From bc18594f66d56097065ffac8cf00f9d8c5602e5b Mon Sep 17 00:00:00 2001 From: Jason Perrin Date: Thu, 22 Aug 2019 02:08:29 -0700 Subject: [PATCH] Add dummy_secrets.yaml to hiera --- hiera.yaml | 3 +++ modules/ocf/manifests/rootpw.pp | 8 +++++--- modules/ocf/manifests/ssl/setup.pp | 15 +++++++++------ 3 files changed, 17 insertions(+), 9 deletions(-) diff --git a/hiera.yaml b/hiera.yaml index 5221e2b61..a7892a47b 100644 --- a/hiera.yaml +++ b/hiera.yaml @@ -31,3 +31,6 @@ hierarchy: - name: "Kubernetes os" path: "kubernetes/os/%{::osfamily}.yaml" + + - name: "Dummy secrets" + path: "dummy_secrets.yaml" diff --git a/modules/ocf/manifests/rootpw.pp b/modules/ocf/manifests/rootpw.pp index 6cacd7570..292add394 100644 --- a/modules/ocf/manifests/rootpw.pp +++ b/modules/ocf/manifests/rootpw.pp @@ -6,8 +6,10 @@ # # To regenerate the root password, see /opt/share/utils/staff/puppet/gen-rootpw class ocf::rootpw($stage = 'first') { - user { 'root': - groups => ['root'], - password => Sensitive(file('/opt/puppet/shares/private/rootpw')), + if $::use_private_share { + user { 'root': + groups => ['root'], + password => Sensitive(file('/opt/puppet/shares/private/rootpw')), + } } } diff --git a/modules/ocf/manifests/ssl/setup.pp b/modules/ocf/manifests/ssl/setup.pp index d12613a49..824ee2a55 100644 --- a/modules/ocf/manifests/ssl/setup.pp +++ b/modules/ocf/manifests/ssl/setup.pp @@ -37,15 +37,18 @@ ensure => directory, owner => ocfletsencrypt; - '/etc/ssl/lets-encrypt/le-account.key': - content => file('/opt/puppet/shares/private/lets-encrypt-account.key'), - owner => ocfletsencrypt, - show_diff => false, - mode => '0400'; - '/var/lib/lets-encrypt': ensure => directory, owner => ocfletsencrypt, group => ssl-cert; } + + if $::use_private_share { + file { '/etc/ssl/lets-encrypt/le-account.key': + content => file('/opt/puppet/shares/private/lets-encrypt-account.key'), + owner => ocfletsencrypt, + show_diff => false, + mode => '0400'; + } + } }