|
[[TOC]]
-This Puppet module configures settings a full Puppet environment, i.e. Puppet master, Puppet agents pointed to the master.
diff --git a/doc/index.html b/doc/index.html index 31e6f5e..d4d0781 100644 --- a/doc/index.html +++ b/doc/index.html @@ -62,8 +62,6 @@|
[[TOC]]
-This Puppet module configures settings a full Puppet environment, i.e. Puppet master, Puppet agents pointed to the master.
diff --git a/doc/puppet_classes/puppet_cd_3A_3Aparams.html b/doc/puppet_classes/puppet_cd_3A_3Aparams.html index a853cb2..a84709f 100644 --- a/doc/puppet_classes/puppet_cd_3A_3Aparams.html +++ b/doc/puppet_classes/puppet_cd_3A_3Aparams.html @@ -1100,6 +1100,78 @@ —IP address to listen on
+whether to use tls encryption for the backend
+placeholder for the ca.crt
+placeholder for the server.crt
+placeholder for the server.crt
-64 -65 -66 -67 68 69 70 @@ -1255,10 +1323,26 @@ 201 202 203 -204+204 +205 +206 +207 +208 +209 +210 +211 +212 +213 +214 +215 +216 +217 +218 +219 +220
# File 'manifests/params.pp', line 64
+ # File 'manifests/params.pp', line 68
class puppet_cd::params (
@@ -1312,6 +1396,11 @@ class puppet_cd::params (
String $pt_db_username = 'foobar',
String $pt_db_password = 'foobar',
String $pt_gc_interval = '60',
+ Boolean $pt_enable_tls = false,
+ String $pt_pptdb_ca_crt = 'Changeme',
+ String $pt_pptdb_server_crt = 'Changeme',
+ String $pt_pptdb_server_key = 'Changeme',
+
## jetty
String $pt_http_port = '8080',
String $pt_https_port = '8081',
@@ -1354,6 +1443,7 @@ class puppet_cd::params (
## puppetdb
$pt_puppetdb_dir = '/etc/puppetlabs/puppetdb'
$pt_puppetdb_conf_dir = "${pt_puppetdb_dir}/conf.d"
+ $pt_pptdb_ssldir = "${pt_puppetdb_dir}/ssl"
# files
## puppet
@@ -1391,6 +1481,12 @@ class puppet_cd::params (
$pt_repl_ini_erb = 'puppet_cd/puppetdb/repl.ini.erb'
$pt_service_conf_file = '/usr/lib/systemd/system/puppetdb.service'
$pt_service_conf_erb = 'puppet_cd/puppetdb/service.conf.erb'
+ $pt_ca_crt_file = "${pt_pptdb_ssldir}/ca.crt"
+ $pt_ca_crt_erb = 'puppet_cd/puppetdb/ca.crt.erb'
+ $pt_server_crt_file = "${pt_pptdb_ssldir}/server.crt"
+ $pt_server_crt_erb = 'puppet_cd/puppetdb/server.crt.erb'
+ $pt_server_key_file = "${pt_pptdb_ssldir}/server.key"
+ $pt_server_key_erb = 'puppet_cd/puppetdb/server.key.erb'
# service
$pt_server_service = 'puppetserver'
diff --git a/doc/puppet_classes/puppet_cd_3A_3Apuppetdb_3A_3Afiles.html b/doc/puppet_classes/puppet_cd_3A_3Apuppetdb_3A_3Afiles.html
index e2cd136..e51476c 100644
--- a/doc/puppet_classes/puppet_cd_3A_3Apuppetdb_3A_3Afiles.html
+++ b/doc/puppet_classes/puppet_cd_3A_3Apuppetdb_3A_3Afiles.html
@@ -226,7 +226,49 @@
128
129
130
-131
+131
+132
+133
+134
+135
+136
+137
+138
+139
+140
+141
+142
+143
+144
+145
+146
+147
+148
+149
+150
+151
+152
+153
+154
+155
+156
+157
+158
+159
+160
+161
+162
+163
+164
+165
+166
+167
+168
+169
+170
+171
+172
+173
# File 'manifests/puppetdb/files.pp', line 6
@@ -355,6 +397,48 @@ class puppet_cd::puppetdb::files (
content => template($pt_repl_ini_erb),
notify => Service[$pt_db_service],
}
+ if $pt_enable_tls == true {
+ # create tls certs
+ ## ca.crt
+ file { $pt_ca_crt_file:
+ ensure => file,
+ owner => 'puppetdb',
+ group => 'puppetdb',
+ mode => '0440',
+ selrange => s0,
+ selrole => object_r,
+ seltype => puppet_etc_t,
+ seluser => system_u,
+ content => template($pt_ca_crt_erb),
+ notify => Service[$pt_db_service],
+ }
+ ## server.crt
+ file { $pt_server_crt_file:
+ ensure => file,
+ owner => 'puppetdb',
+ group => 'puppetdb',
+ mode => '0440',
+ selrange => s0,
+ selrole => object_r,
+ seltype => puppet_etc_t,
+ seluser => system_u,
+ content => template($pt_server_crt_erb),
+ notify => Service[$pt_db_service],
+ }
+ ## server.key
+ file { $pt_server_key_file:
+ ensure => file,
+ owner => 'puppetdb',
+ group => 'puppetdb',
+ mode => '0440',
+ selrange => s0,
+ selrole => object_r,
+ seltype => puppet_etc_t,
+ seluser => system_u,
+ content => template($pt_server_key_erb),
+ notify => Service[$pt_db_service],
+ }
+ }
}
}