1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
# File 'modules/puppetmaster/manifests/certmanager.pp', line 1
class puppetmaster::certmanager(
Array $remote_cert_cleaners=[]
){
user { 'certmanager':
home => '/',
system => true,
}
# Allow remote execution for cert cleanup
ssh::userkey { 'certmanager.pub':
content => template('puppetmaster/puppet_cert_manager.pub.erb'),
user => 'certmanager',
}
sudo::user { 'certmanager':
privileges => [
'ALL = (root) NOPASSWD: /usr/bin/puppet cert clean *',
'ALL = (root) NOPASSWD: /usr/bin/puppet cert list *',
],
}
$remote_cert_cleaners_spaced = join($remote_cert_cleaners, ' ')
security::access::config { 'certmanager':
content => "+ : certmanager : ${remote_cert_cleaners_spaced}\n",
priority => 60,
}
}
|