Puppet Class: psick::puppet::pe_code_manager

Defined in:

manifests/puppet/pe_code_manager.pp

Overview

This class configures PE Code Manager for automatic deployments

Parameters:

• manage (Boolean) (defaults to: $::psick::manage)
• generate_ssh_keys (Boolean) (defaults to: true)
• deploy_ssh_private_key_path (String) (defaults to: '/etc/puppetlabs/ssh/id-control_repo.rsa')
• deploy_ssh_private_source (Optional[String]) (defaults to: undef)
• deploy_ssh_public_key_path (String) (defaults to: '/etc/puppetlabs/ssh/id-control_repo.rsa.pub')
• deploy_ssh_public_source (Optional[String]) (defaults to: undef)
• pe_user (Optional[String]) (defaults to: undef)
• pe_password (Optional[String]) (defaults to: undef)
• pe_email (Optional[String]) (defaults to: 'root@localhost')
• deploy_comment (Optional[String]) (defaults to: undef)
• deploy_user (Optional[String]) (defaults to: 'root')
• puppet_user (Optional[String]) (defaults to: 'pe-puppet')
• puppet_group (Optional[String]) (defaults to: 'pe-puppet')
• puppet_user_home (Optional[String]) (defaults to: undef)
• lifetime (Optional[String]) (defaults to: '5y')
• no_noop (Boolean) (defaults to: false)

# File 'manifests/puppet/pe_code_manager.pp', line 3

class psick::puppet::pe_code_manager (
  Boolean $manage                             = $::psick::manage,
  Boolean $generate_ssh_keys                  = true,
  String $deploy_ssh_private_key_path         = '/etc/puppetlabs/ssh/id-control_repo.rsa',
  Optional[String] $deploy_ssh_private_source = undef,
  String $deploy_ssh_public_key_path          = '/etc/puppetlabs/ssh/id-control_repo.rsa.pub',
  Optional[String] $deploy_ssh_public_source  = undef,
  Optional[String] $pe_user                   = undef,
  Optional[String] $pe_password               = undef,
  Optional[String] $pe_email                  = 'root@localhost',
  Optional[String] $deploy_comment            = undef,
  Optional[String] $deploy_user               = 'root',
  Optional[String] $puppet_user               = 'pe-puppet',
  Optional[String] $puppet_group              = 'pe-puppet',
  Optional[String] $puppet_user_home          = undef,
  Optional[String] $lifetime                  = '5y',
  Boolean          $no_noop                   = false,
) {

  if $manage {
    if !$::psick::noop_mode and $no_noop {
      info('Forced no-noop mode in psick::jenkins::tp')
      noop(false)
    }
    if $pe_user and $pe_password {
      rbac_user { $pe_user:
        ensure       => 'present',
        name         => $pe_user,
        display_name => 'Puppet code deploy user',
        email        => $pe_email,
        password     => $pe_password,
        roles        => [ 'Code Deployers' ],
        before       => Psick::Puppet::Access[$pe_user],
      }
      psick::puppet::access { $pe_user:
        pe_password => $pe_password,
        run_as_user => $deploy_user,
        lifetime    => $lifetime,
      }
    }

    if $generate_ssh_keys {
      file { '/etc/puppetlabs/ssh':
        ensure => directory,
        owner  => $puppet_user,
      }

      $real_deploy_user_home = $deploy_user ? {
        'root'  => '/root',
        default => "/home/${deploy_user}",
      }

      psick::openssh::keygen { $deploy_user:
        comment => $deploy_comment,
        before  => [File[$deploy_ssh_private_key_path],File[$deploy_ssh_public_key_path]],
      }

      file { $deploy_ssh_private_key_path:
        ensure => file,
        owner  => $puppet_user,
        group  => $puppet_group,
        mode   => '0600',
        source => pick($deploy_ssh_private_source,"file://${real_deploy_user_home}/.ssh/id_rsa"),
      }
      file { $deploy_ssh_public_key_path:
        ensure => file,
        owner  => $puppet_user,
        group  => $puppet_group,
        mode   => '0600',
        source => pick($deploy_ssh_public_source,"file:///${real_deploy_user_home}/.ssh/id_rsa.pub"),
      }
    }

    # TODO Automate Upload of ssh public key to gitlab
    #  psick::gitlab::deploy_key { :
    #    sshkey => $deploy_ssh_public_key
    #  }

  }
}