f251def4b0
This commit aims to make it possible to automate the install server It allows the automatization of the following pieces : * The Puppet Master Server * The PuppetDB server * The hiera configuration Change-Id: I5f4419ed6cb1668c1d135e9760cbb390ffdf2c68
49 lines
1.9 KiB
Puppet
49 lines
1.9 KiB
Puppet
class { 'cloud::install::puppetmaster' :
|
|
puppetdb_enable => true,
|
|
autosign_domains => ['*'],
|
|
agent_configuration => {
|
|
'agent-ssl_client_header' => {
|
|
'setting' => 'ssl_client_header',
|
|
'value' => 'SSL_CLIENT_S_DN'
|
|
},
|
|
'agent-ssl_client_verify_header' => {
|
|
'setting' => 'ssl_client_verify_header',
|
|
'value' => 'SSL_CLIENT_VERIFY'
|
|
},
|
|
'agent-certname' => {
|
|
'setting' => 'certname',
|
|
'value' => $::fqdn
|
|
},
|
|
'agent-server' => {
|
|
'setting' => 'server',
|
|
'value' => $::fqdn
|
|
},
|
|
},
|
|
main_configuration => {
|
|
'main-configtimeout' => {
|
|
'setting' => 'configtimeout',
|
|
'value' => '10m'
|
|
},
|
|
},
|
|
puppetmaster_vhost_configuration => {
|
|
'puppetmasterd' => {
|
|
'docroot' => '/usr/share/puppet/rack/puppetmasterd/public',
|
|
'port' => 8140,
|
|
'ssl' => true,
|
|
'ssl_protocol' => 'ALL -SSLv2 -SSLv3',
|
|
'ssl_cipher' => 'ALL:!aNULL:!eNULL:!DES:!3DES:!IDEA:!SEED:!DSS:!PSK:!RC4:!MD5:+HIGH:+MEDIUM:!LOW:!SSLv2:!EXP',
|
|
'ssl_honorcipherorder' => 'On',
|
|
'ssl_cert' => "/var/lib/puppet/ssl/certs/${::fqdn}.pem",
|
|
'ssl_key' => "/var/lib/puppet/ssl/private_keys/${::fqdn}.pem",
|
|
'ssl_chain' => '/var/lib/puppet/ssl/certs/ca.pem',
|
|
'ssl_ca' => '/var/lib/puppet/ssl/certs/ca.pem',
|
|
'ssl_verify_client' => 'optional',
|
|
'ssl_verify_depth' => 1,
|
|
'ssl_options' => ['+StdEnvVars', '+ExportCertData'],
|
|
'request_headers' => ['unset X-Forwarded-For', 'set X-SSL-Subject %{SSL_CLIENT_S_DN}e', 'set X-Client-DN %{SSL_CLIENT_S_DN}e', 'set X-Client-Verify %{SSL_CLIENT_VERIFY}e'],
|
|
'rack_base_uris' => '/',
|
|
'add_default_charset' => 'UTF-8',
|
|
}
|
|
}
|
|
}
|