Skip to content

Instantly share code, notes, and snippets.

@fheinle fheinle/puppetboard.pp
Created Dec 18, 2017

Embed
What would you like to do?
Download ZIP
Puppet-Manifest mit Kerberos-Auth
Raw
puppetboard.pp
```puppet
# install and configure puppetboard
class profiles::puppetboard {
$krb_auth_realm = lookup('profiles::puppetboard::krb_auth_realm', String)
$krb_5keytab = lookup('profiles::puppetboard::krb_5keytab', String)
$servername = lookup('profiles::puppetboard::servername', String, 'first')
class { '::puppetboard':
manage_git => false,
manage_virtualenv => false,
}
class { 'apache':
default_mods => false,
default_vhost => false,
default_ssl_vhost => false,
mpm_module => 'worker',
purge_configs => true,
}
class { 'apache::mod::wsgi': }
class { 'apache::mod::auth_kerb': }
class { 'apache::mod::authnz_pam': }
$cert = "/etc/apache2/ssl/${facts['fqdn']}"
file { 'apachessl':
ensure => 'directory',
owner => 'root',
group => 'root',
mode => '0700',
path => '/etc/apache2/ssl',
}
ipa::sslcert { 'puppetboard':
fname => $cert,
domain => $facts['fqdn'],
service => 'http',
}
file { 'pam_sssd_http':
ensure => present,
path => '/etc/pam.d/http',
owner => 'root',
group => 'root',
mode => '0644',
content => @(END)
auth required pam_sss.so
account required pam_sss.so
| END
}
apache::vhost { "ssl_${servername}":
ensure => present,
auth_kerb => true,
access_log => true,
aliases => [{
alias => '/static',
path => '/srv/puppetboard/puppetboard/puppetboard/static'
}],
default_vhost => true,
directories => [{
path => '/srv/puppetboard/puppetboard',
auth_name => 'Kerberos Login',
auth_type => 'Kerberos',
auth_require => 'pam-account http',
}],
docroot => '/var/www/html',
krb_auth_realms => [$krb_auth_realm],
krb_5keytab => $krb_5keytab,
krb_local_user_mapping => 'on',
krb_method_negotiate => 'on',
krb_servicename => 'http',
port => '443',
servername => $servername,
ssl => true,
ssl_cert => "${cert}.crt",
ssl_protocol => 'TLSv1.2',
ssl_key => "${cert}.key",
vhost_name => '*',
wsgi_daemon_process => 'puppetboard',
wsgi_daemon_process_options => {
processes => 2,
user => 'puppetboard',
group => 'puppetboard',
threads => 5,
},
wsgi_process_group => 'puppetboard',
wsgi_script_aliases => { '/' => '/srv/puppetboard/puppetboard/wsgi.py'},
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.