Skip to content
Snippets Groups Projects
Commit 7756e6c9 authored by Filip Strömbäck's avatar Filip Strömbäck
Browse files

Reverted to parameters in the auth manifest.

parent 5332cec9
No related branches found
No related tags found
2 merge requests!7Merge of PDK, broker, auth,!4Devel
Hide whitespace changes
Inline Side-by-side
data/common.yaml
+ 2
2
View file @ 7756e6c9
--- ---
version: 5 version: 5
aes::keytab_production: > aes::auth::keytab_production: >
ENC[PKCS7,MIIBygYJKoZIhvcNAQcDoIIBuzCCAbcCAQAxggEhMIIBHQIBADAFMAACAQEw ENC[PKCS7,MIIBygYJKoZIhvcNAQcDoIIBuzCCAbcCAQAxggEhMIIBHQIBADAFMAACAQEw
DQYJKoZIhvcNAQEBBQAEggEAfFSsoD6ALGcGIKtmxr/5DxCxmDUSAf2M/7dg DQYJKoZIhvcNAQEBBQAEggEAfFSsoD6ALGcGIKtmxr/5DxCxmDUSAf2M/7dg
krxqYfSLDUZ2z4hWCqWotA2urirssyEuf2kKnX2DpVxPN/N8Nzzt6IKwgk2Y krxqYfSLDUZ2z4hWCqWotA2urirssyEuf2kKnX2DpVxPN/N8Nzzt6IKwgk2Y
...@@ -13,7 +13,7 @@ aes::keytab_production: > ...@@ -13,7 +13,7 @@ aes::keytab_production: >
KnKyBQOSoeXYCwc8Mx0OWxI0yFu4uvFYDAT1KqWFYbuF39/xwcAtdd7brWyR KnKyBQOSoeXYCwc8Mx0OWxI0yFu4uvFYDAT1KqWFYbuF39/xwcAtdd7brWyR
SQj5KZjJjZ6I7hGq] SQj5KZjJjZ6I7hGq]
aes::keytab_devel: > aes::auth::keytab_devel: >
ENC[PKCS7,MIIBygYJKoZIhvcNAQcDoIIBuzCCAbcCAQAxggEhMIIBHQIBADAFMAACAQEw ENC[PKCS7,MIIBygYJKoZIhvcNAQcDoIIBuzCCAbcCAQAxggEhMIIBHQIBADAFMAACAQEw
DQYJKoZIhvcNAQEBBQAEggEAV6TzhtqZfmrgF+c/ExBVJIuKQqgGGoaA1gRL DQYJKoZIhvcNAQEBBQAEggEAV6TzhtqZfmrgF+c/ExBVJIuKQqgGGoaA1gRL
q4JFbg9iDV1PsocvOWk7SCfPL7HnnEwnqSNPHSGXpW6n8x+3jevGeutnCnxY q4JFbg9iDV1PsocvOWk7SCfPL7HnnEwnqSNPHSGXpW6n8x+3jevGeutnCnxY
......
manifests/auth.pp
+ 15
10
View file @ 7756e6c9
class aes::auth { class aes::auth(
Optional[String] $keytab_production = undef,
Optional[String] $keytab_devel = undef
){
$auth_user = auth $auth_user = auth
$auth_group = "${auth_user}" $auth_group = "${auth_user}"
...@@ -9,11 +12,11 @@ class aes::auth { ...@@ -9,11 +12,11 @@ class aes::auth {
# $environment since the keys are tied to the domain name rather than what # $environment since the keys are tied to the domain name rather than what
# environment the machine is configured in. # environment the machine is configured in.
if $facts[fqdn] == 'aes.edu.liu.se' { if $facts[fqdn] == 'aes.edu.liu.se' {
$auth_keytab_data = lookup("aes::keytab_production", undef, undef, "lookup failed") $auth_keytab_data = $keytab_production
} elsif $facts[fqdn] == 'aes-devel.edu.liu.se' { } elsif $facts[fqdn] == 'aes-devel.edu.liu.se' {
$auth_keytab_data = lookup("aes::keytab_devel", undef, undef, "lookup failed") $auth_keytab_data = $keytab_devel
} else { } else {
$auth_keytab_data = "unknown domain" $auth_keytab_data = undef
} }
# Note: We rely on Boost being installed by the broker. It seems Puppet does not like # Note: We rely on Boost being installed by the broker. It seems Puppet does not like
...@@ -91,12 +94,14 @@ class aes::auth { ...@@ -91,12 +94,14 @@ class aes::auth {
mode => "0700" mode => "0700"
} }
file { "${auth_home}/keys/kerberos.keytab" : if $auth_keytab_data {
ensure => file, file { "${auth_home}/keys/kerberos.keytab" :
owner => root, ensure => file,
group => "${auth_group}", owner => root,
mode => "0640", group => "${auth_group}",
content => "${auth_keytab_data}" mode => "0640",
content => "${auth_keytab_data}"
}
} }
exec { 'update-auth-repo' : exec { 'update-auth-repo' :
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment