the letsencrypt user on the dns primary pushes certs to the puppet master

author Peter Palfrader <peter@palfrader.org>

Mon, 9 Sep 2019 20:16:39 +0000 (22:16 +0200)

committer Peter Palfrader <peter@palfrader.org>

Mon, 9 Sep 2019 20:16:39 +0000 (22:16 +0200)
author Peter Palfrader <peter@palfrader.org>
Mon, 9 Sep 2019 20:16:39 +0000 (22:16 +0200)
committer Peter Palfrader <peter@palfrader.org>
Mon, 9 Sep 2019 20:16:39 +0000 (22:16 +0200)
diff --git a/modules/roles/manifests/dns_primary.pp b/modules/roles/manifests/dns_primary.pp

index 7e4327a..3e9c5bf 100644 (file)
--- a/modules/roles/manifests/dns_primary.pp
+++ b/modules/roles/manifests/dns_primary.pp
@@ -22,4 +22,12 @@ class roles::dns_primary {
      key         => $facts['dnsadm_key'],
      collect_tag => 'geodnssync-node',
    }
+
+  ssh::keygen {'letsencrypt': }
+  ssh::authorized_key_add { 'dns_primary::puppetmaster::letsencrypt-certificates':
+    target_user => 'puppet',
+    command     => 'rsync --server -vlogDtprze.iLsfx --delete --partial . /srv/puppet.debian.org/from-letsencrypt',
+    key         => $facts['letsencrypt_key'],
+    collect_tag => 'puppetmaster',
+  }
  }
diff --git a/modules/roles/manifests/puppetmaster.pp b/modules/roles/manifests/puppetmaster.pp

index 258fd43..af3855d 100644 (file)
--- a/modules/roles/manifests/puppetmaster.pp
+++ b/modules/roles/manifests/puppetmaster.pp
@@ -6,4 +6,9 @@ class roles::puppetmaster {
      target_user => 'dsa',
      collect_tag => 'puppetmaster',
    }
+
+  ssh::authorized_key_collect { 'puppetmaster':
+    target_user => 'puppet',
+    collect_tag => 'puppetmaster',
+  }
  }
author	Peter Palfrader <peter@palfrader.org>
	Mon, 9 Sep 2019 20:16:39 +0000 (22:16 +0200)
committer	Peter Palfrader <peter@palfrader.org>
	Mon, 9 Sep 2019 20:16:39 +0000 (22:16 +0200)
modules/roles/manifests/dns_primary.pp		patch \| blob \| history
modules/roles/manifests/puppetmaster.pp		patch \| blob \| history