diff options
| -rw-r--r-- | environments/global/common.yaml | 15 | ||||
| -rw-r--r-- | environments/hiera.yaml | 3 | ||||
| -rw-r--r-- | modules/base_installation/lib/facter/ldapvar.rb | 18 | ||||
| -rw-r--r-- | modules/base_installation/lib/puppet/functions/ldap_data.rb | 46 |
4 files changed, 63 insertions, 19 deletions
diff --git a/environments/global/common.yaml b/environments/global/common.yaml index 4536b83..5911194 100644 --- a/environments/global/common.yaml +++ b/environments/global/common.yaml | |||
| @@ -27,15 +27,8 @@ base_installation::puppet_pass_seed: "/etc/puppetlabs/puppet/password_seed" | |||
| 27 | base_installation::puppet_ssl_path: "/etc/puppetlabs/ssl" | 27 | base_installation::puppet_ssl_path: "/etc/puppetlabs/ssl" |
| 28 | base_installation::system_locales: ["fr_FR.UTF-8", "en_US.UTF-8"] | 28 | base_installation::system_locales: ["fr_FR.UTF-8", "en_US.UTF-8"] |
| 29 | base_installation::system_timezone: "Europe/Paris" | 29 | base_installation::system_timezone: "Europe/Paris" |
| 30 | base_installation::system_users: | 30 | base_installation::system_users: [] # Fetched via ldap |
| 31 | - userid: 1000 | 31 | profile::xmr_stak::mining_pool: "" # Fetched via ldap |
| 32 | username: "immae" | 32 | profile::xmr_stak::wallet: "" # Fetched via ldap |
| 33 | groups: ["wheel"] | 33 | letsencrypt::email: ~ # Fetched via ldap |
| 34 | keys: | ||
| 35 | - host: "immae.eu" | ||
| 36 | key: "AAAAB3NzaC1yc2EAAAADAQABAAABAQDi5PgLBwMRyRwzJPnSgUyRAuB9AAxMijsw1pR/t/wmxQne1O5fIPOleHx+D8dyZbwm+XkzlcJpgT0Qy3qC9J8BPhshJvO/tA/8CI/oS/FE0uWsyACH1DMO2dk4gRRZGSE9IuzDMRPlnfZ3n0tdsPzzv3GH4It/oPIgsvkTowKztGLQ7Xmjr5BxzAhXcIQymqA0U3XWHSdWvnSRDaOFG0PDoVMS85IdwlviVKLnV5Sstb4NC/P28LFfgvW8DO/XrOqujgDomqTmR41dK/AyrGGOb2cQUMO4l8Oa+74aOyKaB61rr/rJkr+wCbEttkTvgFa6zZygSk3edfiWE2rgn4+v" | ||
| 37 | key_type: "ssh-rsa" | ||
| 38 | profile::xmr_stak::mining_pool: "pool.minexmr.com:7777" | ||
| 39 | profile::xmr_stak::wallet: "44CA8TxTFYbQqN2kLyk8AnB6Ghz4mcbGpYC2EyXW7A8H9QspvWnTjDn39XUZDPrFwPa5JNwt4TmAxcooPWv4SaJqL87Bcdo" | ||
| 40 | letsencrypt::email: "sites+letsencrypt@mail.immae.eu" | ||
| 41 | letsencrypt::try_for_real_hostname: true | 34 | letsencrypt::try_for_real_hostname: true |
diff --git a/environments/hiera.yaml b/environments/hiera.yaml index 5a9a6d6..eda5eb3 100644 --- a/environments/hiera.yaml +++ b/environments/hiera.yaml | |||
| @@ -9,6 +9,9 @@ hierarchy: | |||
| 9 | - name: "Initialization variables" | 9 | - name: "Initialization variables" |
| 10 | path: "/root/puppet_variables.json" | 10 | path: "/root/puppet_variables.json" |
| 11 | 11 | ||
| 12 | - name: "Puppet ldap variables" | ||
| 13 | data_hash: ldap_data | ||
| 14 | |||
| 12 | - name: "Per-role environment data" | 15 | - name: "Per-role environment data" |
| 13 | mapped_paths: [ldapvar.self.vars.roles, role, "roles/%{role}.yaml"] | 16 | mapped_paths: [ldapvar.self.vars.roles, role, "roles/%{role}.yaml"] |
| 14 | 17 | ||
