2012-11-15 14:25:13 -08:00
|
|
|
# == Class: openstack_project::puppetmaster
|
|
|
|
|
#
|
2012-09-06 10:32:48 -07:00
|
|
|
class openstack_project::puppetmaster (
|
2015-11-25 12:13:47 -05:00
|
|
|
$puppetmaster_clouds,
|
2015-03-10 19:35:23 -07:00
|
|
|
$root_rsa_key = 'xxx',
|
2014-08-27 16:32:46 -07:00
|
|
|
$puppetdb = true,
|
2014-09-04 13:17:48 +04:00
|
|
|
$puppetdb_server = 'puppetdb.openstack.org',
|
2015-12-30 13:40:54 +02:00
|
|
|
$puppetmaster_update_cron_interval = { min => '*/15',
|
|
|
|
|
hour => '*',
|
|
|
|
|
day => '*',
|
|
|
|
|
month => '*',
|
|
|
|
|
weekday => '*',
|
|
|
|
|
},
|
2017-04-19 17:33:25 -04:00
|
|
|
$enable_mqtt = false,
|
|
|
|
|
$mqtt_hostname = 'firehose.openstack.org',
|
|
|
|
|
$mqtt_port = 8883,
|
|
|
|
|
$mqtt_username = 'infra',
|
|
|
|
|
$mqtt_password = undef,
|
|
|
|
|
$mqtt_ca_cert_contents = undef,
|
2012-09-06 10:32:48 -07:00
|
|
|
) {
|
2014-04-18 13:53:36 -07:00
|
|
|
include logrotate
|
2014-03-17 04:01:33 -04:00
|
|
|
|
2015-11-25 11:31:23 -05:00
|
|
|
class { '::ansible':
|
2016-05-24 11:46:08 -07:00
|
|
|
ansible_hostfile => '/etc/ansible/hosts',
|
|
|
|
|
retry_files_enabled => 'False',
|
2017-01-18 19:23:13 +11:00
|
|
|
ansible_version => '2.2.1.0',
|
2015-11-25 11:31:23 -05:00
|
|
|
}
|
2014-09-10 13:46:17 -07:00
|
|
|
|
|
|
|
|
file { '/etc/ansible/hostfile':
|
|
|
|
|
ensure => present,
|
|
|
|
|
owner => 'root',
|
|
|
|
|
group => 'root',
|
|
|
|
|
mode => '0644',
|
|
|
|
|
require => Class['ansible'],
|
|
|
|
|
}
|
|
|
|
|
|
2017-04-17 17:27:06 -04:00
|
|
|
cron { 'updatecloudlauncher':
|
|
|
|
|
user => 'root',
|
|
|
|
|
minute => '0',
|
2017-04-18 13:08:44 -04:00
|
|
|
hour => '*/1',
|
2017-04-17 17:27:06 -04:00
|
|
|
monthday => '*',
|
|
|
|
|
month => '*',
|
|
|
|
|
weekday => '*',
|
|
|
|
|
command => 'flock -n /var/run/puppet/puppet_run_cloud_launcher.lock bash /opt/system-config/production/run_cloud_launcher.sh >> /var/log/puppet_run_cloud_launcher_cron.log 2>&1',
|
|
|
|
|
environment => 'PATH=/var/lib/gems/1.8/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin',
|
|
|
|
|
}
|
|
|
|
|
|
2012-10-03 14:39:36 -07:00
|
|
|
cron { 'updatepuppetmaster':
|
|
|
|
|
user => 'root',
|
2015-12-30 13:40:54 +02:00
|
|
|
minute => $puppetmaster_update_cron_interval[min],
|
|
|
|
|
hour => $puppetmaster_update_cron_interval[hour],
|
|
|
|
|
monthday => $puppetmaster_update_cron_interval[day],
|
|
|
|
|
month => $puppetmaster_update_cron_interval[month],
|
|
|
|
|
weekday => $puppetmaster_update_cron_interval[weekday],
|
2016-01-06 08:15:06 -08:00
|
|
|
command => 'flock -n /var/run/puppet/puppet_run_all.lock bash /opt/system-config/production/run_all.sh >> /var/log/puppet_run_all_cron.log 2>&1',
|
2014-07-04 14:16:56 -07:00
|
|
|
environment => 'PATH=/var/lib/gems/1.8/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin',
