[MediaWiki-commits] [Gerrit] operations/puppet[production]: Update bacula::client to use base::expose_puppet_certs
Alexandros Kosiaris has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/344606 ) Change subject: Update bacula::client to use base::expose_puppet_certs .. Update bacula::client to use base::expose_puppet_certs expose the puppet certificate, key and keypair via base::expose_puppet_certs and use them in the configurations Update the RSpec tests as well Bug: T161281 Change-Id: I8d49f96cbd4aa5542ac4eae6e01ee9a32aace734 --- M modules/bacula/.fixtures.yml M modules/bacula/manifests/client.pp M modules/bacula/spec/classes/bacula_client_spec.rb M modules/bacula/templates/bacula-client.erb M modules/bacula/templates/bacula-fd.conf.erb 5 files changed, 20 insertions(+), 22 deletions(-) Approvals: Alexandros Kosiaris: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/bacula/.fixtures.yml b/modules/bacula/.fixtures.yml index f66bf01..9eda903 100644 --- a/modules/bacula/.fixtures.yml +++ b/modules/bacula/.fixtures.yml @@ -1,3 +1,6 @@ fixtures: symlinks: bacula: "#{source_dir}" +base: "../../../../base" +wmflib: "../../../../wmflib" +stdlib: "../../../../stdlib" diff --git a/modules/bacula/manifests/client.pp b/modules/bacula/manifests/client.pp index 467482a..811da19 100644 --- a/modules/bacula/manifests/client.pp +++ b/modules/bacula/manifests/client.pp @@ -44,6 +44,13 @@ require => Package['bacula-fd'], } +base::expose_puppet_certs { '/etc/bacula': +provide_private => true, +provide_keypair => true, +user=> 'bacula', +group => 'bacula', +} + file { '/etc/bacula/bacula-fd.conf': ensure => present, owner => 'root', @@ -55,17 +62,6 @@ Package['bacula-fd'], Exec['concat-bacula-keypair'], ], -} - -# To avoid reimplementing a PKI infrastructure we use puppet's already well -# managed one. Bacula needs the keypair in one single file though hence this -# resource -exec { 'concat-bacula-keypair': -command => "/bin/cat \ - /var/lib/puppet/ssl/private_keys/${::fqdn}.pem \ - /var/lib/puppet/ssl/certs/${::fqdn}.pem > \ - /var/lib/puppet/ssl/private_keys/bacula-keypair-${::fqdn}.pem", -creates => "/var/lib/puppet/ssl/private_keys/bacula-keypair-${::fqdn}.pem", } # We export oufself to the director diff --git a/modules/bacula/spec/classes/bacula_client_spec.rb b/modules/bacula/spec/classes/bacula_client_spec.rb index c289d4c..c1f43ec 100644 --- a/modules/bacula/spec/classes/bacula_client_spec.rb +++ b/modules/bacula/spec/classes/bacula_client_spec.rb @@ -14,7 +14,6 @@ it { should contain_package('bacula-fd') } it { should contain_service('bacula-fd') } -it { should contain_exec('concat-bacula-keypair') } it 'should generate valid content for /etc/bacula/bacula-fd.conf' do should contain_file('/etc/bacula/bacula-fd.conf').with({ 'ensure' => 'present', @@ -24,10 +23,10 @@ }) \ .with_content(/Name = "testdirector"/) \ .with_content(/Password = "testdirectorpass"/) \ -.with_content(/TLS Certificate = "\/var\/lib\/puppet\/ssl\/certs\/testhost.example.com.pem"/) \ -.with_content(/TLS Key = "\/var\/lib\/puppet\/ssl\/private_keys\/testhost.example.com.pem"/) \ +.with_content(/TLS Certificate = "\/etc\/bacula\/ssl\/server.pem"/) \ +.with_content(/TLS Key = "\/etc\/bacula\/ssl\/server.key"/) \ .with_content(/Name = "testhost.example.com-fd"/) \ .with_content(/FDport = 2000/) \ -.with_content(/PKI Keypair = "\/var\/lib\/puppet\/ssl\/private_keys\/bacula-keypair-testhost.example.com.pem"/) +.with_content(/PKI Keypair = "\/etc\/bacula\/ssl\/server-keypair.pem"/) end end diff --git a/modules/bacula/templates/bacula-client.erb b/modules/bacula/templates/bacula-client.erb index 018a3d7..5156019 100644 --- a/modules/bacula/templates/bacula-client.erb +++ b/modules/bacula/templates/bacula-client.erb @@ -12,8 +12,8 @@ TLS Enable = yes TLS Require = yes TLS CA Certificate File = "/var/lib/puppet/ssl/certs/ca.pem" -TLS Certificate = "/var/lib/puppet/ssl/certs/<%= @director -%>.pem" -TLS Key = "/var/lib/puppet/ssl/private_keys/bacula-<%= @director -%>.pem" +TLS Certificate = "/etc/bacula/ssl/server.key" +TLS Key = "/etc/bacula/ssl/server-keypair.pem" # Priority = 10 # Maximum Bandwith Per Job = # Autoprune = yes diff --git a/modules/bacula/templates/bacula-fd.conf.erb b/modules/bacula/templates/bacula-fd.conf.erb index 0f9d655..0287848 100644 --- a/modules/bacula/templates/bacula-fd.conf.erb +++ b/modules/bacula/templates/bacula-fd.conf.erb @@ -9,8 +9,8 @@ TLS Require = yes TLS CA Certificate File = "/var/lib/puppet/ssl/certs/ca.pem" TLS Verify Peer = yes -TLS
