--- /dev/null
+class puppetmaster::ca {
+ file {
+ '/var/lib/puppet/ssl/ca':
+ ensure => directory,
+ owner => puppet,
+ group => puppet,
+ mode => 0770;
+ '/var/lib/puppet/ssl/ca/private':
+ ensure => directory,
+ owner => puppet,
+ group => puppet,
+ mode => 0770;
+ '/var/lib/puppet/ssl/certs':
+ ensure => directory,
+ owner => puppet,
+ group => puppet,
+ mode => 0755;
+ '/var/lib/puppet/ssl/ca/ca_crl.pem':
+ ensure => present,
+ owner => puppet,
+ group => puppet,
+ mode => 0664,
+ source => "puppet://$server/files/puppetmaster/ssl/ca/ca_crl.pem";
+ '/var/lib/puppet/ssl/ca/private/ca.pass':
+ ensure => present,
+ owner => puppet,
+ group => puppet,
+ mode => 0660,
+ source => "puppet://$server/files/puppetmaster/ssl/ca/private/ca.pass";
+ '/var/lib/puppet/ssl/ca/ca_key.pem':
+ ensure => present,
+ owner => puppet,
+ group => puppet,
+ mode => 0660,
+ source => "puppet://$server/files/puppetmaster/ssl/ca/ca_key.pem";
+ '/var/lib/puppet/ssl/ca/ca_crt.pem':
+ ensure => present,
+ owner => puppet,
+ group => puppet,
+ mode => 0660,
+ source => "puppet://$server/files/puppetmaster/ssl/ca/ca_crt.pem";
+ '/var/lib/puppet/ssl/ca/ca_pub.pem':
+ ensure => present,
+ owner => puppet,
+ group => puppet,
+ mode => 0640,
+ source => "puppet://$server/files/puppetmaster/ssl/ca/ca_pub.pem";
+ '/var/lib/puppet/ssl/certs/ca.pem:':
+ ensure => present,
+ owner => puppet,
+ group => puppet,
+ mode => 0644,
+ source => "puppet://$server/files/puppetmaster/ssl/ca/ca.pem";
+ }
+}
'': { $puppetmaster_port = '18140' }
}
+ # use this option if you want puppet to manage
+ # the certificates for all master nodes.
+ if $puppetmaster_manage_ca == true {
+ include puppetmaster::ca
+ }
+
# warns that this node has a puppetmaster
$puppetmasterd_present = true
projects / puppet-puppet.git / commitdiff