_profiles = merge($default_profiles,$profiles) } # Deploy default config file and link it for trocla cli lookup file{ "${settings::confdir}/troclarc.yaml": - ensure => present, content => template('trocla/troclarc.yaml.erb'), owner => root, group => puppet, @@ -38,5 +58,4 @@ class trocla::config ( ensure => link, target => "${settings::confdir}/troclarc.yaml"; } - } diff --git a/manifests/master.pp b/manifests/master.pp index ad47914..43e203d 100644 --- a/manifests/master.pp +++ b/manifests/master.pp @@ -3,15 +3,18 @@ # This module manages the necessary things for trocla on a master. # class trocla::master ( - $provider = gem, + $provider = 'default', ) { - #Main trocla install package {'trocla': - ensure => present, - provider => $provider, + ensure => 'installed', } - if $provider != 'gem' { + if $provider != 'default' { + Package['trocla']{ + provider => $provider, + } + } + if $provider != 'gem' and $::osfamily == 'RedHat' { Package['trocla']{ name => 'rubygem-trocla' } diff --git a/manifests/master/hiera.pp b/manifests/master/hiera.pp new file mode 100644 index 0000000..75b8bb3 --- /dev/null +++ b/manifests/master/hiera.pp @@ -0,0 +1,6 @@ +# manage trocla/hiera integration +class trocla::master::hiera { + package{'rubygem-hiera-backend-trocla': + ensure => present, + } +} diff --git a/manifests/master/ree.pp b/manifests/master/ree.pp deleted file mode 100644 index bf2c400..0000000 --- a/manifests/master/ree.pp +++ /dev/null @@ -1,13 +0,0 @@ -# Class: trocla::master::ree -# -# This module manages the necessary things for trocla on a master for -# RubyEnterprise installation. -# -# [Remember: No empty lines between comments and class definition] -class trocla::master::ree { - - require ruby_enterprise::gems::moneta - require ruby_enterprise::gems::highline - - ruby_enterprise::gem{'trocla': } -} diff --git a/manifests/params.pp b/manifests/params.pp new file mode 100644 index 0000000..f99aa2a --- /dev/null +++ b/manifests/params.pp @@ -0,0 +1,6 @@ +# a set of default params for various trocla usages +class trocla::params( + $sysdomain_profile_name = 'sysdomain_nc' +){ + +} diff --git a/manifests/yaml.pp b/manifests/yaml.pp index dc20c2e..8ac0071 100644 --- a/manifests/yaml.pp +++ b/manifests/yaml.pp @@ -2,24 +2,20 @@ # This will install and configure trocla with the # default yaml storage. # -# [*password_length*] The default length of new passwords: 16 -# [*random_passwords*] Whether trocla should generate random -# passwords or not. Default: true # [*data_file*] Where to store the passwords. -# Default: {$settings::server_datadir}/trocla_data.yaml" -# This will likely be: /var/lib/puppet/server_data/trocla_data.yaml +# Default: /var/lib/trocla/trocla_data.yaml +# This should be managed using the package. class trocla::yaml( - $password_length = 16, - $random_passwords = true, - $data_file = "${settings::server_datadir}/trocla_data.yaml", + $data_file = '/var/lib/trocla/trocla_data.yaml', ) { class{'trocla::config': - password_length => $password_length, - random_passwords => $random_passwords, - adapter => 'YAML', - adapter_options => { - file => $data_file, + store => 'moneta', + store_options => { + adapter => 'YAML', + adapter_options => { + file => $data_file, + }, }, } -- cgit v1.2.3