Skip to content

Improvements to psick::admin #122

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
alvagante merged 13 commits into from
Jun 18, 2025
Merged

Improvements to psick::admin #122

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
63abd80
Improvements to psick::admin
alvagante Jun 17, 2025
79f6eed
Fix from option
alvagante Jun 17, 2025
a64a631
Syntax
alvagante Jun 17, 2025
ce1027a
Lint
alvagante Jun 17, 2025
145586f
Added manage_host_key param to bolt
alvagante Jun 18, 2025
0e51d99
Added psick::bolt::manage_host_key
alvagante Jun 18, 2025
64354d5
Manage ssh dir param
alvagante Jun 18, 2025
020253b
Added from param
alvagante Jun 18, 2025
53e0c58
files are not dirs
alvagante Jun 18, 2025
360a35c
More options
alvagante Jun 18, 2025
d8672ee
lints
alvagante Jun 18, 2025
7b3499f
Lints
alvagante Jun 18, 2025
fd8dc3a
Updated CHANGELOG
alvagante Jun 18, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .puppet-lint.rc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,5 +5,6 @@
--no-class_inherits_from_params_class-check
--no-autoloader_layout-check
--no-documentation-check
--no-parameter-documentation-check
--no-single_quote_string_with_variables-check
--ignore-paths=.vendor/**/*.pp,.bundle/**/*.pp,pkg/**/*.pp,spec/**/*.pp,tests/**/*.pp,types/**/*.pp,vendor/**/*.pp
7 changes: 7 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,12 @@
## Changelog

## Release 1.1.2

- Improvements to psick::admin class
- Improvements to psick::bolt class
- Lints
- Fix to psick::puppet::pe_agent settings

## Release 1.1.1

- A few more puppet 8 fixes
Expand Down
6 changes: 5 additions & 1 deletion manifests/admin.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,7 @@
String $node_class = '::psick::admin::node',

String $user = 'admin',
String $group = 'admin',

String $master = '', # lint:ignore:params_empty_string_assignment
Variant[Undef,String] $keyshare_method = 'storeconfigs',
Expand All @@ -75,13 +76,16 @@
Boolean $manage = $psick::manage,
Boolean $noop_manage = $psick::noop_manage,
Boolean $noop_value = $psick::noop_value,

Boolean $notify_changed_user = true,
Boolean $manage_host_key = true,
) {
if $manage {
if $noop_manage {
noop($noop_value)
}

if $user != 'admin' {
if $user != 'admin' and $notify_changed_user {
notify { 'admin user warning':
message => 'If you change the default admin user name change psick/facts.d/admin_user_key.sh or set $::psick::admin::master::ssh_key', # lint:ignore:140chars
}
Expand Down
26 changes: 20 additions & 6 deletions manifests/admin/master.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,14 @@

Variant[Undef,String] $inventory_epp = undef,
Variant[Undef,String] $ssh_key = undef,
Variant[Undef,String] $from = undef,

Boolean $manage = $psick::manage,
Boolean $noop_manage = $psick::noop_manage,
Boolean $noop_value = $psick::noop_value,

Boolean $manage_host_key = $psick::admin::manage_host_key,

) {
if $manage {
if $noop_manage {
Expand All @@ -19,14 +23,24 @@

if $psick::admin::keyshare_method == 'storeconfigs'
and ($ssh_key or getvar('facts.admin_user_key')) {
if $from {
$options = "from=\"${from}\""
} else {
$options = undef
}

@@ssh_authorized_key { "admin_user_${psick::admin::user}_rsa-${facts['clientcert']}":
ensure => $ensure,
key => pick($ssh_key,getvar('facts.admin_user_key')),
user => $psick::admin::user,
type => 'rsa',
tag => "admin_master_${psick::admin::master}",
ensure => $ensure,
key => pick($ssh_key,getvar('facts.admin_user_key')),
user => $psick::admin::user,
type => 'rsa',
tag => "admin_master_${psick::admin::master}",
options => $options,
}

if $manage_host_key {
Sshkey <<| tag == "admin_node_${psick::admin::master}_rsa" |>>
}
Sshkey <<| tag == "admin_node_${psick::admin::master}_rsa" |>>
}
}
}
15 changes: 9 additions & 6 deletions manifests/admin/node.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
Boolean $manage = $psick::manage,
Boolean $noop_manage = $psick::noop_manage,
Boolean $noop_value = $psick::noop_value,
Boolean $manage_host_key = $psick::admin::manage_host_key,
) {
if $manage {
if $noop_manage {
Expand All @@ -14,12 +15,14 @@
include psick::admin