|
2012-10-03 14:39:36 -07:00
|
|
|
}
|
|
|
|
|
|
2016-08-31 09:33:56 -05:00
|
|
|
cron { 'updateinfracloud':
|
|
|
|
|
user => 'root',
|
|
|
|
|
minute => $puppetmaster_update_cron_interval[min],
|
|
|
|
|
hour => $puppetmaster_update_cron_interval[hour],
|
|
|
|
|
monthday => $puppetmaster_update_cron_interval[day],
|
|
|
|
|
month => $puppetmaster_update_cron_interval[month],
|
|
|
|
|
weekday => $puppetmaster_update_cron_interval[weekday],
|
|
|
|
|
command => 'flock -n /var/run/puppet/puppet_run_infracloud.lock bash /opt/system-config/production/run_infracloud.sh >> /var/log/puppet_run_infracloud_cron.log 2>&1',
|
|
|
|
|
environment => 'PATH=/var/lib/gems/1.8/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin',
|
|
|
|
|
}
|
|
|
|
|
|
2014-09-11 14:12:36 -07:00
|
|
|
logrotate::file { 'updatepuppetmaster':
|
|
|
|
|
ensure => present,
|
|
|
|
|
log => '/var/log/puppet_run_all.log',
|
|
|
|
|
options => ['compress',
|
|
|
|
|
'copytruncate',
|
|
|
|
|
'delaycompress',
|
|
|
|
|
'missingok',
|
|
|
|
|
'rotate 7',
|
|
|
|
|
'daily',
|
|
|
|
|
'notifempty',
|
|
|
|
|
],
|
|
|
|
|
require => Cron['updatepuppetmaster'],
|
|
|
|
|
}
|
|
|
|
|
|
2016-01-06 08:15:06 -08:00
|
|
|
logrotate::file { 'updatepuppetmastercron':
|
|
|
|
|
ensure => present,
|
|
|
|
|
log => '/var/log/puppet_run_all_cron.log',
|
|
|
|
|
options => ['compress',
|
|
|
|
|
'copytruncate',
|
|
|
|
|
'delaycompress',
|
|
|
|
|
'missingok',
|
|
|
|
|
'rotate 7',
|
|
|
|
|
'daily',
|
|
|
|
|
'notifempty',
|
|
|
|
|
],
|
|
|
|
|
require => Cron['updatepuppetmaster'],
|
|
|
|
|
}
|
|
|
|
|
|
2016-08-31 09:33:56 -05:00
|
|
|
logrotate::file { 'updateinfracloudcron':
|
|
|
|
|
ensure => present,
|
|
|
|
|
log => '/var/log/puppet_run_infracloud_cron.log',
|
|
|
|
|
options => ['compress',
|
|
|
|
|
'copytruncate',
|
|
|
|
|
'delaycompress',
|
|
|
|
|
'missingok',
|
|
|
|
|
'rotate 7',
|
|
|
|
|
'daily',
|
|
|
|
|
'notifempty',
|
|
|
|
|
],
|
|
|
|
|
require => Cron['updateinfracloud'],
|
|
|
|
|
}
|
|
|
|
|
|
2012-10-03 14:39:36 -07:00
|
|
|
cron { 'deleteoldreports':
|
|
|
|
|
user => 'root',
|
|
|
|
|
hour => '3',
|
|
|
|
|
minute => '0',
|
2015-12-30 16:02:03 -08:00
|
|
|
command => 'sleep $((RANDOM\%600)) && find /var/lib/puppet/reports -name \'*.yaml\' -mtime +5 -execdir rm {} \;',
|
2012-10-03 14:39:36 -07:00
|
|
|
environment => 'PATH=/var/lib/gems/1.8/bin:/usr/bin:/bin:/usr/sbin:/sbin',
|
2012-07-20 19:38:57 -07:00
|
|
|
}
|
2012-07-24 11:11:31 -05:00
|
|
|
|
2016-02-10 18:55:32 -08:00
|
|
|
cron { 'deleteoldreports-json':
|
|
|
|
|
user => 'root',
|
|
|
|
|
hour => '3',
|
|
|
|
|
minute => '0',
|
|
|
|
|
command => 'sleep $((RANDOM\%600)) && find /var/lib/puppet/reports -name \'*.json\' -mtime +5 -execdir rm {} \;',
|
|
|
|
|
environment => 'PATH=/var/lib/gems/1.8/bin:/usr/bin:/bin:/usr/sbin:/sbin',
