Fetch node informations from LDAP

environment, hostname
author: Ismaël Bouya <ismael.bouya@normalesup.org> 2018-03-03 22:24:19 +0100
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2018-03-04 12:32:55 +0100
commit: 85abd2fdbad83430df4824843764719064afb9b4 (patch)
tree: 767792a5691b3b253508a87362cde079a4a6f8fb /modules
parent: a77b768abb31be9e19563e130d763f163496477d (diff)
download: Puppet-85abd2fdbad83430df4824843764719064afb9b4.tar.gz
Puppet-85abd2fdbad83430df4824843764719064afb9b4.tar.zst
Puppet-85abd2fdbad83430df4824843764719064afb9b4.zip
7 files changed, 35 insertions, 19 deletions
diff --git a/modules/base_installation/manifests/init.pp b/modules/base_installation/manifests/init.pp
index f9fdcd4..998f8ff 100644
--- a/modules/base_installation/manifests/init.pp
+++ b/modules/base_installation/manifests/init.pp
@@ -10,6 +10,7 @@ class base_installation (
  Optional[String]        $puppet_conf_path = $base_installation::params::puppet_conf_path,
  Optional[String]        $puppet_pass_seed = $base_installation::params::puppet_pass_seed,
  Optional[String]        $puppet_ssl_path  = $base_installation::params::puppet_ssl_path,
+  Optional[String]        $real_hostname    = $base_installation::params::real_hostname,
  Optional[String]        $system_hostname  = $base_installation::params::system_hostname,
  Optional[Array[String]] $system_locales   = $base_installation::params::system_locales,
  Optional[String]        $system_timezone  = $base_installation::params::system_timezone,
diff --git a/modules/base_installation/manifests/params.pp b/modules/base_installation/manifests/params.pp
index c03eb1e..5ade838 100644
--- a/modules/base_installation/manifests/params.pp
+++ b/modules/base_installation/manifests/params.pp
@@ -10,6 +10,7 @@ class base_installation::params {
  $ldap_cert_path   = "/etc/ssl/certs/ca-certificates.crt"
  $ldap_uri         = "ldaps://ldap.example.com"
  $ldap_server      = "ldap.example.com"
+  $real_hostname    = "example.com"
  $system_hostname  = "example.com"
  $system_locales   = ["en_US.UTF-8"]
  $system_timezone  = "UTC"
diff --git a/modules/base_installation/manifests/system_config.pp b/modules/base_installation/manifests/system_config.pp
index 25bfe0f..ccc5dcc 100644
--- a/modules/base_installation/manifests/system_config.pp
+++ b/modules/base_installation/manifests/system_config.pp
@@ -6,23 +6,27 @@ class base_installation::system_config inherits base_installation {
    }
  }
-  unless empty($base_installation::system_hostname) {
+  if empty($base_installation::system_hostname) {
-    file { '/etc/hostname':
+    $hostname = $base_installation::real_hostname
-      content => "$base_installation::system_hostname\n",
+  } else {
-    }
+    $hostname = $base_installation::system_hostname
+  }
-    exec { "set_hostname":
+  file { '/etc/hostname':
-      command     => "/usr/bin/hostnamectl set-hostname $base_installation::system_hostname",
+    content => "$base_installation::system_hostname\n",
-      refreshonly => true,
+  }
-      subscribe   => File["/etc/hostname"],
-      returns     => [0, 1],
-    }
-    # TODO: find a way to ensure that /etc/hostname doesn't change
+  exec { "set_hostname":
-    # exec { "set_hostname_firstboot":
+    command     => "/usr/bin/hostnamectl set-hostname $base_installation::system_hostname",
-    #   command     => "/usr/bin/systemd-firstboot --hostname=$base_installation::system_hostname",
+    refreshonly => true,
-    #   creates     => "/etc/hostname",
+    subscribe   => File["/etc/hostname"],
-    # }
+    returns     => [0, 1],
  }
+  # TODO: find a way to ensure that /etc/hostname doesn't change
+  # exec { "set_hostname_firstboot":
+  #   command     => "/usr/bin/systemd-firstboot --hostname=$base_installation::system_hostname",
+  #   creates     => "/etc/hostname",
