OP#232 add file control for tla
This commit is contained in:
12ww1160
3
.vscode/settings.json
vendored
3
.vscode/settings.json
vendored
@@ -4,6 +4,7 @@
|
|||||||
"asctime",
|
"asctime",
|
||||||
"basedirt",
|
"basedirt",
|
||||||
"cachedir",
|
"cachedir",
|
||||||
|
"Changeme",
|
||||||
"devel",
|
"devel",
|
||||||
"fastapi",
|
"fastapi",
|
||||||
"getenv",
|
"getenv",
|
||||||
@@ -17,6 +18,8 @@
|
|||||||
"logappender",
|
"logappender",
|
||||||
"NOFILE",
|
"NOFILE",
|
||||||
"operatingsystemrelease",
|
"operatingsystemrelease",
|
||||||
|
"pptd",
|
||||||
|
"pptdb",
|
||||||
"Puppetfile",
|
"Puppetfile",
|
||||||
"pydantic",
|
"pydantic",
|
||||||
"pylint",
|
"pylint",
|
||||||
|
|||||||
@@ -60,6 +60,10 @@
|
|||||||
# @param [Boolean] pt_repl_on toggle the remote repl true false
|
# @param [Boolean] pt_repl_on toggle the remote repl true false
|
||||||
# @param [String] pt_repl_port What port the REPL should listen on
|
# @param [String] pt_repl_port What port the REPL should listen on
|
||||||
# @param [String] pt_repl_host IP address to listen on
|
# @param [String] pt_repl_host IP address to listen on
|
||||||
|
# @param [Boolean] pt_enable_tls whether to use tls encryption for the backend
|
||||||
|
# @param [String] pt_pptdb_ca_crt placeholder for the ca.crt
|
||||||
|
# @param [String] pt_pptdb_server_crt placeholder for the server.crt
|
||||||
|
# @param [String] pt_pptdb_server_key placeholder for the server.crt
|
||||||
###############################################################################
|
###############################################################################
|
||||||
class puppet_cd::params (
|
class puppet_cd::params (
|
||||||
|
|
||||||
@@ -113,6 +117,11 @@ class puppet_cd::params (
|
|||||||
String $pt_db_username = 'foobar',
|
String $pt_db_username = 'foobar',
|
||||||
String $pt_db_password = 'foobar',
|
String $pt_db_password = 'foobar',
|
||||||
String $pt_gc_interval = '60',
|
String $pt_gc_interval = '60',
|
||||||
|
Boolean $pt_enable_tls = false,
|
||||||
|
String $pt_pptdb_ca_crt = 'Changeme',
|
||||||
|
String $pt_pptdb_server_crt = 'Changeme',
|
||||||
|
String $pt_pptdb_server_key = 'Changeme',
|
||||||
|
|
||||||
## jetty
|
## jetty
|
||||||
String $pt_http_port = '8080',
|
String $pt_http_port = '8080',
|
||||||
String $pt_https_port = '8081',
|
String $pt_https_port = '8081',
|
||||||
@@ -155,6 +164,7 @@ class puppet_cd::params (
|
|||||||
## puppetdb
|
## puppetdb
|
||||||
$pt_puppetdb_dir = '/etc/puppetlabs/puppetdb'
|
$pt_puppetdb_dir = '/etc/puppetlabs/puppetdb'
|
||||||
$pt_puppetdb_conf_dir = "${pt_puppetdb_dir}/conf.d"
|
$pt_puppetdb_conf_dir = "${pt_puppetdb_dir}/conf.d"
|
||||||
|
$pt_pptdb_ssldir = "${pt_puppetdb_dir}/ssl"
|
||||||
|
|
||||||
# files
|
# files
|
||||||
## puppet
|
## puppet
|
||||||
@@ -192,6 +202,12 @@ class puppet_cd::params (
|
|||||||
$pt_repl_ini_erb = 'puppet_cd/puppetdb/repl.ini.erb'
|