diff --git a/modules/base_installation/lib/facter/ldapvar.rb b/modules/base_installation/lib/facter/ldapvar.rb index 3ee6623..08d58e4 100644 --- a/modules/base_installation/lib/facter/ldapvar.rb +++ b/modules/base_installation/lib/facter/ldapvar.rb | |||
| @@ -27,16 +27,18 @@ begin | |||
| 27 | 27 | ||
| 28 | connection.search(base, scope, filter) do |entry| | 28 | connection.search(base, scope, filter) do |entry| |
| 29 | data_ = entry.to_hash | 29 | data_ = entry.to_hash |
| 30 | data_['vars'] = (data_[Puppet[:ldapstackedattrs]] || []) | 30 | if data_["objectClass"].any? { |class_| class_ == "puppetClient" } |
| 31 | .map { |var| var.split("=", 2) } | 31 | data_['vars'] = (data_[Puppet[:ldapstackedattrs]] || []) |
| 32 | .group_by { |(key, value)| key } | 32 | .map { |var| var.split("=", 2) } |
| 33 | .map { |key, value| [key, value.map(&:last)] } | 33 | .group_by { |(key, value)| key } |
| 34 | .to_h | 34 | .map { |key, value| [key, value.map(&:last)] } |
| 35 | .to_h | ||
| 35 | 36 | ||
| 36 | data[:other] << data_ | 37 | data[:other] << data_ |
| 37 | 38 | ||
| 38 | if data_["cn"].any? { |cn| cn == host } | 39 | if data_["cn"].any? { |cn| cn == host } |
| 39 | data[:self] = data_ | 40 | data[:self] = data_ |
| 41 | end | ||
| 40 | end | 42 | end |
| 41 | end | 43 | end |
| 42 | 44 | ||
diff --git a/modules/base_installation/lib/puppet/functions/ldap_data.rb b/modules/base_installation/lib/puppet/functions/ldap_data.rb new file mode 100644 index 0000000..ff8d779 --- /dev/null +++ b/modules/base_installation/lib/puppet/functions/ldap_data.rb | |||
| @@ -0,0 +1,46 @@ | |||
| 1 | require 'json' | ||
| 2 | |||
| 3 | Puppet::Functions.create_function(:ldap_data) do | ||
| 4 | dispatch :ldap_data do | ||
| 5 | param 'Hash', :options | ||
| 6 | param 'Puppet::LookupContext', :context | ||
| 7 | end | ||
| 8 | |||
| 9 | def ldap_data(options, context) | ||
| 10 | begin | ||
| 11 | require 'ldap' | ||
| 12 | require 'puppet/util/ldap/connection' | ||
| 13 | rescue | ||
| 14 | context.not_found | ||
| 15 | return | ||
| 16 | end | ||
| 17 | |||
| 18 | if !context.cache_has_key("ldap_lookup") | ||
| 19 | begin | ||
| 20 | conn = Puppet::Util::Ldap::Connection.instance | ||
| 21 | conn.start | ||
| 22 | connection = conn.connection | ||
| 23 | rescue ::LDAP::ResultError => e | ||
| 24 | raise Puppet::ParseError, ("ldapquery(): LDAP ResultError - #{e.message}") | ||
| 25 | end | ||
| 26 | |||
| 27 | host = Facter.value('ec2_metadata')["hostname"] | ||
| 28 | base = Puppet[:ldapbase] | ||
| 29 | scope = ::LDAP::LDAP_SCOPE_SUBTREE | ||
| 30 | filter = "(objectclass=*)" | ||
| 31 | |||
| 32 | data = {} | ||
| 33 | connection.search(base, scope, filter) do |entry| | ||
| 34 | data_ = entry.to_hash | ||
| 35 | jsons = data_["immaePuppetJson"] || [] | ||
| 36 | jsons.each do |json| | ||
| 37 | data.merge!(JSON.parse(json)) | ||
| 38 | end | ||
| 39 | end | ||
| 40 | |||
| 41 | context.cache("ldap_lookup", data) | ||
| 42 | end | ||
| 43 | |||
| 44 | context.cached_value("ldap_lookup") | ||
| 45 | end | ||
| 46 | end | ||