+  # }
 }
diff --git a/modules/base_installation/templates/puppet/host_ldap.info.erb b/modules/base_installation/templates/puppet/host_ldap.info.erb
index 525739b..a71c6f3 100644
--- a/modules/base_installation/templates/puppet/host_ldap.info.erb
+++ b/modules/base_installation/templates/puppet/host_ldap.info.erb
@@ -2,7 +2,6 @@
 ldapadd -D "cn=root,<%= @ldap_base %>" -W << 'EOF'
 dn: <%= @ldap_dn %>
 cn: <%= @ldap_cn %>
-cn: <%= @system_hostname %>
 objectclass: device
 objectclass: top
 objectclass: simpleSecurityObject
@@ -12,6 +11,7 @@ objectclass: ipHost
 <% unless @ips["v4"].nil? -%>ipHostNumber: <%= @ips["v4"]["ipAddress"] %><%- end %>
 <% unless @ips["v6"].nil? -%>ipHostNumber: <%= @ips["v6"]["ipAddress"] %>/<%= @ips["v6"]["mask"] %><%- end %>
 <%- end -%>
+environment: <%= @environment %>
 userpassword: {SSHA}<%= Base64.encode64(Digest::SHA1.digest(@ldap_password+@ssha_ldap_seed)+@ssha_ldap_seed).chomp! %>
 EOF
 #### Or modify an existing entry:
@@ -20,6 +20,8 @@ dn: <%= @ldap_dn %>
 changetype: modify
 replace: userPassword
 userpassword: {SSHA}<%= Base64.encode64(Digest::SHA1.digest(@ldap_password+@ssha_ldap_seed)+@ssha_ldap_seed).chomp! %>
+replace: environment
+environment: <%= @environment %>
 <%- unless @ips.empty? -%>
 -
 delete: ipHostNumber
diff --git a/modules/base_installation/templates/puppet/puppet.conf.erb b/modules/base_installation/templates/puppet/puppet.conf.erb
index 3748039..24e67c8 100644
--- a/modules/base_installation/templates/puppet/puppet.conf.erb
+++ b/modules/base_installation/templates/puppet/puppet.conf.erb
@@ -1,8 +1,10 @@
 [main]
 ssldir = <%= @puppet_ssl_path %>
+environment = <%= @environment %>
 node_terminus = ldap
-certname = <%= @system_hostname %>
+certname = <%= @real_hostname %>
 ldapserver = <%= @ldap_server %>
 ldaptls = true
 ldapbase = <%= @ldap_base %>
diff --git a/modules/profile/manifests/apache.pp b/modules/profile/manifests/apache.pp
index 605b701..8db58da 100644
--- a/modules/profile/manifests/apache.pp
+++ b/modules/profile/manifests/apache.pp
@@ -49,11 +49,17 @@ class profile::apache {
    ]
  }
+  exec { 'Start-apache':
+    command => "/usr/bin/systemctl start httpd",
+    before  => Class["::letsencrypt"],
+    unless  => "/usr/bin/systemctl is-active httpd",
+  }
  $letsencrypt_certonly_default = {
    plugin        => "webroot",
    webroot_paths => ["/srv/http/"],
    notify        => Class['Apache::Service'],
-    require       => [Apache::Vhost["redirect_no_ssl"],Apache::Custom_config["letsencrypt.conf"]],
+    require       => [Exec['Start-apache'],Apache::Vhost["redirect_no_ssl"],Apache::Custom_config["letsencrypt.conf"]],
    manage_cron   => true,
  }
diff --git a/modules/role/manifests/cryptoportfolio.pp b/modules/role/manifests/cryptoportfolio.pp
index 32b6ac7..1e39479 100644
--- a/modules/role/manifests/cryptoportfolio.pp
+++ b/modules/role/manifests/cryptoportfolio.pp
@@ -26,7 +26,7 @@ class role::cryptoportfolio {
  $cf_group = "cryptoportfolio"
  $cf_home = "/opt/cryptoportfolio"
  $cf_env = "prod"
-  $cf_front_app_host = "cryptoportfolio.immae.eu"
+  $cf_front_app_host = lookup("base_installation::system_hostname") |$key| { "example.com" }
  $cf_front_app_port = ""
  $cf_front_app_ssl = "true"
  $cf_front_app = "${cf_home}/go/src/immae.eu/Immae/Projets/Cryptomonnaies/Cryptoportfolio/Front"
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2018-03-03 22:24:19 +0100
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2018-03-04 12:32:55 +0100
commit	85abd2fdbad83430df4824843764719064afb9b4 (patch)
tree	767792a5691b3b253508a87362cde079a4a6f8fb /modules
parent	a77b768abb31be9e19563e130d763f163496477d (diff)
download	Puppet-85abd2fdbad83430df4824843764719064afb9b4.tar.gz Puppet-85abd2fdbad83430df4824843764719064afb9b4.tar.zst Puppet-85abd2fdbad83430df4824843764719064afb9b4.zip