Skip to content
Browse files

Intial work on rewrite

This commit makes a number of changes on the way to a 0.1.0 rewrite.

The module_name has been changed to pe_shared_ca and instead of
making assumptions about how the user may want to setup the shared
ca infrastructure (like console host being the ca), the module now
forces the user to set a boolean (true,false) value to the variable
shared_ca_server.

Another new variable, ca_files_to_copy is established, paving the
way for the module to grab the required files needed to establish
subsequent masters.

The + operator previously used in the old_fucntion_to_pruge variable
value blocked catalog compilation for me on CentOS PE 2.5 so I've
removed it.

Execution is now more strictly ordered.

ToDo: Figure out how to copy CA files into the module to ship around.
      Validate user input of the shared_ca_server boolean.
  • Loading branch information...
1 parent 85f580c commit 156f424e6601f60d69f17b596b084b32213cf5f1 @ryanycoleman ryanycoleman committed
Showing with 32 additions and 25 deletions.
  1. +26 −25 manifests/init.pp
  2. +3 −0 usage/is_ca_server.pp
  3. +3 −0 usage/not_ca_server.pp
View
51 manifests/init.pp
@@ -10,78 +10,79 @@
#
# == Parameters
#
-class shared_ca(
+class pe_shared_ca(
$ca_folder_source = "puppet:///modules/${module_name}/ca",
$mco_credentials_source = "puppet:///modules/${module_name}/credentials",
- $mco_module_source = "puppet:///modules/${module_name}/pe_mcollective"
+ $mco_module_source = "puppet:///modules/${module_name}/pe_mcollective",
+ $shared_ca_server='',
) {
+ # Setup variables to represent various files this class will manipulate
$ca_files_to_purge = [ '/etc/puppetlabs/puppet/ssl/certs/ca.pem',
"/etc/puppetlabs/puppet/ssl/certs/${::clientcert}.pem",
"/etc/puppetlabs/puppet/ssl/private_keys/${::clientcert}.pem",
"/etc/puppetlabs/puppet/ssl/public_keys/${::clientcert}.pem",
'/etc/puppetlabs/puppet/ssl/crl.pem', ]
+ $ca_files_to_copy = [ '/etc/puppetlabs/puppet/ssl/ca/ca_crl.pem',
+ '/etc/puppetlabs/puppet/ssl/ca/ca_crt.pem',
+ '/etc/puppetlabs/puppet/ssl/ca/ca_key.pem',
+ '/etc/puppetlabs/puppet/ssl/ca/ca_pub.pem', ]
+
$mco_files_to_purge = [ '/etc/puppetlabs/mcollective/ssl',
'/etc/puppetlabs/activemq/broker.ks',
'/etc/puppetlabs/activemq/broker.p12',
'/etc/puppetlabs/activemq/broker.pem',
'/etc/puppetlabs/activemq/broker.ts', ]
- $old_function_to_purge = '/opt/puppet/share/puppet/modules/pe_accounts/' +
- 'lib/puppet/parser/functions/create_resources.rb'
+ $old_function_to_purge = '/opt/puppet/share/puppet/modules/pe_accounts/lib/puppet/parser/functions/create_resources.rb'
$mco_credentials_file = '/etc/puppetlabs/mcollective/credentials'
- if $::fact_is_puppetconsole == false {
- $files_to_purge = [ $ca_files_to_purge, $mco_files_to_purge,
+ if ! $shared_ca_server {
+ $files_to_purge = [ $ca_files_to_purge,
+ $mco_files_to_purge,
$old_function_to_purge ]
- # Warning, running this class over and over again will reset the process
- # that's kind of the point.
- exec { 'purge_ca':
- command => 'rm -rf /etc/puppetlabs/puppet/ssl/ca',
- path => '/opt/puppet/bin:/usr/kerberos/sbin:/usr/kerberos/bin:' +
- '/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:' +
- '/usr/bin',
- before => File['copy_ca_dir'],
- }
- file { 'copy_ca_dir':
+ file { 'replace_ca_dir':
ensure => directory,
path => '/etc/puppetlabs/puppet/ssl/ca',
source => $ca_folder_source,
recurse => true,
- force => true,
+ purge => true,
owner => 'pe-puppet',
group => 'pe-puppet',
- require => File[$files_to_purge]
+ require => File[$files_to_purge],
}
- file { 'copy_mco_credentials':
+ file { 'replace_mco_credentials':
ensure => file,
path => '/etc/puppetlabs/mcollective/credentials',
source => $mco_credentials_source,
owner => 'pe-puppet',
group => 'pe-puppet',
mode => '0600',
+ require => File[$files_to_purge],
}
- } elsif $::fact_is_puppetconsole == true and $::fact_is_puppetca == true {
+ }
+
+ if $shared_ca_server {
$files_to_purge = [ $mco_files_to_purge, $old_function_to_purge ]
}
- service { [ 'pe-puppet',
- 'pe-httpd',
- 'pe-mcollective',
- 'pe-activemq' ]:
+ service { 'shutdown_pe':
+ name => [ 'pe-puppet',
+ 'pe-httpd',
+ 'pe-mcollective',
+ 'pe-activemq' ],
ensure => 'stopped',
before => File[$files_to_purge],
- require => File['copy_custom_mco_module'],
}
file { $files_to_purge:
View
3 usage/is_ca_server.pp
@@ -0,0 +1,3 @@
+class { 'pe_shared_ca':
+ shared_ca_server => true,
+}
View
3 usage/not_ca_server.pp
@@ -0,0 +1,3 @@
+class { 'pe_shared_ca':
+ shared_ca_server => false,
+}

0 comments on commit 156f424

Please sign in to comment.
Something went wrong with that request. Please try again.