Puppet Class: profile::cumin::cloud_target

Defined in:
modules/profile/manifests/cumin/cloud_target.pp

Summary

make the WMCS-owned production hosts reachable by the cloudcumin masters.

Overview

SPDX-License-Identifier: Apache-2.0

Parameters:

  • cloud_cumin_masters (Array[Stdlib::IP::Address]) (defaults to: lookup('cloud_cumin_masters', {'default_value' => []})) 


3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
 
# File 'modules/profile/manifests/cumin/cloud_target.pp', line 3

class profile::cumin::cloud_target(
    Array[Stdlib::IP::Address] $cloud_cumin_masters = lookup('cloud_cumin_masters', {'default_value' => []}),
) {
    if !empty($cloud_cumin_masters) {
        $ssh_authorized_sources = join($cloud_cumin_masters, ',')
        $cumin_master_pub_key = secret('keyholder/cloud_cumin_master.pub')

        ssh::userkey { 'cloud-cumin':
            ensure  => present,
            user    => 'root',
            skey    => 'cloud_cumin',
            content => template('profile/cumin/userkey.erb'),
        }

        firewall::service { 'ssh-from-cloudcumin-masters':
          proto  => 'tcp',
          port   => 22,
          srange => $cloud_cumin_masters,
        }
    }
}