Skip to content

Commit

Permalink
Add dummy_secrets.yaml to hiera
Browse files Browse the repository at this point in the history
  • Loading branch information
@jvperrin
jvperrin committed Sep 9, 2019
1 parent 68e2fe7 commit bc18594
Show file tree
Hide file tree
Showing 3 changed files with 17 additions and 9 deletions.
3 changes: 3 additions & 0 deletions hiera.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,3 +31,6 @@ hierarchy:

- name: "Kubernetes os"
path: "kubernetes/os/%{::osfamily}.yaml"

- name: "Dummy secrets"
path: "dummy_secrets.yaml"
8 changes: 5 additions & 3 deletions modules/ocf/manifests/rootpw.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,10 @@
#
# To regenerate the root password, see /opt/share/utils/staff/puppet/gen-rootpw
class ocf::rootpw($stage = 'first') {
user { 'root':
groups => ['root'],
password => Sensitive(file('/opt/puppet/shares/private/rootpw')),
if $::use_private_share {
user { 'root':
groups => ['root'],
password => Sensitive(file('/opt/puppet/shares/private/rootpw')),
}
}
}
15 changes: 9 additions & 6 deletions modules/ocf/manifests/ssl/setup.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,15 +37,18 @@
ensure => directory,
owner => ocfletsencrypt;

'/etc/ssl/lets-encrypt/le-account.key':
content => file('/opt/puppet/shares/private/lets-encrypt-account.key'),
owner => ocfletsencrypt,
show_diff => false,
mode => '0400';

'/var/lib/lets-encrypt':
ensure => directory,
owner => ocfletsencrypt,
group => ssl-cert;
}

if $::use_private_share {
file { '/etc/ssl/lets-encrypt/le-account.key':
content => file('/opt/puppet/shares/private/lets-encrypt-account.key'),
owner => ocfletsencrypt,
show_diff => false,
mode => '0400';
}
}
}

0 comments on commit bc18594

Please sign in to comment.