Puppet Class: puppetmaster::certmanager

Defined in:
modules/puppetmaster/manifests/certmanager.pp

Overview

Parameters:

  • remote_cert_cleaners (Any) (defaults to: [])


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
# File 'modules/puppetmaster/manifests/certmanager.pp', line 1

class puppetmaster::certmanager(
    $remote_cert_cleaners=[]
){
    user { 'certmanager':
        home   => '/',
        system => true,
    }

    # Allow remote execution for cert cleanup
    ssh::userkey { 'certmanager.pub':
        content => template('puppetmaster/puppet_cert_manager.pub.erb'),
        user    => 'certmanager',
    }

    sudo::user { 'certmanager':
        privileges => [
            'ALL = (root) NOPASSWD: /usr/bin/puppet cert clean *',
            'ALL = (root) NOPASSWD: /usr/bin/puppet cert list *',
        ],
    }

    $remote_cert_cleaners_spaced = join($remote_cert_cleaners, ' ')
    security::access::config { 'certmanager':
        content  => "+ : certmanager : ${remote_cert_cleaners_spaced}\n",
        priority => 60,
    }
}