From 34639bc2e7dc026fa1c195b9b8a344450084da76 Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Sat, 27 Mar 2010 13:57:58 -0300
Subject: Adding $puppetmaster_manage_ca

---
 manifests/ca.pp            | 55 ++++++++++++++++++++++++++++++++++++++++++++++
 manifests/init.pp          |  1 +
 manifests/puppetmasterd.pp |  6 +++++
 3 files changed, 62 insertions(+)
 create mode 100644 manifests/ca.pp

(limited to 'manifests')

diff --git a/manifests/ca.pp b/manifests/ca.pp
new file mode 100644
index 0000000..9bfe91b
--- /dev/null
+++ b/manifests/ca.pp
@@ -0,0 +1,55 @@
+class puppetmaster::ca {
+    file {
+      '/var/lib/puppet/ssl/ca':
+        ensure => directory,
+        owner   => puppet,
+        group   => puppet,
+        mode    => 0770;
+      '/var/lib/puppet/ssl/ca/private':
+        ensure => directory,
+        owner   => puppet,
+        group   => puppet,
+        mode    => 0770;
+      '/var/lib/puppet/ssl/certs':
+        ensure => directory,
+        owner   => puppet,
+        group   => puppet,
+        mode    => 0755;
+      '/var/lib/puppet/ssl/ca/ca_crl.pem':
+        ensure  => present,
+        owner   => puppet,
+        group   => puppet,
+        mode    => 0664,
+        source  => "puppet://$server/files/puppetmaster/ssl/ca/ca_crl.pem";
+      '/var/lib/puppet/ssl/ca/private/ca.pass':
+        ensure  => present,
+        owner   => puppet,
+        group   => puppet,
+        mode    => 0660,
+        source  => "puppet://$server/files/puppetmaster/ssl/ca/private/ca.pass";
+      '/var/lib/puppet/ssl/ca/ca_key.pem':
+        ensure  => present,
+        owner   => puppet,
+        group   => puppet,
+        mode    => 0660,
+        source  => "puppet://$server/files/puppetmaster/ssl/ca/ca_key.pem";
+      '/var/lib/puppet/ssl/ca/ca_crt.pem':
+        ensure  => present,
+        owner   => puppet,
+        group   => puppet,
+        mode    => 0660,
+        source  => "puppet://$server/files/puppetmaster/ssl/ca/ca_crt.pem";
+      '/var/lib/puppet/ssl/ca/ca_pub.pem':
+        ensure  => present,
+        owner   => puppet,
+        group   => puppet,
+        mode    => 0640,
+        source  => "puppet://$server/files/puppetmaster/ssl/ca/ca_pub.pem";
+      '/var/lib/puppet/ssl/certs/ca.pem:':
+        ensure  => present,
+        owner   => puppet,
+        group   => puppet,
+        mode    => 0644,
+        source  => "puppet://$server/files/puppetmaster/ssl/ca/ca.pem";
+    }
+}
diff --git a/manifests/init.pp b/manifests/init.pp
index 0c34393..b434cce 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -1,4 +1,5 @@
 # This file imports the files for puppet puppet module.
+import "ca.pp"
 import "puppet.pp"
 import "puppetd.pp"
 import "puppetmasterd.pp"
diff --git a/manifests/puppetmasterd.pp b/manifests/puppetmasterd.pp
index f69aeca..b61d949 100644
--- a/manifests/puppetmasterd.pp
+++ b/manifests/puppetmasterd.pp
@@ -17,6 +17,12 @@ class puppetmasterd {
     '': { $puppetmaster_port = '18140' }
   }
 
+  # use this option if you want puppet to manage
+  # the certificates for all master nodes.
+  if $puppetmaster_manage_ca == true {
+    include puppetmaster::ca
+  }
+
   # warns that this node has a puppetmaster
   $puppetmasterd_present = true
 
-- 
cgit v1.2.3