From c16f492c41afab8cbe8f195c60bf79f6de2ab49b Mon Sep 17 00:00:00 2001
From: Adam Henry Lewenberg <adamhl@stanford.edu>
Date: Fri, 6 Nov 2015 07:29:57 -0800
Subject: [PATCH] puppetclient: add certname option
---
NEWS | 3 +++
manifests/puppetclient/config.pp | 12 +++++++++---
.../puppetclient/puppet.conf.template.erb | 18 ++++++++++++------
3 files changed, 24 insertions(+), 9 deletions(-)
diff --git a/NEWS b/NEWS
index 9dab052..28330fd 100644
--- a/NEWS
+++ b/NEWS
@@ -4,6 +4,9 @@ release/004.056 (2015-11-05)
[duo] New class to load Duo code and wallet object. (adamhl)
[ssh] Add pam_duo option to enable Duo for ssh regular logins (adamhl)
+ [puppetclient] Add an option to override the certname in the [agent]
+ section.
+
release/004.055 (2015-10-08)
[dns] Rewrite base::dns::cache so that it uses dnsmasq on jessie
diff --git a/manifests/puppetclient/config.pp b/manifests/puppetclient/config.pp
index 23de6b6..42f8ce1 100644
--- a/manifests/puppetclient/config.pp
+++ b/manifests/puppetclient/config.pp
@@ -4,6 +4,11 @@
# replace: set to false if you don't want Puppet to overwrite an existing
# /etc/puppet/puppet.conf.
#
+#
+# certname: if you need to override the certname in the [agent] section
+# puppet.conf file, set it here. For example, on an AWS machine the
+# certname will be different than the AWS public IP hostname.
+#
# Helper define to generate Puppet configuration files.
define base::puppetclient::config(
$ensure,
@@ -17,7 +22,8 @@ define base::puppetclient::config(
$replace = true,
$defaultfile = '/etc/default/puppet',
$is_master = false,
- $diff_args = '-u'
+ $diff_args = '-u',
+ $certname = ''
) {
$ssldir = $::osfamily ? {
@@ -63,7 +69,7 @@ define base::puppetclient::config(
# 2. Convert the template file into /etc/puppet/puppet.conf.
exec { 'generate-conf puppet.conf':
command =>
- "generate-conf --template $template_file --config $db_config --newfile $puppet_config",
+ "generate-conf --template ${template_file} --config ${db_config} --newfile ${puppet_config}",
refreshonly => true,
subscribe =>
[
@@ -90,7 +96,7 @@ define base::puppetclient::config(
}
}
absent: { file { $name: ensure => absent } }
- default: { crit "Invalid ensure value: $ensure" }
+ default: { crit "Invalid ensure value: ${ensure}" }
}
file { $defaultfile:
diff --git a/templates/puppetclient/puppet.conf.template.erb b/templates/puppetclient/puppet.conf.template.erb
index 693fa0f..593a3db 100644
--- a/templates/puppetclient/puppet.conf.template.erb
+++ b/templates/puppetclient/puppet.conf.template.erb
@@ -10,14 +10,15 @@
# Puppet 3.
use_directory_environments = puppet3
+ # For the master section
if (hostname =~ /^jimhenson-dev$/) then
- certname = 'jimhenson-dev.stanford.edu'
+ certname_master = 'jimhenson-dev.stanford.edu'
elsif (hostname =~ /^jimhenson\d$/) then
- certname = 'jimhenson.stanford.edu'
+ certname_master = 'jimhenson.stanford.edu'
elsif (hostname =~ /^puppetservice1-dev$/) then
- certname = 'puppetservice1-dev.stanford.edu'
+ certname_master = 'puppetservice1-dev.stanford.edu'
elsif (hostname =~ /^puppetservice\d$/) then
- certname = 'puppetservice.stanford.edu'
+ certname_master = 'puppetservice.stanford.edu'
end
# Figure out what Puppetmaster to use
@@ -63,6 +64,11 @@ server = <%= pserver %>
ca_server = <%= pca_server %>
ca_port = 8141
+<% if (@certname != '') then -%>
+# We override the certname
+certname = <%= @certname %>
+
+<% end -%>
# The Puppet environment to use.
environment = <%= environment %>
@@ -126,8 +132,8 @@ show_diff = true
environmentpath = /srv/puppet
<% end -%>
-# Use <%= certname %> for the certificate name
-certname = <%= certname %>
+# Use <%= certname_master %> for the certificate name
+certname = <%= certname_master %>
# We do not want to behave as a CA
ca = false
--
GitLab