Skip to content

Commit

Permalink
Simplify r10k_private_key handling
Browse files Browse the repository at this point in the history 
Observationally:

  - We ALWAYS want to configure Code Manager
  - We ALWAYS want the private key location configured the same
  - We can use pe_conf_data to override anything if we need to
  - We don't want magic

To that end, this commit simplifies the r10k private key input to
require that the key *content* is supplied, rather than a path to a
local file. Further, we just hard-code the settings that should always
be the same.

If we want to support using a local file later as a convenience, we can
add a different parameter; e.g. `String $r10k_private_key_file`.
  • Loading branch information
@reidmv
reidmv committed Sep 28, 2019
1 parent 130fce7 commit 6491b78
Showing 1 changed file with 21 additions and 32 deletions.
53 changes: 21 additions & 32 deletions plans/install.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,21 +14,27 @@
# used for tuning data etc.
#
plan pe_xl::install (
# Large
String[1] $master_host,
Array[String[1]] $compiler_hosts = [ ],
Array[String[1]] $compiler_hosts = [ ],
Optional[String[1]] $master_replica_host = undef,

# Extra Large
Optional[String[1]] $puppetdb_database_host = undef,
Optional[String[1]] $master_replica_host = undef,
Optional[String[1]] $puppetdb_database_replica_host = undef,

# Common Configuration
String[1] $console_password,
String[1] $version = '2018.1.3',
Optional[String] $r10k_remote = undef,
Optional[String] $r10k_private_key = undef,
Array[String[1]] $dns_alt_names = [ ],
String[1] $version = '2019.1.1',
Array[String[1]] $dns_alt_names = [ ],
Hash $pe_conf_data = { },

# Code Manager
Optional[String] $r10k_remote = undef,
Optional[Regexp[/BEGIN RSA PRIVATE KEY/]] $r10k_private_key = undef,

# Other
String[1] $stagingdir = '/tmp',
Hash $pe_conf_data = {},
) {

# Define a number of host groupings for use later in the plan
Expand Down Expand Up @@ -116,34 +122,15 @@
}
}

# Check if the r10k_private_key is a local file
if ($r10k_private_key and find_file($r10k_private_key)) {
# If the file exists then the config value should be the default path
$_r10k_private_key = '/etc/puppetlabs/puppetserver/ssh/id-control_repo.rsa'

# Set a flag for managing the content later
$manage_private_key = true
} else {
# Just use the config as a config value
$_r10k_private_key = $r10k_private_key
$manage_private_key = false
}

# Only auto configure code manager if we have given an r10k_remote
$_code_manager_auto_configure = $r10k_remote ? {
undef => undef, # If this is undef then it wont be passed
default => true,
}

# Generate all the needed pe.conf files
$master_pe_conf = pe_xl::generate_pe_conf({
'console_admin_password' => $console_password,
'puppet_enterprise::puppet_master_host' => $master_host,
'pe_install::puppet_master_dnsaltnames' => $dns_alt_names,
'puppet_enterprise::profile::puppetdb::database_host' => $puppetdb_database_host,
'puppet_enterprise::profile::master::code_manager_auto_configure' => true,
'puppet_enterprise::profile::master::r10k_private_key' => '/etc/puppetlabs/puppetserver/ssh/id-control_repo.rsa',
'puppet_enterprise::profile::master::r10k_remote' => $r10k_remote,
'puppet_enterprise::profile::master::code_manager_auto_configure' => $_code_manager_auto_configure,
'puppet_enterprise::profile::master::r10k_private_key' => $_r10k_private_key,
} + $pe_conf_data)

$puppetdb_database_pe_conf = pe_xl::generate_pe_conf({
Expand Down Expand Up @@ -227,11 +214,13 @@
out::message("Finished: task pe_xl::pe_install on ${master_host}")
}
if $manage_private_key {
# Create the SSH private key
if $r10k_private_key {
run_task('pe_xl::mkdir_p_file', [$master_host, $ha_replica_target],
path => $_r10k_private_key, # The configured path
content => file($r10k_private_key), # The local file
path => '/etc/puppetlabs/puppetserver/ssh/id-control_repo.rsa',
owner => 'pe-puppet',
group => 'pe-puppet',
mode => '0400',
content => $r10k_private_key,
)
}
Expand Down

0 comments on commit 6491b78

Please sign in to comment.