[PATCH] Fix up the puppet modules for bridge and vault

Jesse Keating jkeating at redhat.com
Tue Aug 18 23:28:05 UTC 2009


New certs for bridge and server
Make sure puppet remains off after the initial run
---
 .../nodes/sign-bridge1.fedora.phx.redhat.com.pp    |   11 ++++++-----
 .../nodes/sign-vault1.fedora.phx.redhat.com.pp     |   12 ++++++------
 modules/sigul/files/server.conf                    |    2 +-
 modules/sigul/templates/bridge.conf.erb            |    2 +-
 4 files changed, 14 insertions(+), 13 deletions(-)

diff --git a/manifests/nodes/sign-bridge1.fedora.phx.redhat.com.pp b/manifests/nodes/sign-bridge1.fedora.phx.redhat.com.pp
index 5251155..d710016 100644
--- a/manifests/nodes/sign-bridge1.fedora.phx.redhat.com.pp
+++ b/manifests/nodes/sign-bridge1.fedora.phx.redhat.com.pp
@@ -1,4 +1,5 @@
 node "sign-bridge1.fedora.phx.redhat.com" {
+    $autodisablePuppet = 1
     $fas_groups = [ 'sysadmin-main', 'sysadmin-releng' ]
     include phx
     include fas::client
@@ -13,11 +14,11 @@ node "sign-bridge1.fedora.phx.redhat.com" {
 #         cwd => '/',
 #         command => '/etc/init.d/sshd stop; /sbin/chkconfig sshd off',
 #     }
-#     exec { "disable-puppet":
-#         cwd => '/',
-#         onlyif => '/bin/ls /var/run/puppet/puppetd.pid > /dev/null 2>&1',
-#         command => '/etc/init.d/puppet stop; /sbin/chkconfig puppet off',
-#     }
+     exec { "disable-puppet":
+         cwd => '/',
+         onlyif => '/bin/ls /var/run/puppet/puppetd.pid > /dev/null 2>&1',
+         command => '/etc/init.d/puppet stop; /sbin/chkconfig puppet off',
+     }
 
     # Firewall Rules, allow sigul server through.
     $tcpPorts = [ '44333:443334' ]
diff --git a/manifests/nodes/sign-vault1.fedora.phx.redhat.com.pp b/manifests/nodes/sign-vault1.fedora.phx.redhat.com.pp
index 20c1615..1b5641d 100644
--- a/manifests/nodes/sign-vault1.fedora.phx.redhat.com.pp
+++ b/manifests/nodes/sign-vault1.fedora.phx.redhat.com.pp
@@ -1,5 +1,5 @@
 node "sign-vault1" {
-#    $autodisablePuppet = 1
+    $autodisablePuppet = 1
     $fas_groups = [ 'sysadmin-main', 'sysadmin-releng' ]
     include phx
     include fas::client
@@ -14,11 +14,11 @@ node "sign-vault1" {
 #         cwd => '/',
 #         command => '/etc/init.d/sshd stop; /sbin/chkconfig sshd off',
 #     }
-#     exec { "disable-puppet":
-#         cwd => '/',
-#         onlyif => '/bin/ls /var/run/puppet/puppetd.pid > /dev/null 2>&1',
-#         command => '/etc/init.d/puppet stop; /sbin/chkconfig puppet off',
-#     }
+     exec { "disable-puppet":
+         cwd => '/',
+         onlyif => '/bin/ls /var/run/puppet/puppetd.pid > /dev/null 2>&1',
+         command => '/etc/init.d/puppet stop; /sbin/chkconfig puppet off',
+     }
 
 # Need iptables blocking everything here
 
diff --git a/modules/sigul/files/server.conf b/modules/sigul/files/server.conf
index 9145343..6b57753 100644
--- a/modules/sigul/files/server.conf
+++ b/modules/sigul/files/server.conf
@@ -10,7 +10,7 @@ max-file-payload-size: 1073741824
 # Maximum accepted size of payload stored in server's memory
 max-memory-payload-size: 1048576
 # Nickname of the server's certificate in the NSS database specified below
-server-cert-nickname: sigul-server - Fedora Project
+server-cert-nickname: sign-vault1 - Fedora Project
 
 [database]
 # Path to a directory containing a SQLite database
diff --git a/modules/sigul/templates/bridge.conf.erb b/modules/sigul/templates/bridge.conf.erb
index dde6bf7..f834e52 100644
--- a/modules/sigul/templates/bridge.conf.erb
+++ b/modules/sigul/templates/bridge.conf.erb
@@ -2,7 +2,7 @@
 
 [bridge]
 # Nickname of the bridge's certificate in the NSS database specified below
-bridge-cert-nickname: sigul - Fedora Project
+bridge-cert-nickname: sign-bridge1 - Fedora Project
 # Port on which the bridge expects client connections
 client-listen-port: 44334
 # Port on which the bridge expects server connections
-- 
1.5.5.6




More information about the Fedora-infrastructure-list mailing list