blob: c6bc15dea1db6ac40887e12b6f91ca58396f5577 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
|
#cloud-config
#
# This is an example file to automatically setup and run puppet
# when the instance boots for the first time.
# Make sure that this file is valid yaml before starting instances.
# It should be passed as user-data when starting the instance.
puppet:
# Boolean: whether or not to install puppet (default: true)
install: true
# A specific version to pass to the installer script or package manager
version: "7.7.0"
# Valid values are 'packages' and 'aio' (default: 'packages')
install_type: "packages"
# Puppet collection to install if 'install_type' is 'aio'
collection: "puppet7"
# Boolean: whether or not to remove the puppetlabs repo after installation
# if 'install_type' is 'aio' (default: true)
cleanup: true
# If 'install_type' is 'aio', change the url to the install script
aio_install_url: "https://raw.githubusercontent.com/puppetlabs/install-puppet/main/install.sh"
# Path to the puppet config file (default: depends on 'install_type')
conf_file: "/etc/puppet/puppet.conf"
# Path to the puppet SSL directory (default: depends on 'install_type')
ssl_dir: "/var/lib/puppet/ssl"
# Path to the CSR attributes file (default: depends on 'install_type')
csr_attributes_path: "/etc/puppet/csr_attributes.yaml"
# The name of the puppet package to install (no-op if 'install_type' is 'aio')
package_name: "puppet"
# Boolean: whether or not to run puppet after configuration finishes
# (default: false)
exec: false
# A list of arguments to pass to 'puppet agent' if 'exec' is true
# (default: ['--test'])
exec_args: ['--test']
# Every key present in the conf object will be added to puppet.conf:
# [name]
# subkey=value
#
# For example the configuration below will have the following section
# added to puppet.conf:
# [main]
# server=puppetserver.example.org
# certname=i-0123456.ip-X-Y-Z.cloud.internal
#
# The puppetserver ca certificate will be available in
# /var/lib/puppet/ssl/certs/ca.pem if using distro packages
# or /etc/puppetlabs/puppet/ssl/certs/ca.pem if using AIO packages.
conf:
agent:
server: "puppetserver.example.org"
# certname supports substitutions at runtime:
# %i: instanceid
# Example: i-0123456
# %f: fqdn of the machine
# Example: ip-X-Y-Z.cloud.internal
#
# NB: the certname will automatically be lowercased as required by puppet
certname: "%i.%f"
# ca_cert is a special case. It won't be added to puppet.conf.
# It holds the puppetserver certificate in pem format.
# It should be a multi-line string (using the | yaml notation for
# multi-line strings).
# The puppetserver certificate is located in
# /var/lib/puppet/ssl/ca/ca_crt.pem on the puppetserver host if using
# distro packages or /etc/puppetlabs/puppet/ssl/ca/ca_crt.pem if using AIO
# packages.
#
ca_cert: |
-----BEGIN CERTIFICATE-----
MIICCTCCAXKgAwIBAgIBATANBgkqhkiG9w0BAQUFADANMQswCQYDVQQDDAJjYTAe
Fw0xMDAyMTUxNzI5MjFaFw0xNTAyMTQxNzI5MjFaMA0xCzAJBgNVBAMMAmNhMIGf
MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCu7Q40sm47/E1Pf+r8AYb/V/FWGPgc
b014OmNoX7dgCxTDvps/h8Vw555PdAFsW5+QhsGr31IJNI3kSYprFQcYf7A8tNWu
1MASW2CfaEiOEi9F1R3R4Qlz4ix+iNoHiUDTjazw/tZwEdxaQXQVLwgTGRwVa+aA
qbutJKi93MILLwIDAQABo3kwdzA4BglghkgBhvhCAQ0EKxYpUHVwcGV0IFJ1Ynkv
T3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwDwYDVR0TAQH/BAUwAwEB/zAd
BgNVHQ4EFgQUu4+jHB+GYE5Vxo+ol1OAhevspjAwCwYDVR0PBAQDAgEGMA0GCSqG
SIb3DQEBBQUAA4GBAH/rxlUIjwNb3n7TXJcDJ6MMHUlwjr03BDJXKb34Ulndkpaf
+GAlzPXWa7bO908M9I8RnPfvtKnteLbvgTK+h+zX1XCty+S2EQWk29i2AdoqOTxb
hppiGMp0tT5Havu4aceCXiy2crVcudj3NFciy8X66SoECemW9UYDCb9T5D0d
-----END CERTIFICATE-----
|