|
|
|
|
|
}
|
|
|
|
|
|
2016-06-07 12:55:02 -04:00
|
|
|
file { '/etc/puppet/hieradata':
|
|
|
|
|
ensure => directory,
|
|
|
|
|
group => 'puppet',
|
|
|
|
|
mode => '0750',
|
|
|
|
|
owner => 'puppet',
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
file { '/etc/puppet/hieradata/production':
|
|
|
|
|
ensure => directory,
|
|
|
|
|
group => 'puppet',
|
|
|
|
|
mode => '0750',
|
|
|
|
|
owner => 'root',
|
|
|
|
|
recurse => true,
|
|
|
|
|
require => File['/etc/puppet/hieradata'],
|
|
|
|
|
}
|
|
|
|
|
|
2013-08-30 14:36:08 +12:00
|
|
|
file { '/var/lib/puppet/reports':
|
|
|
|
|
ensure => directory,
|
|
|
|
|
owner => 'puppet',
|
|
|
|
|
group => 'puppet',
|
|
|
|
|
mode => '0750',
|
|
|
|
|
}
|
|
|
|
|
|
2014-03-17 04:01:33 -04:00
|
|
|
if ! defined(File['/root/.ssh']) {
|
|
|
|
|
file { '/root/.ssh':
|
|
|
|
|
ensure => directory,
|
|
|
|
|
mode => '0700',
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
file { '/root/.ssh/id_rsa':
|
|
|
|
|
ensure => present,
|
|
|
|
|
mode => '0400',
|
|
|
|
|
content => $root_rsa_key,
|
|
|
|
|
}
|
|
|
|
|
|
2013-08-30 15:41:46 +12:00
|
|
|
# Cloud credentials are stored in this directory for launch-node.py.
|
|
|
|
|
file { '/root/ci-launch':
|
|
|
|
|
ensure => directory,
|
|
|
|
|
owner => 'root',
|
2013-09-13 18:52:59 +00:00
|
|
|
group => 'admin',
|
2013-08-30 15:41:46 +12:00
|
|
|
mode => '0750',
|
2015-11-25 12:13:47 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
file { '/etc/openstack':
|
|
|
|
|
ensure => directory,
|
|
|
|
|
owner => 'root',
|
|
|
|
|
group => 'admin',
|
|
|
|
|
mode => '0750',
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
file { '/etc/openstack/clouds.yaml':
|
|
|
|
|
ensure => present,
|
|
|
|
|
owner => 'root',
|
2016-02-23 13:58:41 -08:00
|
|
|
group => 'admin',
|
|
|
|
|
mode => '0660',
|
2015-11-25 12:13:47 -05:00
|
|
|
content => template('openstack_project/puppetmaster/ansible-clouds.yaml.erb'),
|
|
|
|
|
}
|
2013-08-30 15:41:46 +12:00
|
|
|
|
2016-02-23 08:24:20 -08:00
|
|
|
file { '/etc/openstack/all-clouds.yaml':
|
|
|
|
|
ensure => present,
|
|
|
|
|
owner => 'root',
|
2016-02-23 13:58:41 -08:00
|
|
|
group => 'admin',
|
|
|
|
|
mode => '0660',
|
2016-02-23 08:24:20 -08:00
|
|
|
content => template('openstack_project/puppetmaster/all-clouds.yaml.erb'),
|
|
|
|
|
}
|
|
|
|
|
|
2014-09-11 10:57:51 -07:00
|
|
|
# For puppet master apache serving.
|
|
|
|
|
package { 'puppetmaster-passenger':
|
2017-04-02 19:03:08 +02:00
|
|
|
ensure => absent,
|
2014-09-11 10:57:51 -07:00
|
|
|
}
|
|
|
|
|
|
2014-10-15 10:00:32 -07:00
|
|
|
file { '/etc/apache2/sites-available/puppetmaster.conf':
|
2017-04-02 19:03:08 +02:00
|
|
|
ensure => absent,
|
2014-10-15 10:00:32 -07:00
|
|
|
}
|
|
|
|
|
|
2014-09-12 09:42:51 -07:00
|
|
|
file { '/etc/apache2/envvars':
