Puppet Function: puppet_ssldir

Defined in:
puppet/modules/wmflib/lib/puppet/parser/functions/puppet_ssldir.rb
Function type:
Ruby 3.x API

Overview

puppet_ssldir()Any

Returns:

  • (Any)


22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
# File 'puppet/modules/wmflib/lib/puppet/parser/functions/puppet_ssldir.rb', line 22

newfunction(:puppet_ssldir, :type => :rvalue) do |overrides|
  # Check arguments
  override = overrides[0]

  unless ['master', 'client', nil].include?override
    fail("puppet_ssldir(): only 'master', 'client' and undef are valid")
  end

  default = '/var/lib/puppet/ssl'
  self_master = '/var/lib/puppet/server/ssl'
  self_client = '/var/lib/puppet/client/ssl'

  # Production uses the standard layout
  return default if lookupvar('::realm') != 'labs'

  # Self-hosted puppetmasters explicit setup
  case override
  when 'master'
    return self_master
  when 'client'
    return self_client
  end

  # Since all self-hosted puppetmasters are in .eqiad.wmflabs, while
  # the labs masters don't
  return default if lookupvar('::settings::certname') =~ /\.wikimedia\.org$/
  # Non-self-hosted puppetmasters all use the default ssldir
  puppetmaster = lookupvar('puppetmaster')
  puppetmaster ||= function_hiera(['role::puppet::self::master', ''])
  if puppetmaster == ''
    # Means we aren't using any of role::puppet::self!1!
    default
  elsif [lookupvar('hostname'), 'localhost', '', nil].include?puppetmaster
    self_master
  else
    self_client
  end
end