puppetclient: add certname option

c16f492c · Adam Lewenberg · 7df83c33 · c16f492c · c16f492c · c16f492c
Commit c16f492c authored 9 years ago by Adam Lewenberg
--- a/NEWS
+++ b/NEWS
@@ -4,6 +4,9 @@ release/004.056 (2015-11-05)
    [duo] New class to load Duo code and wallet object. (adamhl)
    [ssh] Add pam_duo option to enable Duo for ssh regular logins (adamhl)

+    [puppetclient] Add an option to override the certname in the [agent]
+    section.
+
 release/004.055 (2015-10-08)

    [dns] Rewrite base::dns::cache so that it uses dnsmasq on jessie

--- a/manifests/puppetclient/config.pp
+++ b/manifests/puppetclient/config.pp
@@ -4,6 +4,11 @@
 # replace: set to false if you don't want Puppet to overwrite an existing
 #   /etc/puppet/puppet.conf.
 #
+#
+# certname: if you need to override the certname in the [agent] section
+# puppet.conf file, set it here. For example, on an AWS machine the
+# certname will be different than the AWS public IP hostname.
+#
 # Helper define to generate Puppet configuration files.
 define base::puppetclient::config(
  $ensure,
@@ -17,7 +22,8 @@ define base::puppetclient::config(
  $replace     = true,
  $defaultfile = '/etc/default/puppet',
  $is_master   = false,
-  $diff_args   = '-u'
+  $diff_args   = '-u',
+  $certname    = ''
 ) {

  $ssldir = $::osfamily ? {
@@ -63,7 +69,7 @@ define base::puppetclient::config(
          # 2. Convert the template file into /etc/puppet/puppet.conf.
          exec { 'generate-conf puppet.conf':
            command     =>
-              "generate-conf --template $template_file --config $db_config --newfile $puppet_config",
+              "generate-conf --template ${template_file} --config ${db_config} --newfile ${puppet_config}",
            refreshonly => true,
            subscribe   =>
              [
@@ -90,7 +96,7 @@ define base::puppetclient::config(
      }
    }
    absent:  { file { $name: ensure => absent } }
-    default: { crit "Invalid ensure value: $ensure" }
+    default: { crit "Invalid ensure value: ${ensure}" }
  }

  file { $defaultfile:

--- a/templates/puppetclient/puppet.conf.template.erb
+++ b/templates/puppetclient/puppet.conf.template.erb
@@ -10,14 +10,15 @@
  # Puppet 3.
  use_directory_environments = puppet3

+  # For the master section
  if    (hostname =~ /^jimhenson-dev$/) then
-    certname = 'jimhenson-dev.stanford.edu'
+    certname_master = 'jimhenson-dev.stanford.edu'
  elsif (hostname =~ /^jimhenson\d$/) then
-    certname = 'jimhenson.stanford.edu'
+    certname_master = 'jimhenson.stanford.edu'
  elsif (hostname =~ /^puppetservice1-dev$/) then
-    certname = 'puppetservice1-dev.stanford.edu'
+    certname_master = 'puppetservice1-dev.stanford.edu'
  elsif (hostname =~ /^puppetservice\d$/) then
-    certname = 'puppetservice.stanford.edu'
+    certname_master = 'puppetservice.stanford.edu'
  end

  # Figure out what Puppetmaster to use
@@ -63,6 +64,11 @@ server = <%= pserver %>
 ca_server = <%= pca_server %>
 ca_port   = 8141

+<% if (@certname != '') then -%>
+# We override the certname
+certname = <%= @certname %>
+
+<% end -%>
 # The Puppet environment to use.
 environment = <%= environment %>

@@ -126,8 +132,8 @@ show_diff = true
 environmentpath = /srv/puppet

 <% end -%>
-# Use <%= certname %> for the certificate name
-certname = <%= certname %>
+# Use <%= certname_master %> for the certificate name
+certname = <%= certname_master %>

 # We do not want to behave as a CA
 ca = false