|
2017-04-02 19:03:08 +02:00
|
|
|
ensure => absent,
|
2014-09-12 09:42:51 -07:00
|
|
|
}
|
|
|
|
|
|
2013-08-30 13:18:48 +12:00
|
|
|
# For launch/launch-node.py.
|
2016-02-23 10:08:40 -08:00
|
|
|
$pip_packages = [
|
|
|
|
|
'shade',
|
|
|
|
|
'python-openstackclient',
|
|
|
|
|
]
|
|
|
|
|
package { $pip_packages:
|
2013-08-30 13:18:48 +12:00
|
|
|
ensure => latest,
|
2016-06-16 09:25:28 -04:00
|
|
|
provider => openstack_pip,
|
2013-08-30 13:18:48 +12:00
|
|
|
}
|
|
|
|
|
package { 'python-paramiko':
|
|
|
|
|
ensure => present,
|
|
|
|
|
}
|
2015-11-25 11:31:23 -05:00
|
|
|
# No longer needed with latest client libs
|
2014-07-31 14:25:59 -07:00
|
|
|
package { 'python-lxml':
|
2015-11-25 11:31:23 -05:00
|
|
|
ensure => absent,
|
2014-07-31 14:25:59 -07:00
|
|
|
}
|
2014-09-04 16:42:56 +04:00
|
|
|
package { 'libxslt1-dev':
|
2015-11-25 11:31:23 -05:00
|
|
|
ensure => absent,
|
2014-09-04 16:42:56 +04:00
|
|
|
}
|
2014-02-18 22:38:38 -08:00
|
|
|
|
2016-06-22 23:29:17 +00:00
|
|
|
# For signing key management
|
|
|
|
|
package { 'gnupg':
|
|
|
|
|
ensure => present,
|
|
|
|
|
}
|
|
|
|
|
package { 'gnupg-curl':
|
|
|
|
|
ensure => present,
|
|
|
|
|
}
|
|
|
|
|
file { '/root/signing.gnupg':
|
|
|
|
|
ensure => directory,
|
|
|
|
|
owner => 'root',
|
|
|
|
|
group => 'root',
|
|
|
|
|
mode => '0700',
|
|
|
|
|
}
|
|
|
|
|
file { '/root/signing.gnupg/gpg.conf':
|
|
|
|
|
ensure => present,
|
|
|
|
|
owner => 'root',
|
|
|
|
|
group => 'root',
|
|
|
|
|
mode => '0400',
|
|
|
|
|
source => 'puppet:///modules/openstack_project/puppetmaster/signing.conf',
|
|
|
|
|
require => File['/root/signing.gnupg'],
|
|
|
|
|
}
|
|
|
|
|
file { '/root/signing.gnupg/sks-keyservers.netCA.pem':
|
|
|
|
|
ensure => present,
|
|
|
|
|
owner => 'root',
|
|
|
|
|
group => 'root',
|
|
|
|
|
mode => '0400',
|
|
|
|
|
source => 'puppet:///modules/openstack_project/puppetmaster/sks-ca.pem',
|
|
|
|
|
require => File['/root/signing.gnupg'],
|
|
|
|
|
}
|
|
|
|
|
|
2014-02-18 22:38:38 -08:00
|
|
|
# Enable puppetdb
|
|
|
|
|
|
2014-08-27 16:32:46 -07:00
|
|
|
if $puppetdb {
|
|
|
|
|
class { 'puppetdb::master::config':
|
2014-09-04 13:17:48 +04:00
|
|
|
puppetdb_server => $puppetdb_server,
|
2014-08-27 16:32:46 -07:00
|
|
|
puppet_service_name => 'apache2',
|
|
|
|
|
puppetdb_soft_write_failure => true,
|
|
|
|
|
manage_storeconfigs => false,
|
|
|
|
|
}
|
2014-02-18 22:38:38 -08:00
|
|
|
}
|
|
|
|
|
|
2016-02-05 14:45:44 -08:00
|
|
|
# Ansible mgmt
|
|
|
|
|
# TODO: Put this into its own class, maybe called bastion::ansible or something
|
|
|
|
|
|
2015-11-25 11:31:23 -05:00
|
|
|
vcsrepo { '/opt/ansible':
|
|
|
|
|
ensure => latest,
|
|
|
|
|
provider => git,
|
2016-03-09 12:02:06 -06:00
|
|
|
revision => 'devel',
|
2015-11-25 11:31:23 -05:00
|
|
|
source => 'https://github.com/ansible/ansible',
|
2014-10-20 15:23:14 -05:00
|
|
|
}
|
|
|
|
|
|
2015-11-25 11:31:23 -05:00