if $psick::admin::keyshare_method == 'storeconfigs' {
@@sshkey { "admin_${facts['networking']['fqdn']}_rsa":
ensure => $ensure,
host_aliases => [$facts['networking']['fqdn'], $facts['networking']['hostname'], $facts['networking']['ip']],
type => 'ssh-rsa',
key => $facts['ssh']['rsa']['key'],
tag => "admin_node_${psick::admin::master}_rsa",
if $manage_host_key {
@@sshkey { "admin_${facts['networking']['fqdn']}_rsa":
ensure => $ensure,
host_aliases => [$facts['networking']['fqdn'], $facts['networking']['hostname'], $facts['networking']['ip']],
type => 'ssh-rsa',
key => $facts['ssh']['rsa']['key'],
tag => "admin_node_${psick::admin::master}_rsa",
}
}
# Authorize master host ssh key for remote connection
Ssh_authorized_key <<| tag == "admin_master_${psick::admin::master}" |>>
Expand Down
6 changes: 4 additions & 2 deletions manifests/admin/user.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@
Variant[Boolean,String] $ensure = pick($psick::admin::ensure, 'present'),
Optional[String] $password = undef,
Boolean $configure_sudo = true,
String $sudo_template = 'psick/admin/sudo.epp',

Boolean $run_ssh_keygen = true,

Boolean $manage = $psick::manage,
Expand Down Expand Up @@ -33,7 +35,7 @@
ensure => $dir_ensure,
mode => '0700',
owner => $psick::admin::user,
group => $psick::admin::user,
group => $psick::admin::group,
require => User[$psick::admin::user],
}

Expand All @@ -53,7 +55,7 @@
mode => '0440',
owner => 'root',
group => 'root',
content => "${psick::admin::user} ALL = NOPASSWD : ALL\n",
content => $sudo_template,
}
}
}
Expand Down
2 changes: 1 addition & 1 deletion manifests/aws/puppet.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
}
$install_modules.each | $mod | {
psick::puppet::module { $mod:
user => $module_user,
user => $module_user,
}
}
}
Expand Down
15 changes: 13 additions & 2 deletions manifests/bolt.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,8 @@

Variant[Boolean,String] $ensure = present,

String $master_class = '::psick::bolt::master',
String $node_class = '::psick::bolt::node',
String $master_class = 'psick::bolt::master',
String $node_class = 'psick::bolt::node',

String $bolt_user = 'bolt',
String $bolt_group = 'bolt',
Expand All @@ -14,10 +14,15 @@

String $ssh_user = 'root',
String $ssh_group = 'root',
String $ssh_key_type = 'rsa',

String $master = '', # lint:ignore:params_empty_string_assignment
Enum['storeconfigs','static'] $keyshare_method = 'storeconfigs',

Variant[Undef,String] $from = undef,

Boolean $manage_host_key = true,

Boolean $auto_prereq = $psick::auto_prereq,

Boolean $is_master = false,
Expand All @@ -35,6 +40,12 @@
noop($noop_value)
}

if $from {
$ssh_auth_key_options = "from=\"${from}\""
} else {
$ssh_auth_key_options = undef
}

if $is_node {
contain $node_class
}
Expand Down
41 changes: 26 additions & 15 deletions manifests/bolt/master.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,10 @@
Boolean $create_bolt_user = true,
Boolean $run_ssh_keygen = true,
String $fact_template = 'psick/bolt/bolt_user_key.sh.erb',
Boolean $manage_ssh_dir = true,

# Management of hostkeys
Boolean $manage_host_key = $psick::bolt::manage_host_key,

# Management of automatic host list files used by bolt command
Variant[Undef,String] $inventory_epp = undef,
Expand Down Expand Up @@ -56,15 +60,15 @@
}

if $install_package {
package { 'bolt':
ensure => $ensure,
package { 'puppet-bolt':
ensure => $ensure,
}
}

# Management of the user running bolt
$user_home_dir = $user_home ? {
undef => $psick::bolt::bolt_user ? {
'root' => '/root',
'root' => '/root',
default => "/home/${psick::bolt::bolt_user}",
},
default => $user_home
Expand All @@ -86,7 +90,8 @@
false => undef,
}

if $run_ssh_keygen or $psick::bolt::bolt_user_pub_key {
if ($run_ssh_keygen or $psick::bolt::bolt_user_pub_key)
and $manage_ssh_dir {
file { "${user_home_dir}/.ssh" :
ensure => $dir_ensure,
mode => '0700',
Expand All @@ -110,26 +115,32 @@
and defined('psick::bolt::bolt_user_pub_key')
or defined('bolt_user_key') {
@@ssh_authorized_key { "bolt_user_${psick::bolt::ssh_user}_rsa-${facts['clientcert']}":
ensure => $ensure,
key => pick($psick::bolt::bolt_user_pub_key,getvar('facts.bolt_user_key')),
user => $psick::bolt::ssh_user,
type => 'rsa',
tag => "bolt_master_${psick::bolt::master}_${psick::bolt::bolt_user}",
ensure => $ensure,
key => pick($psick::bolt::bolt_user_pub_key,getvar('facts.bolt_user_key')),
user => $psick::bolt::ssh_user,
type => $psick::bolt::ssh_key_type,
tag => "bolt_master_${psick::bolt::master}_${psick::bolt::bolt_user}",
options => $psick::bolt::ssh_auth_key_options,
}
if $manage_host_key {
Sshkey <<| tag == "bolt_node_${psick::bolt::master}_rsa" |>>
}
Sshkey <<| tag == "bolt_node_${psick::bolt::master}_rsa" |>>
}

