base_installation::puppet_ssl_path: "/etc/puppetlabs/ssl"
base_installation::system_locales: ["fr_FR.UTF-8", "en_US.UTF-8"]
base_installation::system_timezone: "Europe/Paris"
-base_installation::system_users:
- - userid: 1000
- username: "immae"
- groups: ["wheel"]
- keys:
- - host: "immae.eu"
- key: "AAAAB3NzaC1yc2EAAAADAQABAAABAQDi5PgLBwMRyRwzJPnSgUyRAuB9AAxMijsw1pR/t/wmxQne1O5fIPOleHx+D8dyZbwm+XkzlcJpgT0Qy3qC9J8BPhshJvO/tA/8CI/oS/FE0uWsyACH1DMO2dk4gRRZGSE9IuzDMRPlnfZ3n0tdsPzzv3GH4It/oPIgsvkTowKztGLQ7Xmjr5BxzAhXcIQymqA0U3XWHSdWvnSRDaOFG0PDoVMS85IdwlviVKLnV5Sstb4NC/P28LFfgvW8DO/XrOqujgDomqTmR41dK/AyrGGOb2cQUMO4l8Oa+74aOyKaB61rr/rJkr+wCbEttkTvgFa6zZygSk3edfiWE2rgn4+v"
- key_type: "ssh-rsa"
-profile::xmr_stak::mining_pool: "pool.minexmr.com:7777"
-profile::xmr_stak::wallet: "44CA8TxTFYbQqN2kLyk8AnB6Ghz4mcbGpYC2EyXW7A8H9QspvWnTjDn39XUZDPrFwPa5JNwt4TmAxcooPWv4SaJqL87Bcdo"
-letsencrypt::email: "sites+letsencrypt@mail.immae.eu"
+base_installation::system_users: [] # Fetched via ldap
+profile::xmr_stak::mining_pool: "" # Fetched via ldap
+profile::xmr_stak::wallet: "" # Fetched via ldap
+letsencrypt::email: ~ # Fetched via ldap
letsencrypt::try_for_real_hostname: true
- name: "Initialization variables"
path: "/root/puppet_variables.json"
+ - name: "Puppet ldap variables"
+ data_hash: ldap_data
+
- name: "Per-role environment data"
mapped_paths: [ldapvar.self.vars.roles, role, "roles/%{role}.yaml"]
connection.search(base, scope, filter) do |entry|
data_ = entry.to_hash
- data_['vars'] = (data_[Puppet[:ldapstackedattrs]] || [])
- .map { |var| var.split("=", 2) }
- .group_by { |(key, value)| key }
- .map { |key, value| [key, value.map(&:last)] }
- .to_h
+ if data_["objectClass"].any? { |class_| class_ == "puppetClient" }
+ data_['vars'] = (data_[Puppet[:ldapstackedattrs]] || [])
+ .map { |var| var.split("=", 2) }
+ .group_by { |(key, value)| key }
+ .map { |key, value| [key, value.map(&:last)] }
+ .to_h
- data[:other] << data_
+ data[:other] << data_
- if data_["cn"].any? { |cn| cn == host }
- data[:self] = data_
+ if data_["cn"].any? { |cn| cn == host }
+ data[:self] = data_
+ end
end
end
--- /dev/null
+require 'json'
+
+Puppet::Functions.create_function(:ldap_data) do
+ dispatch :ldap_data do
+ param 'Hash', :options
+ param 'Puppet::LookupContext', :context
+ end
+
+ def ldap_data(options, context)
+ begin
+ require 'ldap'
+ require 'puppet/util/ldap/connection'
+ rescue
+ context.not_found
+ return
+ end
+
+ if !context.cache_has_key("ldap_lookup")
+ begin
+ conn = Puppet::Util::Ldap::Connection.instance
+ conn.start
+ connection = conn.connection
+ rescue ::LDAP::ResultError => e
+ raise Puppet::ParseError, ("ldapquery(): LDAP ResultError - #{e.message}")
+ end
+
+ host = Facter.value('ec2_metadata')["hostname"]
+ base = Puppet[:ldapbase]
+ scope = ::LDAP::LDAP_SCOPE_SUBTREE
+ filter = "(objectclass=*)"
+
+ data = {}
+ connection.search(base, scope, filter) do |entry|
+ data_ = entry.to_hash
+ jsons = data_["immaePuppetJson"] || []
+ jsons.each do |json|
+ data.merge!(JSON.parse(json))
+ end
+ end
+
+ context.cache("ldap_lookup", data)
+ end
+
+ context.cached_value("ldap_lookup")
+ end
+end