|
|
|
file { '/etc/ansible/hosts':
|
|
|
|
|
ensure => directory,
|
2016-03-09 11:37:12 -06:00
|
|
|
owner => 'root',
|
|
|
|
|
group => 'admin',
|
|
|
|
|
mode => '0755',
|
2014-10-21 10:49:08 -05:00
|
|
|
}
|
2015-11-25 11:31:23 -05:00
|
|
|
|
|
|
|
|
file { '/etc/ansible/hosts/puppet':
|
2015-11-25 11:36:30 -05:00
|
|
|
ensure => absent,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
file { '/etc/ansible/hosts/openstack':
|
|
|
|
|
owner => 'root',
|
|
|
|
|
group => 'root',
|
|
|
|
|
mode => '0755',
|
|
|
|
|
source => '/opt/ansible/contrib/inventory/openstack.py',
|
|
|
|
|
replace => true,
|
|
|
|
|
require => Vcsrepo['/opt/ansible'],
|
2014-10-20 15:23:14 -05:00
|
|
|
}
|
2015-11-25 11:31:23 -05:00
|
|
|
|
|
|
|
|
file { '/etc/ansible/hosts/static':
|
2016-01-20 10:56:49 -05:00
|
|
|
ensure => absent,
|
2014-04-15 17:41:45 -07:00
|
|
|
}
|
2015-11-25 11:31:23 -05:00
|
|
|
|
|
|
|
|
file { '/etc/ansible/hosts/emergency':
|
|
|
|
|
ensure => present,
|
|
|
|
|
owner => 'root',
|
2016-03-09 11:37:12 -06:00
|
|
|
group => 'admin',
|
|
|
|
|
mode => '0664',
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
file { '/etc/ansible/hosts/generated-groups':
|
|
|
|
|
ensure => present,
|
|
|
|
|
owner => 'root',
|
|
|
|
|
group => 'admin',
|
|
|
|
|
mode => '0664',
|
2014-05-29 17:47:03 -07:00
|
|
|
}
|
2016-01-10 10:29:28 -05:00
|
|
|
|
2016-02-05 14:45:44 -08:00
|
|
|
file { '/etc/ansible/hosts/infracloud':
|
|
|
|
|
ensure => present,
|
|
|
|
|
owner => 'root',
|
|
|
|
|
group => 'root',
|
|
|
|
|
mode => '0644',
|
|
|
|
|
source => 'puppet:///modules/openstack_project/puppetmaster/infracloud',
|
|
|
|
|
}
|
|
|
|
|
|
2016-01-10 10:29:28 -05:00
|
|
|
file { '/etc/ansible/groups.txt':
|
|
|
|
|
owner => 'root',
|
|
|
|
|
group => 'root',
|
|
|
|
|
mode => '0444',
|
|
|
|
|
source => 'puppet:///modules/openstack_project/puppetmaster/groups.txt',
|
|
|
|
|
notify => Exec['expand_groups'],
|
|
|
|
|
}
|
|
|
|
|
|
2016-03-09 11:37:12 -06:00
|
|
|
file { '/var/cache/ansible-inventory':
|
|
|
|
|
ensure => directory,
|
|
|
|
|
owner => 'root',
|
|
|
|
|
group => 'admin',
|
|
|
|
|
mode => '2775',
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
file { '/var/cache/ansible-inventory/ansible-inventory.cache':
|
|
|
|
|
ensure => present,
|
|
|
|
|
owner => 'root',
|
|
|
|
|
group => 'admin',
|
|
|
|
|
mode => '0664',
|
|
|
|
|
}
|
|
|
|
|
|
2016-01-10 10:29:28 -05:00
|
|
|
file { '/usr/local/bin/expand-groups.sh':
|
|
|
|
|
owner => 'root',
|
|
|
|
|
group => 'root',
|
|
|
|
|
mode => '0755',
|
|
|
|
|
source => 'puppet:///modules/openstack_project/puppetmaster/expand-groups.sh',
|
|
|
|
|
notify => Exec['expand_groups'],
|
|
|
|
|
}
|
2017-04-19 17:33:25 -04:00
|
|
|
if $enable_mqtt {
|
2017-04-28 17:29:07 -04:00
|
|
|
package {'paho-mqtt':
|
|
|
|
|
ensure => latest,
|
|
|
|
|
provider => openstack_pip,
|
|
|
|
|
