aboutsummaryrefslogtreecommitdiff
path: root/modules
diff options
context:
space:
mode:
authorIsmaël Bouya <ismael.bouya@normalesup.org>2018-03-03 22:24:19 +0100
committerIsmaël Bouya <ismael.bouya@normalesup.org>2018-03-04 12:32:55 +0100
commit85abd2fdbad83430df4824843764719064afb9b4 (patch)
tree767792a5691b3b253508a87362cde079a4a6f8fb /modules
parenta77b768abb31be9e19563e130d763f163496477d (diff)
downloadPuppet-85abd2fdbad83430df4824843764719064afb9b4.tar.gz
Puppet-85abd2fdbad83430df4824843764719064afb9b4.tar.zst
Puppet-85abd2fdbad83430df4824843764719064afb9b4.zip
Fetch node informations from LDAP
environment, hostname
Diffstat (limited to 'modules')
-rw-r--r--modules/base_installation/manifests/init.pp1
-rw-r--r--modules/base_installation/manifests/params.pp1
-rw-r--r--modules/base_installation/manifests/system_config.pp34
-rw-r--r--modules/base_installation/templates/puppet/host_ldap.info.erb4
-rw-r--r--modules/base_installation/templates/puppet/puppet.conf.erb4
-rw-r--r--modules/profile/manifests/apache.pp8
-rw-r--r--modules/role/manifests/cryptoportfolio.pp2
7 files changed, 35 insertions, 19 deletions
diff --git a/modules/base_installation/manifests/init.pp b/modules/base_installation/manifests/init.pp
index f9fdcd4..998f8ff 100644
--- a/modules/base_installation/manifests/init.pp
+++ b/modules/base_installation/manifests/init.pp
@@ -10,6 +10,7 @@ class base_installation (
10 Optional[String] $puppet_conf_path = $base_installation::params::puppet_conf_path, 10 Optional[String] $puppet_conf_path = $base_installation::params::puppet_conf_path,
11 Optional[String] $puppet_pass_seed = $base_installation::params::puppet_pass_seed, 11 Optional[String] $puppet_pass_seed = $base_installation::params::puppet_pass_seed,
12 Optional[String] $puppet_ssl_path = $base_installation::params::puppet_ssl_path, 12 Optional[String] $puppet_ssl_path = $base_installation::params::puppet_ssl_path,
13 Optional[String] $real_hostname = $base_installation::params::real_hostname,
13 Optional[String] $system_hostname = $base_installation::params::system_hostname, 14 Optional[String] $system_hostname = $base_installation::params::system_hostname,
14 Optional[Array[String]] $system_locales = $base_installation::params::system_locales, 15 Optional[Array[String]] $system_locales = $base_installation::params::system_locales,
15 Optional[String] $system_timezone = $base_installation::params::system_timezone, 16 Optional[String] $system_timezone = $base_installation::params::system_timezone,
diff --git a/modules/base_installation/manifests/params.pp b/modules/base_installation/manifests/params.pp
index c03eb1e..5ade838 100644
--- a/modules/base_installation/manifests/params.pp
+++ b/modules/base_installation/manifests/params.pp
@@ -10,6 +10,7 @@ class base_installation::params {
10 $ldap_cert_path = "/etc/ssl/certs/ca-certificates.crt" 10 $ldap_cert_path = "/etc/ssl/certs/ca-certificates.crt"
11 $ldap_uri = "ldaps://ldap.example.com" 11 $ldap_uri = "ldaps://ldap.example.com"
12 $ldap_server = "ldap.example.com" 12 $ldap_server = "ldap.example.com"
13 $real_hostname = "example.com"
13 $system_hostname = "example.com" 14 $system_hostname = "example.com"
