From 3d94d3afb33844aa66dcb3c6e6f48711f7e865e9 Mon Sep 17 00:00:00 2001 From: Peter Palfrader Date: Sat, 7 Sep 2019 17:45:03 +0200 Subject: [PATCH] make puppetmaster a role included via hiera --- hieradata/common.yaml | 2 -- hieradata/nodes/handel.debian.org.yaml | 2 ++ modules/debian_org/templates/puppet.conf.erb | 2 +- modules/ferm/templates/me.conf.erb | 2 +- modules/roles/manifests/init.pp | 5 ----- modules/roles/manifests/puppetmaster.pp | 9 +++++++++ modules/samhain/templates/samhainrc.erb | 4 ++-- 7 files changed, 15 insertions(+), 11 deletions(-) create mode 100644 hieradata/nodes/handel.debian.org.yaml create mode 100644 modules/roles/manifests/puppetmaster.pp diff --git a/hieradata/common.yaml b/hieradata/common.yaml index eef91e982..a26ef03a5 100644 --- a/hieradata/common.yaml +++ b/hieradata/common.yaml @@ -98,8 +98,6 @@ roles: pubsub: - rainier.debian.org - rapoport.debian.org - puppetmaster: - - handel.debian.org qamaster: - quantz.debian.org rtmaster: diff --git a/hieradata/nodes/handel.debian.org.yaml b/hieradata/nodes/handel.debian.org.yaml new file mode 100644 index 000000000..898d724ad --- /dev/null +++ b/hieradata/nodes/handel.debian.org.yaml @@ -0,0 +1,2 @@ +classes: + - roles::puppetmaster diff --git a/modules/debian_org/templates/puppet.conf.erb b/modules/debian_org/templates/puppet.conf.erb index a26786771..aa1cae1d2 100644 --- a/modules/debian_org/templates/puppet.conf.erb +++ b/modules/debian_org/templates/puppet.conf.erb @@ -15,7 +15,7 @@ environment=production pluginsync=true <%- end -%> -<% if scope.function_has_role(['puppetmaster']) %> +<% if classes.include?('puppetmaster') -%> [master] environmentpath=/srv/puppet.debian.org/stages cadir = /var/lib/puppet/ssl/ca diff --git a/modules/ferm/templates/me.conf.erb b/modules/ferm/templates/me.conf.erb index 0d4ed33c0..f9ca22f9d 100644 --- a/modules/ferm/templates/me.conf.erb +++ b/modules/ferm/templates/me.conf.erb @@ -44,7 +44,7 @@ if restrict_ssh.include?(@hostname) then ssh4allowed << %w{$HOST_DEBIAN_V4} ssh6allowed << %w{$HOST_DEBIAN_V6} end - if scope.function_has_role(['puppetmaster']) then + if classes.include?('roles::puppetmaster') then ssh4allowed << "82.195.75.75" # adayevskaya ssh6allowed << "2001:41b8:202:deb:1b1b::75" # adayevskaya end diff --git a/modules/roles/manifests/init.pp b/modules/roles/manifests/init.pp index 4cae49c19..d9c4accfd 100644 --- a/modules/roles/manifests/init.pp +++ b/modules/roles/manifests/init.pp @@ -7,11 +7,6 @@ # include roles # class roles { - - if has_role('puppetmaster') { - include puppetmaster - } - if has_role('muninmaster') { include munin::master } diff --git a/modules/roles/manifests/puppetmaster.pp b/modules/roles/manifests/puppetmaster.pp new file mode 100644 index 000000000..258fd43ab --- /dev/null +++ b/modules/roles/manifests/puppetmaster.pp @@ -0,0 +1,9 @@ +# our puppet master role +class roles::puppetmaster { + include puppetmaster + + ssh::authorized_key_collect { 'dsa_wiki_buildhost': + target_user => 'dsa', + collect_tag => 'puppetmaster', + } +} diff --git a/modules/samhain/templates/samhainrc.erb b/modules/samhain/templates/samhainrc.erb index 66a39c62a..987a3a268 100644 --- a/modules/samhain/templates/samhainrc.erb +++ b/modules/samhain/templates/samhainrc.erb @@ -463,7 +463,7 @@ file=/etc/nagios3/puppetconf.d/contacts.cfg <% if scope.function_has_role(['muninmaster']) -%> file=/etc/munin/munin.conf <% end -%> -<% if scope.function_has_role(['puppetmaster']) -%> +<% if classes.include?('roles::puppetmaster') -%> dir=8/etc/puppet <% end -%> <% if classes.include?('named::geodns') -%> @@ -497,7 +497,7 @@ file=/etc/openvpn/deb-mgmt-clients.pool file=/etc/rsyncd/debian.secrets -<% if scope.function_has_role(['puppetmaster']) %> +<% if classes.include?('roles::puppetmaster') -%> # Damn you rails apps and your shoddy packaging file=/usr/share/puppet-dashboard/public/stylesheets -- 2.20.1