require => Class['pip'],
|
|
|
|
|
}
|
|
|
|
|
|
2017-04-19 17:33:25 -04:00
|
|
|
file { '/etc/mqtt_ca_cert.pem.crt':
|
|
|
|
|
ensure => present,
|
|
|
|
|
content => $mqtt_ca_cert_contents,
|
|
|
|
|
replace => true,
|
|
|
|
|
owner => 'root',
|
|
|
|
|
group => 'admin',
|
|
|
|
|
mode => '0555',
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
file { '/etc/mqtt_client.yaml':
|
|
|
|
|
owner => 'root',
|
|
|
|
|
group => 'admin',
|
|
|
|
|
mode => '0664',
|
|
|
|
|
content => template('openstack_project/puppetmaster/mqtt_client.yaml.erb'),
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
file { '/opt/ansible/lib/ansible/plugins/callback/mqtt.py':
|
2017-04-28 18:21:13 -04:00
|
|
|
ensure => absent,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
file { '/etc/ansible/callback_plugins/mqtt.py':
|
|
|
|
|
owner => 'root',
|
|
|
|
|
group => 'admin',
|
|
|
|
|
mode => '0664',
|
|
|
|
|
source => 'puppet:///modules/openstack_project/puppetmaster/mqtt.py',
|
|
|
|
|
require => File['/etc/ansible/callback_plugins'],
|
2017-04-19 17:33:25 -04:00
|
|
|
}
|
|
|
|
|
}
|
2016-01-10 10:29:28 -05:00
|
|
|
|
|
|
|
|
exec { 'expand_groups':
|
|
|
|
|
command => 'expand-groups.sh',
|
|
|
|
|
path => '/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin',
|
|
|
|
|
refreshonly => true,
|
|
|
|
|
}
|
|
|
|
|
|
2017-06-14 11:51:56 -04:00
|
|
|
# Certificate Authority for zuul services.
|
|
|
|
|
file { '/etc/zuul-ca':
|
|
|
|
|
ensure => directory,
|
|
|
|
|
owner => 'root',
|
|
|
|
|
group => 'puppet',
|
|
|
|
|
mode => '0640',
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
file { '/etc/zuul-ca/openssl.cnf':
|
|
|
|
|
ensure => present,
|
|
|
|
|
owner => 'root',
|
|
|
|
|
group => 'puppet',
|
|
|
|
|
mode => '0640',
|
|
|
|
|
source => 'puppet:///modules/openstack_project/puppetmaster/zuul_ca.cnf',
|
|
|
|
|
require => File['/etc/zuul-ca'],
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
file { '/etc/zuul-ca/certs':
|
|
|
|
|
ensure => directory,
|
|
|
|
|
owner => 'root',
|
|
|
|
|
group => 'puppet',
|
|
|
|
|
mode => '0640',
|
|
|
|
|
require => File['/etc/zuul-ca'],
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
file { '/etc/zuul-ca/crl':
|
|
|
|
|
ensure => directory,
|
|
|
|
|
owner => 'root',
|
|
|
|
|
group => 'puppet',
|
|
|
|
|
mode => '0640',
|
|
|
|
|
require => File['/etc/zuul-ca'],
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
file { '/etc/zuul-ca/newcerts':
|
|
|
|
|
ensure => directory,
|
|
|
|
|
owner => 'root',
|
|
|
|
|
group => 'puppet',
|
|
|
|
|
mode => '0640',
|
|
|
|
|
require => File['/etc/zuul-ca'],
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
file { '/etc/zuul-ca/private':
|
|
|
|
|
ensure => directory,
|
|
|
|
|
owner => 'root',
|
|
|
|
|
group => 'puppet',
|
|
|
|
|
mode => '0640',
|
|
|
|
|
require => File['/etc/zuul-ca'],
|
|
|
|
|
}
|
2012-07-20 19:38:57 -07:00
|
|
|
}
|