14 $system_locales = ["en_US.UTF-8"] 15 $system_locales = ["en_US.UTF-8"]
15 $system_timezone = "UTC" 16 $system_timezone = "UTC"
diff --git a/modules/base_installation/manifests/system_config.pp b/modules/base_installation/manifests/system_config.pp
index 25bfe0f..ccc5dcc 100644
--- a/modules/base_installation/manifests/system_config.pp
+++ b/modules/base_installation/manifests/system_config.pp
@@ -6,23 +6,27 @@ class base_installation::system_config inherits base_installation {
6 } 6 }
7 } 7 }
8 8
9 unless empty($base_installation::system_hostname) { 9 if empty($base_installation::system_hostname) {
10 file { '/etc/hostname': 10 $hostname = $base_installation::real_hostname
11 content => "$base_installation::system_hostname\n", 11 } else {
12 } 12 $hostname = $base_installation::system_hostname
13 }
13 14
14 exec { "set_hostname": 15 file { '/etc/hostname':
15 command => "/usr/bin/hostnamectl set-hostname $base_installation::system_hostname", 16 content => "$base_installation::system_hostname\n",
16 refreshonly => true, 17 }
17 subscribe => File["/etc/hostname"],
18 returns => [0, 1],
19 }
20 18
21 # TODO: find a way to ensure that /etc/hostname doesn't change 19 exec { "set_hostname":
22 # exec { "set_hostname_firstboot": 20 command => "/usr/bin/hostnamectl set-hostname $base_installation::system_hostname",
23 # command => "/usr/bin/systemd-firstboot --hostname=$base_installation::system_hostname", 21 refreshonly => true,
24 # creates => "/etc/hostname", 22 subscribe => File["/etc/hostname"],
25 # } 23 returns => [0, 1],
26 } 24 }
27 25
26 # TODO: find a way to ensure that /etc/hostname doesn't change
27 # exec { "set_hostname_firstboot":
28 # command => "/usr/bin/systemd-firstboot --hostname=$base_installation::system_hostname",
29 # creates => "/etc/hostname",
30 # }
31
28} 32}
diff --git a/modules/base_installation/templates/puppet/host_ldap.info.erb b/modules/base_installation/templates/puppet/host_ldap.info.erb
index 525739b..a71c6f3 100644
--- a/modules/base_installation/templates/puppet/host_ldap.info.erb
+++ b/modules/base_installation/templates/puppet/host_ldap.info.erb
@@ -2,7 +2,6 @@
2ldapadd -D "cn=root,<%= @ldap_base %>" -W << 'EOF' 2ldapadd -D "cn=root,<%= @ldap_base %>" -W << 'EOF'
3dn: <%= @ldap_dn %> 3dn: <%= @ldap_dn %>
4cn: <%= @ldap_cn %> 4cn: <%= @ldap_cn %>
5cn: <%= @system_hostname %>
6objectclass: device 5objectclass: device
7objectclass: top 6objectclass: top
8objectclass: simpleSecurityObject 7objectclass: simpleSecurityObject
@@ -12,6 +11,7 @@ objectclass: ipHost
12<% unless @ips["v4"].nil? -%>ipHostNumber: <%= @ips["v4"]["ipAddress"] %><%- end %> 11<% unless @ips["v4"].nil? -%>ipHostNumber: <%= @ips["v4"]["ipAddress"] %><%- end %>
13<% unless @ips["v6"].nil? -%>ipHostNumber: <%= @ips["v6"]["ipAddress"] %>/<%= @ips["v6"]["mask"] %><%- end %> 12<% unless @ips["v6"].nil? -%>ipHostNumber: <%= @ips["v6"]["ipAddress"] %>/<%= @ips["v6"]["mask"] %><%- end %>
14<%- end -%> 13<%- end -%>
14environment: <%= @environment %>
15userpassword: {SSHA}<%= Base64.encode64(Digest::SHA1.digest(@ldap_password+@ssha_ldap_seed)+@ssha_ldap_seed).chomp! %> 15userpassword: {SSHA}<%= Base64.encode64(Digest::SHA1.digest(@ldap_password+@ssha_ldap_seed)+@ssha_ldap_seed).chomp! %>
16EOF 16EOF
