Adding $puppetmaster_manage_ca

author: Silvio Rhatto <rhatto@riseup.net> 2010-03-27 13:57:58 -0300
committer: Silvio Rhatto <rhatto@riseup.net> 2010-03-27 13:57:58 -0300
commit: 34639bc2e7dc026fa1c195b9b8a344450084da76 (patch)
tree: e5dca0d167f492a185eb90ba1f070b23bc6a660f /manifests
parent: bae8fe795e6ae39fe72d1a746cb102eb358f1638 (diff)
download: puppet-puppet-34639bc2e7dc026fa1c195b9b8a344450084da76.tar.gz
puppet-puppet-34639bc2e7dc026fa1c195b9b8a344450084da76.tar.bz2
3 files changed, 62 insertions, 0 deletions
diff --git a/manifests/ca.pp b/manifests/ca.pp
new file mode 100644
index 0000000..9bfe91b
--- /dev/null
+++ b/manifests/ca.pp
@@ -0,0 +1,55 @@
+class puppetmaster::ca {
+    file {
+      '/var/lib/puppet/ssl/ca':
+        ensure => directory,
+        owner   => puppet,
+        group   => puppet,
+        mode    => 0770;
+      '/var/lib/puppet/ssl/ca/private':
+        ensure => directory,
+        owner   => puppet,
+        group   => puppet,
+        mode    => 0770;
+      '/var/lib/puppet/ssl/certs':
+        ensure => directory,
+        owner   => puppet,
+        group   => puppet,
+        mode    => 0755;
+      '/var/lib/puppet/ssl/ca/ca_crl.pem':
+        ensure  => present,
+        owner   => puppet,
+        group   => puppet,
+        mode    => 0664,
+        source  => "puppet://$server/files/puppetmaster/ssl/ca/ca_crl.pem";
+      '/var/lib/puppet/ssl/ca/private/ca.pass':
+        ensure  => present,
+        owner   => puppet,
+        group   => puppet,
+        mode    => 0660,
+        source  => "puppet://$server/files/puppetmaster/ssl/ca/private/ca.pass";
+      '/var/lib/puppet/ssl/ca/ca_key.pem':
+        ensure  => present,
+        owner   => puppet,
+        group   => puppet,
+        mode    => 0660,
+        source  => "puppet://$server/files/puppetmaster/ssl/ca/ca_key.pem";
+      '/var/lib/puppet/ssl/ca/ca_crt.pem':
+        ensure  => present,
+        owner   => puppet,
+        group   => puppet,
+        mode    => 0660,
+        source  => "puppet://$server/files/puppetmaster/ssl/ca/ca_crt.pem";
+      '/var/lib/puppet/ssl/ca/ca_pub.pem':
+        ensure  => present,
+        owner   => puppet,
+        group   => puppet,
+        mode    => 0640,
+        source  => "puppet://$server/files/puppetmaster/ssl/ca/ca_pub.pem";
+      '/var/lib/puppet/ssl/certs/ca.pem:':
+        ensure  => present,
+        owner   => puppet,
+        group   => puppet,
+        mode    => 0644,
+        source  => "puppet://$server/files/puppetmaster/ssl/ca/ca.pem";
+    }
+}
diff --git a/manifests/init.pp b/manifests/init.pp
index 0c34393..b434cce 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -1,4 +1,5 @@
 # This file imports the files for puppet puppet module.
+import "ca.pp"
 import "puppet.pp"
 import "puppetd.pp"
 import "puppetmasterd.pp"
diff --git a/manifests/puppetmasterd.pp b/manifests/puppetmasterd.pp
index f69aeca..b61d949 100644
--- a/manifests/puppetmasterd.pp
+++ b/manifests/puppetmasterd.pp
@@ -17,6 +17,12 @@ class puppetmasterd {
     '': { $puppetmaster_port = '18140' }
   }
 
+  # use this option if you want puppet to manage
+  # the certificates for all master nodes.
+  if $puppetmaster_manage_ca == true {
+    include puppetmaster::ca
+  }
+
   # warns that this node has a puppetmaster
   $puppetmasterd_present = true
author	Silvio Rhatto <rhatto@riseup.net>	2010-03-27 13:57:58 -0300
committer	Silvio Rhatto <rhatto@riseup.net>	2010-03-27 13:57:58 -0300
commit	34639bc2e7dc026fa1c195b9b8a344450084da76 (patch)
tree	e5dca0d167f492a185eb90ba1f070b23bc6a660f /manifests
parent	bae8fe795e6ae39fe72d1a746cb102eb358f1638 (diff)
download	puppet-puppet-34639bc2e7dc026fa1c195b9b8a344450084da76.tar.gz puppet-puppet-34639bc2e7dc026fa1c195b9b8a344450084da76.tar.bz2