Yuvipanda has uploaded a new change for review. https://gerrit.wikimedia.org/r/311163
Change subject: labs: Add a per-project puppetmaster role ...................................................................... labs: Add a per-project puppetmaster role Uses the puppetmaster module rather than the puppet module. DEATH TO THE PUPPET MODULE Change-Id: I5f11761bdd2a1f292d3d061363fa53346d1eb768 --- A modules/role/manifests/labs/project_puppetmaster.pp 1 file changed, 32 insertions(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/63/311163/1 diff --git a/modules/role/manifests/labs/project_puppetmaster.pp b/modules/role/manifests/labs/project_puppetmaster.pp new file mode 100644 index 0000000..92f430e --- /dev/null +++ b/modules/role/manifests/labs/project_puppetmaster.pp @@ -0,0 +1,32 @@ +class role::labs::project_puppetmaster( + $autosign = false, +) { + include ldap::role::config::labs + + $ldapconfig = $ldap::role::config::labs::ldapconfig + $basedn = $ldapconfig['basedn'] + + $encconfig = { + 'ldapserver' => $ldapconfig['servernames'][0], + 'ldapbase' => "ou=hosts,${basedn}", + 'ldapstring' => '(&(objectclass=puppetClient)(associatedDomain=%s))', + 'ldapuser' => $ldapconfig['proxyagent'], + 'ldappassword' => $ldapconfig['proxypass'], + 'ldaptls' => true, + 'node_terminus' => 'ldap' + } + + # Allow access from everywhere! Use certificates to + # control access + $allow_from = '10.0.0.0/8' + + class { '::puppetmaster': + server_name => $::fqdn, + allow_from => $allow_from, + secure_private => false, + config => merge($encconfig, { + 'thin_storeconfigs' => false, + 'autosign' => $autosign, + }) + } +} -- To view, visit https://gerrit.wikimedia.org/r/311163 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I5f11761bdd2a1f292d3d061363fa53346d1eb768 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Yuvipanda <yuvipa...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits