subject:"\[MediaWiki\-commits\] \[Gerrit\] operations\/puppet\[production\]\: Update bacula\:\:client to use base\:\:expose_puppet

[MediaWiki-commits] [Gerrit] operations/puppet[production]: Update bacula::client to use base::expose_puppet_certs

2017-03-24 Thread Alexandros Kosiaris (Code Review)

Alexandros Kosiaris has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/344606 )

Change subject: Update bacula::client to use base::expose_puppet_certs
..


Update bacula::client to use base::expose_puppet_certs

expose the puppet certificate, key and keypair via
base::expose_puppet_certs and use them in the configurations
Update the RSpec tests as well

Bug: T161281
Change-Id: I8d49f96cbd4aa5542ac4eae6e01ee9a32aace734
---
M modules/bacula/.fixtures.yml
M modules/bacula/manifests/client.pp
M modules/bacula/spec/classes/bacula_client_spec.rb
M modules/bacula/templates/bacula-client.erb
M modules/bacula/templates/bacula-fd.conf.erb
5 files changed, 20 insertions(+), 22 deletions(-)

Approvals:
  Alexandros Kosiaris: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/bacula/.fixtures.yml b/modules/bacula/.fixtures.yml
index f66bf01..9eda903 100644
--- a/modules/bacula/.fixtures.yml
+++ b/modules/bacula/.fixtures.yml
@@ -1,3 +1,6 @@
 fixtures:
 symlinks:
 bacula: "#{source_dir}"
+base: "../../../../base"
+wmflib: "../../../../wmflib"
+stdlib: "../../../../stdlib"
diff --git a/modules/bacula/manifests/client.pp 
b/modules/bacula/manifests/client.pp
index 467482a..811da19 100644
--- a/modules/bacula/manifests/client.pp
+++ b/modules/bacula/manifests/client.pp
@@ -44,6 +44,13 @@
 require => Package['bacula-fd'],
 }
 
+base::expose_puppet_certs { '/etc/bacula':
+provide_private => true,
+provide_keypair => true,
+user=> 'bacula',
+group   => 'bacula',
+}
+
 file { '/etc/bacula/bacula-fd.conf':
 ensure  => present,
 owner   => 'root',
@@ -55,17 +62,6 @@
 Package['bacula-fd'],
 Exec['concat-bacula-keypair'],
 ],
-}
-
-# To avoid reimplementing a PKI infrastructure we use puppet's already well
-# managed one. Bacula needs the keypair in one single file though hence 
this
-# resource
-exec { 'concat-bacula-keypair':
-command => "/bin/cat \
- /var/lib/puppet/ssl/private_keys/${::fqdn}.pem \
- /var/lib/puppet/ssl/certs/${::fqdn}.pem > \
- /var/lib/puppet/ssl/private_keys/bacula-keypair-${::fqdn}.pem",
-creates => 
"/var/lib/puppet/ssl/private_keys/bacula-keypair-${::fqdn}.pem",
 }
 
 # We export oufself to the director
diff --git a/modules/bacula/spec/classes/bacula_client_spec.rb 
b/modules/bacula/spec/classes/bacula_client_spec.rb
index c289d4c..c1f43ec 100644
--- a/modules/bacula/spec/classes/bacula_client_spec.rb
+++ b/modules/bacula/spec/classes/bacula_client_spec.rb
@@ -14,7 +14,6 @@
 
 it { should contain_package('bacula-fd') }
 it { should contain_service('bacula-fd') }
-it { should contain_exec('concat-bacula-keypair') }
 it 'should generate valid content for /etc/bacula/bacula-fd.conf' do
 should contain_file('/etc/bacula/bacula-fd.conf').with({
 'ensure'  => 'present',
@@ -24,10 +23,10 @@
 }) \
 .with_content(/Name = "testdirector"/) \
 .with_content(/Password = "testdirectorpass"/) \
-.with_content(/TLS Certificate = 
"\/var\/lib\/puppet\/ssl\/certs\/testhost.example.com.pem"/) \
-.with_content(/TLS Key = 
"\/var\/lib\/puppet\/ssl\/private_keys\/testhost.example.com.pem"/) \
+.with_content(/TLS Certificate = "\/etc\/bacula\/ssl\/server.pem"/) \
+.with_content(/TLS Key = "\/etc\/bacula\/ssl\/server.key"/) \
 .with_content(/Name = "testhost.example.com-fd"/) \
 .with_content(/FDport = 2000/) \
-.with_content(/PKI Keypair = 
"\/var\/lib\/puppet\/ssl\/private_keys\/bacula-keypair-testhost.example.com.pem"/)
+.with_content(/PKI Keypair = "\/etc\/bacula\/ssl\/server-keypair.pem"/)
 end
 end
diff --git a/modules/bacula/templates/bacula-client.erb 
b/modules/bacula/templates/bacula-client.erb
index 018a3d7..5156019 100644
--- a/modules/bacula/templates/bacula-client.erb
+++ b/modules/bacula/templates/bacula-client.erb
@@ -12,8 +12,8 @@
 TLS Enable = yes
 TLS Require = yes
 TLS CA Certificate File = "/var/lib/puppet/ssl/certs/ca.pem"
-TLS Certificate = "/var/lib/puppet/ssl/certs/<%= @director -%>.pem"
-TLS Key = "/var/lib/puppet/ssl/private_keys/bacula-<%= @director -%>.pem"
+TLS Certificate = "/etc/bacula/ssl/server.key"
+TLS Key = "/etc/bacula/ssl/server-keypair.pem"
 # Priority = 10
 # Maximum Bandwith Per Job =
 # Autoprune = yes
diff --git a/modules/bacula/templates/bacula-fd.conf.erb 
b/modules/bacula/templates/bacula-fd.conf.erb
index 0f9d655..0287848 100644
--- a/modules/bacula/templates/bacula-fd.conf.erb
+++ b/modules/bacula/templates/bacula-fd.conf.erb
@@ -9,8 +9,8 @@
 TLS Require = yes
 TLS CA Certificate File = "/var/lib/puppet/ssl/certs/ca.pem"
 TLS Verify Peer = yes
-TLS

[MediaWiki-commits] [Gerrit] operations/puppet[production]: Update bacula::client to use base::expose_puppet_certs

2017-03-24 Thread Alexandros Kosiaris (Code Review)

Alexandros Kosiaris has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/344606 )

Change subject: Update bacula::client to use base::expose_puppet_certs
..

Update bacula::client to use base::expose_puppet_certs

expose the puppet certificate, key and keypair via
base::expose_puppet_certs and use them in the configurations
Update the RSpec tests as well

Bug: T161281
Change-Id: I8d49f96cbd4aa5542ac4eae6e01ee9a32aace734
---
M modules/bacula/.fixtures.yml
M modules/bacula/manifests/client.pp
M modules/bacula/spec/classes/bacula_client_spec.rb
M modules/bacula/templates/bacula-client.erb
M modules/bacula/templates/bacula-fd.conf.erb
5 files changed, 20 insertions(+), 22 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/06/344606/1

diff --git a/modules/bacula/.fixtures.yml b/modules/bacula/.fixtures.yml
index f66bf01..9eda903 100644
--- a/modules/bacula/.fixtures.yml
+++ b/modules/bacula/.fixtures.yml
@@ -1,3 +1,6 @@
 fixtures:
 symlinks:
 bacula: "#{source_dir}"
+base: "../../../../base"
+wmflib: "../../../../wmflib"
+stdlib: "../../../../stdlib"
diff --git a/modules/bacula/manifests/client.pp 
b/modules/bacula/manifests/client.pp
index 467482a..811da19 100644
--- a/modules/bacula/manifests/client.pp
+++ b/modules/bacula/manifests/client.pp
@@ -44,6 +44,13 @@
 require => Package['bacula-fd'],
 }
 
+base::expose_puppet_certs { '/etc/bacula':
+provide_private => true,
+provide_keypair => true,
+user=> 'bacula',
+group   => 'bacula',
+}
+
 file { '/etc/bacula/bacula-fd.conf':
 ensure  => present,
 owner   => 'root',
@@ -55,17 +62,6 @@
 Package['bacula-fd'],
 Exec['concat-bacula-keypair'],
 ],
-}
-
-# To avoid reimplementing a PKI infrastructure we use puppet's already well
-# managed one. Bacula needs the keypair in one single file though hence 
this
-# resource
-exec { 'concat-bacula-keypair':
-command => "/bin/cat \
- /var/lib/puppet/ssl/private_keys/${::fqdn}.pem \
- /var/lib/puppet/ssl/certs/${::fqdn}.pem > \
- /var/lib/puppet/ssl/private_keys/bacula-keypair-${::fqdn}.pem",
-creates => 
"/var/lib/puppet/ssl/private_keys/bacula-keypair-${::fqdn}.pem",
 }
 
 # We export oufself to the director
diff --git a/modules/bacula/spec/classes/bacula_client_spec.rb 
b/modules/bacula/spec/classes/bacula_client_spec.rb
index c289d4c..c1f43ec 100644
--- a/modules/bacula/spec/classes/bacula_client_spec.rb
+++ b/modules/bacula/spec/classes/bacula_client_spec.rb
@@ -14,7 +14,6 @@
 
 it { should contain_package('bacula-fd') }
 it { should contain_service('bacula-fd') }
-it { should contain_exec('concat-bacula-keypair') }
 it 'should generate valid content for /etc/bacula/bacula-fd.conf' do
 should contain_file('/etc/bacula/bacula-fd.conf').with({
 'ensure'  => 'present',
@@ -24,10 +23,10 @@
 }) \
 .with_content(/Name = "testdirector"/) \
 .with_content(/Password = "testdirectorpass"/) \
-.with_content(/TLS Certificate = 
"\/var\/lib\/puppet\/ssl\/certs\/testhost.example.com.pem"/) \
-.with_content(/TLS Key = 
"\/var\/lib\/puppet\/ssl\/private_keys\/testhost.example.com.pem"/) \
+.with_content(/TLS Certificate = "\/etc\/bacula\/ssl\/server.pem"/) \
+.with_content(/TLS Key = "\/etc\/bacula\/ssl\/server.key"/) \
 .with_content(/Name = "testhost.example.com-fd"/) \
 .with_content(/FDport = 2000/) \
-.with_content(/PKI Keypair = 
"\/var\/lib\/puppet\/ssl\/private_keys\/bacula-keypair-testhost.example.com.pem"/)
+.with_content(/PKI Keypair = "\/etc\/bacula\/ssl\/server-keypair.pem"/)
 end
 end
diff --git a/modules/bacula/templates/bacula-client.erb 
b/modules/bacula/templates/bacula-client.erb
index 018a3d7..5156019 100644
--- a/modules/bacula/templates/bacula-client.erb
+++ b/modules/bacula/templates/bacula-client.erb
@@ -12,8 +12,8 @@
 TLS Enable = yes
 TLS Require = yes
 TLS CA Certificate File = "/var/lib/puppet/ssl/certs/ca.pem"
-TLS Certificate = "/var/lib/puppet/ssl/certs/<%= @director -%>.pem"
-TLS Key = "/var/lib/puppet/ssl/private_keys/bacula-<%= @director -%>.pem"
+TLS Certificate = "/etc/bacula/ssl/server.key"
+TLS Key = "/etc/bacula/ssl/server-keypair.pem"
 # Priority = 10
 # Maximum Bandwith Per Job =
 # Autoprune = yes
diff --git a/modules/bacula/templates/bacula-fd.conf.erb 
b/modules/bacula/templates/bacula-fd.conf.erb
index 0f9d655..0287848 100644
--- a/modules/bacula/templates/bacula-fd.conf.erb
+++ b/modules/bacula/templates/bacula-fd.conf.erb
@@ -9,8 +9,8 @@
 TLS Require = yes
 TLS CA Certificate File = "/var/lib/puppet/ssl/certs/ca.pem"
 TLS Verify Peer = yes
-TLS Certificate =

[MediaWiki-commits] [Gerrit] operations/puppet[production]: Update bacula::client to use base::expose_puppet_certs

[MediaWiki-commits] [Gerrit] operations/puppet[production]: Update bacula::client to use base::expose_puppet_certs

2 matches

Site Navigation

Mail list logo

Footer information