$pt_repl_ini_erb = 'puppet_cd/puppetdb/repl.ini.erb'
|
||||||
$pt_service_conf_file = '/usr/lib/systemd/system/puppetdb.service'
|
$pt_service_conf_file = '/usr/lib/systemd/system/puppetdb.service'
|
||||||
$pt_service_conf_erb = 'puppet_cd/puppetdb/service.conf.erb'
|
$pt_service_conf_erb = 'puppet_cd/puppetdb/service.conf.erb'
|
||||||
|
$pt_ca_crt_file = "${pt_pptdb_ssldir}/ca.crt"
|
||||||
|
$pt_ca_crt_erb = 'puppet_cd/puppetdb/ca.crt.erb'
|
||||||
|
$pt_server_crt_file = "${pt_pptdb_ssldir}/server.crt"
|
||||||
|
$pt_server_crt_erb = 'puppet_cd/puppetdb/server.crt.erb'
|
||||||
|
$pt_server_key_file = "${pt_pptdb_ssldir}/server.key"
|
||||||
|
$pt_server_key_erb = 'puppet_cd/puppetdb/server.key.erb'
|
||||||
|
|
||||||
# service
|
# service
|
||||||
$pt_server_service = 'puppetserver'
|
$pt_server_service = 'puppetserver'
|
||||||
|
|||||||
@@ -127,5 +127,47 @@ class puppet_cd::puppetdb::files (
|
|||||||
content => template($pt_repl_ini_erb),
|
content => template($pt_repl_ini_erb),
|
||||||
notify => Service[$pt_db_service],
|
notify => Service[$pt_db_service],
|
||||||
}
|
}
|
||||||
|
if $pt_enable_tls == true {
|
||||||
|
# create tls certs
|
||||||
|
## ca.crt
|
||||||
|
file { $pt_ca_crt_file:
|
||||||
|
ensure => file,
|
||||||
|
owner => 'puppetdb',
|
||||||
|
group => 'puppetdb',
|
||||||
|
mode => '0440',
|
||||||
|
selrange => s0,
|
||||||
|
selrole => object_r,
|
||||||
|
seltype => puppet_etc_t,
|
||||||
|
seluser => system_u,
|
||||||
|
content => template($pt_ca_crt_erb),
|
||||||
|
notify => Service[$pt_db_service],
|
||||||
|
}
|
||||||
|
## server.crt
|
||||||
|
file { $pt_server_crt_file:
|
||||||
|
ensure => file,
|
||||||
|
owner => 'puppetdb',
|
||||||
|
group => 'puppetdb',
|
||||||
|
mode => '0440',
|
||||||
|
selrange => s0,
|
||||||
|
selrole => object_r,
|
||||||
|
seltype => puppet_etc_t,
|
||||||
|
seluser => system_u,
|
||||||
|
content => template($pt_server_crt_erb),
|
||||||
|
notify => Service[$pt_db_service],
|
||||||
|
}
|
||||||
|
## server.key
|
||||||
|
file { $pt_server_key_file:
|
||||||
|
ensure => file,
|
||||||
|
owner => 'puppetdb',
|
||||||
|
group => 'puppetdb',
|
||||||
|
mode => '0440',
|
||||||
|
selrange => s0,
|
||||||
|
selrole => object_r,
|
||||||
|
seltype => puppet_etc_t,
|
||||||
|
seluser => system_u,
|
||||||
|
content => template($pt_server_key_erb),
|
||||||
|
notify => Service[$pt_db_service],
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
1
templates/puppetdb/ca.crt.erb
Normal file
1
templates/puppetdb/ca.crt.erb
Normal file
@@ -0,0 +1 @@
|
|||||||
|
<%= @pt_pptdb_ca_crt %>
|
||||||
1
templates/puppetdb/server.crt.erb
Normal file
1
templates/puppetdb/server.crt.erb
Normal file
@@ -0,0 +1 @@
|
|||||||
|
<%= @pt_pptdb_server_crt %>
|
||||||
1
templates/puppetdb/server.key.erb
Normal file
1
templates/puppetdb/server.key.erb
Normal file
@@ -0,0 +1 @@
|
|||||||
|
<%= @pt_pptdb_server_key %>
|
||||||
Reference in New Issue
Block a user