Puppet conveniently makes most variables from Puppet.settings available via Puppet[:variable]. Use this to generate minion.conf via a standard ERB template. --- This change is the sort of thing that really begs for a second set of eyes, as it would cause too much trouble if it didn't work as intended. A quick way to test that the template does the right thing is to grab http://fedorapeople.org/~tmz/tmp/func-minion-template-test.pp and run it through puppet, e.g. sudo puppet /tmp/func-minion-template-test.pp. I noticed this while poking the func setup to see what settings were needed to make func use puppet's certificates with the new code from Seth in func's git tree. (I also noticed that the overlord.conf isn't puppet managed, and that's the one I was more curious to see, easily found on puppet01. ;) modules/func/files/make-minion-conf.sh | 24 ------------------------ modules/func/manifests/init.pp | 24 ++++++++++++------------ modules/func/templates/minion.conf.erb | 13 +++++++++++++ 3 files changed, 25 insertions(+), 36 deletions(-) delete mode 100755 modules/func/files/make-minion-conf.sh create mode 100644 modules/func/templates/minion.conf.erb diff --git a/modules/func/files/make-minion-conf.sh b/modules/func/files/make-minion-conf.sh deleted file mode 100755 index ea50c95..0000000 --- a/modules/func/files/make-minion-conf.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/bash - - -certfile=`ruby -e "require 'puppet'; Puppet.parse_config; puts Puppet.settings['hostcert']"` -keyfile=`ruby -e "require 'puppet'; Puppet.parse_config; puts Puppet.settings['hostprivkey']"` -cacert=`ruby -e "require 'puppet'; Puppet.parse_config; puts Puppet.settings['localcacert']"` - - -cat <<EOM>/etc/func/minion.conf -# configuration for minions - -[main] -log_level = DEBUG -acl_dir = /etc/func/minion-acl.d - -listen_addr = -listen_port = 51234 -use_certmaster = 0 - -cert_file = $certfile -key_file = $keyfile -ca_file = $cacert - -EOM diff --git a/modules/func/manifests/init.pp b/modules/func/manifests/init.pp index 50d6ed8..b9d39fe 100644 --- a/modules/func/manifests/init.pp +++ b/modules/func/manifests/init.pp @@ -23,23 +23,23 @@ class func::funcd { } } + File { + require => Package['func'], + } + file { '/etc/logrotate.d/func_rotate': source => 'puppet:///func/func_rotate', - require => Package['func'] - } - file { '/usr/local/bin/make-minion-conf.sh': - source => 'puppet:///func/make-minion-conf.sh', - require => Package['func'], - mode => 0750, - notify => Exec['makeminionconf'] } - exec { 'makeminionconf': - require => File['/usr/local/bin/make-minion-conf.sh'], - command => '/bin/bash /usr/local/bin/make-minion-conf.sh', - refreshonly => true, - notify => Service['funcd'] + + file { '/etc/func/minion.conf': + content => template('func/minion.conf.erb'), + notify => Service['funcd'], } + # This can be removed once all systems are updated + file { '/usr/local/bin/make-minion-conf.sh': + ensure => absent, + } } class func::certmaster { diff --git a/modules/func/templates/minion.conf.erb b/modules/func/templates/minion.conf.erb new file mode 100644 index 0000000..33395ca --- /dev/null +++ b/modules/func/templates/minion.conf.erb @@ -0,0 +1,13 @@ +# configuration for minions + +[main] +log_level = DEBUG +acl_dir = /etc/func/minion-acl.d + +listen_addr = +listen_port = 51234 +use_certmaster = 0 + +cert_file = <%= Puppet[:hostcert] %> +key_file = <%= Puppet[:hostprivkey] %> +ca_file = <%= Puppet[:localcacert] %> -- 1.7.2.2 -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ History teaches that grave threats to liberty often come in times of urgency, when constitutional rights seem too extravagant to endure. -- Justice Thurgood Marshall, 1989 _______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure