stackforge/puppet-openstack-cloud
Code Issues Proposed changes
puppet-openstack-cloud/scripts/bootstrap.pp
Yanis Guenane f251def4b0 install: Automatization of the install-server 
This commit aims to make it possible to automate the install server
It allows the automatization of the following pieces :

  * The Puppet Master Server
  * The PuppetDB server
  * The hiera configuration

Change-Id: I5f4419ed6cb1668c1d135e9760cbb390ffdf2c68
2014-12-10 07:57:51 -05:00

79 lines
2.8 KiB
Puppet
Raw Blame History

case $::osfamily {
'RedHat': {
augeas {'httpd-lang' :
context => '/files/etc/sysconfig/httpd/',
changes => 'set LANG en_US.UTF-8',
notify => Service['httpd'],
require => Package['httpd'],
}
}
'Debian': {
# Bug Puppet: https://tickets.puppetlabs.com/browse/PUP-1386
exec { 'echo \'. /etc/default/locale\' >> /etc/apache2/envvars' :
path => ['/bin', '/usr/bin'],
unless => 'grep \'^. /etc/default/locale$\' /etc/apache2/envvars',
notify => Service['httpd'],
require => Package['httpd'],
}
# Bug Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736849
exec { 'echo \'umask 022\' >> /etc/apache2/envvars' :
path => ['/bin', '/usr/bin'],
unless => 'grep \'umask 022\' /etc/apache2/envvars',
notify => Service['httpd'],
require => Package['httpd'],
}
}
default: {
fail("Unsupported osfamily (${::osfamily})")
}
}
class { 'cloud::install::puppetmaster' :
puppetdb_enable => false,
autosign_domains => ['*'],
agent_configuration => {
'agent-ssl_client_header' => {
'setting' => 'ssl_client_header',
'value' => 'SSL_CLIENT_S_DN'
},
'agent-ssl_client_verify_header' => {
'setting' => 'ssl_client_verify_header',
'value' => 'SSL_CLIENT_VERIFY'
},
'agent-certname' => {
'setting' => 'certname',
'value' => $::fqdn
},
'agent-server' => {
'setting' => 'server',
'value' => $::fqdn
},
},
main_configuration => {
'main-configtimeout' => {
'setting' => 'configtimeout',
'value' => '10m'
},
},
puppetmaster_vhost_configuration => {
'puppetmasterd' => {
'docroot' => '/usr/share/puppet/rack/puppetmasterd/public',
'port' => 8140,
'ssl' => true,
'ssl_protocol' => 'ALL -SSLv2 -SSLv3',
'ssl_cipher' => 'ALL:!aNULL:!eNULL:!DES:!3DES:!IDEA:!SEED:!DSS:!PSK:!RC4:!MD5:+HIGH:+MEDIUM:!LOW:!SSLv2:!EXP',
'ssl_honorcipherorder' => 'On',
'ssl_cert' => "/var/lib/puppet/ssl/certs/${::fqdn}.pem",
'ssl_key' => "/var/lib/puppet/ssl/private_keys/${::fqdn}.pem",
'ssl_chain' => '/var/lib/puppet/ssl/certs/ca.pem',
'ssl_ca' => '/var/lib/puppet/ssl/certs/ca.pem',
'ssl_verify_client' => 'optional',
'ssl_verify_depth' => 1,
'ssl_options' => ['+StdEnvVars', '+ExportCertData'],
'request_headers' => ['unset X-Forwarded-For', 'set X-SSL-Subject %{SSL_CLIENT_S_DN}e', 'set X-Client-DN %{SSL_CLIENT_S_DN}e', 'set X-Client-Verify %{SSL_CLIENT_VERIFY}e'],
'rack_base_uris' => '/',
'add_default_charset' => 'UTF-8',
}
}
}
View Git Blame Copy Permalink