[MediaWiki-commits] [Gerrit] operations/puppet[production]: Update bacula::client to use base::expose_puppet_certs
Alexandros Kosiaris has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/344606 ) Change subject: Update bacula::client to use base::expose_puppet_certs .. Update bacula::client to use base::expose_puppet_certs expose the puppet certificate, key and keypair via base::expose_puppet_certs and use them in the configurations Update the RSpec tests as well Bug: T161281 Change-Id: I8d49f96cbd4aa5542ac4eae6e01ee9a32aace734 --- M modules/bacula/.fixtures.yml M modules/bacula/manifests/client.pp M modules/bacula/spec/classes/bacula_client_spec.rb M modules/bacula/templates/bacula-client.erb M modules/bacula/templates/bacula-fd.conf.erb 5 files changed, 20 insertions(+), 22 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/06/344606/1 diff --git a/modules/bacula/.fixtures.yml b/modules/bacula/.fixtures.yml index f66bf01..9eda903 100644 --- a/modules/bacula/.fixtures.yml +++ b/modules/bacula/.fixtures.yml @@ -1,3 +1,6 @@ fixtures: symlinks: bacula: "#{source_dir}" +base: "../../../../base" +wmflib: "../../../../wmflib" +stdlib: "../../../../stdlib" diff --git a/modules/bacula/manifests/client.pp b/modules/bacula/manifests/client.pp index 467482a..811da19 100644 --- a/modules/bacula/manifests/client.pp +++ b/modules/bacula/manifests/client.pp @@ -44,6 +44,13 @@ require => Package['bacula-fd'], } +base::expose_puppet_certs { '/etc/bacula': +provide_private => true, +provide_keypair => true, +user=> 'bacula', +group => 'bacula', +} + file { '/etc/bacula/bacula-fd.conf': ensure => present, owner => 'root', @@ -55,17 +62,6 @@ Package['bacula-fd'], Exec['concat-bacula-keypair'], ], -} - -# To avoid reimplementing a PKI infrastructure we use puppet's already well -# managed one. Bacula needs the keypair in one single file though hence this -# resource -exec { 'concat-bacula-keypair': -command => "/bin/cat \ - /var/lib/puppet/ssl/private_keys/${::fqdn}.pem \ - /var/lib/puppet/ssl/certs/${::fqdn}.pem > \ - /var/lib/puppet/ssl/private_keys/bacula-keypair-${::fqdn}.pem", -creates => "/var/lib/puppet/ssl/private_keys/bacula-keypair-${::fqdn}.pem", } # We export oufself to the director diff --git a/modules/bacula/spec/classes/bacula_client_spec.rb b/modules/bacula/spec/classes/bacula_client_spec.rb index c289d4c..c1f43ec 100644 --- a/modules/bacula/spec/classes/bacula_client_spec.rb +++ b/modules/bacula/spec/classes/bacula_client_spec.rb @@ -14,7 +14,6 @@ it { should contain_package('bacula-fd') } it { should contain_service('bacula-fd') } -it { should contain_exec('concat-bacula-keypair') } it 'should generate valid content for /etc/bacula/bacula-fd.conf' do should contain_file('/etc/bacula/bacula-fd.conf').with({ 'ensure' => 'present', @@ -24,10 +23,10 @@ }) \ .with_content(/Name = "testdirector"/) \ .with_content(/Password = "testdirectorpass"/) \ -.with_content(/TLS Certificate = "\/var\/lib\/puppet\/ssl\/certs\/testhost.example.com.pem"/) \ -.with_content(/TLS Key = "\/var\/lib\/puppet\/ssl\/private_keys\/testhost.example.com.pem"/) \ +.with_content(/TLS Certificate = "\/etc\/bacula\/ssl\/server.pem"/) \ +.with_content(/TLS Key = "\/etc\/bacula\/ssl\/server.key"/) \ .with_content(/Name = "testhost.example.com-fd"/) \ .with_content(/FDport = 2000/) \ -.with_content(/PKI Keypair = "\/var\/lib\/puppet\/ssl\/private_keys\/bacula-keypair-testhost.example.com.pem"/) +.with_content(/PKI Keypair = "\/etc\/bacula\/ssl\/server-keypair.pem"/) end end diff --git a/modules/bacula/templates/bacula-client.erb b/modules/bacula/templates/bacula-client.erb index 018a3d7..5156019 100644 --- a/modules/bacula/templates/bacula-client.erb +++ b/modules/bacula/templates/bacula-client.erb @@ -12,8 +12,8 @@ TLS Enable = yes TLS Require = yes TLS CA Certificate File = "/var/lib/puppet/ssl/certs/ca.pem" -TLS Certificate = "/var/lib/puppet/ssl/certs/<%= @director -%>.pem" -TLS Key = "/var/lib/puppet/ssl/private_keys/bacula-<%= @director -%>.pem" +TLS Certificate = "/etc/bacula/ssl/server.key" +TLS Key = "/etc/bacula/ssl/server-keypair.pem" # Priority = 10 # Maximum Bandwith Per Job = # Autoprune = yes diff --git a/modules/bacula/templates/bacula-fd.conf.erb b/modules/bacula/templates/bacula-fd.conf.erb index 0f9d655..0287848 100644 --- a/modules/bacula/templates/bacula-fd.conf.erb +++ b/modules/bacula/templates/bacula-fd.conf.erb @@ -9,8 +9,8 @@ TLS Require = yes TLS CA Certificate File = "/var/lib/puppet/ssl/certs/ca.pem" TLS Verify Peer = yes -TLS Certificate =