make puppetmaster a role included via hiera

diff --git a/hieradata/common.yaml b/hieradata/common.yaml
index eef91e9..a26ef03 100644 (file)
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@@ -98,8 +98,6 @@ roles:
   pubsub:
     - rainier.debian.org
     - rapoport.debian.org
-  puppetmaster:
-    - handel.debian.org
   qamaster:
     - quantz.debian.org
   rtmaster:

diff --git a/hieradata/nodes/handel.debian.org.yaml b/hieradata/nodes/handel.debian.org.yaml
new file mode 100644 (file)
index 0000000..898d724
--- /dev/null
+++ b/hieradata/nodes/handel.debian.org.yaml
@@ -0,0 +1,2 @@
+classes:
+  - roles::puppetmaster

diff --git a/modules/debian_org/templates/puppet.conf.erb b/modules/debian_org/templates/puppet.conf.erb
index a267867..aa1cae1 100644 (file)
--- a/modules/debian_org/templates/puppet.conf.erb
+++ b/modules/debian_org/templates/puppet.conf.erb
@@ -15,7 +15,7 @@ environment=production
 pluginsync=true
 <%- end -%>
 
-<% if scope.function_has_role(['puppetmaster']) %>
+<% if classes.include?('puppetmaster') -%>
 [master]
 environmentpath=/srv/puppet.debian.org/stages
 cadir  = /var/lib/puppet/ssl/ca

diff --git a/modules/ferm/templates/me.conf.erb b/modules/ferm/templates/me.conf.erb
index 0d4ed33..f9ca22f 100644 (file)
--- a/modules/ferm/templates/me.conf.erb
+++ b/modules/ferm/templates/me.conf.erb
@@ -44,7 +44,7 @@ if restrict_ssh.include?(@hostname) then
                ssh4allowed << %w{$HOST_DEBIAN_V4}
                ssh6allowed << %w{$HOST_DEBIAN_V6}
        end
-       if scope.function_has_role(['puppetmaster']) then
+       if classes.include?('roles::puppetmaster') then
                ssh4allowed << "82.195.75.75" # adayevskaya
                ssh6allowed << "2001:41b8:202:deb:1b1b::75" # adayevskaya
        end

diff --git a/modules/roles/manifests/init.pp b/modules/roles/manifests/init.pp
index 4cae49c..d9c4acc 100644 (file)
--- a/modules/roles/manifests/init.pp
+++ b/modules/roles/manifests/init.pp
@@ -7,11 +7,6 @@
 #   include roles
 #
 class roles {
-
-       if has_role('puppetmaster') {
-               include puppetmaster
-       }
-
        if has_role('muninmaster') {
                include munin::master
        }

diff --git a/modules/roles/manifests/puppetmaster.pp b/modules/roles/manifests/puppetmaster.pp
new file mode 100644 (file)
index 0000000..258fd43
--- /dev/null
+++ b/modules/roles/manifests/puppetmaster.pp
@@ -0,0 +1,9 @@
+# our puppet master role
+class roles::puppetmaster {
+  include puppetmaster
+
+  ssh::authorized_key_collect { 'dsa_wiki_buildhost':
+    target_user => 'dsa',
+    collect_tag => 'puppetmaster',
+  }
+}

diff --git a/modules/samhain/templates/samhainrc.erb b/modules/samhain/templates/samhainrc.erb
index 66a39c6..987a3a2 100644 (file)
--- a/modules/samhain/templates/samhainrc.erb
+++ b/modules/samhain/templates/samhainrc.erb
@@ -463,7 +463,7 @@ file=/etc/nagios3/puppetconf.d/contacts.cfg
 <% if scope.function_has_role(['muninmaster']) -%>
 file=/etc/munin/munin.conf
 <% end -%>
-<% if scope.function_has_role(['puppetmaster']) -%>
+<% if classes.include?('roles::puppetmaster') -%>
 dir=8/etc/puppet
 <% end -%>  
 <% if classes.include?('named::geodns') -%>
@@ -497,7 +497,7 @@ file=/etc/openvpn/deb-mgmt-clients.pool
 file=/etc/rsyncd/debian.secrets
 
 
-<% if scope.function_has_role(['puppetmaster']) %>
+<% if classes.include?('roles::puppetmaster') -%>
 
 # Damn you rails apps and your shoddy packaging
 file=/usr/share/puppet-dashboard/public/stylesheets