if $psick::bolt::bolt_user_pub_key and $psick::bolt::bolt_user_priv_key {
if $psick::bolt::bolt_user_pub_key {
file { "${user_home_dir}/.ssh/id_rsa.pub":
ensure => $dir_ensure,
mode => '0700',
ensure => $ensure,
mode => '0600',
owner => $psick::bolt::bolt_user,
group => $psick::bolt::bolt_group,
content => $psick::bolt::bolt_user_pub_key,
}
}

if $psick::bolt::bolt_user_priv_key {
file { "${user_home_dir}/.ssh/id_rsa":
ensure => $dir_ensure,
mode => '0700',
ensure => $ensure,
mode => '0600',
owner => $psick::bolt::bolt_user,
group => $psick::bolt::bolt_group,
content => $psick::bolt::bolt_user_priv_key,
Expand Down
42 changes: 25 additions & 17 deletions manifests/bolt/node.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,9 @@
Boolean $configure_sudo = true,
String $sudo_template = 'psick/bolt/user/sudo.erb',

Boolean $manage_host_key = $psick::bolt::manage_host_key,
Boolean $manage_ssh_dir = true,

Boolean $manage = $psick::manage,
Boolean $noop_manage = $psick::noop_manage,
Boolean $noop_value = $psick::noop_value,
Expand Down Expand Up @@ -39,12 +42,14 @@
password => $user_password,
}

file { "${user_home_dir}/.ssh" :
ensure => $dir_ensure,
mode => '0700',
owner => $psick::bolt::ssh_user,
group => $psick::bolt::ssh_group,
require => User[$psick::bolt::ssh_user],
if $manage_ssh_dir {
file { "${user_home_dir}/.ssh" :
ensure => $dir_ensure,
mode => '0700',
owner => $psick::bolt::ssh_user,
group => $psick::bolt::ssh_group,
require => User[$psick::bolt::ssh_user],
}
}
}

Expand All @@ -59,22 +64,25 @@
}

if $psick::bolt::keyshare_method == 'storeconfigs' {
@@sshkey { "bolt_${facts['networking']['fqdn']}_rsa":
ensure => $ensure,
host_aliases => [$facts['networking']['fqdn'], $facts['networking']['hostname'], $facts['networking']['ip']],
type => 'ssh-rsa',
key => $facts['ssh']['rsa']['key'],
tag => "bolt_node_${psick::bolt::master}_rsa",
if $manage_host_key {
@@sshkey { "bolt_${facts['networking']['fqdn']}_rsa":
ensure => $ensure,
host_aliases => [$facts['networking']['fqdn'], $facts['networking']['hostname'], $facts['networking']['ip']],
type => 'ssh-rsa',
key => $facts['ssh']['rsa']['key'],
tag => "bolt_node_${psick::bolt::master}_rsa",
}
}
# Authorize master host bolt user ssh key for remote connection
Ssh_authorized_key <<| tag == "bolt_master_${psick::bolt::master}_${psick::bolt::bolt_user}" |>>
}
if $psick::bolt::keyshare_method == 'static' {
ssh_authorized_key { "bolt_user_${psick::bolt::ssh_user}_rsa-${psick::bolt::bolt_user_pub_key}":
ensure => $ensure,
key => $psick::bolt::bolt_user_pub_key,
user => $psick::bolt::ssh_user,
type => 'rsa',
ssh_authorized_key { "bolt_user_${psick::bolt::ssh_user}_rsa-${psick::bolt::master}":
ensure => $ensure,
key => $psick::bolt::bolt_user_pub_key,
user => $psick::bolt::ssh_user,
type => $psick::bolt::ssh_key_type,
options => $psick::bolt::ssh_auth_key_options,
}
}
}
Expand Down
2 changes: 1 addition & 1 deletion manifests/git/clone.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,7 +83,7 @@
}
} else {
file { "/etc/cron.d/sync_${cron_safe_path}":
ensure => absent,
ensure => absent,
}
}

Expand Down
2 changes: 1 addition & 1 deletion manifests/hosts/resource.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@

$all_hosts.each |$k,$v| {
host { $k:
* => $v,
* => $v,
}
}
}
Expand Down
2 changes: 1 addition & 1 deletion manifests/nodejs.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,7 @@
ensure => $ensure,
}
package { $package_name:
* => $package_defaults + $package_params,
* => $package_defaults + $package_params,
}
}

Expand Down
2 changes: 1 addition & 1 deletion manifests/puppet.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@

$modules.each | $mod | {
psick::puppet::module { $mod:
user => $module_user,
user => $module_user,
}
}
}
Expand Down
2 changes: 1 addition & 1 deletion manifests/puppet/autosign.pp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@
case $autosign {
'off', default: {
ini_setting { 'puppet_server_autosign_off':
ensure => absent,
ensure => absent,
}
}
'on': {
Expand Down
Loading
Loading