17#### Or modify an existing entry: 17#### Or modify an existing entry:
@@ -20,6 +20,8 @@ dn: <%= @ldap_dn %>
20changetype: modify 20changetype: modify
21replace: userPassword 21replace: userPassword
22userpassword: {SSHA}<%= Base64.encode64(Digest::SHA1.digest(@ldap_password+@ssha_ldap_seed)+@ssha_ldap_seed).chomp! %> 22userpassword: {SSHA}<%= Base64.encode64(Digest::SHA1.digest(@ldap_password+@ssha_ldap_seed)+@ssha_ldap_seed).chomp! %>
23replace: environment
24environment: <%= @environment %>
23<%- unless @ips.empty? -%> 25<%- unless @ips.empty? -%>
24- 26-
25delete: ipHostNumber 27delete: ipHostNumber
diff --git a/modules/base_installation/templates/puppet/puppet.conf.erb b/modules/base_installation/templates/puppet/puppet.conf.erb
index 3748039..24e67c8 100644
--- a/modules/base_installation/templates/puppet/puppet.conf.erb
+++ b/modules/base_installation/templates/puppet/puppet.conf.erb
@@ -1,8 +1,10 @@
1[main] 1[main]
2ssldir = <%= @puppet_ssl_path %> 2ssldir = <%= @puppet_ssl_path %>
3 3
4environment = <%= @environment %>
5
4node_terminus = ldap 6node_terminus = ldap
5certname = <%= @system_hostname %> 7certname = <%= @real_hostname %>
6ldapserver = <%= @ldap_server %> 8ldapserver = <%= @ldap_server %>
7ldaptls = true 9ldaptls = true
8ldapbase = <%= @ldap_base %> 10ldapbase = <%= @ldap_base %>
diff --git a/modules/profile/manifests/apache.pp b/modules/profile/manifests/apache.pp
index 605b701..8db58da 100644
--- a/modules/profile/manifests/apache.pp
+++ b/modules/profile/manifests/apache.pp
@@ -49,11 +49,17 @@ class profile::apache {
49 ] 49 ]
50 } 50 }
51 51
52 exec { 'Start-apache':
53 command => "/usr/bin/systemctl start httpd",
54 before => Class["::letsencrypt"],
55 unless => "/usr/bin/systemctl is-active httpd",
56 }
57
52 $letsencrypt_certonly_default = { 58 $letsencrypt_certonly_default = {
53 plugin => "webroot", 59 plugin => "webroot",
54 webroot_paths => ["/srv/http/"], 60 webroot_paths => ["/srv/http/"],
55 notify => Class['Apache::Service'], 61 notify => Class['Apache::Service'],
56 require => [Apache::Vhost["redirect_no_ssl"],Apache::Custom_config["letsencrypt.conf"]], 62 require => [Exec['Start-apache'],Apache::Vhost["redirect_no_ssl"],Apache::Custom_config["letsencrypt.conf"]],
57 manage_cron => true, 63 manage_cron => true,
58 } 64 }
59 65
diff --git a/modules/role/manifests/cryptoportfolio.pp b/modules/role/manifests/cryptoportfolio.pp
index 32b6ac7..1e39479 100644
--- a/modules/role/manifests/cryptoportfolio.pp
+++ b/modules/role/manifests/cryptoportfolio.pp
@@ -26,7 +26,7 @@ class role::cryptoportfolio {
26 $cf_group = "cryptoportfolio" 26 $cf_group = "cryptoportfolio"
27 $cf_home = "/opt/cryptoportfolio" 27 $cf_home = "/opt/cryptoportfolio"
28 $cf_env = "prod" 28 $cf_env = "prod"
29 $cf_front_app_host = "cryptoportfolio.immae.eu" 29 $cf_front_app_host = lookup("base_installation::system_hostname") |$key| { "example.com" }
30 $cf_front_app_port = "" 30 $cf_front_app_port = ""
31 $cf_front_app_ssl = "true" 31 $cf_front_app_ssl = "true"
32 $cf_front_app = "${cf_home}/go/src/immae.eu/Immae/Projets/Cryptomonnaies/Cryptoportfolio/Front" 32 $cf_front_app = "${cf_home}/go/src/immae.eu/Immae/Projets/Cryptomonnaies/Cryptoportfolio/Front"